From b1ddde874c215cc8891531ed92876f091b7eb83e Mon Sep 17 00:00:00 2001 From: cvs2svn Date: Mon, 14 Apr 2025 17:32:06 +0000 Subject: This commit was manufactured by cvs2git to create tag 'tb_20250414'. --- src/lib/libssl/LICENSE | 133 - src/lib/libssl/Makefile | 127 - src/lib/libssl/Symbols.list | 362 -- src/lib/libssl/bio_ssl.c | 596 ---- src/lib/libssl/bs_ber.c | 270 -- src/lib/libssl/bs_cbb.c | 490 --- src/lib/libssl/bs_cbs.c | 616 ---- src/lib/libssl/bytestring.h | 571 --- src/lib/libssl/d1_both.c | 1198 ------- src/lib/libssl/d1_lib.c | 414 --- src/lib/libssl/d1_pkt.c | 1124 ------ src/lib/libssl/d1_srtp.c | 266 -- src/lib/libssl/doc/openssl.cnf | 348 -- src/lib/libssl/doc/openssl.txt | 1254 ------- src/lib/libssl/doc/standards.txt | 285 -- src/lib/libssl/dtls1.h | 103 - src/lib/libssl/dtls_local.h | 232 -- src/lib/libssl/generate_pkgconfig.sh | 89 - src/lib/libssl/hidden/openssl/srtp.h | 33 - src/lib/libssl/hidden/openssl/ssl.h | 382 -- src/lib/libssl/hidden/openssl/tls1.h | 34 - src/lib/libssl/hidden/ssl_namespace.h | 41 - src/lib/libssl/man/BIO_f_ssl.3 | 609 ---- src/lib/libssl/man/DTLSv1_listen.3 | 187 - src/lib/libssl/man/Makefile | 134 - src/lib/libssl/man/OPENSSL_init_ssl.3 | 76 - src/lib/libssl/man/PEM_read_SSL_SESSION.3 | 147 - src/lib/libssl/man/SSL_CIPHER_get_name.3 | 398 --- .../libssl/man/SSL_COMP_add_compression_method.3 | 42 - src/lib/libssl/man/SSL_CTX_add1_chain_cert.3 | 222 -- src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 | 160 - src/lib/libssl/man/SSL_CTX_add_session.3 | 132 - src/lib/libssl/man/SSL_CTX_ctrl.3 | 122 - src/lib/libssl/man/SSL_CTX_flush_sessions.3 | 100 - src/lib/libssl/man/SSL_CTX_free.3 | 101 - src/lib/libssl/man/SSL_CTX_get0_certificate.3 | 51 - src/lib/libssl/man/SSL_CTX_get_ex_new_index.3 | 124 - src/lib/libssl/man/SSL_CTX_get_verify_mode.3 | 131 - src/lib/libssl/man/SSL_CTX_load_verify_locations.3 | 238 -- src/lib/libssl/man/SSL_CTX_new.3 | 345 -- src/lib/libssl/man/SSL_CTX_sess_number.3 | 168 - src/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 | 109 - src/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 | 221 -- src/lib/libssl/man/SSL_CTX_sessions.3 | 86 - src/lib/libssl/man/SSL_CTX_set1_groups.3 | 163 - src/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 | 305 -- src/lib/libssl/man/SSL_CTX_set_cert_store.3 | 146 - .../libssl/man/SSL_CTX_set_cert_verify_callback.3 | 163 - src/lib/libssl/man/SSL_CTX_set_cipher_list.3 | 375 -- src/lib/libssl/man/SSL_CTX_set_client_CA_list.3 | 183 - src/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 | 191 - src/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 | 216 -- .../libssl/man/SSL_CTX_set_generate_session_id.3 | 221 -- src/lib/libssl/man/SSL_CTX_set_info_callback.3 | 233 -- src/lib/libssl/man/SSL_CTX_set_keylog_callback.3 | 56 - src/lib/libssl/man/SSL_CTX_set_max_cert_list.3 | 154 - src/lib/libssl/man/SSL_CTX_set_min_proto_version.3 | 156 - src/lib/libssl/man/SSL_CTX_set_mode.3 | 204 -- src/lib/libssl/man/SSL_CTX_set_msg_callback.3 | 183 - src/lib/libssl/man/SSL_CTX_set_num_tickets.3 | 63 - src/lib/libssl/man/SSL_CTX_set_options.3 | 374 -- src/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 | 161 - src/lib/libssl/man/SSL_CTX_set_read_ahead.3 | 144 - src/lib/libssl/man/SSL_CTX_set_security_level.3 | 159 - .../libssl/man/SSL_CTX_set_session_cache_mode.3 | 198 -- .../libssl/man/SSL_CTX_set_session_id_context.3 | 160 - src/lib/libssl/man/SSL_CTX_set_ssl_version.3 | 146 - src/lib/libssl/man/SSL_CTX_set_timeout.3 | 118 - .../man/SSL_CTX_set_tlsext_servername_callback.3 | 247 -- src/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 | 238 -- .../libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 | 300 -- src/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 | 197 -- src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 | 229 -- src/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 | 114 - src/lib/libssl/man/SSL_CTX_set_verify.3 | 479 --- src/lib/libssl/man/SSL_CTX_use_certificate.3 | 451 --- src/lib/libssl/man/SSL_SESSION_free.3 | 148 - src/lib/libssl/man/SSL_SESSION_get0_cipher.3 | 94 - src/lib/libssl/man/SSL_SESSION_get0_peer.3 | 80 - src/lib/libssl/man/SSL_SESSION_get_compress_id.3 | 78 - src/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 | 134 - src/lib/libssl/man/SSL_SESSION_get_id.3 | 112 - .../libssl/man/SSL_SESSION_get_protocol_version.3 | 84 - src/lib/libssl/man/SSL_SESSION_get_time.3 | 165 - src/lib/libssl/man/SSL_SESSION_has_ticket.3 | 85 - src/lib/libssl/man/SSL_SESSION_is_resumable.3 | 81 - src/lib/libssl/man/SSL_SESSION_new.3 | 78 - src/lib/libssl/man/SSL_SESSION_print.3 | 74 - src/lib/libssl/man/SSL_SESSION_set1_id_context.3 | 113 - src/lib/libssl/man/SSL_accept.3 | 155 - src/lib/libssl/man/SSL_alert_type_string.3 | 253 -- src/lib/libssl/man/SSL_clear.3 | 144 - src/lib/libssl/man/SSL_connect.3 | 154 - src/lib/libssl/man/SSL_copy_session_id.3 | 79 - src/lib/libssl/man/SSL_do_handshake.3 | 152 - src/lib/libssl/man/SSL_dup.3 | 62 - src/lib/libssl/man/SSL_dup_CA_list.3 | 54 - src/lib/libssl/man/SSL_export_keying_material.3 | 133 - src/lib/libssl/man/SSL_free.3 | 115 - src/lib/libssl/man/SSL_get_SSL_CTX.3 | 79 - src/lib/libssl/man/SSL_get_certificate.3 | 64 - src/lib/libssl/man/SSL_get_ciphers.3 | 249 -- src/lib/libssl/man/SSL_get_client_CA_list.3 | 96 - src/lib/libssl/man/SSL_get_client_random.3 | 150 - src/lib/libssl/man/SSL_get_current_cipher.3 | 122 - src/lib/libssl/man/SSL_get_default_timeout.3 | 85 - src/lib/libssl/man/SSL_get_error.3 | 217 -- .../man/SSL_get_ex_data_X509_STORE_CTX_idx.3 | 116 - src/lib/libssl/man/SSL_get_ex_new_index.3 | 136 - src/lib/libssl/man/SSL_get_fd.3 | 103 - src/lib/libssl/man/SSL_get_finished.3 | 77 - src/lib/libssl/man/SSL_get_peer_cert_chain.3 | 107 - src/lib/libssl/man/SSL_get_peer_certificate.3 | 105 - src/lib/libssl/man/SSL_get_rbio.3 | 98 - src/lib/libssl/man/SSL_get_server_tmp_key.3 | 89 - src/lib/libssl/man/SSL_get_session.3 | 163 - src/lib/libssl/man/SSL_get_shared_ciphers.3 | 103 - src/lib/libssl/man/SSL_get_state.3 | 161 - src/lib/libssl/man/SSL_get_verify_result.3 | 102 - src/lib/libssl/man/SSL_get_version.3 | 123 - src/lib/libssl/man/SSL_library_init.3 | 98 - src/lib/libssl/man/SSL_load_client_CA_file.3 | 185 - src/lib/libssl/man/SSL_new.3 | 110 - src/lib/libssl/man/SSL_num_renegotiations.3 | 75 - src/lib/libssl/man/SSL_pending.3 | 90 - src/lib/libssl/man/SSL_read.3 | 278 -- src/lib/libssl/man/SSL_read_early_data.3 | 174 - src/lib/libssl/man/SSL_renegotiate.3 | 166 - src/lib/libssl/man/SSL_rstate_string.3 | 108 - src/lib/libssl/man/SSL_session_reused.3 | 84 - src/lib/libssl/man/SSL_set1_host.3 | 172 - src/lib/libssl/man/SSL_set1_param.3 | 137 - src/lib/libssl/man/SSL_set_SSL_CTX.3 | 67 - src/lib/libssl/man/SSL_set_bio.3 | 99 - src/lib/libssl/man/SSL_set_connect_state.3 | 153 - src/lib/libssl/man/SSL_set_fd.3 | 129 - src/lib/libssl/man/SSL_set_max_send_fragment.3 | 97 - .../libssl/man/SSL_set_psk_use_session_callback.3 | 86 - src/lib/libssl/man/SSL_set_session.3 | 119 - src/lib/libssl/man/SSL_set_shutdown.3 | 138 - src/lib/libssl/man/SSL_set_tmp_ecdh.3 | 119 - src/lib/libssl/man/SSL_set_verify_result.3 | 90 - src/lib/libssl/man/SSL_shutdown.3 | 253 -- src/lib/libssl/man/SSL_state_string.3 | 110 - src/lib/libssl/man/SSL_want.3 | 161 - src/lib/libssl/man/SSL_write.3 | 249 -- src/lib/libssl/man/d2i_SSL_SESSION.3 | 181 - src/lib/libssl/man/ssl.3 | 353 -- src/lib/libssl/pqueue.c | 201 -- src/lib/libssl/pqueue.h | 93 - src/lib/libssl/s3_cbc.c | 628 ---- src/lib/libssl/s3_lib.c | 2534 -------------- src/lib/libssl/shlib_version | 3 - src/lib/libssl/srtp.h | 148 - src/lib/libssl/ssl.h | 2343 ------------- src/lib/libssl/ssl3.h | 441 --- src/lib/libssl/ssl_asn1.c | 410 --- src/lib/libssl/ssl_both.c | 577 --- src/lib/libssl/ssl_cert.c | 737 ---- src/lib/libssl/ssl_ciph.c | 1631 --------- src/lib/libssl/ssl_ciphers.c | 286 -- src/lib/libssl/ssl_clnt.c | 2456 ------------- src/lib/libssl/ssl_err.c | 676 ---- src/lib/libssl/ssl_init.c | 58 - src/lib/libssl/ssl_kex.c | 422 --- src/lib/libssl/ssl_lib.c | 3663 -------------------- src/lib/libssl/ssl_local.h | 1463 -------- src/lib/libssl/ssl_methods.c | 554 --- src/lib/libssl/ssl_packet.c | 88 - src/lib/libssl/ssl_pkt.c | 1322 ------- src/lib/libssl/ssl_rsa.c | 777 ----- src/lib/libssl/ssl_seclevel.c | 479 --- src/lib/libssl/ssl_sess.c | 1347 ------- src/lib/libssl/ssl_sigalgs.c | 361 -- src/lib/libssl/ssl_sigalgs.h | 71 - src/lib/libssl/ssl_srvr.c | 2496 ------------- src/lib/libssl/ssl_stat.c | 596 ---- src/lib/libssl/ssl_tlsext.c | 2745 --------------- src/lib/libssl/ssl_tlsext.h | 49 - src/lib/libssl/ssl_transcript.c | 197 -- src/lib/libssl/ssl_txt.c | 202 -- src/lib/libssl/ssl_versions.c | 373 -- src/lib/libssl/t1_enc.c | 417 --- src/lib/libssl/t1_lib.c | 1119 ------ src/lib/libssl/test/CAss.cnf | 76 - src/lib/libssl/test/CAssdh.cnf | 24 - src/lib/libssl/test/CAssdsa.cnf | 23 - src/lib/libssl/test/CAssrsa.cnf | 24 - src/lib/libssl/test/CAtsa.cnf | 163 - src/lib/libssl/test/P1ss.cnf | 37 - src/lib/libssl/test/P2ss.cnf | 45 - src/lib/libssl/test/Sssdsa.cnf | 27 - src/lib/libssl/test/Sssrsa.cnf | 26 - src/lib/libssl/test/Uss.cnf | 36 - src/lib/libssl/test/VMSca-response.1 | 1 - src/lib/libssl/test/VMSca-response.2 | 2 - src/lib/libssl/test/bctest | 111 - src/lib/libssl/test/cms-examples.pl | 409 --- src/lib/libssl/test/cms-test.pl | 459 --- src/lib/libssl/test/pkcs7-1.pem | 15 - src/lib/libssl/test/pkcs7.pem | 54 - src/lib/libssl/test/pkits-test.pl | 949 ----- src/lib/libssl/test/smcont.txt | 1 - src/lib/libssl/test/smime-certs/smdsa1.pem | 34 - src/lib/libssl/test/smime-certs/smdsa2.pem | 34 - src/lib/libssl/test/smime-certs/smdsa3.pem | 34 - src/lib/libssl/test/smime-certs/smdsap.pem | 9 - src/lib/libssl/test/smime-certs/smroot.pem | 30 - src/lib/libssl/test/smime-certs/smrsa1.pem | 31 - src/lib/libssl/test/smime-certs/smrsa2.pem | 31 - src/lib/libssl/test/smime-certs/smrsa3.pem | 31 - src/lib/libssl/test/tcrl | 78 - src/lib/libssl/test/test.cnf | 88 - src/lib/libssl/test/test_aesni | 69 - src/lib/libssl/test/test_padlock | 64 - src/lib/libssl/test/testca | 51 - src/lib/libssl/test/testcrl.pem | 16 - src/lib/libssl/test/testenc | 54 - src/lib/libssl/test/testgen | 44 - src/lib/libssl/test/testp7.pem | 46 - src/lib/libssl/test/testreq2.pem | 7 - src/lib/libssl/test/testrsa.pem | 9 - src/lib/libssl/test/testsid.pem | 12 - src/lib/libssl/test/testss | 163 - src/lib/libssl/test/testssl | 178 - src/lib/libssl/test/testsslproxy | 10 - src/lib/libssl/test/testtsa | 238 -- src/lib/libssl/test/testx509.pem | 10 - src/lib/libssl/test/times | 113 - src/lib/libssl/test/tpkcs7 | 48 - src/lib/libssl/test/tpkcs7d | 41 - src/lib/libssl/test/treq | 83 - src/lib/libssl/test/trsa | 83 - src/lib/libssl/test/tsid | 78 - src/lib/libssl/test/tx509 | 78 - src/lib/libssl/test/v3-cert1.pem | 16 - src/lib/libssl/test/v3-cert2.pem | 16 - src/lib/libssl/tls1.h | 764 ---- src/lib/libssl/tls12_internal.h | 29 - src/lib/libssl/tls12_key_schedule.c | 291 -- src/lib/libssl/tls12_lib.c | 118 - src/lib/libssl/tls12_record_layer.c | 1309 ------- src/lib/libssl/tls13_client.c | 1060 ------ src/lib/libssl/tls13_error.c | 99 - src/lib/libssl/tls13_handshake.c | 723 ---- src/lib/libssl/tls13_handshake.h | 54 - src/lib/libssl/tls13_handshake_msg.c | 188 - src/lib/libssl/tls13_internal.h | 447 --- src/lib/libssl/tls13_key_schedule.c | 458 --- src/lib/libssl/tls13_legacy.c | 563 --- src/lib/libssl/tls13_lib.c | 737 ---- src/lib/libssl/tls13_quic.c | 191 - src/lib/libssl/tls13_record.c | 186 - src/lib/libssl/tls13_record.h | 66 - src/lib/libssl/tls13_record_layer.c | 1229 ------- src/lib/libssl/tls13_server.c | 1095 ------ src/lib/libssl/tls_buffer.c | 257 -- src/lib/libssl/tls_content.c | 164 - src/lib/libssl/tls_content.h | 50 - src/lib/libssl/tls_internal.h | 101 - src/lib/libssl/tls_key_share.c | 484 --- src/lib/libssl/tls_lib.c | 68 - 262 files changed, 75954 deletions(-) delete mode 100644 src/lib/libssl/LICENSE delete mode 100644 src/lib/libssl/Makefile delete mode 100644 src/lib/libssl/Symbols.list delete mode 100644 src/lib/libssl/bio_ssl.c delete mode 100644 src/lib/libssl/bs_ber.c delete mode 100644 src/lib/libssl/bs_cbb.c delete mode 100644 src/lib/libssl/bs_cbs.c delete mode 100644 src/lib/libssl/bytestring.h delete mode 100644 src/lib/libssl/d1_both.c delete mode 100644 src/lib/libssl/d1_lib.c delete mode 100644 src/lib/libssl/d1_pkt.c delete mode 100644 src/lib/libssl/d1_srtp.c delete mode 100644 src/lib/libssl/doc/openssl.cnf delete mode 100644 src/lib/libssl/doc/openssl.txt delete mode 100644 src/lib/libssl/doc/standards.txt delete mode 100644 src/lib/libssl/dtls1.h delete mode 100644 src/lib/libssl/dtls_local.h delete mode 100644 src/lib/libssl/generate_pkgconfig.sh delete mode 100644 src/lib/libssl/hidden/openssl/srtp.h delete mode 100644 src/lib/libssl/hidden/openssl/ssl.h delete mode 100644 src/lib/libssl/hidden/openssl/tls1.h delete mode 100644 src/lib/libssl/hidden/ssl_namespace.h delete mode 100644 src/lib/libssl/man/BIO_f_ssl.3 delete mode 100644 src/lib/libssl/man/DTLSv1_listen.3 delete mode 100644 src/lib/libssl/man/Makefile delete mode 100644 src/lib/libssl/man/OPENSSL_init_ssl.3 delete mode 100644 src/lib/libssl/man/PEM_read_SSL_SESSION.3 delete mode 100644 src/lib/libssl/man/SSL_CIPHER_get_name.3 delete mode 100644 src/lib/libssl/man/SSL_COMP_add_compression_method.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_add1_chain_cert.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_add_session.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_ctrl.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_flush_sessions.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_free.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_get0_certificate.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_get_ex_new_index.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_get_verify_mode.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_load_verify_locations.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_new.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_sess_number.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_sessions.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set1_groups.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_cert_store.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_cipher_list.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_client_CA_list.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_generate_session_id.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_info_callback.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_keylog_callback.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_max_cert_list.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_min_proto_version.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_mode.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_msg_callback.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_num_tickets.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_options.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_read_ahead.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_security_level.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_session_id_context.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_ssl_version.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_timeout.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_set_verify.3 delete mode 100644 src/lib/libssl/man/SSL_CTX_use_certificate.3 delete mode 100644 src/lib/libssl/man/SSL_SESSION_free.3 delete mode 100644 src/lib/libssl/man/SSL_SESSION_get0_cipher.3 delete mode 100644 src/lib/libssl/man/SSL_SESSION_get0_peer.3 delete mode 100644 src/lib/libssl/man/SSL_SESSION_get_compress_id.3 delete mode 100644 src/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 delete mode 100644 src/lib/libssl/man/SSL_SESSION_get_id.3 delete mode 100644 src/lib/libssl/man/SSL_SESSION_get_protocol_version.3 delete mode 100644 src/lib/libssl/man/SSL_SESSION_get_time.3 delete mode 100644 src/lib/libssl/man/SSL_SESSION_has_ticket.3 delete mode 100644 src/lib/libssl/man/SSL_SESSION_is_resumable.3 delete mode 100644 src/lib/libssl/man/SSL_SESSION_new.3 delete mode 100644 src/lib/libssl/man/SSL_SESSION_print.3 delete mode 100644 src/lib/libssl/man/SSL_SESSION_set1_id_context.3 delete mode 100644 src/lib/libssl/man/SSL_accept.3 delete mode 100644 src/lib/libssl/man/SSL_alert_type_string.3 delete mode 100644 src/lib/libssl/man/SSL_clear.3 delete mode 100644 src/lib/libssl/man/SSL_connect.3 delete mode 100644 src/lib/libssl/man/SSL_copy_session_id.3 delete mode 100644 src/lib/libssl/man/SSL_do_handshake.3 delete mode 100644 src/lib/libssl/man/SSL_dup.3 delete mode 100644 src/lib/libssl/man/SSL_dup_CA_list.3 delete mode 100644 src/lib/libssl/man/SSL_export_keying_material.3 delete mode 100644 src/lib/libssl/man/SSL_free.3 delete mode 100644 src/lib/libssl/man/SSL_get_SSL_CTX.3 delete mode 100644 src/lib/libssl/man/SSL_get_certificate.3 delete mode 100644 src/lib/libssl/man/SSL_get_ciphers.3 delete mode 100644 src/lib/libssl/man/SSL_get_client_CA_list.3 delete mode 100644 src/lib/libssl/man/SSL_get_client_random.3 delete mode 100644 src/lib/libssl/man/SSL_get_current_cipher.3 delete mode 100644 src/lib/libssl/man/SSL_get_default_timeout.3 delete mode 100644 src/lib/libssl/man/SSL_get_error.3 delete mode 100644 src/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 delete mode 100644 src/lib/libssl/man/SSL_get_ex_new_index.3 delete mode 100644 src/lib/libssl/man/SSL_get_fd.3 delete mode 100644 src/lib/libssl/man/SSL_get_finished.3 delete mode 100644 src/lib/libssl/man/SSL_get_peer_cert_chain.3 delete mode 100644 src/lib/libssl/man/SSL_get_peer_certificate.3 delete mode 100644 src/lib/libssl/man/SSL_get_rbio.3 delete mode 100644 src/lib/libssl/man/SSL_get_server_tmp_key.3 delete mode 100644 src/lib/libssl/man/SSL_get_session.3 delete mode 100644 src/lib/libssl/man/SSL_get_shared_ciphers.3 delete mode 100644 src/lib/libssl/man/SSL_get_state.3 delete mode 100644 src/lib/libssl/man/SSL_get_verify_result.3 delete mode 100644 src/lib/libssl/man/SSL_get_version.3 delete mode 100644 src/lib/libssl/man/SSL_library_init.3 delete mode 100644 src/lib/libssl/man/SSL_load_client_CA_file.3 delete mode 100644 src/lib/libssl/man/SSL_new.3 delete mode 100644 src/lib/libssl/man/SSL_num_renegotiations.3 delete mode 100644 src/lib/libssl/man/SSL_pending.3 delete mode 100644 src/lib/libssl/man/SSL_read.3 delete mode 100644 src/lib/libssl/man/SSL_read_early_data.3 delete mode 100644 src/lib/libssl/man/SSL_renegotiate.3 delete mode 100644 src/lib/libssl/man/SSL_rstate_string.3 delete mode 100644 src/lib/libssl/man/SSL_session_reused.3 delete mode 100644 src/lib/libssl/man/SSL_set1_host.3 delete mode 100644 src/lib/libssl/man/SSL_set1_param.3 delete mode 100644 src/lib/libssl/man/SSL_set_SSL_CTX.3 delete mode 100644 src/lib/libssl/man/SSL_set_bio.3 delete mode 100644 src/lib/libssl/man/SSL_set_connect_state.3 delete mode 100644 src/lib/libssl/man/SSL_set_fd.3 delete mode 100644 src/lib/libssl/man/SSL_set_max_send_fragment.3 delete mode 100644 src/lib/libssl/man/SSL_set_psk_use_session_callback.3 delete mode 100644 src/lib/libssl/man/SSL_set_session.3 delete mode 100644 src/lib/libssl/man/SSL_set_shutdown.3 delete mode 100644 src/lib/libssl/man/SSL_set_tmp_ecdh.3 delete mode 100644 src/lib/libssl/man/SSL_set_verify_result.3 delete mode 100644 src/lib/libssl/man/SSL_shutdown.3 delete mode 100644 src/lib/libssl/man/SSL_state_string.3 delete mode 100644 src/lib/libssl/man/SSL_want.3 delete mode 100644 src/lib/libssl/man/SSL_write.3 delete mode 100644 src/lib/libssl/man/d2i_SSL_SESSION.3 delete mode 100644 src/lib/libssl/man/ssl.3 delete mode 100644 src/lib/libssl/pqueue.c delete mode 100644 src/lib/libssl/pqueue.h delete mode 100644 src/lib/libssl/s3_cbc.c delete mode 100644 src/lib/libssl/s3_lib.c delete mode 100644 src/lib/libssl/shlib_version delete mode 100644 src/lib/libssl/srtp.h delete mode 100644 src/lib/libssl/ssl.h delete mode 100644 src/lib/libssl/ssl3.h delete mode 100644 src/lib/libssl/ssl_asn1.c delete mode 100644 src/lib/libssl/ssl_both.c delete mode 100644 src/lib/libssl/ssl_cert.c delete mode 100644 src/lib/libssl/ssl_ciph.c delete mode 100644 src/lib/libssl/ssl_ciphers.c delete mode 100644 src/lib/libssl/ssl_clnt.c delete mode 100644 src/lib/libssl/ssl_err.c delete mode 100644 src/lib/libssl/ssl_init.c delete mode 100644 src/lib/libssl/ssl_kex.c delete mode 100644 src/lib/libssl/ssl_lib.c delete mode 100644 src/lib/libssl/ssl_local.h delete mode 100644 src/lib/libssl/ssl_methods.c delete mode 100644 src/lib/libssl/ssl_packet.c delete mode 100644 src/lib/libssl/ssl_pkt.c delete mode 100644 src/lib/libssl/ssl_rsa.c delete mode 100644 src/lib/libssl/ssl_seclevel.c delete mode 100644 src/lib/libssl/ssl_sess.c delete mode 100644 src/lib/libssl/ssl_sigalgs.c delete mode 100644 src/lib/libssl/ssl_sigalgs.h delete mode 100644 src/lib/libssl/ssl_srvr.c delete mode 100644 src/lib/libssl/ssl_stat.c delete mode 100644 src/lib/libssl/ssl_tlsext.c delete mode 100644 src/lib/libssl/ssl_tlsext.h delete mode 100644 src/lib/libssl/ssl_transcript.c delete mode 100644 src/lib/libssl/ssl_txt.c delete mode 100644 src/lib/libssl/ssl_versions.c delete mode 100644 src/lib/libssl/t1_enc.c delete mode 100644 src/lib/libssl/t1_lib.c delete mode 100644 src/lib/libssl/test/CAss.cnf delete mode 100644 src/lib/libssl/test/CAssdh.cnf delete mode 100644 src/lib/libssl/test/CAssdsa.cnf delete mode 100644 src/lib/libssl/test/CAssrsa.cnf delete mode 100644 src/lib/libssl/test/CAtsa.cnf delete mode 100644 src/lib/libssl/test/P1ss.cnf delete mode 100644 src/lib/libssl/test/P2ss.cnf delete mode 100644 src/lib/libssl/test/Sssdsa.cnf delete mode 100644 src/lib/libssl/test/Sssrsa.cnf delete mode 100644 src/lib/libssl/test/Uss.cnf delete mode 100644 src/lib/libssl/test/VMSca-response.1 delete mode 100644 src/lib/libssl/test/VMSca-response.2 delete mode 100644 src/lib/libssl/test/bctest delete mode 100644 src/lib/libssl/test/cms-examples.pl delete mode 100644 src/lib/libssl/test/cms-test.pl delete mode 100644 src/lib/libssl/test/pkcs7-1.pem delete mode 100644 src/lib/libssl/test/pkcs7.pem delete mode 100644 src/lib/libssl/test/pkits-test.pl delete mode 100644 src/lib/libssl/test/smcont.txt delete mode 100644 src/lib/libssl/test/smime-certs/smdsa1.pem delete mode 100644 src/lib/libssl/test/smime-certs/smdsa2.pem delete mode 100644 src/lib/libssl/test/smime-certs/smdsa3.pem delete mode 100644 src/lib/libssl/test/smime-certs/smdsap.pem delete mode 100644 src/lib/libssl/test/smime-certs/smroot.pem delete mode 100644 src/lib/libssl/test/smime-certs/smrsa1.pem delete mode 100644 src/lib/libssl/test/smime-certs/smrsa2.pem delete mode 100644 src/lib/libssl/test/smime-certs/smrsa3.pem delete mode 100644 src/lib/libssl/test/tcrl delete mode 100644 src/lib/libssl/test/test.cnf delete mode 100644 src/lib/libssl/test/test_aesni delete mode 100755 src/lib/libssl/test/test_padlock delete mode 100644 src/lib/libssl/test/testca delete mode 100644 src/lib/libssl/test/testcrl.pem delete mode 100644 src/lib/libssl/test/testenc delete mode 100644 src/lib/libssl/test/testgen delete mode 100644 src/lib/libssl/test/testp7.pem delete mode 100644 src/lib/libssl/test/testreq2.pem delete mode 100644 src/lib/libssl/test/testrsa.pem delete mode 100644 src/lib/libssl/test/testsid.pem delete mode 100644 src/lib/libssl/test/testss delete mode 100644 src/lib/libssl/test/testssl delete mode 100644 src/lib/libssl/test/testsslproxy delete mode 100644 src/lib/libssl/test/testtsa delete mode 100644 src/lib/libssl/test/testx509.pem delete mode 100644 src/lib/libssl/test/times delete mode 100644 src/lib/libssl/test/tpkcs7 delete mode 100644 src/lib/libssl/test/tpkcs7d delete mode 100644 src/lib/libssl/test/treq delete mode 100644 src/lib/libssl/test/trsa delete mode 100644 src/lib/libssl/test/tsid delete mode 100644 src/lib/libssl/test/tx509 delete mode 100644 src/lib/libssl/test/v3-cert1.pem delete mode 100644 src/lib/libssl/test/v3-cert2.pem delete mode 100644 src/lib/libssl/tls1.h delete mode 100644 src/lib/libssl/tls12_internal.h delete mode 100644 src/lib/libssl/tls12_key_schedule.c delete mode 100644 src/lib/libssl/tls12_lib.c delete mode 100644 src/lib/libssl/tls12_record_layer.c delete mode 100644 src/lib/libssl/tls13_client.c delete mode 100644 src/lib/libssl/tls13_error.c delete mode 100644 src/lib/libssl/tls13_handshake.c delete mode 100644 src/lib/libssl/tls13_handshake.h delete mode 100644 src/lib/libssl/tls13_handshake_msg.c delete mode 100644 src/lib/libssl/tls13_internal.h delete mode 100644 src/lib/libssl/tls13_key_schedule.c delete mode 100644 src/lib/libssl/tls13_legacy.c delete mode 100644 src/lib/libssl/tls13_lib.c delete mode 100644 src/lib/libssl/tls13_quic.c delete mode 100644 src/lib/libssl/tls13_record.c delete mode 100644 src/lib/libssl/tls13_record.h delete mode 100644 src/lib/libssl/tls13_record_layer.c delete mode 100644 src/lib/libssl/tls13_server.c delete mode 100644 src/lib/libssl/tls_buffer.c delete mode 100644 src/lib/libssl/tls_content.c delete mode 100644 src/lib/libssl/tls_content.h delete mode 100644 src/lib/libssl/tls_internal.h delete mode 100644 src/lib/libssl/tls_key_share.c delete mode 100644 src/lib/libssl/tls_lib.c (limited to 'src/lib/libssl') diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE deleted file mode 100644 index 892e14a450..0000000000 --- a/src/lib/libssl/LICENSE +++ /dev/null @@ -1,133 +0,0 @@ - - LibReSSL files are retained under the copyright of the authors. New - additions are ISC licensed as per OpenBSD's normal licensing policy, - or are placed in the public domain. - - The OpenSSL code is distributed under the terms of the original OpenSSL - licenses which follow: - - LICENSE ISSUES - ============== - - The OpenSSL toolkit stays under a dual license, i.e. both the conditions of - the OpenSSL License and the original SSLeay license apply to the toolkit. - See below for the actual license texts. In case of any license issues - related to OpenSSL please contact openssl-core@openssl.org. - - OpenSSL License - --------------- - -/* ==================================================================== - * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - - Original SSLeay License - ----------------------- - -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile deleted file mode 100644 index 652ad4238f..0000000000 --- a/src/lib/libssl/Makefile +++ /dev/null @@ -1,127 +0,0 @@ -# $OpenBSD: Makefile,v 1.85 2024/08/11 13:04:46 jsing Exp $ - -.include -.ifndef NOMAN -SUBDIR= man -.endif - -PC_FILES=openssl.pc libssl.pc - -CLEANFILES=${PC_FILES} ${VERSION_SCRIPT} - -LIB= ssl - -CFLAGS+= -Wall -Wundef -.if ${COMPILER_VERSION:L} == "clang" -CFLAGS+= -Werror -Wshadow -.endif -CFLAGS+= -DLIBRESSL_INTERNAL - -CFLAGS+= -DLIBRESSL_NAMESPACE - -.ifdef TLS1_3_DEBUG -CFLAGS+= -DTLS13_DEBUG -.endif -CFLAGS+= -I${.CURDIR} -CFLAGS+= -I${.CURDIR}/../libcrypto -CFLAGS+= -I${.CURDIR}/../libcrypto/arch/${MACHINE_CPU} -CFLAGS+= -I${.CURDIR}/../libcrypto/hidden -CFLAGS+= -I${.CURDIR}/../libcrypto/bio -CFLAGS+= -I${.CURDIR}/hidden - -LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto - -VERSION_SCRIPT= Symbols.map -SYMBOL_LIST= ${.CURDIR}/Symbols.list - -SRCS= \ - bio_ssl.c \ - bs_ber.c \ - bs_cbb.c \ - bs_cbs.c \ - d1_both.c \ - d1_lib.c \ - d1_pkt.c \ - d1_srtp.c \ - pqueue.c \ - s3_cbc.c \ - s3_lib.c \ - ssl_asn1.c \ - ssl_both.c \ - ssl_cert.c \ - ssl_ciph.c \ - ssl_ciphers.c \ - ssl_clnt.c \ - ssl_err.c \ - ssl_init.c \ - ssl_kex.c \ - ssl_lib.c \ - ssl_methods.c \ - ssl_packet.c \ - ssl_pkt.c \ - ssl_rsa.c \ - ssl_seclevel.c \ - ssl_sess.c \ - ssl_sigalgs.c \ - ssl_srvr.c \ - ssl_stat.c \ - ssl_tlsext.c \ - ssl_transcript.c \ - ssl_txt.c \ - ssl_versions.c \ - t1_enc.c \ - t1_lib.c \ - tls12_key_schedule.c \ - tls12_lib.c \ - tls12_record_layer.c \ - tls13_client.c \ - tls13_error.c \ - tls13_handshake.c \ - tls13_handshake_msg.c \ - tls13_key_schedule.c \ - tls13_legacy.c \ - tls13_lib.c \ - tls13_quic.c \ - tls13_record.c \ - tls13_record_layer.c \ - tls13_server.c \ - tls_buffer.c \ - tls_content.c \ - tls_key_share.c \ - tls_lib.c - -HDRS= dtls1.h srtp.h ssl.h ssl3.h tls1.h - -.PATH: ${.CURDIR} - -includes: - @test -d ${DESTDIR}/usr/include/openssl || \ - mkdir ${DESTDIR}/usr/include/openssl - @cd ${.CURDIR}; for i in $(HDRS); do \ - j="cmp -s $$i ${DESTDIR}/usr/include/openssl/`basename $$i` || \ - ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 $$i\ - ${DESTDIR}/usr/include/openssl"; \ - echo $$j; \ - eval "$$j"; \ - done; - -${VERSION_SCRIPT}: ${SYMBOL_LIST} - { printf '{\n\tglobal:\n'; \ - sed '/^[._a-zA-Z]/s/$$/;/; s/^/ /' ${SYMBOL_LIST}; \ - printf '\n\tlocal:\n\t\t*;\n};\n'; } >$@.tmp && mv $@.tmp $@ - -.include - -all: ${PC_FILES} -${PC_FILES}: ${.CURDIR}/../libcrypto/opensslv.h - /bin/sh ${.CURDIR}/generate_pkgconfig.sh -c ${.CURDIR} -o ${.OBJDIR} - -beforeinstall: - nm -o lib${LIB}.a | egrep -w 'printf|fprintf' && \ - (echo please fix stdio usage in this library; false) || true -.for p in ${PC_FILES} - ${INSTALL} ${INSTALL_COPY} -o root -g ${SHAREGRP} \ - -m ${SHAREMODE} ${.OBJDIR}/$p ${DESTDIR}/usr/lib/pkgconfig/ -.endfor - -.include diff --git a/src/lib/libssl/Symbols.list b/src/lib/libssl/Symbols.list deleted file mode 100644 index 65cd3e7f86..0000000000 --- a/src/lib/libssl/Symbols.list +++ /dev/null @@ -1,362 +0,0 @@ -BIO_f_ssl -BIO_new_buffer_ssl_connect -BIO_new_ssl -BIO_new_ssl_connect -BIO_ssl_copy_session_id -BIO_ssl_shutdown -DTLS_client_method -DTLS_method -DTLS_server_method -DTLSv1_2_client_method -DTLSv1_2_method -DTLSv1_2_server_method -DTLSv1_client_method -DTLSv1_method -DTLSv1_server_method -ERR_load_SSL_strings -OPENSSL_init_ssl -PEM_read_SSL_SESSION -PEM_read_bio_SSL_SESSION -PEM_write_SSL_SESSION -PEM_write_bio_SSL_SESSION -SSL_CIPHER_description -SSL_CIPHER_find -SSL_CIPHER_get_auth_nid -SSL_CIPHER_get_bits -SSL_CIPHER_get_cipher_nid -SSL_CIPHER_get_digest_nid -SSL_CIPHER_get_handshake_digest -SSL_CIPHER_get_id -SSL_CIPHER_get_kx_nid -SSL_CIPHER_get_name -SSL_CIPHER_get_value -SSL_CIPHER_get_version -SSL_CIPHER_is_aead -SSL_COMP_get_compression_methods -SSL_COMP_get_name -SSL_CTX_add0_chain_cert -SSL_CTX_add1_chain_cert -SSL_CTX_add_client_CA -SSL_CTX_add_session -SSL_CTX_callback_ctrl -SSL_CTX_check_private_key -SSL_CTX_clear_chain_certs -SSL_CTX_ctrl -SSL_CTX_flush_sessions -SSL_CTX_free -SSL_CTX_get0_certificate -SSL_CTX_get0_chain_certs -SSL_CTX_get0_param -SSL_CTX_get0_privatekey -SSL_CTX_get_cert_store -SSL_CTX_get_ciphers -SSL_CTX_get_client_CA_list -SSL_CTX_get_client_cert_cb -SSL_CTX_get_default_passwd_cb -SSL_CTX_get_default_passwd_cb_userdata -SSL_CTX_get_ex_data -SSL_CTX_get_ex_new_index -SSL_CTX_get_info_callback -SSL_CTX_get_keylog_callback -SSL_CTX_get_max_early_data -SSL_CTX_get_max_proto_version -SSL_CTX_get_min_proto_version -SSL_CTX_get_num_tickets -SSL_CTX_get_quiet_shutdown -SSL_CTX_get_security_level -SSL_CTX_get_ssl_method -SSL_CTX_get_timeout -SSL_CTX_get_verify_callback -SSL_CTX_get_verify_depth -SSL_CTX_get_verify_mode -SSL_CTX_load_verify_locations -SSL_CTX_load_verify_mem -SSL_CTX_new -SSL_CTX_remove_session -SSL_CTX_sess_get_get_cb -SSL_CTX_sess_get_new_cb -SSL_CTX_sess_get_remove_cb -SSL_CTX_sess_set_get_cb -SSL_CTX_sess_set_new_cb -SSL_CTX_sess_set_remove_cb -SSL_CTX_sessions -SSL_CTX_set0_chain -SSL_CTX_set1_cert_store -SSL_CTX_set1_chain -SSL_CTX_set1_groups -SSL_CTX_set1_groups_list -SSL_CTX_set1_param -SSL_CTX_set_alpn_protos -SSL_CTX_set_alpn_select_cb -SSL_CTX_set_cert_store -SSL_CTX_set_cert_verify_callback -SSL_CTX_set_cipher_list -SSL_CTX_set_ciphersuites -SSL_CTX_set_client_CA_list -SSL_CTX_set_client_cert_cb -SSL_CTX_set_cookie_generate_cb -SSL_CTX_set_cookie_verify_cb -SSL_CTX_set_default_passwd_cb -SSL_CTX_set_default_passwd_cb_userdata -SSL_CTX_set_default_verify_paths -SSL_CTX_set_ex_data -SSL_CTX_set_generate_session_id -SSL_CTX_set_info_callback -SSL_CTX_set_keylog_callback -SSL_CTX_set_max_early_data -SSL_CTX_set_max_proto_version -SSL_CTX_set_min_proto_version -SSL_CTX_set_msg_callback -SSL_CTX_set_next_proto_select_cb -SSL_CTX_set_next_protos_advertised_cb -SSL_CTX_set_num_tickets -SSL_CTX_set_post_handshake_auth -SSL_CTX_set_purpose -SSL_CTX_set_quic_method -SSL_CTX_set_quiet_shutdown -SSL_CTX_set_security_level -SSL_CTX_set_session_id_context -SSL_CTX_set_ssl_version -SSL_CTX_set_timeout -SSL_CTX_set_tlsext_use_srtp -SSL_CTX_set_tmp_dh_callback -SSL_CTX_set_tmp_ecdh_callback -SSL_CTX_set_tmp_rsa_callback -SSL_CTX_set_trust -SSL_CTX_set_verify -SSL_CTX_set_verify_depth -SSL_CTX_up_ref -SSL_CTX_use_PrivateKey -SSL_CTX_use_PrivateKey_ASN1 -SSL_CTX_use_PrivateKey_file -SSL_CTX_use_RSAPrivateKey -SSL_CTX_use_RSAPrivateKey_ASN1 -SSL_CTX_use_RSAPrivateKey_file -SSL_CTX_use_certificate -SSL_CTX_use_certificate_ASN1 -SSL_CTX_use_certificate_chain_file -SSL_CTX_use_certificate_chain_mem -SSL_CTX_use_certificate_file -SSL_SESSION_free -SSL_SESSION_get0_cipher -SSL_SESSION_get0_id_context -SSL_SESSION_get0_peer -SSL_SESSION_get_compress_id -SSL_SESSION_get_ex_data -SSL_SESSION_get_ex_new_index -SSL_SESSION_get_id -SSL_SESSION_get_master_key -SSL_SESSION_get_max_early_data -SSL_SESSION_get_protocol_version -SSL_SESSION_get_ticket_lifetime_hint -SSL_SESSION_get_time -SSL_SESSION_get_timeout -SSL_SESSION_has_ticket -SSL_SESSION_is_resumable -SSL_SESSION_new -SSL_SESSION_print -SSL_SESSION_print_fp -SSL_SESSION_set1_id -SSL_SESSION_set1_id_context -SSL_SESSION_set_ex_data -SSL_SESSION_set_max_early_data -SSL_SESSION_set_time -SSL_SESSION_set_timeout -SSL_SESSION_up_ref -SSL_accept -SSL_add0_chain_cert -SSL_add1_chain_cert -SSL_add_client_CA -SSL_add_dir_cert_subjects_to_stack -SSL_add_file_cert_subjects_to_stack -SSL_alert_desc_string -SSL_alert_desc_string_long -SSL_alert_type_string -SSL_alert_type_string_long -SSL_cache_hit -SSL_callback_ctrl -SSL_check_private_key -SSL_clear -SSL_clear_chain_certs -SSL_connect -SSL_copy_session_id -SSL_ctrl -SSL_do_handshake -SSL_dup -SSL_dup_CA_list -SSL_export_keying_material -SSL_free -SSL_get0_alpn_selected -SSL_get0_chain_certs -SSL_get0_next_proto_negotiated -SSL_get0_param -SSL_get0_peername -SSL_get0_verified_chain -SSL_get1_session -SSL_get1_supported_ciphers -SSL_get_SSL_CTX -SSL_get_certificate -SSL_get_cipher_list -SSL_get_ciphers -SSL_get_client_CA_list -SSL_get_client_ciphers -SSL_get_client_random -SSL_get_current_cipher -SSL_get_current_compression -SSL_get_current_expansion -SSL_get_default_timeout -SSL_get_early_data_status -SSL_get_error -SSL_get_ex_data -SSL_get_ex_data_X509_STORE_CTX_idx -SSL_get_ex_new_index -SSL_get_fd -SSL_get_finished -SSL_get_info_callback -SSL_get_max_early_data -SSL_get_max_proto_version -SSL_get_min_proto_version -SSL_get_num_tickets -SSL_get_peer_cert_chain -SSL_get_peer_certificate -SSL_get_peer_finished -SSL_get_peer_quic_transport_params -SSL_get_peer_signature_type_nid -SSL_get_privatekey -SSL_get_quiet_shutdown -SSL_get_rbio -SSL_get_read_ahead -SSL_get_rfd -SSL_get_security_level -SSL_get_selected_srtp_profile -SSL_get_server_random -SSL_get_servername -SSL_get_servername_type -SSL_get_session -SSL_get_shared_ciphers -SSL_get_shutdown -SSL_get_signature_type_nid -SSL_get_srtp_profiles -SSL_get_ssl_method -SSL_get_verify_callback -SSL_get_verify_depth -SSL_get_verify_mode -SSL_get_verify_result -SSL_get_version -SSL_get_wbio -SSL_get_wfd -SSL_has_matching_session_id -SSL_is_dtls -SSL_is_quic -SSL_is_server -SSL_library_init -SSL_load_client_CA_file -SSL_load_error_strings -SSL_new -SSL_peek -SSL_peek_ex -SSL_pending -SSL_process_quic_post_handshake -SSL_provide_quic_data -SSL_quic_max_handshake_flight_len -SSL_quic_read_level -SSL_quic_write_level -SSL_read -SSL_read_early_data -SSL_read_ex -SSL_renegotiate -SSL_renegotiate_abbreviated -SSL_renegotiate_pending -SSL_rstate_string -SSL_rstate_string_long -SSL_select_next_proto -SSL_set0_chain -SSL_set0_rbio -SSL_set1_chain -SSL_set1_groups -SSL_set1_groups_list -SSL_set1_host -SSL_set1_param -SSL_set_SSL_CTX -SSL_set_accept_state -SSL_set_alpn_protos -SSL_set_bio -SSL_set_cipher_list -SSL_set_ciphersuites -SSL_set_client_CA_list -SSL_set_connect_state -SSL_set_ex_data -SSL_set_fd -SSL_set_generate_session_id -SSL_set_hostflags -SSL_set_info_callback -SSL_set_max_early_data -SSL_set_max_proto_version -SSL_set_min_proto_version -SSL_set_msg_callback -SSL_set_num_tickets -SSL_set_post_handshake_auth -SSL_set_psk_use_session_callback -SSL_set_purpose -SSL_set_quic_method -SSL_set_quic_transport_params -SSL_set_quic_use_legacy_codepoint -SSL_set_quiet_shutdown -SSL_set_read_ahead -SSL_set_rfd -SSL_set_security_level -SSL_set_session -SSL_set_session_id_context -SSL_set_session_secret_cb -SSL_set_session_ticket_ext -SSL_set_session_ticket_ext_cb -SSL_set_shutdown -SSL_set_ssl_method -SSL_set_state -SSL_set_tlsext_use_srtp -SSL_set_tmp_dh_callback -SSL_set_tmp_ecdh_callback -SSL_set_tmp_rsa_callback -SSL_set_trust -SSL_set_verify -SSL_set_verify_depth -SSL_set_verify_result -SSL_set_wfd -SSL_shutdown -SSL_state -SSL_state_string -SSL_state_string_long -SSL_up_ref -SSL_use_PrivateKey -SSL_use_PrivateKey_ASN1 -SSL_use_PrivateKey_file -SSL_use_RSAPrivateKey -SSL_use_RSAPrivateKey_ASN1 -SSL_use_RSAPrivateKey_file -SSL_use_certificate -SSL_use_certificate_ASN1 -SSL_use_certificate_chain_file -SSL_use_certificate_file -SSL_verify_client_post_handshake -SSL_version -SSL_want -SSL_write -SSL_write_early_data -SSL_write_ex -SSLv23_client_method -SSLv23_method -SSLv23_server_method -TLS_client_method -TLS_method -TLS_server_method -TLSv1_1_client_method -TLSv1_1_method -TLSv1_1_server_method -TLSv1_2_client_method -TLSv1_2_method -TLSv1_2_server_method -TLSv1_client_method -TLSv1_method -TLSv1_server_method -d2i_SSL_SESSION -i2d_SSL_SESSION diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c deleted file mode 100644 index 6dd1699606..0000000000 --- a/src/lib/libssl/bio_ssl.c +++ /dev/null @@ -1,596 +0,0 @@ -/* $OpenBSD: bio_ssl.c,v 1.40 2023/07/19 13:34:33 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include - -#include -#include -#include -#include - -#include "bio_local.h" -#include "ssl_local.h" - -static int ssl_write(BIO *h, const char *buf, int num); -static int ssl_read(BIO *h, char *buf, int size); -static int ssl_puts(BIO *h, const char *str); -static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int ssl_new(BIO *h); -static int ssl_free(BIO *data); -static long ssl_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); -typedef struct bio_ssl_st { - SSL *ssl; /* The ssl handle :-) */ - /* re-negotiate every time the total number of bytes is this size */ - int num_renegotiates; - unsigned long renegotiate_count; - unsigned long byte_count; - unsigned long renegotiate_timeout; - time_t last_time; -} BIO_SSL; - -static const BIO_METHOD methods_sslp = { - .type = BIO_TYPE_SSL, - .name = "ssl", - .bwrite = ssl_write, - .bread = ssl_read, - .bputs = ssl_puts, - .ctrl = ssl_ctrl, - .create = ssl_new, - .destroy = ssl_free, - .callback_ctrl = ssl_callback_ctrl, -}; - -const BIO_METHOD * -BIO_f_ssl(void) -{ - return (&methods_sslp); -} -LSSL_ALIAS(BIO_f_ssl); - -static int -ssl_new(BIO *bi) -{ - BIO_SSL *bs; - - bs = calloc(1, sizeof(BIO_SSL)); - if (bs == NULL) { - SSLerrorx(ERR_R_MALLOC_FAILURE); - return (0); - } - bi->init = 0; - bi->ptr = (char *)bs; - bi->flags = 0; - return (1); -} -LSSL_ALIAS(BIO_f_ssl); - -static int -ssl_free(BIO *a) -{ - BIO_SSL *bs; - - if (a == NULL) - return (0); - bs = (BIO_SSL *)a->ptr; - if (bs->ssl != NULL) - SSL_shutdown(bs->ssl); - if (a->shutdown) { - if (a->init && (bs->ssl != NULL)) - SSL_free(bs->ssl); - a->init = 0; - a->flags = 0; - } - free(a->ptr); - return (1); -} - -static int -ssl_read(BIO *b, char *out, int outl) -{ - int ret = 1; - BIO_SSL *sb; - SSL *ssl; - int retry_reason = 0; - int r = 0; - - if (out == NULL) - return (0); - sb = (BIO_SSL *)b->ptr; - ssl = sb->ssl; - - BIO_clear_retry_flags(b); - - ret = SSL_read(ssl, out, outl); - - switch (SSL_get_error(ssl, ret)) { - case SSL_ERROR_NONE: - if (ret <= 0) - break; - if (sb->renegotiate_count > 0) { - sb->byte_count += ret; - if (sb->byte_count > sb->renegotiate_count) { - sb->byte_count = 0; - sb->num_renegotiates++; - SSL_renegotiate(ssl); - r = 1; - } - } - if ((sb->renegotiate_timeout > 0) && (!r)) { - time_t tm; - - tm = time(NULL); - if (tm > sb->last_time + sb->renegotiate_timeout) { - sb->last_time = tm; - sb->num_renegotiates++; - SSL_renegotiate(ssl); - } - } - - break; - case SSL_ERROR_WANT_READ: - BIO_set_retry_read(b); - break; - case SSL_ERROR_WANT_WRITE: - BIO_set_retry_write(b); - break; - case SSL_ERROR_WANT_X509_LOOKUP: - BIO_set_retry_special(b); - retry_reason = BIO_RR_SSL_X509_LOOKUP; - break; - case SSL_ERROR_WANT_ACCEPT: - BIO_set_retry_special(b); - retry_reason = BIO_RR_ACCEPT; - break; - case SSL_ERROR_WANT_CONNECT: - BIO_set_retry_special(b); - retry_reason = BIO_RR_CONNECT; - break; - case SSL_ERROR_SYSCALL: - case SSL_ERROR_SSL: - case SSL_ERROR_ZERO_RETURN: - default: - break; - } - - b->retry_reason = retry_reason; - return (ret); -} - -static int -ssl_write(BIO *b, const char *out, int outl) -{ - int ret, r = 0; - int retry_reason = 0; - SSL *ssl; - BIO_SSL *bs; - - if (out == NULL) - return (0); - bs = (BIO_SSL *)b->ptr; - ssl = bs->ssl; - - BIO_clear_retry_flags(b); - -/* ret=SSL_do_handshake(ssl); - if (ret > 0) */ - ret = SSL_write(ssl, out, outl); - - switch (SSL_get_error(ssl, ret)) { - case SSL_ERROR_NONE: - if (ret <= 0) - break; - if (bs->renegotiate_count > 0) { - bs->byte_count += ret; - if (bs->byte_count > bs->renegotiate_count) { - bs->byte_count = 0; - bs->num_renegotiates++; - SSL_renegotiate(ssl); - r = 1; - } - } - if ((bs->renegotiate_timeout > 0) && (!r)) { - time_t tm; - - tm = time(NULL); - if (tm > bs->last_time + bs->renegotiate_timeout) { - bs->last_time = tm; - bs->num_renegotiates++; - SSL_renegotiate(ssl); - } - } - break; - case SSL_ERROR_WANT_WRITE: - BIO_set_retry_write(b); - break; - case SSL_ERROR_WANT_READ: - BIO_set_retry_read(b); - break; - case SSL_ERROR_WANT_X509_LOOKUP: - BIO_set_retry_special(b); - retry_reason = BIO_RR_SSL_X509_LOOKUP; - break; - case SSL_ERROR_WANT_CONNECT: - BIO_set_retry_special(b); - retry_reason = BIO_RR_CONNECT; - case SSL_ERROR_SYSCALL: - case SSL_ERROR_SSL: - default: - break; - } - - b->retry_reason = retry_reason; - return (ret); -} - -static long -ssl_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - SSL **sslp, *ssl; - BIO_SSL *bs; - BIO *dbio, *bio; - long ret = 1; - - bs = (BIO_SSL *)b->ptr; - ssl = bs->ssl; - if ((ssl == NULL) && (cmd != BIO_C_SET_SSL)) - return (0); - switch (cmd) { - case BIO_CTRL_RESET: - SSL_shutdown(ssl); - - if (ssl->handshake_func == ssl->method->ssl_connect) - SSL_set_connect_state(ssl); - else if (ssl->handshake_func == ssl->method->ssl_accept) - SSL_set_accept_state(ssl); - - SSL_clear(ssl); - - if (b->next_bio != NULL) - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - else if (ssl->rbio != NULL) - ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); - else - ret = 1; - break; - case BIO_CTRL_INFO: - ret = 0; - break; - case BIO_C_SSL_MODE: - if (num) /* client mode */ - SSL_set_connect_state(ssl); - else - SSL_set_accept_state(ssl); - break; - case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT: - ret = bs->renegotiate_timeout; - if (num < 60) - num = 5; - bs->renegotiate_timeout = (unsigned long)num; - bs->last_time = time(NULL); - break; - case BIO_C_SET_SSL_RENEGOTIATE_BYTES: - ret = bs->renegotiate_count; - if ((long)num >=512) - bs->renegotiate_count = (unsigned long)num; - break; - case BIO_C_GET_SSL_NUM_RENEGOTIATES: - ret = bs->num_renegotiates; - break; - case BIO_C_SET_SSL: - if (ssl != NULL) { - ssl_free(b); - if (!ssl_new(b)) - return 0; - } - b->shutdown = (int)num; - ssl = (SSL *)ptr; - ((BIO_SSL *)b->ptr)->ssl = ssl; - bio = SSL_get_rbio(ssl); - if (bio != NULL) { - if (b->next_bio != NULL) - BIO_push(bio, b->next_bio); - b->next_bio = bio; - CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO); - } - b->init = 1; - break; - case BIO_C_GET_SSL: - if (ptr != NULL) { - sslp = (SSL **)ptr; - *sslp = ssl; - } else - ret = 0; - break; - case BIO_CTRL_GET_CLOSE: - ret = b->shutdown; - break; - case BIO_CTRL_SET_CLOSE: - b->shutdown = (int)num; - break; - case BIO_CTRL_WPENDING: - ret = BIO_ctrl(ssl->wbio, cmd, num, ptr); - break; - case BIO_CTRL_PENDING: - ret = SSL_pending(ssl); - if (ret == 0) - ret = BIO_pending(ssl->rbio); - break; - case BIO_CTRL_FLUSH: - BIO_clear_retry_flags(b); - ret = BIO_ctrl(ssl->wbio, cmd, num, ptr); - BIO_copy_next_retry(b); - break; - case BIO_CTRL_PUSH: - if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) { - SSL_set_bio(ssl, b->next_bio, b->next_bio); - CRYPTO_add(&b->next_bio->references, 1, - CRYPTO_LOCK_BIO); - } - break; - case BIO_CTRL_POP: - /* Only detach if we are the BIO explicitly being popped */ - if (b == ptr) { - /* Shouldn't happen in practice because the - * rbio and wbio are the same when pushed. - */ - if (ssl->rbio != ssl->wbio) - BIO_free_all(ssl->wbio); - if (b->next_bio != NULL) - CRYPTO_add(&b->next_bio->references, -1, CRYPTO_LOCK_BIO); - ssl->wbio = NULL; - ssl->rbio = NULL; - } - break; - case BIO_C_DO_STATE_MACHINE: - BIO_clear_retry_flags(b); - - b->retry_reason = 0; - ret = (int)SSL_do_handshake(ssl); - - switch (SSL_get_error(ssl, (int)ret)) { - case SSL_ERROR_WANT_READ: - BIO_set_flags(b, - BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); - break; - case SSL_ERROR_WANT_WRITE: - BIO_set_flags(b, - BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY); - break; - case SSL_ERROR_WANT_CONNECT: - BIO_set_flags(b, - BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY); - b->retry_reason = b->next_bio->retry_reason; - break; - default: - break; - } - break; - case BIO_CTRL_DUP: - dbio = (BIO *)ptr; - if (((BIO_SSL *)dbio->ptr)->ssl != NULL) - SSL_free(((BIO_SSL *)dbio->ptr)->ssl); - ((BIO_SSL *)dbio->ptr)->ssl = SSL_dup(ssl); - ((BIO_SSL *)dbio->ptr)->renegotiate_count = - ((BIO_SSL *)b->ptr)->renegotiate_count; - ((BIO_SSL *)dbio->ptr)->byte_count = - ((BIO_SSL *)b->ptr)->byte_count; - ((BIO_SSL *)dbio->ptr)->renegotiate_timeout = - ((BIO_SSL *)b->ptr)->renegotiate_timeout; - ((BIO_SSL *)dbio->ptr)->last_time = - ((BIO_SSL *)b->ptr)->last_time; - ret = (((BIO_SSL *)dbio->ptr)->ssl != NULL); - break; - case BIO_C_GET_FD: - ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); - break; - case BIO_CTRL_SET_CALLBACK: - { - ret = 0; - } - break; - case BIO_CTRL_GET_CALLBACK: - { - void (**fptr)(const SSL *xssl, int type, int val); - - fptr = (void (**)(const SSL *xssl, int type, int val)) - ptr; - *fptr = SSL_get_info_callback(ssl); - } - break; - default: - ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); - break; - } - return (ret); -} - -static long -ssl_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) -{ - SSL *ssl; - BIO_SSL *bs; - long ret = 1; - - bs = (BIO_SSL *)b->ptr; - ssl = bs->ssl; - switch (cmd) { - case BIO_CTRL_SET_CALLBACK: - { - /* FIXME: setting this via a completely different prototype - seems like a crap idea */ - SSL_set_info_callback(ssl, - (void (*)(const SSL *, int, int))fp); - } - break; - default: - ret = BIO_callback_ctrl(ssl->rbio, cmd, fp); - break; - } - return (ret); -} - -static int -ssl_puts(BIO *bp, const char *str) -{ - int n, ret; - - n = strlen(str); - ret = BIO_write(bp, str, n); - return (ret); -} - -BIO * -BIO_new_buffer_ssl_connect(SSL_CTX *ctx) -{ - BIO *ret = NULL, *buf = NULL, *ssl = NULL; - - if ((buf = BIO_new(BIO_f_buffer())) == NULL) - goto err; - if ((ssl = BIO_new_ssl_connect(ctx)) == NULL) - goto err; - if ((ret = BIO_push(buf, ssl)) == NULL) - goto err; - return (ret); - - err: - BIO_free(buf); - BIO_free(ssl); - return (NULL); -} -LSSL_ALIAS(BIO_new_buffer_ssl_connect); - -BIO * -BIO_new_ssl_connect(SSL_CTX *ctx) -{ - BIO *ret = NULL, *con = NULL, *ssl = NULL; - - if ((con = BIO_new(BIO_s_connect())) == NULL) - goto err; - if ((ssl = BIO_new_ssl(ctx, 1)) == NULL) - goto err; - if ((ret = BIO_push(ssl, con)) == NULL) - goto err; - return (ret); - - err: - BIO_free(con); - BIO_free(ssl); - return (NULL); -} -LSSL_ALIAS(BIO_new_ssl_connect); - -BIO * -BIO_new_ssl(SSL_CTX *ctx, int client) -{ - BIO *ret; - SSL *ssl; - - if ((ret = BIO_new(BIO_f_ssl())) == NULL) - goto err; - if ((ssl = SSL_new(ctx)) == NULL) - goto err; - - if (client) - SSL_set_connect_state(ssl); - else - SSL_set_accept_state(ssl); - - BIO_set_ssl(ret, ssl, BIO_CLOSE); - return (ret); - - err: - BIO_free(ret); - return (NULL); -} -LSSL_ALIAS(BIO_new_ssl); - -int -BIO_ssl_copy_session_id(BIO *t, BIO *f) -{ - t = BIO_find_type(t, BIO_TYPE_SSL); - f = BIO_find_type(f, BIO_TYPE_SSL); - if ((t == NULL) || (f == NULL)) - return (0); - if ((((BIO_SSL *)t->ptr)->ssl == NULL) || - (((BIO_SSL *)f->ptr)->ssl == NULL)) - return (0); - if (!SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl, - ((BIO_SSL *)f->ptr)->ssl)) - return (0); - return (1); -} -LSSL_ALIAS(BIO_ssl_copy_session_id); - -void -BIO_ssl_shutdown(BIO *b) -{ - SSL *s; - - while (b != NULL) { - if (b->method->type == BIO_TYPE_SSL) { - s = ((BIO_SSL *)b->ptr)->ssl; - SSL_shutdown(s); - break; - } - b = b->next_bio; - } -} -LSSL_ALIAS(BIO_ssl_shutdown); diff --git a/src/lib/libssl/bs_ber.c b/src/lib/libssl/bs_ber.c deleted file mode 100644 index 923ec06f3d..0000000000 --- a/src/lib/libssl/bs_ber.c +++ /dev/null @@ -1,270 +0,0 @@ -/* $OpenBSD: bs_ber.c,v 1.13 2025/03/28 12:13:03 tb Exp $ */ -/* - * Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include - -#include "bytestring.h" - -/* - * kMaxDepth is a just a sanity limit. The code should be such that the length - * of the input being processes always decreases. None the less, a very large - * input could otherwise cause the stack to overflow. - */ -static const unsigned int kMaxDepth = 2048; - -/* Non-strict version that allows a relaxed DER with indefinite form. */ -static int -cbs_nonstrict_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag, - size_t *out_header_len) -{ - return cbs_get_any_asn1_element_internal(cbs, out, - out_tag, out_header_len, 0); -} - -/* - * cbs_find_indefinite walks an ASN.1 structure in |orig_in| and sets - * |*indefinite_found| depending on whether an indefinite length element was - * found. The value of |orig_in| is not modified. - * - * Returns one on success (i.e. |*indefinite_found| was set) and zero on error. - */ -static int -cbs_find_indefinite(const CBS *orig_in, char *indefinite_found, - unsigned int depth) -{ - CBS in; - - if (depth > kMaxDepth) - return 0; - - CBS_init(&in, CBS_data(orig_in), CBS_len(orig_in)); - - while (CBS_len(&in) > 0) { - CBS contents; - unsigned int tag; - size_t header_len; - - if (!cbs_nonstrict_get_any_asn1_element(&in, &contents, &tag, - &header_len)) - return 0; - - /* Indefinite form not allowed by DER. */ - if (CBS_len(&contents) == header_len && header_len > 0 && - CBS_data(&contents)[header_len - 1] == 0x80) { - *indefinite_found = 1; - return 1; - } - if (tag & CBS_ASN1_CONSTRUCTED) { - if (!CBS_skip(&contents, header_len) || - !cbs_find_indefinite(&contents, indefinite_found, - depth + 1)) - return 0; - } - } - - *indefinite_found = 0; - return 1; -} - -/* - * is_primitive_type returns true if |tag| likely a primitive type. Normally - * one can just test the "constructed" bit in the tag but, in BER, even - * primitive tags can have the constructed bit if they have indefinite - * length. - */ -static char -is_primitive_type(unsigned int tag) -{ - return (tag & 0xc0) == 0 && - (tag & 0x1f) != (CBS_ASN1_SEQUENCE & 0x1f) && - (tag & 0x1f) != (CBS_ASN1_SET & 0x1f); -} - -/* - * is_eoc returns true if |header_len| and |contents|, as returned by - * |cbs_nonstrict_get_any_asn1_element|, indicate an "end of contents" (EOC) - * value. - */ -static char -is_eoc(size_t header_len, CBS *contents) -{ - const unsigned char eoc[] = {0x0, 0x0}; - - return header_len == 2 && CBS_mem_equal(contents, eoc, 2); -} - -/* - * cbs_convert_indefinite reads data with DER encoding (but relaxed to allow - * indefinite form) from |in| and writes definite form DER data to |out|. If - * |squash_header| is set then the top-level of elements from |in| will not - * have their headers written. This is used when concatenating the fragments of - * an indefinite length, primitive value. If |looking_for_eoc| is set then any - * EOC elements found will cause the function to return after consuming it. - * It returns one on success and zero on error. - */ -static int -cbs_convert_indefinite(CBS *in, CBB *out, char squash_header, - char looking_for_eoc, unsigned int depth) -{ - if (depth > kMaxDepth) - return 0; - - while (CBS_len(in) > 0) { - CBS contents; - unsigned int tag; - size_t header_len; - CBB *out_contents, out_contents_storage; - - if (!cbs_nonstrict_get_any_asn1_element(in, &contents, &tag, - &header_len)) - return 0; - - out_contents = out; - - if (CBS_len(&contents) == header_len) { - if (is_eoc(header_len, &contents)) - return looking_for_eoc; - - if (header_len > 0 && - CBS_data(&contents)[header_len - 1] == 0x80) { - /* - * This is an indefinite length element. If - * it's a SEQUENCE or SET then we just need to - * write the out the contents as normal, but - * with a concrete length prefix. - * - * If it's a something else then the contents - * will be a series of DER elements of the same - * type which need to be concatenated. - */ - const char context_specific = (tag & 0xc0) - == 0x80; - char squash_child_headers = - is_primitive_type(tag); - - /* - * This is a hack, but it sufficies to handle - * NSS's output. If we find an indefinite - * length, context-specific tag with a definite, - * primitive tag inside it, then we assume that - * the context-specific tag is implicit and the - * tags within are fragments of a primitive type - * that need to be concatenated. - */ - if (context_specific && - (tag & CBS_ASN1_CONSTRUCTED)) { - CBS in_copy, inner_contents; - unsigned int inner_tag; - size_t inner_header_len; - - CBS_init(&in_copy, CBS_data(in), - CBS_len(in)); - if (!cbs_nonstrict_get_any_asn1_element( - &in_copy, &inner_contents, - &inner_tag, &inner_header_len)) - return 0; - - if (CBS_len(&inner_contents) > - inner_header_len && - is_primitive_type(inner_tag)) - squash_child_headers = 1; - } - - if (!squash_header) { - unsigned int out_tag = tag; - - if (squash_child_headers) - out_tag &= - ~CBS_ASN1_CONSTRUCTED; - - if (!CBB_add_asn1(out, - &out_contents_storage, out_tag)) - return 0; - - out_contents = &out_contents_storage; - } - - if (!cbs_convert_indefinite(in, out_contents, - squash_child_headers, - 1 /* looking for eoc */, depth + 1)) - return 0; - - if (out_contents != out && !CBB_flush(out)) - return 0; - - continue; - } - } - - if (!squash_header) { - if (!CBB_add_asn1(out, &out_contents_storage, tag)) - return 0; - - out_contents = &out_contents_storage; - } - - if (!CBS_skip(&contents, header_len)) - return 0; - - if (tag & CBS_ASN1_CONSTRUCTED) { - if (!cbs_convert_indefinite(&contents, out_contents, - 0 /* don't squash header */, - 0 /* not looking for eoc */, depth + 1)) - return 0; - } else { - if (!CBB_add_bytes(out_contents, CBS_data(&contents), - CBS_len(&contents))) - return 0; - } - - if (out_contents != out && !CBB_flush(out)) - return 0; - } - - return looking_for_eoc == 0; -} - -int -CBS_asn1_indefinite_to_definite(CBS *in, uint8_t **out, size_t *out_len) -{ - CBB cbb; - - /* - * First, do a quick walk to find any indefinite-length elements. Most - * of the time we hope that there aren't any and thus we can quickly - * return. - */ - char conversion_needed; - if (!cbs_find_indefinite(in, &conversion_needed, 0)) - return 0; - - if (!conversion_needed) { - *out = NULL; - *out_len = 0; - return 1; - } - - if (!CBB_init(&cbb, CBS_len(in))) - return 0; - if (!cbs_convert_indefinite(in, &cbb, 0, 0, 0)) { - CBB_cleanup(&cbb); - return 0; - } - - return CBB_finish(&cbb, out, out_len); -} diff --git a/src/lib/libssl/bs_cbb.c b/src/lib/libssl/bs_cbb.c deleted file mode 100644 index 9d7ad7d46d..0000000000 --- a/src/lib/libssl/bs_cbb.c +++ /dev/null @@ -1,490 +0,0 @@ -/* $OpenBSD: bs_cbb.c,v 1.30 2024/06/22 15:25:06 jsing Exp $ */ -/* - * Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include -#include - -#include "bytestring.h" - -#define CBB_INITIAL_SIZE 64 - -static int -cbb_init(CBB *cbb, uint8_t *buf, size_t cap) -{ - struct cbb_buffer_st *base; - - if ((base = calloc(1, sizeof(struct cbb_buffer_st))) == NULL) - return 0; - - base->buf = buf; - base->len = 0; - base->cap = cap; - base->can_resize = 1; - - cbb->base = base; - cbb->is_top_level = 1; - - return 1; -} - -int -CBB_init(CBB *cbb, size_t initial_capacity) -{ - uint8_t *buf = NULL; - - memset(cbb, 0, sizeof(*cbb)); - - if (initial_capacity == 0) - initial_capacity = CBB_INITIAL_SIZE; - - if ((buf = calloc(1, initial_capacity)) == NULL) - return 0; - - if (!cbb_init(cbb, buf, initial_capacity)) { - free(buf); - return 0; - } - - return 1; -} - -int -CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len) -{ - memset(cbb, 0, sizeof(*cbb)); - - if (!cbb_init(cbb, buf, len)) - return 0; - - cbb->base->can_resize = 0; - - return 1; -} - -void -CBB_cleanup(CBB *cbb) -{ - if (cbb->base) { - if (cbb->base->can_resize) - freezero(cbb->base->buf, cbb->base->cap); - free(cbb->base); - } - cbb->base = NULL; - cbb->child = NULL; -} - -static int -cbb_buffer_add(struct cbb_buffer_st *base, uint8_t **out, size_t len) -{ - size_t newlen; - - if (base == NULL) - return 0; - - newlen = base->len + len; - if (newlen < base->len) - /* Overflow */ - return 0; - - if (newlen > base->cap) { - size_t newcap = base->cap * 2; - uint8_t *newbuf; - - if (!base->can_resize) - return 0; - - if (newcap < base->cap || newcap < newlen) - newcap = newlen; - - newbuf = recallocarray(base->buf, base->cap, newcap, 1); - if (newbuf == NULL) - return 0; - - base->buf = newbuf; - base->cap = newcap; - } - - if (out) - *out = base->buf + base->len; - - base->len = newlen; - return 1; -} - -static int -cbb_add_u(CBB *cbb, uint32_t v, size_t len_len) -{ - uint8_t *buf; - size_t i; - - if (len_len == 0) - return 1; - - if (len_len > 4) - return 0; - - if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, &buf, len_len)) - return 0; - - for (i = len_len - 1; i < len_len; i--) { - buf[i] = v; - v >>= 8; - } - return 1; -} - -int -CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len) -{ - if (!cbb->is_top_level) - return 0; - - if (!CBB_flush(cbb)) - return 0; - - if (cbb->base->can_resize && (out_data == NULL || out_len == NULL)) - /* - * |out_data| and |out_len| can only be NULL if the CBB is - * fixed. - */ - return 0; - - if (out_data != NULL && *out_data != NULL) - return 0; - - if (out_data != NULL) - *out_data = cbb->base->buf; - - if (out_len != NULL) - *out_len = cbb->base->len; - - cbb->base->buf = NULL; - CBB_cleanup(cbb); - return 1; -} - -/* - * CBB_flush recurses and then writes out any pending length prefix. The current - * length of the underlying base is taken to be the length of the - * length-prefixed data. - */ -int -CBB_flush(CBB *cbb) -{ - size_t child_start, i, len; - - if (cbb->base == NULL) - return 0; - - if (cbb->child == NULL || cbb->pending_len_len == 0) - return 1; - - child_start = cbb->offset + cbb->pending_len_len; - - if (!CBB_flush(cbb->child) || child_start < cbb->offset || - cbb->base->len < child_start) - return 0; - - len = cbb->base->len - child_start; - - if (cbb->pending_is_asn1) { - /* - * For ASN.1, we assumed that we were using short form which - * only requires a single byte for the length octet. - * - * If it turns out that we need long form, we have to move - * the contents along in order to make space for more length - * octets. - */ - size_t len_len = 1; /* total number of length octets */ - uint8_t initial_length_byte; - - /* We already wrote 1 byte for the length. */ - if (cbb->pending_len_len != 1) - return 0; - - /* Check for long form */ - if (len > 0xfffffffe) - return 0; /* 0xffffffff is reserved */ - else if (len > 0xffffff) - len_len = 5; - else if (len > 0xffff) - len_len = 4; - else if (len > 0xff) - len_len = 3; - else if (len > 0x7f) - len_len = 2; - - if (len_len == 1) { - /* For short form, the initial byte is the length. */ - initial_length_byte = len; - len = 0; - - } else { - /* - * For long form, the initial byte is the number of - * subsequent length octets (plus bit 8 set). - */ - initial_length_byte = 0x80 | (len_len - 1); - - /* - * We need to move the contents along in order to make - * space for the long form length octets. - */ - size_t extra_bytes = len_len - 1; - if (!cbb_buffer_add(cbb->base, NULL, extra_bytes)) - return 0; - - memmove(cbb->base->buf + child_start + extra_bytes, - cbb->base->buf + child_start, len); - } - cbb->base->buf[cbb->offset++] = initial_length_byte; - cbb->pending_len_len = len_len - 1; - } - - for (i = cbb->pending_len_len - 1; i < cbb->pending_len_len; i--) { - cbb->base->buf[cbb->offset + i] = len; - len >>= 8; - } - if (len != 0) - return 0; - - cbb->child->base = NULL; - cbb->child = NULL; - cbb->pending_len_len = 0; - cbb->pending_is_asn1 = 0; - cbb->offset = 0; - - return 1; -} - -void -CBB_discard_child(CBB *cbb) -{ - if (cbb->child == NULL) - return; - - cbb->base->len = cbb->offset; - - cbb->child->base = NULL; - cbb->child = NULL; - cbb->pending_len_len = 0; - cbb->pending_is_asn1 = 0; - cbb->offset = 0; -} - -static int -cbb_add_length_prefixed(CBB *cbb, CBB *out_contents, size_t len_len) -{ - uint8_t *prefix_bytes; - - if (!CBB_flush(cbb)) - return 0; - - cbb->offset = cbb->base->len; - if (!cbb_buffer_add(cbb->base, &prefix_bytes, len_len)) - return 0; - - memset(prefix_bytes, 0, len_len); - memset(out_contents, 0, sizeof(CBB)); - out_contents->base = cbb->base; - cbb->child = out_contents; - cbb->pending_len_len = len_len; - cbb->pending_is_asn1 = 0; - - return 1; -} - -int -CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents) -{ - return cbb_add_length_prefixed(cbb, out_contents, 1); -} - -int -CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents) -{ - return cbb_add_length_prefixed(cbb, out_contents, 2); -} - -int -CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents) -{ - return cbb_add_length_prefixed(cbb, out_contents, 3); -} - -int -CBB_add_u32_length_prefixed(CBB *cbb, CBB *out_contents) -{ - return cbb_add_length_prefixed(cbb, out_contents, 4); -} - -int -CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned int tag) -{ - if (tag > UINT8_MAX) - return 0; - - /* Long form identifier octets are not supported. */ - if ((tag & 0x1f) == 0x1f) - return 0; - - /* Short-form identifier octet only needs a single byte */ - if (!CBB_flush(cbb) || !CBB_add_u8(cbb, tag)) - return 0; - - /* - * Add 1 byte to cover the short-form length octet case. If it turns - * out we need long-form, it will be extended later. - */ - cbb->offset = cbb->base->len; - if (!CBB_add_u8(cbb, 0)) - return 0; - - memset(out_contents, 0, sizeof(CBB)); - out_contents->base = cbb->base; - cbb->child = out_contents; - cbb->pending_len_len = 1; - cbb->pending_is_asn1 = 1; - - return 1; -} - -int -CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len) -{ - uint8_t *dest; - - if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, &dest, len)) - return 0; - - memcpy(dest, data, len); - return 1; -} - -int -CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len) -{ - if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, out_data, len)) - return 0; - - memset(*out_data, 0, len); - return 1; -} - -int -CBB_add_u8(CBB *cbb, size_t value) -{ - if (value > UINT8_MAX) - return 0; - - return cbb_add_u(cbb, (uint32_t)value, 1); -} - -int -CBB_add_u16(CBB *cbb, size_t value) -{ - if (value > UINT16_MAX) - return 0; - - return cbb_add_u(cbb, (uint32_t)value, 2); -} - -int -CBB_add_u24(CBB *cbb, size_t value) -{ - if (value > 0xffffffUL) - return 0; - - return cbb_add_u(cbb, (uint32_t)value, 3); -} - -int -CBB_add_u32(CBB *cbb, size_t value) -{ - if (value > 0xffffffffUL) - return 0; - - return cbb_add_u(cbb, (uint32_t)value, 4); -} - -int -CBB_add_u64(CBB *cbb, uint64_t value) -{ - uint32_t a, b; - - a = value >> 32; - b = value & 0xffffffff; - - if (!CBB_add_u32(cbb, a)) - return 0; - return CBB_add_u32(cbb, b); -} - -int -CBB_add_asn1_uint64(CBB *cbb, uint64_t value) -{ - CBB child; - size_t i; - int started = 0; - - if (!CBB_add_asn1(cbb, &child, CBS_ASN1_INTEGER)) - return 0; - - for (i = 0; i < 8; i++) { - uint8_t byte = (value >> 8 * (7 - i)) & 0xff; - - /* - * ASN.1 restriction: first 9 bits cannot be all zeroes or - * all ones. Since this function only encodes unsigned - * integers, the only concerns are not encoding leading - * zeros and adding a padding byte if necessary. - * - * In practice, this means: - * 1) Skip leading octets of all zero bits in the value - * 2) After skipping the leading zero octets, if the next 9 - * bits are all ones, add an all zero prefix octet (and - * set the high bit of the prefix octet if negative). - * - * Additionally, for an unsigned value, add an all zero - * prefix if the high bit of the first octet would be one. - */ - if (!started) { - if (byte == 0) - /* Don't encode leading zeros. */ - continue; - - /* - * If the high bit is set, add a padding byte to make it - * unsigned. - */ - if ((byte & 0x80) && !CBB_add_u8(&child, 0)) - return 0; - - started = 1; - } - if (!CBB_add_u8(&child, byte)) - return 0; - } - - /* 0 is encoded as a single 0, not the empty string. */ - if (!started && !CBB_add_u8(&child, 0)) - return 0; - - return CBB_flush(cbb); -} diff --git a/src/lib/libssl/bs_cbs.c b/src/lib/libssl/bs_cbs.c deleted file mode 100644 index 76e3bd2a89..0000000000 --- a/src/lib/libssl/bs_cbs.c +++ /dev/null @@ -1,616 +0,0 @@ -/* $OpenBSD: bs_cbs.c,v 1.25 2024/05/25 15:14:26 tb Exp $ */ -/* - * Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include -#include - -#include "bytestring.h" - -void -CBS_init(CBS *cbs, const uint8_t *data, size_t len) -{ - cbs->data = data; - cbs->initial_len = len; - cbs->len = len; -} - -void -CBS_dup(const CBS *cbs, CBS *out) -{ - CBS_init(out, CBS_data(cbs), CBS_len(cbs)); - out->initial_len = cbs->initial_len; -} - -static int -cbs_get(CBS *cbs, const uint8_t **p, size_t n) -{ - if (cbs->len < n) - return 0; - - *p = cbs->data; - cbs->data += n; - cbs->len -= n; - return 1; -} - -static int -cbs_peek(CBS *cbs, const uint8_t **p, size_t n) -{ - if (cbs->len < n) - return 0; - - *p = cbs->data; - return 1; -} - -size_t -CBS_offset(const CBS *cbs) -{ - return cbs->initial_len - cbs->len; -} - -int -CBS_skip(CBS *cbs, size_t len) -{ - const uint8_t *dummy; - return cbs_get(cbs, &dummy, len); -} - -const uint8_t * -CBS_data(const CBS *cbs) -{ - return cbs->data; -} - -size_t -CBS_len(const CBS *cbs) -{ - return cbs->len; -} - -int -CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len) -{ - free(*out_ptr); - *out_ptr = NULL; - *out_len = 0; - - if (cbs->len == 0) - return 1; - - if ((*out_ptr = malloc(cbs->len)) == NULL) - return 0; - - memcpy(*out_ptr, cbs->data, cbs->len); - - *out_len = cbs->len; - return 1; -} - -int -CBS_strdup(const CBS *cbs, char **out_ptr) -{ - free(*out_ptr); - *out_ptr = NULL; - - if (CBS_contains_zero_byte(cbs)) - return 0; - - *out_ptr = strndup((const char *)cbs->data, cbs->len); - return (*out_ptr != NULL); -} - -int -CBS_write_bytes(const CBS *cbs, uint8_t *dst, size_t dst_len, size_t *copied) -{ - if (dst_len < cbs->len) - return 0; - - memmove(dst, cbs->data, cbs->len); - - if (copied != NULL) - *copied = cbs->len; - - return 1; -} - -int -CBS_contains_zero_byte(const CBS *cbs) -{ - return memchr(cbs->data, 0, cbs->len) != NULL; -} - -int -CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len) -{ - if (len != cbs->len) - return 0; - - return timingsafe_memcmp(cbs->data, data, len) == 0; -} - -static int -cbs_get_u(CBS *cbs, uint32_t *out, size_t len) -{ - uint32_t result = 0; - size_t i; - const uint8_t *data; - - if (len < 1 || len > 4) - return 0; - - if (!cbs_get(cbs, &data, len)) - return 0; - - for (i = 0; i < len; i++) { - result <<= 8; - result |= data[i]; - } - *out = result; - return 1; -} - -int -CBS_get_u8(CBS *cbs, uint8_t *out) -{ - const uint8_t *v; - - if (!cbs_get(cbs, &v, 1)) - return 0; - - *out = *v; - return 1; -} - -int -CBS_get_u16(CBS *cbs, uint16_t *out) -{ - uint32_t v; - - if (!cbs_get_u(cbs, &v, 2)) - return 0; - - *out = v; - return 1; -} - -int -CBS_get_u24(CBS *cbs, uint32_t *out) -{ - return cbs_get_u(cbs, out, 3); -} - -int -CBS_get_u32(CBS *cbs, uint32_t *out) -{ - return cbs_get_u(cbs, out, 4); -} - -int -CBS_get_u64(CBS *cbs, uint64_t *out) -{ - uint32_t a, b; - - if (cbs->len < 8) - return 0; - - if (!CBS_get_u32(cbs, &a)) - return 0; - if (!CBS_get_u32(cbs, &b)) - return 0; - - *out = (uint64_t)a << 32 | b; - return 1; -} - -int -CBS_get_last_u8(CBS *cbs, uint8_t *out) -{ - if (cbs->len == 0) - return 0; - - *out = cbs->data[cbs->len - 1]; - cbs->len--; - return 1; -} - -int -CBS_get_bytes(CBS *cbs, CBS *out, size_t len) -{ - const uint8_t *v; - - if (!cbs_get(cbs, &v, len)) - return 0; - - CBS_init(out, v, len); - return 1; -} - -static int -cbs_get_length_prefixed(CBS *cbs, CBS *out, size_t len_len) -{ - uint32_t len; - - if (!cbs_get_u(cbs, &len, len_len)) - return 0; - - return CBS_get_bytes(cbs, out, len); -} - -int -CBS_get_u8_length_prefixed(CBS *cbs, CBS *out) -{ - return cbs_get_length_prefixed(cbs, out, 1); -} - -int -CBS_get_u16_length_prefixed(CBS *cbs, CBS *out) -{ - return cbs_get_length_prefixed(cbs, out, 2); -} - -int -CBS_get_u24_length_prefixed(CBS *cbs, CBS *out) -{ - return cbs_get_length_prefixed(cbs, out, 3); -} - -static int -cbs_peek_u(CBS *cbs, uint32_t *out, size_t len) -{ - uint32_t result = 0; - size_t i; - const uint8_t *data; - - if (len < 1 || len > 4) - return 0; - - if (!cbs_peek(cbs, &data, len)) - return 0; - - for (i = 0; i < len; i++) { - result <<= 8; - result |= data[i]; - } - *out = result; - return 1; -} - -int -CBS_peek_u8(CBS *cbs, uint8_t *out) -{ - const uint8_t *v; - - if (!cbs_peek(cbs, &v, 1)) - return 0; - - *out = *v; - return 1; -} - -int -CBS_peek_u16(CBS *cbs, uint16_t *out) -{ - uint32_t v; - - if (!cbs_peek_u(cbs, &v, 2)) - return 0; - - *out = v; - return 1; -} - -int -CBS_peek_u24(CBS *cbs, uint32_t *out) -{ - return cbs_peek_u(cbs, out, 3); -} - -int -CBS_peek_u32(CBS *cbs, uint32_t *out) -{ - return cbs_peek_u(cbs, out, 4); -} - -int -CBS_peek_last_u8(CBS *cbs, uint8_t *out) -{ - if (cbs->len == 0) - return 0; - - *out = cbs->data[cbs->len - 1]; - return 1; -} - -int -CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag, - size_t *out_header_len) -{ - return cbs_get_any_asn1_element_internal(cbs, out, out_tag, - out_header_len, 1); -} - -/* - * Review X.690 for details on ASN.1 DER encoding. - * - * If non-strict mode is enabled, then DER rules are relaxed - * for indefinite constructs (violates DER but a little closer to BER). - * Non-strict mode should only be used by bs_ber.c - * - * Sections 8, 10 and 11 for DER encoding - */ -int -cbs_get_any_asn1_element_internal(CBS *cbs, CBS *out, unsigned int *out_tag, - size_t *out_header_len, int strict) -{ - uint8_t tag, length_byte; - CBS header = *cbs; - CBS throwaway; - size_t len; - - if (out == NULL) - out = &throwaway; - - /* - * Get identifier octet and length octet. Only 1 octet for each - * is a CBS limitation. - */ - if (!CBS_get_u8(&header, &tag) || !CBS_get_u8(&header, &length_byte)) - return 0; - - /* CBS limitation: long form tags are not supported. */ - if ((tag & 0x1f) == 0x1f) - return 0; - - if (out_tag != NULL) - *out_tag = tag; - - if ((length_byte & 0x80) == 0) { - /* Short form length. */ - len = ((size_t) length_byte) + 2; - if (out_header_len != NULL) - *out_header_len = 2; - - } else { - /* Long form length. */ - const size_t num_bytes = length_byte & 0x7f; - uint32_t len32; - - /* ASN.1 reserved value for future extensions */ - if (num_bytes == 0x7f) - return 0; - - /* Handle indefinite form length */ - if (num_bytes == 0) { - /* DER encoding doesn't allow for indefinite form. */ - if (strict) - return 0; - - /* Primitive cannot use indefinite in BER or DER. */ - if ((tag & CBS_ASN1_CONSTRUCTED) == 0) - return 0; - - /* Constructed, indefinite length allowed in BER. */ - if (out_header_len != NULL) - *out_header_len = 2; - return CBS_get_bytes(cbs, out, 2); - } - - /* CBS limitation. */ - if (num_bytes > 4) - return 0; - - if (!cbs_get_u(&header, &len32, num_bytes)) - return 0; - - /* DER has a minimum length octet requirement. */ - if (len32 < 128) - /* Should have used short form instead */ - return 0; - - if ((len32 >> ((num_bytes - 1) * 8)) == 0) - /* Length should have been at least one byte shorter. */ - return 0; - - len = len32; - if (len + 2 + num_bytes < len) - /* Overflow. */ - return 0; - - len += 2 + num_bytes; - if (out_header_len != NULL) - *out_header_len = 2 + num_bytes; - } - - return CBS_get_bytes(cbs, out, len); -} - -static int -cbs_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value, int skip_header) -{ - size_t header_len; - unsigned int tag; - CBS throwaway; - - if (out == NULL) - out = &throwaway; - - if (!CBS_get_any_asn1_element(cbs, out, &tag, &header_len) || - tag != tag_value) - return 0; - - if (skip_header && !CBS_skip(out, header_len)) - return 0; - - return 1; -} - -int -CBS_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value) -{ - return cbs_get_asn1(cbs, out, tag_value, 1 /* skip header */); -} - -int -CBS_get_asn1_element(CBS *cbs, CBS *out, unsigned int tag_value) -{ - return cbs_get_asn1(cbs, out, tag_value, 0 /* include header */); -} - -int -CBS_peek_asn1_tag(const CBS *cbs, unsigned int tag_value) -{ - if (CBS_len(cbs) < 1) - return 0; - - /* - * Tag number 31 indicates the start of a long form number. - * This is valid in ASN.1, but CBS only supports short form. - */ - if ((tag_value & 0x1f) == 0x1f) - return 0; - - return CBS_data(cbs)[0] == tag_value; -} - -/* Encoding details are in ASN.1: X.690 section 8.3 */ -int -CBS_get_asn1_uint64(CBS *cbs, uint64_t *out) -{ - CBS bytes; - const uint8_t *data; - size_t i, len; - - if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER)) - return 0; - - *out = 0; - data = CBS_data(&bytes); - len = CBS_len(&bytes); - - if (len == 0) - /* An INTEGER is encoded with at least one content octet. */ - return 0; - - if ((data[0] & 0x80) != 0) - /* Negative number. */ - return 0; - - if (data[0] == 0 && len > 1 && (data[1] & 0x80) == 0) - /* Violates smallest encoding rule: excessive leading zeros. */ - return 0; - - for (i = 0; i < len; i++) { - if ((*out >> 56) != 0) - /* Too large to represent as a uint64_t. */ - return 0; - - *out <<= 8; - *out |= data[i]; - } - - return 1; -} - -int -CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, unsigned int tag) -{ - if (CBS_peek_asn1_tag(cbs, tag)) { - if (!CBS_get_asn1(cbs, out, tag)) - return 0; - - *out_present = 1; - } else { - *out_present = 0; - } - return 1; -} - -int -CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present, - unsigned int tag) -{ - CBS child; - int present; - - if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) - return 0; - - if (present) { - if (!CBS_get_asn1(&child, out, CBS_ASN1_OCTETSTRING) || - CBS_len(&child) != 0) - return 0; - } else { - CBS_init(out, NULL, 0); - } - if (out_present) - *out_present = present; - - return 1; -} - -int -CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, unsigned int tag, - uint64_t default_value) -{ - CBS child; - int present; - - if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) - return 0; - - if (present) { - if (!CBS_get_asn1_uint64(&child, out) || - CBS_len(&child) != 0) - return 0; - } else { - *out = default_value; - } - return 1; -} - -int -CBS_get_optional_asn1_bool(CBS *cbs, int *out, unsigned int tag, - int default_value) -{ - CBS child, child2; - int present; - - if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) - return 0; - - if (present) { - uint8_t boolean; - - if (!CBS_get_asn1(&child, &child2, CBS_ASN1_BOOLEAN) || - CBS_len(&child2) != 1 || CBS_len(&child) != 0) - return 0; - - boolean = CBS_data(&child2)[0]; - if (boolean == 0) - *out = 0; - else if (boolean == 0xff) - *out = 1; - else - return 0; - - } else { - *out = default_value; - } - return 1; -} diff --git a/src/lib/libssl/bytestring.h b/src/lib/libssl/bytestring.h deleted file mode 100644 index 1d871e0236..0000000000 --- a/src/lib/libssl/bytestring.h +++ /dev/null @@ -1,571 +0,0 @@ -/* $OpenBSD: bytestring.h,v 1.26 2024/12/05 19:57:37 tb Exp $ */ -/* - * Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef OPENSSL_HEADER_BYTESTRING_H -#define OPENSSL_HEADER_BYTESTRING_H - -#include -#include - -__BEGIN_HIDDEN_DECLS - -/* - * Bytestrings are used for parsing and building TLS and ASN.1 messages. - * - * A "CBS" (CRYPTO ByteString) represents a string of bytes in memory and - * provides utility functions for safely parsing length-prefixed structures - * like TLS and ASN.1 from it. - * - * A "CBB" (CRYPTO ByteBuilder) is a memory buffer that grows as needed and - * provides utility functions for building length-prefixed messages. - */ - -/* CRYPTO ByteString */ -typedef struct cbs_st { - const uint8_t *data; - size_t initial_len; - size_t len; -} CBS; - -/* - * CBS_init sets |cbs| to point to |data|. It does not take ownership of - * |data|. - */ -void CBS_init(CBS *cbs, const uint8_t *data, size_t len); - -/* - * CBS_skip advances |cbs| by |len| bytes. It returns one on success and zero - * otherwise. - */ -int CBS_skip(CBS *cbs, size_t len); - -/* - * CBS_data returns a pointer to the contents of |cbs|. - */ -const uint8_t *CBS_data(const CBS *cbs); - -/* - * CBS_len returns the number of bytes remaining in |cbs|. - */ -size_t CBS_len(const CBS *cbs); - -/* - * CBS_offset returns the current offset into the original data of |cbs|. - */ -size_t CBS_offset(const CBS *cbs); - -/* - * CBS_stow copies the current contents of |cbs| into |*out_ptr| and - * |*out_len|. If |*out_ptr| is not NULL, the contents are freed with - * free. It returns one on success and zero on allocation failure. On - * success, |*out_ptr| should be freed with free. If |cbs| is empty, - * |*out_ptr| will be NULL. - */ -int CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len); - -/* - * CBS_strdup copies the current contents of |cbs| into |*out_ptr| as a - * NUL-terminated C string. If |*out_ptr| is not NULL, the contents are freed - * with free. It returns one on success and zero on failure. On success, - * |*out_ptr| should be freed with free. If |cbs| contains NUL bytes, - * CBS_strdup will fail. - */ -int CBS_strdup(const CBS *cbs, char **out_ptr); - -/* - * CBS_write_bytes writes all of the remaining data from |cbs| into |dst| - * if it is at most |dst_len| bytes. If |copied| is not NULL, it will be set - * to the amount copied. It returns one on success and zero otherwise. - */ -int CBS_write_bytes(const CBS *cbs, uint8_t *dst, size_t dst_len, - size_t *copied); - -/* - * CBS_contains_zero_byte returns one if the current contents of |cbs| contains - * a NUL byte and zero otherwise. - */ -int CBS_contains_zero_byte(const CBS *cbs); - -/* - * CBS_mem_equal compares the current contents of |cbs| with the |len| bytes - * starting at |data|. If they're equal, it returns one, otherwise zero. If the - * lengths match, it uses a constant-time comparison. - */ -int CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len); - -/* - * CBS_get_u8 sets |*out| to the next uint8_t from |cbs| and advances |cbs|. It - * returns one on success and zero on error. - */ -int CBS_get_u8(CBS *cbs, uint8_t *out); - -/* - * CBS_get_u16 sets |*out| to the next, big-endian uint16_t from |cbs| and - * advances |cbs|. It returns one on success and zero on error. - */ -int CBS_get_u16(CBS *cbs, uint16_t *out); - -/* - * CBS_get_u24 sets |*out| to the next, big-endian 24-bit value from |cbs| and - * advances |cbs|. It returns one on success and zero on error. - */ -int CBS_get_u24(CBS *cbs, uint32_t *out); - -/* - * CBS_get_u32 sets |*out| to the next, big-endian uint32_t value from |cbs| - * and advances |cbs|. It returns one on success and zero on error. - */ -int CBS_get_u32(CBS *cbs, uint32_t *out); - -/* - * CBS_get_u64 sets |*out| to the next, big-endian uint64_t value from |cbs| - * and advances |cbs|. It returns one on success and zero on error. - */ -int CBS_get_u64(CBS *cbs, uint64_t *out); - -/* - * CBS_get_last_u8 sets |*out| to the last uint8_t from |cbs| and shortens - * |cbs|. It returns one on success and zero on error. - */ -int CBS_get_last_u8(CBS *cbs, uint8_t *out); - -/* - * CBS_get_bytes sets |*out| to the next |len| bytes from |cbs| and advances - * |cbs|. It returns one on success and zero on error. - */ -int CBS_get_bytes(CBS *cbs, CBS *out, size_t len); - -/* - * CBS_get_u8_length_prefixed sets |*out| to the contents of an 8-bit, - * length-prefixed value from |cbs| and advances |cbs| over it. It returns one - * on success and zero on error. - */ -int CBS_get_u8_length_prefixed(CBS *cbs, CBS *out); - -/* - * CBS_get_u16_length_prefixed sets |*out| to the contents of a 16-bit, - * big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It - * returns one on success and zero on error. - */ -int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out); - -/* - * CBS_get_u24_length_prefixed sets |*out| to the contents of a 24-bit, - * big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It - * returns one on success and zero on error. - */ -int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out); - -/* - * CBS_peek_u8 sets |*out| to the next uint8_t from |cbs|, but does not advance - * |cbs|. It returns one on success and zero on error. - */ -int CBS_peek_u8(CBS *cbs, uint8_t *out); - -/* - * CBS_peek_u16 sets |*out| to the next, big-endian uint16_t from |cbs|, but - * does not advance |cbs|. It returns one on success and zero on error. - */ -int CBS_peek_u16(CBS *cbs, uint16_t *out); - -/* - * CBS_peek_u24 sets |*out| to the next, big-endian 24-bit value from |cbs|, but - * does not advance |cbs|. It returns one on success and zero on error. - */ -int CBS_peek_u24(CBS *cbs, uint32_t *out); - -/* - * CBS_peek_u32 sets |*out| to the next, big-endian uint32_t value from |cbs|, - * but does not advance |cbs|. It returns one on success and zero on error. - */ -int CBS_peek_u32(CBS *cbs, uint32_t *out); - -/* - * CBS_peek_last_u8 sets |*out| to the last uint8_t from |cbs|, but does not - * shorten |cbs|. It returns one on success and zero on error. - */ -int CBS_peek_last_u8(CBS *cbs, uint8_t *out); - - -/* Parsing ASN.1 */ - -/* - * While an identifier can be multiple octets, this library only handles the - * single octet variety currently. This limits support up to tag number 30 - * since tag number 31 is a reserved value to indicate multiple octets. - */ - -/* Bits 8 and 7: class tag type: See X.690 section 8.1.2.2. */ -#define CBS_ASN1_UNIVERSAL 0x00 -#define CBS_ASN1_APPLICATION 0x40 -#define CBS_ASN1_CONTEXT_SPECIFIC 0x80 -#define CBS_ASN1_PRIVATE 0xc0 - -/* Bit 6: Primitive or constructed: See X.690 section 8.1.2.3. */ -#define CBS_ASN1_PRIMITIVE 0x00 -#define CBS_ASN1_CONSTRUCTED 0x20 - -/* - * Bits 5 to 1 are the tag number. See X.680 section 8.6 for tag numbers of - * the universal class. - */ - -/* - * Common universal identifier octets. - * See X.690 section 8.1 and X.680 section 8.6 for universal tag numbers. - * - * Note: These definitions are the cause of some of the strange behavior in - * CBS's bs_ber.c. - * - * In BER, it is the sender's option to use primitive or constructed for - * bitstring (X.690 section 8.6.1) and octetstring (X.690 section 8.7.1). - * - * In DER, bitstring and octetstring are required to be primitive - * (X.690 section 10.2). - */ -#define CBS_ASN1_BOOLEAN (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x1) -#define CBS_ASN1_INTEGER (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x2) -#define CBS_ASN1_BITSTRING (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x3) -#define CBS_ASN1_OCTETSTRING (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x4) -#define CBS_ASN1_OBJECT (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x6) -#define CBS_ASN1_ENUMERATED (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0xa) -#define CBS_ASN1_SEQUENCE (CBS_ASN1_UNIVERSAL | CBS_ASN1_CONSTRUCTED | 0x10) -#define CBS_ASN1_SET (CBS_ASN1_UNIVERSAL | CBS_ASN1_CONSTRUCTED | 0x11) - -/* - * CBS_get_asn1 sets |*out| to the contents of DER-encoded, ASN.1 element (not - * including tag and length bytes) and advances |cbs| over it. The ASN.1 - * element must match |tag_value|. It returns one on success and zero - * on error. - * - * Tag numbers greater than 30 are not supported (i.e. short form only). - */ -int CBS_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value); - -/* - * CBS_get_asn1_element acts like |CBS_get_asn1| but |out| will include the - * ASN.1 header bytes too. - */ -int CBS_get_asn1_element(CBS *cbs, CBS *out, unsigned int tag_value); - -/* - * CBS_peek_asn1_tag looks ahead at the next ASN.1 tag and returns one - * if the next ASN.1 element on |cbs| would have tag |tag_value|. If - * |cbs| is empty or the tag does not match, it returns zero. Note: if - * it returns one, CBS_get_asn1 may still fail if the rest of the - * element is malformed. - */ -int CBS_peek_asn1_tag(const CBS *cbs, unsigned int tag_value); - -/* - * CBS_get_any_asn1_element sets |*out| to contain the next ASN.1 element from - * |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to - * the tag number and |*out_header_len| to the length of the ASN.1 header. - * Each of |out|, |out_tag|, and |out_header_len| may be NULL to ignore - * the value. - * - * Tag numbers greater than 30 are not supported (i.e. short form only). - */ -int CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag, - size_t *out_header_len); - -/* - * CBS_get_asn1_uint64 gets an ASN.1 INTEGER from |cbs| using |CBS_get_asn1| - * and sets |*out| to its value. It returns one on success and zero on error, - * where error includes the integer being negative, or too large to represent - * in 64 bits. - */ -int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out); - -/* - * CBS_get_optional_asn1 gets an optional explicitly-tagged element - * from |cbs| tagged with |tag| and sets |*out| to its contents. If - * present, it sets |*out_present| to one, otherwise zero. It returns - * one on success, whether or not the element was present, and zero on - * decode failure. - */ -int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, - unsigned int tag); - -/* - * CBS_get_optional_asn1_octet_string gets an optional - * explicitly-tagged OCTET STRING from |cbs|. If present, it sets - * |*out| to the string and |*out_present| to one. Otherwise, it sets - * |*out| to empty and |*out_present| to zero. |out_present| may be - * NULL. It returns one on success, whether or not the element was - * present, and zero on decode failure. - */ -int CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present, - unsigned int tag); - -/* - * CBS_get_optional_asn1_uint64 gets an optional explicitly-tagged - * INTEGER from |cbs|. If present, it sets |*out| to the - * value. Otherwise, it sets |*out| to |default_value|. It returns one - * on success, whether or not the element was present, and zero on - * decode failure. - */ -int CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, unsigned int tag, - uint64_t default_value); - -/* - * CBS_get_optional_asn1_bool gets an optional, explicitly-tagged BOOLEAN from - * |cbs|. If present, it sets |*out| to either zero or one, based on the - * boolean. Otherwise, it sets |*out| to |default_value|. It returns one on - * success, whether or not the element was present, and zero on decode - * failure. - */ -int CBS_get_optional_asn1_bool(CBS *cbs, int *out, unsigned int tag, - int default_value); - - -/* - * CRYPTO ByteBuilder. - * - * |CBB| objects allow one to build length-prefixed serialisations. A |CBB| - * object is associated with a buffer and new buffers are created with - * |CBB_init|. Several |CBB| objects can point at the same buffer when a - * length-prefix is pending, however only a single |CBB| can be 'current' at - * any one time. For example, if one calls |CBB_add_u8_length_prefixed| then - * the new |CBB| points at the same buffer as the original. But if the original - * |CBB| is used then the length prefix is written out and the new |CBB| must - * not be used again. - * - * If one needs to force a length prefix to be written out because a |CBB| is - * going out of scope, use |CBB_flush|. - */ - -struct cbb_buffer_st { - uint8_t *buf; - - /* The number of valid bytes. */ - size_t len; - - /* The size of buf. */ - size_t cap; - - /* - * One iff |buf| is owned by this object. If not then |buf| cannot be - * resized. - */ - char can_resize; -}; - -typedef struct cbb_st { - struct cbb_buffer_st *base; - - /* - * offset is the offset from the start of |base->buf| to the position of any - * pending length-prefix. - */ - size_t offset; - - /* child points to a child CBB if a length-prefix is pending. */ - struct cbb_st *child; - - /* - * pending_len_len contains the number of bytes in a pending length-prefix, - * or zero if no length-prefix is pending. - */ - uint8_t pending_len_len; - - char pending_is_asn1; - - /* - * is_top_level is true iff this is a top-level |CBB| (as opposed to a child - * |CBB|). Top-level objects are valid arguments for |CBB_finish|. - */ - char is_top_level; -} CBB; - -/* - * CBB_init initialises |cbb| with |initial_capacity|. Since a |CBB| grows as - * needed, the |initial_capacity| is just a hint. It returns one on success or - * zero on error. - */ -int CBB_init(CBB *cbb, size_t initial_capacity); - -/* - * CBB_init_fixed initialises |cbb| to write to |len| bytes at |buf|. Since - * |buf| cannot grow, trying to write more than |len| bytes will cause CBB - * functions to fail. It returns one on success or zero on error. - */ -int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len); - -/* - * CBB_cleanup frees all resources owned by |cbb| and other |CBB| objects - * writing to the same buffer. This should be used in an error case where a - * serialisation is abandoned. - */ -void CBB_cleanup(CBB *cbb); - -/* - * CBB_finish completes any pending length prefix and sets |*out_data| to a - * malloced buffer and |*out_len| to the length of that buffer. The caller - * takes ownership of the buffer and, unless the buffer was fixed with - * |CBB_init_fixed|, must call |free| when done. - * - * It can only be called on a "top level" |CBB|, i.e. one initialised with - * |CBB_init| or |CBB_init_fixed|. It returns one on success and zero on - * error. - */ -int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len); - -/* - * CBB_flush causes any pending length prefixes to be written out and any child - * |CBB| objects of |cbb| to be invalidated. It returns one on success or zero - * on error. - */ -int CBB_flush(CBB *cbb); - -/* - * CBB_discard_child discards the current unflushed child of |cbb|. Neither the - * child's contents nor the length prefix will be included in the output. - */ -void CBB_discard_child(CBB *cbb); - -/* - * CBB_add_u8_length_prefixed sets |*out_contents| to a new child of |cbb|. The - * data written to |*out_contents| will be prefixed in |cbb| with an 8-bit - * length. It returns one on success or zero on error. - */ -int CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents); - -/* - * CBB_add_u16_length_prefixed sets |*out_contents| to a new child of |cbb|. - * The data written to |*out_contents| will be prefixed in |cbb| with a 16-bit, - * big-endian length. It returns one on success or zero on error. - */ -int CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents); - -/* - * CBB_add_u24_length_prefixed sets |*out_contents| to a new child of |cbb|. - * The data written to |*out_contents| will be prefixed in |cbb| with a 24-bit, - * big-endian length. It returns one on success or zero on error. - */ -int CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents); - -/* - * CBB_add_u32_length_prefixed sets |*out_contents| to a new child of |cbb|. - * The data written to |*out_contents| will be prefixed in |cbb| with a 32-bit, - * big-endian length. It returns one on success or zero on error. - */ -int CBB_add_u32_length_prefixed(CBB *cbb, CBB *out_contents); - -/* - * CBB_add_asn sets |*out_contents| to a |CBB| into which the contents of an - * ASN.1 object can be written. The |tag| argument will be used as the tag for - * the object. Passing in |tag| number 31 will return in an error since only - * single octet identifiers are supported. It returns one on success or zero - * on error. - */ -int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned int tag); - -/* - * CBB_add_bytes appends |len| bytes from |data| to |cbb|. It returns one on - * success and zero otherwise. - */ -int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len); - -/* - * CBB_add_space appends |len| bytes to |cbb| and sets |*out_data| to point to - * the beginning of that space. The caller must then write |len| bytes of - * actual contents to |*out_data|. It returns one on success and zero - * otherwise. - */ -int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len); - -/* - * CBB_add_u8 appends an 8-bit number from |value| to |cbb|. It returns one on - * success and zero otherwise. - */ -int CBB_add_u8(CBB *cbb, size_t value); - -/* - * CBB_add_u8 appends a 16-bit, big-endian number from |value| to |cbb|. It - * returns one on success and zero otherwise. - */ -int CBB_add_u16(CBB *cbb, size_t value); - -/* - * CBB_add_u24 appends a 24-bit, big-endian number from |value| to |cbb|. It - * returns one on success and zero otherwise. - */ -int CBB_add_u24(CBB *cbb, size_t value); - -/* - * CBB_add_u32 appends a 32-bit, big-endian number from |value| to |cbb|. It - * returns one on success and zero otherwise. - */ -int CBB_add_u32(CBB *cbb, size_t value); - -/* - * CBB_add_u64 appends a 64-bit, big-endian number from |value| to |cbb|. It - * returns one on success and zero otherwise. - */ -int CBB_add_u64(CBB *cbb, uint64_t value); - -/* - * CBB_add_asn1_uint64 writes an ASN.1 INTEGER into |cbb| using |CBB_add_asn1| - * and writes |value| in its contents. It returns one on success and zero on - * error. - */ -int CBB_add_asn1_uint64(CBB *cbb, uint64_t value); - -#ifdef LIBRESSL_INTERNAL -/* - * CBS_dup sets |out| to point to cbs's |data| and |len|. It results in two - * CBS that point to the same buffer. - */ -void CBS_dup(const CBS *cbs, CBS *out); - -/* - * cbs_get_any_asn1_element sets |*out| to contain the next ASN.1 element from - * |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to - * the tag number and |*out_header_len| to the length of the ASN.1 header. If - * strict mode is disabled and the element has indefinite length then |*out| - * will only contain the header. Each of |out|, |out_tag|, and - * |out_header_len| may be NULL to ignore the value. - * - * Tag numbers greater than 30 are not supported (i.e. short form only). - */ -int cbs_get_any_asn1_element_internal(CBS *cbs, CBS *out, unsigned int *out_tag, - size_t *out_header_len, int strict); - -/* - * CBS_asn1_indefinite_to_definite reads an ASN.1 structure from |in|. If it - * finds indefinite-length elements that otherwise appear to be valid DER, it - * attempts to convert the DER-like data to DER and sets |*out| and - * |*out_length| to describe a malloced buffer containing the DER data. - * Additionally, |*in| will be advanced over the ASN.1 data. - * - * If it doesn't find any indefinite-length elements then it sets |*out| to - * NULL and |*in| is unmodified. - * - * This is NOT a conversion from BER to DER. There are many restrictions when - * dealing with DER data. This is only concerned with one: indefinite vs. - * definite form. However, this suffices to handle the PKCS#7 and PKCS#12 output - * from NSS. - * - * It returns one on success and zero otherwise. - */ -int CBS_asn1_indefinite_to_definite(CBS *in, uint8_t **out, size_t *out_len); -#endif /* LIBRESSL_INTERNAL */ - -__END_HIDDEN_DECLS - -#endif /* OPENSSL_HEADER_BYTESTRING_H */ diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c deleted file mode 100644 index e144d8f533..0000000000 --- a/src/lib/libssl/d1_both.c +++ /dev/null @@ -1,1198 +0,0 @@ -/* $OpenBSD: d1_both.c,v 1.85 2025/03/09 15:12:18 tb Exp $ */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#include -#include -#include -#include - -#include "bytestring.h" -#include "dtls_local.h" -#include "pqueue.h" -#include "ssl_local.h" - -#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8) - -#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \ - if ((end) - (start) <= 8) { \ - long ii; \ - for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \ - } else { \ - long ii; \ - bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \ - for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \ - bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \ - } } - -#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \ - long ii; \ - OPENSSL_assert((msg_len) > 0); \ - is_complete = 1; \ - if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \ - if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \ - if (bitmask[ii] != 0xff) { is_complete = 0; break; } } - -static const unsigned char bitmask_start_values[] = { - 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 -}; -static const unsigned char bitmask_end_values[] = { - 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f -}; - -/* XDTLS: figure out the right values */ -static const unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; - -static unsigned int dtls1_guess_mtu(unsigned int curr_mtu); -static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, - unsigned long frag_len); -static int dtls1_write_message_header(const struct hm_header_st *msg_hdr, - unsigned long frag_off, unsigned long frag_len, unsigned char *p); -static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, - int *ok); - -void dtls1_hm_fragment_free(hm_fragment *frag); - -static hm_fragment * -dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) -{ - hm_fragment *frag; - - if ((frag = calloc(1, sizeof(*frag))) == NULL) - goto err; - - if (frag_len > 0) { - if ((frag->fragment = calloc(1, frag_len)) == NULL) - goto err; - } - - /* Initialize reassembly bitmask if necessary. */ - if (reassembly) { - if ((frag->reassembly = calloc(1, - RSMBLY_BITMASK_SIZE(frag_len))) == NULL) - goto err; - } - - return frag; - - err: - dtls1_hm_fragment_free(frag); - return NULL; -} - -void -dtls1_hm_fragment_free(hm_fragment *frag) -{ - if (frag == NULL) - return; - - free(frag->fragment); - free(frag->reassembly); - free(frag); -} - -/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ -int -dtls1_do_write(SSL *s, int type) -{ - int ret; - int curr_mtu; - unsigned int len, frag_off; - size_t overhead; - - /* AHA! Figure out the MTU, and stick to the right size */ - if (s->d1->mtu < dtls1_min_mtu() && - !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { - s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), - BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); - - /* - * I've seen the kernel return bogus numbers when it - * doesn't know the MTU (ie., the initial write), so just - * make sure we have a reasonable number - */ - if (s->d1->mtu < dtls1_min_mtu()) { - s->d1->mtu = 0; - s->d1->mtu = dtls1_guess_mtu(s->d1->mtu); - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, - s->d1->mtu, NULL); - } - } - - OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); - /* should have something reasonable now */ - - if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE) - OPENSSL_assert(s->init_num == - (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); - - if (!tls12_record_layer_write_overhead(s->rl, &overhead)) - return -1; - - frag_off = 0; - while (s->init_num) { - curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - - DTLS1_RT_HEADER_LENGTH - overhead; - - if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) { - /* grr.. we could get an error if MTU picked was wrong */ - ret = BIO_flush(SSL_get_wbio(s)); - if (ret <= 0) - return ret; - curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH - - overhead; - } - - if (s->init_num > curr_mtu) - len = curr_mtu; - else - len = s->init_num; - - /* XDTLS: this function is too long. split out the CCS part */ - if (type == SSL3_RT_HANDSHAKE) { - if (s->init_off != 0) { - OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH); - s->init_off -= DTLS1_HM_HEADER_LENGTH; - s->init_num += DTLS1_HM_HEADER_LENGTH; - - if (s->init_num > curr_mtu) - len = curr_mtu; - else - len = s->init_num; - } - - dtls1_fix_message_header(s, frag_off, - len - DTLS1_HM_HEADER_LENGTH); - - if (!dtls1_write_message_header(&s->d1->w_msg_hdr, - s->d1->w_msg_hdr.frag_off, s->d1->w_msg_hdr.frag_len, - (unsigned char *)&s->init_buf->data[s->init_off])) - return -1; - - OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH); - } - - ret = dtls1_write_bytes(s, type, - &s->init_buf->data[s->init_off], len); - if (ret < 0) { - /* - * Might need to update MTU here, but we don't know - * which previous packet caused the failure -- so - * can't really retransmit anything. continue as - * if everything is fine and wait for an alert to - * handle the retransmit - */ - if (BIO_ctrl(SSL_get_wbio(s), - BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) - s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), - BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); - else - return (-1); - } else { - - /* - * Bad if this assert fails, only part of the - * handshake message got sent. but why would - * this happen? - */ - OPENSSL_assert(len == (unsigned int)ret); - - if (type == SSL3_RT_HANDSHAKE && - !s->d1->retransmitting) { - /* - * Should not be done for 'Hello Request's, - * but in that case we'll ignore the result - * anyway - */ - unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off]; - const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; - int xlen; - - if (frag_off == 0) { - /* - * Reconstruct message header is if it - * is being sent in single fragment - */ - if (!dtls1_write_message_header(msg_hdr, - 0, msg_hdr->msg_len, p)) - return (-1); - xlen = ret; - } else { - p += DTLS1_HM_HEADER_LENGTH; - xlen = ret - DTLS1_HM_HEADER_LENGTH; - } - - tls1_transcript_record(s, p, xlen); - } - - if (ret == s->init_num) { - if (s->msg_callback) - s->msg_callback(1, s->version, type, - s->init_buf->data, - (size_t)(s->init_off + s->init_num), - s, s->msg_callback_arg); - - s->init_off = 0; - /* done writing this message */ - s->init_num = 0; - - return (1); - } - s->init_off += ret; - s->init_num -= ret; - frag_off += (ret -= DTLS1_HM_HEADER_LENGTH); - } - } - return (0); -} - - -/* - * Obtain handshake message of message type 'mt' (any if mt == -1), - * maximum acceptable body length 'max'. - * Read an entire handshake message. Handshake messages arrive in - * fragments. - */ -int -dtls1_get_message(SSL *s, int st1, int stn, int mt, long max) -{ - struct hm_header_st *msg_hdr; - unsigned char *p; - unsigned long msg_len; - int i, al, ok; - - /* - * s3->tmp is used to store messages that are unexpected, caused - * by the absence of an optional handshake message - */ - if (s->s3->hs.tls12.reuse_message) { - s->s3->hs.tls12.reuse_message = 0; - if ((mt >= 0) && (s->s3->hs.tls12.message_type != mt)) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); - goto fatal_err; - } - s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; - s->init_num = (int)s->s3->hs.tls12.message_size; - return 1; - } - - msg_hdr = &s->d1->r_msg_hdr; - memset(msg_hdr, 0, sizeof(struct hm_header_st)); - - again: - i = dtls1_get_message_fragment(s, st1, stn, max, &ok); - if (i == DTLS1_HM_BAD_FRAGMENT || - i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ - goto again; - else if (i <= 0 && !ok) - return i; - - p = (unsigned char *)s->init_buf->data; - msg_len = msg_hdr->msg_len; - - /* reconstruct message header */ - if (!dtls1_write_message_header(msg_hdr, 0, msg_len, p)) - return -1; - - msg_len += DTLS1_HM_HEADER_LENGTH; - - tls1_transcript_record(s, p, msg_len); - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, msg_len, - s, s->msg_callback_arg); - - memset(msg_hdr, 0, sizeof(struct hm_header_st)); - - /* Don't change sequence numbers while listening */ - if (!s->d1->listen) - s->d1->handshake_read_seq++; - - s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; - return 1; - - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - return -1; -} - -static int -dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) -{ - size_t frag_off, frag_len, msg_len; - - msg_len = msg_hdr->msg_len; - frag_off = msg_hdr->frag_off; - frag_len = msg_hdr->frag_len; - - /* sanity checking */ - if ((frag_off + frag_len) > msg_len) { - SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE); - return SSL_AD_ILLEGAL_PARAMETER; - } - - if ((frag_off + frag_len) > (unsigned long)max) { - SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE); - return SSL_AD_ILLEGAL_PARAMETER; - } - - if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ - { - /* - * msg_len is limited to 2^24, but is effectively checked - * against max above - */ - if (!BUF_MEM_grow_clean(s->init_buf, - msg_len + DTLS1_HM_HEADER_LENGTH)) { - SSLerror(s, ERR_R_BUF_LIB); - return SSL_AD_INTERNAL_ERROR; - } - - s->s3->hs.tls12.message_size = msg_len; - s->d1->r_msg_hdr.msg_len = msg_len; - s->s3->hs.tls12.message_type = msg_hdr->type; - s->d1->r_msg_hdr.type = msg_hdr->type; - s->d1->r_msg_hdr.seq = msg_hdr->seq; - } else if (msg_len != s->d1->r_msg_hdr.msg_len) { - /* - * They must be playing with us! BTW, failure to enforce - * upper limit would open possibility for buffer overrun. - */ - SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE); - return SSL_AD_ILLEGAL_PARAMETER; - } - - return 0; /* no error */ -} - -static int -dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) -{ - /* - * (0) check whether the desired fragment is available - * if so: - * (1) copy over the fragment to s->init_buf->data[] - * (2) update s->init_num - */ - pitem *item; - hm_fragment *frag; - int al; - - *ok = 0; - item = pqueue_peek(s->d1->buffered_messages); - if (item == NULL) - return 0; - - frag = (hm_fragment *)item->data; - - /* Don't return if reassembly still in progress */ - if (frag->reassembly != NULL) - return 0; - - if (s->d1->handshake_read_seq == frag->msg_header.seq) { - unsigned long frag_len = frag->msg_header.frag_len; - pqueue_pop(s->d1->buffered_messages); - - al = dtls1_preprocess_fragment(s, &frag->msg_header, max); - - if (al == 0) /* no alert */ - { - unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; - memcpy(&p[frag->msg_header.frag_off], - frag->fragment, frag->msg_header.frag_len); - } - - dtls1_hm_fragment_free(frag); - pitem_free(item); - - if (al == 0) { - *ok = 1; - return frag_len; - } - - ssl3_send_alert(s, SSL3_AL_FATAL, al); - s->init_num = 0; - *ok = 0; - return -1; - } else - return 0; -} - -/* - * dtls1_max_handshake_message_len returns the maximum number of bytes - * permitted in a DTLS handshake message for |s|. The minimum is 16KB, - * but may be greater if the maximum certificate list size requires it. - */ -static unsigned long -dtls1_max_handshake_message_len(const SSL *s) -{ - unsigned long max_len; - - max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; - if (max_len < (unsigned long)s->max_cert_list) - return s->max_cert_list; - return max_len; -} - -static int -dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) -{ - hm_fragment *frag = NULL; - pitem *item = NULL; - int i = -1, is_complete; - unsigned char seq64be[8]; - unsigned long frag_len = msg_hdr->frag_len; - - if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len || - msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) - goto err; - - if (frag_len == 0) { - i = DTLS1_HM_FRAGMENT_RETRY; - goto err; - } - - /* Try to find item in queue */ - memset(seq64be, 0, sizeof(seq64be)); - seq64be[6] = (unsigned char)(msg_hdr->seq >> 8); - seq64be[7] = (unsigned char)msg_hdr->seq; - item = pqueue_find(s->d1->buffered_messages, seq64be); - - if (item == NULL) { - frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); - if (frag == NULL) - goto err; - memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); - frag->msg_header.frag_len = frag->msg_header.msg_len; - frag->msg_header.frag_off = 0; - } else { - frag = (hm_fragment*)item->data; - if (frag->msg_header.msg_len != msg_hdr->msg_len) { - item = NULL; - frag = NULL; - goto err; - } - } - - /* - * If message is already reassembled, this must be a - * retransmit and can be dropped. - */ - if (frag->reassembly == NULL) { - unsigned char devnull [256]; - - while (frag_len) { - i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, - devnull, frag_len > sizeof(devnull) ? - sizeof(devnull) : frag_len, 0); - if (i <= 0) - goto err; - frag_len -= i; - } - i = DTLS1_HM_FRAGMENT_RETRY; - goto err; - } - - /* read the body of the fragment (header has already been read */ - i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, - frag->fragment + msg_hdr->frag_off, frag_len, 0); - if (i <= 0 || (unsigned long)i != frag_len) - goto err; - - RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off, - (long)(msg_hdr->frag_off + frag_len)); - - RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len, - is_complete); - - if (is_complete) { - free(frag->reassembly); - frag->reassembly = NULL; - } - - if (item == NULL) { - memset(seq64be, 0, sizeof(seq64be)); - seq64be[6] = (unsigned char)(msg_hdr->seq >> 8); - seq64be[7] = (unsigned char)(msg_hdr->seq); - - item = pitem_new(seq64be, frag); - if (item == NULL) { - i = -1; - goto err; - } - - pqueue_insert(s->d1->buffered_messages, item); - } - - return DTLS1_HM_FRAGMENT_RETRY; - - err: - if (item == NULL && frag != NULL) - dtls1_hm_fragment_free(frag); - *ok = 0; - return i; -} - - -static int -dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) -{ - int i = -1; - hm_fragment *frag = NULL; - pitem *item = NULL; - unsigned char seq64be[8]; - unsigned long frag_len = msg_hdr->frag_len; - - if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len) - goto err; - - /* Try to find item in queue, to prevent duplicate entries */ - memset(seq64be, 0, sizeof(seq64be)); - seq64be[6] = (unsigned char) (msg_hdr->seq >> 8); - seq64be[7] = (unsigned char) msg_hdr->seq; - item = pqueue_find(s->d1->buffered_messages, seq64be); - - /* - * If we already have an entry and this one is a fragment, - * don't discard it and rather try to reassemble it. - */ - if (item != NULL && frag_len < msg_hdr->msg_len) - item = NULL; - - /* - * Discard the message if sequence number was already there, is - * too far in the future, already in the queue or if we received - * a FINISHED before the SERVER_HELLO, which then must be a stale - * retransmit. - */ - if (msg_hdr->seq <= s->d1->handshake_read_seq || - msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || - (s->d1->handshake_read_seq == 0 && - msg_hdr->type == SSL3_MT_FINISHED)) { - unsigned char devnull [256]; - - while (frag_len) { - i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, - devnull, frag_len > sizeof(devnull) ? - sizeof(devnull) : frag_len, 0); - if (i <= 0) - goto err; - frag_len -= i; - } - } else { - if (frag_len < msg_hdr->msg_len) - return dtls1_reassemble_fragment(s, msg_hdr, ok); - - if (frag_len > dtls1_max_handshake_message_len(s)) - goto err; - - frag = dtls1_hm_fragment_new(frag_len, 0); - if (frag == NULL) - goto err; - - memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); - - if (frag_len) { - /* read the body of the fragment (header has already been read */ - i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, - frag->fragment, frag_len, 0); - if (i <= 0 || (unsigned long)i != frag_len) - goto err; - } - - memset(seq64be, 0, sizeof(seq64be)); - seq64be[6] = (unsigned char)(msg_hdr->seq >> 8); - seq64be[7] = (unsigned char)(msg_hdr->seq); - - item = pitem_new(seq64be, frag); - if (item == NULL) - goto err; - - pqueue_insert(s->d1->buffered_messages, item); - } - - return DTLS1_HM_FRAGMENT_RETRY; - - err: - if (item == NULL && frag != NULL) - dtls1_hm_fragment_free(frag); - *ok = 0; - return i; -} - - -static long -dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) -{ - unsigned char wire[DTLS1_HM_HEADER_LENGTH]; - unsigned long len, frag_off, frag_len; - struct hm_header_st msg_hdr; - int i, al; - CBS cbs; - - again: - /* see if we have the required fragment already */ - if ((frag_len = dtls1_retrieve_buffered_fragment(s, max, ok)) || *ok) { - if (*ok) - s->init_num = frag_len; - return frag_len; - } - - /* read handshake message header */ - i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire, - DTLS1_HM_HEADER_LENGTH, 0); - if (i <= 0) { - /* nbio, or an error */ - s->rwstate = SSL_READING; - *ok = 0; - return i; - } - - CBS_init(&cbs, wire, i); - if (!dtls1_get_message_header(&cbs, &msg_hdr)) { - /* Handshake fails if message header is incomplete. */ - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); - goto fatal_err; - } - - /* - * if this is a future (or stale) message it gets buffered - * (or dropped)--no further processing at this time - * While listening, we accept seq 1 (ClientHello with cookie) - * although we're still expecting seq 0 (ClientHello) - */ - if (msg_hdr.seq != s->d1->handshake_read_seq && - !(s->d1->listen && msg_hdr.seq == 1)) - return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); - - len = msg_hdr.msg_len; - frag_off = msg_hdr.frag_off; - frag_len = msg_hdr.frag_len; - - if (frag_len && frag_len < len) - return dtls1_reassemble_fragment(s, &msg_hdr, ok); - - if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && - wire[0] == SSL3_MT_HELLO_REQUEST) { - /* - * The server may always send 'Hello Request' messages -- - * we are doing a handshake anyway now, so ignore them - * if their format is correct. Does not count for - * 'Finished' MAC. - */ - if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) { - if (s->msg_callback) - s->msg_callback(0, s->version, - SSL3_RT_HANDSHAKE, wire, - DTLS1_HM_HEADER_LENGTH, s, - s->msg_callback_arg); - - s->init_num = 0; - goto again; - } - else /* Incorrectly formatted Hello request */ - { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); - goto fatal_err; - } - } - - if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max))) - goto fatal_err; - - /* XDTLS: resurrect this when restart is in place */ - s->s3->hs.state = stn; - - if (frag_len > 0) { - unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; - - i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, - &p[frag_off], frag_len, 0); - /* XDTLS: fix this--message fragments cannot span multiple packets */ - if (i <= 0) { - s->rwstate = SSL_READING; - *ok = 0; - return i; - } - } else - i = 0; - - /* - * XDTLS: an incorrectly formatted fragment should cause the - * handshake to fail - */ - if (i != (int)frag_len) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER); - goto fatal_err; - } - - /* - * Note that s->init_num is *not* used as current offset in - * s->init_buf->data, but as a counter summing up fragments' - * lengths: as soon as they sum up to handshake packet - * length, we assume we have got all the fragments. - */ - s->init_num = frag_len; - *ok = 1; - return frag_len; - - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - s->init_num = 0; - - *ok = 0; - return (-1); -} - -int -dtls1_read_failed(SSL *s, int code) -{ - if (code > 0) { -#ifdef DEBUG - fprintf(stderr, "invalid state reached %s:%d", - OPENSSL_FILE, OPENSSL_LINE); -#endif - return 1; - } - - if (!dtls1_is_timer_expired(s)) { - /* - * not a timeout, none of our business, let higher layers - * handle this. in fact it's probably an error - */ - return code; - } - - if (!SSL_in_init(s)) /* done, no need to send a retransmit */ - { - BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ); - return code; - } - - return dtls1_handle_timeout(s); -} - -int -dtls1_get_queue_priority(unsigned short seq, int is_ccs) -{ - /* - * The index of the retransmission queue actually is the message - * sequence number, since the queue only contains messages of a - * single handshake. However, the ChangeCipherSpec has no message - * sequence number and so using only the sequence will result in - * the CCS and Finished having the same index. To prevent this, the - * sequence number is multiplied by 2. In case of a CCS 1 is - * subtracted. This does not only differ CSS and Finished, it also - * maintains the order of the index (important for priority queues) - * and fits in the unsigned short variable. - */ - return seq * 2 - is_ccs; -} - -int -dtls1_retransmit_buffered_messages(SSL *s) -{ - pqueue sent = s->d1->sent_messages; - piterator iter; - pitem *item; - hm_fragment *frag; - int found = 0; - - iter = pqueue_iterator(sent); - - for (item = pqueue_next(&iter); item != NULL; - item = pqueue_next(&iter)) { - frag = (hm_fragment *)item->data; - if (dtls1_retransmit_message(s, - (unsigned short)dtls1_get_queue_priority( - frag->msg_header.seq, frag->msg_header.is_ccs), 0, - &found) <= 0 && found) { -#ifdef DEBUG - fprintf(stderr, "dtls1_retransmit_message() failed\n"); -#endif - return -1; - } - } - - return 1; -} - -int -dtls1_buffer_message(SSL *s, int is_ccs) -{ - pitem *item; - hm_fragment *frag; - unsigned char seq64be[8]; - - /* Buffer the message in order to handle DTLS retransmissions. */ - - /* - * This function is called immediately after a message has - * been serialized - */ - OPENSSL_assert(s->init_off == 0); - - frag = dtls1_hm_fragment_new(s->init_num, 0); - if (frag == NULL) - return 0; - - memcpy(frag->fragment, s->init_buf->data, s->init_num); - - OPENSSL_assert(s->d1->w_msg_hdr.msg_len + - (is_ccs ? DTLS1_CCS_HEADER_LENGTH : DTLS1_HM_HEADER_LENGTH) == - (unsigned int)s->init_num); - - frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; - frag->msg_header.seq = s->d1->w_msg_hdr.seq; - frag->msg_header.type = s->d1->w_msg_hdr.type; - frag->msg_header.frag_off = 0; - frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len; - frag->msg_header.is_ccs = is_ccs; - - /* save current state*/ - frag->msg_header.saved_retransmit_state.session = s->session; - frag->msg_header.saved_retransmit_state.epoch = - tls12_record_layer_write_epoch(s->rl); - - memset(seq64be, 0, sizeof(seq64be)); - seq64be[6] = (unsigned char)(dtls1_get_queue_priority( - frag->msg_header.seq, frag->msg_header.is_ccs) >> 8); - seq64be[7] = (unsigned char)(dtls1_get_queue_priority( - frag->msg_header.seq, frag->msg_header.is_ccs)); - - item = pitem_new(seq64be, frag); - if (item == NULL) { - dtls1_hm_fragment_free(frag); - return 0; - } - - pqueue_insert(s->d1->sent_messages, item); - return 1; -} - -int -dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, - int *found) -{ - int ret; - /* XDTLS: for now assuming that read/writes are blocking */ - pitem *item; - hm_fragment *frag; - unsigned long header_length; - unsigned char seq64be[8]; - struct dtls1_retransmit_state saved_state; - - /* - OPENSSL_assert(s->init_num == 0); - OPENSSL_assert(s->init_off == 0); - */ - - /* XDTLS: the requested message ought to be found, otherwise error */ - memset(seq64be, 0, sizeof(seq64be)); - seq64be[6] = (unsigned char)(seq >> 8); - seq64be[7] = (unsigned char)seq; - - item = pqueue_find(s->d1->sent_messages, seq64be); - if (item == NULL) { -#ifdef DEBUG - fprintf(stderr, "retransmit: message %d non-existent\n", seq); -#endif - *found = 0; - return 0; - } - - *found = 1; - frag = (hm_fragment *)item->data; - - if (frag->msg_header.is_ccs) - header_length = DTLS1_CCS_HEADER_LENGTH; - else - header_length = DTLS1_HM_HEADER_LENGTH; - - memcpy(s->init_buf->data, frag->fragment, - frag->msg_header.msg_len + header_length); - s->init_num = frag->msg_header.msg_len + header_length; - - dtls1_set_message_header_int(s, frag->msg_header.type, - frag->msg_header.msg_len, frag->msg_header.seq, 0, - frag->msg_header.frag_len); - - /* save current state */ - saved_state.session = s->session; - saved_state.epoch = tls12_record_layer_write_epoch(s->rl); - - s->d1->retransmitting = 1; - - /* restore state in which the message was originally sent */ - s->session = frag->msg_header.saved_retransmit_state.session; - if (!tls12_record_layer_use_write_epoch(s->rl, - frag->msg_header.saved_retransmit_state.epoch)) - return 0; - - ret = dtls1_do_write(s, frag->msg_header.is_ccs ? - SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); - - /* restore current state */ - s->session = saved_state.session; - if (!tls12_record_layer_use_write_epoch(s->rl, - saved_state.epoch)) - return 0; - - s->d1->retransmitting = 0; - - (void)BIO_flush(SSL_get_wbio(s)); - return ret; -} - -/* call this function when the buffered messages are no longer needed */ -void -dtls1_clear_record_buffer(SSL *s) -{ - hm_fragment *frag; - pitem *item; - - for(item = pqueue_pop(s->d1->sent_messages); item != NULL; - item = pqueue_pop(s->d1->sent_messages)) { - frag = item->data; - if (frag->msg_header.is_ccs) - tls12_record_layer_write_epoch_done(s->rl, - frag->msg_header.saved_retransmit_state.epoch); - dtls1_hm_fragment_free(frag); - pitem_free(item); - } -} - -void -dtls1_set_message_header(SSL *s, unsigned char mt, unsigned long len, - unsigned long frag_off, unsigned long frag_len) -{ - /* Don't change sequence numbers while listening */ - if (frag_off == 0 && !s->d1->listen) { - s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; - s->d1->next_handshake_write_seq++; - } - - dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, - frag_off, frag_len); -} - -/* don't actually do the writing, wait till the MTU has been retrieved */ -void -dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len, - unsigned short seq_num, unsigned long frag_off, unsigned long frag_len) -{ - struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; - - msg_hdr->type = mt; - msg_hdr->msg_len = len; - msg_hdr->seq = seq_num; - msg_hdr->frag_off = frag_off; - msg_hdr->frag_len = frag_len; -} - -static void -dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len) -{ - struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; - - msg_hdr->frag_off = frag_off; - msg_hdr->frag_len = frag_len; -} - -static int -dtls1_write_message_header(const struct hm_header_st *msg_hdr, - unsigned long frag_off, unsigned long frag_len, unsigned char *p) -{ - CBB cbb; - - /* We assume DTLS1_HM_HEADER_LENGTH bytes are available for now... */ - if (!CBB_init_fixed(&cbb, p, DTLS1_HM_HEADER_LENGTH)) - return 0; - if (!CBB_add_u8(&cbb, msg_hdr->type)) - goto err; - if (!CBB_add_u24(&cbb, msg_hdr->msg_len)) - goto err; - if (!CBB_add_u16(&cbb, msg_hdr->seq)) - goto err; - if (!CBB_add_u24(&cbb, frag_off)) - goto err; - if (!CBB_add_u24(&cbb, frag_len)) - goto err; - if (!CBB_finish(&cbb, NULL, NULL)) - goto err; - - return 1; - - err: - CBB_cleanup(&cbb); - return 0; -} - -unsigned int -dtls1_min_mtu(void) -{ - return (g_probable_mtu[(sizeof(g_probable_mtu) / - sizeof(g_probable_mtu[0])) - 1]); -} - -static unsigned int -dtls1_guess_mtu(unsigned int curr_mtu) -{ - unsigned int i; - - if (curr_mtu == 0) - return g_probable_mtu[0]; - - for (i = 0; i < sizeof(g_probable_mtu) / sizeof(g_probable_mtu[0]); i++) - if (curr_mtu > g_probable_mtu[i]) - return g_probable_mtu[i]; - - return curr_mtu; -} - -int -dtls1_get_message_header(CBS *header, struct hm_header_st *msg_hdr) -{ - uint32_t msg_len, frag_off, frag_len; - uint16_t seq; - uint8_t type; - - memset(msg_hdr, 0, sizeof(*msg_hdr)); - - if (!CBS_get_u8(header, &type)) - return 0; - if (!CBS_get_u24(header, &msg_len)) - return 0; - if (!CBS_get_u16(header, &seq)) - return 0; - if (!CBS_get_u24(header, &frag_off)) - return 0; - if (!CBS_get_u24(header, &frag_len)) - return 0; - - msg_hdr->type = type; - msg_hdr->msg_len = msg_len; - msg_hdr->seq = seq; - msg_hdr->frag_off = frag_off; - msg_hdr->frag_len = frag_len; - - return 1; -} diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c deleted file mode 100644 index 69db8a0df4..0000000000 --- a/src/lib/libssl/d1_lib.c +++ /dev/null @@ -1,414 +0,0 @@ -/* $OpenBSD: d1_lib.c,v 1.65 2024/07/23 14:40:53 jsing Exp $ */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include - -#include - -#include - -#include - -#include "dtls_local.h" -#include "pqueue.h" -#include "ssl_local.h" - -void dtls1_hm_fragment_free(hm_fragment *frag); - -static int dtls1_listen(SSL *s, struct sockaddr *client); - -int -dtls1_new(SSL *s) -{ - if (!ssl3_new(s)) - goto err; - - if ((s->d1 = calloc(1, sizeof(*s->d1))) == NULL) - goto err; - - if ((s->d1->unprocessed_rcds.q = pqueue_new()) == NULL) - goto err; - if ((s->d1->buffered_messages = pqueue_new()) == NULL) - goto err; - if ((s->d1->sent_messages = pqueue_new()) == NULL) - goto err; - if ((s->d1->buffered_app_data.q = pqueue_new()) == NULL) - goto err; - - if (s->server) - s->d1->cookie_len = sizeof(s->d1->cookie); - - s->method->ssl_clear(s); - return (1); - - err: - dtls1_free(s); - return (0); -} - -static void -dtls1_drain_rcontents(pqueue queue) -{ - DTLS1_RCONTENT_DATA_INTERNAL *rdata; - pitem *item; - - if (queue == NULL) - return; - - while ((item = pqueue_pop(queue)) != NULL) { - rdata = (DTLS1_RCONTENT_DATA_INTERNAL *)item->data; - tls_content_free(rdata->rcontent); - free(item->data); - pitem_free(item); - } -} - -static void -dtls1_drain_records(pqueue queue) -{ - pitem *item; - DTLS1_RECORD_DATA_INTERNAL *rdata; - - if (queue == NULL) - return; - - while ((item = pqueue_pop(queue)) != NULL) { - rdata = (DTLS1_RECORD_DATA_INTERNAL *)item->data; - ssl3_release_buffer(&rdata->rbuf); - free(item->data); - pitem_free(item); - } -} - -static void -dtls1_drain_fragments(pqueue queue) -{ - pitem *item; - - if (queue == NULL) - return; - - while ((item = pqueue_pop(queue)) != NULL) { - dtls1_hm_fragment_free(item->data); - pitem_free(item); - } -} - -static void -dtls1_clear_queues(SSL *s) -{ - dtls1_drain_records(s->d1->unprocessed_rcds.q); - dtls1_drain_fragments(s->d1->buffered_messages); - dtls1_drain_fragments(s->d1->sent_messages); - dtls1_drain_rcontents(s->d1->buffered_app_data.q); -} - -void -dtls1_free(SSL *s) -{ - if (s == NULL) - return; - - ssl3_free(s); - - if (s->d1 == NULL) - return; - - dtls1_clear_queues(s); - - pqueue_free(s->d1->unprocessed_rcds.q); - pqueue_free(s->d1->buffered_messages); - pqueue_free(s->d1->sent_messages); - pqueue_free(s->d1->buffered_app_data.q); - - freezero(s->d1, sizeof(*s->d1)); - s->d1 = NULL; -} - -void -dtls1_clear(SSL *s) -{ - pqueue unprocessed_rcds; - pqueue buffered_messages; - pqueue sent_messages; - pqueue buffered_app_data; - unsigned int mtu; - - if (s->d1) { - unprocessed_rcds = s->d1->unprocessed_rcds.q; - buffered_messages = s->d1->buffered_messages; - sent_messages = s->d1->sent_messages; - buffered_app_data = s->d1->buffered_app_data.q; - mtu = s->d1->mtu; - - dtls1_clear_queues(s); - - memset(s->d1, 0, sizeof(*s->d1)); - - s->d1->unprocessed_rcds.epoch = - tls12_record_layer_read_epoch(s->rl) + 1; - - if (s->server) { - s->d1->cookie_len = sizeof(s->d1->cookie); - } - - if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) { - s->d1->mtu = mtu; - } - - s->d1->unprocessed_rcds.q = unprocessed_rcds; - s->d1->buffered_messages = buffered_messages; - s->d1->sent_messages = sent_messages; - s->d1->buffered_app_data.q = buffered_app_data; - } - - ssl3_clear(s); - - s->version = DTLS1_VERSION; -} - -long -dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) -{ - int ret = 0; - - switch (cmd) { - case DTLS_CTRL_GET_TIMEOUT: - if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) { - ret = 1; - } - break; - case DTLS_CTRL_HANDLE_TIMEOUT: - ret = dtls1_handle_timeout(s); - break; - case DTLS_CTRL_LISTEN: - ret = dtls1_listen(s, parg); - break; - - default: - ret = ssl3_ctrl(s, cmd, larg, parg); - break; - } - return (ret); -} - -void -dtls1_start_timer(SSL *s) -{ - - /* If timer is not set, initialize duration with 1 second */ - if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) { - s->d1->timeout_duration = 1; - } - - /* Set timeout to current time */ - gettimeofday(&(s->d1->next_timeout), NULL); - - /* Add duration to current time */ - s->d1->next_timeout.tv_sec += s->d1->timeout_duration; - BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, - &s->d1->next_timeout); -} - -struct timeval* -dtls1_get_timeout(SSL *s, struct timeval* timeleft) -{ - struct timeval timenow; - - /* If no timeout is set, just return NULL */ - if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) { - return NULL; - } - - /* Get current time */ - gettimeofday(&timenow, NULL); - - /* If timer already expired, set remaining time to 0 */ - if (s->d1->next_timeout.tv_sec < timenow.tv_sec || - (s->d1->next_timeout.tv_sec == timenow.tv_sec && - s->d1->next_timeout.tv_usec <= timenow.tv_usec)) { - memset(timeleft, 0, sizeof(struct timeval)); - return timeleft; - } - - /* Calculate time left until timer expires */ - memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval)); - timeleft->tv_sec -= timenow.tv_sec; - timeleft->tv_usec -= timenow.tv_usec; - if (timeleft->tv_usec < 0) { - timeleft->tv_sec--; - timeleft->tv_usec += 1000000; - } - - /* If remaining time is less than 15 ms, set it to 0 - * to prevent issues because of small devergences with - * socket timeouts. - */ - if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) { - memset(timeleft, 0, sizeof(struct timeval)); - } - - - return timeleft; -} - -int -dtls1_is_timer_expired(SSL *s) -{ - struct timeval timeleft; - - /* Get time left until timeout, return false if no timer running */ - if (dtls1_get_timeout(s, &timeleft) == NULL) { - return 0; - } - - /* Return false if timer is not expired yet */ - if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) { - return 0; - } - - /* Timer expired, so return true */ - return 1; -} - -void -dtls1_double_timeout(SSL *s) -{ - s->d1->timeout_duration *= 2; - if (s->d1->timeout_duration > 60) - s->d1->timeout_duration = 60; - dtls1_start_timer(s); -} - -void -dtls1_stop_timer(SSL *s) -{ - /* Reset everything */ - memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); - memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); - s->d1->timeout_duration = 1; - BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, - &(s->d1->next_timeout)); - /* Clear retransmission buffer */ - dtls1_clear_record_buffer(s); -} - -int -dtls1_check_timeout_num(SSL *s) -{ - s->d1->timeout.num_alerts++; - - /* Reduce MTU after 2 unsuccessful retransmissions */ - if (s->d1->timeout.num_alerts > 2) { - s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), - BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); - - } - - if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { - /* fail the connection, enough alerts have been sent */ - SSLerror(s, SSL_R_READ_TIMEOUT_EXPIRED); - return -1; - } - - return 0; -} - -int -dtls1_handle_timeout(SSL *s) -{ - /* if no timer is expired, don't do anything */ - if (!dtls1_is_timer_expired(s)) { - return 0; - } - - dtls1_double_timeout(s); - - if (dtls1_check_timeout_num(s) < 0) - return -1; - - s->d1->timeout.read_timeouts++; - if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { - s->d1->timeout.read_timeouts = 1; - } - - dtls1_start_timer(s); - return dtls1_retransmit_buffered_messages(s); -} - -int -dtls1_listen(SSL *s, struct sockaddr *client) -{ - int ret; - - /* Ensure there is no state left over from a previous invocation */ - SSL_clear(s); - - SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); - s->d1->listen = 1; - - ret = SSL_accept(s); - if (ret <= 0) - return ret; - - (void)BIO_dgram_get_peer(SSL_get_rbio(s), client); - return 1; -} diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c deleted file mode 100644 index 8ba0bb0bcf..0000000000 --- a/src/lib/libssl/d1_pkt.c +++ /dev/null @@ -1,1124 +0,0 @@ -/* $OpenBSD: d1_pkt.c,v 1.130 2025/03/12 14:03:55 jsing Exp $ */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include - -#include -#include - -#include "bytestring.h" -#include "dtls_local.h" -#include "pqueue.h" -#include "ssl_local.h" -#include "tls_content.h" - -/* mod 128 saturating subtract of two 64-bit values in big-endian order */ -static int -satsub64be(const unsigned char *v1, const unsigned char *v2) -{ - int ret, sat, brw, i; - - if (sizeof(long) == 8) - do { - long l; - - if (BYTE_ORDER == LITTLE_ENDIAN) - break; - /* not reached on little-endians */ - /* following test is redundant, because input is - * always aligned, but I take no chances... */ - if (((size_t)v1 | (size_t)v2) & 0x7) - break; - - l = *((long *)v1); - l -= *((long *)v2); - if (l > 128) - return 128; - else if (l<-128) - return -128; - else - return (int)l; - } while (0); - - ret = (int)v1[7] - (int)v2[7]; - sat = 0; - brw = ret >> 8; /* brw is either 0 or -1 */ - if (ret & 0x80) { - for (i = 6; i >= 0; i--) { - brw += (int)v1[i]-(int)v2[i]; - sat |= ~brw; - brw >>= 8; - } - } else { - for (i = 6; i >= 0; i--) { - brw += (int)v1[i]-(int)v2[i]; - sat |= brw; - brw >>= 8; - } - } - brw <<= 8; /* brw is either 0 or -256 */ - - if (sat & 0xff) - return brw | 0x80; - else - return brw + (ret & 0xFF); -} - -static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap, - const unsigned char *seq); -static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap, - const unsigned char *seq); -static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, - unsigned int *is_next_epoch); -static int dtls1_buffer_record(SSL *s, record_pqueue *q, - unsigned char *priority); -static int dtls1_process_record(SSL *s); - -/* copy buffered record into SSL structure */ -static int -dtls1_copy_record(SSL *s, DTLS1_RECORD_DATA_INTERNAL *rdata) -{ - ssl3_release_buffer(&s->s3->rbuf); - - s->packet = rdata->packet; - s->packet_length = rdata->packet_length; - memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL)); - memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL)); - - return (1); -} - -static int -dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) -{ - DTLS1_RECORD_DATA_INTERNAL *rdata = NULL; - pitem *item = NULL; - - /* Limit the size of the queue to prevent DOS attacks */ - if (pqueue_size(queue->q) >= 100) - return 0; - - if ((rdata = malloc(sizeof(*rdata))) == NULL) - goto init_err; - if ((item = pitem_new(priority, rdata)) == NULL) - goto init_err; - - rdata->packet = s->packet; - rdata->packet_length = s->packet_length; - memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER_INTERNAL)); - memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD_INTERNAL)); - - item->data = rdata; - - s->packet = NULL; - s->packet_length = 0; - memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL)); - memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD_INTERNAL)); - - if (!ssl3_setup_buffers(s)) - goto err; - - /* insert should not fail, since duplicates are dropped */ - if (pqueue_insert(queue->q, item) == NULL) - goto err; - - return (1); - - err: - ssl3_release_buffer(&rdata->rbuf); - - init_err: - SSLerror(s, ERR_R_INTERNAL_ERROR); - free(rdata); - pitem_free(item); - return (-1); -} - -static int -dtls1_buffer_rcontent(SSL *s, rcontent_pqueue *queue, unsigned char *priority) -{ - DTLS1_RCONTENT_DATA_INTERNAL *rdata = NULL; - pitem *item = NULL; - - /* Limit the size of the queue to prevent DOS attacks */ - if (pqueue_size(queue->q) >= 100) - return 0; - - if ((rdata = malloc(sizeof(*rdata))) == NULL) - goto init_err; - if ((item = pitem_new(priority, rdata)) == NULL) - goto init_err; - - rdata->rcontent = s->s3->rcontent; - s->s3->rcontent = NULL; - - item->data = rdata; - - /* insert should not fail, since duplicates are dropped */ - if (pqueue_insert(queue->q, item) == NULL) - goto err; - - if ((s->s3->rcontent = tls_content_new()) == NULL) - goto err; - - return (1); - - err: - tls_content_free(rdata->rcontent); - - init_err: - SSLerror(s, ERR_R_INTERNAL_ERROR); - free(rdata); - pitem_free(item); - return (-1); -} - -static int -dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue) -{ - pitem *item; - - item = pqueue_pop(queue->q); - if (item) { - dtls1_copy_record(s, item->data); - - free(item->data); - pitem_free(item); - - return (1); - } - - return (0); -} - -static int -dtls1_retrieve_buffered_rcontent(SSL *s, rcontent_pqueue *queue) -{ - DTLS1_RCONTENT_DATA_INTERNAL *rdata; - pitem *item; - - item = pqueue_pop(queue->q); - if (item) { - rdata = item->data; - - tls_content_free(s->s3->rcontent); - s->s3->rcontent = rdata->rcontent; - s->s3->rrec.epoch = tls_content_epoch(s->s3->rcontent); - - free(item->data); - pitem_free(item); - - return (1); - } - - return (0); -} - -static int -dtls1_process_buffered_record(SSL *s) -{ - /* Check if epoch is current. */ - if (s->d1->unprocessed_rcds.epoch != - tls12_record_layer_read_epoch(s->rl)) - return (0); - - /* Update epoch once all unprocessed records have been processed. */ - if (pqueue_peek(s->d1->unprocessed_rcds.q) == NULL) { - s->d1->unprocessed_rcds.epoch = - tls12_record_layer_read_epoch(s->rl) + 1; - return (0); - } - - /* Process one of the records. */ - if (!dtls1_retrieve_buffered_record(s, &s->d1->unprocessed_rcds)) - return (-1); - if (!dtls1_process_record(s)) - return (-1); - - return (1); -} - -static int -dtls1_process_record(SSL *s) -{ - SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec); - uint8_t alert_desc; - - tls12_record_layer_set_version(s->rl, s->version); - - if (!tls12_record_layer_open_record(s->rl, s->packet, s->packet_length, - s->s3->rcontent)) { - tls12_record_layer_alert(s->rl, &alert_desc); - - if (alert_desc == 0) - goto err; - - /* - * DTLS should silently discard invalid records, including those - * with a bad MAC, as per RFC 6347 section 4.1.2.1. - */ - if (alert_desc == SSL_AD_BAD_RECORD_MAC) - goto done; - - if (alert_desc == SSL_AD_RECORD_OVERFLOW) - SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); - - goto fatal_err; - } - - /* XXX move to record layer. */ - tls_content_set_epoch(s->s3->rcontent, rr->epoch); - - done: - s->packet_length = 0; - - return (1); - - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, alert_desc); - err: - return (0); -} - -/* Call this to get a new input record. - * It will return <= 0 if more data is needed, normally due to an error - * or non-blocking IO. - * When it finishes, one packet has been decoded and can be found in - * ssl->s3->rrec.type - is the type of record - * ssl->s3->rrec.data, - data - * ssl->s3->rrec.length, - number of bytes - */ -/* used only by dtls1_read_bytes */ -int -dtls1_get_record(SSL *s) -{ - SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec); - unsigned char *p = NULL; - DTLS1_BITMAP *bitmap; - unsigned int is_next_epoch; - int ret, n; - - /* See if there are pending records that can now be processed. */ - if ((ret = dtls1_process_buffered_record(s)) != 0) - return (ret); - - /* get something from the wire */ - if (0) { - again: - /* dump this record on all retries */ - rr->length = 0; - s->packet_length = 0; - } - - /* check if we have the header */ - if ((s->rstate != SSL_ST_READ_BODY) || - (s->packet_length < DTLS1_RT_HEADER_LENGTH)) { - CBS header, seq_no; - uint16_t epoch, len, ssl_version; - uint8_t type; - - n = ssl3_packet_read(s, DTLS1_RT_HEADER_LENGTH); - if (n <= 0) - return (n); - - /* If this packet contained a partial record, dump it. */ - if (n != DTLS1_RT_HEADER_LENGTH) - goto again; - - s->rstate = SSL_ST_READ_BODY; - - CBS_init(&header, s->packet, s->packet_length); - - /* Pull apart the header into the DTLS1_RECORD */ - if (!CBS_get_u8(&header, &type)) - goto again; - if (!CBS_get_u16(&header, &ssl_version)) - goto again; - - /* Sequence number is 64 bits, with top 2 bytes = epoch. */ - if (!CBS_get_bytes(&header, &seq_no, SSL3_SEQUENCE_SIZE)) - goto again; - if (!CBS_get_u16(&seq_no, &epoch)) - goto again; - if (!CBS_write_bytes(&seq_no, &rr->seq_num[2], - sizeof(rr->seq_num) - 2, NULL)) - goto again; - - if (!CBS_get_u16(&header, &len)) - goto again; - - rr->type = type; - rr->epoch = epoch; - rr->length = len; - - /* unexpected version, silently discard */ - if (!s->first_packet && ssl_version != s->version) - goto again; - - /* wrong version, silently discard record */ - if ((ssl_version & 0xff00) != (s->version & 0xff00)) - goto again; - - /* record too long, silently discard it */ - if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) - goto again; - - /* now s->rstate == SSL_ST_READ_BODY */ - p = (unsigned char *)CBS_data(&header); - } - - /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ - - n = ssl3_packet_extend(s, DTLS1_RT_HEADER_LENGTH + rr->length); - if (n <= 0) - return (n); - - /* If this packet contained a partial record, dump it. */ - if (n != DTLS1_RT_HEADER_LENGTH + rr->length) - goto again; - - s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */ - - /* match epochs. NULL means the packet is dropped on the floor */ - bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); - if (bitmap == NULL) - goto again; - - /* - * Check whether this is a repeat, or aged record. - * Don't check if we're listening and this message is - * a ClientHello. They can look as if they're replayed, - * since they arrive from different connections and - * would be dropped unnecessarily. - */ - if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && - p != NULL && *p == SSL3_MT_CLIENT_HELLO) && - !dtls1_record_replay_check(s, bitmap, rr->seq_num)) - goto again; - - /* just read a 0 length packet */ - if (rr->length == 0) - goto again; - - /* If this record is from the next epoch (either HM or ALERT), - * and a handshake is currently in progress, buffer it since it - * cannot be processed at this time. However, do not buffer - * anything while listening. - */ - if (is_next_epoch) { - if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) { - if (dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), - rr->seq_num) < 0) - return (-1); - /* Mark receipt of record. */ - dtls1_record_bitmap_update(s, bitmap, rr->seq_num); - } - goto again; - } - - if (!dtls1_process_record(s)) - goto again; - - /* Mark receipt of record. */ - dtls1_record_bitmap_update(s, bitmap, rr->seq_num); - - return (1); -} - -static int -dtls1_read_handshake_unexpected(SSL *s) -{ - struct hm_header_st hs_msg_hdr; - CBS cbs; - int ret; - - if (s->in_handshake) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - return -1; - } - - /* Parse handshake message header. */ - CBS_dup(tls_content_cbs(s->s3->rcontent), &cbs); - if (!dtls1_get_message_header(&cbs, &hs_msg_hdr)) - return -1; /* XXX - probably should drop/continue. */ - - /* This may just be a stale retransmit. */ - if (tls_content_epoch(s->s3->rcontent) != - tls12_record_layer_read_epoch(s->rl)) { - tls_content_clear(s->s3->rcontent); - s->s3->rrec.length = 0; - return 1; - } - - if (hs_msg_hdr.type == SSL3_MT_HELLO_REQUEST) { - /* - * Incoming HelloRequest messages should only be received by a - * client. A server may send these at any time - a client should - * ignore the message if received in the middle of a handshake. - * See RFC 5246 sections 7.4 and 7.4.1.1. - */ - if (s->server) { - SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_UNEXPECTED_MESSAGE); - return -1; - } - - /* XXX - should also check frag offset/length. */ - if (hs_msg_hdr.msg_len != 0) { - SSLerror(s, SSL_R_BAD_HELLO_REQUEST); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - return -1; - } - - ssl_msg_callback_cbs(s, 0, SSL3_RT_HANDSHAKE, - tls_content_cbs(s->s3->rcontent)); - - tls_content_clear(s->s3->rcontent); - s->s3->rrec.length = 0; - - if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0) { - ssl3_send_alert(s, SSL3_AL_WARNING, - SSL_AD_NO_RENEGOTIATION); - return 1; - } - - /* - * It should be impossible to hit this, but keep the safety - * harness for now... - */ - if (s->session == NULL || s->s3->hs.cipher == NULL) - return 1; - - /* - * Ignore this message if we're currently handshaking, - * renegotiation is already pending or renegotiation is disabled - * via flags. - */ - if (!SSL_is_init_finished(s) || s->s3->renegotiate || - (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) != 0) - return 1; - - s->d1->handshake_read_seq++; - - /* XXX - why is this set here but not in ssl3? */ - s->new_session = 1; - - if (!ssl3_renegotiate(s)) - return 1; - if (!ssl3_renegotiate_check(s)) - return 1; - - } else if (hs_msg_hdr.type == SSL3_MT_CLIENT_HELLO) { - /* - * Incoming ClientHello messages should only be received by a - * server. A client may send these in response to server - * initiated renegotiation (HelloRequest) or in order to - * initiate renegotiation by the client. See RFC 5246 section - * 7.4.1.2. - */ - if (!s->server) { - SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_UNEXPECTED_MESSAGE); - return -1; - } - - /* - * A client should not be sending a ClientHello unless we're not - * currently handshaking. - */ - if (!SSL_is_init_finished(s)) { - SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_UNEXPECTED_MESSAGE); - return -1; - } - - if ((s->options & SSL_OP_NO_CLIENT_RENEGOTIATION) != 0 || - ((s->options & SSL_OP_NO_RENEGOTIATION) != 0 && - (s->options & SSL_OP_ALLOW_CLIENT_RENEGOTIATION) == 0)) { - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_NO_RENEGOTIATION); - return -1; - } - - if (s->session == NULL || s->s3->hs.cipher == NULL) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - return -1; - } - - /* Client requested renegotiation but it is not permitted. */ - if (!s->s3->send_connection_binding || - (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) != 0) { - ssl3_send_alert(s, SSL3_AL_WARNING, - SSL_AD_NO_RENEGOTIATION); - return 1; - } - - s->s3->hs.state = SSL_ST_ACCEPT; - s->renegotiate = 1; - s->new_session = 1; - - } else if (hs_msg_hdr.type == SSL3_MT_FINISHED && s->server) { - /* - * If we are server, we may have a repeated FINISHED of the - * client here, then retransmit our CCS and FINISHED. - */ - if (dtls1_check_timeout_num(s) < 0) - return -1; - - /* XXX - should this be calling ssl_msg_callback()? */ - - dtls1_retransmit_buffered_messages(s); - - tls_content_clear(s->s3->rcontent); - s->s3->rrec.length = 0; - - return 1; - - } else { - SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); - return -1; - } - - if ((ret = s->handshake_func(s)) < 0) - return ret; - if (ret == 0) { - SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); - return -1; - } - - if (!(s->mode & SSL_MODE_AUTO_RETRY)) { - if (s->s3->rbuf.left == 0) { - ssl_force_want_read(s); - return -1; - } - } - - /* - * We either finished a handshake or ignored the request, now try again - * to obtain the (application) data we were asked for. - */ - return 1; -} - -/* Return up to 'len' payload bytes received in 'type' records. - * 'type' is one of the following: - * - * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) - * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us) - * - 0 (during a shutdown, no data has to be returned) - * - * If we don't have stored data to work from, read a SSL/TLS record first - * (possibly multiple records if we still don't have anything to return). - * - * This function must handle any surprises the peer may have for us, such as - * Alert records (e.g. close_notify), ChangeCipherSpec records (not really - * a surprise, but handled as if it were), or renegotiation requests. - * Also if record payloads contain fragments too small to process, we store - * them until there is enough for the respective protocol (the record protocol - * may use arbitrary fragmentation and even interleaving): - * Change cipher spec protocol - * just 1 byte needed, no need for keeping anything stored - * Alert protocol - * 2 bytes needed (AlertLevel, AlertDescription) - * Handshake protocol - * 4 bytes needed (HandshakeType, uint24 length) -- we just have - * to detect unexpected Client Hello and Hello Request messages - * here, anything else is handled by higher layers - * Application data protocol - * none of our business - */ -int -dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) -{ - int rrcount = 0; - ssize_t ssret; - int ret; - - if (s->s3->rbuf.buf == NULL) { - if (!ssl3_setup_buffers(s)) - return -1; - } - - if (s->s3->rcontent == NULL) { - if ((s->s3->rcontent = tls_content_new()) == NULL) - return -1; - } - - if (len < 0) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - return -1; - } - - if (type != 0 && type != SSL3_RT_APPLICATION_DATA && - type != SSL3_RT_HANDSHAKE) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - return -1; - } - if (peek && type != SSL3_RT_APPLICATION_DATA) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - return -1; - } - - if (SSL_in_init(s) && !s->in_handshake) { - if ((ret = s->handshake_func(s)) < 0) - return ret; - if (ret == 0) { - SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); - return -1; - } - } - - start: - /* - * Do not process more than three consecutive records, otherwise the - * peer can cause us to loop indefinitely. Instead, return with an - * SSL_ERROR_WANT_READ so the caller can choose when to handle further - * processing. In the future, the total number of non-handshake and - * non-application data records per connection should probably also be - * limited... - */ - if (rrcount++ >= 3) { - ssl_force_want_read(s); - return -1; - } - - s->rwstate = SSL_NOTHING; - - /* - * We are not handshaking and have no data yet, so process data buffered - * during the last handshake in advance, if any. - */ - if (s->s3->hs.state == SSL_ST_OK && - tls_content_remaining(s->s3->rcontent) == 0) - dtls1_retrieve_buffered_rcontent(s, &s->d1->buffered_app_data); - - if (dtls1_handle_timeout(s) > 0) - goto start; - - if (tls_content_remaining(s->s3->rcontent) == 0) { - if ((ret = dtls1_get_record(s)) <= 0) { - /* Anything other than a timeout is an error. */ - if ((ret = dtls1_read_failed(s, ret)) <= 0) - return ret; - goto start; - } - } - - if (s->d1->listen && - tls_content_type(s->s3->rcontent) != SSL3_RT_HANDSHAKE) { - tls_content_clear(s->s3->rcontent); - s->s3->rrec.length = 0; - goto start; - } - - /* We now have a packet which can be read and processed. */ - - if (s->s3->change_cipher_spec && - tls_content_type(s->s3->rcontent) != SSL3_RT_HANDSHAKE) { - /* - * We now have application data between CCS and Finished. - * Most likely the packets were reordered on their way, so - * buffer the application data for later processing rather - * than dropping the connection. - */ - if (dtls1_buffer_rcontent(s, &s->d1->buffered_app_data, - s->s3->rrec.seq_num) < 0) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - return (-1); - } - tls_content_clear(s->s3->rcontent); - s->s3->rrec.length = 0; - goto start; - } - - /* - * If the other end has shut down, throw anything we read away (even in - * 'peek' mode). - */ - if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { - s->rwstate = SSL_NOTHING; - tls_content_clear(s->s3->rcontent); - s->s3->rrec.length = 0; - return 0; - } - - /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ - if (tls_content_type(s->s3->rcontent) == type) { - /* - * Make sure that we are not getting application data when we - * are doing a handshake for the first time. - */ - if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA && - !tls12_record_layer_read_protected(s->rl)) { - SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE); - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_UNEXPECTED_MESSAGE); - return -1; - } - - if (len <= 0) - return len; - - if (peek) { - ssret = tls_content_peek(s->s3->rcontent, buf, len); - } else { - ssret = tls_content_read(s->s3->rcontent, buf, len); - } - if (ssret < INT_MIN || ssret > INT_MAX) - return -1; - if (ssret < 0) - return (int)ssret; - - if (tls_content_remaining(s->s3->rcontent) == 0) - s->rstate = SSL_ST_READ_HEADER; - - return (int)ssret; - } - - if (tls_content_type(s->s3->rcontent) == SSL3_RT_ALERT) { - if ((ret = ssl3_read_alert(s)) <= 0) - return ret; - goto start; - } - - if (s->shutdown & SSL_SENT_SHUTDOWN) { - s->rwstate = SSL_NOTHING; - tls_content_clear(s->s3->rcontent); - s->s3->rrec.length = 0; - return (0); - } - - if (tls_content_type(s->s3->rcontent) == SSL3_RT_APPLICATION_DATA) { - /* - * At this point, we were expecting handshake data, but have - * application data. If the library was running inside - * ssl3_read() (i.e. in_read_app_data is set) and it makes - * sense to read application data at this point (session - * renegotiation not yet started), we will indulge it. - */ - if (s->s3->in_read_app_data != 0 && - s->s3->total_renegotiations != 0 && - (((s->s3->hs.state & SSL_ST_CONNECT) && - (s->s3->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) && - (s->s3->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || ( - (s->s3->hs.state & SSL_ST_ACCEPT) && - (s->s3->hs.state <= SSL3_ST_SW_HELLO_REQ_A) && - (s->s3->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) { - s->s3->in_read_app_data = 2; - return -1; - } else { - SSLerror(s, SSL_R_UNEXPECTED_RECORD); - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_UNEXPECTED_MESSAGE); - return -1; - } - } - - if (tls_content_type(s->s3->rcontent) == SSL3_RT_CHANGE_CIPHER_SPEC) { - if ((ret = ssl3_read_change_cipher_spec(s)) <= 0) - return ret; - goto start; - } - - if (tls_content_type(s->s3->rcontent) == SSL3_RT_HANDSHAKE) { - if ((ret = dtls1_read_handshake_unexpected(s)) <= 0) - return ret; - goto start; - } - - /* Unknown record type. */ - SSLerror(s, SSL_R_UNEXPECTED_RECORD); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); - return -1; -} - -int -dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) -{ - int i; - - if (SSL_in_init(s) && !s->in_handshake) { - i = s->handshake_func(s); - if (i < 0) - return (i); - if (i == 0) { - SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); - return -1; - } - } - - if (len > SSL3_RT_MAX_PLAIN_LENGTH) { - SSLerror(s, SSL_R_DTLS_MESSAGE_TOO_BIG); - return -1; - } - - i = dtls1_write_bytes(s, type, buf_, len); - return i; -} - -/* Call this to write data in records of type 'type' - * It will return <= 0 if not all data has been sent or non-blocking IO. - */ -int -dtls1_write_bytes(SSL *s, int type, const void *buf, int len) -{ - int i; - - OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH); - s->rwstate = SSL_NOTHING; - i = do_dtls1_write(s, type, buf, len); - return i; -} - -int -do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) -{ - SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf); - size_t out_len; - CBB cbb; - int ret; - - memset(&cbb, 0, sizeof(cbb)); - - /* - * First check if there is a SSL3_BUFFER_INTERNAL still being written - * out. This will happen with non blocking IO. - */ - if (wb->left != 0) { - OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */ - return (ssl3_write_pending(s, type, buf, len)); - } - - /* If we have an alert to send, let's send it */ - if (s->s3->alert_dispatch) { - if ((ret = ssl3_dispatch_alert(s)) <= 0) - return (ret); - /* If it went, fall through and send more stuff. */ - } - - if (len == 0) - return 0; - - wb->offset = 0; - - if (!CBB_init_fixed(&cbb, wb->buf, wb->len)) - goto err; - - tls12_record_layer_set_version(s->rl, s->version); - - if (!tls12_record_layer_seal_record(s->rl, type, buf, len, &cbb)) - goto err; - - if (!CBB_finish(&cbb, NULL, &out_len)) - goto err; - - wb->left = out_len; - - /* - * Memorize arguments so that ssl3_write_pending can detect - * bad write retries later. - */ - s->s3->wpend_tot = len; - s->s3->wpend_buf = buf; - s->s3->wpend_type = type; - s->s3->wpend_ret = len; - - /* We now just need to write the buffer. */ - return ssl3_write_pending(s, type, buf, len); - - err: - CBB_cleanup(&cbb); - - return -1; -} - -static int -dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap, - const unsigned char *seq) -{ - unsigned int shift; - int cmp; - - cmp = satsub64be(seq, bitmap->max_seq_num); - if (cmp > 0) - return 1; /* this record in new */ - shift = -cmp; - if (shift >= sizeof(bitmap->map)*8) - return 0; /* stale, outside the window */ - else if (bitmap->map & (1UL << shift)) - return 0; /* record previously received */ - - return 1; -} - -static void -dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap, - const unsigned char *seq) -{ - unsigned int shift; - int cmp; - - cmp = satsub64be(seq, bitmap->max_seq_num); - if (cmp > 0) { - shift = cmp; - if (shift < sizeof(bitmap->map)*8) - bitmap->map <<= shift, bitmap->map |= 1UL; - else - bitmap->map = 1UL; - memcpy(bitmap->max_seq_num, seq, 8); - } else { - shift = -cmp; - if (shift < sizeof(bitmap->map) * 8) - bitmap->map |= 1UL << shift; - } -} - -static DTLS1_BITMAP * -dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch) -{ - uint16_t read_epoch, read_epoch_next; - - *is_next_epoch = 0; - - read_epoch = tls12_record_layer_read_epoch(s->rl); - read_epoch_next = read_epoch + 1; - - /* In current epoch, accept HM, CCS, DATA, & ALERT */ - if (rr->epoch == read_epoch) - return &s->d1->bitmap; - - /* Only HM and ALERT messages can be from the next epoch */ - if (rr->epoch == read_epoch_next && - (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) { - *is_next_epoch = 1; - return &s->d1->next_bitmap; - } - - return NULL; -} - -void -dtls1_reset_read_seq_numbers(SSL *s) -{ - memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP)); - memset(&(s->d1->next_bitmap), 0, sizeof(DTLS1_BITMAP)); -} diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c deleted file mode 100644 index 67c4495a17..0000000000 --- a/src/lib/libssl/d1_srtp.c +++ /dev/null @@ -1,266 +0,0 @@ -/* $OpenBSD: d1_srtp.c,v 1.33 2023/07/08 16:40:13 beck Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* - * DTLS code by Eric Rescorla - * - * Copyright (C) 2006, Network Resonance, Inc. - * Copyright (C) 2011, RTFM, Inc. - */ - -#include - -#include -#include - -#ifndef OPENSSL_NO_SRTP - -#include "bytestring.h" -#include "dtls_local.h" -#include "ssl_local.h" -#include "srtp.h" - -static const SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { - { - "SRTP_AES128_CM_SHA1_80", - SRTP_AES128_CM_SHA1_80, - }, - { - "SRTP_AES128_CM_SHA1_32", - SRTP_AES128_CM_SHA1_32, - }, - { - "SRTP_AEAD_AES_128_GCM", - SRTP_AEAD_AES_128_GCM, - }, - { - "SRTP_AEAD_AES_256_GCM", - SRTP_AEAD_AES_256_GCM, - }, - {0} -}; - -int -srtp_find_profile_by_name(const char *profile_name, - const SRTP_PROTECTION_PROFILE **pptr, unsigned int len) -{ - const SRTP_PROTECTION_PROFILE *p; - - p = srtp_known_profiles; - while (p->name) { - if ((len == strlen(p->name)) && - !strncmp(p->name, profile_name, len)) { - *pptr = p; - return 0; - } - - p++; - } - - return 1; -} - -int -srtp_find_profile_by_num(unsigned int profile_num, - const SRTP_PROTECTION_PROFILE **pptr) -{ - const SRTP_PROTECTION_PROFILE *p; - - p = srtp_known_profiles; - while (p->name) { - if (p->id == profile_num) { - *pptr = p; - return 0; - } - p++; - } - - return 1; -} - -static int -ssl_ctx_make_profiles(const char *profiles_string, - STACK_OF(SRTP_PROTECTION_PROFILE) **out) -{ - STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; - char *col; - const char *ptr = profiles_string; - const SRTP_PROTECTION_PROFILE *p; - - if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) { - SSLerrorx(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); - return 1; - } - - do { - col = strchr(ptr, ':'); - - if (!srtp_find_profile_by_name(ptr, &p, - col ? col - ptr : (int)strlen(ptr))) { - if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) { - sk_SRTP_PROTECTION_PROFILE_free(profiles); - return 1; - } - } else { - SSLerrorx(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); - sk_SRTP_PROTECTION_PROFILE_free(profiles); - return 1; - } - - if (col) - ptr = col + 1; - } while (col); - - sk_SRTP_PROTECTION_PROFILE_free(*out); - *out = profiles; - - return 0; -} - -int -SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles) -{ - return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles); -} -LSSL_ALIAS(SSL_CTX_set_tlsext_use_srtp); - -int -SSL_set_tlsext_use_srtp(SSL *s, const char *profiles) -{ - return ssl_ctx_make_profiles(profiles, &s->srtp_profiles); -} -LSSL_ALIAS(SSL_set_tlsext_use_srtp); - - -STACK_OF(SRTP_PROTECTION_PROFILE) * -SSL_get_srtp_profiles(SSL *s) -{ - if (s != NULL) { - if (s->srtp_profiles != NULL) { - return s->srtp_profiles; - } else if ((s->ctx != NULL) && - (s->ctx->srtp_profiles != NULL)) { - return s->ctx->srtp_profiles; - } - } - - return NULL; -} -LSSL_ALIAS(SSL_get_srtp_profiles); - -SRTP_PROTECTION_PROFILE * -SSL_get_selected_srtp_profile(SSL *s) -{ - /* XXX cast away the const */ - return (SRTP_PROTECTION_PROFILE *)s->srtp_profile; -} -LSSL_ALIAS(SSL_get_selected_srtp_profile); - -#endif diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf deleted file mode 100644 index db95bb5c18..0000000000 --- a/src/lib/libssl/doc/openssl.cnf +++ /dev/null @@ -1,348 +0,0 @@ -# -# OpenSSL example configuration file. -# This is mostly being used for generation of certificate requests. -# - -# This definition stops the following lines choking if HOME isn't -# defined. -HOME = . - -# Extra OBJECT IDENTIFIER info: -#oid_file = $ENV::HOME/.oid -oid_section = new_oids - -# To use this configuration file with the "-extfile" option of the -# "openssl x509" utility, name here the section containing the -# X.509v3 extensions to use: -# extensions = -# (Alternatively, use a configuration file that has only -# X.509v3 extensions in its main [= default] section.) - -[ new_oids ] - -# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. -# Add a simple OID like this: -# testoid1=1.2.3.4 -# Or use config file substitution like this: -# testoid2=${testoid1}.5.6 - -# Policies used by the TSA examples. -tsa_policy1 = 1.2.3.4.1 -tsa_policy2 = 1.2.3.4.5.6 -tsa_policy3 = 1.2.3.4.5.7 - -#################################################################### -[ ca ] -default_ca = CA_default # The default ca section - -#################################################################### -[ CA_default ] - -dir = ./demoCA # Where everything is kept -certs = $dir/certs # Where the issued certs are kept -crl_dir = $dir/crl # Where the issued crl are kept -database = $dir/index.txt # database index file. -#unique_subject = no # Set to 'no' to allow creation of - # several certificates with same subject. -new_certs_dir = $dir/newcerts # default place for new certs. - -certificate = $dir/cacert.pem # The CA certificate -serial = $dir/serial # The current serial number -crlnumber = $dir/crlnumber # the current crl number - # must be commented out to leave a V1 CRL -crl = $dir/crl.pem # The current CRL -private_key = $dir/private/cakey.pem# The private key - -x509_extensions = usr_cert # The extensions to add to the cert - -# Comment out the following two lines for the "traditional" -# (and highly broken) format. -name_opt = ca_default # Subject Name options -cert_opt = ca_default # Certificate field options - -# Extension copying option: use with caution. -# copy_extensions = copy - -# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs -# so this is commented out by default to leave a V1 CRL. -# crlnumber must also be commented out to leave a V1 CRL. -# crl_extensions = crl_ext - -default_days = 365 # how long to certify for -default_crl_days= 30 # how long before next CRL -default_md = default # use public key default MD -preserve = no # keep passed DN ordering - -# A few difference way of specifying how similar the request should look -# For type CA, the listed attributes must be the same, and the optional -# and supplied fields are just that :-) -policy = policy_match - -# For the CA policy -[ policy_match ] -countryName = match -stateOrProvinceName = match -organizationName = match -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -# For the 'anything' policy -# At this point in time, you must list all acceptable 'object' -# types. -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -#################################################################### -[ req ] -default_bits = 1024 -default_keyfile = privkey.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -x509_extensions = v3_ca # The extensions to add to the self signed cert - -# Passwords for private keys if not present they will be prompted for -# input_password = secret -# output_password = secret - -# This sets a mask for permitted string types. There are several options. -# default: PrintableString, T61String, BMPString. -# pkix : PrintableString, BMPString (PKIX recommendation before 2004) -# utf8only: only UTF8Strings (PKIX recommendation after 2004). -# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). -# MASK:XXXX a literal mask value. -# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. -string_mask = utf8only - -# req_extensions = v3_req # The extensions to add to a certificate request - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = AU -countryName_min = 2 -countryName_max = 2 - -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = Some-State - -localityName = Locality Name (eg, city) - -0.organizationName = Organization Name (eg, company) -0.organizationName_default = Internet Widgits Pty Ltd - -# we can do this but it is not needed normally :-) -#1.organizationName = Second Organization Name (eg, company) -#1.organizationName_default = World Wide Web Pty Ltd - -organizationalUnitName = Organizational Unit Name (eg, section) -#organizationalUnitName_default = - -commonName = Common Name (e.g. server FQDN or YOUR name) -commonName_max = 64 - -emailAddress = Email Address -emailAddress_max = 64 - -# SET-ex3 = SET extension number 3 - -[ req_attributes ] -challengePassword = A challenge password -challengePassword_min = 4 -challengePassword_max = 20 - -unstructuredName = An optional company name - -[ usr_cert ] - -# These extensions are added when 'ca' signs a request. - -# This goes against PKIX guidelines but some CAs do it and some software -# requires this to avoid interpreting an end user certificate as a CA. - -basicConstraints=CA:FALSE - -# Here are some examples of the usage of nsCertType. If it is omitted -# the certificate can be used for anything *except* object signing. - -# This is OK for an SSL server. -# nsCertType = server - -# For an object signing certificate this would be used. -# nsCertType = objsign - -# For normal client use this is typical -# nsCertType = client, email - -# and for everything including object signing: -# nsCertType = client, email, objsign - -# This is typical in keyUsage for a client certificate. -# keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Certificate" - -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer - -# This stuff is for subjectAltName and issuerAltname. -# Import the email address. -# subjectAltName=email:copy -# An alternative to produce certificates that aren't -# deprecated according to PKIX. -# subjectAltName=email:move - -# Copy subject details -# issuerAltName=issuer:copy - -#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem -#nsBaseUrl -#nsRevocationUrl -#nsRenewalUrl -#nsCaPolicyUrl -#nsSslServerName - -# This is required for TSA certificates. -# extendedKeyUsage = critical,timeStamping - -[ v3_req ] - -# Extensions to add to a certificate request - -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -[ v3_ca ] - - -# Extensions for a typical CA - - -# PKIX recommendation. - -subjectKeyIdentifier=hash - -authorityKeyIdentifier=keyid:always,issuer - -# This is what PKIX recommends but some broken software chokes on critical -# extensions. -#basicConstraints = critical,CA:true -# So we do this instead. -basicConstraints = CA:true - -# Key usage: this is typical for a CA certificate. However since it will -# prevent it being used as an test self-signed certificate it is best -# left out by default. -# keyUsage = cRLSign, keyCertSign - -# Some might want this also -# nsCertType = sslCA, emailCA - -# Include email address in subject alt name: another PKIX recommendation -# subjectAltName=email:copy -# Copy issuer details -# issuerAltName=issuer:copy - -# DER hex encoding of an extension: beware experts only! -# obj=DER:02:03 -# Where 'obj' is a standard or added object -# You can even override a supported extension: -# basicConstraints= critical, DER:30:03:01:01:FF - -[ crl_ext ] - -# CRL extensions. -# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. - -# issuerAltName=issuer:copy -authorityKeyIdentifier=keyid:always - -[ proxy_cert_ext ] -# These extensions should be added when creating a proxy certificate - -# This goes against PKIX guidelines but some CAs do it and some software -# requires this to avoid interpreting an end user certificate as a CA. - -basicConstraints=CA:FALSE - -# Here are some examples of the usage of nsCertType. If it is omitted -# the certificate can be used for anything *except* object signing. - -# This is OK for an SSL server. -# nsCertType = server - -# For an object signing certificate this would be used. -# nsCertType = objsign - -# For normal client use this is typical -# nsCertType = client, email - -# and for everything including object signing: -# nsCertType = client, email, objsign - -# This is typical in keyUsage for a client certificate. -# keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Certificate" - -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer - -# This stuff is for subjectAltName and issuerAltname. -# Import the email address. -# subjectAltName=email:copy -# An alternative to produce certificates that aren't -# deprecated according to PKIX. -# subjectAltName=email:move - -# Copy subject details -# issuerAltName=issuer:copy - -#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem -#nsBaseUrl -#nsRevocationUrl -#nsRenewalUrl -#nsCaPolicyUrl -#nsSslServerName - -# This really needs to be in place for it to be a proxy certificate. -proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo - -#################################################################### -[ tsa ] - -default_tsa = tsa_config1 # the default TSA section - -[ tsa_config1 ] - -# These are used by the TSA reply generation only. -dir = ./demoCA # TSA root directory -serial = $dir/tsaserial # The current serial number (mandatory) -crypto_device = builtin # OpenSSL engine to use for signing -signer_cert = $dir/tsacert.pem # The TSA signing certificate - # (optional) -certs = $dir/cacert.pem # Certificate chain to include in reply - # (optional) -signer_key = $dir/private/tsakey.pem # The TSA private key (optional) - -default_policy = tsa_policy1 # Policy if request did not specify it - # (optional) -other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) -digests = md5, sha1 # Acceptable message digests (mandatory) -accuracy = secs:1, millisecs:500, microsecs:100 # (optional) -clock_precision_digits = 0 # number of digits after dot. (optional) -ordering = yes # Is ordering defined for timestamps? - # (optional, default: no) -tsa_name = yes # Must the TSA name be included in the reply? - # (optional, default: no) -ess_cert_id_chain = no # Must the ESS cert id chain be included? - # (optional, default: no) diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt deleted file mode 100644 index f8817b0a71..0000000000 --- a/src/lib/libssl/doc/openssl.txt +++ /dev/null @@ -1,1254 +0,0 @@ - -This is some preliminary documentation for OpenSSL. - -Contents: - - OpenSSL X509V3 extension configuration - X509V3 Extension code: programmers guide - PKCS#12 Library - - -============================================================================== - OpenSSL X509V3 extension configuration -============================================================================== - -OpenSSL X509V3 extension configuration: preliminary documentation. - -INTRODUCTION. - -For OpenSSL 0.9.2 the extension code has be considerably enhanced. It is now -possible to add and print out common X509 V3 certificate and CRL extensions. - -BEGINNERS NOTE - -For most simple applications you don't need to know too much about extensions: -the default openssl.cnf values will usually do sensible things. - -If you want to know more you can initially quickly look through the sections -describing how the standard OpenSSL utilities display and add extensions and -then the list of supported extensions. - -For more technical information about the meaning of extensions see: - -http://www.imc.org/ietf-pkix/ -http://home.netscape.com/eng/security/certs.html - -PRINTING EXTENSIONS. - -Extension values are automatically printed out for supported extensions. - -openssl x509 -in cert.pem -text -openssl crl -in crl.pem -text - -will give information in the extension printout, for example: - - X509v3 extensions: - X509v3 Basic Constraints: - CA:TRUE - X509v3 Subject Key Identifier: - 73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15 - X509v3 Authority Key Identifier: - keyid:73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15, DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/Email=email@1.address/Email=email@2.address, serial:00 - X509v3 Key Usage: - Certificate Sign, CRL Sign - X509v3 Subject Alternative Name: - email:email@1.address, email:email@2.address - -CONFIGURATION FILES. - -The OpenSSL utilities 'ca' and 'req' can now have extension sections listing -which certificate extensions to include. In each case a line: - -x509_extensions = extension_section - -indicates which section contains the extensions. In the case of 'req' the -extension section is used when the -x509 option is present to create a -self signed root certificate. - -The 'x509' utility also supports extensions when it signs a certificate. -The -extfile option is used to set the configuration file containing the -extensions. In this case a line with: - -extensions = extension_section - -in the nameless (default) section is used. If no such line is included then -it uses the default section. - -You can also add extensions to CRLs: a line - -crl_extensions = crl_extension_section - -will include extensions when the -gencrl option is used with the 'ca' utility. -You can add any extension to a CRL but of the supported extensions only -issuerAltName and authorityKeyIdentifier make any real sense. Note: these are -CRL extensions NOT CRL *entry* extensions which cannot currently be generated. -CRL entry extensions can be displayed. - -NB. At this time Netscape Communicator rejects V2 CRLs: to get an old V1 CRL -you should not include a crl_extensions line in the configuration file. - -As with all configuration files you can use the inbuilt environment expansion -to allow the values to be passed in the environment. Therefore if you have -several extension sections used for different purposes you can have a line: - -x509_extensions = $ENV::ENV_EXT - -and set the ENV_EXT environment variable before calling the relevant utility. - -EXTENSION SYNTAX. - -Extensions have the basic form: - -extension_name=[critical,] extension_options - -the use of the critical option makes the extension critical. Extreme caution -should be made when using the critical flag. If an extension is marked -as critical then any client that does not understand the extension should -reject it as invalid. Some broken software will reject certificates which -have *any* critical extensions (these violates PKIX but we have to live -with it). - -There are three main types of extension: string extensions, multi-valued -extensions, and raw extensions. - -String extensions simply have a string which contains either the value itself -or how it is obtained. - -For example: - -nsComment="This is a Comment" - -Multi-valued extensions have a short form and a long form. The short form -is a list of names and values: - -basicConstraints=critical,CA:true,pathlen:1 - -The long form allows the values to be placed in a separate section: - -basicConstraints=critical,@bs_section - -[bs_section] - -CA=true -pathlen=1 - -Both forms are equivalent. However it should be noted that in some cases the -same name can appear multiple times, for example, - -subjectAltName=email:steve@here,email:steve@there - -in this case an equivalent long form is: - -subjectAltName=@alt_section - -[alt_section] - -email.1=steve@here -email.2=steve@there - -This is because the configuration file code cannot handle the same name -occurring twice in the same section. - -The syntax of raw extensions is governed by the extension code: it can -for example contain data in multiple sections. The correct syntax to -use is defined by the extension code itself: check out the certificate -policies extension for an example. - -There are two ways to encode arbitrary extensions. - -The first way is to use the word ASN1 followed by the extension content -using the same syntax as ASN1_generate_nconf(). For example: - -1.2.3.4=critical,ASN1:UTF8String:Some random data - -1.2.3.4=ASN1:SEQUENCE:seq_sect - -[seq_sect] - -field1 = UTF8:field1 -field2 = UTF8:field2 - -It is also possible to use the word DER to include arbitrary data in any -extension. - -1.2.3.4=critical,DER:01:02:03:04 -1.2.3.4=DER:01020304 - -The value following DER is a hex dump of the DER encoding of the extension -Any extension can be placed in this form to override the default behaviour. -For example: - -basicConstraints=critical,DER:00:01:02:03 - -WARNING: DER should be used with caution. It is possible to create totally -invalid extensions unless care is taken. - -CURRENTLY SUPPORTED EXTENSIONS. - -If you aren't sure about extensions then they can be largely ignored: its only -when you want to do things like restrict certificate usage when you need to -worry about them. - -The only extension that a beginner might want to look at is Basic Constraints. -If in addition you want to try Netscape object signing the you should also -look at Netscape Certificate Type. - -Literal String extensions. - -In each case the 'value' of the extension is placed directly in the -extension. Currently supported extensions in this category are: nsBaseUrl, -nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl, -nsSslServerName and nsComment. - -For example: - -nsComment="This is a test comment" - -Bit Strings. - -Bit string extensions just consist of a list of supported bits, currently -two extensions are in this category: PKIX keyUsage and the Netscape specific -nsCertType. - -nsCertType (netscape certificate type) takes the flags: client, server, email, -objsign, reserved, sslCA, emailCA, objCA. - -keyUsage (PKIX key usage) takes the flags: digitalSignature, nonRepudiation, -keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, -encipherOnly, decipherOnly. - -For example: - -nsCertType=server - -keyUsage=digitalSignature, nonRepudiation - -Hints on Netscape Certificate Type. - -Other than Basic Constraints this is the only extension a beginner might -want to use, if you want to try Netscape object signing, otherwise it can -be ignored. - -If you want a certificate that can be used just for object signing then: - -nsCertType=objsign - -will do the job. If you want to use it as a normal end user and server -certificate as well then - -nsCertType=objsign,email,server - -is more appropriate. You cannot use a self signed certificate for object -signing (well Netscape signtool can but it cheats!) so you need to create -a CA certificate and sign an end user certificate with it. - -Side note: If you want to conform to the Netscape specifications then you -should really also set: - -nsCertType=objCA - -in the *CA* certificate for just an object signing CA and - -nsCertType=objCA,emailCA,sslCA - -for everything. Current Netscape software doesn't enforce this so it can -be omitted. - -Basic Constraints. - -This is generally the only extension you need to worry about for simple -applications. If you want your certificate to be usable as a CA certificate -(in addition to an end user certificate) then you set this to: - -basicConstraints=CA:TRUE - -if you want to be certain the certificate cannot be used as a CA then do: - -basicConstraints=CA:FALSE - -The rest of this section describes more advanced usage. - -Basic constraints is a multi-valued extension that supports a CA and an -optional pathlen option. The CA option takes the values true and false and -pathlen takes an integer. Note if the CA option is false the pathlen option -should be omitted. - -The pathlen parameter indicates the maximum number of CAs that can appear -below this one in a chain. So if you have a CA with a pathlen of zero it can -only be used to sign end user certificates and not further CAs. This all -assumes that the software correctly interprets this extension of course. - -Examples: - -basicConstraints=CA:TRUE -basicConstraints=critical,CA:TRUE, pathlen:0 - -NOTE: for a CA to be considered valid it must have the CA option set to -TRUE. An end user certificate MUST NOT have the CA value set to true. -According to PKIX recommendations it should exclude the extension entirely, -however some software may require CA set to FALSE for end entity certificates. - -Extended Key Usage. - -This extensions consists of a list of usages. - -These can either be object short names of the dotted numerical form of OIDs. -While any OID can be used only certain values make sense. In particular the -following PKIX, NS and MS values are meaningful: - -Value Meaning ------ ------- -serverAuth SSL/TLS Web Server Authentication. -clientAuth SSL/TLS Web Client Authentication. -codeSigning Code signing. -emailProtection E-mail Protection (S/MIME). -timeStamping Trusted Timestamping -msCodeInd Microsoft Individual Code Signing (authenticode) -msCodeCom Microsoft Commercial Code Signing (authenticode) -msCTLSign Microsoft Trust List Signing -msSGC Microsoft Server Gated Crypto -msEFS Microsoft Encrypted File System -nsSGC Netscape Server Gated Crypto - -For example, under IE5 a CA can be used for any purpose: by including a list -of the above usages the CA can be restricted to only authorised uses. - -Note: software packages may place additional interpretations on certificate -use, in particular some usages may only work for selected CAs. Don't for example -expect just including msSGC or nsSGC will automatically mean that a certificate -can be used for SGC ("step up" encryption) otherwise anyone could use it. - -Examples: - -extendedKeyUsage=critical,codeSigning,1.2.3.4 -extendedKeyUsage=nsSGC,msSGC - -Subject Key Identifier. - -This is really a string extension and can take two possible values. Either -a hex string giving details of the extension value to include or the word -'hash' which then automatically follow PKIX guidelines in selecting and -appropriate key identifier. The use of the hex string is strongly discouraged. - -Example: subjectKeyIdentifier=hash - -Authority Key Identifier. - -The authority key identifier extension permits two options. keyid and issuer: -both can take the optional value "always". - -If the keyid option is present an attempt is made to copy the subject key -identifier from the parent certificate. If the value "always" is present -then an error is returned if the option fails. - -The issuer option copies the issuer and serial number from the issuer -certificate. Normally this will only be done if the keyid option fails or -is not included: the "always" flag will always include the value. - -Subject Alternative Name. - -The subject alternative name extension allows various literal values to be -included in the configuration file. These include "email" (an email address) -"URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a -registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName. - -Also the email option include a special 'copy' value. This will automatically -include and email addresses contained in the certificate subject name in -the extension. - -otherName can include arbitrary data associated with an OID: the value -should be the OID followed by a semicolon and the content in standard -ASN1_generate_nconf() format. - -Examples: - -subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ -subjectAltName=email:my@other.address,RID:1.2.3.4 -subjectAltName=otherName:1.2.3.4;UTF8:some other identifier - -Issuer Alternative Name. - -The issuer alternative name option supports all the literal options of -subject alternative name. It does *not* support the email:copy option because -that would not make sense. It does support an additional issuer:copy option -that will copy all the subject alternative name values from the issuer -certificate (if possible). - -Example: - -issuserAltName = issuer:copy - -Authority Info Access. - -The authority information access extension gives details about how to access -certain information relating to the CA. Its syntax is accessOID;location -where 'location' has the same syntax as subject alternative name (except -that email:copy is not supported). accessOID can be any valid OID but only -certain values are meaningful for example OCSP and caIssuers. OCSP gives the -location of an OCSP responder: this is used by Netscape PSM and other software. - -Example: - -authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ -authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html - -CRL distribution points. - -This is a multi-valued extension that supports all the literal options of -subject alternative name. Of the few software packages that currently interpret -this extension most only interpret the URI option. - -Currently each option will set a new DistributionPoint with the fullName -field set to the given value. - -Other fields like cRLissuer and reasons cannot currently be set or displayed: -at this time no examples were available that used these fields. - -If you see this extension with when you attempt to print it out -or it doesn't appear to display correctly then let me know, including the -certificate (mail me at steve@openssl.org) . - -Examples: - -crlDistributionPoints=URI:http://www.myhost.com/myca.crl -crlDistributionPoints=URI:http://www.my.com/my.crl,URI:http://www.oth.com/my.crl - -Certificate Policies. - -This is a RAW extension. It attempts to display the contents of this extension: -unfortunately this extension is often improperly encoded. - -The certificate policies extension will rarely be used in practice: few -software packages interpret it correctly or at all. IE5 does partially -support this extension: but it needs the 'ia5org' option because it will -only correctly support a broken encoding. Of the options below only the -policy OID, explicitText and CPS options are displayed with IE5. - -All the fields of this extension can be set by using the appropriate syntax. - -If you follow the PKIX recommendations of not including any qualifiers and just -using only one OID then you just include the value of that OID. Multiple OIDs -can be set separated by commas, for example: - -certificatePolicies= 1.2.4.5, 1.1.3.4 - -If you wish to include qualifiers then the policy OID and qualifiers need to -be specified in a separate section: this is done by using the @section syntax -instead of a literal OID value. - -The section referred to must include the policy OID using the name -policyIdentifier, cPSuri qualifiers can be included using the syntax: - -CPS.nnn=value - -userNotice qualifiers can be set using the syntax: - -userNotice.nnn=@notice - -The value of the userNotice qualifier is specified in the relevant section. -This section can include explicitText, organization and noticeNumbers -options. explicitText and organization are text strings, noticeNumbers is a -comma separated list of numbers. The organization and noticeNumbers options -(if included) must BOTH be present. If you use the userNotice option with IE5 -then you need the 'ia5org' option at the top level to modify the encoding: -otherwise it will not be interpreted properly. - -Example: - -certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect - -[polsect] - -policyIdentifier = 1.3.5.8 -CPS.1="http://my.host.name/" -CPS.2="http://my.your.name/" -userNotice.1=@notice - -[notice] - -explicitText="Explicit Text Here" -organization="Organisation Name" -noticeNumbers=1,2,3,4 - -TECHNICAL NOTE: the ia5org option changes the type of the 'organization' field, -according to PKIX it should be of type DisplayText but Verisign uses an -IA5STRING and IE5 needs this too. - -Display only extensions. - -Some extensions are only partially supported and currently are only displayed -but cannot be set. These include private key usage period, CRL number, and -CRL reason. - -============================================================================== - X509V3 Extension code: programmers guide -============================================================================== - -The purpose of the extension code is twofold. It allows an extension to be -created from a string or structure describing its contents and it prints out an -extension in a human or machine readable form. - -1. Initialisation and cleanup. - -No special initialisation is needed before calling the extension functions. -You used to have to call X509V3_add_standard_extensions(); but this is no longer -required and this function no longer does anything. - -void X509V3_EXT_cleanup(void); - -This function should be called to cleanup the extension code if any custom -extensions have been added. If no custom extensions have been added then this -call does nothing. After this call all custom extension code is freed up but -you can still use the standard extensions. - -2. Printing and parsing extensions. - -The simplest way to print out extensions is via the standard X509 printing -routines: if you use the standard X509_print() function, the supported -extensions will be printed out automatically. - -The following functions allow finer control over extension display: - -int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent); -int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); - -These two functions print out an individual extension to a BIO or FILE pointer. -Currently the flag argument is unused and should be set to 0. The 'indent' -argument is the number of spaces to indent each line. - -void *X509V3_EXT_d2i(X509_EXTENSION *ext); - -This function parses an extension and returns its internal structure. The -precise structure you get back depends on the extension being parsed. If the -extension if basicConstraints you will get back a pointer to a -BASIC_CONSTRAINTS structure. Check out the source in crypto/x509v3 for more -details about the structures returned. The returned structure should be freed -after use using the relevant free function, BASIC_CONSTRAINTS_free() for -example. - -void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); -void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx); -void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx); -void * X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); - -These functions combine the operations of searching for extensions and -parsing them. They search a certificate, a CRL a CRL entry or a stack -of extensions respectively for extension whose NID is 'nid' and return -the parsed result of NULL if an error occurred. For example: - -BASIC_CONSTRAINTS *bs; -bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL); - -This will search for the basicConstraints extension and either return -it value or NULL. NULL can mean either the extension was not found, it -occurred more than once or it could not be parsed. - -If 'idx' is NULL then an extension is only parsed if it occurs precisely -once. This is standard behaviour because extensions normally cannot occur -more than once. If however more than one extension of the same type can -occur it can be used to parse successive extensions for example: - -int i; -void *ext; - -i = -1; -for(;;) { - ext = X509_get_ext_d2i(x, nid, crit, &idx); - if(ext == NULL) break; - /* Do something with ext */ -} - -If 'crit' is not NULL and the extension was found then the int it points to -is set to 1 for critical extensions and 0 for non critical. Therefore if the -function returns NULL but 'crit' is set to 0 or 1 then the extension was -found but it could not be parsed. - -The int pointed to by crit will be set to -1 if the extension was not found -and -2 if the extension occurred more than once (this will only happen if -idx is NULL). In both cases the function will return NULL. - -3. Generating extensions. - -An extension will typically be generated from a configuration file, or some -other kind of configuration database. - -int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, - X509 *cert); -int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, - X509_CRL *crl); - -These functions add all the extensions in the given section to the given -certificate or CRL. They will normally be called just before the certificate -or CRL is due to be signed. Both return 0 on error on non zero for success. - -In each case 'conf' is the LHASH pointer of the configuration file to use -and 'section' is the section containing the extension details. - -See the 'context functions' section for a description of the ctx parameter. - - -X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, - char *value); - -This function returns an extension based on a name and value pair, if the -pair will not need to access other sections in a config file (or there is no -config file) then the 'conf' parameter can be set to NULL. - -X509_EXTENSION *X509V3_EXT_conf_nid(char *conf, X509V3_CTX *ctx, int nid, - char *value); - -This function creates an extension in the same way as X509V3_EXT_conf() but -takes the NID of the extension rather than its name. - -For example to produce basicConstraints with the CA flag and a path length of -10: - -x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10"); - - -X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); - -This function sets up an extension from its internal structure. The ext_nid -parameter is the NID of the extension and 'crit' is the critical flag. - -4. Context functions. - -The following functions set and manipulate an extension context structure. -The purpose of the extension context is to allow the extension code to -access various structures relating to the "environment" of the certificate: -for example the issuers certificate or the certificate request. - -void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, - X509_REQ *req, X509_CRL *crl, int flags); - -This function sets up an X509V3_CTX structure with details of the certificate -environment: specifically the issuers certificate, the subject certificate, -the certificate request and the CRL: if these are not relevant or not -available then they can be set to NULL. The 'flags' parameter should be set -to zero. - -X509V3_set_ctx_test(ctx) - -This macro is used to set the 'ctx' structure to a 'test' value: this is to -allow the syntax of an extension (or configuration file) to be tested. - -X509V3_set_ctx_nodb(ctx) - -This macro is used when no configuration database is present. - -void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash); - -This function is used to set the configuration database when it is an LHASH -structure: typically a configuration file. - -The following functions are used to access a configuration database: they -should only be used in RAW extensions. - -char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); - -This function returns the value of the parameter "name" in "section", or NULL -if there has been an error. - -void X509V3_string_free(X509V3_CTX *ctx, char *str); - -This function frees up the string returned by the above function. - -STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section); - -This function returns a whole section as a STACK_OF(CONF_VALUE) . - -void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); - -This function frees up the STACK returned by the above function. - -Note: it is possible to use the extension code with a custom configuration -database. To do this the "db_meth" element of the X509V3_CTX structure should -be set to an X509V3_CTX_METHOD structure. This structure contains the following -function pointers: - -char * (*get_string)(void *db, char *section, char *value); -STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section); -void (*free_string)(void *db, char * string); -void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section); - -these will be called and passed the 'db' element in the X509V3_CTX structure -to access the database. If a given function is not implemented or not required -it can be set to NULL. - -5. String helper functions. - -There are several "i2s" and "s2i" functions that convert structures to and -from ASCII strings. In all the "i2s" cases the returned string should be -freed using Free() after use. Since some of these are part of other extension -code they may take a 'method' parameter. Unless otherwise stated it can be -safely set to NULL. - -char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct); - -This returns a hex string from an ASN1_OCTET_STRING. - -char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); -char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); - -These return a string decimal representations of an ASN1_INTEGER and an -ASN1_ENUMERATED type, respectively. - -ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *str); - -This converts an ASCII hex string to an ASN1_OCTET_STRING. - -ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value); - -This converts a decimal ASCII string into an ASN1_INTEGER. - -6. Multi valued extension helper functions. - -The following functions can be used to manipulate STACKs of CONF_VALUE -structures, as used by multi valued extensions. - -int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); - -This function expects a boolean value in 'value' and sets 'asn1_bool' to -it. That is it sets it to 0 for FALSE or 0xff for TRUE. The following -strings are acceptable: "TRUE", "true", "Y", "y", "YES", "yes", "FALSE" -"false", "N", "n", "NO" or "no". - -int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); - -This accepts a decimal integer of arbitrary length and sets an ASN1_INTEGER. - -int X509V3_add_value(const char *name, const char *value, - STACK_OF(CONF_VALUE) **extlist); - -This simply adds a string name and value pair. - -int X509V3_add_value_uchar(const char *name, const unsigned char *value, - STACK_OF(CONF_VALUE) **extlist); - -The same as above but for an unsigned character value. - -int X509V3_add_value_bool(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); - -This adds either "TRUE" or "FALSE" depending on the value of 'asn1_bool' - -int X509V3_add_value_bool_nf(char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); - -This is the same as above except it adds nothing if asn1_bool is FALSE. - -int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, - STACK_OF(CONF_VALUE) **extlist); - -This function adds the value of the ASN1_INTEGER in decimal form. - -7. Other helper functions. - - - -ADDING CUSTOM EXTENSIONS. - -Currently there are three types of supported extensions. - -String extensions are simple strings where the value is placed directly in the -extensions, and the string returned is printed out. - -Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs -or return a STACK_OF(CONF_VALUE). - -Raw extensions are just passed a BIO or a value and it is the extensions -responsibility to handle all the necessary printing. - -There are two ways to add an extension. One is simply as an alias to an already -existing extension. An alias is an extension that is identical in ASN1 structure -to an existing extension but has a different OBJECT IDENTIFIER. This can be -done by calling: - -int X509V3_EXT_add_alias(int nid_to, int nid_from); - -'nid_to' is the new extension NID and 'nid_from' is the already existing -extension NID. - -Alternatively an extension can be written from scratch. This involves writing -the ASN1 code to encode and decode the extension and functions to print out and -generate the extension from strings. The relevant functions are then placed in -a X509V3_EXT_METHOD structure and int X509V3_EXT_add(X509V3_EXT_METHOD *ext); -called. - -The X509V3_EXT_METHOD structure is described below. - -struct { -int ext_nid; -int ext_flags; -X509V3_EXT_NEW ext_new; -X509V3_EXT_FREE ext_free; -X509V3_EXT_D2I d2i; -X509V3_EXT_I2D i2d; -X509V3_EXT_I2S i2s; -X509V3_EXT_S2I s2i; -X509V3_EXT_I2V i2v; -X509V3_EXT_V2I v2i; -X509V3_EXT_R2I r2i; -X509V3_EXT_I2R i2r; - -void *usr_data; -}; - -The elements have the following meanings. - -ext_nid is the NID of the object identifier of the extension. - -ext_flags is set of flags. Currently the only external flag is - X509V3_EXT_MULTILINE which means a multi valued extensions - should be printed on separate lines. - -usr_data is an extension specific pointer to any relevant data. This - allows extensions to share identical code but have different - uses. An example of this is the bit string extension which uses - usr_data to contain a list of the bit names. - -All the remaining elements are function pointers. - -ext_new is a pointer to a function that allocates memory for the - extension ASN1 structure: for example ASN1_OBJECT_new(). - -ext_free is a pointer to a function that free up memory of the extension - ASN1 structure: for example ASN1_OBJECT_free(). - -d2i is the standard ASN1 function that converts a DER buffer into - the internal ASN1 structure: for example d2i_ASN1_IA5STRING(). - -i2d is the standard ASN1 function that converts the internal - structure into the DER representation: for example - i2d_ASN1_IA5STRING(). - -The remaining functions are depend on the type of extension. One i2X and -one X2i should be set and the rest set to NULL. The types set do not need -to match up, for example the extension could be set using the multi valued -v2i function and printed out using the raw i2r. - -All functions have the X509V3_EXT_METHOD passed to them in the 'method' -parameter and an X509V3_CTX structure. Extension code can then access the -parent structure via the 'method' parameter to for example make use of the value -of usr_data. If the code needs to use detail relating to the request it can -use the 'ctx' parameter. - -A note should be given here about the 'flags' member of the 'ctx' parameter. -If it has the value CTX_TEST then the configuration syntax is being checked -and no actual certificate or CRL exists. Therefore any attempt in the config -file to access such information should silently succeed. If the syntax is OK -then it should simply return a (possibly bogus) extension, otherwise it -should return NULL. - -char *i2s(struct v3_ext_method *method, void *ext); - -This function takes the internal structure in the ext parameter and returns -a Malloc'ed string representing its value. - -void * s2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); - -This function takes the string representation in the ext parameter and returns -an allocated internal structure: ext_free() will be used on this internal -structure after use. - -i2v and v2i handle a STACK_OF(CONF_VALUE): - -typedef struct -{ - char *section; - char *name; - char *value; -} CONF_VALUE; - -Only the name and value members are currently used. - -STACK_OF(CONF_VALUE) * i2v(struct v3_ext_method *method, void *ext); - -This function is passed the internal structure in the ext parameter and -returns a STACK of CONF_VALUE structures. The values of name, value, -section and the structure itself will be freed up with Free after use. -Several helper functions are available to add values to this STACK. - -void * v2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, - STACK_OF(CONF_VALUE) *values); - -This function takes a STACK_OF(CONF_VALUE) structures and should set the -values of the external structure. This typically uses the name element to -determine which structure element to set and the value element to determine -what to set it to. Several helper functions are available for this -purpose (see above). - -int i2r(struct v3_ext_method *method, void *ext, BIO *out, int indent); - -This function is passed the internal extension structure in the ext parameter -and sends out a human readable version of the extension to out. The 'indent' -parameter should be noted to determine the necessary amount of indentation -needed on the output. - -void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); - -This is just passed the string representation of the extension. It is intended -to be used for more elaborate extensions where the standard single and multi -valued options are insufficient. They can use the 'ctx' parameter to parse the -configuration database themselves. See the context functions section for details -of how to do this. - -Note: although this type takes the same parameters as the "r2s" function there -is a subtle difference. Whereas an "r2i" function can access a configuration -database an "s2i" function MUST NOT. This is so the internal code can safely -assume that an "s2i" function will work without a configuration database. - -============================================================================== - PKCS#12 Library -============================================================================== - -This section describes the internal PKCS#12 support. There are very few -differences between the old external library and the new internal code at -present. This may well change because the external library will not be updated -much in future. - -This version now includes a couple of high level PKCS#12 functions which -generally "do the right thing" and should make it much easier to handle PKCS#12 -structures. - -HIGH LEVEL FUNCTIONS. - -For most applications you only need concern yourself with the high level -functions. They can parse and generate simple PKCS#12 files as produced by -Netscape and MSIE or indeed any compliant PKCS#12 file containing a single -private key and certificate pair. - -1. Initialisation and cleanup. - -No special initialisation is needed for the internal PKCS#12 library: the -standard SSLeay_add_all_algorithms() is sufficient. If you do not wish to -add all algorithms (you should at least add SHA1 though) then you can manually -initialise the PKCS#12 library with: - -PKCS12_PBE_add(); - -The memory allocated by the PKCS#12 library is freed up when EVP_cleanup() is -called or it can be directly freed with: - -EVP_PBE_cleanup(); - -after this call (or EVP_cleanup() ) no more PKCS#12 library functions should -be called. - -2. I/O functions. - -i2d_PKCS12_bio(bp, p12) - -This writes out a PKCS12 structure to a BIO. - -i2d_PKCS12_fp(fp, p12) - -This is the same but for a FILE pointer. - -d2i_PKCS12_bio(bp, p12) - -This reads in a PKCS12 structure from a BIO. - -d2i_PKCS12_fp(fp, p12) - -This is the same but for a FILE pointer. - -3. High level functions. - -3.1 Parsing with PKCS12_parse(). - -int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert, - STACK **ca); - -This function takes a PKCS12 structure and a password (ASCII, null terminated) -and returns the private key, the corresponding certificate and any CA -certificates. If any of these is not required it can be passed as a NULL. -The 'ca' parameter should be either NULL, a pointer to NULL or a valid STACK -structure. Typically to read in a PKCS#12 file you might do: - -p12 = d2i_PKCS12_fp(fp, NULL); -PKCS12_parse(p12, password, &pkey, &cert, NULL); /* CAs not wanted */ -PKCS12_free(p12); - -3.2 PKCS#12 creation with PKCS12_create(). - -PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, - STACK *ca, int nid_key, int nid_cert, int iter, - int mac_iter, int keytype); - -This function will create a PKCS12 structure from a given password, name, -private key, certificate and optional STACK of CA certificates. The remaining -5 parameters can be set to 0 and sensible defaults will be used. - -The parameters nid_key and nid_cert are the key and certificate encryption -algorithms, iter is the encryption iteration count, mac_iter is the MAC -iteration count and keytype is the type of private key. If you really want -to know what these last 5 parameters do then read the low level section. - -Typically to create a PKCS#12 file the following could be used: - -p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0); -i2d_PKCS12_fp(fp, p12); -PKCS12_free(p12); - -3.3 Changing a PKCS#12 structure password. - -int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass); - -This changes the password of an already existing PKCS#12 structure. oldpass -is the old password and newpass is the new one. An error occurs if the old -password is incorrect. - -LOW LEVEL FUNCTIONS. - -In some cases the high level functions do not provide the necessary -functionality. For example if you want to generate or parse more complex -PKCS#12 files. The sample pkcs12 application uses the low level functions -to display details about the internal structure of a PKCS#12 file. - -Introduction. - -This is a brief description of how a PKCS#12 file is represented internally: -some knowledge of PKCS#12 is assumed. - -A PKCS#12 object contains several levels. - -At the lowest level is a PKCS12_SAFEBAG. This can contain a certificate, a -CRL, a private key, encrypted or unencrypted, a set of safebags (so the -structure can be nested) or other secrets (not documented at present). -A safebag can optionally have attributes, currently these are: a unicode -friendlyName (a Unicode string) or a localKeyID (a string of bytes). - -At the next level is an authSafe which is a set of safebags collected into -a PKCS#7 ContentInfo. This can be just plain data, or encrypted itself. - -At the top level is the PKCS12 structure itself which contains a set of -authSafes in an embedded PKCS#7 Contentinfo of type data. In addition it -contains a MAC which is a kind of password protected digest to preserve -integrity (so any unencrypted stuff below can't be tampered with). - -The reason for these levels is so various objects can be encrypted in various -ways. For example you might want to encrypt a set of private keys with -triple-DES and then include the related certificates either unencrypted or -with lower encryption. Yes it's the dreaded crypto laws at work again which -allow strong encryption on private keys and only weak encryption on other -stuff. - -To build one of these things you turn all certificates and keys into safebags -(with optional attributes). You collect the safebags into (one or more) STACKS -and convert these into authsafes (encrypted or unencrypted). The authsafes -are collected into a STACK and added to a PKCS12 structure. Finally a MAC -inserted. - -Pulling one apart is basically the reverse process. The MAC is verified against -the given password. The authsafes are extracted and each authsafe split into -a set of safebags (possibly involving decryption). Finally the safebags are -decomposed into the original keys and certificates and the attributes used to -match up private key and certificate pairs. - -Anyway here are the functions that do the dirty work. - -1. Construction functions. - -1.1 Safebag functions. - -M_PKCS12_x5092certbag(x509) - -This macro takes an X509 structure and returns a certificate bag. The -X509 structure can be freed up after calling this function. - -M_PKCS12_x509crl2certbag(crl) - -As above but for a CRL. - -PKCS8_PRIV_KEY_INFO *PKEY2PKCS8(EVP_PKEY *pkey) - -Take a private key and convert it into a PKCS#8 PrivateKeyInfo structure. -Works for both RSA and DSA private keys. NB since the PKCS#8 PrivateKeyInfo -structure contains a private key data in plain text form it should be free'd -up as soon as it has been encrypted for security reasons (freeing up the -structure zeros out the sensitive data). This can be done with -PKCS8_PRIV_KEY_INFO_free(). - -PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage) - -This sets the key type when a key is imported into MSIE or Outlook 98. Two -values are currently supported: KEY_EX and KEY_SIG. KEY_EX is an exchange type -key that can also be used for signing but its size is limited in the export -versions of MS software to 512 bits, it is also the default. KEY_SIG is a -signing only key but the keysize is unlimited (well 16K is supposed to work). -If you are using the domestic version of MSIE then you can ignore this because -KEY_EX is not limited and can be used for both. - -PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8) - -Convert a PKCS8 private key structure into a keybag. This routine embeds the -p8 structure in the keybag so p8 should not be freed up or used after it is -called. The p8 structure will be freed up when the safebag is freed. - -PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8) - -Convert a PKCS#8 structure into a shrouded key bag (encrypted). p8 is not -embedded and can be freed up after use. - -int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen) -int PKCS12_add_friendlyname(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen) - -Add a local key id or a friendlyname to a safebag. - -1.2 Authsafe functions. - -PKCS7 *PKCS12_pack_p7data(STACK *sk) -Take a stack of safebags and convert them into an unencrypted authsafe. The -stack of safebags can be freed up after calling this function. - -PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, STACK *bags); - -As above but encrypted. - -1.3 PKCS12 functions. - -PKCS12 *PKCS12_init(int mode) - -Initialise a PKCS12 structure (currently mode should be NID_pkcs7_data). - -M_PKCS12_pack_authsafes(p12, safes) - -This macro takes a STACK of authsafes and adds them to a PKCS#12 structure. - -int PKCS12_set_mac(PKCS12 *p12, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, EVP_MD *md_type); - -Add a MAC to a PKCS12 structure. If EVP_MD is NULL use SHA-1, the spec suggests -that SHA-1 should be used. - -2. Extraction Functions. - -2.1 Safebags. - -M_PKCS12_bag_type(bag) - -Return the type of "bag". Returns one of the following - -NID_keyBag -NID_pkcs8ShroudedKeyBag 7 -NID_certBag 8 -NID_crlBag 9 -NID_secretBag 10 -NID_safeContentsBag 11 - -M_PKCS12_cert_bag_type(bag) - -Returns type of certificate bag, following are understood. - -NID_x509Certificate 14 -NID_sdsiCertificate 15 - -M_PKCS12_crl_bag_type(bag) - -Returns crl bag type, currently only NID_crlBag is recognised. - -M_PKCS12_certbag2x509(bag) - -This macro extracts an X509 certificate from a certificate bag. - -M_PKCS12_certbag2x509crl(bag) - -As above but for a CRL. - -EVP_PKEY * PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) - -Extract a private key from a PKCS8 private key info structure. - -M_PKCS12_decrypt_skey(bag, pass, passlen) - -Decrypt a shrouded key bag and return a PKCS8 private key info structure. -Works with both RSA and DSA keys - -char *PKCS12_get_friendlyname(bag) - -Returns the friendlyName of a bag if present or NULL if none. The returned -string is a null terminated ASCII string allocated with Malloc(). It should -thus be freed up with Free() after use. - -2.2 AuthSafe functions. - -M_PKCS12_unpack_p7data(p7) - -Extract a STACK of safe bags from a PKCS#7 data ContentInfo. - -#define M_PKCS12_unpack_p7encdata(p7, pass, passlen) - -As above but for an encrypted content info. - -2.3 PKCS12 functions. - -M_PKCS12_unpack_authsafes(p12) - -Extract a STACK of authsafes from a PKCS12 structure. - -M_PKCS12_mac_present(p12) - -Check to see if a MAC is present. - -int PKCS12_verify_mac(PKCS12 *p12, unsigned char *pass, int passlen) - -Verify a MAC on a PKCS12 structure. Returns an error if MAC not present. - - -Notes. - -1. All the function return 0 or NULL on error. -2. Encryption based functions take a common set of parameters. These are -described below. - -pass, passlen -ASCII password and length. The password on the MAC is called the "integrity -password" the encryption password is called the "privacy password" in the -PKCS#12 documentation. The passwords do not have to be the same. If -1 is -passed for the length it is worked out by the function itself (currently -this is sometimes done whatever is passed as the length but that may change). - -salt, saltlen -A 'salt' if salt is NULL a random salt is used. If saltlen is also zero a -default length is used. - -iter -Iteration count. This is a measure of how many times an internal function is -called to encrypt the data. The larger this value is the longer it takes, it -makes dictionary attacks on passwords harder. NOTE: Some implementations do -not support an iteration count on the MAC. If the password for the MAC and -encryption is the same then there is no point in having a high iteration -count for encryption if the MAC has no count. The MAC could be attacked -and the password used for the main decryption. - -pbe_nid -This is the NID of the password based encryption method used. The following are -supported. -NID_pbe_WithSHA1And128BitRC4 -NID_pbe_WithSHA1And40BitRC4 -NID_pbe_WithSHA1And3_Key_TripleDES_CBC -NID_pbe_WithSHA1And2_Key_TripleDES_CBC -NID_pbe_WithSHA1And128BitRC2_CBC -NID_pbe_WithSHA1And40BitRC2_CBC - -Which you use depends on the implementation you are exporting to. "Export -grade" (i.e. cryptographically challenged) products cannot support all -algorithms. Typically you may be able to use any encryption on shrouded key -bags but they must then be placed in an unencrypted authsafe. Other authsafes -may only support 40bit encryption. Of course if you are using SSLeay -throughout you can strongly encrypt everything and have high iteration counts -on everything. - -3. For decryption routines only the password and length are needed. - -4. Unlike the external version the nid's of objects are the values of the -constants: that is NID_certBag is the real nid, therefore there is no -PKCS12_obj_offset() function. Note the object constants are not the same as -those of the external version. If you use these constants then you will need -to recompile your code. - -5. With the exception of PKCS12_MAKE_KEYBAG(), after calling any function or -macro of the form PKCS12_MAKE_SOMETHING(other) the "other" structure can be -reused or freed up safely. - diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt deleted file mode 100644 index 6b3c5c5038..0000000000 --- a/src/lib/libssl/doc/standards.txt +++ /dev/null @@ -1,285 +0,0 @@ -Standards related to OpenSSL -============================ - -[Please, this is currently a draft. I made a first try at finding - documents that describe parts of what OpenSSL implements. There are - big gaps, and I've most certainly done something wrong. Please - correct whatever is... Also, this note should be removed when this - file is reaching a somewhat correct state. -- Richard Levitte] - - -All pointers in here will be either URL's or blobs of text borrowed -from miscellaneous indexes, like rfc-index.txt (index of RFCs), -1id-index.txt (index of Internet drafts) and the like. - -To find the latest possible RFCs, it's recommended to either browse -ftp://ftp.isi.edu/in-notes/ or go to http://www.rfc-editor.org/ and -use the search mechanism found there. -To find the latest possible Internet drafts, it's recommended to -browse ftp://ftp.isi.edu/internet-drafts/. -To find the latest possible PKCS, it's recommended to browse -http://www.rsasecurity.com/rsalabs/pkcs/. - - -Implemented: ------------- - -These are documents that describe things that are implemented (in -whole or at least great parts) in OpenSSL. - -1319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992. - (Format: TXT=25661 bytes) (Status: INFORMATIONAL) - -1320 The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Format: - TXT=32407 bytes) (Status: INFORMATIONAL) - -1321 The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Format: - TXT=35222 bytes) (Status: INFORMATIONAL) - -2246 The TLS Protocol Version 1.0. T. Dierks, C. Allen. January 1999. - (Format: TXT=170401 bytes) (Status: PROPOSED STANDARD) - -2268 A Description of the RC2(r) Encryption Algorithm. R. Rivest. - January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL) - -2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski. - March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL) - -PKCS#8: Private-Key Information Syntax Standard - -PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. - -2560 X.509 Internet Public Key Infrastructure Online Certificate - Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin, - C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED - STANDARD) - -2712 Addition of Kerberos Cipher Suites to Transport Layer Security - (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes) - (Status: PROPOSED STANDARD) - -2898 PKCS #5: Password-Based Cryptography Specification Version 2.0. - B. Kaliski. September 2000. (Format: TXT=68692 bytes) (Status: - INFORMATIONAL) - -2986 PKCS #10: Certification Request Syntax Specification Version 1.7. - M. Nystrom, B. Kaliski. November 2000. (Format: TXT=27794 bytes) - (Obsoletes RFC2314) (Status: INFORMATIONAL) - -3174 US Secure Hash Algorithm 1 (SHA1). D. Eastlake 3rd, P. Jones. - September 2001. (Format: TXT=35525 bytes) (Status: INFORMATIONAL) - -3161 Internet X.509 Public Key Infrastructure, Time-Stamp Protocol (TSP) - C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001 - (Status: PROPOSED STANDARD) - -3268 Advanced Encryption Standard (AES) Ciphersuites for Transport - Layer Security (TLS). P. Chown. June 2002. (Format: TXT=13530 bytes) - (Status: PROPOSED STANDARD) - -3279 Algorithms and Identifiers for the Internet X.509 Public Key - Infrastructure Certificate and Certificate Revocation List (CRL) - Profile. L. Bassham, W. Polk, R. Housley. April 2002. (Format: - TXT=53833 bytes) (Status: PROPOSED STANDARD) - -3280 Internet X.509 Public Key Infrastructure Certificate and - Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W. - Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes - RFC2459) (Status: PROPOSED STANDARD) - -3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography - Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003. - (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status: - INFORMATIONAL) - -3713 A Description of the Camellia Encryption Algorithm. M. Matsui, - J. Nakajima, S. Moriai. April 2004. (Format: TXT=25031 bytes) - (Status: INFORMATIONAL) - -3820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate - Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson. - June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD) - -4132 Addition of Camellia Cipher Suites to Transport Layer Security - (TLS). S. Moriai, A. Kato, M. Kanda. July 2005. (Format: TXT=13590 - bytes) (Status: PROPOSED STANDARD) - -4162 Addition of SEED Cipher Suites to Transport Layer Security (TLS). - H.J. Lee, J.H. Yoon, J.I. Lee. August 2005. (Format: TXT=10578 bytes) - (Status: PROPOSED STANDARD) - -4269 The SEED Encryption Algorithm. H.J. Lee, S.J. Lee, J.H. Yoon, - D.H. Cheon, J.I. Lee. December 2005. (Format: TXT=34390 bytes) - (Obsoletes RFC4009) (Status: INFORMATIONAL) - - -Related: --------- - -These are documents that are close to OpenSSL, for example the -STARTTLS documents. - -1421 Privacy Enhancement for Internet Electronic Mail: Part I: Message - Encryption and Authentication Procedures. J. Linn. February 1993. - (Format: TXT=103894 bytes) (Obsoletes RFC1113) (Status: PROPOSED - STANDARD) - -1422 Privacy Enhancement for Internet Electronic Mail: Part II: - Certificate-Based Key Management. S. Kent. February 1993. (Format: - TXT=86085 bytes) (Obsoletes RFC1114) (Status: PROPOSED STANDARD) - -1423 Privacy Enhancement for Internet Electronic Mail: Part III: - Algorithms, Modes, and Identifiers. D. Balenson. February 1993. - (Format: TXT=33277 bytes) (Obsoletes RFC1115) (Status: PROPOSED - STANDARD) - -1424 Privacy Enhancement for Internet Electronic Mail: Part IV: Key - Certification and Related Services. B. Kaliski. February 1993. - (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD) - -2025 The Simple Public-Key GSS-API Mechanism (SPKM). C. Adams. October - 1996. (Format: TXT=101692 bytes) (Status: PROPOSED STANDARD) - -2510 Internet X.509 Public Key Infrastructure Certificate Management - Protocols. C. Adams, S. Farrell. March 1999. (Format: TXT=158178 - bytes) (Status: PROPOSED STANDARD) - -2511 Internet X.509 Certificate Request Message Format. M. Myers, C. - Adams, D. Solo, D. Kemp. March 1999. (Format: TXT=48278 bytes) - (Status: PROPOSED STANDARD) - -2527 Internet X.509 Public Key Infrastructure Certificate Policy and - Certification Practices Framework. S. Chokhani, W. Ford. March 1999. - (Format: TXT=91860 bytes) (Status: INFORMATIONAL) - -2538 Storing Certificates in the Domain Name System (DNS). D. Eastlake - 3rd, O. Gudmundsson. March 1999. (Format: TXT=19857 bytes) (Status: - PROPOSED STANDARD) - -2539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS). - D. Eastlake 3rd. March 1999. (Format: TXT=21049 bytes) (Status: - PROPOSED STANDARD) - -2559 Internet X.509 Public Key Infrastructure Operational Protocols - - LDAPv2. S. Boeyen, T. Howes, P. Richard. April 1999. (Format: - TXT=22889 bytes) (Updates RFC1778) (Status: PROPOSED STANDARD) - -2585 Internet X.509 Public Key Infrastructure Operational Protocols: - FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813 - bytes) (Status: PROPOSED STANDARD) - -2587 Internet X.509 Public Key Infrastructure LDAPv2 Schema. S. - Boeyen, T. Howes, P. Richard. June 1999. (Format: TXT=15102 bytes) - (Status: PROPOSED STANDARD) - -2595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999. - (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD) - -2631 Diffie-Hellman Key Agreement Method. E. Rescorla. June 1999. - (Format: TXT=25932 bytes) (Status: PROPOSED STANDARD) - -2632 S/MIME Version 3 Certificate Handling. B. Ramsdell, Ed.. June - 1999. (Format: TXT=27925 bytes) (Status: PROPOSED STANDARD) - -2716 PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon. October - 1999. (Format: TXT=50108 bytes) (Status: EXPERIMENTAL) - -2773 Encryption using KEA and SKIPJACK. R. Housley, P. Yee, W. Nace. - February 2000. (Format: TXT=20008 bytes) (Updates RFC0959) (Status: - EXPERIMENTAL) - -2797 Certificate Management Messages over CMS. M. Myers, X. Liu, J. - Schaad, J. Weinstein. April 2000. (Format: TXT=103357 bytes) (Status: - PROPOSED STANDARD) - -2817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May - 2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED - STANDARD) - -2818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes) - (Status: INFORMATIONAL) - -2876 Use of the KEA and SKIPJACK Algorithms in CMS. J. Pawling. July - 2000. (Format: TXT=29265 bytes) (Status: INFORMATIONAL) - -2984 Use of the CAST-128 Encryption Algorithm in CMS. C. Adams. - October 2000. (Format: TXT=11591 bytes) (Status: PROPOSED STANDARD) - -2985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0. - M. Nystrom, B. Kaliski. November 2000. (Format: TXT=70703 bytes) - (Status: INFORMATIONAL) - -3029 Internet X.509 Public Key Infrastructure Data Validation and - Certification Server Protocols. C. Adams, P. Sylvester, M. Zolotarev, - R. Zuccherato. February 2001. (Format: TXT=107347 bytes) (Status: - EXPERIMENTAL) - -3039 Internet X.509 Public Key Infrastructure Qualified Certificates - Profile. S. Santesson, W. Polk, P. Barzin, M. Nystrom. January 2001. - (Format: TXT=67619 bytes) (Status: PROPOSED STANDARD) - -3058 Use of the IDEA Encryption Algorithm in CMS. S. Teiwes, P. - Hartmann, D. Kuenzi. February 2001. (Format: TXT=17257 bytes) - (Status: INFORMATIONAL) - -3161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol - (TSP). C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001. - (Format: TXT=54585 bytes) (Status: PROPOSED STANDARD) - -3185 Reuse of CMS Content Encryption Keys. S. Farrell, S. Turner. - October 2001. (Format: TXT=20404 bytes) (Status: PROPOSED STANDARD) - -3207 SMTP Service Extension for Secure SMTP over Transport Layer - Security. P. Hoffman. February 2002. (Format: TXT=18679 bytes) - (Obsoletes RFC2487) (Status: PROPOSED STANDARD) - -3217 Triple-DES and RC2 Key Wrapping. R. Housley. December 2001. - (Format: TXT=19855 bytes) (Status: INFORMATIONAL) - -3274 Compressed Data Content Type for Cryptographic Message Syntax - (CMS). P. Gutmann. June 2002. (Format: TXT=11276 bytes) (Status: - PROPOSED STANDARD) - -3278 Use of Elliptic Curve Cryptography (ECC) Algorithms in - Cryptographic Message Syntax (CMS). S. Blake-Wilson, D. Brown, P. - Lambert. April 2002. (Format: TXT=33779 bytes) (Status: - INFORMATIONAL) - -3281 An Internet Attribute Certificate Profile for Authorization. S. - Farrell, R. Housley. April 2002. (Format: TXT=90580 bytes) (Status: - PROPOSED STANDARD) - -3369 Cryptographic Message Syntax (CMS). R. Housley. August 2002. - (Format: TXT=113975 bytes) (Obsoletes RFC2630, RFC3211) (Status: - PROPOSED STANDARD) - -3370 Cryptographic Message Syntax (CMS) Algorithms. R. Housley. August - 2002. (Format: TXT=51001 bytes) (Obsoletes RFC2630, RFC3211) (Status: - PROPOSED STANDARD) - -3377 Lightweight Directory Access Protocol (v3): Technical - Specification. J. Hodges, R. Morgan. September 2002. (Format: - TXT=9981 bytes) (Updates RFC2251, RFC2252, RFC2253, RFC2254, RFC2255, - RFC2256, RFC2829, RFC2830) (Status: PROPOSED STANDARD) - -3394 Advanced Encryption Standard (AES) Key Wrap Algorithm. J. Schaad, - R. Housley. September 2002. (Format: TXT=73072 bytes) (Status: - INFORMATIONAL) - -3436 Transport Layer Security over Stream Control Transmission - Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002. - (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD) - -3657 Use of the Camellia Encryption Algorithm in Cryptographic - Message Syntax (CMS). S. Moriai, A. Kato. January 2004. - (Format: TXT=26282 bytes) (Status: PROPOSED STANDARD) - -"Securing FTP with TLS", 01/27/2000, - - -To be implemented: ------------------- - -These are documents that describe things that are planned to be -implemented in the hopefully short future. - diff --git a/src/lib/libssl/dtls1.h b/src/lib/libssl/dtls1.h deleted file mode 100644 index 7428d8ec3c..0000000000 --- a/src/lib/libssl/dtls1.h +++ /dev/null @@ -1,103 +0,0 @@ -/* $OpenBSD: dtls1.h,v 1.27 2021/05/16 13:56:30 jsing Exp $ */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_DTLS1_H -#define HEADER_DTLS1_H - -#include - -#include -#include -#include - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define DTLS1_VERSION 0xFEFF -#define DTLS1_2_VERSION 0xFEFD -#define DTLS1_VERSION_MAJOR 0xFE - -/* lengths of messages */ -#define DTLS1_COOKIE_LENGTH 256 - -#define DTLS1_RT_HEADER_LENGTH 13 - -#define DTLS1_HM_HEADER_LENGTH 12 - -#define DTLS1_HM_BAD_FRAGMENT -2 -#define DTLS1_HM_FRAGMENT_RETRY -3 - -#define DTLS1_CCS_HEADER_LENGTH 1 - -#define DTLS1_AL_HEADER_LENGTH 2 - -/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ -#define DTLS1_TMO_READ_COUNT 2 -#define DTLS1_TMO_WRITE_COUNT 2 - -#define DTLS1_TMO_ALERT_COUNT 12 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/src/lib/libssl/dtls_local.h b/src/lib/libssl/dtls_local.h deleted file mode 100644 index c7c413fef4..0000000000 --- a/src/lib/libssl/dtls_local.h +++ /dev/null @@ -1,232 +0,0 @@ -/* $OpenBSD: dtls_local.h,v 1.2 2022/11/26 17:23:18 tb Exp $ */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_DTLS_LOCL_H -#define HEADER_DTLS_LOCL_H - -#include - -#include - -#include "ssl_local.h" -#include "tls_content.h" - -__BEGIN_HIDDEN_DECLS - -typedef struct dtls1_bitmap_st { - unsigned long map; /* track 32 packets on 32-bit systems - and 64 - on 64-bit systems */ - unsigned char max_seq_num[8]; /* max record number seen so far, - 64-bit value in big-endian - encoding */ -} DTLS1_BITMAP; - -struct dtls1_retransmit_state { - SSL_SESSION *session; - unsigned short epoch; -}; - -struct hm_header_st { - unsigned char type; - unsigned long msg_len; - unsigned short seq; - unsigned long frag_off; - unsigned long frag_len; - unsigned int is_ccs; - struct dtls1_retransmit_state saved_retransmit_state; -}; - -struct dtls1_timeout_st { - /* Number of read timeouts so far */ - unsigned int read_timeouts; - - /* Number of write timeouts so far */ - unsigned int write_timeouts; - - /* Number of alerts received so far */ - unsigned int num_alerts; -}; - -struct _pqueue; - -typedef struct record_pqueue_st { - unsigned short epoch; - struct _pqueue *q; -} record_pqueue; - -typedef struct rcontent_pqueue_st { - unsigned short epoch; - struct _pqueue *q; -} rcontent_pqueue; - -typedef struct hm_fragment_st { - struct hm_header_st msg_header; - unsigned char *fragment; - unsigned char *reassembly; -} hm_fragment; - -typedef struct dtls1_record_data_internal_st { - unsigned char *packet; - unsigned int packet_length; - SSL3_BUFFER_INTERNAL rbuf; - SSL3_RECORD_INTERNAL rrec; -} DTLS1_RECORD_DATA_INTERNAL; - -typedef struct dtls1_rcontent_data_internal_st { - struct tls_content *rcontent; -} DTLS1_RCONTENT_DATA_INTERNAL; - -struct dtls1_state_st { - /* Buffered (sent) handshake records */ - struct _pqueue *sent_messages; - - /* Indicates when the last handshake msg or heartbeat sent will timeout */ - struct timeval next_timeout; - - /* Timeout duration */ - unsigned short timeout_duration; - - unsigned int send_cookie; - unsigned char cookie[DTLS1_COOKIE_LENGTH]; - unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; - unsigned int cookie_len; - - /* records being received in the current epoch */ - DTLS1_BITMAP bitmap; - - /* renegotiation starts a new set of sequence numbers */ - DTLS1_BITMAP next_bitmap; - - /* handshake message numbers */ - unsigned short handshake_write_seq; - unsigned short next_handshake_write_seq; - - unsigned short handshake_read_seq; - - /* Received handshake records (unprocessed) */ - record_pqueue unprocessed_rcds; - - /* Buffered handshake messages */ - struct _pqueue *buffered_messages; - - /* Buffered application records. - * Only for records between CCS and Finished - * to prevent either protocol violation or - * unnecessary message loss. - */ - rcontent_pqueue buffered_app_data; - - /* Is set when listening for new connections with dtls1_listen() */ - unsigned int listen; - - unsigned int mtu; /* max DTLS packet size */ - - struct hm_header_st w_msg_hdr; - struct hm_header_st r_msg_hdr; - - struct dtls1_timeout_st timeout; - - unsigned int retransmitting; - unsigned int change_cipher_spec_ok; -}; - -int dtls1_do_write(SSL *s, int type); -int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); -void dtls1_set_message_header(SSL *s, unsigned char mt, unsigned long len, - unsigned long frag_off, unsigned long frag_len); -void dtls1_set_message_header_int(SSL *s, unsigned char mt, - unsigned long len, unsigned short seq_num, unsigned long frag_off, - unsigned long frag_len); - -int do_dtls1_write(SSL *s, int type, const unsigned char *buf, - unsigned int len); - -int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len); -int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); - -int dtls1_read_failed(SSL *s, int code); -int dtls1_buffer_message(SSL *s, int ccs); -int dtls1_retransmit_message(SSL *s, unsigned short seq, - unsigned long frag_off, int *found); -int dtls1_get_queue_priority(unsigned short seq, int is_ccs); -int dtls1_retransmit_buffered_messages(SSL *s); -void dtls1_clear_record_buffer(SSL *s); -int dtls1_get_message_header(CBS *header, struct hm_header_st *msg_hdr); -void dtls1_reset_read_seq_numbers(SSL *s); -struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft); -int dtls1_check_timeout_num(SSL *s); -int dtls1_handle_timeout(SSL *s); -const SSL_CIPHER *dtls1_get_cipher(unsigned int u); -void dtls1_start_timer(SSL *s); -void dtls1_stop_timer(SSL *s); -int dtls1_is_timer_expired(SSL *s); -void dtls1_double_timeout(SSL *s); -unsigned int dtls1_min_mtu(void); - -int dtls1_new(SSL *s); -void dtls1_free(SSL *s); -void dtls1_clear(SSL *s); -long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg); - -int dtls1_get_message(SSL *s, int st1, int stn, int mt, long max); -int dtls1_get_record(SSL *s); - -__END_HIDDEN_DECLS - -#endif /* !HEADER_DTLS_LOCL_H */ diff --git a/src/lib/libssl/generate_pkgconfig.sh b/src/lib/libssl/generate_pkgconfig.sh deleted file mode 100644 index e1e663f399..0000000000 --- a/src/lib/libssl/generate_pkgconfig.sh +++ /dev/null @@ -1,89 +0,0 @@ -#!/bin/sh -# -# $OpenBSD: generate_pkgconfig.sh,v 1.11 2022/02/04 16:42:15 tb Exp $ -# -# Copyright (c) 2010,2011 Jasper Lievisse Adriaanse -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# -# Generate pkg-config files for OpenSSL. - -usage() { - echo "usage: ${0##*/} -c current_directory -o obj_directory" - exit 1 -} - -curdir= -objdir= -while getopts "c:o:" flag; do - case "$flag" in - c) - curdir=$OPTARG - ;; - o) - objdir=$OPTARG - ;; - *) - usage - ;; - esac -done - -[ -n "${curdir}" ] || usage -if [ ! -d "${curdir}" ]; then - echo "${0##*/}: ${curdir}: not found" - exit 1 -fi -[ -n "${objdir}" ] || usage -if [ ! -w "${objdir}" ]; then - echo "${0##*/}: ${objdir}: not found or not writable" - exit 1 -fi - -version_re="s/^#define[[:blank:]]+SHLIB_VERSION_NUMBER[[:blank:]]+\"(.*)\".*/\1/p" -version_file=${curdir}/../libcrypto/opensslv.h -#lib_version=$(sed -nE ${version_re} ${version_file}) -lib_version=2.0.0 - -# Put -I${includedir} into Cflags so configure script tests like -# test -n "`pkg-config --cflags openssl`" -# don't assume that OpenSSL isn't available. - -pc_file="${objdir}/libssl.pc" -cat > ${pc_file} << __EOF__ -prefix=/usr -exec_prefix=\${prefix} -libdir=\${exec_prefix}/lib -includedir=\${prefix}/include - -Name: OpenSSL-libssl -Description: Secure Sockets Layer and cryptography libraries -Version: ${lib_version} -Requires.private: libcrypto -Libs: -L\${libdir} -lssl -Cflags: -I\${includedir} -__EOF__ - - -pc_file="${objdir}/openssl.pc" -cat > ${pc_file} << __EOF__ -prefix=/usr -exec_prefix=\${prefix} -libdir=\${exec_prefix}/lib -includedir=\${prefix}/include - -Name: OpenSSL -Description: Secure Sockets Layer and cryptography libraries and tools -Version: ${lib_version} -Requires: libssl libcrypto -__EOF__ diff --git a/src/lib/libssl/hidden/openssl/srtp.h b/src/lib/libssl/hidden/openssl/srtp.h deleted file mode 100644 index 2440fc93d9..0000000000 --- a/src/lib/libssl/hidden/openssl/srtp.h +++ /dev/null @@ -1,33 +0,0 @@ -/* $OpenBSD: srtp.h,v 1.1 2023/07/08 16:40:14 beck Exp $ */ -/* - * Copyright (c) 2023 Bob Beck - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _LIBSSL_SRTP_H -#define _LIBSSL_SRTP_H - -#ifndef _MSC_VER -#include_next -#else -#include "../include/openssl/srtp.h" -#endif -#include "ssl_namespace.h" - -LSSL_USED(SSL_CTX_set_tlsext_use_srtp); -LSSL_USED(SSL_set_tlsext_use_srtp); -LSSL_USED(SSL_get_srtp_profiles); -LSSL_USED(SSL_get_selected_srtp_profile); - -#endif /* _LIBSSL_SRTP_H */ diff --git a/src/lib/libssl/hidden/openssl/ssl.h b/src/lib/libssl/hidden/openssl/ssl.h deleted file mode 100644 index b854dd7b73..0000000000 --- a/src/lib/libssl/hidden/openssl/ssl.h +++ /dev/null @@ -1,382 +0,0 @@ -/* $OpenBSD: ssl.h,v 1.9 2024/08/31 10:51:48 tb Exp $ */ -/* - * Copyright (c) 2023 Bob Beck - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _LIBSSL_SSL_H -#define _LIBSSL_SSL_H - -#ifndef _MSC_VER -#include_next -#else -#include "../include/openssl/ssl.h" -#endif -#include "ssl_namespace.h" - -LSSL_USED(SSL_CTX_set_msg_callback); -LSSL_USED(SSL_set_msg_callback); -LSSL_USED(SSL_CTX_set_keylog_callback); -LSSL_USED(SSL_CTX_get_keylog_callback); -LSSL_USED(SSL_set_num_tickets); -LSSL_USED(SSL_get_num_tickets); -LSSL_USED(SSL_CTX_set_num_tickets); -LSSL_USED(SSL_CTX_get_num_tickets); -LSSL_USED(SSL_get0_verified_chain); -LSSL_USED(SSL_CTX_sessions); -LSSL_USED(SSL_CTX_sess_set_new_cb); -LSSL_USED(SSL_CTX_sess_get_new_cb); -LSSL_USED(SSL_CTX_sess_set_remove_cb); -LSSL_USED(SSL_CTX_sess_get_remove_cb); -LSSL_USED(SSL_CTX_sess_set_get_cb); -LSSL_USED(SSL_CTX_set_info_callback); -LSSL_USED(SSL_CTX_get_info_callback); -LSSL_USED(SSL_CTX_set_client_cert_cb); -LSSL_USED(SSL_CTX_get_client_cert_cb); -LSSL_USED(SSL_CTX_set_cookie_generate_cb); -LSSL_USED(SSL_CTX_set_cookie_verify_cb); -LSSL_USED(SSL_CTX_set_next_protos_advertised_cb); -LSSL_USED(SSL_CTX_set_next_proto_select_cb); -LSSL_USED(SSL_select_next_proto); -LSSL_USED(SSL_get0_next_proto_negotiated); -LSSL_USED(SSL_CTX_set_alpn_protos); -LSSL_USED(SSL_set_alpn_protos); -LSSL_USED(SSL_CTX_set_alpn_select_cb); -LSSL_USED(SSL_get0_alpn_selected); -LSSL_USED(SSL_set_psk_use_session_callback); -LSSL_USED(SSL_get_finished); -LSSL_USED(SSL_get_peer_finished); -LSSL_USED(SSL_verify_client_post_handshake); -LSSL_USED(SSL_CTX_set_post_handshake_auth); -LSSL_USED(SSL_set_post_handshake_auth); -LSSL_USED(PEM_read_bio_SSL_SESSION); -LSSL_USED(PEM_read_SSL_SESSION); -LSSL_USED(PEM_write_bio_SSL_SESSION); -LSSL_USED(PEM_write_SSL_SESSION); -LSSL_USED(SSL_CTX_set0_chain); -LSSL_USED(SSL_CTX_set1_chain); -LSSL_USED(SSL_CTX_add0_chain_cert); -LSSL_USED(SSL_CTX_add1_chain_cert); -LSSL_USED(SSL_CTX_get0_chain_certs); -LSSL_USED(SSL_CTX_clear_chain_certs); -LSSL_USED(SSL_set0_chain); -LSSL_USED(SSL_set1_chain); -LSSL_USED(SSL_add0_chain_cert); -LSSL_USED(SSL_add1_chain_cert); -LSSL_USED(SSL_get0_chain_certs); -LSSL_USED(SSL_clear_chain_certs); -LSSL_USED(SSL_CTX_set1_groups); -LSSL_USED(SSL_CTX_set1_groups_list); -LSSL_USED(SSL_set1_groups); -LSSL_USED(SSL_set1_groups_list); -LSSL_USED(SSL_CTX_get_min_proto_version); -LSSL_USED(SSL_CTX_get_max_proto_version); -LSSL_USED(SSL_CTX_set_min_proto_version); -LSSL_USED(SSL_CTX_set_max_proto_version); -LSSL_USED(SSL_get_min_proto_version); -LSSL_USED(SSL_get_max_proto_version); -LSSL_USED(SSL_set_min_proto_version); -LSSL_USED(SSL_set_max_proto_version); -LSSL_USED(SSL_CTX_get_ssl_method); -LSSL_USED(BIO_f_ssl); -LSSL_USED(BIO_new_ssl); -LSSL_USED(BIO_new_ssl_connect); -LSSL_USED(BIO_new_buffer_ssl_connect); -LSSL_USED(BIO_ssl_copy_session_id); -LSSL_USED(BIO_ssl_shutdown); -LSSL_USED(SSL_CTX_get_ciphers); -LSSL_USED(SSL_CTX_set_cipher_list); -LSSL_USED(SSL_CTX_set_ciphersuites); -LSSL_USED(SSL_CTX_new); -LSSL_USED(SSL_CTX_free); -LSSL_USED(SSL_CTX_up_ref); -LSSL_USED(SSL_CTX_set_timeout); -LSSL_USED(SSL_CTX_get_timeout); -LSSL_USED(SSL_CTX_get_cert_store); -LSSL_USED(SSL_CTX_set_cert_store); -LSSL_USED(SSL_CTX_set1_cert_store); -LSSL_USED(SSL_CTX_get0_certificate); -LSSL_USED(SSL_CTX_get0_privatekey); -LSSL_USED(SSL_want); -LSSL_USED(SSL_clear); -LSSL_USED(SSL_CTX_flush_sessions); -LSSL_USED(SSL_get_current_cipher); -LSSL_USED(SSL_CIPHER_get_bits); -LSSL_USED(SSL_CIPHER_get_version); -LSSL_USED(SSL_CIPHER_get_name); -LSSL_USED(SSL_CIPHER_get_id); -LSSL_USED(SSL_CIPHER_get_value); -LSSL_USED(SSL_CIPHER_find); -LSSL_USED(SSL_CIPHER_get_cipher_nid); -LSSL_USED(SSL_CIPHER_get_digest_nid); -LSSL_USED(SSL_CIPHER_get_kx_nid); -LSSL_USED(SSL_CIPHER_get_auth_nid); -LSSL_USED(SSL_CIPHER_is_aead); -LSSL_USED(SSL_get_fd); -LSSL_USED(SSL_get_rfd); -LSSL_USED(SSL_get_wfd); -LSSL_USED(SSL_get_cipher_list); -LSSL_USED(SSL_get_shared_ciphers); -LSSL_USED(SSL_get_read_ahead); -LSSL_USED(SSL_pending); -LSSL_USED(SSL_set_fd); -LSSL_USED(SSL_set_rfd); -LSSL_USED(SSL_set_wfd); -LSSL_USED(SSL_set_bio); -LSSL_USED(SSL_get_rbio); -LSSL_USED(SSL_set0_rbio); -LSSL_USED(SSL_get_wbio); -LSSL_USED(SSL_set_cipher_list); -LSSL_USED(SSL_set_ciphersuites); -LSSL_USED(SSL_set_read_ahead); -LSSL_USED(SSL_get_verify_mode); -LSSL_USED(SSL_get_verify_depth); -LSSL_USED(SSL_get_verify_callback); -LSSL_USED(SSL_set_verify); -LSSL_USED(SSL_set_verify_depth); -LSSL_USED(SSL_use_RSAPrivateKey); -LSSL_USED(SSL_use_RSAPrivateKey_ASN1); -LSSL_USED(SSL_use_PrivateKey); -LSSL_USED(SSL_use_PrivateKey_ASN1); -LSSL_USED(SSL_use_certificate); -LSSL_USED(SSL_use_certificate_ASN1); -LSSL_USED(SSL_use_RSAPrivateKey_file); -LSSL_USED(SSL_use_PrivateKey_file); -LSSL_USED(SSL_use_certificate_file); -LSSL_USED(SSL_use_certificate_chain_file); -LSSL_USED(SSL_CTX_use_RSAPrivateKey_file); -LSSL_USED(SSL_CTX_use_PrivateKey_file); -LSSL_USED(SSL_CTX_use_certificate_file); -LSSL_USED(SSL_CTX_use_certificate_chain_file); -LSSL_USED(SSL_CTX_use_certificate_chain_mem); -LSSL_USED(SSL_load_client_CA_file); -LSSL_USED(SSL_add_file_cert_subjects_to_stack); -LSSL_USED(SSL_add_dir_cert_subjects_to_stack); -LSSL_USED(SSL_load_error_strings); -LSSL_USED(SSL_state_string); -LSSL_USED(SSL_rstate_string); -LSSL_USED(SSL_state_string_long); -LSSL_USED(SSL_rstate_string_long); -LSSL_USED(SSL_SESSION_get0_cipher); -LSSL_USED(SSL_SESSION_get_master_key); -LSSL_USED(SSL_SESSION_get_protocol_version); -LSSL_USED(SSL_SESSION_get_time); -LSSL_USED(SSL_SESSION_set_time); -LSSL_USED(SSL_SESSION_get_timeout); -LSSL_USED(SSL_SESSION_set_timeout); -LSSL_USED(SSL_copy_session_id); -LSSL_USED(SSL_SESSION_get0_peer); -LSSL_USED(SSL_SESSION_set1_id); -LSSL_USED(SSL_SESSION_set1_id_context); -LSSL_USED(SSL_SESSION_is_resumable); -LSSL_USED(SSL_SESSION_new); -LSSL_USED(SSL_SESSION_free); -LSSL_USED(SSL_SESSION_up_ref); -LSSL_USED(SSL_SESSION_get_id); -LSSL_USED(SSL_SESSION_get0_id_context); -LSSL_USED(SSL_SESSION_get_max_early_data); -LSSL_USED(SSL_SESSION_set_max_early_data); -LSSL_USED(SSL_SESSION_get_ticket_lifetime_hint); -LSSL_USED(SSL_SESSION_has_ticket); -LSSL_USED(SSL_SESSION_get_compress_id); -LSSL_USED(SSL_SESSION_print_fp); -LSSL_USED(SSL_SESSION_print); -LSSL_USED(i2d_SSL_SESSION); -LSSL_USED(SSL_set_session); -LSSL_USED(SSL_CTX_add_session); -LSSL_USED(SSL_CTX_remove_session); -LSSL_USED(SSL_CTX_set_generate_session_id); -LSSL_USED(SSL_set_generate_session_id); -LSSL_USED(SSL_has_matching_session_id); -LSSL_USED(d2i_SSL_SESSION); -LSSL_USED(SSL_get_peer_cert_chain); -LSSL_USED(SSL_CTX_get_verify_mode); -LSSL_USED(SSL_CTX_get_verify_depth); -LSSL_USED(SSL_CTX_get_verify_callback); -LSSL_USED(SSL_CTX_set_verify); -LSSL_USED(SSL_CTX_set_verify_depth); -LSSL_USED(SSL_CTX_set_cert_verify_callback); -LSSL_USED(SSL_CTX_use_RSAPrivateKey); -LSSL_USED(SSL_CTX_use_RSAPrivateKey_ASN1); -LSSL_USED(SSL_CTX_use_PrivateKey); -LSSL_USED(SSL_CTX_use_PrivateKey_ASN1); -LSSL_USED(SSL_CTX_use_certificate); -LSSL_USED(SSL_CTX_use_certificate_ASN1); -LSSL_USED(SSL_CTX_get_default_passwd_cb); -LSSL_USED(SSL_CTX_set_default_passwd_cb); -LSSL_USED(SSL_CTX_get_default_passwd_cb_userdata); -LSSL_USED(SSL_CTX_set_default_passwd_cb_userdata); -LSSL_USED(SSL_CTX_check_private_key); -LSSL_USED(SSL_check_private_key); -LSSL_USED(SSL_CTX_set_session_id_context); -LSSL_USED(SSL_set_session_id_context); -LSSL_USED(SSL_CTX_set_purpose); -LSSL_USED(SSL_set_purpose); -LSSL_USED(SSL_CTX_set_trust); -LSSL_USED(SSL_set_trust); -LSSL_USED(SSL_set1_host); -LSSL_USED(SSL_set_hostflags); -LSSL_USED(SSL_get0_peername); -LSSL_USED(SSL_CTX_get0_param); -LSSL_USED(SSL_CTX_set1_param); -LSSL_USED(SSL_get0_param); -LSSL_USED(SSL_set1_param); -LSSL_USED(SSL_new); -LSSL_USED(SSL_free); -LSSL_USED(SSL_up_ref); -LSSL_USED(SSL_accept); -LSSL_USED(SSL_connect); -LSSL_USED(SSL_is_dtls); -LSSL_USED(SSL_is_server); -LSSL_USED(SSL_read); -LSSL_USED(SSL_peek); -LSSL_USED(SSL_write); -LSSL_USED(SSL_read_ex); -LSSL_USED(SSL_peek_ex); -LSSL_USED(SSL_write_ex); -LSSL_USED(SSL_CTX_get_max_early_data); -LSSL_USED(SSL_CTX_set_max_early_data); -LSSL_USED(SSL_get_max_early_data); -LSSL_USED(SSL_set_max_early_data); -LSSL_USED(SSL_get_early_data_status); -LSSL_USED(SSL_read_early_data); -LSSL_USED(SSL_write_early_data); -LSSL_USED(SSL_ctrl); -LSSL_USED(SSL_callback_ctrl); -LSSL_USED(SSL_CTX_ctrl); -LSSL_USED(SSL_CTX_callback_ctrl); -LSSL_USED(SSL_get_error); -LSSL_USED(SSL_get_version); -LSSL_USED(SSL_CTX_set_ssl_version); -LSSL_USED(SSLv23_method); -LSSL_USED(SSLv23_server_method); -LSSL_USED(SSLv23_client_method); -LSSL_USED(TLSv1_method); -LSSL_USED(TLSv1_server_method); -LSSL_USED(TLSv1_client_method); -LSSL_USED(TLSv1_1_method); -LSSL_USED(TLSv1_1_server_method); -LSSL_USED(TLSv1_1_client_method); -LSSL_USED(TLSv1_2_method); -LSSL_USED(TLSv1_2_server_method); -LSSL_USED(TLSv1_2_client_method); -LSSL_USED(TLS_method); -LSSL_USED(TLS_server_method); -LSSL_USED(TLS_client_method); -LSSL_USED(DTLSv1_method); -LSSL_USED(DTLSv1_server_method); -LSSL_USED(DTLSv1_client_method); -LSSL_USED(DTLSv1_2_method); -LSSL_USED(DTLSv1_2_server_method); -LSSL_USED(DTLSv1_2_client_method); -LSSL_USED(DTLS_method); -LSSL_USED(DTLS_server_method); -LSSL_USED(DTLS_client_method); -LSSL_USED(SSL_get_ciphers); -LSSL_USED(SSL_get_client_ciphers); -LSSL_USED(SSL_get1_supported_ciphers); -LSSL_USED(SSL_do_handshake); -LSSL_USED(SSL_renegotiate); -LSSL_USED(SSL_renegotiate_abbreviated); -LSSL_USED(SSL_renegotiate_pending); -LSSL_USED(SSL_shutdown); -LSSL_USED(SSL_get_ssl_method); -LSSL_USED(SSL_set_ssl_method); -LSSL_USED(SSL_alert_type_string_long); -LSSL_USED(SSL_alert_type_string); -LSSL_USED(SSL_alert_desc_string_long); -LSSL_USED(SSL_alert_desc_string); -LSSL_USED(SSL_set_client_CA_list); -LSSL_USED(SSL_CTX_set_client_CA_list); -LSSL_USED(SSL_get_client_CA_list); -LSSL_USED(SSL_CTX_get_client_CA_list); -LSSL_USED(SSL_add_client_CA); -LSSL_USED(SSL_CTX_add_client_CA); -LSSL_USED(SSL_set_connect_state); -LSSL_USED(SSL_set_accept_state); -LSSL_USED(SSL_get_default_timeout); -LSSL_USED(SSL_library_init); -LSSL_USED(SSL_CIPHER_description); -LSSL_USED(SSL_dup_CA_list); -LSSL_USED(SSL_dup); -LSSL_USED(SSL_get_certificate); -LSSL_USED(SSL_get_privatekey); -LSSL_USED(SSL_CTX_set_quiet_shutdown); -LSSL_USED(SSL_CTX_get_quiet_shutdown); -LSSL_USED(SSL_set_quiet_shutdown); -LSSL_USED(SSL_get_quiet_shutdown); -LSSL_USED(SSL_set_shutdown); -LSSL_USED(SSL_get_shutdown); -LSSL_USED(SSL_version); -LSSL_USED(SSL_CTX_set_default_verify_paths); -LSSL_USED(SSL_CTX_load_verify_locations); -LSSL_USED(SSL_CTX_load_verify_mem); -LSSL_USED(SSL_get_session); -LSSL_USED(SSL_get1_session); -LSSL_USED(SSL_get_SSL_CTX); -LSSL_USED(SSL_set_SSL_CTX); -LSSL_USED(SSL_set_info_callback); -LSSL_USED(SSL_get_info_callback); -LSSL_USED(SSL_state); -LSSL_USED(SSL_set_state); -LSSL_USED(SSL_set_verify_result); -LSSL_USED(SSL_get_verify_result); -LSSL_USED(SSL_set_ex_data); -LSSL_USED(SSL_get_ex_data); -LSSL_USED(SSL_get_ex_new_index); -LSSL_USED(SSL_SESSION_set_ex_data); -LSSL_USED(SSL_SESSION_get_ex_data); -LSSL_USED(SSL_SESSION_get_ex_new_index); -LSSL_USED(SSL_CTX_set_ex_data); -LSSL_USED(SSL_CTX_get_ex_data); -LSSL_USED(SSL_CTX_get_ex_new_index); -LSSL_USED(SSL_get_ex_data_X509_STORE_CTX_idx); -LSSL_USED(SSL_CTX_set_tmp_rsa_callback); -LSSL_USED(SSL_set_tmp_rsa_callback); -LSSL_USED(SSL_CTX_set_tmp_dh_callback); -LSSL_USED(SSL_set_tmp_dh_callback); -LSSL_USED(SSL_CTX_set_tmp_ecdh_callback); -LSSL_USED(SSL_set_tmp_ecdh_callback); -LSSL_USED(SSL_get_client_random); -LSSL_USED(SSL_get_server_random); -LSSL_USED(SSL_get_current_compression); -LSSL_USED(SSL_get_current_expansion); -LSSL_USED(SSL_get_peer_certificate); -LSSL_USED(SSL_COMP_get_name); -LSSL_USED(SSL_COMP_get_compression_methods); -LSSL_USED(SSL_set_session_ticket_ext); -LSSL_USED(SSL_set_session_ticket_ext_cb); -LSSL_USED(SSL_set_session_secret_cb); -LSSL_USED(SSL_cache_hit); -LSSL_USED(SSL_set_security_level); -LSSL_USED(SSL_get_security_level); -LSSL_USED(SSL_CTX_set_security_level); -LSSL_USED(SSL_CTX_get_security_level); -LSSL_USED(SSL_CTX_set_quic_method); -LSSL_USED(SSL_CTX_sess_get_get_cb); -LSSL_USED(SSL_set_quic_method); -LSSL_USED(SSL_is_quic); -LSSL_USED(SSL_quic_max_handshake_flight_len); -LSSL_USED(SSL_quic_read_level); -LSSL_USED(SSL_quic_write_level); -LSSL_USED(SSL_provide_quic_data); -LSSL_USED(SSL_process_quic_post_handshake); -LSSL_USED(SSL_set_quic_transport_params); -LSSL_USED(SSL_get_peer_quic_transport_params); -LSSL_USED(SSL_set_quic_use_legacy_codepoint); -LSSL_USED(ERR_load_SSL_strings); -LSSL_USED(OPENSSL_init_ssl); -LSSL_USED(SSL_CIPHER_get_handshake_digest); - -#endif /* _LIBSSL_SSL_H */ diff --git a/src/lib/libssl/hidden/openssl/tls1.h b/src/lib/libssl/hidden/openssl/tls1.h deleted file mode 100644 index e7c5721951..0000000000 --- a/src/lib/libssl/hidden/openssl/tls1.h +++ /dev/null @@ -1,34 +0,0 @@ -/* $OpenBSD: tls1.h,v 1.2 2024/03/02 11:44:47 tb Exp $ */ -/* - * Copyright (c) 2023 Bob Beck - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _LIBSSL_TLS1_H -#define _LIBSSL_TLS1_H - -#ifndef _MSC_VER -#include_next -#else -#include "../include/openssl/tls1.h" -#endif -#include "ssl_namespace.h" - -LSSL_USED(SSL_get_servername); -LSSL_USED(SSL_get_servername_type); -LSSL_USED(SSL_export_keying_material); -LSSL_USED(SSL_get_peer_signature_type_nid); -LSSL_USED(SSL_get_signature_type_nid); - -#endif /* _LIBSSL_TLS1_H */ diff --git a/src/lib/libssl/hidden/ssl_namespace.h b/src/lib/libssl/hidden/ssl_namespace.h deleted file mode 100644 index 5d26516f3c..0000000000 --- a/src/lib/libssl/hidden/ssl_namespace.h +++ /dev/null @@ -1,41 +0,0 @@ -/* $OpenBSD: ssl_namespace.h,v 1.3 2024/07/12 05:26:34 miod Exp $ */ -/* - * Copyright (c) 2016 Philip Guenther - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _LIBSSL_SSL_NAMESPACE_H_ -#define _LIBSSL_SSL_NAMESPACE_H_ - -/* - * If marked as 'used', then internal calls use the name with prefix "_lssl_" - * and we alias that to the normal name. - */ - -#ifdef LIBRESSL_NAMESPACE -#define LSSL_UNUSED(x) typeof(x) x __attribute__((deprecated)) -#define LSSL_USED(x) __attribute__((visibility("hidden"))) \ - typeof(x) x asm("_lssl_"#x) -#if defined(__hppa__) -#define LSSL_ALIAS(x) asm("! .global "#x" ! .set "#x", _lssl_"#x) -#else -#define LSSL_ALIAS(x) asm(".global "#x"; "#x" = _lssl_"#x) -#endif -#else -#define LSSL_UNUSED(x) -#define LSSL_USED(x) -#define LSSL_ALIAS(x) asm("") -#endif - -#endif /* _LIBSSL_SSL_NAMESPACE_H_ */ diff --git a/src/lib/libssl/man/BIO_f_ssl.3 b/src/lib/libssl/man/BIO_f_ssl.3 deleted file mode 100644 index 3b74a3d6a4..0000000000 --- a/src/lib/libssl/man/BIO_f_ssl.3 +++ /dev/null @@ -1,609 +0,0 @@ -.\" $OpenBSD: BIO_f_ssl.3,v 1.16 2024/01/13 18:37:51 tb Exp $ -.\" full merge up to: OpenSSL f672aee4 Feb 9 11:52:40 2016 -0500 -.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000, 2003, 2009, 2014-2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: January 13 2024 $ -.Dt BIO_F_SSL 3 -.Os -.Sh NAME -.Nm BIO_f_ssl , -.Nm BIO_set_ssl , -.Nm BIO_get_ssl , -.Nm BIO_set_ssl_mode , -.Nm BIO_set_ssl_renegotiate_bytes , -.Nm BIO_get_num_renegotiates , -.Nm BIO_set_ssl_renegotiate_timeout , -.Nm BIO_new_ssl , -.Nm BIO_new_ssl_connect , -.Nm BIO_new_buffer_ssl_connect , -.Nm BIO_ssl_copy_session_id , -.Nm BIO_ssl_shutdown , -.Nm BIO_do_handshake -.Nd SSL BIO -.Sh SYNOPSIS -.In openssl/bio.h -.In openssl/ssl.h -.Ft const BIO_METHOD * -.Fn BIO_f_ssl void -.Ft long -.Fo BIO_set_ssl -.Fa "BIO *b" -.Fa "SSL *ssl" -.Fa "long c" -.Fc -.Ft long -.Fo BIO_get_ssl -.Fa "BIO *b" -.Fa "SSL *sslp" -.Fc -.Ft long -.Fo BIO_set_ssl_mode -.Fa "BIO *b" -.Fa "long client" -.Fc -.Ft long -.Fo BIO_set_ssl_renegotiate_bytes -.Fa "BIO *b" -.Fa "long num" -.Fc -.Ft long -.Fo BIO_set_ssl_renegotiate_timeout -.Fa "BIO *b" -.Fa "long seconds" -.Fc -.Ft long -.Fo BIO_get_num_renegotiates -.Fa "BIO *b" -.Fc -.Ft BIO * -.Fn BIO_new_ssl "SSL_CTX *ctx" "int client" -.Ft BIO * -.Fn BIO_new_ssl_connect "SSL_CTX *ctx" -.Ft BIO * -.Fn BIO_new_buffer_ssl_connect "SSL_CTX *ctx" -.Ft int -.Fn BIO_ssl_copy_session_id "BIO *to" "BIO *from" -.Ft void -.Fn BIO_ssl_shutdown "BIO *bio" -.Ft long -.Fn BIO_do_handshake "BIO *b" -.Sh DESCRIPTION -.Fn BIO_f_ssl -returns the -.Vt SSL -.Vt BIO -method. -This is a filter -.Vt BIO -which is a wrapper around the OpenSSL -.Vt SSL -routines adding a -.Vt BIO -.Dq flavor -to SSL I/O. -.Pp -I/O performed on an -.Vt SSL -.Vt BIO -communicates using the SSL protocol with -the -.Vt SSL Ns 's -read and write -.Vt BIO Ns s . -If an SSL connection is not established then an attempt is made to establish -one on the first I/O call. -.Pp -If a -.Vt BIO -is appended to an -.Vt SSL -.Vt BIO -using -.Xr BIO_push 3 , -it is automatically used as the -.Vt SSL -.Vt BIO Ns 's read and write -.Vt BIO Ns s . -.Pp -Calling -.Xr BIO_reset 3 -on an -.Vt SSL -.Vt BIO -closes down any current SSL connection by calling -.Xr SSL_shutdown 3 . -.Xr BIO_reset 3 -is then sent to the next -.Vt BIO -in the chain; this will typically disconnect the underlying transport. -The -.Vt SSL -.Vt BIO -is then reset to the initial accept or connect state. -.Pp -If the close flag is set when an -.Vt SSL -.Vt BIO -is freed then the internal -.Vt SSL -structure is also freed using -.Xr SSL_free 3 . -.Pp -.Fn BIO_set_ssl -sets the internal -.Vt SSL -pointer of -.Vt BIO -.Fa b -to -.Fa ssl -using -the close flag -.Fa c . -.Pp -.Fn BIO_get_ssl -retrieves the -.Vt SSL -pointer of -.Vt BIO -.Fa b ; -it can then be manipulated using the standard SSL library functions. -.Pp -.Fn BIO_set_ssl_mode -sets the -.Vt SSL -.Vt BIO -mode to -.Fa client . -If -.Fa client -is 1, client mode is set. -If -.Fa client -is 0, server mode is set. -.Pp -.Fn BIO_set_ssl_renegotiate_bytes -sets the renegotiate byte count to -.Fa num . -When set, after every -.Fa num -bytes of I/O (read and write) the SSL session is automatically renegotiated. -.Fa num -must be at least 512 bytes. -.Pp -.Fn BIO_set_ssl_renegotiate_timeout -sets the renegotiate timeout to -.Fa seconds . -When the renegotiate timeout elapses, the session is automatically renegotiated. -.Pp -.Fn BIO_get_num_renegotiates -returns the total number of session renegotiations due to I/O or timeout. -.Pp -.Fn BIO_new_ssl -allocates an -.Vt SSL -.Vt BIO -using -.Vt SSL_CTX -.Va ctx -and using client mode if -.Fa client -is nonzero. -.Pp -.Fn BIO_new_ssl_connect -creates a new -.Vt BIO -chain consisting of an -.Vt SSL -.Vt BIO -(using -.Fa ctx ) -followed by a connect BIO. -.Pp -.Fn BIO_new_buffer_ssl_connect -creates a new -.Vt BIO -chain consisting of a buffering -.Vt BIO , -an -.Vt SSL -.Vt BIO -(using -.Fa ctx ) -and a connect -.Vt BIO . -.Pp -.Fn BIO_ssl_copy_session_id -copies an SSL session id between -.Vt BIO -chains -.Fa from -and -.Fa to . -It does this by locating the -.Vt SSL -.Vt BIO Ns s -in each chain and calling -.Xr SSL_copy_session_id 3 -on the internal -.Vt SSL -pointer. -.Pp -.Fn BIO_ssl_shutdown -closes down an SSL connection on -.Vt BIO -chain -.Fa bio . -It does this by locating the -.Vt SSL -.Vt BIO -in the -chain and calling -.Xr SSL_shutdown 3 -on its internal -.Vt SSL -pointer. -.Pp -.Fn BIO_do_handshake -attempts to complete an SSL handshake on the supplied -.Vt BIO -and establish the SSL connection. -It returns 1 if the connection was established successfully. -A zero or negative value is returned if the connection could not be -established; the call -.Xr BIO_should_retry 3 -should be used for non blocking connect -.Vt BIO Ns s -to determine if the call should be retried. -If an SSL connection has already been established, this call has no effect. -.Pp -When a chain containing an SSL BIO is copied with -.Xr BIO_dup_chain 3 , -.Xr SSL_dup 3 -is called internally to copy the -.Vt SSL -object from the existing BIO object to the new BIO object, -and the internal data related to -.Fn BIO_set_ssl_renegotiate_bytes -and -.Fn BIO_set_ssl_renegotiate_timeout -is also copied. -.Pp -.Vt SSL -.Vt BIO Ns s -are exceptional in that if the underlying transport is non-blocking they can -still request a retry in exceptional circumstances. -Specifically this will happen if a session renegotiation takes place during a -.Xr BIO_read 3 -operation. -One case where this happens is when step up occurs. -.Pp -In OpenSSL 0.9.6 and later the SSL flag -.Dv SSL_AUTO_RETRY -can be set to disable this behaviour. -In other words, when this flag is set an -.Vt SSL -.Vt BIO -using a blocking transport will never request a retry. -.Pp -Since unknown -.Xr BIO_ctrl 3 -operations are sent through filter -.Vt BIO Ns s , -the server name and port can be set using -.Xr BIO_set_conn_hostname 3 -and -.Xr BIO_set_conn_port 3 -on the -.Vt BIO -returned by -.Fn BIO_new_ssl_connect -without having to locate the connect -.Vt BIO -first. -.Pp -Applications do not have to call -.Fn BIO_do_handshake -but may wish to do so to separate the handshake process from other I/O -processing. -.Pp -.Fn BIO_set_ssl , -.Fn BIO_get_ssl , -.Fn BIO_set_ssl_mode , -.Fn BIO_set_ssl_renegotiate_bytes , -.Fn BIO_set_ssl_renegotiate_timeout , -.Fn BIO_get_num_renegotiates , -and -.Fn BIO_do_handshake -are implemented as macros. -.Sh RETURN VALUES -.Fn BIO_f_ssl -returns a pointer to a static -.Vt BIO_METHOD -structure. -.Pp -When called on an SSL BIO object, -.Xr BIO_method_type 3 -returns the constant -.Dv BIO_TYPE_SSL -and -.Xr BIO_method_name 3 -returns a pointer to the static string -.Qq ssl . -.Pp -.Fn BIO_set_ssl , -.Fn BIO_get_ssl , -.Fn BIO_set_ssl_mode , -.Fn BIO_set_ssl_renegotiate_bytes , -.Fn BIO_set_ssl_renegotiate_timeout , -and -.Fn BIO_get_num_renegotiates -return 1 on success or a value less than or equal to 0 -if an error occurred. -.Pp -.Fn BIO_new_ssl , -.Fn BIO_new_ssl_connect , -and -.Fn BIO_new_buffer_ssl_connect -returns a pointer to a newly allocated -.Vt BIO -chain or -.Dv NULL -if an error occurred. -.Pp -.Fn BIO_ssl_copy_session_id -returns 1 on success or 0 on error. -.Pp -.Fn BIO_do_handshake -returns 1 if the connection was established successfully -or a value less than or equal to 0 otherwise. -.Sh EXAMPLES -This SSL/TLS client example attempts to retrieve a page from an SSL/TLS web -server. -The I/O routines are identical to those of the unencrypted example in -.Xr BIO_s_connect 3 . -.Bd -literal -BIO *sbio, *out; -int len; -char tmpbuf[1024]; -SSL_CTX *ctx; -SSL *ssl; - -ERR_load_crypto_strings(); -ERR_load_SSL_strings(); -OpenSSL_add_all_algorithms(); - -/* - * We would seed the PRNG here if the platform didn't do it automatically - */ - -ctx = SSL_CTX_new(SSLv23_client_method()); - -/* - * We'd normally set some stuff like the verify paths and mode here because - * as things stand this will connect to any server whose certificate is - * signed by any CA. - */ - -sbio = BIO_new_ssl_connect(ctx); - -BIO_get_ssl(sbio, &ssl); - -if (!ssl) { - fprintf(stderr, "Can't locate SSL pointer\en"); - /* whatever ... */ -} - -/* Don't want any retries */ -SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); - -/* We might want to do other things with ssl here */ - -BIO_set_conn_hostname(sbio, "localhost:https"); - -out = BIO_new_fp(stdout, BIO_NOCLOSE); -if (BIO_do_connect(sbio) <= 0) { - fprintf(stderr, "Error connecting to server\en"); - ERR_print_errors_fp(stderr); - /* whatever ... */ -} - -if (BIO_do_handshake(sbio) <= 0) { - fprintf(stderr, "Error establishing SSL connection\en"); - ERR_print_errors_fp(stderr); - /* whatever ... */ -} - -/* Could examine ssl here to get connection info */ - -BIO_puts(sbio, "GET / HTTP/1.0\en\en"); -for (;;) { - len = BIO_read(sbio, tmpbuf, 1024); - if(len <= 0) break; - BIO_write(out, tmpbuf, len); -} -BIO_free_all(sbio); -BIO_free(out); -.Ed -.Pp -Here is a simple server example. -It makes use of a buffering -.Vt BIO -to allow lines to be read from the -.Vt SSL -.Vt BIO -using -.Xr BIO_gets 3 . -It creates a pseudo web page containing the actual request from a client and -also echoes the request to standard output. -.Bd -literal -BIO *sbio, *bbio, *acpt, *out; -int len; -char tmpbuf[1024]; -SSL_CTX *ctx; -SSL *ssl; - -ctx = SSL_CTX_new(SSLv23_server_method()); - -if (!SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM) - || !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM) - || !SSL_CTX_check_private_key(ctx)) { - fprintf(stderr, "Error setting up SSL_CTX\en"); - ERR_print_errors_fp(stderr); - return 0; -} - -/* - * Might do other things here like setting verify locations and DH and/or - * RSA temporary key callbacks - */ - -/* New SSL BIO setup as server */ -sbio = BIO_new_ssl(ctx,0); - -BIO_get_ssl(sbio, &ssl); - -if (!ssl) { - fprintf(stderr, "Can't locate SSL pointer\en"); - /* whatever ... */ -} - -/* Don't want any retries */ -SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); - -/* Create the buffering BIO */ - -bbio = BIO_new(BIO_f_buffer()); - -/* Add to chain */ -sbio = BIO_push(bbio, sbio); - -acpt = BIO_new_accept("4433"); - -/* - * By doing this when a new connection is established we automatically - * have sbio inserted into it. The BIO chain is now 'swallowed' by the - * accept BIO and will be freed when the accept BIO is freed. - */ - -BIO_set_accept_bios(acpt,sbio); - -out = BIO_new_fp(stdout, BIO_NOCLOSE); - -/* Wait for incoming connection */ -if (BIO_do_accept(acpt) <= 0) { - fprintf(stderr, "Error setting up accept BIO\en"); - ERR_print_errors_fp(stderr); - return 0; -} - -/* We only want one connection so remove and free accept BIO */ - -sbio = BIO_pop(acpt); - -BIO_free_all(acpt); - -if (BIO_do_handshake(sbio) <= 0) { - fprintf(stderr, "Error in SSL handshake\en"); - ERR_print_errors_fp(stderr); - return 0; -} - -BIO_puts(sbio, "HTTP/1.0 200 OK\er\enContent-type: text/plain\er\en\er\en"); -BIO_puts(sbio, "\er\enConnection Established\er\enRequest headers:\er\en"); -BIO_puts(sbio, "--------------------------------------------------\er\en"); - -for (;;) { - len = BIO_gets(sbio, tmpbuf, 1024); - if (len <= 0) - break; - BIO_write(sbio, tmpbuf, len); - BIO_write(out, tmpbuf, len); - /* Look for blank line signifying end of headers */ - if ((tmpbuf[0] == '\er') || (tmpbuf[0] == '\en')) - break; -} - -BIO_puts(sbio, "--------------------------------------------------\er\en"); -BIO_puts(sbio, "\er\en"); - -/* Since there is a buffering BIO present we had better flush it */ -BIO_flush(sbio); - -BIO_free_all(sbio); -.Ed -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr ssl 3 -.Sh HISTORY -.Fn BIO_f_ssl , -.Fn BIO_set_ssl , -and -.Fn BIO_get_ssl -first appeared in SSLeay 0.6.0. -.Fn BIO_set_ssl_mode , -.Fn BIO_new_ssl , -and -.Fn BIO_ssl_copy_session_id -first appeared in SSLeay 0.8.0. -.Fn BIO_ssl_shutdown -and -.Fn BIO_do_handshake -first appeared in SSLeay 0.8.1. -.Fn BIO_set_ssl_renegotiate_bytes , -.Fn BIO_get_num_renegotiates , -.Fn BIO_set_ssl_renegotiate_timeout , -.Fn BIO_new_ssl_connect , -and -.Fn BIO_new_buffer_ssl_connect -first appeared in SSLeay 0.9.0. -All these functions have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/DTLSv1_listen.3 b/src/lib/libssl/man/DTLSv1_listen.3 deleted file mode 100644 index 047ec0a7ff..0000000000 --- a/src/lib/libssl/man/DTLSv1_listen.3 +++ /dev/null @@ -1,187 +0,0 @@ -.\" $OpenBSD: DTLSv1_listen.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL 7795475f Dec 18 13:18:31 2015 -0500 -.\" -.\" This file was written by Matt Caswell . -.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt DTLSV1_LISTEN 3 -.Os -.Sh NAME -.Nm DTLSv1_listen -.Nd listen for incoming DTLS connections -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fo DTLSv1_listen -.Fa "SSL *ssl" -.Fa "struct sockaddr *peer" -.Fc -.Sh DESCRIPTION -.Fn DTLSv1_listen -listens for new incoming DTLS connections. -If a ClientHello is received that does not contain a cookie, then -.Fn DTLSv1_listen -responds with a HelloVerifyRequest. -If a ClientHello is received with a cookie that is verified, then -control is returned to user code to enable the handshake to be -completed (for example by using -.Xr SSL_accept 3 ) . -.Pp -.Fn DTLSv1_listen -is currently implemented as a macro. -.Pp -Datagram based protocols can be susceptible to Denial of Service -attacks. -A DTLS attacker could, for example, submit a series of handshake -initiation requests that cause the server to allocate state (and -possibly perform cryptographic operations) thus consuming server -resources. -The attacker could also (with UDP) quite simply forge the source IP -address in such an attack. -.Pp -As a counter measure to that DTLS includes a stateless cookie mechanism. -The idea is that when a client attempts to connect to a server it sends -a ClientHello message. -The server responds with a HelloVerifyRequest which contains a unique -cookie. -The client then resends the ClientHello, but this time includes the -cookie in the message thus proving that the client is capable of -receiving messages sent to that address. -All of this can be done by the server without allocating any state, and -thus without consuming expensive resources. -.Pp -OpenSSL implements this capability via the -.Fn DTLSv1_listen -function. -The -.Fa ssl -parameter should be a newly allocated -.Vt SSL -object with its read and write BIOs set, in the same way as might -be done for a call to -.Xr SSL_accept 3 . -Typically the read BIO will be in an "unconnected" state and thus -capable of receiving messages from any peer. -.Pp -When a ClientHello is received that contains a cookie that has been -verified, then -.Fn DTLSv1_listen -will return with the -.Fa ssl -parameter updated into a state where the handshake can be continued by a -call to (for example) -.Xr SSL_accept 3 . -Additionally the -.Vt struct sockaddr -pointed to by -.Fa peer -will be filled in with details of the peer that sent the ClientHello. -It is the calling code's responsibility to ensure that the -.Fa peer -location is sufficiently large to accommodate the addressing scheme in use. -For example this might be done by allocating space for a -.Vt struct sockaddr_storage -and casting the pointer to it to a -.Vt struct sockaddr * -for the call to -.Fn DTLSv1_listen . -Typically user code is expected to "connect" the underlying socket -to the peer and continue the handshake in a connected state. -.Pp -Prior to calling -.Fn DTLSv1_listen -user code must ensure that cookie generation and verification callbacks -have been set up using -.Fn SSL_CTX_set_cookie_generate_cb -and -.Fn SSL_CTX_set_cookie_verify_cb -respectively. -.Pp -Since -.Fn DTLSv1_listen -operates entirely statelessly whilst processing incoming ClientHellos, -it is unable to process fragmented messages (since this would require -the allocation of state). -An implication of this is that -.Fn DTLSv1_listen -only supports ClientHellos that fit inside a single datagram. -.Sh RETURN VALUES -From OpenSSL 1.1.0 a return value of >= 1 indicates success. -In this instance the -.Fa peer -value will be filled in and the -.Fa ssl -object set up ready to continue the handshake. -.Pp -A return value of 0 indicates a non-fatal error. -This could (for example) be because of non-blocking IO, or some invalid -message having been received from a peer. -Errors may be placed on the OpenSSL error queue with further information -if appropriate. -Typically user code is expected to retry the call to -.Fn DTLSv1_listen -in the event of a non-fatal error. -Any old errors on the error queue will be cleared in the subsequent -call. -.Pp -A return value of <0 indicates a fatal error. -This could (for example) be because of a failure to allocate sufficient -memory for the operation. -.Pp -Prior to OpenSSL 1.1.0 fatal and non-fatal errors both produce return -codes <= 0 (in typical implementations user code treats all errors as -non-fatal), whilst return codes >0 indicate success. -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr ssl 3 , -.Xr SSL_accept 3 , -.Xr SSL_get_error 3 -.Sh HISTORY -.Fn DTLSv1_listen -first appeared in OpenSSL 0.9.8m and has been available since -.Ox 4.9 . diff --git a/src/lib/libssl/man/Makefile b/src/lib/libssl/man/Makefile deleted file mode 100644 index c8f6e28541..0000000000 --- a/src/lib/libssl/man/Makefile +++ /dev/null @@ -1,134 +0,0 @@ -# $OpenBSD: Makefile,v 1.77 2022/07/13 20:52:36 schwarze Exp $ - -.include - -MAN = BIO_f_ssl.3 \ - DTLSv1_listen.3 \ - OPENSSL_init_ssl.3 \ - PEM_read_SSL_SESSION.3 \ - SSL_CIPHER_get_name.3 \ - SSL_COMP_add_compression_method.3 \ - SSL_CTX_add1_chain_cert.3 \ - SSL_CTX_add_extra_chain_cert.3 \ - SSL_CTX_add_session.3 \ - SSL_CTX_ctrl.3 \ - SSL_CTX_flush_sessions.3 \ - SSL_CTX_free.3 \ - SSL_CTX_get0_certificate.3 \ - SSL_CTX_get_ex_new_index.3 \ - SSL_CTX_get_verify_mode.3 \ - SSL_CTX_load_verify_locations.3 \ - SSL_CTX_new.3 \ - SSL_CTX_sess_number.3 \ - SSL_CTX_sess_set_cache_size.3 \ - SSL_CTX_sess_set_get_cb.3 \ - SSL_CTX_sessions.3 \ - SSL_CTX_set1_groups.3 \ - SSL_CTX_set_alpn_select_cb.3 \ - SSL_CTX_set_cert_store.3 \ - SSL_CTX_set_cert_verify_callback.3 \ - SSL_CTX_set_cipher_list.3 \ - SSL_CTX_set_client_CA_list.3 \ - SSL_CTX_set_client_cert_cb.3 \ - SSL_CTX_set_default_passwd_cb.3 \ - SSL_CTX_set_generate_session_id.3 \ - SSL_CTX_set_info_callback.3 \ - SSL_CTX_set_keylog_callback.3 \ - SSL_CTX_set_max_cert_list.3 \ - SSL_CTX_set_min_proto_version.3 \ - SSL_CTX_set_mode.3 \ - SSL_CTX_set_msg_callback.3 \ - SSL_CTX_set_options.3 \ - SSL_CTX_set_quiet_shutdown.3 \ - SSL_CTX_set_read_ahead.3 \ - SSL_CTX_set_security_level.3 \ - SSL_CTX_set_session_cache_mode.3 \ - SSL_CTX_set_session_id_context.3 \ - SSL_CTX_set_ssl_version.3 \ - SSL_CTX_set_timeout.3 \ - SSL_CTX_set_tlsext_servername_callback.3 \ - SSL_CTX_set_tlsext_status_cb.3 \ - SSL_CTX_set_tlsext_ticket_key_cb.3 \ - SSL_CTX_set_tlsext_use_srtp.3 \ - SSL_CTX_set_tmp_dh_callback.3 \ - SSL_CTX_set_tmp_rsa_callback.3 \ - SSL_CTX_set_verify.3 \ - SSL_CTX_use_certificate.3 \ - SSL_SESSION_free.3 \ - SSL_SESSION_get0_cipher.3 \ - SSL_SESSION_get0_peer.3 \ - SSL_SESSION_get_compress_id.3 \ - SSL_SESSION_get_ex_new_index.3 \ - SSL_SESSION_get_id.3 \ - SSL_SESSION_get_protocol_version.3 \ - SSL_SESSION_get_time.3 \ - SSL_SESSION_has_ticket.3 \ - SSL_SESSION_is_resumable.3 \ - SSL_SESSION_new.3 \ - SSL_SESSION_print.3 \ - SSL_SESSION_set1_id_context.3 \ - SSL_accept.3 \ - SSL_alert_type_string.3 \ - SSL_clear.3 \ - SSL_connect.3 \ - SSL_copy_session_id.3 \ - SSL_do_handshake.3 \ - SSL_dup.3 \ - SSL_dup_CA_list.3 \ - SSL_export_keying_material.3 \ - SSL_free.3 \ - SSL_get_SSL_CTX.3 \ - SSL_get_certificate.3 \ - SSL_get_ciphers.3 \ - SSL_get_client_CA_list.3 \ - SSL_get_client_random.3 \ - SSL_get_current_cipher.3 \ - SSL_get_default_timeout.3 \ - SSL_get_error.3 \ - SSL_get_ex_data_X509_STORE_CTX_idx.3 \ - SSL_get_ex_new_index.3 \ - SSL_get_fd.3 \ - SSL_get_finished.3 \ - SSL_get_peer_cert_chain.3 \ - SSL_get_peer_certificate.3 \ - SSL_get_rbio.3 \ - SSL_get_server_tmp_key.3 \ - SSL_get_session.3 \ - SSL_get_shared_ciphers.3 \ - SSL_get_state.3 \ - SSL_get_verify_result.3 \ - SSL_get_version.3 \ - SSL_library_init.3 \ - SSL_load_client_CA_file.3 \ - SSL_new.3 \ - SSL_num_renegotiations.3 \ - SSL_pending.3 \ - SSL_read.3 \ - SSL_read_early_data.3 \ - SSL_renegotiate.3 \ - SSL_rstate_string.3 \ - SSL_session_reused.3 \ - SSL_set1_host.3 \ - SSL_set1_param.3 \ - SSL_set_SSL_CTX.3 \ - SSL_set_bio.3 \ - SSL_set_connect_state.3 \ - SSL_set_fd.3 \ - SSL_set_max_send_fragment.3 \ - SSL_set_psk_use_session_callback.3 \ - SSL_set_session.3 \ - SSL_set_shutdown.3 \ - SSL_set_tmp_ecdh.3 \ - SSL_set_verify_result.3 \ - SSL_shutdown.3 \ - SSL_state_string.3 \ - SSL_want.3 \ - SSL_write.3 \ - d2i_SSL_SESSION.3 \ - ssl.3 - -all clean cleandir depend includes obj tags: - -install: maninstall - -.include diff --git a/src/lib/libssl/man/OPENSSL_init_ssl.3 b/src/lib/libssl/man/OPENSSL_init_ssl.3 deleted file mode 100644 index f37dccfaac..0000000000 --- a/src/lib/libssl/man/OPENSSL_init_ssl.3 +++ /dev/null @@ -1,76 +0,0 @@ -.\" $OpenBSD: OPENSSL_init_ssl.3,v 1.4 2019/06/14 13:41:31 schwarze Exp $ -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 14 2019 $ -.Dt OPENSSL_INIT_SSL 3 -.Os -.Sh NAME -.Nm OPENSSL_init_ssl -.Nd initialise the crypto and ssl libraries -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fo OPENSSL_init_ssl -.Fa "uint64_t options" -.Fa "const void *dummy" -.Fc -.Sh DESCRIPTION -This function is deprecated. -It is never useful for any application program to call it explicitly. -The library automatically calls it internally with an -.Fa options -argument of 0 whenever needed. -It is safest to assume that any function may do so. -.Pp -To enable or disable the standard configuration file, instead use -.Xr OPENSSL_config 3 -or -.Xr OPENSSL_no_config 3 , -respectively. -To load a non-standard configuration file, refer to -.Xr CONF_modules_load_file 3 . -.Pp -.Fn OPENSSL_init_ssl -calls -.Xr OPENSSL_init_crypto 3 , -.Xr SSL_load_error_strings 3 , -and -.Xr SSL_library_init 3 . -.Pp -The -.Fa options -argument is passed on to -.Xr OPENSSL_init_crypto 3 -and the -.Fa dummy -argument is ignored. -.Pp -If this function is called more than once, -none of the calls except the first one have any effect. -.Sh RETURN VALUES -.Fn OPENSSL_init_ssl -is intended to return 1 on success or 0 on error. -.Sh SEE ALSO -.Xr CONF_modules_load_file 3 , -.Xr OPENSSL_config 3 , -.Xr ssl 3 -.Sh HISTORY -.Fn OPENSSL_init_ssl -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . -.Sh BUGS -.Fn OPENSSL_init_ssl -silently ignores even more configuration failures than -.Xr OPENSSL_init_crypto 3 . diff --git a/src/lib/libssl/man/PEM_read_SSL_SESSION.3 b/src/lib/libssl/man/PEM_read_SSL_SESSION.3 deleted file mode 100644 index 3eb1414c62..0000000000 --- a/src/lib/libssl/man/PEM_read_SSL_SESSION.3 +++ /dev/null @@ -1,147 +0,0 @@ -.\" $OpenBSD: PEM_read_SSL_SESSION.3,v 1.4 2019/06/12 09:36:30 schwarze Exp $ -.\" OpenSSL doc/man3/PEM_read_CMS.pod b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Rich Salz . -.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 12 2019 $ -.Dt PEM_READ_SSL_SESSION 3 -.Os -.Sh NAME -.Nm PEM_read_SSL_SESSION , -.Nm PEM_read_bio_SSL_SESSION , -.Nm PEM_write_SSL_SESSION , -.Nm PEM_write_bio_SSL_SESSION -.Nd encode and decode SSL session objects in PEM format -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft SSL_SESSION * -.Fo PEM_read_SSL_SESSION -.Fa "FILE *fp" -.Fa "SSL_SESSION **a" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft SSL_SESSION * -.Fo PEM_read_bio_SSL_SESSION -.Fa "BIO *bp" -.Fa "SSL_SESSION **a" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_SSL_SESSION -.Fa "FILE *fp" -.Fa "const SSL_SESSION *a" -.Fc -.Ft int -.Fo PEM_write_bio_SSL_SESSION -.Fa "BIO *bp" -.Fa "const SSL_SESSION *a" -.Fc -.Sh DESCRIPTION -These routines convert between local instances of ASN.1 -.Vt SSL_SESSION -objects and the PEM encoding. -.Pp -.Fn PEM_read_SSL_SESSION -reads a PEM-encoded -.Vt SSL_SESSION -object from the file -.Fa fp -and returns it. -The -.Fa cb -and -.Fa u -parameters are as described in -.Xr PEM_read_bio_PrivateKey 3 . -.Pp -.Fn PEM_read_bio_SSL_SESSION -is similar to -.Fn PEM_read_SSL_SESSION -but reads from the BIO -.Fa bp . -.Pp -.Fn PEM_write_SSL_SESSION -writes the PEM encoding of the object -.Fa a -to the file -.Fa fp . -.Pp -.Fn PEM_write_bio_SSL_SESSION -similarly writes to the BIO -.Fa bp . -.Sh RETURN VALUES -.Fn PEM_read_SSL_SESSION -and -.Fn PEM_read_bio_SSL_SESSION -return a pointer to an allocated object, which should be released by -calling -.Xr SSL_SESSION_free 3 , -or -.Dv NULL -on error. -.Pp -.Fn PEM_write_SSL_SESSION -and -.Fn PEM_write_bio_SSL_SESSION -return the number of bytes written or 0 on error. -.Sh SEE ALSO -.Xr PEM_read 3 , -.Xr ssl 3 -.Sh HISTORY -.Fn PEM_read_SSL_SESSION -and -.Fn PEM_write_SSL_SESSION -first appeared in SSLeay 0.5.2. -.Fn PEM_read_bio_SSL_SESSION -and -.Fn PEM_write_bio_SSL_SESSION -first appeared in SSLeay 0.6.0. -These functions have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CIPHER_get_name.3 b/src/lib/libssl/man/SSL_CIPHER_get_name.3 deleted file mode 100644 index 86c1d3c0ba..0000000000 --- a/src/lib/libssl/man/SSL_CIPHER_get_name.3 +++ /dev/null @@ -1,398 +0,0 @@ -.\" $OpenBSD: SSL_CIPHER_get_name.3,v 1.17 2024/07/16 10:19:38 tb Exp $ -.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 -.\" -.\" This file was written by Lutz Jaenicke , -.\" Dr. Stephen Henson , Todd Short , -.\" and Paul Yang . -.\" Copyright (c) 2000, 2005, 2009, 2013, 2014, 2015, 2016, 2017 -.\" The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 16 2024 $ -.Dt SSL_CIPHER_GET_NAME 3 -.Os -.Sh NAME -.Nm SSL_CIPHER_get_name , -.Nm SSL_CIPHER_get_bits , -.Nm SSL_CIPHER_get_version , -.Nm SSL_CIPHER_get_cipher_nid , -.Nm SSL_CIPHER_get_digest_nid , -.Nm SSL_CIPHER_get_handshake_digest , -.Nm SSL_CIPHER_get_kx_nid , -.Nm SSL_CIPHER_get_auth_nid , -.Nm SSL_CIPHER_is_aead , -.Nm SSL_CIPHER_find , -.Nm SSL_CIPHER_get_id , -.Nm SSL_CIPHER_description -.Nd get SSL_CIPHER properties -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft const char * -.Fn SSL_CIPHER_get_name "const SSL_CIPHER *cipher" -.Ft int -.Fn SSL_CIPHER_get_bits "const SSL_CIPHER *cipher" "int *alg_bits" -.Ft const char * -.Fn SSL_CIPHER_get_version "const SSL_CIPHER *cipher" -.Ft int -.Fn SSL_CIPHER_get_cipher_nid "const SSL_CIPHER *cipher" -.Ft int -.Fn SSL_CIPHER_get_digest_nid "const SSL_CIPHER *cipher" -.Ft "const EVP_MD *" -.Fn SSL_CIPHER_get_handshake_digest "const SSL_CIPHER *cipher" -.Ft int -.Fn SSL_CIPHER_get_kx_nid "const SSL_CIPHER *cipher" -.Ft int -.Fn SSL_CIPHER_get_auth_nid "const SSL_CIPHER *cipher" -.Ft int -.Fn SSL_CIPHER_is_aead "const SSL_CIPHER *cipher" -.Ft const SSL_CIPHER * -.Fn SSL_CIPHER_find "SSL *ssl" "const unsigned char *ptr" -.Ft unsigned long -.Fn SSL_CIPHER_get_id "const SSL_CIPHER *cipher" -.Ft char * -.Fn SSL_CIPHER_description "const SSL_CIPHER *cipher" "char *buf" "int size" -.Sh DESCRIPTION -.Fn SSL_CIPHER_get_name -returns a pointer to the name of -.Fa cipher . -.Pp -.Fn SSL_CIPHER_get_bits -returns the number of secret bits used for -.Fa cipher . -If -.Fa alg_bits -is not -.Dv NULL , -the number of bits processed by the chosen algorithm is stored into it. -.Pp -.Fn SSL_CIPHER_get_version -returns a string which indicates the SSL/TLS protocol version that first -defined the cipher. -This is currently -.Qq TLSv1/SSLv3 . -In some cases it should possibly return -.Qq TLSv1.2 -but the function does not; use -.Fn SSL_CIPHER_description -instead. -.Pp -.Fn SSL_CIPHER_get_cipher_nid -returns the cipher NID corresponding to the -.Fa cipher . -If there is no cipher (e.g. for cipher suites with no encryption), then -.Dv NID_undef -is returned. -.Pp -.Fn SSL_CIPHER_get_digest_nid -returns the digest NID corresponding to the MAC used by the -.Fa cipher -during record encryption/decryption. -If there is no digest (e.g. for AEAD cipher suites), then -.Dv NID_undef -is returned. -.Pp -.Fn SSL_CIPHER_get_handshake_digest -returns the -.Vt EVP_MD -object representing the digest used during a TLS handshake with the cipher -.Fa c , -which may be different to the digest used in the message authentication code -for encrypted records. -.Pp -.Fn SSL_CIPHER_get_kx_nid -returns the key exchange NID corresponding to the method used by the -.Fa cipher . -If there is no key exchange, then -.Dv NID_undef -is returned. -Examples of possible return values include -.Dv NID_kx_rsa , -.Dv NID_kx_dhe , -and -.Dv NID_kx_ecdhe . -.Pp -.Fn SSL_CIPHER_get_auth_nid -returns the authentication NID corresponding to the method used by the -.Fa cipher . -If there is no authentication, -.Dv NID_undef -is returned. -Examples of possible return values include -.Dv NID_auth_rsa -and -.Dv NID_auth_ecdsa . -.Pp -.Fn SSL_CIPHER_is_aead -returns 1 if the -.Fa cipher -is AEAD (e.g. GCM or ChaCha20/Poly1305), or 0 if it is not AEAD. -.Pp -.Fn SSL_CIPHER_find -returns a pointer to a -.Vt SSL_CIPHER -structure which has the cipher ID specified in -.Fa ptr . -The -.Fa ptr -parameter is an array of length two which stores the two-byte -TLS cipher ID (as allocated by IANA) in network byte order. -.Fa SSL_CIPHER_find -returns -.Dv NULL -if an error occurs or the indicated cipher is not found. -.Pp -.Fn SSL_CIPHER_get_id -returns the ID of the given -.Fa cipher , -which must not be -.Dv NULL . -The ID here is an OpenSSL-specific concept, which stores a prefix -of 0x0300 in the higher two bytes and the IANA-specified cipher -suite ID in the lower two bytes. -For instance, TLS_RSA_WITH_NULL_MD5 has IANA ID "0x00, 0x01", so -.Fn SSL_CIPHER_get_id -returns 0x03000001. -.Pp -.Fn SSL_CIPHER_description -copies a textual description of -.Fa cipher -into the buffer -.Fa buf , -which must be at least -.Fa size -bytes long. -The -.Fa cipher -argument must not be a -.Dv NULL -pointer. -If -.Fa buf -is -.Dv NULL , -a buffer is allocated using -.Xr asprintf 3 ; -that buffer should be freed using the -.Xr free 3 -function. -If -.Fa len -is too small to hold the description, a pointer to the static string -.Qq Buffer too small -is returned. -If memory allocation fails, which can happen even if a -.Fa buf -of sufficient size is provided, a pointer to the static string -.Qq OPENSSL_malloc Error -is returned and the content of -.Fa buf -remains unchanged. -.Pp -The string returned by -.Fn SSL_CIPHER_description -consists of several fields separated by whitespace: -.Bl -tag -width Ds -.It Aq Ar ciphername -Textual representation of the cipher name. -.It Aq Ar protocol version -Protocol version: -.Sy SSLv3 , -.Sy TLSv1.2 , -or -.Sy TLSv1.3 . -The TLSv1.0 ciphers are flagged with SSLv3. -No new ciphers were added by TLSv1.1. -.It Kx= Ns Aq Ar key exchange -Key exchange method: -.Sy DH , -.Sy ECDH , -.Sy GOST , -.Sy RSA , -or -.Sy TLSv1.3 . -.It Au= Ns Aq Ar authentication -Authentication method: -.Sy ECDSA , -.Sy GOST01 , -.Sy RSA , -.Sy TLSv1.3 , -or -.Sy None . -.Sy None -is the representation of anonymous ciphers. -.It Enc= Ns Aq Ar symmetric encryption method -Encryption method with number of secret bits: -.Sy 3DES(168) , -.Sy RC4(128) , -.Sy AES(128) , -.Sy AES(256) , -.Sy AESGCM(128) , -.Sy AESGCM(256) , -.Sy Camellia(128) , -.Sy Camellia(256) , -.Sy ChaCha20-Poly1305 , -.Sy GOST-28178-89-CNT , -or -.Sy None . -.It Mac= Ns Aq Ar message authentication code -Message digest: -.Sy MD5 , -.Sy SHA1 , -.Sy SHA256 , -.Sy SHA384 , -.Sy AEAD , -.Sy GOST94 , -.Sy GOST89IMIT , -or -.Sy STREEBOG256 . -.El -.Sh RETURN VALUES -.Fn SSL_CIPHER_get_name -returns an internal pointer to a NUL-terminated string. -.Fn SSL_CIPHER_get_version -returns a pointer to a static NUL-terminated string. -If -.Fa cipher -is a -.Dv NULL -pointer, both functions return a pointer to the static string -.Qq Pq NONE . -.Pp -.Fn SSL_CIPHER_get_bits -returns a positive integer representing the number of secret bits -or 0 if -.Fa cipher -is a -.Dv NULL -pointer. -.Pp -.Fn SSL_CIPHER_get_cipher_nid , -.Fn SSL_CIPHER_get_digest_nid , -.Fn SSL_CIPHER_get_kx_nid , -and -.Fn SSL_CIPHER_get_auth_nid -return an NID constant or -.Dv NID_undef -if an error occurred. -.Fn SSL_CIPHER_get_handshake_digest -returns a valid -.Vt EVP_MD -object or -.Dv NULL -if an error occurred. -.Pp -.Fn SSL_CIPHER_is_aead -returns 1 if the -.Fa cipher -is AEAD or 0 otherwise. -.Pp -.Fn SSL_CIPHER_find -returns a pointer to a valid -.Vt SSL_CIPHER -structure or -.Dv NULL -if an error occurred. -.Pp -.Fn SSL_CIPHER_get_id -returns a 32-bit unsigned integer. -.Pp -.Fn SSL_CIPHER_description -returns -.Fa buf -or a newly allocated string on success or a pointer to a static -string on error. -.Sh EXAMPLES -An example for the output of -.Fn SSL_CIPHER_description : -.Bd -literal -ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD -.Ed -.Pp -A complete list can be retrieved by invoking the following command: -.Pp -.Dl $ openssl ciphers -v ALL:COMPLEMENTOFALL -.Sh SEE ALSO -.Xr openssl 1 , -.Xr ssl 3 , -.Xr SSL_get_ciphers 3 , -.Xr SSL_get_current_cipher 3 -.Sh HISTORY -.Fn SSL_CIPHER_description -first appeared in SSLeay 0.8.0. -.Fn SSL_CIPHER_get_name , -.Fn SSL_CIPHER_get_bits , -and -.Fn SSL_CIPHER_get_version -first appeared in SSLeay 0.8.1. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn SSL_CIPHER_get_id -first appeared in OpenSSL 1.0.1 and has been available since -.Ox 5.3 . -.Pp -.Fn SSL_CIPHER_get_cipher_nid , -.Fn SSL_CIPHER_get_digest_nid , -.Fn SSL_CIPHER_get_kx_nid , -.Fn SSL_CIPHER_get_auth_nid , -and -.Fn SSL_CIPHER_is_aead -first appeared in OpenSSL 1.1.0 and have been available since -.Ox 6.3 . -.Fn SSL_CIPHER_find -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 7.0 . -.Fn SSL_CIPHER_get_handshake_digest -first appeared in OpenSSL 1.1.1 and has been available since -.Ox 7.6 . -.Sh BUGS -If -.Fn SSL_CIPHER_description -cannot handle a built-in cipher, -the according description of the cipher property is -.Qq unknown . -This case should not occur. diff --git a/src/lib/libssl/man/SSL_COMP_add_compression_method.3 b/src/lib/libssl/man/SSL_COMP_add_compression_method.3 deleted file mode 100644 index f9e25358d7..0000000000 --- a/src/lib/libssl/man/SSL_COMP_add_compression_method.3 +++ /dev/null @@ -1,42 +0,0 @@ -.\" $OpenBSD: SSL_COMP_add_compression_method.3,v 1.7 2024/08/31 10:51:48 tb Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: August 31 2024 $ -.Dt SSL_COMP_ADD_COMPRESSION_METHOD 3 -.Os -.Sh NAME -.Nm SSL_COMP_get_compression_methods -.Nd handle SSL/TLS integrated compression methods -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft STACK_OF(SSL_COMP) * -.Fn SSL_COMP_get_compression_methods void -.Sh DESCRIPTION -This function is deprecated and has no effect. -It is provided purely for compatibility with legacy application code. -.Pp -.Fn SSL_COMP_get_compression_methods -used to return a stack of available compression methods. -.Sh RETURN VALUES -.Fn SSL_COMP_get_compression_methods -always returns -.Dv NULL . -.Sh SEE ALSO -.Xr ssl 3 -.Sh HISTORY -.Fn SSL_COMP_get_compression_methods -first appeared in OpenSSL 0.9.8 and has been available since -.Ox 4.5 . diff --git a/src/lib/libssl/man/SSL_CTX_add1_chain_cert.3 b/src/lib/libssl/man/SSL_CTX_add1_chain_cert.3 deleted file mode 100644 index 86eb27a523..0000000000 --- a/src/lib/libssl/man/SSL_CTX_add1_chain_cert.3 +++ /dev/null @@ -1,222 +0,0 @@ -.\" $OpenBSD: SSL_CTX_add1_chain_cert.3,v 1.2 2025/01/18 10:45:12 tb Exp $ -.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson -.\" and Rob Stradling . -.\" Copyright (c) 2013 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: January 18 2025 $ -.Dt SSL_CTX_ADD1_CHAIN_CERT 3 -.Os -.Sh NAME -.Nm SSL_CTX_set0_chain , -.Nm SSL_CTX_set1_chain , -.Nm SSL_CTX_add0_chain_cert , -.Nm SSL_CTX_add1_chain_cert , -.Nm SSL_CTX_get0_chain_certs , -.Nm SSL_CTX_clear_chain_certs , -.Nm SSL_set0_chain , -.Nm SSL_set1_chain , -.Nm SSL_add0_chain_cert , -.Nm SSL_add1_chain_cert , -.Nm SSL_get0_chain_certs , -.Nm SSL_clear_chain_certs -.Nd extra chain certificate processing -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fo SSL_CTX_set0_chain -.Fa "SSL_CTX *ctx" -.Fa "STACK_OF(X509) *chain" -.Fc -.Ft int -.Fo SSL_CTX_set1_chain -.Fa "SSL_CTX *ctx" -.Fa "STACK_OF(X509) *chain" -.Fc -.Ft int -.Fo SSL_CTX_add0_chain_cert -.Fa "SSL_CTX *ctx" -.Fa "X509 *cert" -.Fc -.Ft int -.Fo SSL_CTX_add1_chain_cert -.Fa "SSL_CTX *ctx" -.Fa "X509 *cert" -.Fc -.Ft int -.Fo SSL_CTX_get0_chain_certs -.Fa "SSL_CTX *ctx" -.Fa "STACK_OF(X509) **chain" -.Fc -.Ft int -.Fo SSL_CTX_clear_chain_certs -.Fa "SSL_CTX *ctx" -.Fc -.Ft int -.Fo SSL_set0_chain -.Fa "SSL *ssl" -.Fa "STACK_OF(X509) *chain" -.Fc -.Ft int -.Fo SSL_set1_chain -.Fa "SSL *ssl" -.Fa "STACK_OF(X509) *chain" -.Fc -.Ft int -.Fo SSL_add0_chain_cert -.Fa "SSL *ssl" -.Fa "X509 *cert" -.Fc -.Ft int -.Fo SSL_add1_chain_cert -.Fa "SSL *ssl" -.Fa "X509 *cert" -.Fc -.Ft int -.Fo SSL_get0_chain_certs -.Fa "SSL *ssl" -.Fa "STACK_OF(X509) **chain" -.Fc -.Ft int -.Fo SSL_clear_chain_certs -.Fa "SSL *ssl" -.Fc -.Sh DESCRIPTION -.Fn SSL_CTX_set0_chain -and -.Fn SSL_CTX_set1_chain -set the certificate chain associated with the current certificate of -.Fa ctx -to -.Fa chain . -The -.Fa chain -is not supposed to include the current certificate itself. -.Pp -.Fn SSL_CTX_add0_chain_cert -and -.Fn SSL_CTX_add1_chain_cert -append the single certificate -.Fa cert -to the chain associated with the current certificate of -.Fa ctx . -.Pp -.Fn SSL_CTX_get0_chain_certs -retrieves the chain associated with the current certificate of -.Fa ctx . -.Pp -.Fn SSL_CTX_clear_chain_certs -clears the existing chain associated with the current certificate of -.Fa ctx , -if any. -This is equivalent to calling -.Fn SSL_CTX_set0_chain -with -.Fa chain -set to -.Dv NULL . -.Pp -Each of these functions operates on the -.Em current -end entity (i.e. server or client) certificate. -This is the last certificate loaded or selected on the corresponding -.Fa ctx -structure, for example using -.Xr SSL_CTX_use_certificate 3 . -.Pp -.Fn SSL_set0_chain , -.Fn SSL_set1_chain , -.Fn SSL_add0_chain_cert , -.Fn SSL_add1_chain_cert , -.Fn SSL_get0_chain_certs , -and -.Fn SSL_clear_chain_certs -are similar except that they operate on the -.Fa ssl -connection. -.Pp -The functions containing a -.Sy 1 -in their name increment the reference count of the supplied certificate -or chain, so it must be freed at some point after the operation. -Those containing a -.Sy 0 -do not increment reference counts and the supplied certificate or chain -must not be freed after the operation. -.Pp -The chains associated with an -.Vt SSL_CTX -structure are copied to the new -.Vt SSL -structure when -.Xr SSL_new 3 -is called. -Existing -.Vt SSL -structures are not affected by any chains subsequently changed -in the parent -.Vt SSL_CTX . -.Pp -One chain can be set for each key type supported by a server. -So, for example, an RSA and an ECDSA certificate can have -different chains. -.Pp -If any certificates are added using these functions, no certificates -added using -.Xr SSL_CTX_add_extra_chain_cert 3 -will be used. -.Sh RETURN VALUES -These functions return 1 for success or 0 for failure. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_add_extra_chain_cert 3 , -.Xr SSL_CTX_use_certificate 3 -.Sh HISTORY -These functions first appeared in OpenSSL 1.0.2 -and have been available since -.Ox 6.5 . diff --git a/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 b/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 deleted file mode 100644 index b9694b0cbc..0000000000 --- a/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 +++ /dev/null @@ -1,160 +0,0 @@ -.\" $OpenBSD: SSL_CTX_add_extra_chain_cert.3,v 1.8 2025/01/18 10:45:12 tb Exp $ -.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke and -.\" Dr. Stephen Henson . -.\" Copyright (c) 2000, 2002, 2013, 2015 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: January 18 2025 $ -.Dt SSL_CTX_ADD_EXTRA_CHAIN_CERT 3 -.Os -.Sh NAME -.Nm SSL_CTX_add_extra_chain_cert , -.Nm SSL_CTX_get_extra_chain_certs_only , -.Nm SSL_CTX_get_extra_chain_certs , -.Nm SSL_CTX_clear_extra_chain_certs -.Nd add, retrieve, and clear extra chain certificates -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft long -.Fn SSL_CTX_add_extra_chain_cert "SSL_CTX *ctx" "X509 *x509" -.Ft long -.Fn SSL_CTX_get_extra_chain_certs_only "SSL_CTX *ctx" "STACK_OF(X509) **certs" -.Ft long -.Fn SSL_CTX_get_extra_chain_certs "SSL_CTX *ctx" "STACK_OF(X509) **certs" -.Ft long -.Fn SSL_CTX_clear_extra_chain_certs "SSL_CTX *ctx" -.Sh DESCRIPTION -.Fn SSL_CTX_add_extra_chain_cert -adds the certificate -.Fa x509 -to the extra chain certificates associated with -.Fa ctx . -Several certificates can be added one after another. -.Pp -.Fn SSL_CTX_get_extra_chain_certs_only -retrieves an internal pointer to the stack of extra chain certificates -associated with -.Fa ctx , -or set -.Pf * Fa certs -to -.Dv NULL -if there are none. -.Pp -.Fn SSL_CTX_get_extra_chain_certs -does the same except that it retrieves an internal pointer -to the chain associated with the certificate -if there are no extra chain certificates. -.Pp -.Fn SSL_CTX_clear_extra_chain_certs -clears all extra chain certificates associated with -.Fa ctx . -.Pp -These functions are implemented as macros. -.Pp -When sending a certificate chain, extra chain certificates are sent -in order following the end entity certificate. -.Pp -If no chain is specified, the library will try to complete the chain from the -available CA certificates in the trusted CA storage, see -.Xr SSL_CTX_load_verify_locations 3 . -.Pp -The x509 certificate provided to -.Fn SSL_CTX_add_extra_chain_cert -will be freed by the library when the -.Vt SSL_CTX -is destroyed. -An application should not free the -.Fa x509 -object, nor the -.Pf * Fa certs -object retrieved by -.Fn SSL_CTX_get_extra_chain_certs . -.Sh RETURN VALUES -These functions return 1 on success or 0 for failure. -Check out the error stack to find out the reason for failure. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_add1_chain_cert 3 , -.Xr SSL_CTX_ctrl 3 , -.Xr SSL_CTX_load_verify_locations 3 , -.Xr SSL_CTX_set_client_cert_cb 3 , -.Xr SSL_CTX_use_certificate 3 -.Sh HISTORY -.Fn SSL_CTX_add_extra_chain_cert -first appeared in SSLeay 0.9.1 and has been available since -.Ox 2.6 . -.Pp -.Fn SSL_CTX_get_extra_chain_certs -and -.Fn SSL_CTX_clear_extra_chain_certs -first appeared in OpenSSL 1.0.1 and have been available since -.Ox 5.3 . -.Pp -.Fn SSL_CTX_get_extra_chain_certs_only -first appeared in OpenSSL 1.0.2 and has been available since -.Ox 6.7 . -.Sh CAVEATS -Certificates added with -.Fn SSL_CTX_add_extra_chain_cert -are ignored when certificates are also available that have been -added using the functions documented in -.Xr SSL_CTX_set1_chain 3 . -.Pp -Only one set of extra chain certificates can be specified per -.Vt SSL_CTX -structure using -.Fn SSL_CTX_add_extra_chain_cert . -Different chains for different certificates (for example if both -RSA and ECDSA certificates are specified by the same server) or -different SSL structures with the same parent -.Vt SSL_CTX -require using the functions documented in -.Xr SSL_CTX_set1_chain 3 -instead. diff --git a/src/lib/libssl/man/SSL_CTX_add_session.3 b/src/lib/libssl/man/SSL_CTX_add_session.3 deleted file mode 100644 index 443bdb542a..0000000000 --- a/src/lib/libssl/man/SSL_CTX_add_session.3 +++ /dev/null @@ -1,132 +0,0 @@ -.\" $OpenBSD: SSL_CTX_add_session.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL SSL_CTX_add_session.pod 1722496f Jun 8 15:18:38 2017 -0400 -.\" -.\" This file was written by Lutz Jaenicke and -.\" Geoff Thorpe . -.\" Copyright (c) 2001, 2002, 2014 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_CTX_ADD_SESSION 3 -.Os -.Sh NAME -.Nm SSL_CTX_add_session , -.Nm SSL_CTX_remove_session -.Nd manipulate session cache -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_CTX_add_session "SSL_CTX *ctx" "SSL_SESSION *c" -.Ft int -.Fn SSL_CTX_remove_session "SSL_CTX *ctx" "SSL_SESSION *c" -.Sh DESCRIPTION -.Fn SSL_CTX_add_session -adds the session -.Fa c -to the context -.Fa ctx . -The reference count for session -.Fa c -is incremented by 1. -If a session with the same session id already exists, -the old session is removed by calling -.Xr SSL_SESSION_free 3 . -.Pp -.Fn SSL_CTX_remove_session -removes the session -.Fa c -from the context -.Fa ctx -and marks it as non-resumable. -.Xr SSL_SESSION_free 3 -is called once for -.Fa c . -.Pp -When adding a new session to the internal session cache, it is examined -whether a session with the same session id already exists. -In this case it is assumed that both sessions are identical. -If the same session is stored in a different -.Vt SSL_SESSION -object, the old session is removed and replaced by the new session. -If the session is actually identical (the -.Vt SSL_SESSION -object is identical), -.Fn SSL_CTX_add_session -is a no-op, and the return value is 0. -.Pp -If a server -.Vt SSL_CTX -is configured with the -.Dv SSL_SESS_CACHE_NO_INTERNAL_STORE -flag then the internal cache will not be populated automatically by new -sessions negotiated by the SSL/TLS implementation, even though the internal -cache will be searched automatically for session-resume requests (the -latter can be suppressed by -.Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP ) . -So the application can use -.Fn SSL_CTX_add_session -directly to have full control over the sessions that can be resumed if desired. -.Sh RETURN VALUES -The following values are returned by all functions: -.Bl -tag -width Ds -.It 0 -The operation failed. -In case of the add operation, it was tried to add the same (identical) session -twice. -In case of the remove operation, the session was not found in the cache. -.It 1 -The operation succeeded. -.El -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_set_session_cache_mode 3 , -.Xr SSL_SESSION_free 3 -.Sh HISTORY -.Fn SSL_CTX_add_session -and -.Fn SSL_CTX_remove_session -first appeared in SSLeay 0.8.0 and have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_ctrl.3 b/src/lib/libssl/man/SSL_CTX_ctrl.3 deleted file mode 100644 index c91ddff374..0000000000 --- a/src/lib/libssl/man/SSL_CTX_ctrl.3 +++ /dev/null @@ -1,122 +0,0 @@ -.\" $OpenBSD: SSL_CTX_ctrl.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_CTX_CTRL 3 -.Os -.Sh NAME -.Nm SSL_CTX_ctrl , -.Nm SSL_CTX_callback_ctrl , -.Nm SSL_ctrl , -.Nm SSL_callback_ctrl -.Nd internal handling functions for SSL_CTX and SSL objects -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft long -.Fn SSL_CTX_ctrl "SSL_CTX *ctx" "int cmd" "long larg" "void *parg" -.Ft long -.Fn SSL_CTX_callback_ctrl "SSL_CTX *" "int cmd" "void (*fp)()" -.Ft long -.Fn SSL_ctrl "SSL *ssl" "int cmd" "long larg" "void *parg" -.Ft long -.Fn SSL_callback_ctrl "SSL *" "int cmd" "void (*fp)()" -.Sh DESCRIPTION -The -.Fn SSL_*_ctrl -family of functions is used to manipulate settings of -the -.Vt SSL_CTX -and -.Vt SSL -objects. -Depending on the command -.Fa cmd -the arguments -.Fa larg , -.Fa parg , -or -.Fa fp -are evaluated. -These functions should never be called directly. -All functionalities needed are made available via other functions or macros. -.Sh RETURN VALUES -The return values of the -.Fn SSL*_ctrl -functions depend on the command supplied via the -.Fn cmd -parameter. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_add_extra_chain_cert 3 , -.Xr SSL_CTX_sess_number 3 , -.Xr SSL_CTX_sess_set_cache_size 3 , -.Xr SSL_CTX_set_max_cert_list 3 , -.Xr SSL_CTX_set_mode 3 , -.Xr SSL_CTX_set_options 3 , -.Xr SSL_CTX_set_session_cache_mode 3 , -.Xr SSL_CTX_set_tlsext_servername_callback 3 , -.Xr SSL_CTX_set_tlsext_status_cb 3 , -.Xr SSL_CTX_set_tlsext_ticket_key_cb 3 , -.Xr SSL_get_server_tmp_key 3 , -.Xr SSL_num_renegotiations 3 , -.Xr SSL_session_reused 3 , -.Xr SSL_set_max_send_fragment 3 -.Sh HISTORY -.Fn SSL_CTX_ctrl -and -.Fn SSL_ctrl -first appeared in SSLeay 0.8.0 and have been available since -.Ox 2.4 . -.Pp -.Fn SSL_CTX_callback_ctrl -and -.Fn SSL_callback_ctrl -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . diff --git a/src/lib/libssl/man/SSL_CTX_flush_sessions.3 b/src/lib/libssl/man/SSL_CTX_flush_sessions.3 deleted file mode 100644 index 2ef781cb4a..0000000000 --- a/src/lib/libssl/man/SSL_CTX_flush_sessions.3 +++ /dev/null @@ -1,100 +0,0 @@ -.\" $OpenBSD: SSL_CTX_flush_sessions.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL SSL_CTX_flush_sessions.pod 1722496f Jun 8 15:18:38 2017 -0400 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_CTX_FLUSH_SESSIONS 3 -.Os -.Sh NAME -.Nm SSL_CTX_flush_sessions -.Nd remove expired sessions -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft void -.Fn SSL_CTX_flush_sessions "SSL_CTX *ctx" "long tm" -.Sh DESCRIPTION -.Fn SSL_CTX_flush_sessions -causes a run through the session cache of -.Fa ctx -to remove sessions expired at time -.Fa tm . -.Pp -If enabled, the internal session cache will collect all sessions established -up to the specified maximum number (see -.Xr SSL_CTX_sess_set_cache_size 3 ) . -As sessions will not be reused once they are expired, they should be -removed from the cache to save resources. -This can either be done automatically whenever 255 new sessions were -established (see -.Xr SSL_CTX_set_session_cache_mode 3 ) -or manually by calling -.Fn SSL_CTX_flush_sessions . -.Pp -The parameter -.Fa tm -specifies the time which should be used for the -expiration test, in most cases the actual time given by -.Fn time 0 -will be used. -.Pp -.Fn SSL_CTX_flush_sessions -will only check sessions stored in the internal cache. -When a session is found and removed, the -.Va remove_session_cb -is however called to synchronize with the external cache (see -.Xr SSL_CTX_sess_set_get_cb 3 ) . -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_sess_set_get_cb 3 , -.Xr SSL_CTX_set_session_cache_mode 3 , -.Xr SSL_CTX_set_timeout 3 -.Sh HISTORY -.Fn SSL_CTX_flush_sessions -first appeared in SSLeay 0.8.0 and has been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_free.3 b/src/lib/libssl/man/SSL_CTX_free.3 deleted file mode 100644 index 47f247631b..0000000000 --- a/src/lib/libssl/man/SSL_CTX_free.3 +++ /dev/null @@ -1,101 +0,0 @@ -.\" $OpenBSD: SSL_CTX_free.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2001, 2003 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_CTX_FREE 3 -.Os -.Sh NAME -.Nm SSL_CTX_free -.Nd free an allocated SSL_CTX object -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft void -.Fn SSL_CTX_free "SSL_CTX *ctx" -.Sh DESCRIPTION -.Fn SSL_CTX_free -decrements the reference count of -.Fa ctx , -and removes the -.Vt SSL_CTX -object pointed to by -.Fa ctx -and frees up the allocated memory if the reference count has reached 0. -If -.Fa ctx -is a -.Dv NULL -pointer, no action occurs. -.Pp -It also calls the -.Xr free 3 Ns ing -procedures for indirectly affected items, if applicable: -the session cache, the list of ciphers, the list of Client CAs, -the certificates and keys. -.Sh WARNINGS -If a session-remove callback is set -.Pq Xr SSL_CTX_sess_set_remove_cb 3 , -this callback will be called for each session being freed from -.Fa ctx Ns 's -session cache. -This implies that all corresponding sessions from an external session cache are -removed as well. -If this is not desired, the user should explicitly unset the callback by -calling -.Fn SSL_CTX_sess_set_remove_cb ctx NULL -prior to calling -.Fn SSL_CTX_free . -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_new 3 , -.Xr SSL_CTX_sess_set_get_cb 3 -.Sh HISTORY -.Fn SSL_CTX_free -first appeared in SSLeay 0.5.1 and has been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_get0_certificate.3 b/src/lib/libssl/man/SSL_CTX_get0_certificate.3 deleted file mode 100644 index 63c86bd5e0..0000000000 --- a/src/lib/libssl/man/SSL_CTX_get0_certificate.3 +++ /dev/null @@ -1,51 +0,0 @@ -.\" $OpenBSD: SSL_CTX_get0_certificate.3,v 1.3 2019/06/12 09:36:30 schwarze Exp $ -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 12 2019 $ -.Dt SSL_CTX_GET0_CERTIFICATE 3 -.Os -.Sh NAME -.Nm SSL_CTX_get0_certificate -.Nd get the active certificate from an SSL context -.Sh SYNOPSIS -.Ft X509 * -.Fo SSL_CTX_get0_certificate -.Fa "const SSL_CTX *ctx" -.Fc -.Sh DESCRIPTION -The -.Fn SSL_CTX_get0_certificate -function returns an internal pointer -to the ASN.1 certificate currently active in -.Fa ctx -or -.Dv NULL -if none was installed with -.Xr SSL_CTX_use_certificate 3 -or similar functions. -.Pp -The returned pointer must not be freed by the caller. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_new 3 , -.Xr SSL_CTX_use_certificate 3 , -.Xr X509_get_pubkey 3 , -.Xr X509_get_subject_name 3 , -.Xr X509_new 3 -.Sh HISTORY -.Fn SSL_CTX_get0_certificate -first appeared in OpenSSL 1.0.2 and have been available since -.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_CTX_get_ex_new_index.3 b/src/lib/libssl/man/SSL_CTX_get_ex_new_index.3 deleted file mode 100644 index 3dbaf2e981..0000000000 --- a/src/lib/libssl/man/SSL_CTX_get_ex_new_index.3 +++ /dev/null @@ -1,124 +0,0 @@ -.\" $OpenBSD: SSL_CTX_get_ex_new_index.3,v 1.3 2018/03/21 08:06:34 schwarze Exp $ -.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001, 2005 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 21 2018 $ -.Dt SSL_CTX_GET_EX_NEW_INDEX 3 -.Os -.Sh NAME -.Nm SSL_CTX_get_ex_new_index , -.Nm SSL_CTX_set_ex_data , -.Nm SSL_CTX_get_ex_data -.Nd internal application specific data functions -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fo SSL_CTX_get_ex_new_index -.Fa "long argl" -.Fa "void *argp" -.Fa "CRYPTO_EX_new *new_func" -.Fa "CRYPTO_EX_dup *dup_func" -.Fa "CRYPTO_EX_free *free_func" -.Fc -.Ft int -.Fn SSL_CTX_set_ex_data "SSL_CTX *ctx" "int idx" "void *arg" -.Ft void * -.Fn SSL_CTX_get_ex_data "const SSL_CTX *ctx" "int idx" -.Bd -literal - typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, - int idx, long argl, void *argp); -.Ed -.Sh DESCRIPTION -Several OpenSSL structures can have application specific data attached to them. -These functions are used internally by OpenSSL to manipulate application -specific data attached to a specific structure. -.Pp -.Fn SSL_CTX_get_ex_new_index -is used to register a new index for application specific data. -.Pp -.Fn SSL_CTX_set_ex_data -is used to store application data at -.Fa arg -for -.Fa idx -into the -.Fa ctx -object. -.Pp -.Fn SSL_CTX_get_ex_data -is used to retrieve the information for -.Fa idx -from -.Fa ctx . -.Pp -A detailed description for the -.Fn *_get_ex_new_index -functionality can be found in -.Xr RSA_get_ex_new_index 3 . -The -.Fn *_get_ex_data -and -.Fn *_set_ex_data -functionality is described in -.Xr CRYPTO_set_ex_data 3 . -.Sh SEE ALSO -.Xr CRYPTO_set_ex_data 3 , -.Xr RSA_get_ex_new_index 3 , -.Xr ssl 3 -.Sh HISTORY -.Fn SSL_CTX_get_ex_new_index , -.Fn SSL_CTX_set_ex_data , -and -.Fn SSL_CTX_get_ex_data -first appeared in SSLeay 0.9.0 and have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_get_verify_mode.3 b/src/lib/libssl/man/SSL_CTX_get_verify_mode.3 deleted file mode 100644 index 7c87775069..0000000000 --- a/src/lib/libssl/man/SSL_CTX_get_verify_mode.3 +++ /dev/null @@ -1,131 +0,0 @@ -.\" $OpenBSD: SSL_CTX_get_verify_mode.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2005 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_CTX_GET_VERIFY_MODE 3 -.Os -.Sh NAME -.Nm SSL_CTX_get_verify_mode , -.Nm SSL_get_verify_mode , -.Nm SSL_CTX_get_verify_depth , -.Nm SSL_get_verify_depth , -.Nm SSL_get_verify_callback , -.Nm SSL_CTX_get_verify_callback -.Nd get currently set verification parameters -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_CTX_get_verify_mode "const SSL_CTX *ctx" -.Ft int -.Fn SSL_get_verify_mode "const SSL *ssl" -.Ft int -.Fn SSL_CTX_get_verify_depth "const SSL_CTX *ctx" -.Ft int -.Fn SSL_get_verify_depth "const SSL *ssl" -.Ft int -.Fo "(*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))" -.Fa int "X509_STORE_CTX *" -.Fc -.Ft int -.Fo "(*SSL_get_verify_callback(const SSL *ssl))" -.Fa int "X509_STORE_CTX *" -.Fc -.Sh DESCRIPTION -.Fn SSL_CTX_get_verify_mode -returns the verification mode currently set in -.Fa ctx . -.Pp -.Fn SSL_get_verify_mode -returns the verification mode currently set in -.Fa ssl . -.Pp -.Fn SSL_CTX_get_verify_depth -returns the verification depth limit currently set -in -.Fa ctx . -If no limit has been explicitly set, -\(mi1 is returned and the default value will be used. -.Pp -.Fn SSL_get_verify_depth -returns the verification depth limit currently set in -.Fa ssl . -If no limit has been explicitly set, -\(mi1 is returned and the default value will be used. -.Pp -.Fn SSL_CTX_get_verify_callback -returns a function pointer to the verification callback currently set in -.Fa ctx . -If no callback was explicitly set, the -.Dv NULL -pointer is returned and the default callback will be used. -.Pp -.Fn SSL_get_verify_callback -returns a function pointer to the verification callback currently set in -.Fa ssl . -If no callback was explicitly set, the -.Dv NULL -pointer is returned and the default callback will be used. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_set_verify 3 -.Sh HISTORY -.Fn SSL_CTX_get_verify_mode , -.Fn SSL_get_verify_mode , -.Fn SSL_get_verify_callback , -and -.Fn SSL_CTX_get_verify_callback -first appeared in SSLeay 0.8.0 and have been available since -.Ox 2.4 . -.Pp -.Fn SSL_CTX_get_verify_depth -and -.Fn SSL_get_verify_depth -first appeared in OpenSSL 0.9.3 and have been available since -.Ox 2.6 . diff --git a/src/lib/libssl/man/SSL_CTX_load_verify_locations.3 b/src/lib/libssl/man/SSL_CTX_load_verify_locations.3 deleted file mode 100644 index 373df2402e..0000000000 --- a/src/lib/libssl/man/SSL_CTX_load_verify_locations.3 +++ /dev/null @@ -1,238 +0,0 @@ -.\" $OpenBSD: SSL_CTX_load_verify_locations.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2001, 2015, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_CTX_LOAD_VERIFY_LOCATIONS 3 -.Os -.Sh NAME -.Nm SSL_CTX_load_verify_locations , -.Nm SSL_CTX_set_default_verify_paths -.Nd set default locations for trusted CA certificates -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fo SSL_CTX_load_verify_locations -.Fa "SSL_CTX *ctx" "const char *CAfile" "const char *CApath" -.Fc -.Ft int -.Fo SSL_CTX_set_default_verify_paths -.Fa "SSL_CTX *ctx" -.Fc -.Sh DESCRIPTION -.Fn SSL_CTX_load_verify_locations -specifies the locations for -.Fa ctx , -at which CA certificates for verification purposes are located. -The certificates available via -.Fa CAfile -and -.Fa CApath -are trusted. -.Pp -.Fn SSL_CTX_set_default_verify_paths -specifies that the default locations from which CA certificates are -loaded should be used. -There is one default directory and one default file. -The default CA certificates directory is called -.Pa certs -in the default OpenSSL directory. -The default CA certificates file is called -.Pa cert.pem -in the default OpenSSL directory. -.Pp -If -.Fa CAfile -is not -.Dv NULL , -it points to a file of CA certificates in PEM format. -The file can contain several CA certificates identified by sequences of: -.Bd -literal - -----BEGIN CERTIFICATE----- - ... (CA certificate in base64 encoding) ... - -----END CERTIFICATE----- -.Ed -.Pp -Before, between, and after the certificates arbitrary text is allowed which can -be used, e.g., for descriptions of the certificates. -.Pp -The -.Fa CAfile -is processed on execution of the -.Fn SSL_CTX_load_verify_locations -function. -.Pp -If -.Fa CApath -is not NULL, it points to a directory containing CA certificates in PEM format. -The files each contain one CA certificate. -The files are looked up by the CA subject name hash value, -which must hence be available. -If more than one CA certificate with the same name hash value exist, -the extension must be different (e.g., -.Pa 9d66eef0.0 , -.Pa 9d66eef0.1 , -etc.). -The search is performed in the ordering of the extension number, -regardless of other properties of the certificates. -.Pp -The certificates in -.Fa CApath -are only looked up when required, e.g., when building the certificate chain or -when actually performing the verification of a peer certificate. -.Pp -When looking up CA certificates, the OpenSSL library will first search the -certificates in -.Fa CAfile , -then those in -.Fa CApath . -Certificate matching is done based on the subject name, the key identifier (if -present), and the serial number as taken from the certificate to be verified. -If these data do not match, the next certificate will be tried. -If a first certificate matching the parameters is found, -the verification process will be performed; -no other certificates for the same parameters will be searched in case of -failure. -.Pp -In server mode, when requesting a client certificate, the server must send -the list of CAs of which it will accept client certificates. -This list is not influenced by the contents of -.Fa CAfile -or -.Fa CApath -and must explicitly be set using the -.Xr SSL_CTX_set_client_CA_list 3 -family of functions. -.Pp -When building its own certificate chain, an OpenSSL client/server will try to -fill in missing certificates from -.Fa CAfile Ns / Fa CApath , -if the -certificate chain was not explicitly specified (see -.Xr SSL_CTX_add_extra_chain_cert 3 -and -.Xr SSL_CTX_use_certificate 3 ) . -.Sh RETURN VALUES -For -.Fn SSL_CTX_load_verify_locations , -the following return values can occur: -.Bl -tag -width Ds -.It 0 -The operation failed because -.Fa CAfile -and -.Fa CApath -are -.Dv NULL -or the processing at one of the locations specified failed. -Check the error stack to find out the reason. -.It 1 -The operation succeeded. -.El -.Pp -.Fn SSL_CTX_set_default_verify_paths -returns 1 on success or 0 on failure. -A missing default location is still treated as a success. -.Sh EXAMPLES -Generate a CA certificate file with descriptive text from the CA certificates -.Pa ca1.pem -.Pa ca2.pem -.Pa ca3.pem : -.Bd -literal -#!/bin/sh -rm CAfile.pem -for i in ca1.pem ca2.pem ca3.pem; do - openssl x509 -in $i -text >> CAfile.pem -done -.Ed -.Pp -Prepare the directory /some/where/certs containing several CA certificates -for use as -.Fa CApath : -.Bd -literal -$ cd /some/where/certs -$ rm -f *.[0-9]* *.r[0-9]* -$ for c in *.pem; do -> [ "$c" = "*.pem" ] && continue -> hash=$(openssl x509 -noout -hash -in "$c") -> if egrep -q -- '-BEGIN( X509 | TRUSTED | )CERTIFICATE-' "$c"; then -> suf=0 -> while [ -e $hash.$suf ]; do suf=$(( $suf + 1 )); done -> ln -s "$c" $hash.$suf -> fi -> if egrep -q -- '-BEGIN X509 CRL-' "$c"; then -> suf=0 -> while [ -e $hash.r$suf ]; do suf=$(( $suf + 1 )); done -> ln -s "$c" $hash.r$suf -> fi -> done -.Ed -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_add_extra_chain_cert 3 , -.Xr SSL_CTX_set_cert_store 3 , -.Xr SSL_CTX_set_client_CA_list 3 , -.Xr SSL_CTX_use_certificate 3 , -.Xr SSL_get_client_CA_list 3 -.Sh HISTORY -.Fn SSL_CTX_load_verify_locations -and -.Fn SSL_CTX_set_default_verify_paths -first appeared in SSLeay 0.8.0 and have been available since -.Ox 2.4 . -.Sh CAVEATS -If several CA certificates matching the name, key identifier, and serial -number condition are available, only the first one will be examined. -This may lead to unexpected results if the same CA certificate is available -with different expiration dates. -If a -.Dq certificate expired -verification error occurs, no other certificate will be searched. -Make sure to not have expired certificates mixed with valid ones. diff --git a/src/lib/libssl/man/SSL_CTX_new.3 b/src/lib/libssl/man/SSL_CTX_new.3 deleted file mode 100644 index 4b50a03de4..0000000000 --- a/src/lib/libssl/man/SSL_CTX_new.3 +++ /dev/null @@ -1,345 +0,0 @@ -.\" $OpenBSD: SSL_CTX_new.3,v 1.17 2022/07/13 22:05:53 schwarze Exp $ -.\" full merge up to: OpenSSL 21cd6e00 Oct 21 14:40:15 2015 +0100 -.\" selective merge up to: OpenSSL 8f75443f May 24 14:04:26 2019 +0200 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2005, 2012, 2013, 2015, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 13 2022 $ -.Dt SSL_CTX_NEW 3 -.Os -.Sh NAME -.Nm SSL_CTX_new , -.Nm SSL_CTX_up_ref , -.Nm TLS_method , -.Nm TLS_server_method , -.Nm TLS_client_method , -.Nm SSLv23_method , -.Nm SSLv23_server_method , -.Nm SSLv23_client_method , -.Nm TLSv1_method , -.Nm TLSv1_server_method , -.Nm TLSv1_client_method , -.Nm TLSv1_1_method , -.Nm TLSv1_1_server_method , -.Nm TLSv1_1_client_method , -.Nm TLSv1_2_method , -.Nm TLSv1_2_server_method , -.Nm TLSv1_2_client_method , -.Nm DTLS_method , -.Nm DTLS_server_method , -.Nm DTLS_client_method , -.Nm DTLSv1_method , -.Nm DTLSv1_server_method , -.Nm DTLSv1_client_method , -.Nm DTLSv1_2_method , -.Nm DTLSv1_2_server_method , -.Nm DTLSv1_2_client_method -.Nd create a new SSL_CTX object as a framework for TLS enabled functions -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft SSL_CTX * -.Fn SSL_CTX_new "const SSL_METHOD *method" -.Ft int -.Fn SSL_CTX_up_ref "SSL_CTX *ctx" -.Ft const SSL_METHOD * -.Fn TLS_method void -.Ft const SSL_METHOD * -.Fn TLS_server_method void -.Ft const SSL_METHOD * -.Fn TLS_client_method void -.Ft const SSL_METHOD * -.Fn SSLv23_method void -.Ft const SSL_METHOD * -.Fn SSLv23_server_method void -.Ft const SSL_METHOD * -.Fn SSLv23_client_method void -.Ft const SSL_METHOD * -.Fn TLSv1_method void -.Ft const SSL_METHOD * -.Fn TLSv1_server_method void -.Ft const SSL_METHOD * -.Fn TLSv1_client_method void -.Ft const SSL_METHOD * -.Fn TLSv1_1_method void -.Ft const SSL_METHOD * -.Fn TLSv1_1_server_method void -.Ft const SSL_METHOD * -.Fn TLSv1_1_client_method void -.Ft const SSL_METHOD * -.Fn TLSv1_2_method void -.Ft const SSL_METHOD * -.Fn TLSv1_2_server_method void -.Ft const SSL_METHOD * -.Fn TLSv1_2_client_method void -.Ft const SSL_METHOD * -.Fn DTLS_method void -.Ft const SSL_METHOD * -.Fn DTLS_server_method void -.Ft const SSL_METHOD * -.Fn DTLS_client_method void -.Ft const SSL_METHOD * -.Fn DTLSv1_method void -.Ft const SSL_METHOD * -.Fn DTLSv1_server_method void -.Ft const SSL_METHOD * -.Fn DTLSv1_client_method void -.Ft const SSL_METHOD * -.Fn DTLSv1_2_method void -.Ft const SSL_METHOD * -.Fn DTLSv1_2_server_method void -.Ft const SSL_METHOD * -.Fn DTLSv1_2_client_method void -.Sh DESCRIPTION -.Fn SSL_CTX_new -creates a new -.Vt SSL_CTX -object as a framework to establish TLS or DTLS enabled connections. -It initializes the list of ciphers, the session cache setting, the -callbacks, the keys and certificates, the options, and the security -level to its default values. -.Pp -An -.Vt SSL_CTX -object is reference counted. -Creating a new -.Vt SSL_CTX -object sets its reference count to 1. -Calling -.Fn SSL_CTX_up_ref -on it increments the reference count by 1. -Calling -.Xr SSL_CTX_free 3 -on it decrements the reference count by 1. -When the reference count drops to zero, -any memory or resources allocated to the -.Vt SSL_CTX -object are freed. -.Pp -The -.Vt SSL_CTX -object uses -.Fa method -as its connection method, which can be: -.Bl -tag -width Ds -.It Fn TLS_method -The general-purpose version-flexible TLS method. -The protocol version used will be negotiated to the highest -version mutually supported by the client and the server. -The supported protocols are TLSv1, TLSv1.1, TLSv1.2, and TLSv1.3. -.It Fn DTLS_method -The version-flexible DTLS method. -The currently supported protocols are DTLSv1 and DTLSv1.2. -.El -.Pp -The following -.Fa method -arguments are deprecated: -.Bl -tag -width Ds -.It Xo -.Fn TLS_server_method , -.Fn TLS_client_method , -.Fn SSLv23_method , -.Fn SSLv23_server_method , -.Fn SSLv23_client_method -.Xc -Deprecated aliases for -.Fn TLS_method . -.It Xo -.Fn DTLS_server_method , -.Fn DTLS_client_method -.Xc -Deprecated aliases for -.Fn DTLS_method . -.It Xo -.Fn TLSv1_method , -.Fn TLSv1_server_method , -.Fn TLSv1_client_method -.Xc -A connection established with these methods will only -understand the TLSv1 protocol. -.It Xo -.Fn TLSv1_1_method , -.Fn TLSv1_1_server_method , -.Fn TLSv1_1_client_method -.Xc -A connection established with these methods will only -understand the TLSv1.1 protocol. -.It Xo -.Fn TLSv1_2_method , -.Fn TLSv1_2_server_method , -.Fn TLSv1_2_client_method -.Xc -A connection established with these methods will only -understand the TLSv1.2 protocol. -.It Xo -.Fn DTLSv1_method , -.Fn DTLSv1_server_method , -.Fn DTLSv1_client_method -.Xc -These are the version-specific methods for DTLSv1. -.It Xo -.Fn DTLSv1_2_method , -.Fn DTLSv1_2_server_method , -.Fn DTLSv1_2_client_method -These are the version-specific methods for DTLSv1.2. -.Xc -.El -.Pp -In LibreSSL, the methods containing the substrings -.Dq _server -or -.Dq _client -in their names return the same objects -as the methods without these substrings. -.Pp -The list of protocols available can also be limited using the -.Dv SSL_OP_NO_TLSv1 , -.Dv SSL_OP_NO_TLSv1_1 , -and -.Dv SSL_OP_NO_TLSv1_2 -options of the -.Xr SSL_CTX_set_options 3 -or -.Xr SSL_set_options 3 -functions, but this approach is not recommended. -Clients should avoid creating "holes" in the set of protocols they support. -When disabling a protocol, make sure that you also disable either -all previous or all subsequent protocol versions. -In clients, when a protocol version is disabled without disabling -all previous protocol versions, the effect is to also disable all -subsequent protocol versions. -.Pp -DTLSv1 and DTLSv1.2 can be disabled with -.Xr SSL_CTX_set_options 3 -or -.Xr SSL_set_options 3 -using the -.Dv SSL_OP_NO_DTLSv1 -and -.Dv SSL_OP_NO_DTLSv1_2 -options, respectively. -.Sh RETURN VALUES -.Fn SSL_CTX_new -returns a pointer to the newly allocated object or -.Dv NULL -on failure. -Check the error stack to find out the reason for failure. -.Pp -.Fn SSL_CTX_up_ref -returns 1 for success or 0 for failure. -.Pp -.Fn TLS_method -and the other -.Fn *_method -functions return pointers to constant static objects. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_accept 3 , -.Xr SSL_CTX_free 3 , -.Xr SSL_CTX_set_min_proto_version 3 , -.Xr SSL_CTX_set_options 3 , -.Xr SSL_CTX_set_security_level 3 , -.Xr SSL_set_connect_state 3 -.Sh HISTORY -.Fn SSL_CTX_new -first appeared in SSLeay 0.5.1. -.Fn SSLv23_method , -.Fn SSLv23_server_method , -and -.Fn SSLv23_client_method -first appeared in SSLeay 0.8.0. -.Fn TLSv1_method , -.Fn TLSv1_server_method , -and -.Fn TLSv1_client_method -first appeared in SSLeay 0.9.0. -All these functions have been available since -.Ox 2.4 . -.Pp -.Fn DTLSv1_method , -.Fn DTLSv1_server_method , -and -.Fn DTLSv1_client_method -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Pp -.Fn TLSv1_1_method , -.Fn TLSv1_1_server_method , -.Fn TLSv1_1_client_method , -.Fn TLSv1_2_method , -.Fn TLSv1_2_server_method , -and -.Fn TLSv1_2_client_method -first appeared in OpenSSL 1.0.1 and have been available since -.Ox 5.3 . -.Pp -.Fn DTLS_method , -.Fn DTLS_server_method , -and -.Fn DTLS_client_method -first appeared in OpenSSL 1.0.2 and have been available since -.Ox 6.5 . -.Pp -.Fn TLS_method , -.Fn TLS_server_method , -and -.Fn TLS_client_method -first appeared in OpenSSL 1.1.0 and have been available since -.Ox 5.8 . -.Pp -.Fn SSL_CTX_up_ref -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . -.Pp -.Fn DTLSv1_2_method , -.Fn DTLSv1_2_server_method , -and -.Fn DTLSv1_2_client_method -first appeared in OpenSSL 1.1.0 and have been available since -.Ox 6.9 . diff --git a/src/lib/libssl/man/SSL_CTX_sess_number.3 b/src/lib/libssl/man/SSL_CTX_sess_number.3 deleted file mode 100644 index 76d436cd17..0000000000 --- a/src/lib/libssl/man/SSL_CTX_sess_number.3 +++ /dev/null @@ -1,168 +0,0 @@ -.\" $OpenBSD: SSL_CTX_sess_number.3,v 1.9 2019/06/12 09:36:30 schwarze Exp $ -.\" OpenSSL SSL_CTX_sess_number.pod 7bd27895 Mar 29 11:45:29 2017 +1000 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 12 2019 $ -.Dt SSL_CTX_SESS_NUMBER 3 -.Os -.Sh NAME -.Nm SSL_CTX_sess_number , -.Nm SSL_CTX_sess_connect , -.Nm SSL_CTX_sess_connect_good , -.Nm SSL_CTX_sess_connect_renegotiate , -.Nm SSL_CTX_sess_accept , -.Nm SSL_CTX_sess_accept_good , -.Nm SSL_CTX_sess_accept_renegotiate , -.Nm SSL_CTX_sess_hits , -.Nm SSL_CTX_sess_cb_hits , -.Nm SSL_CTX_sess_misses , -.Nm SSL_CTX_sess_timeouts , -.Nm SSL_CTX_sess_cache_full -.Nd obtain session cache statistics -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft long -.Fn SSL_CTX_sess_number "SSL_CTX *ctx" -.Ft long -.Fn SSL_CTX_sess_connect "SSL_CTX *ctx" -.Ft long -.Fn SSL_CTX_sess_connect_good "SSL_CTX *ctx" -.Ft long -.Fn SSL_CTX_sess_connect_renegotiate "SSL_CTX *ctx" -.Ft long -.Fn SSL_CTX_sess_accept "SSL_CTX *ctx" -.Ft long -.Fn SSL_CTX_sess_accept_good "SSL_CTX *ctx" -.Ft long -.Fn SSL_CTX_sess_accept_renegotiate "SSL_CTX *ctx" -.Ft long -.Fn SSL_CTX_sess_hits "SSL_CTX *ctx" -.Ft long -.Fn SSL_CTX_sess_cb_hits "SSL_CTX *ctx" -.Ft long -.Fn SSL_CTX_sess_misses "SSL_CTX *ctx" -.Ft long -.Fn SSL_CTX_sess_timeouts "SSL_CTX *ctx" -.Ft long -.Fn SSL_CTX_sess_cache_full "SSL_CTX *ctx" -.Sh DESCRIPTION -.Fn SSL_CTX_sess_number -returns the current number of sessions in the internal session cache. -.Pp -.Fn SSL_CTX_sess_connect -returns the number of started SSL/TLS handshakes in client mode. -.Pp -.Fn SSL_CTX_sess_connect_good -returns the number of successfully established SSL/TLS sessions in client mode. -.Pp -.Fn SSL_CTX_sess_connect_renegotiate -returns the number of started renegotiations in client mode. -.Pp -.Fn SSL_CTX_sess_accept -returns the number of started SSL/TLS handshakes in server mode. -.Pp -.Fn SSL_CTX_sess_accept_good -returns the number of successfully established SSL/TLS sessions in server mode. -.Pp -.Fn SSL_CTX_sess_accept_renegotiate -returns the number of started renegotiations in server mode. -.Pp -.Fn SSL_CTX_sess_hits -returns the number of successfully reused sessions. -In client mode a session set with -.Xr SSL_set_session 3 -successfully reused is counted as a hit. -In server mode a session successfully retrieved from internal or external cache -is counted as a hit. -.Pp -.Fn SSL_CTX_sess_cb_hits -returns the number of successfully retrieved sessions from the external session -cache in server mode. -.Pp -.Fn SSL_CTX_sess_misses -returns the number of sessions proposed by clients that were not found in the -internal session cache in server mode. -.Pp -.Fn SSL_CTX_sess_timeouts -returns the number of sessions proposed by clients and either found in the -internal or external session cache in server mode, -but that were invalid due to timeout. -These sessions are not included in the -.Fn SSL_CTX_sess_hits -count. -.Pp -.Fn SSL_CTX_sess_cache_full -returns the number of sessions that were removed because the maximum session -cache size was exceeded. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_ctrl 3 , -.Xr SSL_CTX_sess_set_cache_size 3 , -.Xr SSL_CTX_set_session_cache_mode 3 , -.Xr SSL_set_session 3 -.Sh HISTORY -.Fn SSL_CTX_sess_number , -.Fn SSL_CTX_sess_connect , -.Fn SSL_CTX_sess_connect_good , -.Fn SSL_CTX_sess_accept , -.Fn SSL_CTX_sess_accept_good , -.Fn SSL_CTX_sess_hits , -.Fn SSL_CTX_sess_misses , -and -.Fn SSL_CTX_sess_timeouts -first appeared in SSLeay 0.5.2. -.Fn SSL_CTX_sess_cb_hits -first appeared in SSLeay 0.6.0. -.Fn SSL_CTX_sess_connect_renegotiate , -.Fn SSL_CTX_sess_accept_renegotiate , -and -.Fn SSL_CTX_sess_cache_full -first appeared in SSLeay 0.9.0. -All these functions have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 b/src/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 deleted file mode 100644 index 6d5fede0b6..0000000000 --- a/src/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 +++ /dev/null @@ -1,109 +0,0 @@ -.\" $OpenBSD: SSL_CTX_sess_set_cache_size.3,v 1.5 2019/06/12 09:36:30 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001, 2002, 2014 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 12 2019 $ -.Dt SSL_CTX_SESS_SET_CACHE_SIZE 3 -.Os -.Sh NAME -.Nm SSL_CTX_sess_set_cache_size , -.Nm SSL_CTX_sess_get_cache_size -.Nd manipulate session cache size -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft long -.Fn SSL_CTX_sess_set_cache_size "SSL_CTX *ctx" "long t" -.Ft long -.Fn SSL_CTX_sess_get_cache_size "SSL_CTX *ctx" -.Sh DESCRIPTION -.Fn SSL_CTX_sess_set_cache_size -sets the size of the internal session cache of context -.Fa ctx -to -.Fa t . -.Pp -.Fn SSL_CTX_sess_get_cache_size -returns the currently valid session cache size. -.Pp -The internal session cache size is -.Dv SSL_SESSION_CACHE_MAX_SIZE_DEFAULT , -currently 1024\(mu20, so that up to 20000 sessions can be held. -This size can be modified using the -.Fn SSL_CTX_sess_set_cache_size -call. -A special case is the size 0, which is used for unlimited size. -.Pp -If adding the session makes the cache exceed its size, then unused -sessions are dropped from the end of the cache. -Cache space may also be reclaimed by calling -.Xr SSL_CTX_flush_sessions 3 -to remove expired sessions. -.Pp -If the size of the session cache is reduced and more sessions are already in -the session cache, -old session will be removed the next time a session shall be added. -This removal is not synchronized with the expiration of sessions. -.Sh RETURN VALUES -.Fn SSL_CTX_sess_set_cache_size -returns the previously valid size. -.Pp -.Fn SSL_CTX_sess_get_cache_size -returns the currently valid size. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_ctrl 3 , -.Xr SSL_CTX_flush_sessions 3 , -.Xr SSL_CTX_sess_number 3 , -.Xr SSL_CTX_set_session_cache_mode 3 -.Sh HISTORY -.Fn SSL_CTX_sess_set_cache_size -and -.Fn SSL_CTX_sess_get_cache_size -first appeared in SSLeay 0.9.0 and have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 b/src/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 deleted file mode 100644 index e99f2be671..0000000000 --- a/src/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 +++ /dev/null @@ -1,221 +0,0 @@ -.\" $OpenBSD: SSL_CTX_sess_set_get_cb.3,v 1.7 2022/03/29 18:15:52 naddy Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001, 2002, 2003, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 29 2022 $ -.Dt SSL_CTX_SESS_SET_GET_CB 3 -.Os -.Sh NAME -.Nm SSL_CTX_sess_set_new_cb , -.Nm SSL_CTX_sess_set_remove_cb , -.Nm SSL_CTX_sess_set_get_cb , -.Nm SSL_CTX_sess_get_new_cb , -.Nm SSL_CTX_sess_get_remove_cb , -.Nm SSL_CTX_sess_get_get_cb -.Nd provide callback functions for server side external session caching -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft void -.Fo SSL_CTX_sess_set_new_cb -.Fa "SSL_CTX *ctx" -.Fa "int (*new_session_cb)(SSL *, SSL_SESSION *)" -.Fc -.Ft void -.Fo SSL_CTX_sess_set_remove_cb -.Fa "SSL_CTX *ctx" -.Fa "void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *)" -.Fc -.Ft void -.Fo SSL_CTX_sess_set_get_cb -.Fa "SSL_CTX *ctx" -.Fa "SSL_SESSION (*get_session_cb)(SSL *, const unsigned char *, int, int *)" -.Fc -.Ft int -.Fo "(*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))" -.Fa "SSL *ssl" -.Fa "SSL_SESSION *sess" -.Fc -.Ft void -.Fo "(*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))" -.Fa "SSL_CTX *ctx" -.Fa "SSL_SESSION *sess" -.Fc -.Ft SSL_SESSION * -.Fo "(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))" -.Fa "SSL *ssl" -.Fa "const unsigned char *data" -.Fa "int len" -.Fa "int *copy" -.Fc -.Ft int -.Fo "(*new_session_cb)" -.Fa "SSL *ssl" -.Fa "SSL_SESSION *sess" -.Fc -.Ft void -.Fo "(*remove_session_cb)" -.Fa "SSL_CTX *ctx" -.Fa "SSL_SESSION *sess" -.Fc -.Ft SSL_SESSION * -.Fo "(*get_session_cb)" -.Fa "SSL *ssl" -.Fa "unsigned char *data" -.Fa "int len" -.Fa "int *copy" -.Fc -.Sh DESCRIPTION -.Fn SSL_CTX_sess_set_new_cb -sets the callback function which is automatically called whenever a new session -was negotiated. -.Pp -.Fn SSL_CTX_sess_set_remove_cb -sets the callback function which is automatically called whenever a session is -removed by the SSL engine (because it is considered faulty or the session has -become obsolete because of exceeding the timeout value). -.Pp -.Fn SSL_CTX_sess_set_get_cb -sets the callback function which is called whenever a SSL/TLS client proposes -to resume a session but the session cannot be found in the internal session -cache (see -.Xr SSL_CTX_set_session_cache_mode 3 ) . -(SSL/TLS server only.) -.Pp -.Fn SSL_CTX_sess_get_new_cb , -.Fn SSL_CTX_sess_get_remove_cb , -and -.Fn SSL_CTX_sess_get_get_cb -retrieve the function pointers of the provided callback functions. -If a callback function has not been set, the -.Dv NULL -pointer is returned. -.Pp -In order to allow external session caching, synchronization with the internal -session cache is realized via callback functions. -Inside these callback functions, session can be saved to disk or put into a -database using the -.Xr d2i_SSL_SESSION 3 -interface. -.Pp -The -.Fn new_session_cb -function is called whenever a new session has been negotiated and session -caching is enabled (see -.Xr SSL_CTX_set_session_cache_mode 3 ) . -The -.Fn new_session_cb -function is passed the -.Fa ssl -connection and the ssl session -.Fa sess . -If the callback returns 0, the session will be immediately removed again. -.Pp -The -.Fn remove_session_cb -function is called whenever the SSL engine removes a session from the -internal cache. -This happens when the session is removed because it is expired or when a -connection was not shut down cleanly. -It also happens for all sessions in the internal session cache when -.Xr SSL_CTX_free 3 -is called. -The -.Fn remove_session_cb -function is passed the -.Fa ctx -and the -.Vt ssl -session -.Fa sess . -It does not provide any feedback. -.Pp -The -.Fn get_session_cb -function is only called on SSL/TLS servers with the session id proposed by the -client. -The -.Fn get_session_cb -function is always called, also when session caching was disabled. -The -.Fn get_session_cb -function is passed the -.Fa ssl -connection, the session id of length -.Fa length -at the memory location -.Fa data . -With the parameter -.Fa copy -the callback can require the SSL engine to increment the reference count of the -.Vt SSL_SESSION -object, -Normally the reference count is not incremented and therefore the session must -not be explicitly freed with -.Xr SSL_SESSION_free 3 . -.Sh SEE ALSO -.Xr d2i_SSL_SESSION 3 , -.Xr ssl 3 , -.Xr SSL_CTX_flush_sessions 3 , -.Xr SSL_CTX_free 3 , -.Xr SSL_CTX_set_session_cache_mode 3 , -.Xr SSL_SESSION_free 3 -.Sh HISTORY -.Fn SSL_CTX_sess_set_new_cb , -.Fn SSL_CTX_sess_set_get_cb , -.Fn SSL_CTX_sess_get_new_cb , -and -.Fn SSL_CTX_sess_get_get_cb -first appeared in SSLeay 0.6.0. -.Fn SSL_CTX_sess_set_remove_cb -and -.Fn SSL_CTX_sess_get_remove_cb -first appeared in SSLeay 0.8.0. -These functions have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_sessions.3 b/src/lib/libssl/man/SSL_CTX_sessions.3 deleted file mode 100644 index 964d1a7346..0000000000 --- a/src/lib/libssl/man/SSL_CTX_sessions.3 +++ /dev/null @@ -1,86 +0,0 @@ -.\" $OpenBSD: SSL_CTX_sessions.3,v 1.5 2018/04/25 14:19:39 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: April 25 2018 $ -.Dt SSL_CTX_SESSIONS 3 -.Os -.Sh NAME -.Nm SSL_CTX_sessions -.Nd access internal session cache -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft LHASH_OF(SSL_SESSION) * -.Fn SSL_CTX_sessions "SSL_CTX *ctx" -.Sh DESCRIPTION -.Fn SSL_CTX_sessions -returns a pointer to the lhash databases containing the internal session cache -for -.Fa ctx . -.Pp -The sessions in the internal session cache are kept in an -lhash-type database -(see -.Xr lh_new 3 ) . -It is possible to directly access this database, e.g., for searching. -In parallel, -the sessions form a linked list which is maintained separately from the -lhash operations, -so that the database must not be modified directly but by using the -.Xr SSL_CTX_add_session 3 -family of functions. -.Sh SEE ALSO -.Xr lh_new 3 , -.Xr ssl 3 , -.Xr SSL_CTX_add_session 3 , -.Xr SSL_CTX_set_session_cache_mode 3 -.Sh HISTORY -.Fn SSL_CTX_sessions -first appeared in SSLeay 0.5.2 and has been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_set1_groups.3 b/src/lib/libssl/man/SSL_CTX_set1_groups.3 deleted file mode 100644 index 0d1eb36ea7..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set1_groups.3 +++ /dev/null @@ -1,163 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set1_groups.3,v 1.2 2017/08/19 19:36:39 schwarze Exp $ -.\" OpenSSL SSL_CTX_set1_curves.pod de4d764e Nov 9 14:51:06 2016 +0000 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2013, 2014, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 19 2017 $ -.Dt SSL_CTX_SET1_GROUPS 3 -.Os -.Sh NAME -.Nm SSL_CTX_set1_groups , -.Nm SSL_CTX_set1_groups_list , -.Nm SSL_set1_groups , -.Nm SSL_set1_groups_list , -.Nm SSL_CTX_set1_curves , -.Nm SSL_CTX_set1_curves_list , -.Nm SSL_set1_curves , -.Nm SSL_set1_curves_list -.Nd choose supported EC groups -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fo SSL_CTX_set1_groups -.Fa "SSL_CTX *ctx" -.Fa "const int *glist" -.Fa "size_t glistlen" -.Fc -.Ft int -.Fo SSL_CTX_set1_groups_list -.Fa "SSL_CTX *ctx" -.Fa "const char *list" -.Fc -.Ft int -.Fo SSL_set1_groups -.Fa "SSL *ssl" -.Fa "const int *glist" -.Fa "size_t glistlen" -.Fc -.Ft int -.Fo SSL_set1_groups_list -.Fa "SSL *ssl" -.Fa "const char *list" -.Fc -.Ft int -.Fo SSL_CTX_set1_curves -.Fa "SSL_CTX *ctx" -.Fa "const int *clist" -.Fa "size_t clistlen" -.Fc -.Ft int -.Fo SSL_CTX_set1_curves_list -.Fa "SSL_CTX *ctx" -.Fa "const char *list" -.Fc -.Ft int -.Fo SSL_set1_curves -.Fa "SSL *ssl" -.Fa "const int *clist" -.Fa "size_t clistlen" -.Fc -.Ft int -.Fo SSL_set1_curves_list -.Fa "SSL *ssl" -.Fa "const char *list" -.Fc -.Sh DESCRIPTION -.Fn SSL_CTX_set1_groups -sets the supported groups for -.Fa ctx -to the -.Fa glistlen -groups in the array -.Fa glist . -The array consists of group NIDs in preference order. -For a TLS client, the groups are used directly in the supported groups -extension. -For a TLS server, the groups are used to determine the set of shared -groups. -.Pp -.Fn SSL_CTX_set1_groups_list -sets the supported groups for -.Fa ctx -to the -.Fa list -represented as a colon separated list of group NIDs or names, for example -"P-521:P-384:P-256". -.Pp -.Fn SSL_set1_groups -and -.Fn SSL_set1_groups_list -are similar except that they set supported groups for the SSL structure -.Fa ssl -only. -.Pp -The curve functions are deprecated synonyms for the equivalently -named group functions and are identical in every respect except -that they are implemented as macros. -They exist because prior to TLS1.3, there was only the concept of -supported curves. -In TLS1.3, this was renamed to supported groups and extended to include -Diffie Hellman groups. -.Pp -If an application wishes to make use of several of these functions for -configuration purposes either on a command line or in a file, it should -consider using the SSL_CONF interface instead of manually parsing -options. -.Sh RETURN VALUES -All these functions return 1 for success or 0 for failure. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_add_extra_chain_cert 3 , -.Xr SSL_CTX_set_cipher_list 3 , -.Xr SSL_CTX_set_options 3 , -.Xr SSL_new 3 -.Sh HISTORY -The curve functions first appeared in OpenSSL 1.0.2 -and the group functions in OpenSSL 1.1.1. -Both have been available since -.Ox 6.1 . diff --git a/src/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 b/src/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 deleted file mode 100644 index 2317c57af4..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 +++ /dev/null @@ -1,305 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_alpn_select_cb.3,v 1.11 2025/02/04 14:00:05 tb Exp $ -.\" OpenSSL 87b81496 Apr 19 12:38:27 2017 -0400 -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Todd Short . -.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: February 4 2025 $ -.Dt SSL_CTX_SET_ALPN_SELECT_CB 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_alpn_protos , -.Nm SSL_set_alpn_protos , -.Nm SSL_CTX_set_alpn_select_cb , -.Nm SSL_select_next_proto , -.Nm SSL_get0_alpn_selected -.Nd handle application layer protocol negotiation (ALPN) -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fo SSL_CTX_set_alpn_protos -.Fa "SSL_CTX *ctx" -.Fa "const unsigned char *protos" -.Fa "unsigned int protos_len" -.Fc -.Ft int -.Fo SSL_set_alpn_protos -.Fa "SSL *ssl" -.Fa "const unsigned char *protos" -.Fa "unsigned int protos_len" -.Fc -.Ft void -.Fo SSL_CTX_set_alpn_select_cb -.Fa "SSL_CTX *ctx" -.Fa "int (*cb)(SSL *ssl, const unsigned char **out,\ - unsigned char *outlen, const unsigned char *in,\ - unsigned int inlen, void *arg)" -.Fa "void *arg" -.Fc -.Ft int -.Fo SSL_select_next_proto -.Fa "unsigned char **out" -.Fa "unsigned char *outlen" -.Fa "const unsigned char *peer_list" -.Fa "unsigned int peer_list_len" -.Fa "const unsigned char *supported_list" -.Fa "unsigned int supported_list_len" -.Fc -.Ft void -.Fo SSL_get0_alpn_selected -.Fa "const SSL *ssl" -.Fa "const unsigned char **data" -.Fa "unsigned int *len" -.Fc -.Sh DESCRIPTION -.Fn SSL_CTX_set_alpn_protos -and -.Fn SSL_set_alpn_protos -are used by the client to set the list of protocols available to be -negotiated. -The -.Fa protos -must be in protocol-list format, described below. -The length of -.Fa protos -is specified in -.Fa protos_len . -.Pp -.Fn SSL_CTX_set_alpn_select_cb -sets the application callback -.Fa cb -used by a server to select which protocol to use for the incoming -connection. -When -.Fa cb -is -.Dv NULL , -ALPN is not used. -The -.Fa arg -value is a pointer which is passed to the application callback. -.Pp -.Fa cb -is the application defined callback. -The -.Fa in , -.Fa inlen -parameters are a vector in protocol-list format. -The value of the -.Fa out , -.Fa outlen -vector should be set to the value of a single protocol selected from the -.Fa in , -.Fa inlen -vector. -The -.Fa out -buffer may point directly into -.Fa in , -or to a buffer that outlives the handshake. -The -.Fa arg -parameter is the pointer set via -.Fn SSL_CTX_set_alpn_select_cb . -.Pp -.Fn SSL_select_next_proto -is a helper function used to select protocols. -It is expected that this function is called from the application -callback -.Fa cb . -If -.Fn SSL_select_next_proto -returns -.Dv OPENSSL_NPN_NO_OVERLAP , -.Fa cb -should ignore -.Fa out -and fail by returning -.Dv SSL_TLSEXT_ERR_ALERT_FATAL . -The protocol data in -.Fa peer_list , -.Fa peer_list_len -and -.Fa supported_list , -.Fa supported_list_len -must be two non-empty lists, validly encoded -in the protocol-list format described below. -The first item in the -.Fa peer_list -that matches an item in the -.Fa supported_list -is selected, and returned in -.Fa out , -.Fa outlen . -The -.Fa out -value will point into either -.Fa peer_list -or -.Fa supported_list , -so it must not be modified and -should be copied immediately. -If no match is found, the first item in -.Fa supported_list -is returned in -.Fa out , -.Fa outlen . -.Pp -.Fn SSL_get0_alpn_selected -returns a pointer to the selected protocol in -.Fa data -with length -.Fa len . -It is not NUL-terminated. -.Fa data -is set to -.Dv NULL -and -.Fa len -is set to 0 if no protocol has been selected. -.Fa data -must not be freed. -.Pp -The protocol-lists must be in wire-format, which is defined as a vector -of non-empty, 8-bit length-prefixed byte strings. -The length-prefix byte is not included in the length. -Each string is limited to 255 bytes. -A byte-string length of 0 is invalid. -The length of the vector is not in the vector itself, but in a separate -variable. -.Pp -For example: -.Bd -literal -const unsigned char *vector = "\ex06" "spdy/1" "\ex08" "http/1.1"; -unsigned int length = strlen(vector); -.Ed -.Pp -The ALPN callback is executed after the servername callback; as that -servername callback may update the SSL_CTX, and subsequently, the ALPN -callback. -.Pp -If there is no ALPN proposed in the ClientHello, the ALPN callback is -not invoked. -.Sh RETURN VALUES -.Fn SSL_CTX_set_alpn_protos -and -.Fn SSL_set_alpn_protos -return 0 on success or non-zero on failure. -WARNING: these functions reverse the return value convention. -.Pp -.Fn SSL_select_next_proto -returns one of the following: -.Bl -tag -width Ds -.It OPENSSL_NPN_NEGOTIATED -A match was found and is returned in -.Fa out , -.Fa outlen . -.It OPENSSL_NPN_NO_OVERLAP -No match was found. -The first item in -.Fa supported_list , -.Fa supported_list_len -is returned in -.Fa out , -.Fa outlen . -.El -.Pp -The ALPN select callback -.Fa cb -must return one of the following: -.Bl -tag -width Ds -.It SSL_TLSEXT_ERR_OK -ALPN protocol selected. -.It SSL_TLSEXT_ERR_ALERT_FATAL -There was no overlap between the client's supplied list and the -server configuration. -.It SSL_TLSEXT_ERR_NOACK -ALPN protocol not selected, e.g., because no ALPN protocols are -configured for this connection. -.El -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_set_tlsext_servername_arg 3 , -.Xr SSL_CTX_set_tlsext_servername_callback 3 -.Sh STANDARDS -.Rs -.%T TLS Application-Layer Protocol Negotiation Extension -.%R RFC 7301 -.Re -.Pp -.Rs -.%T TLS Next Protocol Negotiation Extension -.%U https://datatracker.ietf.org/doc/html/draft-agl-tls-nextprotoneg -.Re -.Sh HISTORY -.Fn SSL_select_next_proto -first appeared in OpenSSL 1.0.1 and has been available since -.Ox 5.3 . -.Pp -.Fn SSL_CTX_set_alpn_protos , -.Fn SSL_set_alpn_protos , -.Fn SSL_CTX_set_alpn_select_cb , -and -.Fn SSL_get0_alpn_selected -first appeared in OpenSSL 1.0.2 and have been available since -.Ox 5.7 . -.Sh CAVEATS -The fallback to the first supported protocol in -.Fn SSL_select_next_proto -comes from the opportunistic fallback mechanism in the NPN extension. -This behavior does not make sense for ALPN, -where missing protocol overlap should result in a handshake failure. -To avoid accidental selection of a protocol that the server does not -support, it is recommended to pass the locally configured protocols -as second pair of protocols in the ALPN callback. -.Sh BUGS -The -.Fa out -argument of -.Fn SSL_select_next_proto -should have been const. diff --git a/src/lib/libssl/man/SSL_CTX_set_cert_store.3 b/src/lib/libssl/man/SSL_CTX_set_cert_store.3 deleted file mode 100644 index 1be1ba2f68..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_cert_store.3 +++ /dev/null @@ -1,146 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_cert_store.3,v 1.8 2024/08/03 04:53:01 tb Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001, 2002, 2005 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 3 2024 $ -.Dt SSL_CTX_SET_CERT_STORE 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_cert_store , -.Nm SSL_CTX_set1_cert_store , -.Nm SSL_CTX_get_cert_store -.Nd manipulate X509 certificate verification storage -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft void -.Fn SSL_CTX_set_cert_store "SSL_CTX *ctx" "X509_STORE *store" -.Ft void -.Fn SSL_CTX_set1_cert_store "SSL_CTX *ctx" "X509_STORE *store" -.Ft X509_STORE * -.Fn SSL_CTX_get_cert_store "const SSL_CTX *ctx" -.Sh DESCRIPTION -.Fn SSL_CTX_set_cert_store -sets the verification storage of -.Fa ctx -to or replaces it with -.Fa store . -If another -.Vt X509_STORE -object is currently set in -.Fa ctx , -it will be freed. -.Pp -.Fn SSL_CTX_set1_cert_store -sets the verification storage of -.Fa ctx -to or replaces it with -.Fa store . -The -.Fa store Ns 's -reference count is incremented. -.Pp -.Fn SSL_CTX_get_cert_store -returns a pointer to the current certificate verification storage. -.Pp -In order to verify the certificates presented by the peer, trusted CA -certificates must be accessed. -These CA certificates are made available via lookup methods, handled inside the -.Vt X509_STORE . -From the -.Vt X509_STORE -the -.Vt X509_STORE_CTX -used when verifying certificates is created. -.Pp -Typically the trusted certificate store is handled indirectly via using -.Xr SSL_CTX_load_verify_locations 3 . -Using the -.Fn SSL_CTX_set_cert_store -and -.Fn SSL_CTX_get_cert_store -functions it is possible to manipulate the -.Vt X509_STORE -object beyond the -.Xr SSL_CTX_load_verify_locations 3 -call. -.Pp -Currently no detailed documentation on how to use the -.Vt X509_STORE -object is available. -Not all members of the -.Vt X509_STORE -are used when the verification takes place. -So will, for example, the -.Fn verify_callback -be overridden with the -.Fn verify_callback -set via the -.Xr SSL_CTX_set_verify 3 -family of functions. -This document must therefore be updated when documentation about the -.Vt X509_STORE -object and its handling becomes available. -.Sh RETURN VALUES -.Fn SSL_CTX_get_cert_store -returns the current setting. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_load_verify_locations 3 , -.Xr SSL_CTX_set_verify 3 , -.Xr X509_STORE_new 3 -.Sh HISTORY -.Fn SSL_CTX_set_cert_store -and -.Fn SSL_CTX_get_cert_store -first appeared in SSLeay 0.8.1 and have been available since -.Ox 2.4 . -.Pp -.Fn SSL_CTX_set1_cert_store -first appeared in OpenSSL 1.1.1 and has been available since -.Ox 7.6 . diff --git a/src/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 b/src/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 deleted file mode 100644 index 0e12b48c78..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 +++ /dev/null @@ -1,163 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_cert_verify_callback.3,v 1.5 2019/06/08 15:25:43 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001, 2002 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 8 2019 $ -.Dt SSL_CTX_SET_CERT_VERIFY_CALLBACK 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_cert_verify_callback -.Nd set peer certificate verification procedure -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft void -.Fo SSL_CTX_set_cert_verify_callback -.Fa "SSL_CTX *ctx" -.Fa "int (*callback)(X509_STORE_CTX *, void *)" -.Fa "void *arg" -.Fc -.Sh DESCRIPTION -.Fn SSL_CTX_set_cert_verify_callback -sets the verification callback function for -.Fa ctx . -.Vt SSL -objects that are created from -.Fa ctx -inherit the setting valid at the time when -.Xr SSL_new 3 -is called. -.Pp -Whenever a certificate is verified during a SSL/TLS handshake, -a verification function is called. -If the application does not explicitly specify a verification callback -function, the built-in verification function is used. -If a verification callback -.Fa callback -is specified via -.Fn SSL_CTX_set_cert_verify_callback , -the supplied callback function is called instead. -By setting -.Fa callback -to -.Dv NULL , -the default behaviour is restored. -.Pp -When the verification must be performed, -.Fa callback -will be called with the arguments -.Fn callback "X509_STORE_CTX *x509_store_ctx" "void *arg" . -The argument -.Fa arg -is specified by the application when setting -.Fa callback . -.Pp -.Fa callback -should return 1 to indicate verification success and 0 to indicate verification -failure. -If -.Dv SSL_VERIFY_PEER -is set and -.Fa callback -returns 0, the handshake will fail. -As the verification procedure may allow the connection to continue in case of -failure (by always returning 1) the verification result must be set in any case -using the -.Fa error -member of -.Fa x509_store_ctx -so that the calling application will be informed about the detailed result of -the verification procedure! -.Pp -Within -.Fa x509_store_ctx , -.Fa callback -has access to the -.Fa verify_callback -function set using -.Xr SSL_CTX_set_verify 3 . -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_load_verify_locations 3 , -.Xr SSL_CTX_set_verify 3 , -.Xr SSL_get_verify_result 3 -.Sh HISTORY -.Fn SSL_CTX_set_cert_verify_callback -first appeared in SSLeay 0.6.1 and has been available since -.Ox 2.4 . -.Pp -Previous to OpenSSL 0.9.7, the -.Fa arg -argument to -.Fn SSL_CTX_set_cert_verify_callback -was ignored, and -.Fa callback -was called -simply as -.Ft int -.Fn (*callback) "X509_STORE_CTX *" . -To compile software written for previous versions of OpenSSL, -a dummy argument will have to be added to -.Fa callback . -.Sh CAVEATS -Do not mix the verification callback described in this function with the -.Fa verify_callback -function called during the verification process. -The latter is set using the -.Xr SSL_CTX_set_verify 3 -family of functions. -.Pp -Providing a complete verification procedure including certificate purpose -settings, etc., is a complex task. -The built-in procedure is quite powerful and in most cases it should be -sufficient to modify its behaviour using the -.Fa verify_callback -function. -.Sh BUGS -.Fn SSL_CTX_set_cert_verify_callback -does not provide diagnostic information. diff --git a/src/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/src/lib/libssl/man/SSL_CTX_set_cipher_list.3 deleted file mode 100644 index b3f0dc3541..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_cipher_list.3 +++ /dev/null @@ -1,375 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_cipher_list.3,v 1.18 2025/01/18 12:20:02 tb Exp $ -.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2018, 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2001, 2013 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: January 18 2025 $ -.Dt SSL_CTX_SET_CIPHER_LIST 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_cipher_list , -.Nm SSL_set_cipher_list -.Nd choose list of available SSL_CIPHERs -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_CTX_set_cipher_list "SSL_CTX *ctx" "const char *control" -.Ft int -.Fn SSL_set_cipher_list "SSL *ssl" "const char *control" -.Sh DESCRIPTION -.Fn SSL_CTX_set_cipher_list -sets the list of available cipher suites for -.Fa ctx -using the -.Fa control -string. -The list of cipher suites is inherited by all -.Fa ssl -objects created from -.Fa ctx . -.Pp -.Fn SSL_set_cipher_list -sets the list of cipher suites only for -.Fa ssl . -.Pp -The control string consists of one or more control words -separated by colon characters -.Pq Ql \&: . -Space -.Pq Ql \ \& , -semicolon -.Pq Ql \&; , -and comma -.Pq Ql \&, -characters can also be used as separators. -Each control words selects a set of cipher suites -and can take one of the following optional prefix characters: -.Bl -tag -width Ds -.It \&No prefix: -Those of the selected cipher suites that have not been made available -yet are added to the end of the list of available cipher suites, -preserving their order. -.It Prefixed minus sign Pq Ql \- : -Those of the selected cipher suites that have been made available -earlier are moved back from the list of available cipher suites to -the beginning of the list of unavailable cipher suites, -also preserving their order. -.It Prefixed plus sign Pq Ql + : -Those of the selected cipher suites have been made available earlier -are moved to end of the list of available cipher suites, reducing -their priority, but preserving the order among themselves. -.It Prefixed exclamation mark Pq Ql \&! : -The selected cipher suites are permanently deleted, no matter whether -they had earlier been made available or not, and can no longer -be added or re-added by later words. -.El -.Pp -The following special words can only be used without a prefix: -.Bl -tag -width Ds -.It Cm DEFAULT -An alias for -.Sm off -.Cm ALL No :! Cm aNULL No :! Cm eNULL . -.Sm on -It can only be used as the first word. -The -.Cm DEFAULT -cipher list can be displayed with the -.Xr openssl 1 -.Cm ciphers -command. -.It Cm @SECLEVEL=n -Set the security level to n, which should be a number between -zero and five. -See -.Xr SSL_CTX_set_security_level 3 -for details. -.It Cm @STRENGTH -Sort the list by decreasing encryption strength, -preserving the order of cipher suites that have the same strength. -It is usually given as the last word. -.El -.Pp -The following words can be used to select groups of cipher suites, -with or without a prefix character. -If two or more of these words are joined with plus signs -.Pq Ql + -to form a longer word, only the intersection of the specified sets -is selected. -.Bl -tag -width Ds -.It Cm ADH -Cipher suites using ephemeral DH for key exchange -without doing any server authentication. -Equivalent to -.Cm DH Ns + Ns Cm aNULL . -.It Cm AEAD -Cipher suites using Authenticated Encryption with Additional Data. -.It Cm AECDH -Cipher suites using ephemeral ECDH for key exchange -without doing any server authentication. -Equivalent to -.Cm ECDH Ns + Ns Cm aNULL . -.It Cm aECDSA -Cipher suites using ECDSA server authentication. -.It Cm AES -Cipher suites using AES or AESGCM for symmetric encryption. -.It Cm AES128 -Cipher suites using AES(128) or AESGCM(128) for symmetric encryption. -.It Cm AES256 -Cipher suites using AES(256) or AESGCM(256) for symmetric encryption. -.It Cm AESGCM -Cipher suites using AESGCM for symmetric encryption. -.It Cm aGOST -An alias for -.Cm aGOST01 . -.It Cm aGOST01 -Cipher suites using GOST R 34.10-2001 server authentication. -.It Cm ALL -All cipher suites except those selected by -.Cm eNULL . -.It Cm aNULL -Cipher suites that don't do any server authentication. -Not enabled by -.Cm DEFAULT . -Beware of man-in-the-middle attacks. -.It Cm aRSA -Cipher suites using RSA server authentication. -.It Cm CAMELLIA -Cipher suites using Camellia for symmetric encryption. -.It Cm CAMELLIA128 -Cipher suites using Camellia(128) for symmetric encryption. -.It Cm CAMELLIA256 -Cipher suites using Camellia(256) for symmetric encryption. -.It Cm CHACHA20 -Cipher suites using ChaCha20-Poly1305 for symmetric encryption. -.It Cm COMPLEMENTOFALL -Cipher suites that are not included in -.Cm ALL . -Currently an alias for -.Cm eNULL . -.It Cm COMPLEMENTOFDEFAULT -Cipher suites that are included in -.Cm ALL , -but not included in -.Cm DEFAULT . -Currently similar to -.Cm aNULL Ns :! Ns Cm eNULL -except for the order of the cipher suites which are -.Em not -selected. -.It Cm 3DES -Cipher suites using triple DES for symmetric encryption. -.It Cm DH -Cipher suites using ephemeral DH for key exchange. -.It Cm DHE -Cipher suites using ephemeral DH for key exchange, -but excluding those that don't do any server authentication. -Similar to -.Cm DH Ns :! Ns Cm aNULL -except for the order of the cipher suites which are -.Em not -selected. -.It Cm ECDH -Cipher suites using ephemeral ECDH for key exchange. -.It Cm ECDHE -Cipher suites using ephemeral ECDH for key exchange, -but excluding those that don't do any server authentication. -Similar to -.Cm ECDH Ns :! Ns Cm aNULL -except for the order of the cipher suites which are -.Em not -selected. -.It Cm ECDSA -An alias for -.Cm aECDSA . -.It Cm eNULL -Cipher suites that do not use any encryption. -Not enabled by -.Cm DEFAULT , -and not even included in -.Cm ALL . -.It Cm GOST89MAC -Cipher suites using GOST 28147-89 for message authentication -instead of HMAC. -.It Cm GOST94 -Cipher suites using HMAC based on GOST R 34.11-94 -for message authentication. -.It Cm HIGH -Cipher suites of high strength. -.It Cm kGOST -Cipher suites using VKO 34.10 key exchange, specified in RFC 4357. -.It Cm kRSA -Cipher suites using RSA key exchange. -.It Cm LOW -Cipher suites of low strength. -.It Cm MD5 -Cipher suites using MD5 for message authentication. -.It Cm MEDIUM -Cipher suites of medium strength. -.It Cm NULL -An alias for -.Cm eNULL . -.It Cm RC4 -Cipher suites using RC4 for symmetric encryption. -.It Cm RSA -Cipher suites using RSA for both key exchange and server authentication. -Equivalent to -.Cm kRSA Ns + Ns Cm aRSA . -.It Cm SHA -An alias for -.Cm SHA1 . -.It Cm SHA1 -Cipher suites using SHA1 for message authentication. -.It Cm SHA256 -Cipher suites using SHA256 for message authentication. -.It Cm SHA384 -Cipher suites using SHA384 for message authentication. -.It Cm SSLv3 -An alias for -.Cm TLSv1 . -.It Cm STREEBOG256 -Cipher suites using STREEBOG256 for message authentication. -.It Cm TLSv1 -Cipher suites usable with the TLSv1.0, TLSv1.1, and TLSv1.2 protocols. -.It Cm TLSv1.2 -Cipher suites for the TLSv1.2 protocol. -.It Cm TLSv1.3 -Cipher suites for the TLSv1.3 protocol. -If the -.Fa control -string selects at least one cipher suite but neither contains the word -.Cm TLSv1.3 -nor specifically includes nor excludes any TLSv1.3 cipher suites, all the -.Cm TLSv1.3 -cipher suites are made available, too. -.El -.Pp -The full words returned by the -.Xr openssl 1 -.Cm ciphers -command can be used to select individual cipher suites. -.Pp -The following are deprecated aliases: -.Pp -.Bl -column kEECDH ECDHE -compact -offset indent -.It avoid: Ta use: -.It Cm EDH Ta Cm DHE -.It Cm EECDH Ta Cm ECDHE -.It Cm kEDH Ta Cm DH -.It Cm kEECDH Ta Cm ECDH -.El -.Pp -Unknown words are silently ignored, selecting no cipher suites. -Failure is only flagged if the -.Fa control -string contains invalid bytes -or if no matching cipher suites are available at all. -.Pp -On the client side, including a cipher suite into the list of -available cipher suites is sufficient for using it. -On the server side, all cipher suites have additional requirements. -ADH ciphers don't need a certificate, but DH-parameters must have been set. -All other cipher suites need a corresponding certificate and key. -.Pp -A RSA cipher can only be chosen when an RSA certificate is available. -RSA ciphers using DHE need a certificate and key and additional DH-parameters -(see -.Xr SSL_CTX_set_tmp_dh_callback 3 ) . -.Pp -When these conditions are not met -for any cipher suite in the list (for example, a -client only supports export RSA ciphers with an asymmetric key length of 512 -bits and the server is not configured to use temporary RSA keys), the -.Dq no shared cipher -.Pq Dv SSL_R_NO_SHARED_CIPHER -error is generated and the handshake will fail. -.Sh RETURN VALUES -.Fn SSL_CTX_set_cipher_list -and -.Fn SSL_set_cipher_list -return 1 if any cipher suite could be selected and 0 on complete failure. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_set1_groups 3 , -.Xr SSL_CTX_set_tmp_dh_callback 3 , -.Xr SSL_CTX_use_certificate 3 , -.Xr SSL_get_ciphers 3 -.Sh HISTORY -.Fn SSL_CTX_set_cipher_list -and -.Fn SSL_set_cipher_list -first appeared in SSLeay 0.5.2 and have been available since -.Ox 2.4 . -.Sh CAVEATS -In LibreSSL, -.Fn SSL_CTX_set_cipher_list -and -.Fn SSL_set_cipher_list -can be used to configure the list of available cipher suites for -all versions of the TLS protocol, whereas in OpenSSL, they only -control cipher suites for protocols up to TLSv1.2. -If compatibility with OpenSSL is required, the list of -available TLSv1.3 cipher suites can only be changed with -.Fn SSL_set_ciphersuites . diff --git a/src/lib/libssl/man/SSL_CTX_set_client_CA_list.3 b/src/lib/libssl/man/SSL_CTX_set_client_CA_list.3 deleted file mode 100644 index d19fb93ed0..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_client_CA_list.3 +++ /dev/null @@ -1,183 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_client_CA_list.3,v 1.6 2020/03/30 10:28:59 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2001, 2013 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 30 2020 $ -.Dt SSL_CTX_SET_CLIENT_CA_LIST 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_client_CA_list , -.Nm SSL_set_client_CA_list , -.Nm SSL_CTX_add_client_CA , -.Nm SSL_add_client_CA -.Nd set list of CAs sent to the client when requesting a client certificate -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft void -.Fn SSL_CTX_set_client_CA_list "SSL_CTX *ctx" "STACK_OF(X509_NAME) *list" -.Ft void -.Fn SSL_set_client_CA_list "SSL *s" "STACK_OF(X509_NAME) *list" -.Ft int -.Fn SSL_CTX_add_client_CA "SSL_CTX *ctx" "X509 *cacert" -.Ft int -.Fn SSL_add_client_CA "SSL *ssl" "X509 *cacert" -.Sh DESCRIPTION -.Fn SSL_CTX_set_client_CA_list -sets the -.Fa list -of CAs sent to the client when requesting a client certificate for -.Fa ctx . -.Pp -.Fn SSL_set_client_CA_list -sets the -.Fa list -of CAs sent to the client when requesting a client certificate for the chosen -.Fa ssl , -overriding the setting valid for -.Fa ssl Ns 's -.Vt SSL_CTX -object. -.Pp -.Fn SSL_CTX_add_client_CA -adds the CA name extracted from -.Fa cacert -to the list of CAs sent to the client when requesting a client certificate for -.Fa ctx . -.Pp -.Fn SSL_add_client_CA -adds the CA name extracted from -.Fa cacert -to the list of CAs sent to the client when requesting a client certificate for -the chosen -.Fa ssl , -overriding the setting valid for -.Fa ssl Ns 's -.Va SSL_CTX -object. -.Pp -When a TLS/SSL server requests a client certificate (see -.Fn SSL_CTX_set_verify ) , -it sends a list of CAs for which it will accept certificates to the client. -.Pp -This list must explicitly be set using -.Fn SSL_CTX_set_client_CA_list -for -.Fa ctx -and -.Fn SSL_set_client_CA_list -for the specific -.Fa ssl . -The list specified overrides the previous setting. -The CAs listed do not become trusted -.Po -.Fa list -only contains the names, not the complete certificates -.Pc ; -use -.Xr SSL_CTX_load_verify_locations 3 -to additionally load them for verification. -.Pp -If the list of acceptable CAs is compiled in a file, the -.Xr SSL_load_client_CA_file 3 -function can be used to help importing the necessary data. -.Pp -.Fn SSL_CTX_add_client_CA -and -.Fn SSL_add_client_CA -can be used to add additional items the list of client CAs. -If no list was specified before using -.Fn SSL_CTX_set_client_CA_list -or -.Fn SSL_set_client_CA_list , -a new client CA list for -.Fa ctx -or -.Fa ssl -(as appropriate) is opened. -.Pp -These functions are only useful for TLS/SSL servers. -.Sh RETURN VALUES -.Fn SSL_CTX_add_client_CA -and -.Fn SSL_add_client_CA -have the following return values: -.Bl -tag -width Ds -.It 0 -A failure while manipulating the -.Dv STACK_OF Ns -.Pq Vt X509_NAME -object occurred or the -.Vt X509_NAME -could not be extracted from -.Fa cacert . -Check the error stack to find out the reason. -.It 1 -The operation succeeded. -.El -.Sh EXAMPLES -Scan all certificates in -.Fa CAfile -and list them as acceptable CAs: -.Bd -literal -SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); -.Ed -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_load_verify_locations 3 , -.Xr SSL_get_client_CA_list 3 , -.Xr SSL_load_client_CA_file 3 , -.Xr X509_NAME_new 3 -.Sh HISTORY -.Fn SSL_CTX_set_client_CA_list , -.Fn SSL_set_client_CA_list , -.Fn SSL_CTX_add_client_CA , -and -.Fn SSL_add_client_CA -first appeared in SSLeay 0.8.0 and have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 b/src/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 deleted file mode 100644 index a2433b5e92..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 +++ /dev/null @@ -1,191 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_client_cert_cb.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2002 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_CTX_SET_CLIENT_CERT_CB 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_client_cert_cb , -.Nm SSL_CTX_get_client_cert_cb -.Nd handle client certificate callback function -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft void -.Fo SSL_CTX_set_client_cert_cb -.Fa "SSL_CTX *ctx" -.Fa "int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)" -.Fc -.Ft int -.Fo "(*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))" -.Fa "SSL *ssl" "X509 **x509" "EVP_PKEY **pkey" -.Fc -.Ft int -.Fn "(*client_cert_cb)" "SSL *ssl" "X509 **x509" "EVP_PKEY **pkey" -.Sh DESCRIPTION -.Fn SSL_CTX_set_client_cert_cb -sets the -.Fa client_cert_cb() -callback that is called when a client certificate is requested by a server and -no certificate was yet set for the SSL object. -.Pp -When -.Fa client_cert_cb -is -.Dv NULL , -no callback function is used. -.Pp -.Fn SSL_CTX_get_client_cert_cb -returns a pointer to the currently set callback function. -.Pp -.Fn client_cert_cb -is the application-defined callback. -If it wants to set a certificate, -a certificate/private key combination must be set using the -.Fa x509 -and -.Fa pkey -arguments and 1 must be returned. -The certificate will be installed into -.Fa ssl . -If no certificate should be set, -0 has to be returned and no certificate will be sent. -A negative return value will suspend the handshake and the handshake function -will return immediately. -.Xr SSL_get_error 3 -will return -.Dv SSL_ERROR_WANT_X509_LOOKUP -to indicate that the handshake was suspended. -The next call to the handshake function will again lead to the call of -.Fa client_cert_cb() . -It is the job of the -.Fa client_cert_cb() -to store information -about the state of the last call, if required to continue. -.Pp -During a handshake (or renegotiation) -a server may request a certificate from the client. -A client certificate must only be sent when the server did send the request. -.Pp -When a certificate has been set using the -.Xr SSL_CTX_use_certificate 3 -family of functions, -it will be sent to the server. -The TLS standard requires that only a certificate is sent if it matches the -list of acceptable CAs sent by the server. -This constraint is violated by the default behavior of the OpenSSL library. -Using the callback function it is possible to implement a proper selection -routine or to allow a user interaction to choose the certificate to be sent. -.Pp -If a callback function is defined and no certificate was yet defined for the -.Vt SSL -object, the callback function will be called. -If the callback function returns a certificate, the OpenSSL library -will try to load the private key and certificate data into the -.Vt SSL -object using the -.Fn SSL_use_certificate -and -.Fn SSL_use_private_key -functions. -Thus it will permanently install the certificate and key for this SSL object. -It will not be reset by calling -.Xr SSL_clear 3 . -If the callback returns no certificate, the OpenSSL library will not send a -certificate. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_clear 3 , -.Xr SSL_CTX_add_extra_chain_cert 3 , -.Xr SSL_CTX_use_certificate 3 , -.Xr SSL_free 3 , -.Xr SSL_get_client_CA_list 3 -.Sh HISTORY -.Fn SSL_CTX_set_client_cert_cb -and -.Fn SSL_CTX_get_client_cert_cb -first appeared in SSLeay 0.6.6 and have been available since -.Ox 2.4 . -.Sh BUGS -The -.Fa client_cert_cb() -cannot return a complete certificate chain; -it can only return one client certificate. -If the chain only has a length of 2, -the root CA certificate may be omitted according to the TLS standard and -thus a standard conforming answer can be sent to the server. -For a longer chain, the client must send the complete chain -(with the option to leave out the root CA certificate). -This can be accomplished only by either adding the intermediate CA certificates -into the trusted certificate store for the -.Vt SSL_CTX -object (resulting in having to add CA certificates that otherwise maybe would -not be trusted), or by adding the chain certificates using the -.Xr SSL_CTX_add_extra_chain_cert 3 -function, which is only available for the -.Vt SSL_CTX -object as a whole and that therefore probably can only apply for one client -certificate, making the concept of the callback function -(to allow the choice from several certificates) questionable. -.Pp -Once the -.Vt SSL -object has been used in conjunction with the callback function, -the certificate will be set for the -.Vt SSL -object and will not be cleared even when -.Xr SSL_clear 3 -is called. -It is therefore -.Em mandatory -to destroy the -.Vt SSL -object using -.Xr SSL_free 3 -and create a new one to return to the previous state. diff --git a/src/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 b/src/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 deleted file mode 100644 index 94b4ea543d..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 +++ /dev/null @@ -1,216 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_default_passwd_cb.3,v 1.9 2023/09/19 09:40:35 schwarze Exp $ -.\" full merge up to: OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 -.\" selective merge up to: OpenSSL 18bad535 Apr 9 15:13:55 2019 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2023 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Lutz Jaenicke -.\" and Christian Heimes . -.\" Copyright (c) 2000, 2001, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: September 19 2023 $ -.Dt SSL_CTX_SET_DEFAULT_PASSWD_CB 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_default_passwd_cb , -.Nm SSL_CTX_set_default_passwd_cb_userdata , -.Nm SSL_CTX_get_default_passwd_cb , -.Nm SSL_CTX_get_default_passwd_cb_userdata -.Nd set or get passwd callback for encrypted PEM file handling -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft void -.Fn SSL_CTX_set_default_passwd_cb "SSL_CTX *ctx" "pem_password_cb *cb" -.Ft void -.Fn SSL_CTX_set_default_passwd_cb_userdata "SSL_CTX *ctx" "void *userdata" -.Ft pem_password_cb * -.Fn SSL_CTX_get_default_passwd_cb "SSL_CTX *ctx" -.Ft void * -.Fn SSL_CTX_get_default_passwd_cb_userdata "SSL_CTX *ctx" -.Sh DESCRIPTION -.Fn SSL_CTX_set_default_passwd_cb -sets the password callback for loading a certificate or private key -from encrypted PEM format. -In particular, the callback is used by -.Xr SSL_CTX_use_certificate_file 3 , -.Xr SSL_use_certificate_file 3 , -.Xr SSL_CTX_use_certificate_chain_file 3 , -.Xr SSL_use_certificate_chain_file 3 , -.Xr SSL_CTX_use_certificate_chain_mem 3 , -.Xr SSL_CTX_use_PrivateKey_file 3 , -.Xr SSL_use_PrivateKey_file 3 , -.Xr SSL_CTX_use_RSAPrivateKey_file 3 , -and -.Xr SSL_use_RSAPrivateKey_file 3 . -.Pp -The function pointer type of the -.Fa cb -argument is documented in the -.Xr pem_password_cb 3 -manual page. -If -.Fn SSL_CTX_set_default_passwd_cb -is not called on -.Fa ctx -or if it is called with a -.Fa cb -argument of -.Dv NULL , -.Xr PEM_def_callback 3 -is used instead. -.Pp -.Fn SSL_CTX_set_default_passwd_cb_userdata -sets a pointer to the -.Fa userdata -which will be provided to the password callback on invocation. -.Pp -Since the -.Fa cb -passed to -.Fn SSL_CTX_set_default_passwd_cb -will only be used for reading and decryption and not for writing and -encryption, the library will only call it with a -.Fa verify -argument of 0. -.Pp -If an application program only needs to read and decrypt -one single private key, it can be practical to have the -callback handle the password dialog interactively. -This happens by default if neither -.Fn SSL_CTX_set_default_passwd_cb -nor -.Fn SSL_CTX_set_default_passwd_cb_userdata -is called. -In that case, the library uses -.Xr PEM_def_callback 3 -with a -.Fa userdata -argument of -.Dv NULL . -.Pp -If several keys have to be handled, it can be practical -to ask for the password once, for example using -.Xr UI_UTIL_read_pw_string 3 , -then keep it in memory and use it several times by passing a pointer to it to -.Fn SSL_CTX_set_default_passwd_cb_userdata . -.Xr PEM_def_callback 3 -is able to handle this case, too, so calling -.Fn SSL_CTX_set_default_passwd_cb -is not needed in this case either. -.Pp -Other items in PEM formatting (certificates) can also be encrypted; it is -however atypical, as certificate information is considered public. -.Sh RETURN VALUES -.Fn SSL_CTX_get_default_passwd_cb -returns a function pointer to the password callback currently set in -.Fa ctx , -or -.Dv NULL -if none is set. -.Pp -.Fn SSL_CTX_get_default_passwd_cb_userdata -returns a pointer to the userdata currently set in -.Fa ctx , -or -.Dv NULL -if none is set. -.Sh EXAMPLES -The following example provides a subset of the functionality of -.Xr PEM_def_callback 3 , -except that -.Xr PEM_def_callback 3 -does not NUL-terminate and copies up to -.Fa size -rather than -.Fa size No \- 1 -bytes. -It interprets -.Fa userdata -as a NUL-terminated string and copies it to the -.Fa password -buffer, truncating the copy if it does not fit. -.Bd -literal -int -trivial_passwd_cb(char *password, int size, int verify, void *userdata) -{ - strlcpy(password, userdata, size); - return strlen(password); -} -.Ed -.Sh SEE ALSO -.Xr pem_password_cb 3 , -.Xr ssl 3 , -.Xr SSL_CTX_use_certificate 3 -.Sh HISTORY -.Fn SSL_CTX_set_default_passwd_cb -first appeared in SSLeay 0.6.2 and has been available since -.Ox 2.4 . -.Pp -.Fn SSL_CTX_set_default_passwd_cb_userdata -first appeared in OpenSSL 0.9.4 and has been available since -.Ox 2.6 . -.Pp -.Fn SSL_CTX_get_default_passwd_cb -and -.Fn SSL_CTX_get_default_passwd_cb_userdata -first appeared in OpenSSL 1.1.0 and have been available since -.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_CTX_set_generate_session_id.3 b/src/lib/libssl/man/SSL_CTX_set_generate_session_id.3 deleted file mode 100644 index d85383d776..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_generate_session_id.3 +++ /dev/null @@ -1,221 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_generate_session_id.3,v 1.5 2018/03/22 21:09:18 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001, 2014 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 22 2018 $ -.Dt SSL_CTX_SET_GENERATE_SESSION_ID 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_generate_session_id , -.Nm SSL_set_generate_session_id , -.Nm SSL_has_matching_session_id , -.Nm GEN_SESSION_CB -.Nd manipulate generation of SSL session IDs (server only) -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft typedef int -.Fo (*GEN_SESSION_CB) -.Fa "const SSL *ssl" -.Fa "unsigned char *id" -.Fa "unsigned int *id_len" -.Fc -.Ft int -.Fn SSL_CTX_set_generate_session_id "SSL_CTX *ctx" "GEN_SESSION_CB cb" -.Ft int -.Fn SSL_set_generate_session_id "SSL *ssl" "GEN_SESSION_CB cb" -.Ft int -.Fo SSL_has_matching_session_id -.Fa "const SSL *ssl" "const unsigned char *id" "unsigned int id_len" -.Fc -.Sh DESCRIPTION -.Fn SSL_CTX_set_generate_session_id -sets the callback function for generating new session ids for SSL/TLS sessions -for -.Fa ctx -to be -.Fa cb . -.Pp -.Fn SSL_set_generate_session_id -sets the callback function for generating new session ids for SSL/TLS sessions -for -.Fa ssl -to be -.Fa cb . -.Pp -.Fn SSL_has_matching_session_id -checks, whether a session with id -.Fa id -(of length -.Fa id_len ) -is already contained in the internal session cache -of the parent context of -.Fa ssl . -.Pp -When a new session is established between client and server, -the server generates a session id. -The session id is an arbitrary sequence of bytes. -The length of the session id is between 1 and 32 bytes. -The session id is not security critical but must be unique for the server. -Additionally, the session id is transmitted in the clear when reusing the -session so it must not contain sensitive information. -.Pp -Without a callback being set, an OpenSSL server will generate a unique session -id from pseudo random numbers of the maximum possible length. -Using the callback function, the session id can be changed to contain -additional information like, e.g., a host id in order to improve load balancing -or external caching techniques. -.Pp -The callback function receives a pointer to the memory location to put -.Fa id -into and a pointer to the maximum allowed length -.Fa id_len . -The buffer at location -.Fa id -is only guaranteed to have the size -.Fa id_len . -The callback is only allowed to generate a shorter id and reduce -.Fa id_len ; -the callback -.Em must never -increase -.Fa id_len -or write to the location -.Fa id -exceeding the given limit. -.Pp -The location -.Fa id -is filled with 0x00 before the callback is called, -so the callback may only fill part of the possible length and leave -.Fa id_len -untouched while maintaining reproducibility. -.Pp -Since the sessions must be distinguished, session ids must be unique. -Without the callback a random number is used, -so that the probability of generating the same session id is extremely small -(2^256 for TLSv1). -In order to ensure the uniqueness of the generated session id, -the callback must call -.Fn SSL_has_matching_session_id -and generate another id if a conflict occurs. -If an id conflict is not resolved, the handshake will fail. -If the application codes, e.g., a unique host id, a unique process number, and -a unique sequence number into the session id, uniqueness could easily be -achieved without randomness added (it should however be taken care that -no confidential information is leaked this way). -If the application cannot guarantee uniqueness, -it is recommended to use the maximum -.Fa id_len -and fill in the bytes not used to code special information with random data to -avoid collisions. -.Pp -.Fn SSL_has_matching_session_id -will only query the internal session cache, not the external one. -Since the session id is generated before the handshake is completed, -it is not immediately added to the cache. -If another thread is using the same internal session cache, -a race condition can occur in that another thread generates the same session id. -Collisions can also occur when using an external session cache, -since the external cache is not tested with -.Fn SSL_has_matching_session_id -and the same race condition applies. -.Pp -The callback must return 0 if it cannot generate a session id for whatever -reason and return 1 on success. -.Sh RETURN VALUES -.Fn SSL_CTX_set_generate_session_id -and -.Fn SSL_set_generate_session_id -always return 1. -.Pp -.Fn SSL_has_matching_session_id -returns 1 if another session with the same id is already in the cache. -.Sh EXAMPLES -The callback function listed will generate a session id with the server id -given, and will fill the rest with pseudo random bytes: -.Bd -literal -const char session_id_prefix = "www-18"; - -#define MAX_SESSION_ID_ATTEMPTS 10 -static int -generate_session_id(const SSL *ssl, unsigned char *id, - unsigned int *id_len) -{ - unsigned int count = 0; - - do { - RAND_pseudo_bytes(id, *id_len); - /* - * Prefix the session_id with the required prefix. NB: If - * our prefix is too long, clip it \(en but there will be - * worse effects anyway, e.g., the server could only - * possibly create one session ID (the prefix!) so all - * future session negotiations will fail due to conflicts. - */ - memcpy(id, session_id_prefix, - (strlen(session_id_prefix) < *id_len) ? - strlen(session_id_prefix) : *id_len); - } while (SSL_has_matching_session_id(ssl, id, *id_len) && - (++count < MAX_SESSION_ID_ATTEMPTS)); - - if (count >= MAX_SESSION_ID_ATTEMPTS) - return 0; - return 1; -} -.Ed -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_get_version 3 -.Sh HISTORY -.Fn SSL_CTX_set_generate_session_id , -.Fn SSL_set_generate_session_id -and -.Fn SSL_has_matching_session_id -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . diff --git a/src/lib/libssl/man/SSL_CTX_set_info_callback.3 b/src/lib/libssl/man/SSL_CTX_set_info_callback.3 deleted file mode 100644 index 76eb8bee61..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_info_callback.3 +++ /dev/null @@ -1,233 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_info_callback.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001, 2005, 2014 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_CTX_SET_INFO_CALLBACK 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_info_callback , -.Nm SSL_CTX_get_info_callback , -.Nm SSL_set_info_callback , -.Nm SSL_get_info_callback -.Nd handle information callback for SSL connections -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft void -.Fo SSL_CTX_set_info_callback -.Fa "SSL_CTX *ctx" -.Fa "void (*callback)(const SSL *ssl, int where, int ret)" -.Fc -.Ft void -.Fo "(*SSL_CTX_get_info_callback(const SSL_CTX *ctx))" -.Fa "const SSL *ssl" -.Fa "int where" -.Fa "int ret" -.Fc -.Ft void -.Fo SSL_set_info_callback -.Fa "SSL *ssl" -.Fa "void (*callback)(const SSL *ssl, int where, int ret)" -.Fc -.Ft void -.Fo "(*SSL_get_info_callback(const SSL *ssl))" -.Fa "const SSL *ssl" -.Fa "int where" -.Fa "int ret" -.Fc -.Sh DESCRIPTION -.Fn SSL_CTX_set_info_callback -sets the -.Fa callback -function that can be used to obtain state information for SSL objects created -from -.Fa ctx -during connection setup and use. -The setting for -.Fa ctx -is overridden from the setting for a specific SSL object, if specified. -When -.Fa callback -is -.Dv NULL , -no callback function is used. -.Pp -.Fn SSL_set_info_callback -sets the -.Fa callback -function that can be used to -obtain state information for -.Fa ssl -during connection setup and use. -When -.Fa callback -is -.Dv NULL , -the callback setting currently valid for -.Fa ctx -is used. -.Pp -.Fn SSL_CTX_get_info_callback -returns a pointer to the currently set information callback function for -.Fa ctx . -.Pp -.Fn SSL_get_info_callback -returns a pointer to the currently set information callback function for -.Fa ssl . -.Pp -When setting up a connection and during use, -it is possible to obtain state information from the SSL/TLS engine. -When set, an information callback function is called whenever the state changes, -an alert appears, or an error occurs. -.Pp -The callback function is called as -.Fn callback "SSL *ssl" "int where" "int ret" . -The -.Fa where -argument specifies information about where (in which context) -the callback function was called. -If -.Fa ret -is 0, an error condition occurred. -If an alert is handled, -.Dv SSL_CB_ALERT -is set and -.Fa ret -specifies the alert information. -.Pp -.Fa where -is a bitmask made up of the following bits: -.Bl -tag -width Ds -.It Dv SSL_CB_LOOP -Callback has been called to indicate state change inside a loop. -.It Dv SSL_CB_EXIT -Callback has been called to indicate error exit of a handshake function. -(May be soft error with retry option for non-blocking setups.) -.It Dv SSL_CB_READ -Callback has been called during read operation. -.It Dv SSL_CB_WRITE -Callback has been called during write operation. -.It Dv SSL_CB_ALERT -Callback has been called due to an alert being sent or received. -.It Dv SSL_CB_READ_ALERT -.It Dv SSL_CB_WRITE_ALERT -.It Dv SSL_CB_ACCEPT_LOOP -.It Dv SSL_CB_ACCEPT_EXIT -.It Dv SSL_CB_CONNECT_LOOP -.It Dv SSL_CB_CONNECT_EXIT -.It Dv SSL_CB_HANDSHAKE_START -Callback has been called because a new handshake is started. -.It Dv SSL_CB_HANDSHAKE_DONE -Callback has been called because a handshake is finished. -.El -.Pp -The current state information can be obtained using the -.Xr SSL_state_string 3 -family of functions. -.Pp -The -.Fa ret -information can be evaluated using the -.Xr SSL_alert_type_string 3 -family of functions. -.Sh RETURN VALUES -.Fn SSL_CTX_get_info_callback -and -.Fn SSL_get_info_callback -return a pointer to the current callback or -.Dv NULL -if none is set. -.Sh EXAMPLES -The following example callback function prints state strings, -information about alerts being handled and error messages to the -.Va bio_err -.Vt BIO . -.Bd -literal -void -apps_ssl_info_callback(SSL *s, int where, int ret) -{ - const char *str; - int w; - - w = where & ~SSL_ST_MASK; - - if (w & SSL_ST_CONNECT) - str = "SSL_connect"; - else if (w & SSL_ST_ACCEPT) - str = "SSL_accept"; - else - str = "undefined"; - - if (where & SSL_CB_LOOP) { - BIO_printf(bio_err, "%s:%s\en", str, - SSL_state_string_long(s)); - } else if (where & SSL_CB_ALERT) { - str = (where & SSL_CB_READ) ? "read" : "write"; - BIO_printf(bio_err, "SSL3 alert %s:%s:%s\en", str, - SSL_alert_type_string_long(ret), - SSL_alert_desc_string_long(ret)); - } else if (where & SSL_CB_EXIT) { - if (ret == 0) - BIO_printf(bio_err, "%s:failed in %s\en", - str, SSL_state_string_long(s)); - else if (ret < 0) { - BIO_printf(bio_err, "%s:error in %s\en", - str, SSL_state_string_long(s)); - } - } -} -.Ed -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_alert_type_string 3 , -.Xr SSL_state_string 3 -.Sh HISTORY -These functions first appeared in SSLeay 0.6.0 -and have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_set_keylog_callback.3 b/src/lib/libssl/man/SSL_CTX_set_keylog_callback.3 deleted file mode 100644 index 24b8f9992f..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_keylog_callback.3 +++ /dev/null @@ -1,56 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_keylog_callback.3,v 1.3 2024/05/16 08:39:30 tb Exp $ -.\" OpenSSL pod checked up to: 61f805c1 Jan 16 01:01:46 2018 +0800 -.\" -.\" Copyright (c) 2021 Bob Beck -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: May 16 2024 $ -.Dt SSL_CTX_SET_KEYLOG_CALLBACK 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_keylog_callback , -.Nm SSL_CTX_get_keylog_callback -.Nd set and get the unused key logging callback -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft typedef void -.Fo (*SSL_CTX_keylog_cb_func) -.Fa "const SSL *ssl" -.Fa "const char *line" -.Fc -.Ft void -.Fn SSL_CTX_set_keylog_callback "SSL_CTX *ctx" "SSL_CTX_keylog_cb_func cb" -.Ft SSL_CTX_keylog_cb_func -.Fn SSL_CTX_get_keylog_callback "const SSL_CTX *ctx" -.Sh DESCRIPTION -.Fn SSL_CTX_set_keylog_callback -sets the TLS key logging callback. -This callback is never called in LibreSSL. -.Pp -.Fn SSL_CTX_get_keylog_callback -retrieves the previously set TLS key logging callback. -.Pp -These functions are provided only for compatibility with OpenSSL. -.Sh RETURN VALUES -.Fn SSL_CTX_get_keylog_callback -returns the previously set TLS key logging callback, or -.Dv NULL -if no callback has been set. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_new 3 -.Sh HISTORY -These function first appeared in OpenSSL 1.1.1 -and have been available since -.Ox 7.1 . diff --git a/src/lib/libssl/man/SSL_CTX_set_max_cert_list.3 b/src/lib/libssl/man/SSL_CTX_set_max_cert_list.3 deleted file mode 100644 index 89513b1006..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_max_cert_list.3 +++ /dev/null @@ -1,154 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_max_cert_list.3,v 1.6 2019/06/12 09:36:30 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 12 2019 $ -.Dt SSL_CTX_SET_MAX_CERT_LIST 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_max_cert_list , -.Nm SSL_CTX_get_max_cert_list , -.Nm SSL_set_max_cert_list , -.Nm SSL_get_max_cert_list -.Nd manipulate allowed size for the peer's certificate chain -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft long -.Fn SSL_CTX_set_max_cert_list "SSL_CTX *ctx" "long size" -.Ft long -.Fn SSL_CTX_get_max_cert_list "SSL_CTX *ctx" -.Ft long -.Fn SSL_set_max_cert_list "SSL *ssl" "long size" -.Ft long -.Fn SSL_get_max_cert_list "SSL *ctx" -.Sh DESCRIPTION -.Fn SSL_CTX_set_max_cert_list -sets the maximum size allowed for the peer's certificate chain for all -.Vt SSL -objects created from -.Fa ctx -to be -.Fa size -bytes. -The -.Vt SSL -objects inherit the setting valid for -.Fa ctx -at the time -.Xr SSL_new 3 -is being called. -.Pp -.Fn SSL_CTX_get_max_cert_list -returns the currently set maximum size for -.Fa ctx . -.Pp -.Fn SSL_set_max_cert_list -sets the maximum size allowed for the peer's certificate chain for -.Fa ssl -to be -.Fa size -bytes. -This setting stays valid until a new value is set. -.Pp -.Fn SSL_get_max_cert_list -returns the currently set maximum size for -.Fa ssl . -.Pp -During the handshake process, the peer may send a certificate chain. -The TLS/SSL standard does not give any maximum size of the certificate chain. -The OpenSSL library handles incoming data by a dynamically allocated buffer. -In order to prevent this buffer from growing without bound due to data -received from a faulty or malicious peer, a maximum size for the certificate -chain is set. -.Pp -The default value for the maximum certificate chain size is 100kB (30kB -on the 16bit DOS platform). -This should be sufficient for usual certificate chains -(OpenSSL's default maximum chain length is 10, see -.Xr SSL_CTX_set_verify 3 , -and certificates without special extensions have a typical size of 1-2kB). -.Pp -For special applications it can be necessary to extend the maximum certificate -chain size allowed to be sent by the peer. -See for example the work on -.%T "Internet X.509 Public Key Infrastructure Proxy Certificate Profile" -and -.%T "TLS Delegation Protocol" -at -.Lk https://www.ietf.org/ -and -.Lk http://www.globus.org/ . -.Pp -Under normal conditions it should never be necessary to set a value smaller -than the default, as the buffer is handled dynamically and only uses the -memory actually required by the data sent by the peer. -.Pp -If the maximum certificate chain size allowed is exceeded, the handshake will -fail with a -.Dv SSL_R_EXCESSIVE_MESSAGE_SIZE -error. -.Sh RETURN VALUES -.Fn SSL_CTX_set_max_cert_list -and -.Fn SSL_set_max_cert_list -return the previously set value. -.Pp -.Fn SSL_CTX_get_max_cert_list -and -.Fn SSL_get_max_cert_list -return the currently set value. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_ctrl 3 , -.Xr SSL_CTX_set_verify 3 , -.Xr SSL_new 3 -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.7 -and have been available since -.Ox 3.2 . diff --git a/src/lib/libssl/man/SSL_CTX_set_min_proto_version.3 b/src/lib/libssl/man/SSL_CTX_set_min_proto_version.3 deleted file mode 100644 index a2597cda83..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_min_proto_version.3 +++ /dev/null @@ -1,156 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_min_proto_version.3,v 1.5 2021/04/15 16:40:32 tb Exp $ -.\" full merge up to: OpenSSL 3edabd3c Sep 14 09:28:39 2017 +0200 -.\" -.\" This file was written by Kurt Roeckx and -.\" Christian Heimes . -.\" Copyright (c) 2015, 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: April 15 2021 $ -.Dt SSL_CTX_SET_MIN_PROTO_VERSION 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_min_proto_version , -.Nm SSL_CTX_set_max_proto_version , -.Nm SSL_CTX_get_min_proto_version , -.Nm SSL_CTX_get_max_proto_version , -.Nm SSL_set_min_proto_version , -.Nm SSL_set_max_proto_version , -.Nm SSL_get_min_proto_version , -.Nm SSL_get_max_proto_version -.Nd get and set minimum and maximum supported protocol version -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fo SSL_CTX_set_min_proto_version -.Fa "SSL_CTX *ctx" -.Fa "uint16_t version" -.Fc -.Ft int -.Fo SSL_CTX_set_max_proto_version -.Fa "SSL_CTX *ctx" -.Fa "uint16_t version" -.Fc -.Ft int -.Fo SSL_CTX_get_min_proto_version -.Fa "SSL_CTX *ctx" -.Fc -.Ft int -.Fo SSL_CTX_get_max_proto_version -.Fa "SSL_CTX *ctx" -.Fc -.Ft int -.Fo SSL_set_min_proto_version -.Fa "SSL *ssl" -.Fa "uint16_t version" -.Fc -.Ft int -.Fo SSL_set_max_proto_version -.Fa "SSL *ssl" -.Fa "uint16_t version" -.Fc -.Ft int -.Fo SSL_get_min_proto_version -.Fa "SSL *ssl" -.Fc -.Ft int -.Fo SSL_get_max_proto_version -.Fa "SSL *ssl" -.Fc -.Sh DESCRIPTION -These functions get or set the minimum and maximum supported protocol -versions for -.Fa ctx -or -.Fa ssl . -This works in combination with the options set via -.Xr SSL_CTX_set_options 3 -that also make it possible to disable specific protocol versions. -Use these functions instead of disabling specific protocol versions. -.Pp -Setting the minimum or maximum version to 0 will enable protocol -versions down to the lowest or up to the highest version supported -by the library, respectively. -.Pp -Currently supported versions are -.Dv TLS1_VERSION , -.Dv TLS1_1_VERSION , -and -.Dv TLS1_2_VERSION -for TLS and -.Dv DTLS1_VERSION -and -.Dv DTLS1_2_VERSION -for DTLS. -.Pp -In other implementations, these functions may be implemented as macros. -.Sh RETURN VALUES -The setter functions return 1 on success or 0 on failure. -.Pp -The getter functions return the configured version or 0 if -.Fa ctx -or -.Fa ssl -has been configured to automatically use the lowest or highest -version supported by the library. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_new 3 , -.Xr SSL_CTX_set_options 3 -.Sh HISTORY -The setter functions first appeared in BoringSSL in December 2014, -with shorter names without the -.Sy proto_ -part. -Two years later, OpenSSL included them in their 1.1.0 release, -gratuitously changing the names; Google shrugged and adopted -the longer names one month later. -They have been available since -.Ox 6.2 . -.Pp -The getter functions first appeared in OpenSSL 1.1.0g -and have been available since -.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_CTX_set_mode.3 b/src/lib/libssl/man/SSL_CTX_set_mode.3 deleted file mode 100644 index fca1a977d0..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_mode.3 +++ /dev/null @@ -1,204 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_mode.3,v 1.7 2020/10/08 16:02:38 tb Exp $ -.\" full merge up to: OpenSSL 8671b898 Jun 3 02:48:34 2008 +0000 -.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 -.\" -.\" This file was written by Lutz Jaenicke and -.\" Ben Laurie . -.\" Copyright (c) 2001, 2008 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: October 8 2020 $ -.Dt SSL_CTX_SET_MODE 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_mode , -.Nm SSL_set_mode , -.Nm SSL_CTX_clear_mode , -.Nm SSL_clear_mode , -.Nm SSL_CTX_get_mode , -.Nm SSL_get_mode -.Nd manipulate SSL engine mode -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft long -.Fn SSL_CTX_set_mode "SSL_CTX *ctx" "long mode" -.Ft long -.Fn SSL_set_mode "SSL *ssl" "long mode" -.Ft long -.Fn SSL_CTX_clear_mode "SSL_CTX *ctx" "long mode" -.Ft long -.Fn SSL_clear_mode "SSL *ssl" "long mode" -.Ft long -.Fn SSL_CTX_get_mode "SSL_CTX *ctx" -.Ft long -.Fn SSL_get_mode "SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_CTX_set_mode -and -.Fn SSL_set_mode -enable the options contained in the bitmask -.Fa mode -for the -.Fa ctx -or -.Fa ssl -object, respectively. -Options that were already enabled before the call are not disabled. -.Pp -.Fn SSL_CTX_clear_mode -and -.Fn SSL_clear_mode -disable the options contained in the bitmask -.Fa mode -for the -.Fa ctx -or -.Fa ssl -object. -.Pp -.Fn SSL_CTX_get_mode -and -.Fn SSL_get_mode -return a bitmask representing the options -that are currently enabled for the -.Fa ctx -or -.Fa ssl -object. -.Pp -The following options are available: -.Bl -tag -width Ds -.It Dv SSL_MODE_ENABLE_PARTIAL_WRITE -Allow -.Fn SSL_write ... n -to return -.Ms r -with -.EQ -0 < r < n -.EN -(i.e., report success when just a single record has been written). -When not set (the default), -.Xr SSL_write 3 -will only report success once the complete chunk was written. -Once -.Xr SSL_write 3 -returns with -.Ms r , -.Ms r -bytes have been successfully written and the next call to -.Xr SSL_write 3 -must only send the -.Ms n \(mi r -bytes left, imitating the behaviour of -.Xr write 2 . -.It Dv SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER -Make it possible to retry -.Xr SSL_write 3 -with changed buffer location (the buffer contents must stay the same). -This is not the default to avoid the misconception that non-blocking -.Xr SSL_write 3 -behaves like non-blocking -.Xr write 2 . -.It Dv SSL_MODE_AUTO_RETRY -Never bother the application with retries if the transport is blocking. -If a renegotiation takes place during normal operation, a -.Xr SSL_read 3 -or -.Xr SSL_write 3 -would return -with \(mi1 and indicate the need to retry with -.Dv SSL_ERROR_WANT_READ . -In a non-blocking environment applications must be prepared to handle -incomplete read/write operations. -In a blocking environment, applications are not always prepared to deal with -read/write operations returning without success report. -The flag -.Dv SSL_MODE_AUTO_RETRY -will cause read/write operations to only return after the handshake and -successful completion. -.It Dv SSL_MODE_RELEASE_BUFFERS -When we no longer need a read buffer or a write buffer for a given -.Vt SSL , -then release the memory we were using to hold it. -Using this flag can save around 34k per idle SSL connection. -This flag has no effect on SSL v2 connections, or on DTLS connections. -.El -.Sh RETURN VALUES -.Fn SSL_CTX_set_mode , -.Fn SSL_set_mode , -.Fn SSL_CTX_clear_mode , -and -.Fn SSL_clear_mode -return the new mode bitmask after adding or clearing -.Fa mode . -.Pp -.Fn SSL_CTX_get_mode -and -.Fn SSL_get_mode -return the current bitmask. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_ctrl 3 , -.Xr SSL_read 3 , -.Xr SSL_write 3 -.Sh HISTORY -.Fn SSL_CTX_set_mode , -.Fn SSL_set_mode , -.Fn SSL_CTX_get_mode , -and -.Fn SSL_get_mode -first appeared in OpenSSL 0.9.4 and have been available since -.Ox 2.6 . -.Pp -.Fn SSL_CTX_clear_mode -and -.Fn SSL_clear_mode -first appeared in OpenSSL 0.9.8m and have been available since -.Ox 4.9 . -.Pp -.Dv SSL_MODE_AUTO_RETRY -was added in OpenSSL 0.9.6. diff --git a/src/lib/libssl/man/SSL_CTX_set_msg_callback.3 b/src/lib/libssl/man/SSL_CTX_set_msg_callback.3 deleted file mode 100644 index a27333e6d9..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_msg_callback.3 +++ /dev/null @@ -1,183 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_msg_callback.3,v 1.5 2021/04/15 16:43:27 tb Exp $ -.\" OpenSSL SSL_CTX_set_msg_callback.pod e9b77246 Jan 20 19:58:49 2017 +0100 -.\" OpenSSL SSL_CTX_set_msg_callback.pod b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Bodo Moeller . -.\" Copyright (c) 2001, 2014, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: April 15 2021 $ -.Dt SSL_CTX_SET_MSG_CALLBACK 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_msg_callback , -.Nm SSL_CTX_set_msg_callback_arg , -.Nm SSL_set_msg_callback , -.Nm SSL_set_msg_callback_arg -.Nd install callback for observing protocol messages -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft void -.Fo SSL_CTX_set_msg_callback -.Fa "SSL_CTX *ctx" -.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)" -.Fc -.Ft void -.Fn SSL_CTX_set_msg_callback_arg "SSL_CTX *ctx" "void *arg" -.Ft void -.Fo SSL_set_msg_callback -.Fa "SSL *ssl" -.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)" -.Fc -.Ft void -.Fn SSL_set_msg_callback_arg "SSL *ssl" "void *arg" -.Sh DESCRIPTION -.Fn SSL_CTX_set_msg_callback -or -.Fn SSL_set_msg_callback -can be used to define a message callback function -.Fa cb -for observing all SSL/TLS protocol messages (such as handshake messages) -that are received or sent. -.Fn SSL_CTX_set_msg_callback_arg -and -.Fn SSL_set_msg_callback_arg -can be used to set argument -.Fa arg -to the callback function, which is available for arbitrary application use. -.Pp -.Fn SSL_CTX_set_msg_callback -and -.Fn SSL_CTX_set_msg_callback_arg -specify default settings that will be copied to new -.Vt SSL -objects by -.Xr SSL_new 3 . -.Fn SSL_set_msg_callback -and -.Fn SSL_set_msg_callback_arg -modify the actual settings of an -.Vt SSL -object. -Using a -.Dv NULL -pointer for -.Fa cb -disables the message callback. -.Pp -When -.Fa cb -is called by the SSL/TLS library for a protocol message, -the function arguments have the following meaning: -.Bl -tag -width Ds -.It Fa write_p -This flag is 0 when a protocol message has been received and 1 when a protocol -message has been sent. -.It Fa version -The protocol version according to which the protocol message is -interpreted by the library, such as -.Dv TLS1_VERSION , -.Dv TLS1_1_VERSION , -.Dv TLS1_2_VERSION , -.Dv DTLS1_VERSION , -or -.Dv DTLS1_2_VERSION . -.It Fa content_type -This is one of the -.Em ContentType -values defined in the protocol specification -.Po -.Dv SSL3_RT_CHANGE_CIPHER_SPEC , -.Dv SSL3_RT_ALERT , -.Dv SSL3_RT_HANDSHAKE , -but never -.Dv SSL3_RT_APPLICATION_DATA -because the callback will only be called for protocol messages. -.Pc -.It Fa buf , Fa len -.Fa buf -points to a buffer containing the protocol message, which consists of -.Fa len -bytes. -The buffer is no longer valid after the callback function has returned. -.It Fa ssl -The -.Vt SSL -object that received or sent the message. -.It Fa arg -The user-defined argument optionally defined by -.Fn SSL_CTX_set_msg_callback_arg -or -.Fn SSL_set_msg_callback_arg . -.El -.Pp -Protocol messages are passed to the callback function after decryption -and fragment collection where applicable. -(Thus record boundaries are not visible.) -.Pp -If processing a received protocol message results in an error, -the callback function may not be called. -For example, the callback function will never see messages that are considered -too large to be processed. -.Pp -Due to automatic protocol version negotiation, -.Fa version -is not necessarily the protocol version used by the sender of the message: -If a TLS 1.0 ClientHello message is received by an SSL 3.0-only server, -.Fa version -will be -.Dv SSL3_VERSION . -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_new 3 -.Sh HISTORY -.Fn SSL_CTX_set_msg_callback , -.Fn SSL_CTX_set_msg_callback_arg , -.Fn SSL_set_msg_callback -and -.Fn SSL_set_msg_callback_arg -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . diff --git a/src/lib/libssl/man/SSL_CTX_set_num_tickets.3 b/src/lib/libssl/man/SSL_CTX_set_num_tickets.3 deleted file mode 100644 index cb6d7e000a..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_num_tickets.3 +++ /dev/null @@ -1,63 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_num_tickets.3,v 1.2 2021/10/23 17:20:50 schwarze Exp $ -.\" OpenSSL pod checked up to: 5402f96a Sep 11 09:58:52 2021 +0100 -.\" -.\" Copyright (c) 2021 Bob Beck -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: October 23 2021 $ -.Dt SSL_CTX_SET_NUM_TICKETS 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_num_tickets , -.Nm SSL_CTX_get_num_tickets , -.Nm SSL_set_num_tickets , -.Nm SSL_get_num_tickets -.Nd set and get the number of TLS 1.3 session tickets to be sent -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_CTX_set_num_tickets "SSL_CTX *ctx" "size_t num_tickets" -.Ft size_t -.Fn SSL_CTX_get_num_tickets "const SSL_CTX *ctx" -.Ft int -.Fn SSL_set_num_tickets "SSL *ssl" "size_t num_tickets" -.Ft size_t -.Fn SSL_get_num_tickets "const SSL *ssl" -.Sh DESCRIPTION -These functions set and retrieve -the configured number of session tickets for -.Fa ctx -and -.Fa ssl , -respectively. -.Pp -They are provided only for compatibility with OpenSSL -and have no effect in LibreSSL. -.Sh RETURN VALUES -.Fn SSL_CTX_set_num_tickets -and -.Fn SSL_set_num_tickets -always return 1. -.Pp -.Fn SSL_CTX_get_num_tickets -and -.Fn SSL_get_num_tickets -return the previously set number of tickets, or 0 if it has not been set. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_new 3 -.Sh HISTORY -These function first appeared in OpenSSL 1.1.1 -and have been available since -.Ox 7.1 . diff --git a/src/lib/libssl/man/SSL_CTX_set_options.3 b/src/lib/libssl/man/SSL_CTX_set_options.3 deleted file mode 100644 index 5df0b07785..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_options.3 +++ /dev/null @@ -1,374 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_options.3,v 1.16 2022/03/31 17:27:18 naddy Exp $ -.\" full merge up to: OpenSSL 7946ab33 Dec 6 17:56:41 2015 +0100 -.\" selective merge up to: OpenSSL edb79c3a Mar 29 10:07:14 2017 +1000 -.\" -.\" This file was written by Lutz Jaenicke , -.\" Bodo Moeller , and -.\" Dr. Stephen Henson . -.\" Copyright (c) 2001-2003, 2005, 2007, 2009, 2010, 2013-2015 -.\" The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 31 2022 $ -.Dt SSL_CTX_SET_OPTIONS 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_options , -.Nm SSL_set_options , -.Nm SSL_CTX_clear_options , -.Nm SSL_clear_options , -.Nm SSL_CTX_get_options , -.Nm SSL_get_options , -.Nm SSL_get_secure_renegotiation_support -.Nd manipulate SSL options -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft long -.Fn SSL_CTX_set_options "SSL_CTX *ctx" "long options" -.Ft long -.Fn SSL_set_options "SSL *ssl" "long options" -.Ft long -.Fn SSL_CTX_clear_options "SSL_CTX *ctx" "long options" -.Ft long -.Fn SSL_clear_options "SSL *ssl" "long options" -.Ft long -.Fn SSL_CTX_get_options "SSL_CTX *ctx" -.Ft long -.Fn SSL_get_options "SSL *ssl" -.Ft long -.Fn SSL_get_secure_renegotiation_support "SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_CTX_set_options -adds the options set via bitmask in -.Fa options -to -.Fa ctx . -Options already set before are not cleared! -.Pp -.Fn SSL_set_options -adds the options set via bitmask in -.Fa options -to -.Fa ssl . -Options already set before are not cleared! -.Pp -.Fn SSL_CTX_clear_options -clears the options set via bitmask in -.Fa options -to -.Fa ctx . -.Pp -.Fn SSL_clear_options -clears the options set via bitmask in -.Fa options -to -.Fa ssl . -.Pp -.Fn SSL_CTX_get_options -returns the options set for -.Fa ctx . -.Pp -.Fn SSL_get_options -returns the options set for -.Fa ssl . -.Pp -.Fn SSL_get_secure_renegotiation_support -indicates whether the peer supports secure renegotiation. -.Pp -All these functions are implemented using macros. -.Pp -The behaviour of the SSL library can be changed by setting several options. -The options are coded as bitmasks and can be combined by a bitwise OR -operation (|). -.Pp -.Fn SSL_CTX_set_options -and -.Fn SSL_set_options -affect the (external) protocol behaviour of the SSL library. -The (internal) behaviour of the API can be changed by using the similar -.Xr SSL_CTX_set_mode 3 -and -.Xr SSL_set_mode 3 -functions. -.Pp -During a handshake, the option settings of the SSL object are used. -When a new SSL object is created from a context using -.Xr SSL_new 3 , -the current option setting is copied. -Changes to -.Fa ctx -do not affect already created -.Vt SSL -objects. -.Fn SSL_clear -does not affect the settings. -.Pp -The following -.Em bug workaround -options are available: -.Bl -tag -width Ds -.It Dv SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS -Disables a countermeasure against a TLS 1.0 protocol vulnerability -affecting CBC ciphers, which cannot be handled by some broken SSL -implementations. -This option has no effect for connections using other ciphers. -.It Dv SSL_OP_ALL -This is currently an alias for -.Dv SSL_OP_LEGACY_SERVER_CONNECT . -.El -.Pp -It is usually safe to use -.Dv SSL_OP_ALL -to enable the bug workaround options if compatibility with somewhat broken -implementations is desired. -.Pp -The following -.Em modifying -options are available: -.Bl -tag -width Ds -.It Dv SSL_OP_CIPHER_SERVER_PREFERENCE -When choosing a cipher, use the server's preferences instead of the client -preferences. -When not set, the server will always follow the client's preferences. -When set, the server will choose following its own preferences. -.It Dv SSL_OP_COOKIE_EXCHANGE -Turn on Cookie Exchange as described in RFC 4347 Section 4.2.1. -Only affects DTLS connections. -.It Dv SSL_OP_LEGACY_SERVER_CONNECT -Allow legacy insecure renegotiation between OpenSSL and unpatched servers -.Em only : -this option is currently set by default. -See the -.Sx SECURE RENEGOTIATION -section for more details. -.It Dv SSL_OP_NO_DTLSv1 -Do not use the DTLSv1 protocol. -Deprecated; use -.Xr SSL_CTX_set_min_proto_version 3 -instead. -.It Dv SSL_OP_NO_DTLSv1_2 -Do not use the DTLSv1.2 protocol. -Deprecated; use -.Xr SSL_CTX_set_min_proto_version 3 -instead. -.It Dv SSL_OP_NO_QUERY_MTU -Do not query the MTU. -Only affects DTLS connections. -.It Dv SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION -When performing renegotiation as a server, always start a new session (i.e., -session resumption requests are only accepted in the initial handshake). -This option is not needed for clients. -.It Dv SSL_OP_NO_TICKET -Normally clients and servers using TLSv1.2 and earlier will, where possible, -transparently make use of -RFC 5077 tickets for stateless session resumption. -.Pp -If this option is set, this functionality is disabled and tickets will not be -used by clients or servers. -.It Dv SSL_OP_NO_TLSv1 -Do not use the TLSv1.0 protocol. -Deprecated; use -.Xr SSL_CTX_set_min_proto_version 3 -instead. -.It Dv SSL_OP_NO_TLSv1_1 -Do not use the TLSv1.1 protocol. -Deprecated; use -.Xr SSL_CTX_set_min_proto_version 3 -instead. -.It Dv SSL_OP_NO_TLSv1_2 -Do not use the TLSv1.2 protocol. -Deprecated; use -.Xr SSL_CTX_set_max_proto_version 3 -instead. -.El -.Pp -The following options used to be supported at some point in the past -and no longer have any effect: -.Dv SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION , -.Dv SSL_OP_EPHEMERAL_RSA , -.Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER , -.Dv SSL_OP_MICROSOFT_SESS_ID_BUG , -.Dv SSL_OP_NETSCAPE_CA_DN_BUG , -.Dv SSL_OP_NETSCAPE_CHALLENGE_BUG , -.Dv SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG , -.Dv SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG , -.Dv SSL_OP_NO_COMPRESSION , -.Dv SSL_OP_NO_SSLv2 , -.Dv SSL_OP_NO_SSLv3 , -.Dv SSL_OP_PKCS1_CHECK_1 , -.Dv SSL_OP_PKCS1_CHECK_2 , -.Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG , -.Dv SSL_OP_SINGLE_DH_USE , -.Dv SSL_OP_SINGLE_ECDH_USE , -.Dv SSL_OP_SSLEAY_080_CLIENT_DH_BUG , -.Dv SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG , -.Dv SSL_OP_TLS_BLOCK_PADDING_BUG , -.Dv SSL_OP_TLS_D5_BUG , -.Dv SSL_OP_TLS_ROLLBACK_BUG , -.Dv SSL_OP_TLSEXT_PADDING . -.Sh SECURE RENEGOTIATION -OpenSSL 0.9.8m and later always attempts to use secure renegotiation as -described in RFC 5746. -This counters the prefix attack described in CVE-2009-3555 and elsewhere. -.Pp -This attack has far-reaching consequences which application writers should be -aware of. -In the description below an implementation supporting secure renegotiation is -referred to as -.Dq patched . -A server not supporting secure -renegotiation is referred to as -.Dq unpatched . -.Pp -The following sections describe the operations permitted by OpenSSL's secure -renegotiation implementation. -.Ss Patched client and server -Connections and renegotiation are always permitted by OpenSSL implementations. -.Ss Unpatched client and patched OpenSSL server -The initial connection succeeds but client renegotiation is denied by the -server with a -.Em no_renegotiation -warning alert. -.Pp -If the patched OpenSSL server attempts to renegotiate, a fatal -.Em handshake_failure -alert is sent. -This is because the server code may be unaware of the unpatched nature of the -client. -.Pp -Note that a bug in OpenSSL clients earlier than 0.9.8m (all of which -are unpatched) will result in the connection hanging if it receives a -.Em no_renegotiation -alert. -OpenSSL versions 0.9.8m and later will regard a -.Em no_renegotiation -alert as fatal and respond with a fatal -.Em handshake_failure -alert. -This is because the OpenSSL API currently has no provision to indicate to an -application that a renegotiation attempt was refused. -.Ss Patched OpenSSL client and unpatched server -If the option -.Dv SSL_OP_LEGACY_SERVER_CONNECT -is set then initial connections and renegotiation between patched OpenSSL -clients and unpatched servers succeeds. -If neither option is set then initial connections to unpatched servers will -fail. -.Pp -The option -.Dv SSL_OP_LEGACY_SERVER_CONNECT -is currently set by default even though it has security implications: -otherwise it would be impossible to connect to unpatched servers (i.e., all of -them initially) and this is clearly not acceptable. -Renegotiation is permitted because this does not add any additional security -issues: during an attack clients do not see any renegotiations anyway. -.Pp -As more servers become patched, the option -.Dv SSL_OP_LEGACY_SERVER_CONNECT -will -.Em not -be set by default in a future version of OpenSSL. -.Pp -OpenSSL client applications wishing to ensure they can connect to unpatched -servers should always -.Em set -.Dv SSL_OP_LEGACY_SERVER_CONNECT . -.Pp -OpenSSL client applications that want to ensure they can -.Em not -connect to unpatched servers (and thus avoid any security issues) should always -.Em clear -.Dv SSL_OP_LEGACY_SERVER_CONNECT -using -.Fn SSL_CTX_clear_options -or -.Fn SSL_clear_options . -.Sh RETURN VALUES -.Fn SSL_CTX_set_options -and -.Fn SSL_set_options -return the new options bitmask after adding -.Fa options . -.Pp -.Fn SSL_CTX_clear_options -and -.Fn SSL_clear_options -return the new options bitmask after clearing -.Fa options . -.Pp -.Fn SSL_CTX_get_options -and -.Fn SSL_get_options -return the current bitmask. -.Pp -.Fn SSL_get_secure_renegotiation_support -returns 1 is the peer supports secure renegotiation and 0 if it does not. -.Sh SEE ALSO -.Xr openssl 1 , -.Xr ssl 3 , -.Xr SSL_clear 3 , -.Xr SSL_CTX_ctrl 3 , -.Xr SSL_CTX_set_min_proto_version 3 , -.Xr SSL_new 3 -.Sh HISTORY -.Fn SSL_CTX_set_options -and -.Fn SSL_set_options -first appeared in SSLeay 0.9.0 and have been available since -.Ox 2.4 . -.Pp -.Fn SSL_CTX_get_options -and -.Fn SSL_get_options -first appeared in OpenSSL 0.9.2b and have been available since -.Ox 2.6 . -.Pp -.Fn SSL_CTX_clear_options , -.Fn SSL_clear_options , -and -.Fn SSL_get_secure_renegotiation_support -first appeared in OpenSSL 0.9.8m and have been available since -.Ox 4.9 . diff --git a/src/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 b/src/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 deleted file mode 100644 index 71463f1eca..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 +++ /dev/null @@ -1,161 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_quiet_shutdown.3,v 1.6 2020/03/30 10:28:59 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001, 2005 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 30 2020 $ -.Dt SSL_CTX_SET_QUIET_SHUTDOWN 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_quiet_shutdown , -.Nm SSL_CTX_get_quiet_shutdown , -.Nm SSL_set_quiet_shutdown , -.Nm SSL_get_quiet_shutdown -.Nd manipulate shutdown behaviour -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft void -.Fn SSL_CTX_set_quiet_shutdown "SSL_CTX *ctx" "int mode" -.Ft int -.Fn SSL_CTX_get_quiet_shutdown "const SSL_CTX *ctx" -.Ft void -.Fn SSL_set_quiet_shutdown "SSL *ssl" "int mode" -.Ft int -.Fn SSL_get_quiet_shutdown "const SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_CTX_set_quiet_shutdown -sets the -.Dq quiet shutdown -flag for -.Fa ctx -to be -.Fa mode . -.Vt SSL -objects created from -.Fa ctx -inherit the -.Fa mode -valid at the time -.Xr SSL_new 3 -is called. -.Fa mode -may be 0 or 1. -.Pp -.Fn SSL_CTX_get_quiet_shutdown -returns the -.Dq quiet shutdown -setting of -.Fa ctx . -.Pp -.Fn SSL_set_quiet_shutdown -sets the -.Dq quiet shutdown -flag for -.Fa ssl -to be -.Fa mode . -The setting stays valid until -.Fa ssl -is removed with -.Xr SSL_free 3 -or -.Fn SSL_set_quiet_shutdown -is called again. -It is not changed when -.Xr SSL_clear 3 -is called. -.Fa mode -may be 0 or 1. -.Pp -.Fn SSL_get_quiet_shutdown -returns the -.Dq quiet shutdown -setting of -.Fa ssl . -.Pp -Normally when a SSL connection is finished, the parties must send out -.Dq close notify -alert messages using -.Xr SSL_shutdown 3 -for a clean shutdown. -.Pp -When setting the -.Dq quiet shutdown -flag to 1, -.Xr SSL_shutdown 3 -will set the internal flags to -.Dv SSL_SENT_SHUTDOWN Ns | Ns Dv SSL_RECEIVED_SHUTDOWN -.Po -.Xr SSL_shutdown 3 -then behaves like -.Xr SSL_set_shutdown 3 -called with -.Dv SSL_SENT_SHUTDOWN Ns | Ns Dv SSL_RECEIVED_SHUTDOWN -.Pc . -The session is thus considered to be shut down, but no -.Dq close notify -alert is sent to the peer. -This behaviour violates the TLS standard. -.Pp -The default is normal shutdown behaviour as described by the TLS standard. -.Sh RETURN VALUES -.Fn SSL_CTX_get_quiet_shutdown -and -.Fn SSL_get_quiet_shutdown -return the current setting. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_clear 3 , -.Xr SSL_free 3 , -.Xr SSL_new 3 , -.Xr SSL_set_shutdown 3 , -.Xr SSL_shutdown 3 -.Sh HISTORY -These functions first appeared in SSLeay 0.8.1 -and have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_set_read_ahead.3 b/src/lib/libssl/man/SSL_CTX_set_read_ahead.3 deleted file mode 100644 index eae76eb472..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_read_ahead.3 +++ /dev/null @@ -1,144 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_read_ahead.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Matt Caswell . -.\" Copyright (c) 2015, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_CTX_SET_READ_AHEAD 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_read_ahead , -.Nm SSL_CTX_get_read_ahead , -.Nm SSL_set_read_ahead , -.Nm SSL_get_read_ahead , -.Nm SSL_CTX_get_default_read_ahead -.Nd manage whether to read as many input bytes as possible -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft void -.Fo SSL_CTX_set_read_ahead -.Fa "SSL_CTX *ctx" -.Fa "int yes" -.Fc -.Ft long -.Fo SSL_CTX_get_read_ahead -.Fa "SSL_CTX *ctx" -.Fc -.Ft void -.Fo SSL_set_read_ahead -.Fa "SSL *s" -.Fa "int yes" -.Fc -.Ft long -.Fo SSL_get_read_ahead -.Fa "const SSL *s" -.Fc -.Ft long -.Fo SSL_CTX_get_default_read_ahead -.Fa "SSL_CTX *ctx" -.Fc -.Sh DESCRIPTION -.Fn SSL_CTX_set_read_ahead -and -.Fn SSL_set_read_ahead -set whether as many input bytes as possible are read for non-blocking -reads. -For example if -.Ar x -bytes are currently required by OpenSSL, but -.Ar y -bytes are available from the underlying BIO (where -.Ar y No > Ar x ) , -then OpenSSL will read all -.Ar y -bytes into its buffer (provided that the buffer is large enough) if -reading ahead is on, or -.Ar x -bytes otherwise. -The parameter -.Fa yes -should be 0 to ensure reading ahead is off, or non zero otherwise. -.Pp -.Fn SSL_CTX_get_read_ahead -and -.Fn SSL_get_read_ahead -indicate whether reading ahead is set or not. -.Pp -.Fn SSL_CTX_get_default_read_ahead -is identical to -.Fn SSL_CTX_get_read_ahead . -.Pp -These functions are implemented as macros. -.Pp -These functions have no effect when used with DTLS. -.Sh RETURN VALUES -.Fn SSL_CTX_get_read_ahead -and -.Fn SSL_get_read_ahead -return 0 if reading ahead is off or non-zero otherwise, -except that the return values are undefined for DTLS. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_pending 3 -.Sh HISTORY -.Fn SSL_set_read_ahead -and -.Fn SSL_get_read_ahead -appeared in SSLeay 0.4 or earlier and have been available since -.Ox 2.4 . -.Pp -.Fn SSL_CTX_set_read_ahead , -.Fn SSL_CTX_get_read_ahead , -and -.Fn SSL_CTX_get_default_read_ahead -first appeared in OpenSSL 0.9.2b and have been available since -.Ox 2.6 . -.Sh CAVEATS -Switching read ahead on can impact the behaviour of the -.Xr SSL_pending 3 -function. diff --git a/src/lib/libssl/man/SSL_CTX_set_security_level.3 b/src/lib/libssl/man/SSL_CTX_set_security_level.3 deleted file mode 100644 index 89adb3d65d..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_security_level.3 +++ /dev/null @@ -1,159 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_security_level.3,v 1.2 2025/01/18 10:45:12 tb Exp $ -.\" -.\" Copyright (c) 2022 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: January 18 2025 $ -.Dt SSL_CTX_SET_SECURITY_LEVEL 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_security_level , -.Nm SSL_set_security_level , -.Nm SSL_CTX_get_security_level , -.Nm SSL_get_security_level -.Nd change security level for TLS -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft void -.Fo SSL_CTX_set_security_level -.Fa "SSL_CTX *ctx" -.Fa "int level" -.Fc -.Ft void -.Fo SSL_set_security_level -.Fa "SSL *s" -.Fa "int level" -.Fc -.Ft int -.Fo SSL_CTX_get_security_level -.Fa "const SSL_CTX *ctx" -.Fc -.Ft int -.Fo SSL_get_security_level -.Fa "const SSL *s" -.Fc -.Sh DESCRIPTION -A security level is a set of restrictions on algorithms, key lengths, -protocol versions, and other features in TLS connections. -These restrictions apply in addition to those that exist from individually -selecting supported features, for example ciphers, curves, or algorithms. -.Pp -The following table shows properties of the various security levels: -.Bl -column # sec 15360 ECC TLS SHA1 -offset indent -.It # Ta sec Ta \0\0RSA Ta ECC Ta TLS Ta MAC -.It 0 Ta \0\00 Ta \0\0\0\00 Ta \0\00 Ta 1.0 Ta MD5 -.It 1 Ta \080 Ta \01024 Ta 160 Ta 1.0 Ta RC4 -.It 2 Ta 112 Ta \02048 Ta 224 Ta 1.0 Ta -.It 3 Ta 128 Ta \03072 Ta 256 Ta 1.1 Ta SHA1 -.It 4 Ta 192 Ta \07680 Ta 384 Ta 1.2 Ta -.It 5 Ta 256 Ta 15360 Ta 512 Ta 1.2 Ta -.El -.Pp -The meaning of the columns is as follows: -.Pp -.Bl -tag -width features -compact -.It # -The number of the -.Fa level . -.It sec -The minimum security strength measured in bits, which is approximately -the binary logarithm of the number of operations an attacker has -to perform in order to break a cryptographic key. -This minimum strength is enforced for all relevant parameters -including cipher suite encryption algorithms, ECC curves, signature -algorithms, DH parameter sizes, and certificate algorithms and key -sizes. -See SP800-57 below -.Sx SEE ALSO -for details on individual algorithms. -.It RSA -The minimum key length in bits for the RSA and DH algorithms. -.It ECC -The minimum key length in bits for ECC algorithms. -.It TLS -The minimum TLS protocol version. -.It MAC -Cipher suites using the given MACs are allowed on this level -and on lower levels, but not on higher levels. -.El -.Pp -Level 0 is only provided for backward compatibility and permits everything. -.Pp -Level 3 and higher disable support for session tickets -and only accept cipher suites that provide forward secrecy. -.Pp -The functions -.Fn SSL_CTX_set_security_level -and -.Fn SSL_set_security_level -choose the security -.Fa level -for -.Fa ctx -or -.Fa s , -respectively. -If not set, security level 1 is used. -.Pp -.Xr SSL_CTX_new 3 -initializes the security level of the new object to 1. -.Pp -.Xr SSL_new 3 -and -.Xr SSL_set_SSL_CTX 3 -copy the security level from the context to the SSL object. -.Pp -.Xr SSL_dup 3 -copies the security level from the old to the new object. -.Sh RETURN VALUES -.Fn SSL_CTX_get_security_level -and -.Fn SSL_get_security_level -return the security level configured in -.Fa ctx -or -.Fa s , -respectively. -.Sh SEE ALSO -.Xr EVP_PKEY_security_bits 3 , -.Xr RSA_security_bits 3 , -.Xr ssl 3 , -.Xr SSL_CTX_new 3 , -.Xr SSL_new 3 -.Rs -.%A Elaine Barker -.%T Recommendation for Key Management -.%I U.S. National Institute of Standards and Technology -.%R NIST Special Publication 800-57 Part 1 Revision 5 -.%U https://doi.org/10.6028/NIST.SP.800-57pt1r5 -.%C Gaithersburg, MD -.%D May 2020 -.Re -.Sh HISTORY -These functions first appeared in OpenSSL 1.1.0 -and have been available since -.Ox 7.2 . -.Sh CAVEATS -Applications which do not check the return values -of configuration functions will misbehave. -For example, if an application does not check the return value -after trying to set a certificate and the certificate is rejected -because of the security level, the application may behave as if -no certificate had been provided at all. -.Pp -While some restrictions may be handled gracefully by negotiations -between the client and the server, other restrictions may be -fatal and abort the TLS handshake. -For example, this can happen if the peer certificate contains a key -that is too short or if the DH parameter size is too small. diff --git a/src/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 b/src/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 deleted file mode 100644 index 1fe67b2a7e..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 +++ /dev/null @@ -1,198 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_session_cache_mode.3,v 1.7 2019/06/12 09:36:30 schwarze Exp $ -.\" OpenSSL 67adf0a7 Dec 25 19:58:38 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke and -.\" Geoff Thorpe . -.\" Copyright (c) 2001, 2002 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 12 2019 $ -.Dt SSL_CTX_SET_SESSION_CACHE_MODE 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_session_cache_mode , -.Nm SSL_CTX_get_session_cache_mode -.Nd enable/disable session caching -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft long -.Fn SSL_CTX_set_session_cache_mode "SSL_CTX ctx" "long mode" -.Ft long -.Fn SSL_CTX_get_session_cache_mode "SSL_CTX ctx" -.Sh DESCRIPTION -.Fn SSL_CTX_set_session_cache_mode -enables/disables session caching by setting the operational mode for -.Ar ctx -to -.Ar mode . -.Pp -.Fn SSL_CTX_get_session_cache_mode -returns the currently used cache mode. -.Pp -The OpenSSL library can store/retrieve SSL/TLS sessions for later reuse. -The sessions can be held in memory for each -.Fa ctx , -if more than one -.Vt SSL_CTX -object is being maintained, the sessions are unique for each -.Vt SSL_CTX -object. -.Pp -In order to reuse a session, a client must send the session's id to the server. -It can only send exactly one id. -The server then either agrees to reuse the session or it starts a full -handshake (to create a new session). -.Pp -A server will look up the session in its internal session storage. -If the session is not found in internal storage or lookups for the internal -storage have been deactivated -.Pq Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP , -the server will try the external storage if available. -.Pp -Since a client may try to reuse a session intended for use in a different -context, the session id context must be set by the server (see -.Xr SSL_CTX_set_session_id_context 3 ) . -.Pp -The following session cache modes and modifiers are available: -.Bl -tag -width Ds -.It Dv SSL_SESS_CACHE_OFF -No session caching for client or server takes place. -.It Dv SSL_SESS_CACHE_CLIENT -Client sessions are added to the session cache. -As there is no reliable way for the OpenSSL library to know whether a session -should be reused or which session to choose (due to the abstract BIO layer the -SSL engine does not have details about the connection), -the application must select the session to be reused by using the -.Xr SSL_set_session 3 -function. -This option is not activated by default. -.It Dv SSL_SESS_CACHE_SERVER -Server sessions are added to the session cache. -When a client proposes a session to be reused, the server looks for the -corresponding session in (first) the internal session cache (unless -.Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP -is set), then (second) in the external cache if available. -If the session is found, the server will try to reuse the session. -This is the default. -.It Dv SSL_SESS_CACHE_BOTH -Enable both -.Dv SSL_SESS_CACHE_CLIENT -and -.Dv SSL_SESS_CACHE_SERVER -at the same time. -.It Dv SSL_SESS_CACHE_NO_AUTO_CLEAR -Normally the session cache is checked for expired sessions every 255 -connections using the -.Xr SSL_CTX_flush_sessions 3 -function. -Since this may lead to a delay which cannot be controlled, -the automatic flushing may be disabled and -.Xr SSL_CTX_flush_sessions 3 -can be called explicitly by the application. -.It Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP -By setting this flag, session-resume operations in an SSL/TLS server will not -automatically look up sessions in the internal cache, -even if sessions are automatically stored there. -If external session caching callbacks are in use, -this flag guarantees that all lookups are directed to the external cache. -As automatic lookup only applies for SSL/TLS servers, -the flag has no effect on clients. -.It Dv SSL_SESS_CACHE_NO_INTERNAL_STORE -Depending on the presence of -.Dv SSL_SESS_CACHE_CLIENT -and/or -.Dv SSL_SESS_CACHE_SERVER , -sessions negotiated in an SSL/TLS handshake may be cached for possible reuse. -Normally a new session is added to the internal cache as well as any external -session caching (callback) that is configured for the -.Vt SSL_CTX . -This flag will prevent sessions being stored in the internal cache -(though the application can add them manually using -.Xr SSL_CTX_add_session 3 ) . -Note: -in any SSL/TLS servers where external caching is configured, any successful -session lookups in the external cache (e.g., for session-resume requests) would -normally be copied into the local cache before processing continues \(en this -flag prevents these additions to the internal cache as well. -.It Dv SSL_SESS_CACHE_NO_INTERNAL -Enable both -.Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP -and -.Dv SSL_SESS_CACHE_NO_INTERNAL_STORE -at the same time. -.El -.Pp -The default mode is -.Dv SSL_SESS_CACHE_SERVER . -.Sh RETURN VALUES -.Fn SSL_CTX_set_session_cache_mode -returns the previously set cache mode. -.Pp -.Fn SSL_CTX_get_session_cache_mode -returns the currently set cache mode. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_add_session 3 , -.Xr SSL_CTX_ctrl 3 , -.Xr SSL_CTX_flush_sessions 3 , -.Xr SSL_CTX_sess_number 3 , -.Xr SSL_CTX_sess_set_cache_size 3 , -.Xr SSL_CTX_sess_set_get_cb 3 , -.Xr SSL_CTX_set_session_id_context 3 , -.Xr SSL_CTX_set_timeout 3 , -.Xr SSL_session_reused 3 , -.Xr SSL_set_session 3 -.Sh HISTORY -.Fn SSL_CTX_set_session_cache_mode -and -.Fn SSL_CTX_get_session_cache_mode -first appeared in SSLeay 0.6.1 and have been available since -.Ox 2.4 . -.Pp -.Dv SSL_SESS_CACHE_NO_INTERNAL_STORE -and -.Dv SSL_SESS_CACHE_NO_INTERNAL -were introduced in OpenSSL 0.9.6h. diff --git a/src/lib/libssl/man/SSL_CTX_set_session_id_context.3 b/src/lib/libssl/man/SSL_CTX_set_session_id_context.3 deleted file mode 100644 index 06fd9348ae..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_session_id_context.3 +++ /dev/null @@ -1,160 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_session_id_context.3,v 1.6 2019/06/08 15:25:43 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001, 2004 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 8 2019 $ -.Dt SSL_CTX_SET_SESSION_ID_CONTEXT 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_session_id_context , -.Nm SSL_set_session_id_context -.Nd set context within which session can be reused (server side only) -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fo SSL_CTX_set_session_id_context -.Fa "SSL_CTX *ctx" -.Fa "const unsigned char *sid_ctx" -.Fa "unsigned int sid_ctx_len" -.Fc -.Ft int -.Fo SSL_set_session_id_context -.Fa "SSL *ssl" -.Fa "const unsigned char *sid_ctx" -.Fa "unsigned int sid_ctx_len" -.Fc -.Sh DESCRIPTION -.Fn SSL_CTX_set_session_id_context -sets the context -.Fa sid_ctx -of length -.Fa sid_ctx_len -within which a session can be reused for the -.Fa ctx -object. -.Pp -.Fn SSL_set_session_id_context -sets the context -.Fa sid_ctx -of length -.Fa sid_ctx_len -within which a session can be reused for the -.Fa ssl -object. -.Pp -Sessions are generated within a certain context. -When exporting/importing sessions with -.Xr i2d_SSL_SESSION 3 -and -.Xr d2i_SSL_SESSION 3 , -it would be possible to re-import a session generated from another context -(e.g., another application), which might lead to malfunctions. -Therefore each application must set its own session id context -.Fa sid_ctx -which is used to distinguish the contexts and is stored in exported sessions. -The -.Fa sid_ctx -can be any kind of binary data with a given length; it is therefore possible -to use, for instance, the name of the application, the hostname, the service -name... -.Pp -The session id context becomes part of the session. -The session id context is set by the SSL/TLS server. -The -.Fn SSL_CTX_set_session_id_context -and -.Fn SSL_set_session_id_context -functions are therefore only useful on the server side. -.Pp -OpenSSL clients will check the session id context returned by the server when -reusing a session. -.Pp -The maximum length of the -.Fa sid_ctx -is limited to -.Dv SSL_MAX_SSL_SESSION_ID_LENGTH . -.Sh WARNINGS -If the session id context is not set on an SSL/TLS server and client -certificates are used, stored sessions will not be reused but a fatal error -will be flagged and the handshake will fail. -.Pp -If a server returns a different session id context to an OpenSSL client -when reusing a session, an error will be flagged and the handshake will -fail. -OpenSSL servers will always return the correct session id context, -as an OpenSSL server checks the session id context itself before reusing -a session as described above. -.Sh RETURN VALUES -.Fn SSL_CTX_set_session_id_context -and -.Fn SSL_set_session_id_context -return the following values: -.Bl -tag -width Ds -.It 0 -The length -.Fa sid_ctx_len -of the session id context -.Fa sid_ctx -exceeded -the maximum allowed length of -.Dv SSL_MAX_SSL_SESSION_ID_LENGTH . -The error is logged to the error stack. -.It 1 -The operation succeeded. -.El -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_SESSION_set1_id_context 3 -.Sh HISTORY -.Fn SSL_set_session_id_context -first appeared in OpenSSL 0.9.2b. -.Fn SSL_CTX_set_session_id_context -first appeared in OpenSSL 0.9.3. -Both functions have been available since -.Ox 2.6 . diff --git a/src/lib/libssl/man/SSL_CTX_set_ssl_version.3 b/src/lib/libssl/man/SSL_CTX_set_ssl_version.3 deleted file mode 100644 index b1bdb92bb0..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_ssl_version.3 +++ /dev/null @@ -1,146 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_ssl_version.3,v 1.5 2021/05/11 19:48:56 tb Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2001, 2005 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: May 11 2021 $ -.Dt SSL_CTX_SET_SSL_VERSION 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_ssl_version , -.Nm SSL_set_ssl_method , -.Nm SSL_CTX_get_ssl_method , -.Nm SSL_get_ssl_method -.Nd choose a new TLS/SSL method -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_CTX_set_ssl_version "SSL_CTX *ctx" "const SSL_METHOD *method" -.Ft int -.Fn SSL_set_ssl_method "SSL *s" "const SSL_METHOD *method" -.Ft const SSL_METHOD * -.Fn SSL_CTX_get_ssl_method "SSL_CTX *ctx" -.Ft const SSL_METHOD * -.Fn SSL_get_ssl_method "SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_CTX_set_ssl_version -sets a new default TLS/SSL -.Fa method -for -.Vt SSL -objects newly created from this -.Fa ctx . -.Vt SSL -objects already created with -.Xr SSL_new 3 -are not affected, except when -.Xr SSL_clear 3 -is called. -.Pp -.Fn SSL_set_ssl_method -sets a new TLS/SSL -.Fa method -for a particular -.Vt SSL -object -.Fa s . -It may be reset when -.Xr SSL_clear 3 -is called. -.Pp -.Fn SSL_CTX_get_ssl_method -and -.Fn SSL_get_ssl_method -return a function pointer to the TLS/SSL method set in -.Fa ctx -and -.Fa ssl , -respectively. -.Pp -The available -.Fa method -choices are described in -.Xr SSL_CTX_new 3 . -.Pp -When -.Xr SSL_clear 3 -is called and no session is connected to an -.Vt SSL -object, the method of the -.Vt SSL -object is reset to the method currently set in the corresponding -.Vt SSL_CTX -object. -.Sh RETURN VALUES -The following return values can occur for -.Fn SSL_CTX_set_ssl_version -and -.Fn SSL_set_ssl_method : -.Bl -tag -width Ds -.It 0 -The new choice failed. -Check the error stack to find out the reason. -.It 1 -The operation succeeded. -.El -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_clear 3 , -.Xr SSL_CTX_new 3 , -.Xr SSL_new 3 , -.Xr SSL_set_connect_state 3 -.Sh HISTORY -.Fn SSL_CTX_set_ssl_version , -.Fn SSL_set_ssl_method , -and -.Fn SSL_get_ssl_method -first appeared in SSLeay 0.8.0 and have been available since -.Ox 2.4 . -.Fn SSL_CTX_get_ssl_method -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 7.0 . diff --git a/src/lib/libssl/man/SSL_CTX_set_timeout.3 b/src/lib/libssl/man/SSL_CTX_set_timeout.3 deleted file mode 100644 index ab99e2016e..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_timeout.3 +++ /dev/null @@ -1,118 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_timeout.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_CTX_SET_TIMEOUT 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_timeout , -.Nm SSL_CTX_get_timeout -.Nd manipulate timeout values for session caching -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft long -.Fn SSL_CTX_set_timeout "SSL_CTX *ctx" "long t" -.Ft long -.Fn SSL_CTX_get_timeout "SSL_CTX *ctx" -.Sh DESCRIPTION -.Fn SSL_CTX_set_timeout -sets the timeout for newly created sessions for -.Fa ctx -to -.Fa t . -The timeout value -.Fa t -must be given in seconds. -.Pp -.Fn SSL_CTX_get_timeout -returns the currently set timeout value for -.Fa ctx . -.Pp -Whenever a new session is created, it is assigned a maximum lifetime. -This lifetime is specified by storing the creation time of the session and the -timeout value valid at this time. -If the actual time is later than creation time plus timeout, -the session is not reused. -.Pp -Due to this realization, all sessions behave according to the timeout value -valid at the time of the session negotiation. -Changes of the timeout value do not affect already established sessions. -.Pp -The expiration time of a single session can be modified using the -.Xr SSL_SESSION_get_time 3 -family of functions. -.Pp -Expired sessions are removed from the internal session cache, whenever -.Xr SSL_CTX_flush_sessions 3 -is called, either directly by the application or automatically (see -.Xr SSL_CTX_set_session_cache_mode 3 ) . -.Pp -The default value for session timeout is decided on a per-protocol basis; see -.Xr SSL_get_default_timeout 3 . -All currently supported protocols have the same default timeout value of 300 -seconds. -.Sh RETURN VALUES -.Fn SSL_CTX_set_timeout -returns the previously set timeout value. -.Pp -.Fn SSL_CTX_get_timeout -returns the currently set timeout value. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_flush_sessions 3 , -.Xr SSL_CTX_set_session_cache_mode 3 , -.Xr SSL_get_default_timeout 3 , -.Xr SSL_SESSION_get_time 3 -.Sh HISTORY -.Fn SSL_CTX_set_timeout -and -.Fn SSL_CTX_get_timeout -first appeared in SSLeay 0.6.1 and have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 b/src/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 deleted file mode 100644 index 2b54406de8..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 +++ /dev/null @@ -1,247 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_tlsext_servername_callback.3,v 1.6 2021/09/01 13:56:03 schwarze Exp $ -.\" full merge up to: OpenSSL 190b9a03 Jun 28 15:46:13 2017 +0800 -.\" selective merge up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200 -.\" -.\" This file was written by Jon Spillett , -.\" Paul Yang , and -.\" Matt Caswell . -.\" Copyright (c) 2017, 2019 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: September 1 2021 $ -.Dt SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_tlsext_servername_callback , -.Nm SSL_CTX_set_tlsext_servername_arg , -.Nm SSL_get_servername_type , -.Nm SSL_get_servername , -.Nm SSL_set_tlsext_host_name -.Nd handle server name indication (SNI) -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft long -.Fo SSL_CTX_set_tlsext_servername_callback -.Fa "SSL_CTX *ctx" -.Fa "int (*cb)(SSL *ssl, int *alert, void *arg)" -.Fc -.Ft long -.Fo SSL_CTX_set_tlsext_servername_arg -.Fa "SSL_CTX *ctx" -.Fa "void *arg" -.Fc -.Ft const char * -.Fo SSL_get_servername -.Fa "const SSL *ssl" -.Fa "const int type" -.Fc -.Ft int -.Fo SSL_get_servername_type -.Fa "const SSL *ssl" -.Fc -.Ft int -.Fo SSL_set_tlsext_host_name -.Fa "const SSL *ssl" -.Fa "const char *name" -.Fc -.Sh DESCRIPTION -.Fn SSL_CTX_set_tlsext_servername_callback -sets the application callback -.Fa cb -used by a server to perform any actions or configuration required based -on the servername extension received in the incoming connection. -Like the ALPN callback, it is executed during Client Hello processing. -When -.Fa cb -is -.Dv NULL , -SNI is not used. -.Pp -The servername callback should return one of the following values: -.Bl -tag -width Ds -.It Dv SSL_TLSEXT_ERR_OK -This is used to indicate that the servername requested by the client -has been accepted. -Typically a server will call -.Xr SSL_set_SSL_CTX 3 -in the callback to set up a different configuration -for the selected servername in this case. -.It Dv SSL_TLSEXT_ERR_ALERT_FATAL -In this case the servername requested by the client is not accepted -and the handshake will be aborted. -The value of the alert to be used should be stored in the location -pointed to by the -.Fa alert -parameter to the callback. -By default this value is initialised to -.Dv SSL_AD_UNRECOGNIZED_NAME . -.It Dv SSL_TLSEXT_ERR_ALERT_WARNING -If this value is returned, then the servername is not accepted by the server. -However, the handshake will continue and send a warning alert instead. -The value of the alert should be stored in the location pointed to by the -.Fa alert -parameter as for -.Dv SSL_TLSEXT_ERR_ALERT_FATAL -above. -Note that TLSv1.3 does not support warning alerts, so if TLSv1.3 has -been negotiated then this return value is treated the same way as -.Dv SSL_TLSEXT_ERR_NOACK . -.It Dv SSL_TLSEXT_ERR_NOACK -This return value indicates -that the servername is not accepted by the server. -No alerts are sent -and the server will not acknowledge the requested servername. -.El -.Pp -.Fn SSL_CTX_set_tlsext_servername_arg -sets a context-specific argument to be passed into the callback via the -.Fa arg -parameter for -.Fa ctx . -.ig end_of_get_servername_details -.\" I would suggest to comment out that second wall text of dubious -.\" usefulness and see if we can meet all these documented API -.\" requirements in the future or decide that it's not worth the -.\" effort. -- tb@ Aug 30, 2021 -.Pp -The behaviour of -.Fn SSL_get_servername -depends on a number of different factors. -In particular note that in TLSv1.3, -the servername is negotiated in every handshake. -In TLSv1.2 the servername is only negotiated on initial handshakes -and not on resumption handshakes. -.Bl -tag -width Ds -.It On the client, before the handshake: -If a servername has been set via a call to -.Fn SSL_set_tlsext_host_name , -then it will return that servername. -If one has not been set, but a TLSv1.2 resumption is being attempted -and the session from the original handshake had a servername -accepted by the server, then it will return that servername. -Otherwise it returns -.Dv NULL . -.It On the client, during or after the handshake,\ - if a TLSv1.2 (or below) resumption occurred: -If the session from the original handshake had a servername accepted by the -server, then it will return that servername. -Otherwise it returns the servername set via -.Fn SSL_set_tlsext_host_name -or -.Dv NULL -if it was not called. -.It On the client, during or after the handshake,\ - if a TLSv1.2 (or below) resumption did not occur: -It will return the servername set via -.Fn SSL_set_tlsext_host_name -or -.Dv NULL -if it was not called. -.It On the server, before the handshake: -The function will always return -.Dv NULL -before the handshake. -.It On the server, after the servername extension has been processed,\ - if a TLSv1.2 (or below) resumption occurred: -If a servername was accepted by the server in the original handshake, -then it will return that servername, or -.Dv NULL -otherwise. -.It On the server, after the servername extension has been processed,\ - if a TLSv1.2 (or below) resumption did not occur: -The function will return the servername -requested by the client in this handshake or -.Dv NULL -if none was requested. -.El -.Pp -Note that the early callback occurs before a servername extension -from the client is processed. -The servername, certificate and ALPN callbacks occur -after a servername extension from the client is processed. -.end_of_get_servername_details -.Pp -.Fn SSL_set_tlsext_host_name -sets the server name indication ClientHello extension -to contain the value -.Fa name , -or clears it if -.Fa name -is -.Dv NULL . -The type of server name indication -extension is set to -.Dv TLSEXT_NAMETYPE_host_name -as defined in RFC 3546. -.Pp -All three functions are implemented as macros. -.Sh RETURN VALUES -.Fn SSL_CTX_set_tlsext_servername_callback -and -.Fn SSL_CTX_set_tlsext_servername_arg -always return 1 indicating success. -.Pp -.Fn SSL_get_servername -returns a servername extension value of the specified type if provided -in the Client Hello, or -.Dv NULL -otherwise. -.Pp -.Fn SSL_get_servername_type -returns the servername type or -1 if no servername is present. -Currently the only supported type (defined in RFC 3546) is -.Dv TLSEXT_NAMETYPE_host_name . -.Pp -.Fn SSL_set_tlsext_host_name -returns 1 on success or 0 in case of an error. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_callback_ctrl 3 , -.Xr SSL_CTX_set_alpn_select_cb 3 -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.8f -and have been available since -.Ox 4.5 . diff --git a/src/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 b/src/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 deleted file mode 100644 index d5979af1e8..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 +++ /dev/null @@ -1,238 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_tlsext_status_cb.3,v 1.8 2021/09/11 18:58:41 schwarze Exp $ -.\" full merge up to: OpenSSL 43c34894 Nov 30 16:04:51 2015 +0000 -.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 -.\" -.\" This file was written by Matt Caswell . -.\" Copyright (c) 2015, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: September 11 2021 $ -.Dt SSL_CTX_SET_TLSEXT_STATUS_CB 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_tlsext_status_cb , -.Nm SSL_CTX_get_tlsext_status_cb , -.Nm SSL_CTX_set_tlsext_status_arg , -.Nm SSL_CTX_get_tlsext_status_arg , -.Nm SSL_set_tlsext_status_type , -.Nm SSL_get_tlsext_status_type , -.Nm SSL_get_tlsext_status_ocsp_resp , -.Nm SSL_set_tlsext_status_ocsp_resp -.Nd OCSP Certificate Status Request functions -.Sh SYNOPSIS -.In openssl/tls1.h -.Ft long -.Fo SSL_CTX_set_tlsext_status_cb -.Fa "SSL_CTX *ctx" -.Fa "int (*callback)(SSL *, void *)" -.Fc -.Ft long -.Fo SSL_CTX_get_tlsext_status_cb -.Fa "SSL_CTX *ctx" -.Fa "int (*callback)(SSL *, void *)" -.Fc -.Ft long -.Fo SSL_CTX_set_tlsext_status_arg -.Fa "SSL_CTX *ctx" -.Fa "void *arg" -.Fc -.Ft long -.Fo SSL_CTX_get_tlsext_status_arg -.Fa "SSL_CTX *ctx" -.Fa "void **arg" -.Fc -.Ft long -.Fo SSL_set_tlsext_status_type -.Fa "SSL *s" -.Fa "int type" -.Fc -.Ft long -.Fo SSL_get_tlsext_status_type -.Fa "SSL *s" -.Fc -.Ft long -.Fo SSL_get_tlsext_status_ocsp_resp -.Fa ssl -.Fa "unsigned char **resp" -.Fc -.Ft long -.Fo SSL_set_tlsext_status_ocsp_resp -.Fa ssl -.Fa "unsigned char *resp" -.Fa "int len" -.Fc -.Sh DESCRIPTION -A client application may request that a server send back an OCSP status -response (also known as OCSP stapling). -To do so the client should call the -.Fn SSL_set_tlsext_status_type -function on an individual -.Vt SSL -object prior to the start of the handshake. -Currently the only supported type is -.Dv TLSEXT_STATUSTYPE_ocsp . -This value should be passed in the -.Fa type -argument. -.Pp -The client should additionally provide a callback function to decide -what to do with the returned OCSP response by calling -.Fn SSL_CTX_set_tlsext_status_cb . -The callback function should determine whether the returned OCSP -response is acceptable or not. -The callback will be passed as an argument the value previously set via -a call to -.Fn SSL_CTX_set_tlsext_status_arg . -Note that the callback will not be called in the event of a handshake -where session resumption occurs (because there are no Certificates -exchanged in such a handshake). -.Pp -The callback previously set via -.Fn SSL_CTX_set_tlsext_status_cb -can be retrieved by calling -.Fn SSL_CTX_get_tlsext_status_cb , -and the argument by calling -.Fn SSL_CTX_get_tlsext_status_arg . -.Pp -On the client side, -.Fn SSL_get_tlsext_status_type -can be used to determine whether the client has previously called -.Fn SSL_set_tlsext_status_type . -It will return -.Dv TLSEXT_STATUSTYPE_ocsp -if it has been called or \-1 otherwise. -On the server side, -.Fn SSL_get_tlsext_status_type -can be used to determine whether the client requested OCSP stapling. -If the client requested it, then this function will return -.Dv TLSEXT_STATUSTYPE_ocsp , -or \-1 otherwise. -.Pp -The response returned by the server can be obtained via a call to -.Fn SSL_get_tlsext_status_ocsp_resp . -The value -.Pf * Fa resp -will be updated to point to the OCSP response data and the return value -will be the length of that data. -If the server has not provided any response data, then -.Pf * Fa resp -will be -.Dv NULL -and the return value from -.Fn SSL_get_tlsext_status_ocsp_resp -will be -1. -.Pp -A server application must also call the -.Fn SSL_CTX_set_tlsext_status_cb -function if it wants to be able to provide clients with OCSP Certificate -Status responses. -Typically the server callback would obtain the server certificate that -is being sent back to the client via a call to -.Xr SSL_get_certificate 3 , -obtain the OCSP response to be sent back, and then set that response -data by calling -.Fn SSL_set_tlsext_status_ocsp_resp . -A pointer to the response data should be provided in the -.Fa resp -argument, and the length of that data should be in the -.Fa len -argument. -.Sh RETURN VALUES -The callback when used on the client side should return a negative -value on error, 0 if the response is not acceptable (in which case -the handshake will fail), or a positive value if it is acceptable. -.Pp -The callback when used on the server side should return with either -.Dv SSL_TLSEXT_ERR_OK -(meaning that the OCSP response that has been set should be returned), -.Dv SSL_TLSEXT_ERR_NOACK -(meaning that an OCSP response should not be returned), or -.Dv SSL_TLSEXT_ERR_ALERT_FATAL -(meaning that a fatal error has occurred). -.Pp -.Fn SSL_CTX_set_tlsext_status_cb , -.Fn SSL_CTX_get_tlsext_status_cb , -.Fn SSL_CTX_set_tlsext_status_arg , -.Fn SSL_CTX_get_tlsext_status_arg , -.Fn SSL_set_tlsext_status_type , -and -.Fn SSL_set_tlsext_status_ocsp_resp -always return 1, indicating success. -.Pp -.Fn SSL_get_tlsext_status_type -returns -.Dv TLSEXT_STATUSTYPE_ocsp -on the client side if -.Fn SSL_set_tlsext_status_type -was previously called, or on the server side -if the client requested OCSP stapling. -Otherwise \-1 is returned. -.Pp -.Fn SSL_get_tlsext_status_ocsp_resp -returns the length of the OCSP response data -or \-1 if there is no OCSP response data. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_callback_ctrl 3 -.Sh HISTORY -.Fn SSL_CTX_set_tlsext_status_cb , -.Fn SSL_CTX_set_tlsext_status_arg , -.Fn SSL_set_tlsext_status_type , -.Fn SSL_get_tlsext_status_ocsp_resp , -and -.Fn SSL_set_tlsext_status_ocsp_resp -first appeared in OpenSSL 0.9.8h and have been available since -.Ox 4.5 . -.Pp -.Fn SSL_CTX_get_tlsext_status_cb -and -.Fn SSL_CTX_get_tlsext_status_arg -first appeared in OpenSSL 1.1.0 and have been available since -.Ox 6.3 . -.Pp -.Fn SSL_get_tlsext_status_type -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 7.0 . diff --git a/src/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 b/src/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 deleted file mode 100644 index b6ccabaeca..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 +++ /dev/null @@ -1,300 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_tlsext_ticket_key_cb.3,v 1.8 2022/01/25 18:01:20 tb Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Rich Salz -.\" Copyright (c) 2014, 2015, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: January 25 2022 $ -.Dt SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_tlsext_ticket_key_cb -.Nd set a callback for session ticket processing -.Sh SYNOPSIS -.In openssl/tls1.h -.Ft long -.Fo SSL_CTX_set_tlsext_ticket_key_cb -.Fa "SSL_CTX sslctx" -.Fa "int (*cb)(SSL *s, unsigned char key_name[16],\ - unsigned char iv[EVP_MAX_IV_LENGTH],\ - EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)" -.Fc -.Sh DESCRIPTION -.Fn SSL_CTX_set_tlsext_ticket_key_cb -sets a callback function -.Fa cb -for handling session tickets for the ssl context -.Fa sslctx . -Session tickets, defined in RFC 5077, provide an enhanced session -resumption capability where the server implementation is not required to -maintain per session state. -.Pp -The callback function -.Fa cb -will be called for every client instigated TLS session when session -ticket extension is presented in the TLS hello message. -It is the responsibility of this function to create or retrieve the -cryptographic parameters and to maintain their state. -.Pp -The OpenSSL library uses the callback function to help implement a -common TLS ticket construction state according to RFC 5077 Section 4 such -that per session state is unnecessary and a small set of cryptographic -variables needs to be maintained by the callback function -implementation. -.Pp -In order to reuse a session, a TLS client must send a session ticket -extension to the server. -The client can only send exactly one session ticket. -The server, through the callback function, either agrees to reuse the -session ticket information or it starts a full TLS handshake to create a -new session ticket. -.Pp -The callback is called with -.Fa ctx -and -.Fa hctx -which were newly allocated with -.Xr EVP_CIPHER_CTX_new 3 -and -.Xr HMAC_CTX_new 3 , -respectively. -.Pp -For new sessions tickets, when the client doesn't present a session -ticket, or an attempted retrieval of the ticket failed, or a renew -option was indicated, the callback function will be called with -.Fa enc -equal to 1. -The OpenSSL library expects that the function will set an arbitrary -.Fa key_name , -initialize -.Fa iv , -and set the cipher context -.Fa ctx -and the hash context -.Fa hctx . -.Pp -The -.Fa key_name -is 16 characters long and is used as a key identifier. -.Pp -The -.Fa iv -length is the length of the IV of the corresponding cipher. -The maximum IV length is -.Dv EVP_MAX_IV_LENGTH -bytes defined in -.In openssl/evp.h . -.Pp -The initialization vector -.Fa iv -should be a random value. -The cipher context -.Fa ctx -should use the initialisation vector -.Fa iv . -The cipher context can be set using -.Xr EVP_EncryptInit_ex 3 . -The hmac context can be set using -.Xr HMAC_Init_ex 3 . -.Pp -When the client presents a session ticket, the callback function -with be called with -.Fa enc -set to 0 indicating that the -.Fa cb -function should retrieve a set of parameters. -In this case -.Fa key_name -and -.Fa iv -have already been parsed out of the session ticket. -The OpenSSL library expects that the -.Em key_name -will be used to retrieve a cryptographic parameters and that the -cryptographic context -.Fa ctx -will be set with the retrieved parameters and the initialization vector -.Fa iv -using a function like -.Xr EVP_DecryptInit_ex 3 . -The -.Fa hctx -needs to be set using -.Xr HMAC_Init_ex 3 . -.Pp -If the -.Fa key_name -is still valid but a renewal of the ticket is required, the callback -function should return 2. -The library will call the callback again with an argument of -.Fa enc -equal to 1 to set the new ticket. -.Pp -The return value of the -.Fa cb -function is used by OpenSSL to determine what further processing will -occur. -The following return values have meaning: -.Bl -tag -width Ds -.It 2 -This indicates that the -.Fa ctx -and -.Fa hctx -have been set and the session can continue on those parameters. -Additionally it indicates that the session ticket is in a renewal period -and should be replaced. -The OpenSSL library will call -.Fa cb -again with an -.Fa enc -argument of 1 to set the new ticket (see RFC 5077 3.3 paragraph 2). -.It 1 -This indicates that the -.Fa ctx -and -.Fa hctx -have been set and the session can continue on those parameters. -.It 0 -This indicates that it was not possible to set/retrieve a session ticket -and the SSL/TLS session will continue by negotiating a set of -cryptographic parameters or using the alternate SSL/TLS resumption -mechanism, session ids. -.Pp -If called with -.Fa enc -equal to 0, the library will call the -.Fa cb -again to get a new set of parameters. -.It less than 0 -This indicates an error. -.El -.Pp -Session resumption shortcuts the TLS so that the client certificate -negotiation don't occur. -It makes up for this by storing client certificate and all other -negotiated state information encrypted within the ticket. -In a resumed session the applications will have all this state -information available exactly as if a full negotiation had occurred. -.Pp -If an attacker can obtain the key used to encrypt a session ticket, they -can obtain the master secret for any ticket using that key and decrypt -any traffic using that session: even if the ciphersuite supports forward -secrecy. -As a result applications may wish to use multiple keys and avoid using -long term keys stored in files. -.Pp -Applications can use longer keys to maintain a consistent level of -security. -For example if a ciphersuite uses 256 bit ciphers but only a 128 bit -ticket key the overall security is only 128 bits because breaking the -ticket key will enable an attacker to obtain the session keys. -.Sh RETURN VALUES -This function returns 0 to indicate that the callback function was set. -.Sh EXAMPLES -Reference Implementation: -.Bd -literal -SSL_CTX_set_tlsext_ticket_key_cb(SSL, ssl_tlsext_ticket_key_cb); -\&.... -static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], - unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) -{ - if (enc) { /* create new session */ - if (RAND_bytes(iv, EVP_MAX_IV_LENGTH)) - return -1; /* insufficient random */ - - key = currentkey(); /* something you need to implement */ - if (!key) { - /* current key doesn't exist or isn't valid */ - key = createkey(); - /* something that you need to implement. - * createkey needs to initialise a name, - * an aes_key, a hmac_key, and optionally - * an expire time. */ - if (!key) /* key couldn't be created */ - return 0; - } - memcpy(key_name, key->name, 16); - - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, - key->aes_key, iv); - HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL); - - return 1; - - } else { /* retrieve session */ - key = findkey(name); - - if (!key || key->expire < now()) - return 0; - - HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL); - EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, - key->aes_key, iv ); - - if (key->expire < (now() - RENEW_TIME)) - /* this session will get a new ticket - * even though the current is still valid */ - return 2; - - return 1; - } -} -.Ed -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_add_session 3 , -.Xr SSL_CTX_callback_ctrl 3 , -.Xr SSL_CTX_sess_number 3 , -.Xr SSL_CTX_sess_set_get_cb 3 , -.Xr SSL_CTX_set_session_id_context 3 , -.Xr SSL_session_reused 3 , -.Xr SSL_set_session 3 -.Sh HISTORY -.Fn SSL_CTX_set_tlsext_ticket_key_cb -first appeared in OpenSSL 0.9.8h and has been available since -.Ox 4.5 . diff --git a/src/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 b/src/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 deleted file mode 100644 index 04c4833c6a..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 +++ /dev/null @@ -1,197 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_tlsext_use_srtp.3,v 1.6 2021/06/11 19:41:39 jmc Exp $ -.\" full merge up to: OpenSSL b0edda11 Mar 20 13:00:17 2018 +0000 -.\" -.\" This file was written by Matt Caswell . -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 11 2021 $ -.Dt SSL_CTX_SET_TLSEXT_USE_SRTP 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_tlsext_use_srtp , -.Nm SSL_set_tlsext_use_srtp , -.Nm SSL_get_srtp_profiles , -.Nm SSL_get_selected_srtp_profile -.Nd Configure and query SRTP support -.Sh SYNOPSIS -.In openssl/srtp.h -.Ft int -.Fo SSL_CTX_set_tlsext_use_srtp -.Fa "SSL_CTX *ctx" -.Fa "const char *profiles" -.Fc -.Ft int -.Fo SSL_set_tlsext_use_srtp -.Fa "SSL *ssl" -.Fa "const char *profiles" -.Fc -.Ft STACK_OF(SRTP_PROTECTION_PROFILE) * -.Fo SSL_get_srtp_profiles -.Fa "SSL *ssl" -.Fc -.Ft SRTP_PROTECTION_PROFILE * -.Fo SSL_get_selected_srtp_profile -.Fa "SSL *ssl" -.Fc -.Sh DESCRIPTION -SRTP is the Secure Real-Time Transport Protocol. -OpenSSL implements support for the "use_srtp" DTLS extension -defined in RFC 5764. -This provides a mechanism for establishing SRTP keying material, -algorithms and parameters using DTLS. -This capability may be used as part of an implementation that -conforms to RFC 5763. -OpenSSL does not implement SRTP itself or RFC 5763. -Note that OpenSSL does not support the use of SRTP Master Key -Identifiers (MKIs). -Also note that this extension is only supported in DTLS. -Any SRTP configuration is ignored if a TLS connection is attempted. -.Pp -An OpenSSL client wishing to send the "use_srtp" extension should call -.Fn SSL_CTX_set_tlsext_use_srtp -to set its use for all -.Vt SSL -objects subsequently created from -.Fa ctx . -Alternatively a client may call -.Fn SSL_set_tlsext_use_srtp -to set its use for an individual -.Vt SSL -object. -The -.Fa profiles -parameter should point to a NUL-terminated, colon delimited list of -SRTP protection profile names. -.Pp -The currently supported protection profile names are: -.Bl -tag -width Ds -.It Dv SRTP_AES128_CM_SHA1_80 -This corresponds to SRTP_AES128_CM_HMAC_SHA1_80 defined in RFC 5764. -.It Dv SRTP_AES128_CM_SHA1_32 -This corresponds to SRTP_AES128_CM_HMAC_SHA1_32 defined in RFC 5764. -.It Dv SRTP_AEAD_AES_128_GCM -This corresponds to SRTP_AEAD_AES_128_GCM defined in RFC 7714. -.It Dv SRTP_AEAD_AES_256_GCM -This corresponds to SRTP_AEAD_AES_256_GCM defined in RFC 7714. -.El -.Pp -Supplying an unrecognised protection profile name results in an error. -.Pp -An OpenSSL server wishing to support the "use_srtp" extension should -also call -.Fn SSL_CTX_set_tlsext_use_srtp -or -.Fn SSL_set_tlsext_use_srtp -to indicate the protection profiles that it is willing to negotiate. -.Pp -The currently configured list of protection profiles for either a client -or a server can be obtained by calling -.Fn SSL_get_srtp_profiles . -This returns a stack of -.Vt SRTP_PROTECTION_PROFILE -objects. -The memory pointed to in the return value of this function should not be -freed by the caller. -.Pp -After a handshake has been completed, the negotiated SRTP protection -profile (if any) can be obtained (on the client or the server) by -calling -.Fn SSL_get_selected_srtp_profile . -This function returns -.Dv NULL -if no SRTP protection profile was negotiated. -The memory returned from this function should not be freed by the -caller. -.Pp -If an SRTP protection profile has been successfully negotiated, -then the SRTP keying material (on both the client and server) -should be obtained by calling -.Xr SSL_export_keying_material 3 -with a -.Fa label -of -.Qq EXTRACTOR-dtls_srtp , -a -.Fa context -of -.Dv NULL , -and a -.Fa use_context -argument of 0. -The total length of keying material obtained should be equal to two -times the sum of the master key length and the salt length as defined -for the protection profile in use. -This provides the client write master key, the server write master key, -the client write master salt and the server write master salt in that -order. -.Sh RETURN VALUES -Contrary to OpenSSL conventions, -.Fn SSL_CTX_set_tlsext_use_srtp -and -.Fn SSL_set_tlsext_use_srtp -return 0 on success or 1 on error. -.Pp -.Fn SSL_get_srtp_profiles -returns a stack of -.Vt SRTP_PROTECTION_PROFILE -objects on success or -.Dv NULL -on error or if no protection profiles have been configured. -.Pp -.Fn SSL_get_selected_srtp_profile -returns a pointer to an -.Vt SRTP_PROTECTION_PROFILE -object if one has been negotiated or -.Dv NULL -otherwise. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_export_keying_material 3 -.Sh HISTORY -These functions first appeared in OpenSSL 1.0.1 -and have been available since -.Ox 5.3 . diff --git a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 deleted file mode 100644 index c6f5253431..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 +++ /dev/null @@ -1,229 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.11 2025/01/18 10:45:12 tb Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001, 2014, 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: January 18 2025 $ -.Dt SSL_CTX_SET_TMP_DH_CALLBACK 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_tmp_dh_callback , -.Nm SSL_CTX_set_tmp_dh , -.Nm SSL_set_tmp_dh_callback , -.Nm SSL_set_tmp_dh -.Nd handle DH keys for ephemeral key exchange -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft void -.Fo SSL_CTX_set_tmp_dh_callback -.Fa "SSL_CTX *ctx" -.Fa "DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)" -.Fc -.Ft long -.Fn SSL_CTX_set_tmp_dh "SSL_CTX *ctx" "DH *dh" -.Ft void -.Fo SSL_set_tmp_dh_callback -.Fa "SSL *ssl" -.Fa "DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength" -.Fc -.Ft long -.Fn SSL_set_tmp_dh "SSL *ssl" "DH *dh" -.Sh DESCRIPTION -.Fn SSL_CTX_set_tmp_dh_callback -sets the callback function for -.Fa ctx -to be used when a DH parameters are required to -.Fa tmp_dh_callback . -The callback is inherited by all -.Vt ssl -objects created from -.Fa ctx . -.Pp -.Fn SSL_CTX_set_tmp_dh -sets DH parameters to be used by -.Fa ctx . -The key is inherited by all -.Fa ssl -objects created from -.Fa ctx . -.Pp -.Fn SSL_set_tmp_dh_callback -sets the callback only for -.Fa ssl . -.Pp -.Fn SSL_set_tmp_dh -sets the parameters only for -.Fa ssl . -.Pp -These functions apply to SSL/TLS servers only. -.Pp -When using a cipher with RSA authentication, -an ephemeral DH key exchange can take place. -In these cases, the session data are negotiated using the ephemeral/temporary -DH key and the key supplied and certified by the certificate chain is only used -for signing. -Anonymous ciphers (without a permanent server key) also use ephemeral DH keys. -.Pp -Using ephemeral DH key exchange yields forward secrecy, -as the connection can only be decrypted when the DH key is known. -By generating a temporary DH key inside the server application that is lost -when the application is left, it becomes impossible for attackers to decrypt -past sessions, even if they get hold of the normal (certified) key, -as this key was only used for signing. -.Pp -In order to perform a DH key exchange, the server must use a DH group -(DH parameters) and generate a DH key. -The server will always generate a new DH key during the negotiation. -.Pp -As generating DH parameters is extremely time consuming, an application should -not generate the parameters on the fly but supply the parameters. -DH parameters can be reused, -as the actual key is newly generated during the negotiation. -The risk in reusing DH parameters is that an attacker may specialize on a very -often used DH group. -Applications should therefore generate their own DH parameters during the -installation process using the -.Xr openssl 1 -.Cm dhparam -application. -This application guarantees that "strong" primes are used. -.Pp -Files -.Pa dh2048.pem -and -.Pa dh4096.pem -in the -.Pa apps -directory of the current version of the OpenSSL distribution contain the -.Sq SKIP -DH parameters, -which use safe primes and were generated verifiably pseudo-randomly. -These files can be converted into C code using the -.Fl C -option of the -.Xr openssl 1 -.Cm dhparam -application. -Generation of custom DH parameters during installation should still -be preferred to stop an attacker from specializing on a commonly -used group. -The file -.Pa dh1024.pem -contains old parameters that must not be used by applications. -.Pp -An application may either directly specify the DH parameters or can supply the -DH parameters via a callback function. -.Pp -Previous versions of the callback used -.Fa is_export -and -.Fa keylength -parameters to control parameter generation for export and non-export -cipher suites. -Modern servers that do not support export ciphersuites are advised -to either use -.Fn SSL_CTX_set_tmp_dh -or alternatively, use the callback but ignore -.Fa keylength -and -.Fa is_export -and simply supply at least 2048-bit parameters in the callback. -.Sh RETURN VALUES -.Fn SSL_CTX_set_tmp_dh -and -.Fn SSL_set_tmp_dh -do return 1 on success and 0 on failure. -Check the error queue to find out the reason of failure. -.Sh EXAMPLES -Set up DH parameters with a key length of 2048 bits. -Error handling is partly left out. -.Pp -Command-line parameter generation: -.Pp -.Dl openssl dhparam -out dh_param_2048.pem 2048 -.Pp -Code for setting up parameters during server initialization: -.Bd -literal -SSL_CTX ctx = SSL_CTX_new(); -\&... - -/* Set up ephemeral DH parameters. */ -DH *dh_2048 = NULL; -FILE *paramfile; -paramfile = fopen("dh_param_2048.pem", "r"); -if (paramfile) { - dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); - fclose(paramfile); -} else { - /* Error. */ -} -if (dh_2048 == NULL) { - /* Error. */ -} -if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) { - /* Error. */ -} -.Ed -.Sh SEE ALSO -.Xr openssl 1 , -.Xr ssl 3 , -.Xr SSL_CTX_set_cipher_list 3 , -.Xr SSL_CTX_set_options 3 , -.Xr SSL_set_tmp_ecdh 3 -.Sh HISTORY -.Fn SSL_CTX_set_tmp_dh_callback -and -.Fn SSL_CTX_set_tmp_dh -first appeared in SSLeay 0.8.0 and have been available since -.Ox 2.4 . -.Pp -.Fn SSL_set_tmp_dh_callback -and -.Fn SSL_set_tmp_dh -first appeared in OpenSSL 0.9.2b and have been available since -.Ox 2.6 . diff --git a/src/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 b/src/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 deleted file mode 100644 index b4c3a3c647..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 +++ /dev/null @@ -1,114 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_tmp_rsa_callback.3,v 1.9 2022/03/29 14:27:59 naddy Exp $ -.\" OpenSSL 0b30fc90 Dec 19 15:23:05 2013 -0500 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001, 2006, 2013 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 29 2022 $ -.Dt SSL_CTX_SET_TMP_RSA_CALLBACK 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_tmp_rsa_callback , -.Nm SSL_CTX_set_tmp_rsa , -.Nm SSL_CTX_need_tmp_RSA , -.Nm SSL_set_tmp_rsa_callback , -.Nm SSL_set_tmp_rsa , -.Nm SSL_need_tmp_RSA -.Nd handle RSA keys for ephemeral key exchange -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft void -.Fo SSL_CTX_set_tmp_rsa_callback -.Fa "SSL_CTX *ctx" -.Fa "RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)" -.Fc -.Ft long -.Fn SSL_CTX_set_tmp_rsa "SSL_CTX *ctx" "RSA *rsa" -.Ft long -.Fn SSL_CTX_need_tmp_RSA "SSL_CTX *ctx" -.Ft void -.Fo SSL_set_tmp_rsa_callback -.Fa "SSL_CTX *ctx" -.Fa "RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)" -.Fc -.Ft long -.Fn SSL_set_tmp_rsa "SSL *ssl" "RSA *rsa" -.Ft long -.Fn SSL_need_tmp_RSA "SSL *ssl" -.Sh DESCRIPTION -Since they mattered only for deliberately insecure RSA authentication -mandated by historical U.S. export restrictions, these functions -are all deprecated and have no effect except that -.Fn SSL_CTX_set_tmp_rsa_callback , -.Fn SSL_CTX_set_tmp_rsa , -.Fn SSL_set_tmp_rsa_callback , -and -.Fn SSL_set_tmp_rsa -issue error messages when called. -.Sh RETURN VALUES -These functions always return 0, indicating failure. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_set_cipher_list 3 , -.Xr SSL_CTX_set_options 3 , -.Xr SSL_CTX_set_tmp_dh_callback 3 , -.Xr SSL_new 3 , -.Xr SSL_set_tmp_ecdh 3 -.Sh HISTORY -.Fn SSL_CTX_set_tmp_rsa_callback , -.Fn SSL_CTX_set_tmp_rsa , -and -.Fn SSL_CTX_need_tmp_RSA -first appeared in SSLeay 0.8.0 and have been available since -.Ox 2.4 . -.Pp -.Fn SSL_set_tmp_rsa_callback , -.Fn SSL_set_tmp_rsa , -and -.Fn SSL_need_tmp_RSA -first appeared in OpenSSL 0.9.2b and have been available since -.Ox 2.6 . diff --git a/src/lib/libssl/man/SSL_CTX_set_verify.3 b/src/lib/libssl/man/SSL_CTX_set_verify.3 deleted file mode 100644 index 1ed86407e9..0000000000 --- a/src/lib/libssl/man/SSL_CTX_set_verify.3 +++ /dev/null @@ -1,479 +0,0 @@ -.\" $OpenBSD: SSL_CTX_set_verify.3,v 1.9 2021/06/12 16:59:53 jmc Exp $ -.\" full merge up to: OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 -.\" selective merge up to: OpenSSL 1cb7eff4 Sep 10 13:56:40 2019 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2001, 2002, 2003, 2014 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 12 2021 $ -.Dt SSL_CTX_SET_VERIFY 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_verify , -.Nm SSL_set_verify , -.Nm SSL_CTX_set_verify_depth , -.Nm SSL_set_verify_depth -.Nd set peer certificate verification parameters -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft void -.Fo SSL_CTX_set_verify -.Fa "SSL_CTX *ctx" -.Fa "int mode" -.Fa "int (*verify_callback)(int, X509_STORE_CTX *)" -.Fc -.Ft void -.Fo SSL_set_verify -.Fa "SSL *s" -.Fa "int mode" -.Fa "int (*verify_callback)(int, X509_STORE_CTX *)" -.Fc -.Ft void -.Fn SSL_CTX_set_verify_depth "SSL_CTX *ctx" "int depth" -.Ft void -.Fn SSL_set_verify_depth "SSL *s" "int depth" -.Ft int -.Fn verify_callback "int preverify_ok" "X509_STORE_CTX *x509_ctx" -.Sh DESCRIPTION -.Fn SSL_CTX_set_verify -sets the verification flags for -.Fa ctx -to be -.Fa mode -and -specifies the -.Fa verify_callback -function to be used. -If no callback function shall be specified, the -.Dv NULL -pointer can be used for -.Fa verify_callback . -.Pp -.Fn SSL_set_verify -sets the verification flags for -.Fa ssl -to be -.Fa mode -and specifies the -.Fa verify_callback -function to be used. -If no callback function shall be specified, the -.Dv NULL -pointer can be used for -.Fa verify_callback . -In this case last -.Fa verify_callback -set specifically for this -.Fa ssl -remains. -If no special callback was set before, the default callback for the underlying -.Fa ctx -is used, that was valid at the time -.Fa ssl -was created with -.Xr SSL_new 3 . -Within the callback function, -.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 -can be called to get the data index of the current -.Vt SSL -object that is doing the verification. -.Pp -.Fn SSL_CTX_set_verify_depth -sets the maximum -.Fa depth -for the certificate chain verification that shall be allowed for -.Fa ctx . -(See the -.Sx BUGS -section.) -.Pp -.Fn SSL_set_verify_depth -sets the maximum -.Fa depth -for the certificate chain verification that shall be allowed for -.Fa ssl . -(See the -.Sx BUGS -section.) -.Pp -The verification of certificates can be controlled by a set of bitwise ORed -.Fa mode -flags: -.Bl -tag -width Ds -.It Dv SSL_VERIFY_NONE -.Em Server mode : -the server will not send a client certificate request to the client, -so the client will not send a certificate. -.Pp -.Em Client mode : -if not using an anonymous cipher (by default disabled), -the server will send a certificate which will be checked. -The result of the certificate verification process can be checked after the -TLS/SSL handshake using the -.Xr SSL_get_verify_result 3 -function. -The handshake will be continued regardless of the verification result. -.It Dv SSL_VERIFY_PEER -.Em Server mode : -the server sends a client certificate request to the client. -The certificate returned (if any) is checked. -If the verification process fails, -the TLS/SSL handshake is immediately terminated with an alert message -containing the reason for the verification failure. -The behaviour can be controlled by the additional -.Dv SSL_VERIFY_FAIL_IF_NO_PEER_CERT -and -.Dv SSL_VERIFY_CLIENT_ONCE -flags. -.Pp -.Em Client mode : -the server certificate is verified. -If the verification process fails, -the TLS/SSL handshake is immediately terminated with an alert message -containing the reason for the verification failure. -If no server certificate is sent, because an anonymous cipher is used, -.Dv SSL_VERIFY_PEER -is ignored. -.It Dv SSL_VERIFY_FAIL_IF_NO_PEER_CERT -.Em Server mode : -if the client did not return a certificate, the TLS/SSL -handshake is immediately terminated with a -.Dq handshake failure -alert. -This flag must be used together with -.Dv SSL_VERIFY_PEER . -.Pp -.Em Client mode : -ignored -.It Dv SSL_VERIFY_CLIENT_ONCE -.Em Server mode : -only request a client certificate on the initial TLS/SSL handshake. -Do not ask for a client certificate again in case of a renegotiation. -This flag must be used together with -.Dv SSL_VERIFY_PEER . -.Pp -.Em Client mode : -ignored -.El -.Pp -Exactly one of the -.Fa mode -flags -.Dv SSL_VERIFY_NONE -and -.Dv SSL_VERIFY_PEER -must be set at any time. -.Pp -The actual verification procedure is performed either using the built-in -verification procedure or using another application provided verification -function set with -.Xr SSL_CTX_set_cert_verify_callback 3 . -The following descriptions apply in the case of the built-in procedure. -An application provided procedure also has access to the verify depth -information and the -.Fa verify_callback Ns () -function, but the way this information is used may be different. -.Pp -.Fn SSL_CTX_set_verify_depth -and -.Fn SSL_set_verify_depth -set the limit up to which depth certificates in a chain are used during the -verification procedure. -If the certificate chain is longer than allowed, -the certificates above the limit are ignored. -Error messages are generated as if these certificates would not be present, -most likely a -.Dv X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY -will be issued. -The depth count is -.Dq level 0: peer certificate , -.Dq level 1: CA certificate , -.Dq level 2: higher level CA certificate , -and so on. -Setting the maximum depth to 2 allows the levels 0, 1, and 2. -The default depth limit is 100, -allowing for the peer certificate and an additional 100 CA certificates. -.Pp -The -.Fa verify_callback -function is used to control the behaviour when the -.Dv SSL_VERIFY_PEER -flag is set. -It must be supplied by the application and receives two arguments: -.Fa preverify_ok -indicates whether the verification of the certificate in question was passed -(preverify_ok=1) or not (preverify_ok=0). -.Fa x509_ctx -is a pointer to the complete context used -for the certificate chain verification. -.Pp -The certificate chain is checked starting with the deepest nesting level -(the root CA certificate) and worked upward to the peer's certificate. -At each level signatures and issuer attributes are checked. -Whenever a verification error is found, the error number is stored in -.Fa x509_ctx -and -.Fa verify_callback -is called with -.Fa preverify_ok -equal to 0. -By applying -.Fn X509_CTX_store_* -functions -.Fa verify_callback -can locate the certificate in question and perform additional steps (see -.Sx EXAMPLES ) . -If no error is found for a certificate, -.Fa verify_callback -is called with -.Fa preverify_ok -equal to 1 before advancing to the next level. -.Pp -The return value of -.Fa verify_callback -controls the strategy of the further verification process. -If -.Fa verify_callback -returns 0, the verification process is immediately stopped with -.Dq verification failed -state. -If -.Dv SSL_VERIFY_PEER -is set, a verification failure alert is sent to the peer and the TLS/SSL -handshake is terminated. -If -.Fa verify_callback -returns 1, the verification process is continued. -If -.Fa verify_callback -always returns 1, -the TLS/SSL handshake will not be terminated with respect to verification -failures and the connection will be established. -The calling process can however retrieve the error code of the last -verification error using -.Xr SSL_get_verify_result 3 -or by maintaining its own error storage managed by -.Fa verify_callback . -.Pp -If no -.Fa verify_callback -is specified, the default callback will be used. -Its return value is identical to -.Fa preverify_ok , -so that any verification -failure will lead to a termination of the TLS/SSL handshake with an -alert message, if -.Dv SSL_VERIFY_PEER -is set. -.Sh EXAMPLES -The following code sequence realizes an example -.Fa verify_callback -function that will always continue the TLS/SSL handshake regardless of -verification failure, if wished. -The callback realizes a verification depth limit with more informational output. -.Pp -All verification errors are printed; -information about the certificate chain is printed on request. -The example is realized for a server that does allow but not require client -certificates. -.Pp -The example makes use of the ex_data technique to store application data -into/retrieve application data from the -.Vt SSL -structure (see -.Xr SSL_get_ex_new_index 3 , -.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 ) . -.Bd -literal -\&... - -typedef struct { - int verbose_mode; - int verify_depth; - int always_continue; -} mydata_t; -int mydata_index; -\&... -static int -verify_callback(int preverify_ok, X509_STORE_CTX *ctx) -{ - char buf[256]; - X509 *err_cert; - int err, depth; - SSL *ssl; - mydata_t *mydata; - - err_cert = X509_STORE_CTX_get_current_cert(ctx); - err = X509_STORE_CTX_get_error(ctx); - depth = X509_STORE_CTX_get_error_depth(ctx); - - /* - * Retrieve the pointer to the SSL of the connection currently - * treated * and the application specific data stored into the - * SSL object. - */ - ssl = X509_STORE_CTX_get_ex_data(ctx, - SSL_get_ex_data_X509_STORE_CTX_idx()); - mydata = SSL_get_ex_data(ssl, mydata_index); - - X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); - - /* - * Catch a too long certificate chain. The depth limit set using - * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so - * that whenever the "depth>verify_depth" condition is met, we - * have violated the limit and want to log this error condition. - * We must do it here, because the CHAIN_TOO_LONG error would not - * be found explicitly; only errors introduced by cutting off the - * additional certificates would be logged. - */ - if (depth > mydata->verify_depth) { - preverify_ok = 0; - err = X509_V_ERR_CERT_CHAIN_TOO_LONG; - X509_STORE_CTX_set_error(ctx, err); - } - if (!preverify_ok) { - printf("verify error:num=%d:%s:depth=%d:%s\en", err, - X509_verify_cert_error_string(err), depth, buf); - } else if (mydata->verbose_mode) { - printf("depth=%d:%s\en", depth, buf); - } - - /* - * At this point, err contains the last verification error. - * We can use it for something special - */ - if (!preverify_ok && (err == - X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) { - X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), - buf, 256); - printf("issuer= %s\en", buf); - } - - if (mydata->always_continue) - return 1; - else - return preverify_ok; -} -\&... - -mydata_t mydata; - -\&... - -mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL); - -\&... - -SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, - verify_callback); - -/* - * Let the verify_callback catch the verify_depth error so that we get - * an appropriate error in the logfile. - */ -SSL_CTX_set_verify_depth(verify_depth + 1); - -/* - * Set up the SSL specific data into "mydata" and store it into the SSL - * structure. - */ -mydata.verify_depth = verify_depth; ... -SSL_set_ex_data(ssl, mydata_index, &mydata); - -\&... - -SSL_accept(ssl); /* check of success left out for clarity */ -if (peer = SSL_get_peer_certificate(ssl)) { - if (SSL_get_verify_result(ssl) == X509_V_OK) { - /* The client sent a certificate which verified OK */ - } -} -.Ed -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_get_verify_mode 3 , -.Xr SSL_CTX_load_verify_locations 3 , -.Xr SSL_CTX_set_cert_verify_callback 3 , -.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 , -.Xr SSL_get_ex_new_index 3 , -.Xr SSL_get_peer_certificate 3 , -.Xr SSL_get_verify_result 3 , -.Xr SSL_new 3 , -.Xr SSL_set1_host 3 -.Sh HISTORY -.Fn SSL_set_verify -appeared in SSLeay 0.4 or earlier. -.Fn SSL_CTX_set_verify -first appeared in SSLeay 0.6.4. -Both functions have been available since -.Ox 2.4 . -.Pp -.Fn SSL_CTX_set_verify_depth -and -.Fn SSL_set_verify_depth -first appeared in OpenSSL 0.9.3 and have been available since -.Ox 2.6 . -.Sh BUGS -In client mode, it is not checked whether the -.Dv SSL_VERIFY_PEER -flag is set, but whether -.Dv SSL_VERIFY_NONE -is not set. -This can lead to unexpected behaviour, if the -.Dv SSL_VERIFY_PEER -and -.Dv SSL_VERIFY_NONE -are not used as required (exactly one must be set at any time). -.Pp -The certificate verification depth set with -.Fn SSL[_CTX]_verify_depth -stops the verification at a certain depth. -The error message produced will be that of an incomplete certificate chain and -not -.Dv X509_V_ERR_CERT_CHAIN_TOO_LONG -as may be expected. diff --git a/src/lib/libssl/man/SSL_CTX_use_certificate.3 b/src/lib/libssl/man/SSL_CTX_use_certificate.3 deleted file mode 100644 index c88a6971b2..0000000000 --- a/src/lib/libssl/man/SSL_CTX_use_certificate.3 +++ /dev/null @@ -1,451 +0,0 @@ -.\" $OpenBSD: SSL_CTX_use_certificate.3,v 1.17 2025/01/18 10:45:12 tb Exp $ -.\" full merge up to: OpenSSL 3aaa1bd0 Mar 28 16:35:25 2017 +1000 -.\" selective merge up to: OpenSSL d1f7a1e6 Apr 26 14:05:40 2018 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2001, 2002, 2003, 2005 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: January 18 2025 $ -.Dt SSL_CTX_USE_CERTIFICATE 3 -.Os -.Sh NAME -.Nm SSL_CTX_use_certificate , -.Nm SSL_CTX_use_certificate_ASN1 , -.Nm SSL_CTX_use_certificate_file , -.Nm SSL_use_certificate , -.Nm SSL_use_certificate_ASN1 , -.Nm SSL_use_certificate_chain_file , -.Nm SSL_use_certificate_file , -.Nm SSL_CTX_use_certificate_chain_file , -.Nm SSL_CTX_use_certificate_chain_mem , -.Nm SSL_CTX_use_PrivateKey , -.Nm SSL_CTX_use_PrivateKey_ASN1 , -.Nm SSL_CTX_use_PrivateKey_file , -.Nm SSL_CTX_use_RSAPrivateKey , -.Nm SSL_CTX_use_RSAPrivateKey_ASN1 , -.Nm SSL_CTX_use_RSAPrivateKey_file , -.Nm SSL_use_PrivateKey_file , -.Nm SSL_use_PrivateKey_ASN1 , -.Nm SSL_use_PrivateKey , -.Nm SSL_use_RSAPrivateKey , -.Nm SSL_use_RSAPrivateKey_ASN1 , -.Nm SSL_use_RSAPrivateKey_file , -.Nm SSL_CTX_check_private_key , -.Nm SSL_check_private_key -.Nd load certificate and key data -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_CTX_use_certificate "SSL_CTX *ctx" "X509 *x" -.Ft int -.Fn SSL_CTX_use_certificate_ASN1 "SSL_CTX *ctx" "int len" "unsigned char *d" -.Ft int -.Fn SSL_CTX_use_certificate_file "SSL_CTX *ctx" "const char *file" "int type" -.Ft int -.Fn SSL_use_certificate "SSL *ssl" "X509 *x" -.Ft int -.Fn SSL_use_certificate_ASN1 "SSL *ssl" "unsigned char *d" "int len" -.Ft int -.Fn SSL_use_certificate_chain_file "SSL *ssl" "const char *file" -.Ft int -.Fn SSL_use_certificate_file "SSL *ssl" "const char *file" "int type" -.Ft int -.Fn SSL_CTX_use_certificate_chain_file "SSL_CTX *ctx" "const char *file" -.Ft int -.Fn SSL_CTX_use_certificate_chain_mem "SSL_CTX *ctx" "void *buf" "int len" -.Ft int -.Fn SSL_CTX_use_PrivateKey "SSL_CTX *ctx" "EVP_PKEY *pkey" -.Ft int -.Fo SSL_CTX_use_PrivateKey_ASN1 -.Fa "int pk" "SSL_CTX *ctx" "unsigned char *d" "long len" -.Fc -.Ft int -.Fn SSL_CTX_use_PrivateKey_file "SSL_CTX *ctx" "const char *file" "int type" -.Ft int -.Fn SSL_CTX_use_RSAPrivateKey "SSL_CTX *ctx" "RSA *rsa" -.Ft int -.Fn SSL_CTX_use_RSAPrivateKey_ASN1 "SSL_CTX *ctx" "unsigned char *d" "long len" -.Ft int -.Fn SSL_CTX_use_RSAPrivateKey_file "SSL_CTX *ctx" "const char *file" "int type" -.Ft int -.Fn SSL_use_PrivateKey "SSL *ssl" "EVP_PKEY *pkey" -.Ft int -.Fn SSL_use_PrivateKey_ASN1 "int pk" "SSL *ssl" "unsigned char *d" "long len" -.Ft int -.Fn SSL_use_PrivateKey_file "SSL *ssl" "const char *file" "int type" -.Ft int -.Fn SSL_use_RSAPrivateKey "SSL *ssl" "RSA *rsa" -.Ft int -.Fn SSL_use_RSAPrivateKey_ASN1 "SSL *ssl" "const unsigned char *d" "long len" -.Ft int -.Fn SSL_use_RSAPrivateKey_file "SSL *ssl" "const char *file" "int type" -.Ft int -.Fn SSL_CTX_check_private_key "const SSL_CTX *ctx" -.Ft int -.Fn SSL_check_private_key "const SSL *ssl" -.Sh DESCRIPTION -These functions load the certificates and private keys into the -.Vt SSL_CTX -or -.Vt SSL -object, respectively. -.Pp -The -.Fn SSL_CTX_* -class of functions loads the certificates and keys into the -.Vt SSL_CTX -object -.Fa ctx . -The information is passed to -.Vt SSL -objects -.Fa ssl -created from -.Fa ctx -with -.Xr SSL_new 3 -by copying, so that changes applied to -.Fa ctx -do not propagate to already existing -.Vt SSL -objects. -.Pp -The -.Fn SSL_* -class of functions only loads certificates and keys into a specific -.Vt SSL -object. -The specific information is kept when -.Xr SSL_clear 3 -is called for this -.Vt SSL -object. -.Pp -.Fn SSL_CTX_use_certificate -loads the certificate -.Fa x -into -.Fa ctx ; -.Fn SSL_use_certificate -loads -.Fa x -into -.Fa ssl . -The rest of the certificates needed to form the complete certificate chain can -be specified using the -.Xr SSL_CTX_add_extra_chain_cert 3 -function. -.Pp -.Fn SSL_CTX_use_certificate_ASN1 -loads the ASN1 encoded certificate from the memory location -.Fa d -(with length -.Fa len ) -into -.Fa ctx ; -.Fn SSL_use_certificate_ASN1 -loads the ASN1 encoded certificate into -.Fa ssl . -.Pp -.Fn SSL_CTX_use_certificate_file -loads the first certificate stored in -.Fa file -into -.Fa ctx . -The formatting -.Fa type -of the certificate must be specified from the known types -.Dv SSL_FILETYPE_PEM -and -.Dv SSL_FILETYPE_ASN1 . -.Fn SSL_use_certificate_file -loads the certificate from -.Fa file -into -.Fa ssl . -See the -.Sx NOTES -section on why -.Fn SSL_CTX_use_certificate_chain_file -should be preferred. -.Pp -The -.Fn SSL_CTX_use_certificate_chain* -functions load a certificate chain into -.Fa ctx . -The certificates must be in PEM format and must be sorted starting with the -subject's certificate (actual client or server certificate), -followed by intermediate CA certificates if applicable, -and ending at the highest level (root) CA. -With the exception of -.Fn SSL_use_certificate_chain_file , -there is no corresponding function working on a single -.Vt SSL -object. -.Pp -.Fn SSL_CTX_use_PrivateKey -adds -.Fa pkey -as private key to -.Fa ctx . -.Fn SSL_CTX_use_RSAPrivateKey -adds the private key -.Fa rsa -of type RSA to -.Fa ctx . -.Fn SSL_use_PrivateKey -adds -.Fa pkey -as private key to -.Fa ssl ; -.Fn SSL_use_RSAPrivateKey -adds -.Fa rsa -as private key of type RSA to -.Fa ssl . -If a certificate has already been set and the private does not belong to the -certificate, an error is returned. -To change a certificate private key pair, -the new certificate needs to be set with -.Fn SSL_use_certificate -or -.Fn SSL_CTX_use_certificate -before setting the private key with -.Fn SSL_CTX_use_PrivateKey -or -.Fn SSL_use_PrivateKey . -.Pp -.Fn SSL_CTX_use_PrivateKey_ASN1 -adds the private key of type -.Fa pk -stored at memory location -.Fa d -(length -.Fa len ) -to -.Fa ctx . -.Fn SSL_CTX_use_RSAPrivateKey_ASN1 -adds the private key of type RSA stored at memory location -.Fa d -(length -.Fa len ) -to -.Fa ctx . -.Fn SSL_use_PrivateKey_ASN1 -and -.Fn SSL_use_RSAPrivateKey_ASN1 -add the private key to -.Fa ssl . -.Pp -.Fn SSL_CTX_use_PrivateKey_file -adds the first private key found in -.Fa file -to -.Fa ctx . -The formatting -.Fa type -of the private key must be specified from the known types -.Dv SSL_FILETYPE_PEM -and -.Dv SSL_FILETYPE_ASN1 . -.Fn SSL_CTX_use_RSAPrivateKey_file -adds the first private RSA key found in -.Fa file -to -.Fa ctx . -.Fn SSL_use_PrivateKey_file -adds the first private key found in -.Fa file -to -.Fa ssl ; -.Fn SSL_use_RSAPrivateKey_file -adds the first private RSA key found to -.Fa ssl . -.Pp -The -.Fn SSL_CTX_check_private_key -function is seriously misnamed. -It compares the -.Em public -key components and parameters of an OpenSSL private key with the -corresponding certificate loaded into -.Fa ctx . -If more than one key/certificate pair (RSA/ECDSA) is installed, -the last item installed will be compared. -If, e.g., the last item was an RSA certificate or key, -the RSA key/certificate pair will be checked. -.Fn SSL_check_private_key -performs the same -.Em public -key comparison for -.Fa ssl . -If no key/certificate was explicitly added for this -.Fa ssl , -the last item added into -.Fa ctx -will be checked. -.Pp -Despite the name, neither -.Fn SSL_CTX_check_private_key -nor -.Fn SSL_check_private_key -checks whether the private key component is indeed a private key, -nor whether it matches the public key component. -They merely compare the public materials (e.g. exponent and modulus of -an RSA key) and/or key parameters (e.g. EC params of an EC key) of a -key pair. -.Sh NOTES -The internal certificate store of OpenSSL can hold several private -key/certificate pairs at a time. -The certificate used depends on the cipher selected. -See also -.Xr SSL_CTX_set_cipher_list 3 . -.Pp -When reading certificates and private keys from file, files of type -.Dv SSL_FILETYPE_ASN1 -(also known as -.Em DER , -binary encoding) can only contain one certificate or private key; consequently, -.Fn SSL_CTX_use_certificate_chain_file -is only applicable to PEM formatting. -Files of type -.Dv SSL_FILETYPE_PEM -can contain more than one item. -.Pp -.Fn SSL_CTX_use_certificate_chain_file -adds the first certificate found in the file to the certificate store. -The other certificates are added to the store of chain certificates using -.Xr SSL_CTX_add1_chain_cert 3 . -It is recommended to use the -.Fn SSL_CTX_use_certificate_chain_file -instead of the -.Fn SSL_CTX_use_certificate_file -function in order to allow the use of complete certificate chains even when no -trusted CA storage is used or when the CA issuing the certificate shall not be -added to the trusted CA storage. -.Pp -If additional certificates are needed to complete the chain during the TLS -negotiation, CA certificates are additionally looked up in the locations of -trusted CA certificates (see -.Xr SSL_CTX_load_verify_locations 3 ) . -.Pp -The private keys loaded from file can be encrypted. -In order to successfully load encrypted keys, -a function returning the passphrase must have been supplied (see -.Xr SSL_CTX_set_default_passwd_cb 3 ) . -(Certificate files might be encrypted as well from the technical point of view, -it however does not make sense as the data in the certificate is considered -public anyway.) -.Sh RETURN VALUES -On success, the functions return 1. -Otherwise check out the error stack to find out the reason. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_clear 3 , -.Xr SSL_CTX_add1_chain_cert 3 , -.Xr SSL_CTX_add_extra_chain_cert 3 , -.Xr SSL_CTX_load_verify_locations 3 , -.Xr SSL_CTX_set_cipher_list 3 , -.Xr SSL_CTX_set_client_CA_list 3 , -.Xr SSL_CTX_set_client_cert_cb 3 , -.Xr SSL_CTX_set_default_passwd_cb 3 , -.Xr SSL_new 3 , -.Xr X509_check_private_key 3 -.Sh HISTORY -.Fn SSL_use_certificate , -.Fn SSL_use_certificate_file , -.Fn SSL_use_RSAPrivateKey , -and -.Fn SSL_use_RSAPrivateKey_file -appeared in SSLeay 0.4 or earlier. -.Fn SSL_use_certificate_ASN1 -and -.Fn SSL_use_RSAPrivateKey_ASN1 -first appeared in SSLeay 0.5.1. -.Fn SSL_use_PrivateKey_file , -.Fn SSL_use_PrivateKey_ASN1 , -and -.Fn SSL_use_PrivateKey -first appeared in SSLeay 0.6.0. -.Fn SSL_CTX_use_certificate , -.Fn SSL_CTX_use_certificate_ASN1 , -.Fn SSL_CTX_use_certificate_file , -.Fn SSL_CTX_use_PrivateKey , -.Fn SSL_CTX_use_PrivateKey_ASN1 , -.Fn SSL_CTX_use_PrivateKey_file , -.Fn SSL_CTX_use_RSAPrivateKey , -.Fn SSL_CTX_use_RSAPrivateKey_ASN1 , -and -.Fn SSL_CTX_use_RSAPrivateKey_file -first appeared in SSLeay 0.6.1. -.Fn SSL_CTX_check_private_key -and -.Fn SSL_check_private_key -first appeared in SSLeay 0.6.5. -All these functions have been available since -.Ox 2.4 . -.Pp -.Fn SSL_CTX_use_certificate_chain_file -first appeared in OpenSSL 0.9.4 and has been available since -.Ox 2.6 . -.Pp -.Fn SSL_use_certificate_chain_file -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.9 . -.Pp -Support for DER encoded private keys -.Pq Dv SSL_FILETYPE_ASN1 -in -.Fn SSL_CTX_use_PrivateKey_file -and -.Fn SSL_use_PrivateKey_file -was added in 0.9.8. -.Pp -.Fn SSL_CTX_use_certificate_chain_mem -first appeared in -.Ox 5.7 . diff --git a/src/lib/libssl/man/SSL_SESSION_free.3 b/src/lib/libssl/man/SSL_SESSION_free.3 deleted file mode 100644 index 3f785e95e5..0000000000 --- a/src/lib/libssl/man/SSL_SESSION_free.3 +++ /dev/null @@ -1,148 +0,0 @@ -.\" $OpenBSD: SSL_SESSION_free.3,v 1.7 2019/06/12 09:36:30 schwarze Exp $ -.\" full merge up to: OpenSSL b31db505 Mar 24 16:01:50 2017 +0000 -.\" -.\" This file was written by Lutz Jaenicke -.\" and Matt Caswell . -.\" Copyright (c) 2000, 2001, 2009, 2017 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 12 2019 $ -.Dt SSL_SESSION_FREE 3 -.Os -.Sh NAME -.Nm SSL_SESSION_up_ref , -.Nm SSL_SESSION_free -.Nd SSL_SESSION reference counting -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_SESSION_up_ref "SSL_SESSION *session" -.Ft void -.Fn SSL_SESSION_free "SSL_SESSION *session" -.Sh DESCRIPTION -.Fn SSL_SESSION_up_ref -increments the reference count of the given -.Fa session -by 1. -.Pp -.Fn SSL_SESSION_free -decrements the reference count of the given -.Fa session -by 1. -If the reference count reaches 0, it frees the memory used by the -.Fa session . -If -.Fa session -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Vt SSL_SESSION -objects are allocated when a TLS/SSL handshake operation is successfully -completed. -Depending on the settings, see -.Xr SSL_CTX_set_session_cache_mode 3 , -the -.Vt SSL_SESSION -objects are internally referenced by the -.Vt SSL_CTX -and linked into its session cache. -.Vt SSL -objects may be using the -.Vt SSL_SESSION -object; as a session may be reused, several -.Vt SSL -objects may be using one -.Vt SSL_SESSION -object at the same time. -It is therefore crucial to keep the reference count (usage information) correct -and not delete a -.Vt SSL_SESSION -object that is still used, as this may lead to program failures due to dangling -pointers. -These failures may also appear delayed, e.g., when an -.Vt SSL_SESSION -object is completely freed as the reference count incorrectly becomes 0, but it -is still referenced in the internal session cache and the cache list is -processed during a -.Xr SSL_CTX_flush_sessions 3 -operation. -.Pp -.Fn SSL_SESSION_free -must only be called for -.Vt SSL_SESSION -objects, for which the reference count was explicitly incremented (e.g., by -calling -.Xr SSL_get1_session 3 ; -see -.Xr SSL_get_session 3 ) -or when the -.Vt SSL_SESSION -object was generated outside a TLS handshake operation, e.g., by using -.Xr d2i_SSL_SESSION 3 . -It must not be called on other -.Vt SSL_SESSION -objects, as this would cause incorrect reference counts and therefore program -failures. -.Sh RETURN VALUES -.Fn SSL_SESSION_up_ref -returns 1 on success or 0 on error. -.Sh SEE ALSO -.Xr d2i_SSL_SESSION 3 , -.Xr ssl 3 , -.Xr SSL_CTX_flush_sessions 3 , -.Xr SSL_CTX_set_session_cache_mode 3 , -.Xr SSL_get_session 3 , -.Xr SSL_SESSION_new 3 -.Sh HISTORY -.Fn SSL_SESSION_free -first appeared in SSLeay 0.5.2 and has been available since -.Ox 2.4 . -.Pp -.Fn SSL_SESSION_up_ref -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_SESSION_get0_cipher.3 b/src/lib/libssl/man/SSL_SESSION_get0_cipher.3 deleted file mode 100644 index 239a426dbd..0000000000 --- a/src/lib/libssl/man/SSL_SESSION_get0_cipher.3 +++ /dev/null @@ -1,94 +0,0 @@ -.\" $OpenBSD: SSL_SESSION_get0_cipher.3,v 1.1 2021/05/12 14:16:25 tb Exp $ -.\" full merge up to: OpenSSL d42e7759f Mar 30 19:40:04 2017 +0200 -.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 -.\" -.\" This file was written by Rich Salz . -.\" Copyright (c) 2016, 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: May 12 2021 $ -.Dt SSL_SESSION_GET0_CIPHER 3 -.Os -.Sh NAME -.Nm SSL_SESSION_get0_cipher -.Nd retrieve the SSL cipher associated with a session -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft const SSL_CIPHER * -.Fo SSL_SESSION_get0_cipher -.Fa "const SSL_SESSION *session" -.Fc -.Sh DESCRIPTION -.Fn SSL_SESSION_get0_cipher -retrieves the cipher that was used by the connection when the session -was created, or -.Dv NULL -if it cannot be determined. -.Pp -The value returned is a pointer to an object maintained within -.Fa session -and should not be released. -.Sh RETURN VALUES -.Fn SSL_SESSION_get0_cipher -returns the -.Vt SSL_CIPHER -associated with -.Fa session -or -.Dv NULL -if it cannot be determined. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CIPHER_get_name 3 , -.Xr SSL_get_current_cipher 3 , -.Xr SSL_get_session 3 , -.Xr SSL_SESSION_new 3 -.Sh HISTORY -The -.Fn SSL_SESSION_get0_cipher -function first appeared in OpenSSL 1.1.0 -and has been available since -.Ox 7.0 . diff --git a/src/lib/libssl/man/SSL_SESSION_get0_peer.3 b/src/lib/libssl/man/SSL_SESSION_get0_peer.3 deleted file mode 100644 index 6b1ef6680e..0000000000 --- a/src/lib/libssl/man/SSL_SESSION_get0_peer.3 +++ /dev/null @@ -1,80 +0,0 @@ -.\" $OpenBSD: SSL_SESSION_get0_peer.3,v 1.2 2018/03/23 05:50:30 schwarze Exp $ -.\" OpenSSL SSL_SESSION_get0_peer.pod b31db505 Mar 24 16:01:50 2017 +0000 -.\" -.\" This file was written by Matt Caswell -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 23 2018 $ -.Dt SSL_SESSION_GET0_PEER 3 -.Os -.Sh NAME -.Nm SSL_SESSION_get0_peer -.Nd get details about peer's certificate for a session -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft X509 * -.Fo SSL_SESSION_get0_peer -.Fa "SSL_SESSION *s" -.Fc -.Sh DESCRIPTION -.Fn SSL_SESSION_get0_peer -returns a pointer to the peer certificate associated with the session -.Fa s -or -.Dv NULL -if no peer certificate is available. -The caller should not free the returned value, unless -.Xr X509_up_ref 3 -has also been called. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_get_session 3 , -.Xr SSL_SESSION_new 3 -.Sh HISTORY -.Fn SSL_SESSION_get0_peer -first appeared in OpenSSL 1.0.1 and has been available since -.Ox 5.3 . diff --git a/src/lib/libssl/man/SSL_SESSION_get_compress_id.3 b/src/lib/libssl/man/SSL_SESSION_get_compress_id.3 deleted file mode 100644 index aedc216a15..0000000000 --- a/src/lib/libssl/man/SSL_SESSION_get_compress_id.3 +++ /dev/null @@ -1,78 +0,0 @@ -.\" $OpenBSD: SSL_SESSION_get_compress_id.3,v 1.3 2018/03/23 05:50:30 schwarze Exp $ -.\" OpenSSL SSL_SESSION_get_compress_id.pod b31db505 Mar 24 16:01:50 2017 -.\" -.\" This file was written by Matt Caswell -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 23 2018 $ -.Dt SSL_SESSION_GET_COMPRESS_ID 3 -.Os -.Sh NAME -.Nm SSL_SESSION_get_compress_id -.Nd get details about the compression associated with a session -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft unsigned int -.Fo SSL_SESSION_get_compress_id -.Fa "const SSL_SESSION *s" -.Fc -.Sh DESCRIPTION -If compression has been negotiated for an ssl session, -.Fn SSL_SESSION_get_compress_id -returns the id for the compression method, or 0 otherwise. -The only built-in supported compression method is zlib, -which has an id of 1. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_get_session 3 , -.Xr SSL_SESSION_get_id 3 , -.Xr SSL_SESSION_get_protocol_version 3 , -.Xr SSL_SESSION_new 3 -.Sh HISTORY -.Fn SSL_SESSION_get_compress_id -first appeared in OpenSSL 1.0.1 and has been available since -.Ox 5.3 . diff --git a/src/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 b/src/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 deleted file mode 100644 index 9fd6949b6a..0000000000 --- a/src/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 +++ /dev/null @@ -1,134 +0,0 @@ -.\" $OpenBSD: SSL_SESSION_get_ex_new_index.3,v 1.3 2018/03/21 08:06:34 schwarze Exp $ -.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001, 2005 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 21 2018 $ -.Dt SSL_SESSION_GET_EX_NEW_INDEX 3 -.Os -.Sh NAME -.Nm SSL_SESSION_get_ex_new_index , -.Nm SSL_SESSION_set_ex_data , -.Nm SSL_SESSION_get_ex_data -.Nd internal application specific data functions -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fo SSL_SESSION_get_ex_new_index -.Fa "long argl" -.Fa "void *argp" -.Fa "CRYPTO_EX_new *new_func" -.Fa "CRYPTO_EX_dup *dup_func" -.Fa "CRYPTO_EX_free *free_func" -.Fc -.Ft int -.Fn SSL_SESSION_set_ex_data "SSL_SESSION *session" "int idx" "void *arg" -.Ft void * -.Fn SSL_SESSION_get_ex_data "const SSL_SESSION *session" "int idx" -.Bd -literal - typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, - int idx, long argl, void *argp); -.Ed -.Sh DESCRIPTION -Several OpenSSL structures can have application specific data attached to them. -These functions are used internally by OpenSSL to manipulate -application-specific data attached to a specific structure. -.Pp -.Fn SSL_SESSION_get_ex_new_index -is used to register a new index for application-specific data. -.Pp -.Fn SSL_SESSION_set_ex_data -is used to store application data at -.Fa arg -for -.Fa idx -into the -.Fa session -object. -.Pp -.Fn SSL_SESSION_get_ex_data -is used to retrieve the information for -.Fa idx -from -.Fa session . -.Pp -A detailed description for the -.Fn *_get_ex_new_index -functionality -can be found in -.Xr RSA_get_ex_new_index 3 . -The -.Fn *_get_ex_data -and -.Fn *_set_ex_data -functionality is described in -.Xr CRYPTO_set_ex_data 3 . -.Sh WARNINGS -The application data is only maintained for sessions held in memory. -The application data is not included when dumping the session with -.Xr i2d_SSL_SESSION 3 -(and all functions indirectly calling the dump functions like -.Xr PEM_write_SSL_SESSION 3 -and -.Xr PEM_write_bio_SSL_SESSION 3 ) -and can therefore not be restored. -.Sh SEE ALSO -.Xr CRYPTO_set_ex_data 3 , -.Xr RSA_get_ex_new_index 3 , -.Xr ssl 3 -.Sh HISTORY -.Fn SSL_SESSION_get_ex_new_index , -.Fn SSL_SESSION_set_ex_data , -and -.Fn SSL_SESSION_get_ex_data -first appeared in SSLeay 0.9.0 and have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_SESSION_get_id.3 b/src/lib/libssl/man/SSL_SESSION_get_id.3 deleted file mode 100644 index 6d0de1e52e..0000000000 --- a/src/lib/libssl/man/SSL_SESSION_get_id.3 +++ /dev/null @@ -1,112 +0,0 @@ -.\" $OpenBSD: SSL_SESSION_get_id.3,v 1.6 2018/03/24 00:55:37 schwarze Exp $ -.\" full merge up to: -.\" OpenSSL SSL_SESSION_set1_id 17b60280 Dec 21 09:08:25 2017 +0100 -.\" -.\" This file was written by Remi Gacogne -.\" and Matt Caswell . -.\" Copyright (c) 2016, 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 24 2018 $ -.Dt SSL_SESSION_GET_ID 3 -.Os -.Sh NAME -.Nm SSL_SESSION_get_id , -.Nm SSL_SESSION_set1_id -.Nd get and set the SSL session ID -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft const unsigned char * -.Fo SSL_SESSION_get_id -.Fa "const SSL_SESSION *s" -.Fa "unsigned int *len" -.Fc -.Ft int -.Fo SSL_SESSION_set1_id -.Fa "SSL_SESSION *s" -.Fa "const unsigned char *sid" -.Fa "unsigned int sid_len" -.Fc -.Sh DESCRIPTION -.Fn SSL_SESSION_get_id -returns a pointer to the internal session ID value for the session -.Fa s . -The length of the ID in bytes is stored in -.Pf * Fa len . -The length may be 0. -The caller should not free the returned pointer directly. -.Pp -.Fn SSL_SESSION_set1_id -sets the session ID for -.Fa s -to a copy of the -.Fa sid -of length -.Fa sid_len . -.Sh RETURN VALUES -.Fn SSL_SESSION_get_id -returns a pointer to the session ID value. -.Pp -.Fn SSL_SESSION_set1_id -returns 1 for success and 0 for failure, -for example if the supplied session ID length exceeds -.Dv SSL_MAX_SSL_SESSION_ID_LENGTH . -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_copy_session_id 3 , -.Xr SSL_get_session 3 , -.Xr SSL_SESSION_get_compress_id 3 , -.Xr SSL_SESSION_get_protocol_version 3 , -.Xr SSL_SESSION_has_ticket 3 , -.Xr SSL_SESSION_new 3 -.Sh HISTORY -.Fn SSL_SESSION_get_id -first appeared in OpenSSL 0.9.8 and has been available since -.Ox 4.5 . -.Pp -.Fn SSL_SESSION_set1_id -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_SESSION_get_protocol_version.3 b/src/lib/libssl/man/SSL_SESSION_get_protocol_version.3 deleted file mode 100644 index f14c0490e9..0000000000 --- a/src/lib/libssl/man/SSL_SESSION_get_protocol_version.3 +++ /dev/null @@ -1,84 +0,0 @@ -.\" $OpenBSD: SSL_SESSION_get_protocol_version.3,v 1.2 2018/03/24 00:55:37 schwarze Exp $ -.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by TJ Saunders -.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 24 2018 $ -.Dt SSL_SESSION_GET_PROTOCOL_VERSION 3 -.Os -.Sh NAME -.Nm SSL_SESSION_get_protocol_version -.Nd get the session protocol version -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fo SSL_SESSION_get_protocol_version -.Fa "const SSL_SESSION *s" -.Fc -.Sh DESCRIPTION -.Fn SSL_SESSION_get_protocol_version -returns the protocol version number used by the session -.Fa s . -.Sh RETURN VALUES -.Fn SSL_SESSION_get_protocol_version -returns a constant like -.Dv TLS1_VERSION -or -.Dv TLS1_2_VERSION . -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_get_session 3 , -.Xr SSL_SESSION_get0_peer 3 , -.Xr SSL_SESSION_get_compress_id 3 , -.Xr SSL_SESSION_get_id 3 , -.Xr SSL_SESSION_get_time 3 , -.Xr SSL_SESSION_new 3 -.Sh HISTORY -.Fn SSL_SESSION_get_protocol_version -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_SESSION_get_time.3 b/src/lib/libssl/man/SSL_SESSION_get_time.3 deleted file mode 100644 index aaadec5137..0000000000 --- a/src/lib/libssl/man/SSL_SESSION_get_time.3 +++ /dev/null @@ -1,165 +0,0 @@ -.\" $OpenBSD: SSL_SESSION_get_time.3,v 1.8 2019/06/08 15:25:43 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001, 2005, 2006, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 8 2019 $ -.Dt SSL_SESSION_GET_TIME 3 -.Os -.Sh NAME -.Nm SSL_SESSION_get_time , -.Nm SSL_SESSION_set_time , -.Nm SSL_SESSION_get_timeout , -.Nm SSL_SESSION_set_timeout , -.Nm SSL_get_time , -.Nm SSL_set_time , -.Nm SSL_get_timeout , -.Nm SSL_set_timeout -.Nd retrieve and manipulate session time and timeout settings -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft long -.Fn SSL_SESSION_get_time "const SSL_SESSION *s" -.Ft long -.Fn SSL_SESSION_set_time "SSL_SESSION *s" "long tm" -.Ft long -.Fn SSL_SESSION_get_timeout "const SSL_SESSION *s" -.Ft long -.Fn SSL_SESSION_set_timeout "SSL_SESSION *s" "long tm" -.Ft long -.Fn SSL_get_time "const SSL_SESSION *s" -.Ft long -.Fn SSL_set_time "SSL_SESSION *s" "long tm" -.Ft long -.Fn SSL_get_timeout "const SSL_SESSION *s" -.Ft long -.Fn SSL_set_timeout "SSL_SESSION *s" "long tm" -.Sh DESCRIPTION -.Fn SSL_SESSION_get_time -returns the time at which the session -.Fa s -was established. -The time is given in seconds since the Epoch and therefore compatible to the -time delivered by the -.Xr time 3 -call. -.Pp -.Fn SSL_SESSION_set_time -replaces the creation time of the session -.Fa s -with -the chosen value -.Fa tm . -.Pp -.Fn SSL_SESSION_get_timeout -returns the timeout value set for session -.Fa s -in seconds. -.Pp -.Fn SSL_SESSION_set_timeout -sets the timeout value for session -.Fa s -in seconds to -.Fa tm . -.Pp -The -.Fn SSL_get_time , -.Fn SSL_set_time , -.Fn SSL_get_timeout , -and -.Fn SSL_set_timeout -functions are synonyms for the -.Fn SSL_SESSION_* -counterparts. -.Pp -Sessions are expired by examining the creation time and the timeout value. -Both are set at creation time of the session to the actual time and the default -timeout value at creation, respectively, as set by -.Xr SSL_CTX_set_timeout 3 . -Using these functions it is possible to extend or shorten the lifetime of the -session. -.Sh RETURN VALUES -.Fn SSL_SESSION_get_time -and -.Fn SSL_SESSION_get_timeout -return the currently valid values. -.Pp -.Fn SSL_SESSION_set_time -and -.Fn SSL_SESSION_set_timeout -return 1 on success. -.Pp -If any of the function is passed the -.Dv NULL -pointer for the session -.Fa s , -0 is returned. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_set_timeout 3 , -.Xr SSL_get_default_timeout 3 , -.Xr SSL_get_session 3 , -.Xr SSL_SESSION_has_ticket 3 , -.Xr SSL_SESSION_new 3 -.Sh HISTORY -.Fn SSL_get_time , -.Fn SSL_get_timeout , -and -.Fn SSL_set_timeout -appeared in SSLeay 0.4 or earlier. -.Fn SSL_set_time -first appeared in SSLeay 0.5.2. -.Fn SSL_SESSION_get_time , -.Fn SSL_SESSION_set_time , -.Fn SSL_SESSION_get_timeout , -and -.Fn SSL_SESSION_set_timeout -first appeared in SSLeay 0.9.0. -All these functions have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_SESSION_has_ticket.3 b/src/lib/libssl/man/SSL_SESSION_has_ticket.3 deleted file mode 100644 index 322b49feef..0000000000 --- a/src/lib/libssl/man/SSL_SESSION_has_ticket.3 +++ /dev/null @@ -1,85 +0,0 @@ -.\" $OpenBSD: SSL_SESSION_has_ticket.3,v 1.2 2018/03/24 00:55:37 schwarze Exp $ -.\" full merge up to: OpenSSL f2baac27 Feb 8 15:43:16 2015 +0000 -.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 -.\" -.\" This file was written by Matt Caswell . -.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 24 2018 $ -.Dt SSL_SESSION_HAS_TICKET 3 -.Os -.Sh NAME -.Nm SSL_SESSION_has_ticket , -.Nm SSL_SESSION_get_ticket_lifetime_hint -.Nd get details about the ticket associated with a session -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fo SSL_SESSION_has_ticket -.Fa "const SSL_SESSION *s" -.Fc -.Ft unsigned long -.Fo SSL_SESSION_get_ticket_lifetime_hint -.Fa "const SSL_SESSION *s" -.Fc -.Sh DESCRIPTION -.Fn SSL_SESSION_has_ticket -returns 1 if there is a Session Ticket associated with -.Fa s -or 0 otherwise. -.Pp -.Fn SSL_SESSION_get_ticket_lifetime_hint -returns the lifetime hint in seconds associated with the session ticket. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_SESSION_get_id 3 , -.Xr SSL_SESSION_get_time 3 , -.Xr SSL_SESSION_new 3 -.Sh HISTORY -These functions first appeared in OpenSSL 1.1.0 -and have been available since -.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_SESSION_is_resumable.3 b/src/lib/libssl/man/SSL_SESSION_is_resumable.3 deleted file mode 100644 index 48d7d17889..0000000000 --- a/src/lib/libssl/man/SSL_SESSION_is_resumable.3 +++ /dev/null @@ -1,81 +0,0 @@ -.\" $OpenBSD: SSL_SESSION_is_resumable.3,v 1.1 2021/09/14 14:08:15 schwarze Exp $ -.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 -.\" -.\" This file was written by Matt Caswell . -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: September 14 2021 $ -.Dt SSL_SESSION_IS_RESUMABLE 3 -.Os -.Sh NAME -.Nm SSL_SESSION_is_resumable -.Nd determine whether an SSL_SESSION object can be used for resumption -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fo SSL_SESSION_is_resumable -.Fa "const SSL_SESSION *session" -.Fc -.Sh DESCRIPTION -.Fn SSL_SESSION_is_resumable -determines whether the -.Fa session -object can be used to resume a session. -Note that attempting to resume with a non-resumable session -will result in a full handshake. -.Sh RETURN VALUES -.Fn SSL_SESSION_is_resumable -returns 1 if the session is resumable or 0 otherwise. -It always returns 0 with LibreSSL. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_sess_set_new_cb 3 , -.Xr SSL_get_session 3 -.Sh HISTORY -.Fn SSL_SESSION_is_resumable -first appeared in OpenSSL 1.1.1 and has been available since -.Ox 7.0 . diff --git a/src/lib/libssl/man/SSL_SESSION_new.3 b/src/lib/libssl/man/SSL_SESSION_new.3 deleted file mode 100644 index 2dcdb264c1..0000000000 --- a/src/lib/libssl/man/SSL_SESSION_new.3 +++ /dev/null @@ -1,78 +0,0 @@ -.\" $OpenBSD: SSL_SESSION_new.3,v 1.9 2021/09/14 14:08:15 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: September 14 2021 $ -.Dt SSL_SESSION_NEW 3 -.Os -.Sh NAME -.Nm SSL_SESSION_new -.Nd construct a new SSL_SESSION object -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft SSL_SESSION * -.Fn SSL_SESSION_new void -.Sh DESCRIPTION -.Fn SSL_SESSION_new -allocates and initializes a new -.Vt SSL_SESSION -object. -The reference count is set to 1, the time to the current time, and -the timeout to five minutes. -.Pp -When the object is no longer needed, it can be destructed with -.Xr SSL_SESSION_free 3 . -.Pp -.Fn SSL_SESSION_new -is used internally, for example by -.Xr SSL_connect 3 . -.Sh RETURN VALUES -.Fn SSL_SESSION_new -returns the new -.Vt SSL_SESSION -object or -.Dv NULL -if insufficient memory is available. -.Pp -After failure, -.Xr ERR_get_error 3 -returns -.Dv ERR_R_MALLOC_FAILURE . -.Sh SEE ALSO -.Xr d2i_SSL_SESSION 3 , -.Xr PEM_read_SSL_SESSION 3 , -.Xr ssl 3 , -.Xr SSL_connect 3 , -.Xr SSL_copy_session_id 3 , -.Xr SSL_CTX_add_session 3 , -.Xr SSL_CTX_sess_set_get_cb 3 , -.Xr SSL_get_session 3 , -.Xr SSL_SESSION_free 3 , -.Xr SSL_SESSION_get0_peer 3 , -.Xr SSL_SESSION_get_compress_id 3 , -.Xr SSL_SESSION_get_ex_new_index 3 , -.Xr SSL_SESSION_get_id 3 , -.Xr SSL_SESSION_get_master_key 3 , -.Xr SSL_SESSION_get_protocol_version 3 , -.Xr SSL_SESSION_get_time 3 , -.Xr SSL_SESSION_has_ticket 3 , -.Xr SSL_SESSION_is_resumable 3 , -.Xr SSL_SESSION_print 3 , -.Xr SSL_SESSION_set1_id_context 3 , -.Xr SSL_set_session 3 -.Sh HISTORY -.Fn SSL_SESSION_new -first appeared in SSLeay 0.5.2 and has been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_SESSION_print.3 b/src/lib/libssl/man/SSL_SESSION_print.3 deleted file mode 100644 index e92debde0e..0000000000 --- a/src/lib/libssl/man/SSL_SESSION_print.3 +++ /dev/null @@ -1,74 +0,0 @@ -.\" $OpenBSD: SSL_SESSION_print.3,v 1.4 2019/06/12 09:36:30 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 12 2019 $ -.Dt SSL_SESSION_PRINT 3 -.Os -.Sh NAME -.Nm SSL_SESSION_print , -.Nm SSL_SESSION_print_fp -.Nd print some properties of an SSL_SESSION object -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fo SSL_SESSION_print -.Fa "BIO *bp" -.Fa "const SSL_SESSION *session" -.Fc -.Ft int -.Fo SSL_SESSION_print_fp -.Fa "FILE *fp" -.Fa "const SSL_SESSION *session" -.Fc -.Sh DESCRIPTION -.Fn SSL_SESSION_print -prints some properties of -.Fa session -in a human-readable format to the -.Fa "BIO *bp" , -including protocol version, cipher name, session ID, -session ID context, master key, session ticket lifetime hint, -session ticket, start time, timeout, and verify return code. -.Pp -.Fn SSL_SESSION_print_fp -does the same as -.Fn SSL_SESSION_print -except that it prints to the -.Fa "FILE *fp" . -.Sh RETURN VALUES -.Fn SSL_SESSION_print -and -.Fn SSL_SESSION_print_fp -return 1 for success or 0 for failure. -.Pp -In some cases, the reason for failure can be determined with -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr d2i_SSL_SESSION 3 , -.Xr PEM_read_SSL_SESSION 3 , -.Xr ssl 3 , -.Xr SSL_get_session 3 , -.Xr SSL_SESSION_free 3 , -.Xr SSL_SESSION_get_ex_new_index 3 , -.Xr SSL_SESSION_get_time 3 , -.Xr SSL_SESSION_new 3 -.Sh HISTORY -.Fn SSL_SESSION_print -first appeared in SSLeay 0.5.2. -.Fn SSL_SESSION_print_fp -first appeared in SSLeay 0.6.0. -Both functions have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_SESSION_set1_id_context.3 b/src/lib/libssl/man/SSL_SESSION_set1_id_context.3 deleted file mode 100644 index dd7595baca..0000000000 --- a/src/lib/libssl/man/SSL_SESSION_set1_id_context.3 +++ /dev/null @@ -1,113 +0,0 @@ -.\" $OpenBSD: SSL_SESSION_set1_id_context.3,v 1.4 2018/03/24 00:55:37 schwarze Exp $ -.\" full merge up to: -.\" OpenSSL SSL_SESSION_get0_id_context b31db505 Mar 24 16:01:50 2017 -.\" -.\" This file was written by Matt Caswell -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 24 2018 $ -.Dt SSL_SESSION_SET1_ID_CONTEXT 3 -.Os -.Sh NAME -.Nm SSL_SESSION_get0_id_context , -.Nm SSL_SESSION_set1_id_context -.Nd get and set the SSL ID context associated with a session -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft const unsigned char * -.Fo SSL_SESSION_get0_id_context -.Fa "const SSL_SESSION *s" -.Fa "unsigned int *len" -.Fc -.Ft int -.Fo SSL_SESSION_set1_id_context -.Fa "SSL_SESSION *s" -.Fa "const unsigned char *sid_ctx" -.Fa "unsigned int sid_ctx_len" -.Fc -.Sh DESCRIPTION -.Fn SSL_SESSION_get0_id_context -returns the ID context associated with -.Fa s . -The length of the ID context in bytes is written to -.Pf * Fa len -if -.Fa len -is not -.Dv NULL . -.Pp -.Fn SSL_SESSION_set1_id_context -takes a copy of the provided ID context given in -.Fa sid_ctx -and associates it with the session -.Fa s . -The length of the ID context is given by -.Fa sid_ctx_len -which must not exceed -.Dv SSL_MAX_SID_CTX_LENGTH -bytes. -.Sh RETURN VALUES -.Fn SSL_SESSION_get0_id_context -returns an internal pointer to an object maintained within -.Fa s -that should not be freed by the caller. -.Pp -.Fn SSL_SESSION_set1_id_context -returns 1 on success or 0 on error. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_set_session_id_context 3 , -.Xr SSL_get_session 3 , -.Xr SSL_SESSION_new 3 -.Sh HISTORY -.Fn SSL_SESSION_set1_id_context -first appeared in OpenSSL 1.0.1 and has been available since -.Ox 5.3 . -.Pp -.Fn SSL_SESSION_get0_id_context -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_accept.3 b/src/lib/libssl/man/SSL_accept.3 deleted file mode 100644 index fb1d89eb57..0000000000 --- a/src/lib/libssl/man/SSL_accept.3 +++ /dev/null @@ -1,155 +0,0 @@ -.\" $OpenBSD: SSL_accept.3,v 1.6 2019/06/08 15:25:43 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2001, 2002, 2003 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 8 2019 $ -.Dt SSL_ACCEPT 3 -.Os -.Sh NAME -.Nm SSL_accept -.Nd wait for a TLS/SSL client to initiate a TLS/SSL handshake -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_accept "SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_accept -waits for a TLS/SSL client to initiate the TLS/SSL handshake. -The communication channel must already have been set and assigned to the -.Fa ssl -object by setting an underlying -.Vt BIO . -.Pp -The behaviour of -.Fn SSL_accept -depends on the underlying -.Vt BIO . -.Pp -If the underlying -.Vt BIO -is -.Em blocking , -.Fn SSL_accept -will only return once the handshake has been finished or an error occurred. -.Pp -If the underlying -.Vt BIO -is -.Em non-blocking , -.Fn SSL_accept -will also return when the underlying -.Vt BIO -could not satisfy the needs of -.Fn SSL_accept -to continue the handshake, indicating the problem by the return value \(mi1. -In this case a call to -.Xr SSL_get_error 3 -with the -return value of -.Fn SSL_accept -will yield -.Dv SSL_ERROR_WANT_READ -or -.Dv SSL_ERROR_WANT_WRITE . -The calling process then must repeat the call after taking appropriate action -to satisfy the needs of -.Fn SSL_accept . -The action depends on the underlying -.Dv BIO . -When using a non-blocking socket, nothing is to be done, but -.Xr select 2 -can be used to check for the required condition. -When using a buffering -.Vt BIO , -like a -.Vt BIO -pair, data must be written into or retrieved out of the -.Vt BIO -before being able to continue. -.Sh RETURN VALUES -The following return values can occur: -.Bl -tag -width Ds -.It 0 -The TLS/SSL handshake was not successful but was shut down controlled and by -the specifications of the TLS/SSL protocol. -Call -.Xr SSL_get_error 3 -with the return value -.Fa ret -to find out the reason. -.It 1 -The TLS/SSL handshake was successfully completed, -and a TLS/SSL connection has been established. -.It <0 -The TLS/SSL handshake was not successful because a fatal error occurred either -at the protocol level or a connection failure occurred. -The shutdown was not clean. -It can also occur of action is need to continue the operation for non-blocking -.Vt BIO Ns -s. -Call -.Xr SSL_get_error 3 -with the return value -.Fa ret -to find out the reason. -.El -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr ssl 3 , -.Xr SSL_connect 3 , -.Xr SSL_CTX_new 3 , -.Xr SSL_do_handshake 3 , -.Xr SSL_get_error 3 , -.Xr SSL_set_connect_state 3 , -.Xr SSL_shutdown 3 -.Sh HISTORY -.Fn SSL_accept -appeared in SSLeay 0.4 or earlier and has been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_alert_type_string.3 b/src/lib/libssl/man/SSL_alert_type_string.3 deleted file mode 100644 index 354865e546..0000000000 --- a/src/lib/libssl/man/SSL_alert_type_string.3 +++ /dev/null @@ -1,253 +0,0 @@ -.\" $OpenBSD: SSL_alert_type_string.3,v 1.7 2024/10/13 08:25:09 jsg Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001, 2011 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: October 13 2024 $ -.Dt SSL_ALERT_TYPE_STRING 3 -.Os -.Sh NAME -.Nm SSL_alert_type_string , -.Nm SSL_alert_type_string_long , -.Nm SSL_alert_desc_string , -.Nm SSL_alert_desc_string_long -.Nd get textual description of alert information -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft const char * -.Fn SSL_alert_type_string "int value" -.Ft const char * -.Fn SSL_alert_type_string_long "int value" -.Ft const char * -.Fn SSL_alert_desc_string "int value" -.Ft const char * -.Fn SSL_alert_desc_string_long "int value" -.Sh DESCRIPTION -.Fn SSL_alert_type_string -returns a one letter string indicating the type of the alert specified by -.Fa value . -.Pp -.Fn SSL_alert_type_string_long -returns a string indicating the type of the alert specified by -.Fa value . -.Pp -.Fn SSL_alert_desc_string -returns a two letter string as a short form describing the reason of the alert -specified by -.Fa value . -.Pp -.Fn SSL_alert_desc_string_long -returns a string describing the reason of the alert specified by -.Fa value . -.Pp -When one side of an SSL/TLS communication wants to inform the peer about -a special situation, it sends an alert. -The alert is sent as a special message and does not influence the normal data -stream (unless its contents results in the communication being canceled). -.Pp -A warning alert is sent, when a non-fatal error condition occurs. -The -.Dq close notify -alert is sent as a warning alert. -Other examples for non-fatal errors are certificate errors -.Po -.Dq certificate expired , -.Dq unsupported certificate -.Pc , -for which a warning alert may be sent. -(The sending party may, however, decide to send a fatal error.) -The receiving side may cancel the connection on reception of a warning alert at -its discretion. -.Pp -Several alert messages must be sent as fatal alert messages as specified -by the TLS RFC. -A fatal alert always leads to a connection abort. -.Sh RETURN VALUES -The following strings can occur for -.Fn SSL_alert_type_string -or -.Fn SSL_alert_type_string_long : -.Bl -tag -width Ds -.It \(dqW\(dq/\(dqwarning\(dq -.It \(dqF\(dq/\(dqfatal\(dq -.It \(dqU\(dq/\(dqunknown\(dq -This indicates that no support is available for this alert type. -Probably -.Fa value -does not contain a correct alert message. -.El -.Pp -The following strings can occur for -.Fn SSL_alert_desc_string -or -.Fn SSL_alert_desc_string_long : -.Bl -tag -width Ds -.It \(dqCN\(dq/\(dqclose notify\(dq -The connection shall be closed. -This is a warning alert. -.It \(dqUM\(dq/\(dqunexpected message\(dq -An inappropriate message was received. -This alert is always fatal and should never be observed in communication -between proper implementations. -.It \(dqBM\(dq/\(dqbad record mac\(dq -This alert is returned if a record is received with an incorrect MAC. -This message is always fatal. -.It \(dqDF\(dq/\(dqdecompression failure\(dq -The decompression function received improper input -(e.g., data that would expand to excessive length). -This message is always fatal. -.It \(dqHF\(dq/\(dqhandshake failure\(dq -Reception of a handshake_failure alert message indicates that the sender was -unable to negotiate an acceptable set of security parameters given the options -available. -This is a fatal error. -.It \(dqNC\(dq/\(dqno certificate\(dq -A client, that was asked to send a certificate, does not send a certificate -(SSLv3 only). -.It \(dqBC\(dq/\(dqbad certificate\(dq -A certificate was corrupt, contained signatures that did not verify correctly, -etc. -.It \(dqUC\(dq/\(dqunsupported certificate\(dq -A certificate was of an unsupported type. -.It \(dqCR\(dq/\(dqcertificate revoked\(dq -A certificate was revoked by its signer. -.It \(dqCE\(dq/\(dqcertificate expired\(dq -A certificate has expired or is not currently valid. -.It \(dqCU\(dq/\(dqcertificate unknown\(dq -Some other (unspecified) issue arose in processing the certificate, -rendering it unacceptable. -.It \(dqIP\(dq/\(dqillegal parameter\(dq -A field in the handshake was out of range or inconsistent with other fields. -This is always fatal. -.It \(dqDC\(dq/\(dqdecryption failed\(dq -A TLSCiphertext decrypted in an invalid way: either it wasn't an even multiple -of the block length or its padding values, when checked, weren't correct. -This message is always fatal. -.It \(dqRO\(dq/\(dqrecord overflow\(dq -A TLSCiphertext record was received which had a length more than -2^14+2048 bytes, or a record decrypted to a TLSCompressed record with more than -2^14+1024 bytes. -This message is always fatal. -.It \(dqCA\(dq/\(dqunknown CA\(dq -A valid certificate chain or partial chain was received, -but the certificate was not accepted because the CA certificate could not be -located or couldn't be matched with a known, trusted CA. -This message is always fatal. -.It \(dqAD\(dq/\(dqaccess denied\(dq -A valid certificate was received, but when access control was applied, -the sender decided not to proceed with negotiation. -This message is always fatal. -.It \(dqDE\(dq/\(dqdecode error\(dq -A message could not be decoded because some field was out of the specified -range or the length of the message was incorrect. -This message is always fatal. -.It \(dqCY\(dq/\(dqdecrypt error\(dq -A handshake cryptographic operation failed, including being unable to correctly -verify a signature, decrypt a key exchange, or validate a finished message. -.It \(dqER\(dq/\(dqexport restriction\(dq -A negotiation not in compliance with export restrictions was detected; -for example, attempting to transfer a 1024 bit ephemeral RSA key for the -RSA_EXPORT handshake method. -This message is always fatal. -.It \(dqPV\(dq/\(dqprotocol version\(dq -The protocol version the client has attempted to negotiate is recognized, -but not supported. -(For example, old protocol versions might be avoided for security reasons.) -This message is always fatal. -.It \(dqIS\(dq/\(dqinsufficient security\(dq -Returned instead of handshake_failure when a negotiation has failed -specifically because the server requires ciphers more secure than those -supported by the client. -This message is always fatal. -.It \(dqIE\(dq/\(dqinternal error\(dq -An internal error unrelated to the peer or the correctness of the protocol -makes it impossible to continue (such as a memory allocation failure). -This message is always fatal. -.It \(dqIF\(dq/\(dqinappropriate fallback\(dq -Sent by a server in response to an invalid connection retry attempt from -a client (see RFC 7507). -.It \(dqUS\(dq/\(dquser canceled\(dq -This handshake is being canceled for some reason unrelated to a protocol -failure. -If the user cancels an operation after the handshake is complete, -just closing the connection by sending a close_notify is more appropriate. -This alert should be followed by a close_notify. -This message is generally a warning. -.It \(dqNR\(dq/\(dqno renegotiation\(dq -Sent by the client in response to a hello request or by the server in response -to a client hello after initial handshaking. -Either of these would normally lead to renegotiation; when that is not -appropriate, the recipient should respond with this alert; at that point, -the original requester can decide whether to proceed with the connection. -One case where this would be appropriate would be where a server has spawned a -process to satisfy a request; the process might receive security parameters -(key length, authentication, etc.) at startup and it might be difficult to -communicate changes to these parameters after that point. -This message is always a warning. -.It \(dqUP\(dq/\(dqunknown PSK identity\(dq -Sent by the server to indicate that it does not recognize a PSK identity or an -SRP identity. -.It \(dqCQ\(dq/\(dqcertificate required\(dq -Sent by servers when a client certificate is desired but none was provided -by the client. -.It \(dqAP\(dq/\(dqno application protocol\(dq -Sent by servers when a client ALPN extension advertises only protocols that -the server does not support (see RFC 7301). -.It \(dqUK\(dq/\(dqunknown\(dq -This indicates that no description is available for this alert type. -Probably -.Fa value -does not contain a correct alert message. -.El -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_set_info_callback 3 -.Sh HISTORY -These functions first appeared in SSLeay 0.8.0 -and have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_clear.3 b/src/lib/libssl/man/SSL_clear.3 deleted file mode 100644 index 809c3b20f4..0000000000 --- a/src/lib/libssl/man/SSL_clear.3 +++ /dev/null @@ -1,144 +0,0 @@ -.\" $OpenBSD: SSL_clear.3,v 1.5 2021/06/11 19:41:39 jmc Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2001, 2002, 2011, 2015 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 11 2021 $ -.Dt SSL_CLEAR 3 -.Os -.Sh NAME -.Nm SSL_clear -.Nd reset SSL object to allow another connection -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_clear "SSL *ssl" -.Sh DESCRIPTION -Reset -.Fa ssl -to allow another connection. -All settings (method, ciphers, BIOs) are kept. -.Pp -.Fn SSL_clear -is used to prepare an -.Vt SSL -object for a new connection. -While all settings are kept, -a side effect is the handling of the current SSL session. -If a session is still -.Em open , -it is considered bad and will be removed from the session cache, -as required by RFC 2246. -A session is considered open if -.Xr SSL_shutdown 3 -was not called for the connection or at least -.Xr SSL_set_shutdown 3 -was used to -set the -.Dv SSL_SENT_SHUTDOWN -state. -.Pp -If a session was closed cleanly, -the session object will be kept and all settings corresponding. -This explicitly means that for example the special method used during the -session will be kept for the next handshake. -So if the session was a TLSv1 session, a -.Vt SSL -client object will use a TLSv1 client method for the next handshake and a -.Vt SSL -server object will use a TLSv1 server method, even if -.Fn TLS_*_method Ns s -were chosen on startup. -This might lead to connection failures (see -.Xr SSL_new 3 ) -for a description of the method's properties. -.Sh RETURN VALUES -The following return values can occur: -.Bl -tag -width Ds -.It 0 -The -.Fn SSL_clear -operation could not be performed. -Check the error stack to find out the reason. -.It 1 -The -.Fn SSL_clear -operation was successful. -.El -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_set_client_cert_cb 3 , -.Xr SSL_CTX_set_options 3 , -.Xr SSL_free 3 , -.Xr SSL_new 3 , -.Xr SSL_set_shutdown 3 , -.Xr SSL_shutdown 3 -.Sh HISTORY -.Fn SSL_clear -first appeared in SSLeay 0.4.5b and has been available since -.Ox 2.4 . -.Sh CAVEATS -.Fn SSL_clear -resets the -.Vt SSL -object to allow for another connection. -The reset operation however keeps several settings of the last sessions -(some of these settings were made automatically during the last handshake). -It only makes sense for a new connection with the exact same peer that shares -these settings, -and may fail if that peer changes its settings between connections. -Use the sequence -.Xr SSL_get_session 3 ; -.Xr SSL_new 3 ; -.Xr SSL_set_session 3 ; -.Xr SSL_free 3 -instead to avoid such failures (or simply -.Xr SSL_free 3 ; -.Xr SSL_new 3 -if session reuse is not desired). diff --git a/src/lib/libssl/man/SSL_connect.3 b/src/lib/libssl/man/SSL_connect.3 deleted file mode 100644 index d5b962a480..0000000000 --- a/src/lib/libssl/man/SSL_connect.3 +++ /dev/null @@ -1,154 +0,0 @@ -.\" $OpenBSD: SSL_connect.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2001, 2002, 2003 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_CONNECT 3 -.Os -.Sh NAME -.Nm SSL_connect -.Nd initiate the TLS/SSL handshake with a TLS/SSL server -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_connect "SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_connect -initiates the TLS/SSL handshake with a server. -The communication channel must already have been set and assigned to the -.Fa ssl -by setting an underlying -.Vt BIO . -.Pp -The behaviour of -.Fn SSL_connect -depends on the underlying -.Vt BIO . -.Pp -If the underlying -.Vt BIO -is -.Em blocking , -.Fn SSL_connect -will only return once the handshake has been finished or an error occurred. -.Pp -If the underlying -.Vt BIO -is -.Em non-blocking , -.Fn SSL_connect -will also return when the underlying -.Vt BIO -could not satisfy the needs of -.Fn SSL_connect -to continue the handshake, indicating the problem with the return value \(mi1. -In this case a call to -.Xr SSL_get_error 3 -with the return value of -.Fn SSL_connect -will yield -.Dv SSL_ERROR_WANT_READ -or -.Dv SSL_ERROR_WANT_WRITE . -The calling process then must repeat the call after taking appropriate action -to satisfy the needs of -.Fn SSL_connect . -The action depends on the underlying -.Vt BIO . -When using a non-blocking socket, nothing is to be done, but -.Xr select 2 -can be used to check for the required condition. -When using a buffering -.Vt BIO , -like a -.Vt BIO -pair, data must be written into or retrieved out of the -.Vt BIO -before being able to continue. -.Sh RETURN VALUES -The following return values can occur: -.Bl -tag -width Ds -.It 0 -The TLS/SSL handshake was not successful but was shut down controlled and -by the specifications of the TLS/SSL protocol. -Call -.Xr SSL_get_error 3 -with the return value -.Fa ret -to find out the reason. -.It 1 -The TLS/SSL handshake was successfully completed, -and a TLS/SSL connection has been established. -.It <0 -The TLS/SSL handshake was not successful, because either a fatal error occurred -at the protocol level or a connection failure occurred. -The shutdown was not clean. -It can also occur if action is needed to continue the operation for -non-blocking -.Vt BIO Ns s . -Call -.Xr SSL_get_error 3 -with the return value -.Fa ret -to find out the reason. -.El -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr ssl 3 , -.Xr SSL_accept 3 , -.Xr SSL_CTX_new 3 , -.Xr SSL_do_handshake 3 , -.Xr SSL_get_error 3 , -.Xr SSL_set_connect_state 3 , -.Xr SSL_shutdown 3 -.Sh HISTORY -.Fn SSL_connect -appeared in SSLeay 0.4 or earlier and has been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_copy_session_id.3 b/src/lib/libssl/man/SSL_copy_session_id.3 deleted file mode 100644 index a7a7a8aa99..0000000000 --- a/src/lib/libssl/man/SSL_copy_session_id.3 +++ /dev/null @@ -1,79 +0,0 @@ -.\" $OpenBSD: SSL_copy_session_id.3,v 1.7 2019/06/12 09:36:30 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 12 2019 $ -.Dt SSL_COPY_SESSION_ID 3 -.Os -.Sh NAME -.Nm SSL_copy_session_id -.Nd copy session details between SSL objects -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fo SSL_copy_session_id -.Fa "SSL *to" -.Fa "const SSL *from" -.Fc -.Sh DESCRIPTION -.Fn SSL_copy_session_id -copies the following data from -.Fa from -to -.Fa to : -.Bl -dash -.It -the pointer to the -.Vt SSL_SESSION -object, incrementing its reference count by 1 -.It -the pointer to the -.Vt SSL_METHOD -object; if that changes the method, protocol-specific data is -reinitialized -.It -the pointer to the -.Vt CERT -object, incrementing its reference count by 1 -.It -the session ID context -.El -.Pp -This function is used internally by -.Xr SSL_dup 3 -and by -.Xr BIO_ssl_copy_session_id 3 . -.Sh RETURN VALUES -.Fn SSL_copy_session_id -returns 1 on success and 0 on error. -.Sh SEE ALSO -.Xr BIO_ssl_copy_session_id 3 , -.Xr ssl 3 , -.Xr SSL_dup 3 , -.Xr SSL_get_session 3 , -.Xr SSL_SESSION_get_id 3 , -.Xr SSL_SESSION_new 3 , -.Xr SSL_set_session 3 , -.Xr SSL_set_session_id_context 3 -.Sh HISTORY -.Fn SSL_copy_session_id -appeared in SSLeay 0.4 or earlier and has been available since -.Ox 2.4 . -.Sh BUGS -Failures of -.Xr CRYPTO_add 3 -are silently ignored and may leave -.Fa to -in an invalid or inconsistent state. diff --git a/src/lib/libssl/man/SSL_do_handshake.3 b/src/lib/libssl/man/SSL_do_handshake.3 deleted file mode 100644 index e9327b4229..0000000000 --- a/src/lib/libssl/man/SSL_do_handshake.3 +++ /dev/null @@ -1,152 +0,0 @@ -.\" $OpenBSD: SSL_do_handshake.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Martin Sjoegren . -.\" Copyright (c) 2002 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_DO_HANDSHAKE 3 -.Os -.Sh NAME -.Nm SSL_do_handshake -.Nd perform a TLS/SSL handshake -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_do_handshake "SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_do_handshake -will wait for a SSL/TLS handshake to take place. -If the connection is in client mode, the handshake will be started. -The handshake routines may have to be explicitly set in advance using either -.Xr SSL_set_connect_state 3 -or -.Xr SSL_set_accept_state 3 . -.Pp -The behaviour of -.Fn SSL_do_handshake -depends on the underlying -.Vt BIO . -.Pp -If the underlying -.Vt BIO -is -.Em blocking , -.Fn SSL_do_handshake -will only return once the handshake has been finished or an error occurred. -.Pp -If the underlying -.Vt BIO -is -.Em non-blocking , -.Fn SSL_do_handshake -will also return when the underlying -.Vt BIO -could not satisfy the needs of -.Fn SSL_do_handshake -to continue the handshake. -In this case a call to -.Xr SSL_get_error 3 -with the return value of -.Fn SSL_do_handshake -will yield -.Dv SSL_ERROR_WANT_READ -or -.Dv SSL_ERROR_WANT_WRITE . -The calling process then must repeat the call after taking appropriate action -to satisfy the needs of -.Fn SSL_do_handshake . -The action depends on the underlying -.Vt BIO . -When using a non-blocking socket, nothing is to be done, but -.Xr select 2 -can be used to check for the required condition. -When using a buffering -.Vt BIO , -like a -.Vt BIO -pair, data must be written into or retrieved out of the -.Vt BIO -before being able to continue. -.Sh RETURN VALUES -The following return values can occur: -.Bl -tag -width Ds -.It 0 -The TLS/SSL handshake was not successful but was shut down controlled and -by the specifications of the TLS/SSL protocol. -Call -.Xr SSL_get_error 3 -with the return value -.Fa ret -to find out the reason. -.It 1 -The TLS/SSL handshake was successfully completed, -and a TLS/SSL connection has been established. -.It <0 -The TLS/SSL handshake was not successful because either a fatal error occurred -at the protocol level or a connection failure occurred. -The shutdown was not clean. -It can also occur if action is needed to continue the operation for -non-blocking -.Vt BIO Ns s . -Call -.Xr SSL_get_error 3 -with the return value -.Fa ret -to find out the reason. -.El -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr ssl 3 , -.Xr SSL_accept 3 , -.Xr SSL_connect 3 , -.Xr SSL_get_error 3 , -.Xr SSL_set_connect_state 3 -.Sh HISTORY -.Fn SSL_do_handshake -first appeared in SSLeay 0.8.0 and has been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_dup.3 b/src/lib/libssl/man/SSL_dup.3 deleted file mode 100644 index a83440b431..0000000000 --- a/src/lib/libssl/man/SSL_dup.3 +++ /dev/null @@ -1,62 +0,0 @@ -.\" $OpenBSD: SSL_dup.3,v 1.5 2022/07/13 22:05:53 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 13 2022 $ -.Dt SSL_DUP 3 -.Os -.Sh NAME -.Nm SSL_dup -.Nd deep copy of an SSL object -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft SSL * -.Fo SSL_dup -.Fa "SSL *ssl" -.Fc -.Sh DESCRIPTION -.Fn SSL_dup -constructs a new -.Vt SSL -object in the same context as -.Fa ssl -and copies much of the contained data from -.Fa ssl -to the new -.Vt SSL -object, but many fields, for example tlsext data, are not copied. -.Pp -As an exception from deep copying, if a session is already established, -the new object shares -.Fa ssl->cert -with the original object. -.Sh RETURN VALUES -.Fn SSL_dup -returns the new -.Vt SSL -object or -.Dv NULL -on failure. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_clear 3 , -.Xr SSL_copy_session_id 3 , -.Xr SSL_free 3 , -.Xr SSL_new 3 , -.Xr SSL_set_security_level 3 -.Sh HISTORY -.Fn SSL_dup -first appeared in SSLeay 0.8.0 and has been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_dup_CA_list.3 b/src/lib/libssl/man/SSL_dup_CA_list.3 deleted file mode 100644 index d073b07176..0000000000 --- a/src/lib/libssl/man/SSL_dup_CA_list.3 +++ /dev/null @@ -1,54 +0,0 @@ -.\" $OpenBSD: SSL_dup_CA_list.3,v 1.6 2019/06/12 09:36:30 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 12 2019 $ -.Dt SSL_DUP_CA_LIST 3 -.Os -.Sh NAME -.Nm SSL_dup_CA_list -.Nd deep copy of a stack of X.509 Name objects -.\" The capital "N" in "Name" is intentional (X.509 syntax). -.Sh SYNOPSIS -.Ft STACK_OF(X509_NAME) * -.Fo SSL_dup_CA_list -.Fa "const STACK_OF(X509_NAME) *sk" -.Fc -.Sh DESCRIPTION -.Fn SSL_dup_CA_list -constructs a new -.Vt STACK_OF(X509_NAME) -object and places copies of all the -.Vt X509_NAME -objects found on -.Fa sk -on it. -.Sh RETURN VALUES -.Fn SSL_dup_CA_list -returns the new -.Vt STACK_OF(X509_NAME) -or -.Dv NULL -on failure. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_set_client_CA_list 3 , -.Xr SSL_get_client_CA_list 3 , -.Xr SSL_load_client_CA_file 3 , -.Xr X509_NAME_new 3 -.Sh HISTORY -.Fn SSL_dup_CA_list -first appeared in SSLeay 0.8.0 and has been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_export_keying_material.3 b/src/lib/libssl/man/SSL_export_keying_material.3 deleted file mode 100644 index e32a5c5d61..0000000000 --- a/src/lib/libssl/man/SSL_export_keying_material.3 +++ /dev/null @@ -1,133 +0,0 @@ -.\" $OpenBSD: SSL_export_keying_material.3,v 1.3 2019/06/12 09:36:30 schwarze Exp $ -.\" OpenSSL a599574b Jun 28 17:18:27 2017 +0100 -.\" OpenSSL 23cec1f4 Jun 21 13:55:02 2017 +0100 -.\" -.\" This file was written by Matt Caswell . -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 12 2019 $ -.Dt SSL_EXPORT_KEYING_MATERIAL 3 -.Os -.Sh NAME -.Nm SSL_export_keying_material -.Nd obtain keying material for application use -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fo SSL_export_keying_material -.Fa "SSL *s" -.Fa "unsigned char *out" -.Fa "size_t olen" -.Fa "const char *label" -.Fa "size_t llen" -.Fa "const unsigned char *context" -.Fa "size_t contextlen" -.Fa "int use_context" -.Fc -.Sh DESCRIPTION -During the creation of a TLS or DTLS connection, -shared keying material is established between the two endpoints. -The function -.Fn SSL_export_keying_material -enables an application to use some of this keying material -for its own purposes in accordance with RFC 5705. -.Pp -An application may need to securely establish the context -within which this keying material will be used. -For example, this may include identifiers for the application session, -application algorithms or parameters, or the lifetime of the context. -The context value is left to the application but must be the same on -both sides of the communication. -.Pp -For a given SSL connection -.Fa s , -.Fa olen -bytes of data will be written to -.Fa out . -The application specific context should be supplied -in the location pointed to by -.Fa context -and should be -.Fa contextlen -bytes long. -Provision of a context is optional. -If the context should be omitted entirely, then -.Fa use_context -should be set to 0. -Otherwise it should be any other value. -If -.Fa use_context -is 0, then the values of -.Fa context -and -.Fa contextlen -are ignored. -.Pp -In TLSv1.2 and below, a zero length context is treated differently -from no context at all, and will result in different keying material -being returned. -.Pp -An application specific label should be provided in the location pointed -to by -.Fa label -and should be -.Fa llen -bytes long. -Typically this will be a value from the -.Lk https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels "IANA Exporter Label Registry" . -.Pp -Alternatively, labels beginning with "EXPERIMENTAL" are permitted by the -standard to be used without registration. -.Sh RETURN VALUES -.Fn SSL_export_keying_material -returns 1 on success or 0 or -1 on failure. -.Sh SEE ALSO -.Xr ssl 3 -.Sh HISTORY -.Fn SSL_export_keying_material -first appeared in OpenSSL 1.0.1 and has been available since -.Ox 5.3 . diff --git a/src/lib/libssl/man/SSL_free.3 b/src/lib/libssl/man/SSL_free.3 deleted file mode 100644 index c713ded121..0000000000 --- a/src/lib/libssl/man/SSL_free.3 +++ /dev/null @@ -1,115 +0,0 @@ -.\" $OpenBSD: SSL_free.3,v 1.6 2021/06/11 19:41:39 jmc Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2001 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 11 2021 $ -.Dt SSL_FREE 3 -.Os -.Sh NAME -.Nm SSL_free -.Nd free an allocated SSL structure -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft void -.Fn SSL_free "SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_free -decrements the reference count of -.Fa ssl , -and removes the -.Vt SSL -structure pointed to by -.Fa ssl -and frees up the allocated memory if the reference count has reached 0. -If -.Fa ssl -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn SSL_free -also calls the -.Xr free 3 Ns -ing procedures for indirectly affected items, if applicable: the buffering -.Vt BIO , -the read and write -.Vt BIOs , -cipher lists specially created for this -.Fa ssl , -the -.Sy SSL_SESSION . -Do not explicitly free these indirectly freed up items before or after calling -.Fn SSL_free , -as trying to free things twice may lead to program failure. -.Pp -The -.Fa ssl -session has reference counts from two users: the -.Vt SSL -object, for which the reference count is removed by -.Fn SSL_free -and the internal session cache. -If the session is considered bad, because -.Xr SSL_shutdown 3 -was not called for the connection and -.Xr SSL_set_shutdown 3 -was not used to set the -.Vt SSL_SENT_SHUTDOWN -state, the session will also be removed from the session cache as required by -RFC 2246. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_clear 3 , -.Xr SSL_new 3 , -.Xr SSL_set_shutdown 3 , -.Xr SSL_shutdown 3 -.Sh HISTORY -.Fn SSL_free -appeared in SSLeay 0.4 or earlier and has been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_SSL_CTX.3 b/src/lib/libssl/man/SSL_get_SSL_CTX.3 deleted file mode 100644 index 60fda555bc..0000000000 --- a/src/lib/libssl/man/SSL_get_SSL_CTX.3 +++ /dev/null @@ -1,79 +0,0 @@ -.\" $OpenBSD: SSL_get_SSL_CTX.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001, 2005 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_GET_SSL_CTX 3 -.Os -.Sh NAME -.Nm SSL_get_SSL_CTX -.Nd get the SSL_CTX from which an SSL is created -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft SSL_CTX * -.Fn SSL_get_SSL_CTX "const SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_get_SSL_CTX -returns a pointer to the -.Vt SSL_CTX -object from which -.Fa ssl -was created with -.Xr SSL_new 3 . -.Sh RETURN VALUES -The pointer to the -.Vt SSL_CTX -object is returned. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_new 3 -.Sh HISTORY -.Fn SSL_get_SSL_CTX -first appeared in SSLeay 0.5.1 and has been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_certificate.3 b/src/lib/libssl/man/SSL_get_certificate.3 deleted file mode 100644 index eb53ea49bf..0000000000 --- a/src/lib/libssl/man/SSL_get_certificate.3 +++ /dev/null @@ -1,64 +0,0 @@ -.\" $OpenBSD: SSL_get_certificate.3,v 1.5 2019/06/12 09:36:30 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 12 2019 $ -.Dt SSL_GET_CERTIFICATE 3 -.Os -.Sh NAME -.Nm SSL_get_certificate , -.Nm SSL_get_privatekey -.Nd get SSL certificate and private key -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft X509 * -.Fo SSL_get_certificate -.Fa "const SSL *ssl" -.Fc -.Ft EVP_PKEY * -.Fo SSL_get_privatekey -.Fa "const SSL *ssl" -.Fc -.Sh DESCRIPTION -These functions retrieve certificate and key data from an -.Vt SSL -object. -They return internal pointers that must not be freed by the application -program. -.Sh RETURN VALUES -.Fn SSL_get_certificate -returns the active X.509 certificate currently used by -.Fa ssl -or -.Dv NULL -if none is active. -.Pp -.Fn SSL_get_privatekey -returns the active private key currently used by -.Fa ssl -or -.Dv NULL -if none is active. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_check_private_key 3 , -.Xr SSL_use_certificate 3 -.Sh HISTORY -.Fn SSL_get_certificate -first appeared in SSLeay 0.5.2a. -.Fn SSL_get_privatekey -first appeared in SSLeay 0.8.0. -Both functions have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_ciphers.3 b/src/lib/libssl/man/SSL_get_ciphers.3 deleted file mode 100644 index 8030f0bbb1..0000000000 --- a/src/lib/libssl/man/SSL_get_ciphers.3 +++ /dev/null @@ -1,249 +0,0 @@ -.\" $OpenBSD: SSL_get_ciphers.3,v 1.11 2020/09/16 07:25:15 schwarze Exp $ -.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" selective merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Lutz Jaenicke , -.\" Nick Mathewson , Kurt Roeckx , -.\" Kazuki Yamaguchi , and Benjamin Kaduk . -.\" Copyright (c) 2000, 2005, 2015, 2016, 2017 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: September 16 2020 $ -.Dt SSL_GET_CIPHERS 3 -.Os -.Sh NAME -.Nm SSL_get_ciphers , -.Nm SSL_CTX_get_ciphers , -.Nm SSL_get1_supported_ciphers , -.Nm SSL_get_client_ciphers , -.Nm SSL_get_cipher_list -.Nd get lists of available SSL_CIPHERs -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft STACK_OF(SSL_CIPHER) * -.Fn SSL_get_ciphers "const SSL *ssl" -.Ft STACK_OF(SSL_CIPHER) * -.Fn SSL_CTX_get_ciphers "const SSL_CTX *ctx" -.Ft STACK_OF(SSL_CIPHER) * -.Fn SSL_get1_supported_ciphers "SSL *ssl" -.Ft STACK_OF(SSL_CIPHER) * -.Fn SSL_get_client_ciphers "const SSL *ssl" -.Ft const char * -.Fn SSL_get_cipher_list "const SSL *ssl" "int priority" -.Sh DESCRIPTION -.Fn SSL_get_ciphers -returns the stack of available -.Vt SSL_CIPHER Ns s -for -.Fa ssl , -sorted by preference. -.Pp -.Fn SSL_CTX_get_ciphers -returns the stack of available -.Vt SSL_CIPHER Ns s -for -.Fa ctx . -.Pp -.Fn SSL_get1_supported_ciphers -returns a stack of enabled -.Vt SSL_CIPHER Ns s -for -.Fa ssl -as it would be sent in a ClientHello, sorted by preference. -The list depends on settings like the cipher list, the supported -protocol versions, the security level, and the enabled signature -algorithms. -The list of ciphers that would be sent in a ClientHello can differ -from the list of ciphers that would be acceptable when acting as a -server. -For example, -additional ciphers may be usable by a server if there is a gap in the -list of supported protocols, and some ciphers may not be usable by a -server if there is not a suitable certificate configured. -.Pp -.Fn SSL_get_client_ciphers -returns the stack of available -.Vt SSL_CIPHER Ns s -matching the list received from the client on -.Fa ssl . -.Pp -The details of the ciphers obtained by -.Fn SSL_get_ciphers , -.Fn SSL_CTX_get_ciphers , -.Fn SSL_get1_supported_ciphers , -and -.Fn SSL_get_client_ciphers -can be obtained using the -.Xr SSL_CIPHER_get_name 3 -family of functions. -.Pp -.Fn SSL_get_cipher_list -is deprecated \(em use -.Fn SSL_get_ciphers -instead \(em and badly misnamed; it does not return a list -but the name of one element of the return value of -.Fn SSL_get_ciphers , -with the index given by the -.Fa priority -argument. -Passing 0 selects the cipher with the highest priority. -To iterate over all available ciphers in decreasing priority, -repeatedly increment the argument by 1 until -.Dv NULL -is returned. -.Sh RETURN VALUES -.Fn SSL_get_ciphers -returns an internal pointer to a list of ciphers or -.Dv NULL -if -.Fa ssl -is -.Dv NULL -or if no ciphers are available. -The returned pointer may not only become invalid when -.Fa ssl -is destroyed or when -.Xr SSL_set_cipher_list 3 -is called on it, but also when the -.Vt SSL_CTX -object in use by -.Fa ssl -at the time of the call is freed or when -.Xr SSL_CTX_set_cipher_list 3 -is called on that context object. -.Pp -.Fn SSL_CTX_get_ciphers -returns an internal pointer to a list of ciphers or -.Dv NULL -if -.Fa ctx -is -.Dv NULL -or if no ciphers are available. -The returned pointer becomes invalid when -.Fa ctx -is destroyed or when -.Xr SSL_CTX_set_cipher_list 3 -is called on it. -.Pp -.Fn SSL_get1_supported_ciphers -returns a newly allocated list of ciphers or -.Dv NULL -if -.Fa ssl -is -.Dv NULL , -if no ciphers are available, or if an error occurs. -When the returned pointer is no longer needed, the caller is -responsible for freeing it using -.Fn sk_SSL_CIPHER_free . -.Pp -.Fn SSL_get_client_ciphers -returns an internal pointer to a list of ciphers or -.Dv NULL -if -.Fa ssl -is -.Dv NULL , -has no active session, -or is not operating in server mode. -The returned pointer becomes invalid when the -.Vt SSL_SESSION -object is destroyed, even if the -.Fa ssl -object remains valid. -It may also become invalid in other circumstances, -for example when processing a new ClientHello. -.Pp -.Fn SSL_get_cipher_list -returns an internal pointer to a string or -.Dv NULL -if -.Fa ssl -is -.Dv NULL , -if no ciphers are available, or if -.Fa priority -is greater than or equal to the number of available ciphers. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CIPHER_get_name 3 , -.Xr SSL_CTX_set_cipher_list 3 -.Sh HISTORY -.Fn SSL_get_cipher_list -first appeared in SSLeay 0.5.2. -.Fn SSL_get_ciphers -first appeared in SSLeay 0.8.0. -Both functions have been available since -.Ox 2.4 . -.Pp -.Fn SSL_CTX_get_ciphers -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . -.Pp -.Fn SSL_get1_supported_ciphers -and -.Fn SSL_get_client_ciphers -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.5 . diff --git a/src/lib/libssl/man/SSL_get_client_CA_list.3 b/src/lib/libssl/man/SSL_get_client_CA_list.3 deleted file mode 100644 index e80e5cb6f5..0000000000 --- a/src/lib/libssl/man/SSL_get_client_CA_list.3 +++ /dev/null @@ -1,96 +0,0 @@ -.\" $OpenBSD: SSL_get_client_CA_list.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2001, 2002, 2005 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_GET_CLIENT_CA_LIST 3 -.Os -.Sh NAME -.Nm SSL_get_client_CA_list , -.Nm SSL_CTX_get_client_CA_list -.Nd get list of client CAs -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft STACK_OF(X509_NAME) * -.Fn SSL_get_client_CA_list "const SSL *s" -.Ft STACK_OF(X509_NAME) * -.Fn SSL_CTX_get_client_CA_list "const SSL_CTX *ctx" -.Sh DESCRIPTION -.Fn SSL_CTX_get_client_CA_list -returns the list of client CAs explicitly set for -.Fa ctx -using -.Xr SSL_CTX_set_client_CA_list 3 . -.Pp -.Fn SSL_get_client_CA_list -returns the list of client CAs explicitly set for -.Fa ssl -using -.Fn SSL_set_client_CA_list -or -.Fa ssl Ns 's -.Vt SSL_CTX -object with -.Xr SSL_CTX_set_client_CA_list 3 , -when in server mode. -In client mode, -.Fn SSL_get_client_CA_list -returns the list of client CAs sent from the server, if any. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_set_client_CA_list 3 , -.Xr SSL_CTX_set_client_cert_cb 3 , -.Xr X509_NAME_new 3 -.Sh HISTORY -.Fn SSL_get_client_CA_list -and -.Fn SSL_CTX_get_client_CA_list -first appeared in SSLeay 0.8.0 and have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_client_random.3 b/src/lib/libssl/man/SSL_get_client_random.3 deleted file mode 100644 index eda74db355..0000000000 --- a/src/lib/libssl/man/SSL_get_client_random.3 +++ /dev/null @@ -1,150 +0,0 @@ -.\" $OpenBSD: SSL_get_client_random.3,v 1.2 2018/03/24 00:55:37 schwarze Exp $ -.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 -.\" -.\" This file was written by Nick Mathewson -.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 24 2018 $ -.Dt SSL_GET_CLIENT_RANDOM 3 -.Os -.Sh NAME -.Nm SSL_get_client_random , -.Nm SSL_get_server_random , -.Nm SSL_SESSION_get_master_key -.Nd get internal TLS handshake random values and master key -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft size_t -.Fo SSL_get_client_random -.Fa "const SSL *ssl" -.Fa "unsigned char *out" -.Fa "size_t outlen" -.Fc -.Ft size_t -.Fo SSL_get_server_random -.Fa "const SSL *ssl" -.Fa "unsigned char *out" -.Fa "size_t outlen" -.Fc -.Ft size_t -.Fo SSL_SESSION_get_master_key -.Fa "const SSL_SESSION *session" -.Fa "unsigned char *out" -.Fa "size_t outlen" -.Fc -.Sh DESCRIPTION -.Fn SSL_get_client_random -extracts the random value that was sent from the client to the server -during the initial TLS handshake. -It copies at most -.Fa outlen -bytes of this value into the buffer -.Fa out . -If -.Fa outlen -is zero, nothing is copied. -.Pp -.Fn SSL_get_server_random -behaves the same, but extracts the random value that was sent -from the server to the client during the initial TLS handshake. -.Pp -.Fn SSL_SESSION_get_master_key -behaves the same, but extracts the master secret used to guarantee the -security of the TLS session. -The security of the TLS session depends on keeping the master key -secret: do not expose it, or any information about it, to anybody. -To calculate another secret value that depends on the master secret, -use -.Xr SSL_export_keying_material 3 -instead. -.Pp -All these functions expose internal values from the TLS handshake, -for use in low-level protocols. -Avoid using them unless implementing a feature -that requires access to the internal protocol details. -.Pp -Despite the names of -.Fn SSL_get_client_random -and -.Fn SSL_get_server_random , -they are not random number generators. -Instead, they return the mostly-random values that were already -generated and used in the TLS protocol. -.Pp -In current versions of the TLS protocols, -the length of client_random and server_random is always -.Dv SSL3_RANDOM_SIZE -bytes. -Support for other -.Fa outlen -arguments is provided for the unlikely event that a future -version or variant of TLS uses some other length. -.Pp -Finally, though the client_random and server_random values are called -.Dq random , -many TLS implementations generate four bytes of those values -based on their view of the current time. -.Sh RETURN VALUES -If -.Fa outlen -is greater than 0, these functions return the number of bytes -actually copied, which is less than or equal to -.Fa outlen . -If -.Fa outlen -is 0, these functions return the maximum number of bytes they would -copy \(em that is, the length of the underlying field. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_export_keying_material 3 , -.Xr SSL_SESSION_get_id 3 , -.Xr SSL_SESSION_get_time 3 , -.Xr SSL_SESSION_new 3 -.Sh HISTORY -These functions first appeared in OpenSSL 1.1.0 -and have been available since -.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_get_current_cipher.3 b/src/lib/libssl/man/SSL_get_current_cipher.3 deleted file mode 100644 index 6b951d03ca..0000000000 --- a/src/lib/libssl/man/SSL_get_current_cipher.3 +++ /dev/null @@ -1,122 +0,0 @@ -.\" $OpenBSD: SSL_get_current_cipher.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2005, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_GET_CURRENT_CIPHER 3 -.Os -.Sh NAME -.Nm SSL_get_current_cipher , -.Nm SSL_get_cipher , -.Nm SSL_get_cipher_name , -.Nm SSL_get_cipher_bits , -.Nm SSL_get_cipher_version -.Nd get SSL_CIPHER of a connection -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft const SSL_CIPHER * -.Fn SSL_get_current_cipher "const SSL *ssl" -.Ft const char * -.Fn SSL_get_cipher "const SSL *ssl" -.Ft const char * -.Fn SSL_get_cipher_name "const SSL *ssl" -.Ft int -.Fn SSL_get_cipher_bits "const SSL *ssl" "int *np" -.Ft char * -.Fn SSL_get_cipher_version "const SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_get_current_cipher -returns a pointer to an -.Vt SSL_CIPHER -object containing the description of the actually used cipher of a connection -established with the -.Fa ssl -object. -See -.Xr SSL_CIPHER_get_name 3 -for more details. -.Pp -.Fn SSL_get_cipher_name -obtains the name of the currently used cipher. -.Fn SSL_get_cipher -is identical to -.Fn SSL_get_cipher_name . -.Pp -.Fn SSL_get_cipher_bits -obtains the number of secret/algorithm bits used and -.Fn SSL_get_cipher_version -returns the protocol name. -.Pp -.Fn SSL_get_cipher , -.Fn SSL_get_cipher_name , -.Fn SSL_get_cipher_bits , -and -.Fn SSL_get_cipher_version -are implemented as macros. -.Sh RETURN VALUES -.Fn SSL_get_current_cipher -returns the cipher actually used, or -.Dv NULL -if no session has been established. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CIPHER_get_name 3 -.Sh HISTORY -.Fn SSL_get_cipher -appeared in SSLeay 0.4 or earlier. -.Fn SSL_get_cipher_bits -first appeared in SSLeay 0.6.4. -.Fn SSL_get_cipher_name -and -.Fn SSL_get_cipher_version -first appeared in SSLeay 0.8.0. -.Fn SSL_get_current_cipher -first appeared in SSLeay 0.8.1. -These functions have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_default_timeout.3 b/src/lib/libssl/man/SSL_get_default_timeout.3 deleted file mode 100644 index 47737d8ee0..0000000000 --- a/src/lib/libssl/man/SSL_get_default_timeout.3 +++ /dev/null @@ -1,85 +0,0 @@ -.\" $OpenBSD: SSL_get_default_timeout.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001, 2005 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_GET_DEFAULT_TIMEOUT 3 -.Os -.Sh NAME -.Nm SSL_get_default_timeout -.Nd get default session timeout value -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft long -.Fn SSL_get_default_timeout "const SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_get_default_timeout -returns the default timeout value assigned to -.Vt SSL_SESSION -objects negotiated for the protocol valid for -.Fa ssl . -.Pp -Whenever a new session is negotiated, it is assigned a timeout value, -after which it will not be accepted for session reuse. -If the timeout value was not explicitly set using -.Xr SSL_CTX_set_timeout 3 , -the hardcoded default timeout for the protocol will be used. -.Pp -.Fn SSL_get_default_timeout -return this hardcoded value, which is 300 seconds for all currently supported -protocols (SSLv2, SSLv3, and TLSv1). -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_flush_sessions 3 , -.Xr SSL_CTX_set_session_cache_mode 3 , -.Xr SSL_SESSION_get_time 3 -.Sh HISTORY -.Fn SSL_get_default_timeout -first appeared in SSLeay 0.8.0 and has been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_error.3 b/src/lib/libssl/man/SSL_get_error.3 deleted file mode 100644 index 5d325b3f56..0000000000 --- a/src/lib/libssl/man/SSL_get_error.3 +++ /dev/null @@ -1,217 +0,0 @@ -.\" $OpenBSD: SSL_get_error.3,v 1.5 2018/04/29 07:37:01 guenther Exp $ -.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 -.\" -.\" This file was written by Bodo Moeller . -.\" Copyright (c) 2000, 2001, 2002, 2005 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: April 29 2018 $ -.Dt SSL_GET_ERROR 3 -.Os -.Sh NAME -.Nm SSL_get_error -.Nd obtain result code for TLS/SSL I/O operation -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_get_error "const SSL *ssl" "int ret" -.Sh DESCRIPTION -.Fn SSL_get_error -returns a result code (suitable for the C -.Dq switch -statement) for a preceding call to -.Xr SSL_connect 3 , -.Xr SSL_accept 3 , -.Xr SSL_do_handshake 3 , -.Xr SSL_read 3 , -.Xr SSL_peek 3 , -or -.Xr SSL_write 3 -on -.Fa ssl . -The value returned by that TLS/SSL I/O function must be passed to -.Fn SSL_get_error -in parameter -.Fa ret . -.Pp -In addition to -.Fa ssl -and -.Fa ret , -.Fn SSL_get_error -inspects the current thread's OpenSSL error queue. -Thus, -.Fn SSL_get_error -must be used in the same thread that performed the TLS/SSL I/O operation, -and no other OpenSSL function calls should appear in between. -The current thread's error queue must be empty before the TLS/SSL I/O operation -is attempted, or -.Fn SSL_get_error -will not work reliably. -.Sh RETURN VALUES -The following return values can currently occur: -.Bl -tag -width Ds -.It Dv SSL_ERROR_NONE -The TLS/SSL I/O operation completed. -This result code is returned if and only if -.Fa ret -> 0. -.It Dv SSL_ERROR_ZERO_RETURN -The TLS/SSL connection has been closed. -If the protocol version is SSL 3.0 or TLS 1.0, this result code is returned -only if a closure alert has occurred in the protocol, i.e., if the connection -has been closed cleanly. -Note that in this case -.Dv SSL_ERROR_ZERO_RETURN -does not necessarily indicate that the underlying transport has been closed. -.It Dv SSL_ERROR_WANT_READ , Dv SSL_ERROR_WANT_WRITE -The operation did not complete; -the same TLS/SSL I/O function should be called again later. -If, by then, the underlying -.Vt BIO -has data available for reading (if the result code is -.Dv SSL_ERROR_WANT_READ ) -or allows writing data -.Pq Dv SSL_ERROR_WANT_WRITE , -then some TLS/SSL protocol progress will take place, -i.e., at least part of a TLS/SSL record will be read or written. -Note that the retry may again lead to a -.Dv SSL_ERROR_WANT_READ -or -.Dv SSL_ERROR_WANT_WRITE -condition. -There is no fixed upper limit for the number of iterations that may be -necessary until progress becomes visible at application protocol level. -.Pp -For socket -.Fa BIO Ns -s (e.g., when -.Fn SSL_set_fd -was used), -.Xr select 2 -or -.Xr poll 2 -on the underlying socket can be used to find out when the TLS/SSL I/O function -should be retried. -.Pp -Caveat: Any TLS/SSL I/O function can lead to either of -.Dv SSL_ERROR_WANT_READ -and -.Dv SSL_ERROR_WANT_WRITE . -In particular, -.Xr SSL_read 3 -or -.Xr SSL_peek 3 -may want to write data and -.Xr SSL_write 3 -may want -to read data. -This is mainly because TLS/SSL handshakes may occur at any time during the -protocol (initiated by either the client or the server); -.Xr SSL_read 3 , -.Xr SSL_peek 3 , -and -.Xr SSL_write 3 -will handle any pending handshakes. -.It Dv SSL_ERROR_WANT_CONNECT , Dv SSL_ERROR_WANT_ACCEPT -The operation did not complete; the same TLS/SSL I/O function should be -called again later. -The underlying BIO was not connected yet to the peer and the call would block -in -.Xr connect 2 Ns / Ns -.Xr accept 2 . -The SSL function should be -called again when the connection is established. -These messages can only appear with a -.Xr BIO_s_connect 3 -or -.Xr BIO_s_accept 3 -.Vt BIO , -respectively. -In order to find out when the connection has been successfully established, -on many platforms -.Xr select 2 -or -.Xr poll 2 -for writing on the socket file descriptor can be used. -.It Dv SSL_ERROR_WANT_X509_LOOKUP -The operation did not complete because an application callback set by -.Xr SSL_CTX_set_client_cert_cb 3 -has asked to be called again. -The TLS/SSL I/O function should be called again later. -Details depend on the application. -.It Dv SSL_ERROR_SYSCALL -Some I/O error occurred. -The OpenSSL error queue may contain more information on the error. -If the error queue is empty (i.e., -.Fn ERR_get_error -returns 0), -.Fa ret -can be used to find out more about the error: -If -.Fa ret -== 0, an -.Dv EOF -was observed that violates the protocol. -If -.Fa ret -== \(mi1, the underlying -.Vt BIO -reported an -I/O error (for socket I/O on Unix systems, consult -.Dv errno -for details). -.It Dv SSL_ERROR_SSL -A failure in the SSL library occurred, usually a protocol error. -The OpenSSL error queue contains more information on the error. -.El -.Sh SEE ALSO -.Xr err 3 , -.Xr ssl 3 -.Sh HISTORY -.Fn SSL_get_error -first appeared in SSLeay 0.8.0 and have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/src/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 deleted file mode 100644 index a249cda6ac..0000000000 --- a/src/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 +++ /dev/null @@ -1,116 +0,0 @@ -.\" $OpenBSD: SSL_get_ex_data_X509_STORE_CTX_idx.3,v 1.5 2022/02/06 00:29:02 jsg Exp $ -.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: February 6 2022 $ -.Dt SSL_GET_EX_DATA_X509_STORE_CTX_IDX 3 -.Os -.Sh NAME -.Nm SSL_get_ex_data_X509_STORE_CTX_idx -.Nd get ex_data index to access SSL structure from X509_STORE_CTX -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_get_ex_data_X509_STORE_CTX_idx void -.Sh DESCRIPTION -.Fn SSL_get_ex_data_X509_STORE_CTX_idx -returns the index number under which the pointer to the -.Vt SSL -object is stored into the -.Vt X509_STORE_CTX -object. -.Pp -Whenever a -.Vt X509_STORE_CTX -object is created for the verification of the peer's certificate during a -handshake, a pointer to the -.Vt SSL -object is stored into the -.Vt X509_STORE_CTX -object to identify the connection affected. -To retrieve this pointer the -.Xr X509_STORE_CTX_get_ex_data 3 -function can be used with the correct index. -This index is globally the same for all -.Vt X509_STORE_CTX -objects and can be retrieved using -.Fn SSL_get_ex_data_X509_STORE_CTX_idx . -The index value is set when -.Fn SSL_get_ex_data_X509_STORE_CTX_idx -is first called either by the application program directly or indirectly during -other SSL setup functions or during the handshake. -.Pp -The value depends on other index values defined for -.Vt X509_STORE_CTX -objects before the SSL index is created. -.Sh RETURN VALUES -.Bl -tag -width Ds -.It \(>=0 -The index value to access the pointer. -.It <0 -An error occurred, check the error stack for a detailed error message. -.El -.Sh EXAMPLES -The index returned from -.Fn SSL_get_ex_data_X509_STORE_CTX_idx -provides access to -.Vt SSL -object for the connection during the -.Fn verify_callback -when checking the peer's certificate. -Check the example in -.Xr SSL_CTX_set_verify 3 . -.Sh SEE ALSO -.Xr CRYPTO_set_ex_data 3 , -.Xr ssl 3 , -.Xr SSL_CTX_set_verify 3 -.Sh HISTORY -.Fn SSL_get_ex_data_X509_STORE_CTX_idx -first appeared in SSLeay 0.9.1 and has been available since -.Ox 2.6 . diff --git a/src/lib/libssl/man/SSL_get_ex_new_index.3 b/src/lib/libssl/man/SSL_get_ex_new_index.3 deleted file mode 100644 index cecd25fa44..0000000000 --- a/src/lib/libssl/man/SSL_get_ex_new_index.3 +++ /dev/null @@ -1,136 +0,0 @@ -.\" $OpenBSD: SSL_get_ex_new_index.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001, 2005 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_GET_EX_NEW_INDEX 3 -.Os -.Sh NAME -.Nm SSL_get_ex_new_index , -.Nm SSL_set_ex_data , -.Nm SSL_get_ex_data -.Nd internal application specific data functions -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fo SSL_get_ex_new_index -.Fa "long argl" -.Fa "void *argp" -.Fa "CRYPTO_EX_new *new_func" -.Fa "CRYPTO_EX_dup *dup_func" -.Fa "CRYPTO_EX_free *free_func" -.Fc -.Ft int -.Fn SSL_set_ex_data "SSL *ssl" "int idx" "void *arg" -.Ft void * -.Fn SSL_get_ex_data "const SSL *ssl" "int idx" -.Bd -literal -typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); -typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); -typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, - int idx, long argl, void *argp); -.Ed -.Sh DESCRIPTION -Several OpenSSL structures can have application specific data attached to them. -These functions are used internally by OpenSSL to manipulate application -specific data attached to a specific structure. -.Pp -.Fn SSL_get_ex_new_index -is used to register a new index for application specific data. -.Pp -.Fn SSL_set_ex_data -is used to store application data at -.Fa arg -for -.Fa idx -into the -.Fa ssl -object. -.Pp -.Fn SSL_get_ex_data -is used to retrieve the information for -.Fa idx -from -.Fa ssl . -.Pp -A detailed description for the -.Fn *_get_ex_new_index -functionality can be found in -.Xr RSA_get_ex_new_index 3 . -The -.Fn *_get_ex_data -and -.Fn *_set_ex_data -functionality is described in -.Xr CRYPTO_set_ex_data 3 . -.Sh EXAMPLES -An example of how to use the functionality is included in the example -.Fn verify_callback -in -.Xr SSL_CTX_set_verify 3 . -.Sh SEE ALSO -.Xr CRYPTO_set_ex_data 3 , -.Xr RSA_get_ex_new_index 3 , -.Xr ssl 3 , -.Xr SSL_CTX_set_verify 3 -.Sh HISTORY -Precursor functions -.Fn SSL_set_app_data -and -.Fn SSL_get_app_data -first appeared in SSLeay 0.6.1. -.Pp -.Fn SSL_get_ex_new_index , -.Fn SSL_set_ex_data , -and -.Fn SSL_get_ex_data -first appeared in SSLeay 0.9.0 and have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_fd.3 b/src/lib/libssl/man/SSL_get_fd.3 deleted file mode 100644 index 1e093424cb..0000000000 --- a/src/lib/libssl/man/SSL_get_fd.3 +++ /dev/null @@ -1,103 +0,0 @@ -.\" $OpenBSD: SSL_get_fd.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2005, 2013 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_GET_FD 3 -.Os -.Sh NAME -.Nm SSL_get_fd , -.Nm SSL_get_rfd , -.Nm SSL_get_wfd -.Nd get file descriptor linked to an SSL object -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_get_fd "const SSL *ssl" -.Ft int -.Fn SSL_get_rfd "const SSL *ssl" -.Ft int -.Fn SSL_get_wfd "const SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_get_fd -returns the file descriptor which is linked to -.Fa ssl . -.Fn SSL_get_rfd -and -.Fn SSL_get_wfd -return the file descriptors for the read or the write channel, -which can be different. -If the read and the write channel are different, -.Fn SSL_get_fd -will return the file descriptor of the read channel. -.Sh RETURN VALUES -The following return values can occur: -.Bl -tag -width Ds -.It \(mi1 -The operation failed, because the underlying -.Vt BIO -is not of the correct type (suitable for file descriptors). -.It \(>=0 -The file descriptor linked to -.Fa ssl . -.El -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr ssl 3 , -.Xr SSL_set_fd 3 -.Sh HISTORY -.Fn SSL_get_fd -appeared in SSLeay 0.4 or earlier and has been available since -.Ox 2.4 . -.Pp -.Fn SSL_get_rfd -and -.Fn SSL_get_wfd -first appeared in OpenSSL 0.9.6c and have been available since -.Ox 3.2 . diff --git a/src/lib/libssl/man/SSL_get_finished.3 b/src/lib/libssl/man/SSL_get_finished.3 deleted file mode 100644 index 3cfb655ea0..0000000000 --- a/src/lib/libssl/man/SSL_get_finished.3 +++ /dev/null @@ -1,77 +0,0 @@ -.\" $OpenBSD: SSL_get_finished.3,v 1.2 2021/01/30 10:48:15 tb Exp $ -.\" -.\" Copyright (c) 2020 Theo Buehler -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: January 30 2021 $ -.Dt SSL_GET_FINISHED 3 -.Os -.Sh NAME -.Nm SSL_get_finished , -.Nm SSL_get_peer_finished -.Nd get last sent or last expected finished message -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft size_t -.Fn SSL_get_finished "const SSL *ssl" "void *buf" "size_t count" -.Ft size_t -.Fn SSL_get_peer_finished "const SSL *ssl" "void *buf" "size_t count" -.Sh DESCRIPTION -.Fn SSL_get_finished -and -.Fn SSL_get_peer_finished -copy -.Fa count -bytes from the last finished message sent to the peer -or expected from the peer into the -caller-provided buffer -.Fa buf . -.Pp -The finished message is computed from a checksum of the handshake records -exchanged with the peer. -Its length depends on the ciphersuite in use and is at most -.Dv EVP_MAX_MD_SIZE , -i.e., 64 bytes. -.\" In TLSv1.3 the length is equal to the length of the hash algorithm -.\" used by the hash-based message authentication code (HMAC), -.\" which is currently either 32 bytes for SHA-256 or 48 bytes for SHA-384. -.\" In TLSv1.2 the length defaults to 12 bytes, but it can explicitly be -.\" specified by the ciphersuite to be longer. -.\" In TLS versions 1.1 and 1.0, the finished message has a fixed length -.\" of 12 bytes. -.Sh RETURN VALUES -.Fn SSL_get_finished -and -.Fn SSL_get_peer_finished -return the number of bytes copied into -.Fa buf . -The return value is zero if the handshake has not reached the -finished message. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_get_session 3 , -.Xr SSL_set_session 3 -.Sh STANDARDS -RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3, -section 4.4.4: Finished. -.Pp -RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2, -section 7.4.9: Finished. -.Sh HISTORY -.Fn SSL_get_finished -and -.Fn SSL_get_peer_finished -first appeared in SSLeay 0.9.5 -and have been available since -.Ox 2.7 . diff --git a/src/lib/libssl/man/SSL_get_peer_cert_chain.3 b/src/lib/libssl/man/SSL_get_peer_cert_chain.3 deleted file mode 100644 index eb2ae53dc4..0000000000 --- a/src/lib/libssl/man/SSL_get_peer_cert_chain.3 +++ /dev/null @@ -1,107 +0,0 @@ -.\" $OpenBSD: SSL_get_peer_cert_chain.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL SSL_get_peer_cert_chain.pod 1f164c6f Jan 18 01:40:36 2017 +0100 -.\" OpenSSL SSL_get_peer_cert_chain.pod 9b86974e Aug 17 15:21:33 2015 -0400 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2005, 2014, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_GET_PEER_CERT_CHAIN 3 -.Os -.Sh NAME -.Nm SSL_get_peer_cert_chain -.Nd get the X509 certificate chain sent by the peer -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft STACK_OF(X509) * -.Fn SSL_get_peer_cert_chain "const SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_get_peer_cert_chain -returns a pointer to -.Dv STACK_OF Ns Po Vt X509 Pc -certificates forming the certificate chain of the peer. -If called on the client side, the stack also contains the peer's certificate; -if called on the server side, the peer's certificate must be obtained -separately using -.Xr SSL_get_peer_certificate 3 . -If the peer did not present a certificate, -.Dv NULL -is returned. -.Pp -.Fn SSL_get_peer_cert_chain -returns the peer chain as sent by the peer: it only consists of -certificates the peer has sent (in the order the peer has sent them) -and it is not a verified chain. -.Pp -If the session is resumed, peers do not send certificates, so a -.Dv NULL -pointer is returned. -Applications can call -.Fn SSL_session_reused -to determine whether a session is resumed. -.Pp -The reference count of the -.Dv STACK_OF Ns Po Vt X509 Pc -object is not incremented. -If the corresponding session is freed, the pointer must not be used any longer. -.Sh RETURN VALUES -The following return values can occur: -.Bl -tag -width Ds -.It Dv NULL -No certificate was presented by the peer or no connection was established or -the certificate chain is no longer available when a session is reused. -.It Pointer to a Dv STACK_OF Ns Po X509 Pc -The return value points to the certificate chain presented by the peer. -.El -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_get_peer_certificate 3 -.Sh HISTORY -.Fn SSL_get_peer_cert_chain -first appeared in SSLeay 0.8.0 and has been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_peer_certificate.3 b/src/lib/libssl/man/SSL_get_peer_certificate.3 deleted file mode 100644 index 99f9330288..0000000000 --- a/src/lib/libssl/man/SSL_get_peer_certificate.3 +++ /dev/null @@ -1,105 +0,0 @@ -.\" $OpenBSD: SSL_get_peer_certificate.3,v 1.6 2021/06/26 17:36:28 tb Exp $ -.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2001, 2005 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 26 2021 $ -.Dt SSL_GET_PEER_CERTIFICATE 3 -.Os -.Sh NAME -.Nm SSL_get_peer_certificate -.Nd get the X509 certificate of the peer -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft X509 * -.Fn SSL_get_peer_certificate "const SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_get_peer_certificate -returns a pointer to the X509 certificate the peer presented. -If the peer did not present a certificate, -.Dv NULL -is returned. -.Pp -Due to the protocol definition, a TLS/SSL server will always send a -certificate, if present. -A client will only send a certificate when explicitly requested to do so by the -server (see -.Xr SSL_CTX_set_verify 3 ) . -If an anonymous cipher is used, no certificates are sent. -.Pp -That a certificate is returned does not indicate information about the -verification state. -Use -.Xr SSL_get_verify_result 3 -to check the verification state. -.Pp -The reference count of the -.Vt X509 -object is incremented by one, so that it will not be destroyed when the session -containing the peer certificate is freed. -The -.Vt X509 -object must be explicitly freed using -.Xr X509_free 3 . -.Sh RETURN VALUES -The following return values can occur: -.Bl -tag -width Ds -.It Dv NULL -No certificate was presented by the peer or no connection was established. -.It Pointer to an X509 certificate -The return value points to the certificate presented by the peer. -.El -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_set_verify 3 , -.Xr SSL_get0_peername 3 , -.Xr SSL_get_verify_result 3 -.Sh HISTORY -.Fn SSL_get_peer_certificate -appeared in SSLeay 0.4 or earlier and has been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_rbio.3 b/src/lib/libssl/man/SSL_get_rbio.3 deleted file mode 100644 index 38096fbecf..0000000000 --- a/src/lib/libssl/man/SSL_get_rbio.3 +++ /dev/null @@ -1,98 +0,0 @@ -.\" $OpenBSD: SSL_get_rbio.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2013 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_GET_RBIO 3 -.Os -.Sh NAME -.Nm SSL_get_rbio , -.Nm SSL_get_wbio -.Nd get BIO linked to an SSL object -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft BIO * -.Fn SSL_get_rbio "SSL *ssl" -.Ft BIO * -.Fn SSL_get_wbio "SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_get_rbio -and -.Fn SSL_get_wbio -return pointers to the -.Vt BIO Ns s -for the read or the write channel, which can be different. -The reference count of the -.Vt BIO -is not incremented. -.Sh RETURN VALUES -The following return values can occur: -.Bl -tag -width Ds -.It Dv NULL -No -.Vt BIO -was connected to the -.Vt SSL -object. -.It Any other pointer -The -.Vt BIO -linked to -.Fa ssl . -.El -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr ssl 3 , -.Xr SSL_set_bio 3 -.Sh HISTORY -.Fn SSL_get_rbio -and -.Fn SSL_get_wbio -first appeared in SSLeay 0.6.0 and have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_server_tmp_key.3 b/src/lib/libssl/man/SSL_get_server_tmp_key.3 deleted file mode 100644 index aeeb358240..0000000000 --- a/src/lib/libssl/man/SSL_get_server_tmp_key.3 +++ /dev/null @@ -1,89 +0,0 @@ -.\" $OpenBSD: SSL_get_server_tmp_key.3,v 1.4 2019/06/12 09:36:30 schwarze Exp $ -.\" OpenSSL SSL_get_server_tmp_key.pod 508fafd8 Apr 3 15:41:21 2017 +0100 -.\" -.\" This file was written by Matt Caswell -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 12 2019 $ -.Dt SSL_GET_SERVER_TMP_KEY 3 -.Os -.Sh NAME -.Nm SSL_get_server_tmp_key -.Nd temporary server key during a handshake -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft long -.Fo SSL_get_server_tmp_key -.Fa "SSL *ssl" -.Fa "EVP_PKEY **key" -.Fc -.Sh DESCRIPTION -.Fn SSL_get_server_tmp_key -retrieves the temporary key provided by the server -and used during key exchange. -For example, if ECDHE is in use, -this represents the server's public ECDHE key. -.Pp -In case of success, a copy of the key is stored in -.Pf * Fa key . -It is the caller's responsibility to free this key after use using -.Xr EVP_PKEY_free 3 . -.Pp -This function may only be called by the client. -.Pp -This function is implemented as a macro. -.Sh RETURN VALUES -.Fn SSL_get_server_tmp_key -returns 1 on success or 0 on failure. -.Sh SEE ALSO -.Xr EVP_PKEY_free 3 , -.Xr ssl 3 , -.Xr SSL_ctrl 3 -.Sh HISTORY -.Fn SSL_get_server_tmp_key -first appeared in OpenSSL 1.0.2 and has been available since -.Ox 6.1 . diff --git a/src/lib/libssl/man/SSL_get_session.3 b/src/lib/libssl/man/SSL_get_session.3 deleted file mode 100644 index 2ab43fdd3e..0000000000 --- a/src/lib/libssl/man/SSL_get_session.3 +++ /dev/null @@ -1,163 +0,0 @@ -.\" $OpenBSD: SSL_get_session.3,v 1.8 2022/03/31 17:27:18 naddy Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2001, 2005, 2013, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 31 2022 $ -.Dt SSL_GET_SESSION 3 -.Os -.Sh NAME -.Nm SSL_get_session , -.Nm SSL_get0_session , -.Nm SSL_get1_session -.Nd retrieve TLS/SSL session data -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft SSL_SESSION * -.Fn SSL_get_session "const SSL *ssl" -.Ft SSL_SESSION * -.Fn SSL_get0_session "const SSL *ssl" -.Ft SSL_SESSION * -.Fn SSL_get1_session "SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_get_session -returns a pointer to the -.Vt SSL_SESSION -actually used in -.Fa ssl . -The reference count of the -.Vt SSL_SESSION -is not incremented, so that the pointer can become invalid by other operations. -.Pp -.Fn SSL_get0_session -is the same as -.Fn SSL_get_session . -.Pp -.Fn SSL_get1_session -is the same as -.Fn SSL_get_session , -but the reference count of the -.Vt SSL_SESSION -is incremented by one. -.Pp -The -.Fa ssl -session contains all information required to re-establish the connection -without a new handshake. -.Pp -.Fn SSL_get0_session -returns a pointer to the actual session. -As the reference counter is not incremented, -the pointer is only valid while the connection is in use. -If -.Xr SSL_clear 3 -or -.Xr SSL_free 3 -is called, the session may be removed completely (if considered bad), -and the pointer obtained will become invalid. -Even if the session is valid, -it can be removed at any time due to timeout during -.Xr SSL_CTX_flush_sessions 3 . -.Pp -If the data is to be kept, -.Fn SSL_get1_session -will increment the reference count, so that the session will not be implicitly -removed by other operations but stays in memory. -In order to remove the session, -.Xr SSL_SESSION_free 3 -must be explicitly called once to decrement the reference count again. -.Pp -.Vt SSL_SESSION -objects keep internal link information about the session cache list when being -inserted into one -.Vt SSL_CTX -object's session cache. -One -.Vt SSL_SESSION -object, regardless of its reference count, must therefore only be used with one -.Vt SSL_CTX -object (and the -.Vt SSL -objects created from this -.Vt SSL_CTX -object). -.Sh RETURN VALUES -The following return values can occur: -.Bl -tag -width Ds -.It Dv NULL -There is no session available in -.Fa ssl . -.It Pointer to an Vt SSL_SESSION -The return value points to the data of an -.Vt SSL -session. -.El -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_clear 3 , -.Xr SSL_free 3 , -.Xr SSL_SESSION_free 3 , -.Xr SSL_SESSION_get0_peer 3 , -.Xr SSL_SESSION_get_compress_id 3 , -.Xr SSL_SESSION_get_id 3 , -.Xr SSL_SESSION_get_protocol_version 3 , -.Xr SSL_SESSION_get_time 3 , -.Xr SSL_SESSION_new 3 , -.Xr SSL_SESSION_print 3 , -.Xr SSL_set_session 3 -.Sh HISTORY -.Fn SSL_get_session -first appeared in SSLeay 0.5.2 and has been available since -.Ox 2.4 . -.Pp -.Fn SSL_get0_session -and -.Fn SSL_get1_session -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . diff --git a/src/lib/libssl/man/SSL_get_shared_ciphers.3 b/src/lib/libssl/man/SSL_get_shared_ciphers.3 deleted file mode 100644 index 207e8c42eb..0000000000 --- a/src/lib/libssl/man/SSL_get_shared_ciphers.3 +++ /dev/null @@ -1,103 +0,0 @@ -.\" $OpenBSD: SSL_get_shared_ciphers.3,v 1.5 2021/01/09 10:50:02 tb Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: January 9 2021 $ -.Dt SSL_GET_SHARED_CIPHERS 3 -.Os -.Sh NAME -.Nm SSL_get_shared_ciphers -.Nd ciphers supported by both client and server -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft char * -.Fo SSL_get_shared_ciphers -.Fa "const SSL *ssl" -.Fa "char *buf" -.Fa "int len" -.Fc -.Sh DESCRIPTION -If -.Fa ssl -contains a session in server mode, -.Fn SSL_get_shared_ciphers -puts as many names of ciphers that are supported by both the client -and the server into the buffer -.Fa buf -as the buffer is long enough to contain. -Names are separated by colons. -At most -.Fa len -bytes are written to -.Fa buf -including the terminating NUL character. -.Sh RETURN VALUES -.Fn SSL_get_shared_ciphers -returns -.Fa buf -on success or -.Dv NULL -on failure. -The following situations cause failure: -.Bl -bullet -.It -.Xr SSL_is_server 3 -is false, i.e., -.Ar ssl -is not set to server mode. -.It -.Xr SSL_get_ciphers 3 -is -.Dv NULL -or empty, i.e., no ciphers are available for use by the server. -.It -.Xr SSL_get_session 3 -is -.Dv NULL , -i.e., -.Ar ssl -contains no session. -.It -.Xr SSL_get_client_ciphers 3 -is -.Dv NULL -or empty, i.e., -.Ar ssl -contains no information about ciphers supported by the client, -or the client does not support any ciphers. -.It -The -.Fa len -argument is less than 2. -.El -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_get_ciphers 3 -.Sh HISTORY -.Fn SSL_get_shared_ciphers -first appeared in SSLeay 0.4.5b and has been available since -.Ox 2.4 . -.Sh BUGS -If the list is too long to fit into -.Fa len -bytes, it is silently truncated after the last cipher name that fits, -and all following ciphers are skipped. -If the buffer is very short such that even the first cipher name -does not fit, an empty string is returned even when some shared -ciphers are actually available. -.Pp -There is no easy way to find out how much space is required for -.Fa buf -or whether the supplied space was sufficient. diff --git a/src/lib/libssl/man/SSL_get_state.3 b/src/lib/libssl/man/SSL_get_state.3 deleted file mode 100644 index 297bbce876..0000000000 --- a/src/lib/libssl/man/SSL_get_state.3 +++ /dev/null @@ -1,161 +0,0 @@ -.\" $OpenBSD: SSL_get_state.3,v 1.5 2019/06/12 09:36:30 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 12 2019 $ -.Dt SSL_GET_STATE 3 -.Os -.Sh NAME -.Nm SSL_get_state , -.Nm SSL_state , -.Nm SSL_in_accept_init , -.Nm SSL_in_before , -.Nm SSL_in_connect_init , -.Nm SSL_in_init , -.Nm SSL_is_init_finished -.Nd inspect the state of the SSL state machine -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fo SSL_get_state -.Fa "const SSL *ssl" -.Fc -.Ft int -.Fo SSL_state -.Fa "const SSL *ssl" -.Fc -.Ft int -.Fo SSL_in_accept_init -.Fa "const SSL *ssl" -.Fc -.Ft int -.Fo SSL_in_before -.Fa "const SSL *ssl" -.Fc -.Ft int -.Fo SSL_in_connect_init -.Fa "const SSL *ssl" -.Fc -.Ft int -.Fo SSL_in_init -.Fa "const SSL *ssl" -.Fc -.Ft int -.Fo SSL_is_init_finished -.Fa "const SSL *ssl" -.Fc -.Sh DESCRIPTION -.Fn SSL_get_state -returns an encoded representation of the current state of the SSL -state machine. -.Fn SSL_state -is a deprecated alias for -.Fn SSL_get_state . -.Pp -The following bits may be set: -.Bl -tag -width Ds -.It Dv SSL_ST_ACCEPT -This bit is set by -.Xr SSL_accept 3 -and by -.Xr SSL_set_accept_state 3 . -It indicates that -.Fa ssl -is set up for server mode and no client initiated the TLS handshake yet. -The function -.Fn SSL_in_accept_init -returns non-zero if this bit is set or 0 otherwise. -.It Dv SSL_ST_BEFORE -This bit is set by the -.Xr SSL_accept 3 , -.Xr SSL_connect 3 , -.Xr SSL_set_accept_state 3 , -and -.Xr SSL_set_connect_state 3 -functions. -It indicates that the TLS handshake was not initiated yet. -The function -.Fn SSL_in_before -returns non-zero if this bit is set or 0 otherwise. -.It Dv SSL_ST_CONNECT -This bit is set by -.Xr SSL_connect 3 -and by -.Xr SSL_set_connect_state 3 . -It indicates that -.Fa ssl -is set up for client mode and no TLS handshake was initiated yet. -The function -.Fn SSL_in_connect_init -returns non-zero if this bit is set or 0 otherwise. -.El -.Pp -The following masks can be used: -.Bl -tag -width Ds -.It Dv SSL_ST_INIT -Set if -.Dv SSL_ST_ACCEPT -or -.Dv SSL_ST_CONNECT -is set. -The function -.Fn SSL_in_init -returns a non-zero value if one of these is set or 0 otherwise. -.It Dv SSL_ST_MASK -This mask includes all bits except -.Dv SSL_ST_ACCEPT , -.Dv SSL_ST_BEFORE , -and -.Dv SSL_ST_CONNECT . -.It Dv SSL_ST_OK -The state is set to this value when a connection is established. -The function -.Fn SSL_is_init_finished -returns a non-zero value if the state equals this constant, or 0 otherwise. -.It Dv SSL_ST_RENEGOTIATE -The program is about to renegotiate, for example when entering -.Xr SSL_read 3 -or -.Xr SSL_write 3 -right after -.Xr SSL_renegotiate 3 -was called. -.El -.Pp -The meaning of other bits is protocol-dependent. -Application programs usually do not need to inspect any of those -other bits. -.Pp -All these functions may be implemented as macros. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_renegotiate 3 , -.Xr SSL_set_connect_state 3 -.Sh HISTORY -.Fn SSL_is_init_finished -first appeared in SSLeay 0.4.5b. -.Fn SSL_state -first appeared in SSLeay 0.5.2. -.Fn SSL_in_accept_init , -.Fn SSL_in_connect_init , -and -.Fn SSL_in_init -first appeared in SSLeay 0.6.0. -.Fn SSL_in_before -first appeared in SSLeay 0.8.0. -.Fn SSL_get_state -first appeared in SSLeay 0.9.0. -All these functions have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_verify_result.3 b/src/lib/libssl/man/SSL_get_verify_result.3 deleted file mode 100644 index 180cf1bb73..0000000000 --- a/src/lib/libssl/man/SSL_get_verify_result.3 +++ /dev/null @@ -1,102 +0,0 @@ -.\" $OpenBSD: SSL_get_verify_result.3,v 1.6 2021/06/26 17:36:28 tb Exp $ -.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2001, 2005 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 26 2021 $ -.Dt SSL_GET_VERIFY_RESULT 3 -.Os -.Sh NAME -.Nm SSL_get_verify_result -.Nd get result of peer certificate verification -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft long -.Fn SSL_get_verify_result "const SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_get_verify_result -returns the result of the verification of the X509 certificate presented by the -peer, if any. -.Pp -.Fn SSL_get_verify_result -can only return one error code while the verification of a certificate can fail -because of many reasons at the same time. -Only the last verification error that occurred during the processing is -available from -.Fn SSL_get_verify_result . -.Pp -The verification result is part of the established session and is restored when -a session is reused. -.Sh RETURN VALUES -The following return values can currently occur: -.Bl -tag -width Ds -.It Dv X509_V_OK -The verification succeeded or no peer certificate was presented. -.It Any other value -Documented in -.Xr openssl 1 . -.El -.Sh SEE ALSO -.Xr openssl 1 , -.Xr ssl 3 , -.Xr SSL_CTX_set_verify 3 , -.Xr SSL_get0_peername 3 , -.Xr SSL_get_peer_certificate 3 , -.Xr SSL_set_verify_result 3 -.Sh HISTORY -.Fn SSL_get_verify_result -first appeared in SSLeay 0.6.1 and has been available since -.Ox 2.4 . -.Sh BUGS -If no peer certificate was presented, the returned result code is -.Dv X509_V_OK . -This is because no verification error occurred; -however, it does not indicate success. -.Fn SSL_get_verify_result -is only useful in connection with -.Xr SSL_get_peer_certificate 3 . diff --git a/src/lib/libssl/man/SSL_get_version.3 b/src/lib/libssl/man/SSL_get_version.3 deleted file mode 100644 index a6cefb055b..0000000000 --- a/src/lib/libssl/man/SSL_get_version.3 +++ /dev/null @@ -1,123 +0,0 @@ -.\" $OpenBSD: SSL_get_version.3,v 1.9 2021/04/15 16:13:22 tb Exp $ -.\" full merge up to: OpenSSL e417070c Jun 8 11:37:06 2016 -0400 -.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001, 2005, 2014 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: April 15 2021 $ -.Dt SSL_GET_VERSION 3 -.Os -.Sh NAME -.Nm SSL_get_version , -.Nm SSL_is_dtls , -.Nm SSL_version -.\" The following are intentionally undocumented because -.\" - the longer term plan is to remove them -.\" - nothing appears to be using them in the wild -.\" - and they have the wrong namespace prefix -.\" Nm TLS1_get_version -.\" Nm TLS1_get_client_version -.Nd get the protocol information of a connection -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft const char * -.Fn SSL_get_version "const SSL *ssl" -.Ft int -.Fn SSL_is_dtls "const SSL *ssl" -.Ft int -.Fn SSL_version "const SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_get_version -returns the name of the protocol used for the connection -.Fa ssl . -.Pp -.Fn SSL_is_dtls -returns 1 if the connection is using DTLS, 0 if not. -.Pp -.Fn SSL_version -returns an integer constant representing that protocol. -.Pp -These functions only return reliable results -after the initial handshake has been completed. -.Sh RETURN VALUES -The following strings or integers can be returned by -.Fn SSL_get_version -and -.Fn SSL_version : -.Bl -tag -width Ds -.It Qo TLSv1 Qc No or Dv TLS1_VERSION -The connection uses the TLSv1.0 protocol. -.It Qo TLSv1.1 Qc No or Dv TLS1_1_VERSION -The connection uses the TLSv1.1 protocol. -.It Qo TLSv1.2 Qc No or Dv TLS1_2_VERSION -The connection uses the TLSv1.2 protocol. -.It Qo TLSv1.3 Qc No or Dv TLS1_3_VERSION -The connection uses the TLSv1.3 protocol. -.It Qo DTLSv1 Qc No or Dv DTLS1_VERSION -The connection uses the Datagram Transport Layer Security 1.0 protocol. -.It Qo DTLSv1.2 Qc No or Dv DTLS1_2_VERSION -The connection uses the Datagram Transport Layer Security 1.2 protocol. -.It Qq unknown -This indicates an unknown protocol version; -it cannot currently happen with LibreSSL. -.El -.Pp -.Fn SSL_is_dtls -returns 1 if the connection uses DTLS, 0 if not. -.Sh SEE ALSO -.Xr ssl 3 -.Sh HISTORY -.Fn SSL_get_version -and -.Fn SSL_version -first appeared in SSLeay 0.8.0 and have been available since -.Ox 2.4 . -.Pp -.Fn SSL_is_dtls -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.9 . diff --git a/src/lib/libssl/man/SSL_library_init.3 b/src/lib/libssl/man/SSL_library_init.3 deleted file mode 100644 index 053c1e6fcb..0000000000 --- a/src/lib/libssl/man/SSL_library_init.3 +++ /dev/null @@ -1,98 +0,0 @@ -.\" $OpenBSD: SSL_library_init.3,v 1.7 2019/06/14 13:41:31 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2006, 2010 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 14 2019 $ -.Dt SSL_LIBRARY_INIT 3 -.Os -.Sh NAME -.Nm SSL_library_init , -.Nm OpenSSL_add_ssl_algorithms , -.Nm SSLeay_add_ssl_algorithms -.Nd initialize SSL library by registering algorithms -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_library_init void -.Ft int -.Fn OpenSSL_add_ssl_algorithms void -.Ft int -.Fn SSLeay_add_ssl_algorithms void -.Sh DESCRIPTION -These functions are deprecated. -It is never useful for any application program to call any of them explicitly. -The library automatically calls them internally whenever needed. -.Pp -.Fn SSL_library_init -registers the available ciphers and digests -which are used directly or indirectly by TLS. -.Pp -.Fn OpenSSL_add_ssl_algorithms -and -.Fn SSLeay_add_ssl_algorithms -are synonyms for -.Fn SSL_library_init -and are implemented as macros. -.Sh RETURN VALUES -.Fn SSL_library_init -always returns 1. -.Sh SEE ALSO -.Xr ssl 3 -.Sh HISTORY -.Fn SSLeay_add_ssl_algorithms -first appeared in SSLeay 0.8.0 and has been available since -.Ox 2.4 . -.Pp -.Fn SSL_library_init -first appeared in OpenSSL 0.9.2b and has been available since -.Ox 2.6 . -.Pp -.Fn OpenSSL_add_ssl_algorithms -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . diff --git a/src/lib/libssl/man/SSL_load_client_CA_file.3 b/src/lib/libssl/man/SSL_load_client_CA_file.3 deleted file mode 100644 index f782d96dce..0000000000 --- a/src/lib/libssl/man/SSL_load_client_CA_file.3 +++ /dev/null @@ -1,185 +0,0 @@ -.\" $OpenBSD: SSL_load_client_CA_file.3,v 1.9 2019/06/12 09:36:30 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Lutz Jaenicke . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 12 2019 $ -.Dt SSL_LOAD_CLIENT_CA_FILE 3 -.Os -.Sh NAME -.Nm SSL_load_client_CA_file , -.Nm SSL_add_file_cert_subjects_to_stack , -.Nm SSL_add_dir_cert_subjects_to_stack -.Nd load certificate names from files -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft STACK_OF(X509_NAME) * -.Fn SSL_load_client_CA_file "const char *file" -.Ft int -.Fo SSL_add_file_cert_subjects_to_stack -.Fa "STACK_OF(X509_NAME) *stack" -.Fa "const char *file" -.Fc -.Ft int -.Fo SSL_add_dir_cert_subjects_to_stack -.Fa "STACK_OF(X509_NAME) *stack" -.Fa "const char *dir" -.Fc -.Sh DESCRIPTION -.Fn SSL_load_client_CA_file -reads PEM formatted certificates from -.Fa file -and returns a new -.Vt STACK_OF(X509_NAME) -with the subject names found. -While the name suggests the specific usage as a support function for -.Xr SSL_CTX_set_client_CA_list 3 , -it is not limited to CA certificates. -.Pp -.Fn SSL_add_file_cert_subjects_to_stack -is similar except that the names are added to the existing -.Fa stack . -.Pp -.Fn SSL_add_dir_cert_subjects_to_stack -calls -.Fn SSL_add_file_cert_subjects_to_stack -on every file in the directory -.Fa dir . -.Pp -If a name is already on the stack, all these functions skip it and -do not add it again. -.Sh RETURN VALUES -.Fn SSL_load_client_CA_file -returns a pointer to the new -.Vt STACK_OF(X509_NAME) -or -.Dv NULL on failure . -.Pp -.Fn SSL_add_file_cert_subjects_to_stack -and -.Fn SSL_add_dir_cert_subjects_to_stack -return 1 for success or 0 for failure. -.Pp -All these functions treat empty files and directories as failures. -.Pp -In some cases of failure, the reason can be determined with -.Xr ERR_get_error 3 . -.Sh EXAMPLES -Load names of CAs from a file and use it as a client CA list: -.Bd -literal -SSL_CTX *ctx; -STACK_OF(X509_NAME) *cert_names; -\&... -cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); -if (cert_names != NULL) - SSL_CTX_set_client_CA_list(ctx, cert_names); -else - error_handling(); -\&... -.Ed -.Sh SEE ALSO -.Xr PEM_read_bio_X509 3 , -.Xr ssl 3 , -.Xr SSL_CTX_set_client_CA_list 3 , -.Xr X509_get_subject_name 3 , -.Xr X509_NAME_new 3 -.Sh HISTORY -.Fn SSL_load_client_CA_file -first appeared in SSLeay 0.8.0 and has been available since -.Ox 2.4 . -.Pp -.Fn SSL_add_file_cert_subjects_to_stack -and -.Fn SSL_add_dir_cert_subjects_to_stack -first appeared in OpenSSL 0.9.2b and have been available since -.Ox 2.6 . -.Sh AUTHORS -.Fn SSL_add_file_cert_subjects_to_stack -and -.Fn SSL_add_dir_cert_subjects_to_stack -were written by -.An Ben Laurie Aq Mt ben@openssl.org -in 1999. -.Sh BUGS -In some cases of failure, for example for empty files and directories, -these functions fail to report an error, in the sense that -.Xr ERR_get_error 3 -does not work. -.Pp -Even in case of failure, for example when parsing one of the -files or certificates fails, -.Fn SSL_add_file_cert_subjects_to_stack -and -.Fn SSL_add_dir_cert_subjects_to_stack -may still have added some certificates to the stack. -.Pp -The behaviour of -.Fn SSL_add_dir_cert_subjects_to_stack -is non-deterministic. -If parsing one file fails, parsing of the whole directory is aborted. -Files in the directory are not parsed in any specific order. -For example, adding an empty file to -.Fa dir -may or may not cause some of the other files to be ignored. diff --git a/src/lib/libssl/man/SSL_new.3 b/src/lib/libssl/man/SSL_new.3 deleted file mode 100644 index 22c5dbf2db..0000000000 --- a/src/lib/libssl/man/SSL_new.3 +++ /dev/null @@ -1,110 +0,0 @@ -.\" $OpenBSD: SSL_new.3,v 1.7 2022/07/13 22:05:53 schwarze Exp $ -.\" full merge up to: OpenSSL 1c7ae3dd Mar 29 19:17:55 2017 +1000 -.\" -.\" This file was written by Richard Levitte -.\" and Matt Caswell . -.\" Copyright (c) 2000, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 13 2022 $ -.Dt SSL_NEW 3 -.Os -.Sh NAME -.Nm SSL_new , -.Nm SSL_up_ref -.Nd create a new SSL structure for a connection -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft SSL * -.Fn SSL_new "SSL_CTX *ctx" -.Ft int -.Fn SSL_up_ref "SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_new -creates a new -.Vt SSL -structure which is needed to hold the data for a TLS/SSL connection. -The new structure inherits the settings of the underlying context -.Fa ctx : -connection method, options, verification settings, -timeout settings, security level. -The reference count of the new structure is set to 1. -.Pp -.Fn SSL_up_ref -increments the reference count of -.Fa ssl -by 1. -.Sh RETURN VALUES -The following return values can occur: -.Bl -tag -width Ds -.It Dv NULL -The creation of a new -.Vt SSL -structure failed. -Check the error stack to find out the reason. -.It Pointer to an Vt SSL No structure -The return value points to an allocated -.Vt SSL -structure. -.El -.Pp -.Fn SSL_up_ref -returns 1 for success or 0 for failure. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_clear 3 , -.Xr SSL_CTX_set_options 3 , -.Xr SSL_CTX_set_security_level 3 , -.Xr SSL_free 3 , -.Xr SSL_get_SSL_CTX 3 -.Sh HISTORY -.Fn SSL_new -appeared in SSLeay 0.4 or earlier and has been available since -.Ox 2.4 . -.Pp -.Fn SSL_up_ref -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_num_renegotiations.3 b/src/lib/libssl/man/SSL_num_renegotiations.3 deleted file mode 100644 index 6a81b76a60..0000000000 --- a/src/lib/libssl/man/SSL_num_renegotiations.3 +++ /dev/null @@ -1,75 +0,0 @@ -.\" $OpenBSD: SSL_num_renegotiations.3,v 1.5 2019/06/12 09:36:30 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 12 2019 $ -.Dt SSL_NUM_RENEGOTIATIONS 3 -.Os -.Sh NAME -.Nm SSL_num_renegotiations , -.Nm SSL_clear_num_renegotiations , -.Nm SSL_total_renegotiations -.Nd renegotiation counters -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft long -.Fo SSL_num_renegotiations -.Fa "SSL *ssl" -.Fc -.Ft long -.Fo SSL_clear_num_renegotiations -.Fa "SSL *ssl" -.Fc -.Ft long -.Fo SSL_total_renegotiations -.Fa "SSL *ssl" -.Fc -.Sh DESCRIPTION -.Fn SSL_num_renegotiations -reports the number of renegotiations initiated in -.Fa ssl -since -.Xr SSL_new 3 , -.Xr SSL_clear 3 , -or -.Fn SSL_clear_num_renegotiations -was last called on that object. -.Pp -.Fn SSL_clear_num_renegotiations -does the same and additionally resets the renegotiation counter to 0. -.Pp -.Fn SSL_total_renegotiations -reports the number of renegotiations initiated in -.Fa ssl -since -.Xr SSL_new 3 -or -.Xr SSL_clear 3 -was last called on that object. -.Pp -These functions are implemented as macros. -.Sh RETURN VALUES -All these functions return a number of renegotiations. -.Sh SEE ALSO -.Xr BIO_set_ssl_renegotiate_bytes 3 , -.Xr ssl 3 , -.Xr SSL_ctrl 3 , -.Xr SSL_read 3 , -.Xr SSL_renegotiate 3 , -.Xr SSL_write 3 -.Sh HISTORY -These functions first appeared in SSLeay 0.9.0 -and have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_pending.3 b/src/lib/libssl/man/SSL_pending.3 deleted file mode 100644 index bbc2e9bdd2..0000000000 --- a/src/lib/libssl/man/SSL_pending.3 +++ /dev/null @@ -1,90 +0,0 @@ -.\" $OpenBSD: SSL_pending.3,v 1.5 2020/01/23 03:40:18 beck Exp $ -.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 -.\" -.\" This file was written by Lutz Jaenicke , -.\" Bodo Moeller , and Matt Caswell . -.\" Copyright (c) 2000, 2005, 2015, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: January 23 2020 $ -.Dt SSL_PENDING 3 -.Os -.Sh NAME -.Nm SSL_pending -.Nd obtain number of readable bytes buffered in an SSL object -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_pending "const SSL *ssl" -.Sh DESCRIPTION -Data is received in whole blocks known as records from the peer. -A whole record is processed, for example decrypted, in one go and -is buffered until it is read by the application via a call to -.Xr SSL_read 3 . -.Pp -.Fn SSL_pending -returns the number of bytes of application data which are available -for immediate read. -.Pp -.Fn SSL_pending -takes into account only bytes from the TLS/SSL record that is -currently being processed (if any). -.Sh RETURN VALUES -.Fn SSL_pending -returns the number of buffered and processed application data -bytes that are pending and are available for immediate read. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_read 3 -.Sh HISTORY -.Fn SSL_pending -appeared in SSLeay 0.4 or earlier and has been available since -.Ox 2.4 . -.Sh BUGS -Up to OpenSSL 0.9.6, -.Fn SSL_pending -did not check if the record type of pending data is application data. diff --git a/src/lib/libssl/man/SSL_read.3 b/src/lib/libssl/man/SSL_read.3 deleted file mode 100644 index bb72a8ed82..0000000000 --- a/src/lib/libssl/man/SSL_read.3 +++ /dev/null @@ -1,278 +0,0 @@ -.\" $OpenBSD: SSL_read.3,v 1.8 2021/10/24 15:10:13 schwarze Exp $ -.\" full merge up to: OpenSSL 5a2443ae Nov 14 11:37:36 2016 +0000 -.\" partial merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 -.\" -.\" This file was written by Lutz Jaenicke and -.\" Matt Caswell . -.\" Copyright (c) 2000, 2001, 2008, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: October 24 2021 $ -.Dt SSL_READ 3 -.Os -.Sh NAME -.Nm SSL_read_ex , -.Nm SSL_read , -.Nm SSL_peek_ex , -.Nm SSL_peek -.Nd read bytes from a TLS connection -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_read_ex "SSL *ssl" "void *buf" "size_t num" "size_t *readbytes" -.Ft int -.Fn SSL_read "SSL *ssl" "void *buf" "int num" -.Ft int -.Fn SSL_peek_ex "SSL *ssl" "void *buf" "size_t num" "size_t *readbytes" -.Ft int -.Fn SSL_peek "SSL *ssl" "void *buf" "int num" -.Sh DESCRIPTION -.Fn SSL_read_ex -and -.Fn SSL_read -try to read -.Fa num -bytes from the specified -.Fa ssl -into the buffer -.Fa buf . -On success -.Fn SSL_read_ex -stores the number of bytes actually read in -.Pf * Fa readbytes . -.Pp -.Fn SSL_peek_ex -and -.Fn SSL_peek -are identical to -.Fn SSL_read_ex -and -.Fn SSL_read , -respectively, -except that no bytes are removed from the underlying BIO during -the read, such that a subsequent call to -.Fn SSL_read_ex -or -.Fn SSL_read -will yield at least the same bytes once again. -.Pp -In the following, -.Fn SSL_read_ex , -.Fn SSL_read , -.Fn SSL_peek_ex , -and -.Fn SSL_peek -are called -.Dq read functions . -.Pp -If necessary, a read function will negotiate a TLS session, if -not already explicitly performed by -.Xr SSL_connect 3 -or -.Xr SSL_accept 3 . -If the peer requests a re-negotiation, it will be performed -transparently during the read function operation. -The behaviour of the read functions depends on the underlying -.Vt BIO . -.Pp -For the transparent negotiation to succeed, the -.Fa ssl -must have been initialized to client or server mode. -This is done by calling -.Xr SSL_set_connect_state 3 -or -.Xr SSL_set_accept_state 3 -before the first call to a read function. -.Pp -The read functions work based on the TLS records. -The data are received in records (with a maximum record size of 16kB). -Only when a record has been completely received, it can be processed -(decrypted and checked for integrity). -Therefore, data that was not retrieved at the last read call can -still be buffered inside the TLS layer and will be retrieved on the -next read call. -If -.Fa num -is higher than the number of bytes buffered, the read functions -will return with the bytes buffered. -If no more bytes are in the buffer, the read functions will trigger -the processing of the next record. -Only when the record has been received and processed completely -will the read functions return reporting success. -At most the contents of the record will be returned. -As the size of a TLS record may exceed the maximum packet size -of the underlying transport (e.g., TCP), it may be necessary to -read several packets from the transport layer before the record is -complete and the read call can succeed. -.Pp -If the underlying -.Vt BIO -is blocking, -a read function will only return once the read operation has been -finished or an error occurred, except when a renegotiation takes -place, in which case an -.Dv SSL_ERROR_WANT_READ -may occur. -This behavior can be controlled with the -.Dv SSL_MODE_AUTO_RETRY -flag of the -.Xr SSL_CTX_set_mode 3 -call. -.Pp -If the underlying -.Vt BIO -is non-blocking, a read function will also return when the underlying -.Vt BIO -could not satisfy the needs of the function to continue the operation. -In this case a call to -.Xr SSL_get_error 3 -with the return value of the read function will yield -.Dv SSL_ERROR_WANT_READ -or -.Dv SSL_ERROR_WANT_WRITE . -As at any time a re-negotiation is possible, a read function may -also cause write operations. -The calling process must then repeat the call after taking appropriate -action to satisfy the needs of the read function. -The action depends on the underlying -.Vt BIO . -When using a non-blocking socket, nothing is to be done, but -.Xr select 2 -can be used to check for the required condition. -When using a buffering -.Vt BIO , -like a -.Vt BIO -pair, data must be written into or retrieved out of the -.Vt BIO -before being able to continue. -.Pp -.Xr SSL_pending 3 -can be used to find out whether there are buffered bytes available for -immediate retrieval. -In this case a read function can be called without blocking or -actually receiving new data from the underlying socket. -.Pp -When a read function operation has to be repeated because of -.Dv SSL_ERROR_WANT_READ -or -.Dv SSL_ERROR_WANT_WRITE , -it must be repeated with the same arguments. -.Sh RETURN VALUES -.Fn SSL_read_ex -and -.Fn SSL_peek_ex -return 1 for success or 0 for failure. -Success means that one or more application data bytes -have been read from the SSL connection. -Failure means that no bytes could be read from the SSL connection. -Failures can be retryable (e.g. we are waiting for more bytes to be -delivered by the network) or non-retryable (e.g. a fatal network error). -In the event of a failure, call -.Xr SSL_get_error 3 -to find out the reason which indicates whether the call is retryable or not. -.Pp -For -.Fn SSL_read -and -.Fn SSL_peek , -the following return values can occur: -.Bl -tag -width Ds -.It >0 -The read operation was successful. -The return value is the number of bytes actually read from the -TLS connection. -.It 0 -The read operation was not successful. -The reason may either be a clean shutdown due to a -.Dq close notify -alert sent by the peer (in which case the -.Dv SSL_RECEIVED_SHUTDOWN -flag in the ssl shutdown state is set (see -.Xr SSL_shutdown 3 -and -.Xr SSL_set_shutdown 3 ) . -It is also possible that the peer simply shut down the underlying transport and -the shutdown is incomplete. -Call -.Xr SSL_get_error 3 -with the return value to find out whether an error occurred or the connection -was shut down cleanly -.Pq Dv SSL_ERROR_ZERO_RETURN . -.It <0 -The read operation was not successful, because either an error occurred or -action must be taken by the calling process. -Call -.Xr SSL_get_error 3 -with the return value to find out the reason. -.El -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr ssl 3 , -.Xr SSL_accept 3 , -.Xr SSL_connect 3 , -.Xr SSL_CTX_new 3 , -.Xr SSL_CTX_set_mode 3 , -.Xr SSL_get_error 3 , -.Xr SSL_pending 3 , -.Xr SSL_set_connect_state 3 , -.Xr SSL_set_shutdown 3 , -.Xr SSL_shutdown 3 , -.Xr SSL_write 3 -.Sh HISTORY -.Fn SSL_read -appeared in SSLeay 0.4 or earlier. -.Fn SSL_peek -first appeared in SSLeay 0.6.6. -Both functions have been available since -.Ox 2.4 . -.Pp -.Fn SSL_read_ex -and -.Fn SSL_peek_ex -first appeared in OpenSSL 1.1.1 and have been available since -.Ox 7.1 . diff --git a/src/lib/libssl/man/SSL_read_early_data.3 b/src/lib/libssl/man/SSL_read_early_data.3 deleted file mode 100644 index 1435c15935..0000000000 --- a/src/lib/libssl/man/SSL_read_early_data.3 +++ /dev/null @@ -1,174 +0,0 @@ -.\" $OpenBSD: SSL_read_early_data.3,v 1.4 2021/11/26 13:48:22 jsg Exp $ -.\" content checked up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200 -.\" -.\" Copyright (c) 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: November 26 2021 $ -.Dt SSL_READ_EARLY_DATA 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_max_early_data , -.Nm SSL_set_max_early_data , -.Nm SSL_SESSION_set_max_early_data , -.Nm SSL_CTX_get_max_early_data , -.Nm SSL_get_max_early_data , -.Nm SSL_SESSION_get_max_early_data , -.Nm SSL_write_early_data , -.Nm SSL_read_early_data , -.Nm SSL_get_early_data_status -.Nd transmit application data during the handshake -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fo SSL_CTX_set_max_early_data -.Fa "SSL_CTX *ctx" -.Fa "uint32_t max_bytes" -.Fc -.Ft int -.Fo SSL_set_max_early_data -.Fa "SSL *ssl" -.Fa "uint32_t max_bytes" -.Fc -.Ft int -.Fo SSL_SESSION_set_max_early_data -.Fa "SSL_SESSION *session" -.Fa "uint32_t max_bytes" -.Fc -.Ft uint32_t -.Fo SSL_CTX_get_max_early_data -.Fa "const SSL_CTX *ctx" -.Fc -.Ft uint32_t -.Fo SSL_get_max_early_data -.Fa "const SSL *ssl" -.Fc -.Ft uint32_t -.Fo SSL_SESSION_get_max_early_data -.Fa "const SSL_SESSION *session" -.Fc -.Ft int -.Fo SSL_write_early_data -.Fa "SSL *ssl" -.Fa "const void *buf" -.Fa "size_t len" -.Fa "size_t *written" -.Fc -.Ft int -.Fo SSL_read_early_data -.Fa "SSL *ssl" -.Fa "void *buf" -.Fa "size_t maxlen" -.Fa "size_t *readbytes" -.Fc -.Ft int -.Fo SSL_get_early_data_status -.Fa "const SSL *ssl" -.Fc -.Sh DESCRIPTION -In LibreSSL, these functions have no effect. -They are only provided because some application programs -expect the API to be available when TLSv1.3 is supported. -Using these functions is strongly discouraged because they provide -marginal benefit in the first place even when implemented and -used as designed, because they have absurdly complicated semantics, -and because when they are used, inconspicuous oversights are likely -to cause serious security vulnerabilities. -.Pp -If these functions are used, other TLS implementations -may allow the transfer of application data during the initial handshake. -Even when used as designed, security of the connection is compromised; -in particular, application data is exchanged with unauthenticated peers, -and there is no forward secrecy. -Other downsides include an increased risk of replay attacks. -.Pp -.Fn SSL_CTX_set_max_early_data , -.Fn SSL_set_max_early_data , -and -.Fn SSL_SESSION_set_max_early_data -are intended to configure the maximum number of bytes per session -that can be transmitted during the handshake. -With LibreSSL, all arguments are ignored. -.Pp -An endpoint can attempt to send application data with -.Fn SSL_write_early_data -during the handshake. -With LibreSSL, such attempts always fail and set -.Pf * Fa written -to 0. -.Pp -A server can attempt to read application data from the client using -.Fn SSL_read_early_data -during the handshake. -With LibreSSL, no such data is ever accepted and -.Pf * Fa readbytes -is always set to 0. -.Sh RETURN VALUES -.Fn SSL_CTX_set_max_early_data , -.Fn SSL_set_max_early_data , -and -.Fn SSL_SESSION_set_max_early_data -return 1 for success or 0 for failure. -With LibreSSL, they always succeed. -.Pp -.Fn SSL_CTX_get_max_early_data , -.Fn SSL_get_max_early_data , -and -.Fn SSL_SESSION_get_max_early_data -return the maximum number of bytes of application data -that will be accepted from the peer during the handshake. -With LibreSSL, they always return 0. -.Pp -.Fn SSL_write_early_data -returns 1 for success or 0 for failure. -With LibreSSL, it always fails. -.Pp -With LibreSSL, -.Fn SSL_read_early_data -always returns -.Dv SSL_READ_EARLY_DATA_FINISH -on the server side and -.Dv SSL_READ_EARLY_DATA_ERROR -on the client side. -.Dv SSL_READ_EARLY_DATA_SUCCESS -can occur with other implementations, but not with LibreSSL. -.Pp -With LibreSSL, -.Fn SSL_get_early_data_status -always returns -.Dv SSL_EARLY_DATA_REJECTED . -With other implementations, it might also return -.Dv SSL_EARLY_DATA_NOT_SENT -or -.Dv SSL_EARLY_DATA_ACCEPTED . -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_read 3 , -.Xr SSL_write 3 -.Sh STANDARDS -RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3: -.Bl -tag -width "section 4.2.10" -compact -.It Section 2.3 -0-RTT data -.It Section 4.2.10 -Early Data Indication -.It Section 8 -0-RTT and Anti-Replay -.It Appendix E.5 -Replay Attacks on 0-RTT -.El -.Sh HISTORY -These functions first appeared in OpenSSL 1.1.1 -and have been available since -.Ox 7.0 . diff --git a/src/lib/libssl/man/SSL_renegotiate.3 b/src/lib/libssl/man/SSL_renegotiate.3 deleted file mode 100644 index 8188d37323..0000000000 --- a/src/lib/libssl/man/SSL_renegotiate.3 +++ /dev/null @@ -1,166 +0,0 @@ -.\" $OpenBSD: SSL_renegotiate.3,v 1.9 2019/06/12 09:36:30 schwarze Exp $ -.\" OpenSSL SSL_key_update.pod 4fbfe86a Feb 16 17:04:40 2017 +0000 -.\" -.\" This file is a derived work. -.\" Some parts are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2016, 2017 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" Other parts were written by Matt Caswell . -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 12 2019 $ -.Dt SSL_RENEGOTIATE 3 -.Os -.Sh NAME -.Nm SSL_renegotiate , -.Nm SSL_renegotiate_abbreviated , -.Nm SSL_renegotiate_pending -.Nd initiate a new TLS handshake -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fo SSL_renegotiate -.Fa "SSL *ssl" -.Fc -.Ft int -.Fo SSL_renegotiate_abbreviated -.Fa "SSL *ssl" -.Fc -.Ft int -.Fo SSL_renegotiate_pending -.Fa "SSL *ssl" -.Fc -.Sh DESCRIPTION -When called from the client side, -.Fn SSL_renegotiate -schedules a completely new handshake over an existing TLS connection. -The next time an I/O operation such as -.Fn SSL_read -or -.Fn SSL_write -takes place on the connection, a check is performed to confirm -that it is a suitable time to start a renegotiation. -If so, a new handshake is initiated immediately. -An existing session associated with the connection is not resumed. -.Pp -This function is automatically called by -.Xr SSL_read 3 -and -.Xr SSL_write 3 -whenever the renegotiation byte count set by -.Xr BIO_set_ssl_renegotiate_bytes 3 -or the timeout set by -.Xr BIO_set_ssl_renegotiate_timeout 3 -are exceeded. -.Pp -When called from the client side, -.Fn SSL_renegotiate_abbreviated -is similar to -.Fn SSL_renegotiate -except that resuming the session associated with the current -connection is attempted in the new handshake. -.Pp -When called from the server side, -.Fn SSL_renegotiate -and -.Fn SSL_renegotiate_abbreviated -behave identically. -They both schedule a request for a new handshake to be sent to the client. -The next time an I/O operation is performed, the same checks as on -the client side are performed and then, if appropriate, the request -is sent. -The client may or may not respond with a new handshake and it may -or may not attempt to resume an existing session. -If a new handshake is started, it is handled transparently during -any I/O function. -.Pp -If a LibreSSL client receives a renegotiation request from a server, -it is also handled transparently during any I/O function. -The client attempts to resume the current session in the new -handshake. -For historical reasons, DTLS clients do not attempt to resume -the session in the new handshake. -.Sh RETURN VALUES -.Fn SSL_renegotiate -and -.Fn SSL_renegotiate_abbreviated -return 1 on success or 0 on error. -.Pp -.Fn SSL_renegotiate_pending -returns 1 if a renegotiation or renegotiation request has been -scheduled but not yet acted on, or 0 otherwise. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_do_handshake 3 , -.Xr SSL_num_renegotiations 3 , -.Xr SSL_read 3 , -.Xr SSL_write 3 -.Sh HISTORY -.Fn SSL_renegotiate -first appeared in SSLeay 0.8.0 and has been available since -.Ox 2.4 . -.Pp -.Fn SSL_renegotiate_pending -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.2 . -.Pp -.Fn SSL_renegotiate_abbreviated -first appeared in OpenSSL 1.0.1 and has been available since -.Ox 5.3 . diff --git a/src/lib/libssl/man/SSL_rstate_string.3 b/src/lib/libssl/man/SSL_rstate_string.3 deleted file mode 100644 index 99613ba3c0..0000000000 --- a/src/lib/libssl/man/SSL_rstate_string.3 +++ /dev/null @@ -1,108 +0,0 @@ -.\" $OpenBSD: SSL_rstate_string.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_RSTATE_STRING 3 -.Os -.Sh NAME -.Nm SSL_rstate_string , -.Nm SSL_rstate_string_long -.Nd get textual description of state of an SSL object during read operation -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft const char * -.Fn SSL_rstate_string "SSL *ssl" -.Ft const char * -.Fn SSL_rstate_string_long "SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_rstate_string -returns a 2-letter string indicating the current read state of the -.Vt SSL -object -.Fa ssl . -.Pp -.Fn SSL_rstate_string_long -returns a string indicating the current read state of the -.Vt SSL -object -.Fa ssl . -.Pp -When performing a read operation, the SSL/TLS engine must parse the record, -consisting of header and body. -When working in a blocking environment, -.Fn SSL_rstate_string[_long] -should always return -.Qo RD Qc Ns / Ns Qo read done Qc . -.Pp -This function should only seldom be needed in applications. -.Sh RETURN VALUES -.Fn SSL_rstate_string -and -.Fn SSL_rstate_string_long -can return the following values: -.Bl -tag -width Ds -.It Qo RH Qc Ns / Ns Qo read header Qc -The header of the record is being evaluated. -.It Qo RB Qc Ns / Ns Qo read body Qc -The body of the record is being evaluated. -.It Qo RD Qc Ns / Ns Qo read done Qc -The record has been completely processed. -.It Qo unknown Qc Ns / Ns Qo unknown Qc -The read state is unknown. -This should never happen. -.El -.Sh SEE ALSO -.Xr ssl 3 -.Sh HISTORY -.Fn SSL_rstate_string -and -.Fn SSL_rstate_string_long -first appeared in SSLeay 0.6.0 and have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_session_reused.3 b/src/lib/libssl/man/SSL_session_reused.3 deleted file mode 100644 index add61a904b..0000000000 --- a/src/lib/libssl/man/SSL_session_reused.3 +++ /dev/null @@ -1,84 +0,0 @@ -.\" $OpenBSD: SSL_session_reused.3,v 1.6 2019/06/12 09:36:30 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 12 2019 $ -.Dt SSL_SESSION_REUSED 3 -.Os -.Sh NAME -.Nm SSL_session_reused -.Nd query whether a reused session was negotiated during handshake -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_session_reused "SSL *ssl" -.Sh DESCRIPTION -Query whether a reused session was negotiated during the handshake. -.Pp -During the negotiation, a client can propose to reuse a session. -The server then looks up the session in its cache. -If both client and server agree on the session, -it will be reused and a flag is set that can be queried by the application. -.Sh RETURN VALUES -The following return values can occur: -.Bl -tag -width Ds -.It 0 -A new session was negotiated. -.It 1 -A session was reused. -.El -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_ctrl 3 , -.Xr SSL_CTX_set_session_cache_mode 3 , -.Xr SSL_set_session 3 -.Sh HISTORY -.Fn SSL_session_reused -first appeared in SSLeay 0.8.0 and has been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_set1_host.3 b/src/lib/libssl/man/SSL_set1_host.3 deleted file mode 100644 index 2a3935c3f2..0000000000 --- a/src/lib/libssl/man/SSL_set1_host.3 +++ /dev/null @@ -1,172 +0,0 @@ -.\" $OpenBSD: SSL_set1_host.3,v 1.4 2021/03/31 16:56:46 tb Exp $ -.\" selective merge up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200 -.\" -.\" This file was written by Viktor Dukhovni -.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 31 2021 $ -.Dt SSL_SET1_HOST 3 -.Os -.Sh NAME -.Nm SSL_set1_host , -.Nm SSL_set_hostflags , -.Nm SSL_get0_peername -.Nd SSL server verification parameters -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fo SSL_set1_host -.Fa "SSL *ssl" -.Fa "const char *hostname" -.Fc -.Ft void -.Fo SSL_set_hostflags -.Fa "SSL *ssl" -.Fa "unsigned int flags" -.Fc -.Ft const char * -.Fo SSL_get0_peername -.Fa "SSL *ssl" -.Fc -.Sh DESCRIPTION -.Fn SSL_set1_host -configures a server hostname check in the -.Fa ssl -client, setting the expected DNS hostname to -.Fa hostname -and clearing any previously specified hostname. -If -.Fa hostname -is -.Dv NULL -or the empty string, name checks are not performed on the peer certificate. -If a nonempty -.Fa hostname -is specified, certificate verification automatically checks the peer -hostname via -.Xr X509_check_host 3 -with -.Fa flags -set to 0. -.Pp -.Fn SSL_set_hostflags -sets the flags that will be passed to -.Xr X509_check_host 3 -when name checks are applicable, -by default the flags value is 0. -See -.Xr X509_check_host 3 -for the list of available flags and their meaning. -.Pp -.Fn SSL_get0_peername -returns the DNS hostname or subject CommonName from the peer certificate -that matched one of the reference identifiers. -Unless wildcard matching is disabled, the name matched in the peer -certificate may be a wildcard name. -A reference identifier starting with -.Sq \&. -indicates a parent domain prefix rather than a fixed name. -In this case, the matched peername may be a sub-domain -of the reference identifier. -The returned string is owned by the library and is no longer valid -once the associated -.Fa ssl -object is cleared or freed, or if a renegotiation takes place. -Applications must not free the return value. -.Pp -SSL clients are advised to use these functions in preference to -explicitly calling -.Xr X509_check_host 3 . -.Sh RETURN VALUES -.Fn SSL_set1_host -returns 1 for success or 0 for failure. -.Pp -.Fn SSL_get0_peername -returns the matched peername or -.Dv NULL -if peername verification is not applicable -or no trusted peername was matched. -Use -.Xr SSL_get_verify_result 3 -to determine whether verification succeeded. -.Sh EXAMPLES -The calls below check the hostname. -Wildcards are supported, but they must match the entire label. -The actual name matched in the certificate (which might be a wildcard) -is retrieved, and must be copied by the application if it is to be -retained beyond the lifetime of the SSL connection. -.Bd -literal -if (!SSL_set1_host(ssl, "smtp.example.com")) - /* error */ - -/* XXX: Perform SSL_connect() handshake and handle errors here */ - -if (SSL_get_verify_result(ssl) == X509_V_OK) { - const char *peername = SSL_get0_peername(ssl); - - if (peername != NULL) - /* Name checks were in scope and matched the peername */ -} -.Ed -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_set_verify 3 , -.Xr SSL_get_peer_certificate 3 , -.Xr SSL_get_verify_result 3 , -.Xr X509_check_host 3 , -.Xr X509_VERIFY_PARAM_set1_host 3 -.Sh HISTORY -All three functions first appeared in OpenSSL 1.1.0. -.Fn SSL_set1_host -has been available since -.Ox 6.5 , -and -.Fn SSL_set_hostflags -and -.Fn SSL_get0_peername -since -.Ox 6.9 . diff --git a/src/lib/libssl/man/SSL_set1_param.3 b/src/lib/libssl/man/SSL_set1_param.3 deleted file mode 100644 index cd8ad40ad0..0000000000 --- a/src/lib/libssl/man/SSL_set1_param.3 +++ /dev/null @@ -1,137 +0,0 @@ -.\" $OpenBSD: SSL_set1_param.3,v 1.6 2022/09/10 10:22:46 jsg Exp $ -.\" full merge up to: -.\" OpenSSL man3/SSL_CTX_get0_param 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: September 10 2022 $ -.Dt SSL_SET1_PARAM 3 -.Os -.Sh NAME -.Nm SSL_CTX_get0_param , -.Nm SSL_get0_param , -.Nm SSL_CTX_set1_param , -.Nm SSL_set1_param -.Nd get and set verification parameters -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft X509_VERIFY_PARAM * -.Fo SSL_CTX_get0_param -.Fa "SSL_CTX *ctx" -.Fc -.Ft X509_VERIFY_PARAM * -.Fo SSL_get0_param -.Fa "SSL *ssl" -.Fc -.Ft int -.Fo SSL_CTX_set1_param -.Fa "SSL_CTX *ctx" -.Fa "X509_VERIFY_PARAM *vpm" -.Fc -.Ft int -.Fo SSL_set1_param -.Fa "SSL *ssl" -.Fa "X509_VERIFY_PARAM *vpm" -.Fc -.Sh DESCRIPTION -.Fn SSL_CTX_get0_param -and -.Fn SSL_get0_param -retrieve an internal pointer to the verification parameters for -.Fa ctx -or -.Fa ssl , -respectively. -The returned pointer must not be freed by the calling application, -but the application can modify the parameters pointed to, -to suit its needs: for example to add a hostname check. -.Pp -.Fn SSL_CTX_set1_param -and -.Fn SSL_set1_param -set the verification parameters to -.Fa vpm -for -.Fa ctx -or -.Fa ssl . -.Sh RETURN VALUES -.Fn SSL_CTX_get0_param -and -.Fn SSL_get0_param -return a pointer to an -.Vt X509_VERIFY_PARAM -structure. -.Pp -.Fn SSL_CTX_set1_param -and -.Fn SSL_set1_param -return 1 for success or 0 for failure. -.Sh EXAMPLES -Check that the hostname matches -.Pa www.foo.com -in the peer certificate: -.Bd -literal -offset indent -X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl); -X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0); -.Ed -.Sh SEE ALSO -.Xr ssl 3 , -.Xr X509_VERIFY_PARAM_set_flags 3 -.Sh HISTORY -.Fn SSL_CTX_set1_param -and -.Fn SSL_set1_param -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . -.Pp -.Fn SSL_CTX_get0_param -and -.Fn SSL_get0_param -first appeared in OpenSSL 1.0.2 and have been available since -.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_set_SSL_CTX.3 b/src/lib/libssl/man/SSL_set_SSL_CTX.3 deleted file mode 100644 index 2abaefb292..0000000000 --- a/src/lib/libssl/man/SSL_set_SSL_CTX.3 +++ /dev/null @@ -1,67 +0,0 @@ -.\" $OpenBSD: SSL_set_SSL_CTX.3,v 1.4 2022/07/13 22:05:53 schwarze Exp $ -.\" -.\" Copyright (c) 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 13 2022 $ -.Dt SSL_SET_SSL_CTX 3 -.Os -.Sh NAME -.Nm SSL_set_SSL_CTX -.Nd modify an SSL connection object to use another context -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft SSL_CTX * -.Fo SSL_set_SSL_CTX -.Fa "SSL *ssl" -.Fa "SSL_CTX* ctx" -.Fc -.Sh DESCRIPTION -.Fn SSL_set_SSL_CTX -causes -.Fa ssl -to use the context -.Fa ctx . -.Pp -If -.Fa ctx -is -.Dv NULL , -.Fa ssl -reverts to using the context that it was initially created from with -.Xr SSL_new 3 . -.Pp -If -.Fa ssl -already uses -.Fa ctx , -no action occurs. -.Sh RETURN VALUES -.Fn SSL_set_SSL_CTX -returns an internal pointer to the context that -.Fa ssl -is using as a result of the call, or -.Dv NULL -if memory allocation fails. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_clear 3 , -.Xr SSL_CTX_new 3 , -.Xr SSL_get_SSL_CTX 3 , -.Xr SSL_new 3 , -.Xr SSL_set_security_level 3 -.Sh HISTORY -.Fn SSL_set_SSL_CTX -first appeared in OpenSSL 0.9.8f and has been available since -.Ox 4.5 . diff --git a/src/lib/libssl/man/SSL_set_bio.3 b/src/lib/libssl/man/SSL_set_bio.3 deleted file mode 100644 index e727f442d6..0000000000 --- a/src/lib/libssl/man/SSL_set_bio.3 +++ /dev/null @@ -1,99 +0,0 @@ -.\" $OpenBSD: SSL_set_bio.3,v 1.6 2020/10/08 18:21:30 tb Exp $ -.\" OpenSSL acb5b343 Sep 16 16:00:38 2000 +0000 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: October 8 2020 $ -.Dt SSL_SET_BIO 3 -.Os -.Sh NAME -.Nm SSL_set_bio -.Nd connect the SSL object with a BIO -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft void -.Fn SSL_set_bio "SSL *ssl" "BIO *rbio" "BIO *wbio" -.Sh DESCRIPTION -.Fn SSL_set_bio -connects the -.Vt BIO Ns -s -.Fa rbio -and -.Fa wbio -for the read and write operations of the TLS/SSL (encrypted) side of -.Fa ssl . -.Pp -The SSL engine inherits the behaviour of -.Fa rbio -and -.Fa wbio , -respectively. -If a -.Vt BIO -is non-blocking, the -.Fa ssl -will also have non-blocking behaviour. -.Pp -If there was already a -.Vt BIO -connected to -.Fa ssl , -.Xr BIO_free 3 -will be called (for both the reading and writing side, if different). -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr ssl 3 , -.Xr SSL_accept 3 , -.Xr SSL_connect 3 , -.Xr SSL_get_rbio 3 , -.Xr SSL_shutdown 3 -.Sh HISTORY -.Fn SSL_set_bio -first appeared in SSLeay 0.6.0 and has been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_set_connect_state.3 b/src/lib/libssl/man/SSL_set_connect_state.3 deleted file mode 100644 index c2072c4370..0000000000 --- a/src/lib/libssl/man/SSL_set_connect_state.3 +++ /dev/null @@ -1,153 +0,0 @@ -.\" $OpenBSD: SSL_set_connect_state.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ -.\" full merge up to OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" selective merge up to: OpenSSL dbd007d7 Jul 28 13:31:27 2017 +0800 -.\" -.\" This file was written by Lutz Jaenicke -.\" and Paul Yang . -.\" Copyright (c) 2001, 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_SET_CONNECT_STATE 3 -.Os -.Sh NAME -.Nm SSL_set_connect_state , -.Nm SSL_set_accept_state , -.Nm SSL_is_server -.Nd prepare SSL object to work in client or server mode -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft void -.Fn SSL_set_connect_state "SSL *ssl" -.Ft void -.Fn SSL_set_accept_state "SSL *ssl" -.Ft int -.Fn SSL_is_server "const SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_set_connect_state -sets -.Fa ssl -to work in client mode. -.Pp -.Fn SSL_set_accept_state -sets -.Fa ssl -to work in server mode. -.Pp -.Fn SSL_is_server -checks whether -.Fa ssl -is set to server mode. -.Pp -When the -.Vt SSL_CTX -object was created with -.Xr SSL_CTX_new 3 , -it was either assigned a dedicated client method, a dedicated server method, or -a generic method, that can be used for both client and server connections. -(The method might have been changed with -.Xr SSL_CTX_set_ssl_version 3 -or -.Xr SSL_set_ssl_method 3 . ) -.Pp -When beginning a new handshake, the SSL engine must know whether it must call -the connect (client) or accept (server) routines. -Even though it may be clear from the method chosen whether client or server -mode was requested, the handshake routines must be explicitly set. -.Pp -When using the -.Xr SSL_connect 3 -or -.Xr SSL_accept 3 -routines, the correct handshake routines are automatically set. -When performing a transparent negotiation using -.Xr SSL_write 3 -or -.Xr SSL_read 3 , -the handshake routines must be explicitly set in advance using either -.Fn SSL_set_connect_state -or -.Fn SSL_set_accept_state . -.Pp -If -.Fn SSL_is_server -is called before -.Fn SSL_set_connect_state -or -.Fn SSL_set_accept_state -was called either automatically or explicitly, -the result depends on what method was used when the -.Fa SSL_CTX -was created. -If a generic method or a dedicated server method was passed to -.Xr SSL_CTX_new 3 , -.Fn SSL_is_server -returns 1; otherwise, it returns 0. -.Sh RETURN VALUES -.Fn SSL_is_server -returns 1 if -.Fa ssl -is set to server mode or 0 if it is set to client mode. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_accept 3 , -.Xr SSL_connect 3 , -.Xr SSL_CTX_new 3 , -.Xr SSL_CTX_set_ssl_version 3 , -.Xr SSL_do_handshake 3 , -.Xr SSL_new 3 , -.Xr SSL_read 3 , -.Xr SSL_write 3 -.Sh HISTORY -.Fn SSL_set_connect_state -and -.Fn SSL_set_accept_state -first appeared in SSLeay 0.6.0 and have been available since -.Ox 2.4 . -.Pp -.Fn SSL_is_server -first appeared in OpenSSL 1.0.2 and has been available since -.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_set_fd.3 b/src/lib/libssl/man/SSL_set_fd.3 deleted file mode 100644 index 7b9727e9ad..0000000000 --- a/src/lib/libssl/man/SSL_set_fd.3 +++ /dev/null @@ -1,129 +0,0 @@ -.\" $OpenBSD: SSL_set_fd.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2013 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_SET_FD 3 -.Os -.Sh NAME -.Nm SSL_set_fd , -.Nm SSL_set_rfd , -.Nm SSL_set_wfd -.Nd connect the SSL object with a file descriptor -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_set_fd "SSL *ssl" "int fd" -.Ft int -.Fn SSL_set_rfd "SSL *ssl" "int fd" -.Ft int -.Fn SSL_set_wfd "SSL *ssl" "int fd" -.Sh DESCRIPTION -.Fn SSL_set_fd -sets the file descriptor -.Fa fd -as the input/output facility for the TLS/SSL (encrypted) side of -.Fa ssl . -.Fa fd -will typically be the socket file descriptor of a network connection. -.Pp -When performing the operation, a socket -.Vt BIO -is automatically created to interface between the -.Fa ssl -and -.Fa fd . -The -.Vt BIO -and hence the SSL engine inherit the behaviour of -.Fa fd . -If -.Fa fd -is non-blocking, the -.Fa ssl -will also have non-blocking behaviour. -.Pp -If there was already a -.Vt BIO -connected to -.Fa ssl , -.Xr BIO_free 3 -will be called (for both the reading and writing side, if different). -.Pp -.Fn SSL_set_rfd -and -.Fn SSL_set_wfd -perform the respective action, but only for the read channel or the write -channel, which can be set independently. -.Sh RETURN VALUES -The following return values can occur: -.Bl -tag -width Ds -.It 0 -The operation failed. -Check the error stack to find out why. -.It 1 -The operation succeeded. -.El -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr ssl 3 , -.Xr SSL_accept 3 , -.Xr SSL_connect 3 , -.Xr SSL_get_fd 3 , -.Xr SSL_set_bio 3 , -.Xr SSL_shutdown 3 -.Sh HISTORY -.Fn SSL_set_fd -appeared in SSLeay 0.4 or earlier. -.Fn SSL_set_rfd -and -.Fn SSL_set_wfd -first appeared in SSLeay 0.6.0. -These functions have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_set_max_send_fragment.3 b/src/lib/libssl/man/SSL_set_max_send_fragment.3 deleted file mode 100644 index 7de087a743..0000000000 --- a/src/lib/libssl/man/SSL_set_max_send_fragment.3 +++ /dev/null @@ -1,97 +0,0 @@ -.\" $OpenBSD: SSL_set_max_send_fragment.3,v 1.5 2019/06/12 09:36:30 schwarze Exp $ -.\" OpenSSL doc/man3/SSL_CTX_set_split_send_fragment.pod -.\" OpenSSL 6782e5fd Oct 21 16:16:20 2016 +0100 -.\" -.\" This file was written by Matt Caswell . -.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 12 2019 $ -.Dt SSL_SET_MAX_SEND_FRAGMENT 3 -.Os -.Sh NAME -.Nm SSL_CTX_set_max_send_fragment , -.Nm SSL_set_max_send_fragment -.Nd control fragment sizes -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft long -.Fo SSL_CTX_set_max_send_fragment -.Fa "SSL_CTX *ctx" -.Fa "long m" -.Fc -.Ft long -.Fo SSL_set_max_send_fragment -.Fa "SSL *ssl" -.Fa "long m" -.Fc -.Sh DESCRIPTION -.Fn SSL_CTX_set_max_send_fragment -and -.Fn SSL_set_max_send_fragment -set the -.Sy max_send_fragment -parameter for SSL_CTX and SSL objects respectively. -This value restricts the amount of plaintext bytes that will be sent in -any one SSL/TLS record. -By default its value is SSL3_RT_MAX_PLAIN_LENGTH (16384). -These functions will only accept a value in the range 512 - -SSL3_RT_MAX_PLAIN_LENGTH. -.Pp -These functions are implemented using macros. -.Sh RETURN VALUES -These functions return 1 on success or 0 on failure. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_ctrl 3 , -.Xr SSL_CTX_set_read_ahead 3 , -.Xr SSL_pending 3 -.Sh HISTORY -.Fn SSL_CTX_set_max_send_fragment -and -.Fn SSL_set_max_send_fragment -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . diff --git a/src/lib/libssl/man/SSL_set_psk_use_session_callback.3 b/src/lib/libssl/man/SSL_set_psk_use_session_callback.3 deleted file mode 100644 index 7f2bfcc010..0000000000 --- a/src/lib/libssl/man/SSL_set_psk_use_session_callback.3 +++ /dev/null @@ -1,86 +0,0 @@ -.\" $OpenBSD: SSL_set_psk_use_session_callback.3,v 1.1 2021/09/14 14:30:57 schwarze Exp $ -.\" OpenSSL man3/SSL_CTX_set_psk_client_callback.pod -.\" checked up to 24a535ea Sep 22 13:14:20 2020 +0100 -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: September 14 2021 $ -.Dt SSL_SET_PSK_USE_SESSION_CALLBACK 3 -.Os -.Sh NAME -.Nm SSL_set_psk_use_session_callback , -.Nm SSL_psk_use_session_cb_func -.Nd set TLS pre-shared key client callback -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft typedef int -.Fo (*SSL_psk_use_session_cb_func) -.Fa "SSL *ssl" -.Fa "const EVP_MD *md" -.Fa "const unsigned char **id" -.Fa "size_t *idlen" -.Fa "SSL_SESSION **session" -.Fc -.Ft void -.Fo SSL_set_psk_use_session_callback -.Fa "SSL *ssl" -.Fa "SSL_psk_use_session_cb_func cb" -.Fc -.Sh DESCRIPTION -LibreSSL provides the stub function -.Fn SSL_set_psk_use_session_callback -to allow compiling application programs -that contain optional support for TLSv1.3 pre-shared keys. -.Pp -LibreSSL does not support TLS pre-shared keys, -and no action occurs when -.Fn SSL_set_psk_use_session_callback -is called. -In particular, both arguments are ignored. -During session negotiation, -LibreSSL never calls the callback -.Fa cb -and always behaves as if that callback succeeded and set the -.Pf * Fa session -pointer to -.Dv NULL . -That is, LibreSSL never sends a pre-shared key to the server -and never aborts the handshake for lack of a pre-shared key. -.Pp -With OpenSSL, a client application wishing to use TLSv1.3 pre-shared keys -can install a callback function -.Fa cb -using -.Fn SSL_set_psk_use_session_callback . -The OpenSSL library may call -.Fa cb -once or twice during session negotiation. -If the callback fails, OpenSSL aborts connection setup. -If the callback succeeds but sets the -.Pf * Fa session -pointer to -.Dv NULL , -OpenSSL continues the handshake -but does not send a pre-shared key to the server. -.Sh RETURN VALUES -The -.Fn SSL_psk_use_session_cb_func -callback is expected to return 1 on success or 0 on failure. -.Sh HISTORY -.Fn SSL_set_psk_use_session_callback -and -.Fn SSL_psk_use_session_cb_func -first appeared in OpenSSL 1.1.1 and have been available since -.Ox 7.0 . diff --git a/src/lib/libssl/man/SSL_set_session.3 b/src/lib/libssl/man/SSL_set_session.3 deleted file mode 100644 index 7d85f5ad0c..0000000000 --- a/src/lib/libssl/man/SSL_set_session.3 +++ /dev/null @@ -1,119 +0,0 @@ -.\" $OpenBSD: SSL_set_session.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2001, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_SET_SESSION 3 -.Os -.Sh NAME -.Nm SSL_set_session -.Nd set a TLS/SSL session to be used during TLS/SSL connect -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_set_session "SSL *ssl" "SSL_SESSION *session" -.Sh DESCRIPTION -.Fn SSL_set_session -sets -.Fa session -to be used when the TLS/SSL connection is to be established. -.Fn SSL_set_session -is only useful for TLS/SSL clients. -When the session is set, the reference count of -.Fa session -is incremented -by 1. -If the session is not reused, the reference count is decremented again during -.Fn SSL_connect . -Whether the session was reused can be queried with the -.Xr SSL_session_reused 3 -call. -.Pp -If there is already a session set inside -.Fa ssl -(because it was set with -.Fn SSL_set_session -before or because the same -.Fa ssl -was already used for a connection), -.Xr SSL_SESSION_free 3 -will be called for that session. -.Pp -.Vt SSL_SESSION -objects keep internal link information about the session cache list when being -inserted into one -.Vt SSL_CTX -object's session cache. -One -.Vt SSL_SESSION -object, regardless of its reference count, must therefore only be used with one -.Vt SSL_CTX -object (and the -.Vt SSL -objects created from this -.Vt SSL_CTX -object). -.Sh RETURN VALUES -The following return values can occur: -.Bl -tag -width Ds -.It 0 -The operation failed; check the error stack to find out the reason. -.It 1 -The operation succeeded. -.El -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_set_session_cache_mode 3 , -.Xr SSL_get_session 3 , -.Xr SSL_SESSION_free 3 , -.Xr SSL_session_reused 3 -.Sh HISTORY -.Fn SSL_set_session -first appeared in SSLeay 0.5.2 and has been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_set_shutdown.3 b/src/lib/libssl/man/SSL_set_shutdown.3 deleted file mode 100644 index ef8c004f76..0000000000 --- a/src/lib/libssl/man/SSL_set_shutdown.3 +++ /dev/null @@ -1,138 +0,0 @@ -.\" $OpenBSD: SSL_set_shutdown.3,v 1.7 2024/12/19 06:45:21 jmc Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001, 2005 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: December 19 2024 $ -.Dt SSL_SET_SHUTDOWN 3 -.Os -.Sh NAME -.Nm SSL_set_shutdown , -.Nm SSL_get_shutdown -.Nd manipulate shutdown state of an SSL connection -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft void -.Fn SSL_set_shutdown "SSL *ssl" "int mode" -.Ft int -.Fn SSL_get_shutdown "const SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_set_shutdown -sets the shutdown state of -.Fa ssl -to -.Fa mode . -.Pp -.Fn SSL_get_shutdown -returns the shutdown mode of -.Fa ssl . -.Pp -The shutdown state of an ssl connection is a bitmask of: -.Bl -tag -width Ds -.It 0 -No shutdown setting, yet. -.It Dv SSL_SENT_SHUTDOWN -A -.Dq close notify -shutdown alert was sent to the peer; the connection is being considered closed -and the session is closed and correct. -.It Dv SSL_RECEIVED_SHUTDOWN -A shutdown alert was received from the peer, either a normal -.Dq close notify -or a fatal error. -.El -.Pp -.Dv SSL_SENT_SHUTDOWN -and -.Dv SSL_RECEIVED_SHUTDOWN -can be set at the same time. -.Pp -The shutdown state of the connection is used to determine the state of the -.Fa ssl -session. -If the session is still open when -.Xr SSL_clear 3 -or -.Xr SSL_free 3 -is called, it is considered bad and removed according to RFC 2246. -The actual condition for a correctly closed session is -.Dv SSL_SENT_SHUTDOWN -(according to the TLS RFC, it is acceptable to only send the -.Dq close notify -alert but to not wait for the peer's answer when the underlying connection is -closed). -.Fn SSL_set_shutdown -can be used to set this state without sending a close alert to the peer (see -.Xr SSL_shutdown 3 ) . -.Pp -If a -.Dq close notify -was received, -.Dv SSL_RECEIVED_SHUTDOWN -will be set, but to set -.Dv SSL_SENT_SHUTDOWN -the application must still call -.Xr SSL_shutdown 3 -or -.Fn SSL_set_shutdown -itself. -.Sh RETURN VALUES -.Fn SSL_get_shutdown -returns the current setting. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_clear 3 , -.Xr SSL_CTX_set_quiet_shutdown 3 , -.Xr SSL_free 3 , -.Xr SSL_shutdown 3 -.Sh HISTORY -.Fn SSL_set_shutdown -and -.Fn SSL_get_shutdown -first appeared in SSLeay 0.8.0 and have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_set_tmp_ecdh.3 b/src/lib/libssl/man/SSL_set_tmp_ecdh.3 deleted file mode 100644 index 8fd2d9fd5b..0000000000 --- a/src/lib/libssl/man/SSL_set_tmp_ecdh.3 +++ /dev/null @@ -1,119 +0,0 @@ -.\" $OpenBSD: SSL_set_tmp_ecdh.3,v 1.6 2021/11/30 15:58:08 jsing Exp $ -.\" -.\" Copyright (c) 2017 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: November 30 2021 $ -.Dt SSL_SET_TMP_ECDH 3 -.Os -.Sh NAME -.Nm SSL_set_tmp_ecdh , -.Nm SSL_CTX_set_tmp_ecdh , -.Nm SSL_set_ecdh_auto , -.Nm SSL_CTX_set_ecdh_auto , -.Nm SSL_set_tmp_ecdh_callback , -.Nm SSL_CTX_set_tmp_ecdh_callback -.Nd select a curve for ECDH ephemeral key exchange -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft long -.Fo SSL_set_tmp_ecdh -.Fa "SSL *ssl" -.Fa "EC_KEY *ecdh" -.Fc -.Ft long -.Fo SSL_CTX_set_tmp_ecdh -.Fa "SSL_CTX *ctx" -.Fa "EC_KEY *ecdh" -.Fc -.Ft long -.Fo SSL_set_ecdh_auto -.Fa "SSL *ssl" -.Fa "int state" -.Fc -.Ft long -.Fo SSL_CTX_set_ecdh_auto -.Fa "SSL_CTX *ctx" -.Fa "int state" -.Fc -.Ft void -.Fo SSL_set_tmp_ecdh_callback -.Fa "SSL *ssl" -.Fa "EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)" -.Fc -.Ft void -.Fo SSL_CTX_set_tmp_ecdh_callback -.Fa "SSL_CTX *ctx" -.Fa "EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)" -.Fc -.Sh DESCRIPTION -Automatic EC curve selection and generation is always enabled in -LibreSSL, and applications cannot manually provide EC keys for use -with ECDH key exchange. -.Pp -The only remaining effect of -.Fn SSL_set_tmp_ecdh -is that the curve of the given -.Fa ecdh -key becomes the only curve enabled for the -.Fa ssl -connection, so it is equivalent to calling -.Xr SSL_set1_groups_list 3 -with the same single curve name. -.Pp -.Fn SSL_CTX_set_tmp_ecdh -has the same effect on all connections that will be created from -.Fa ctx -in the future. -.Pp -The functions -.Fn SSL_set_ecdh_auto , -.Fn SSL_CTX_set_ecdh_auto , -.Fn SSL_set_tmp_ecdh_callback , -and -.Fn SSL_CTX_set_tmp_ecdh_callback -are deprecated and have no effect. -.Sh RETURN VALUES -.Fn SSL_set_tmp_ecdh -and -.Fn SSL_CTX_set_tmp_ecdh -return 1 on success or 0 on failure. -.Pp -.Fn SSL_set_ecdh_auto , -.Fn SSL_CTX_set_ecdh_auto , -.Fn SSL_set_tmp_ecdh_callback , -and -.Fn SSL_CTX_set_tmp_ecdh_callback -always return 1. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_set1_groups 3 , -.Xr SSL_CTX_set_cipher_list 3 , -.Xr SSL_CTX_set_options 3 , -.Xr SSL_CTX_set_tmp_dh_callback 3 , -.Xr SSL_new 3 -.Sh HISTORY -.Fn SSL_set_tmp_ecdh , -.Fn SSL_CTX_set_tmp_ecdh , -.Fn SSL_set_tmp_ecdh_callback , -and -.Fn SSL_CTX_set_tmp_ecdh_callback -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Pp -.Fn SSL_CTX_set_ecdh_auto -and -.Fn SSL_set_ecdh_auto -first appeared in OpenSSL 1.0.2 and have been available since -.Ox 5.7 . diff --git a/src/lib/libssl/man/SSL_set_verify_result.3 b/src/lib/libssl/man/SSL_set_verify_result.3 deleted file mode 100644 index 4b7cc6ec3c..0000000000 --- a/src/lib/libssl/man/SSL_set_verify_result.3 +++ /dev/null @@ -1,90 +0,0 @@ -.\" $OpenBSD: SSL_set_verify_result.3,v 1.5 2020/03/29 17:05:02 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 29 2020 $ -.Dt SSL_SET_VERIFY_RESULT 3 -.Os -.Sh NAME -.Nm SSL_set_verify_result -.Nd override result of peer certificate verification -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft void -.Fn SSL_set_verify_result "SSL *ssl" "long verify_result" -.Sh DESCRIPTION -.Fn SSL_set_verify_result -sets -.Fa verify_result -of the object -.Fa ssl -to be the result of the verification of the X509 certificate presented by the -peer, if any. -.Pp -.Fn SSL_set_verify_result -overrides the verification result. -It only changes the verification result of the -.Fa ssl -object. -It does not become part of the established session, so if the session is to be -reused later, the original value will reappear. -.Pp -The valid codes for -.Fa verify_result -are documented in -.Xr openssl 1 . -.Sh SEE ALSO -.Xr openssl 1 , -.Xr ssl 3 , -.Xr SSL_get_peer_certificate 3 , -.Xr SSL_get_verify_result 3 -.Sh HISTORY -.Fn SSL_set_verify_result -first appeared in SSLeay 0.6.1 and has been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_shutdown.3 b/src/lib/libssl/man/SSL_shutdown.3 deleted file mode 100644 index bfb1e91ea7..0000000000 --- a/src/lib/libssl/man/SSL_shutdown.3 +++ /dev/null @@ -1,253 +0,0 @@ -.\" $OpenBSD: SSL_shutdown.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2001, 2004, 2014 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_SHUTDOWN 3 -.Os -.Sh NAME -.Nm SSL_shutdown -.Nd shut down a TLS/SSL connection -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_shutdown "SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_shutdown -shuts down an active TLS/SSL connection. -It sends the -.Dq close notify -shutdown alert to the peer. -.Pp -.Fn SSL_shutdown -tries to send the -.Dq close notify -shutdown alert to the peer. -Whether the operation succeeds or not, the -.Dv SSL_SENT_SHUTDOWN -flag is set and a currently open session is considered closed and good and will -be kept in the session cache for further reuse. -.Pp -The shutdown procedure consists of 2 steps: the sending of the -.Dq close notify -shutdown alert and the reception of the peer's -.Dq close notify -shutdown alert. -According to the TLS standard, it is acceptable for an application to only send -its shutdown alert and then close the underlying connection without waiting for -the peer's response (this way resources can be saved, as the process can -already terminate or serve another connection). -When the underlying connection shall be used for more communications, -the complete shutdown procedure (bidirectional -.Dq close notify -alerts) must be performed, so that the peers stay synchronized. -.Pp -.Fn SSL_shutdown -supports both uni- and bidirectional shutdown by its 2 step behavior. -.Pp -When the application is the first party to send the -.Dq close notify -alert, -.Fn SSL_shutdown -will only send the alert and then set the -.Dv SSL_SENT_SHUTDOWN -flag (so that the session is considered good and will be kept in cache). -.Fn SSL_shutdown -will then return 0. -If a unidirectional shutdown is enough -(the underlying connection shall be closed anyway), this first call to -.Fn SSL_shutdown -is sufficient. -In order to complete the bidirectional shutdown handshake, -.Fn SSL_shutdown -must be called again. -The second call will make -.Fn SSL_shutdown -wait for the peer's -.Dq close notify -shutdown alert. -On success, the second call to -.Fn SSL_shutdown -will return 1. -.Pp -If the peer already sent the -.Dq close notify -alert and it was already processed implicitly inside another function -.Pq Xr SSL_read 3 , -the -.Dv SSL_RECEIVED_SHUTDOWN -flag is set. -.Fn SSL_shutdown -will send the -.Dq close notify -alert, set the -.Dv SSL_SENT_SHUTDOWN -flag and will immediately return with 1. -Whether -.Dv SSL_RECEIVED_SHUTDOWN -is already set can be checked using the -.Fn SSL_get_shutdown -(see also the -.Xr SSL_set_shutdown 3 -call). -.Pp -It is therefore recommended to check the return value of -.Fn SSL_shutdown -and call -.Fn SSL_shutdown -again, if the bidirectional shutdown is not yet complete (return value of the -first call is 0). -.Pp -The behaviour of -.Fn SSL_shutdown -additionally depends on the underlying -.Vt BIO . -.Pp -If the underlying -.Vt BIO -is -.Em blocking , -.Fn SSL_shutdown -will only return once the -handshake step has been finished or an error occurred. -.Pp -If the underlying -.Vt BIO -is -.Em non-blocking , -.Fn SSL_shutdown -will also return when the underlying -.Vt BIO -could not satisfy the needs of -.Fn SSL_shutdown -to continue the handshake. -In this case a call to -.Xr SSL_get_error 3 -with the -return value of -.Fn SSL_shutdown -will yield -.Dv SSL_ERROR_WANT_READ -or -.Dv SSL_ERROR_WANT_WRITE . -The calling process then must repeat the call after taking appropriate action -to satisfy the needs of -.Fn SSL_shutdown . -The action depends on the underlying -.Vt BIO . -When using a non-blocking socket, nothing is to be done, but -.Xr select 2 -can be used to check for the required condition. -When using a buffering -.Vt BIO , -like a -.Vt BIO -pair, data must be written into or retrieved out of the -.Vt BIO -before being able to continue. -.Pp -.Fn SSL_shutdown -can be modified to only set the connection to -.Dq shutdown -state but not actually send the -.Dq close notify -alert messages; see -.Xr SSL_CTX_set_quiet_shutdown 3 . -When -.Dq quiet shutdown -is enabled, -.Fn SSL_shutdown -will always succeed and return 1. -.Sh RETURN VALUES -The following return values can occur: -.Bl -tag -width Ds -.It 0 -The shutdown is not yet finished. -Call -.Fn SSL_shutdown -for a second time, if a bidirectional shutdown shall be performed. -The output of -.Xr SSL_get_error 3 -may be misleading, as an erroneous -.Dv SSL_ERROR_SYSCALL -may be flagged even though no error occurred. -.It 1 -The shutdown was successfully completed. -The -.Dq close notify -alert was sent and the peer's -.Dq close notify -alert was received. -.It \(mi1 -The shutdown was not successful because a fatal error occurred either -at the protocol level or a connection failure occurred. -It can also occur if action is need to continue the operation for non-blocking -.Vt BIO Ns -s. -Call -.Xr SSL_get_error 3 -with the return value -.Fa ret -to find out the reason. -.El -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr ssl 3 , -.Xr SSL_accept 3 , -.Xr SSL_clear 3 , -.Xr SSL_connect 3 , -.Xr SSL_CTX_set_quiet_shutdown 3 , -.Xr SSL_free 3 , -.Xr SSL_get_error 3 , -.Xr SSL_set_shutdown 3 -.Sh HISTORY -.Fn SSL_shutdown -first appeared in SSLeay 0.8.0 and has been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_state_string.3 b/src/lib/libssl/man/SSL_state_string.3 deleted file mode 100644 index 1070335448..0000000000 --- a/src/lib/libssl/man/SSL_state_string.3 +++ /dev/null @@ -1,110 +0,0 @@ -.\" $OpenBSD: SSL_state_string.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001, 2005 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_STATE_STRING 3 -.Os -.Sh NAME -.Nm SSL_state_string , -.Nm SSL_state_string_long -.Nd get textual description of state of an SSL object -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft const char * -.Fn SSL_state_string "const SSL *ssl" -.Ft const char * -.Fn SSL_state_string_long "const SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_state_string -returns a 6 letter string indicating the current state of the -.Vt SSL -object -.Fa ssl . -.Pp -.Fn SSL_state_string_long -returns a string indicating the current state of the -.Vt SSL -object -.Fa ssl . -.Pp -During its use, an -.Vt SSL -object passes several states. -The state is internally maintained. -Querying the state information is not very informative before or when a -connection has been established. -It however can be of significant interest during the handshake. -.Pp -When using non-blocking sockets, -the function call performing the handshake may return with -.Dv SSL_ERROR_WANT_READ -or -.Dv SSL_ERROR_WANT_WRITE -condition, so that -.Fn SSL_state_string[_long] -may be called. -.Pp -For both blocking or non-blocking sockets, -the details state information can be used within the -.Fn info_callback -function set with the -.Xr SSL_set_info_callback 3 -call. -.Sh RETURN VALUES -Detailed description of possible states to be included later. -.Sh SEE ALSO -.Xr ssl 3 , -.Xr SSL_CTX_set_info_callback 3 -.Sh HISTORY -.Fn SSL_state_string -and -.Fn SSL_state_string_long -first appeared in SSLeay 0.6.0 and have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_want.3 b/src/lib/libssl/man/SSL_want.3 deleted file mode 100644 index 24e8645ba8..0000000000 --- a/src/lib/libssl/man/SSL_want.3 +++ /dev/null @@ -1,161 +0,0 @@ -.\" $OpenBSD: SSL_want.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001, 2005 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SSL_WANT 3 -.Os -.Sh NAME -.Nm SSL_want , -.Nm SSL_want_nothing , -.Nm SSL_want_read , -.Nm SSL_want_write , -.Nm SSL_want_x509_lookup -.Nd obtain state information TLS/SSL I/O operation -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_want "const SSL *ssl" -.Ft int -.Fn SSL_want_nothing "const SSL *ssl" -.Ft int -.Fn SSL_want_read "const SSL *ssl" -.Ft int -.Fn SSL_want_write "const SSL *ssl" -.Ft int -.Fn SSL_want_x509_lookup "const SSL *ssl" -.Sh DESCRIPTION -.Fn SSL_want -returns state information for the -.Vt SSL -object -.Fa ssl . -.Pp -The other -.Fn SSL_want_* -calls are shortcuts for the possible states returned by -.Fn SSL_want . -.Pp -.Fn SSL_want -examines the internal state information of the -.Vt SSL -object. -Its return values are similar to those of -.Xr SSL_get_error 3 . -Unlike -.Xr SSL_get_error 3 , -which also evaluates the error queue, -the results are obtained by examining an internal state flag only. -The information must therefore only be used for normal operation under -non-blocking I/O. -Error conditions are not handled and must be treated using -.Xr SSL_get_error 3 . -.Pp -The result returned by -.Fn SSL_want -should always be consistent with the result of -.Xr SSL_get_error 3 . -.Sh RETURN VALUES -The following return values can currently occur for -.Fn SSL_want : -.Bl -tag -width Ds -.It Dv SSL_NOTHING -There is no data to be written or to be read. -.It Dv SSL_WRITING -There are data in the SSL buffer that must be written to the underlying -.Vt BIO -layer in order to complete the actual -.Fn SSL_* -operation. -A call to -.Xr SSL_get_error 3 -should return -.Dv SSL_ERROR_WANT_WRITE . -.It Dv SSL_READING -More data must be read from the underlying -.Vt BIO -layer in order to -complete the actual -.Fn SSL_* -operation. -A call to -.Xr SSL_get_error 3 -should return -.Dv SSL_ERROR_WANT_READ . -.It Dv SSL_X509_LOOKUP -The operation did not complete because an application callback set by -.Xr SSL_CTX_set_client_cert_cb 3 -has asked to be called again. -A call to -.Xr SSL_get_error 3 -should return -.Dv SSL_ERROR_WANT_X509_LOOKUP . -.El -.Pp -.Fn SSL_want_nothing , -.Fn SSL_want_read , -.Fn SSL_want_write , -and -.Fn SSL_want_x509_lookup -return 1 when the corresponding condition is true or 0 otherwise. -.Sh SEE ALSO -.Xr err 3 , -.Xr ssl 3 , -.Xr SSL_get_error 3 -.Sh HISTORY -.Fn SSL_want , -.Fn SSL_want_nothing , -.Fn SSL_want_read , -and -.Fn SSL_want_write -first appeared in SSLeay 0.5.2. -.Fn SSL_want_x509_lookup -first appeared in SSLeay 0.6.0. -These functions have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_write.3 b/src/lib/libssl/man/SSL_write.3 deleted file mode 100644 index 2c6fbcef08..0000000000 --- a/src/lib/libssl/man/SSL_write.3 +++ /dev/null @@ -1,249 +0,0 @@ -.\" $OpenBSD: SSL_write.3,v 1.7 2021/10/24 15:10:13 schwarze Exp $ -.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" partial merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 -.\" -.\" This file was written by Lutz Jaenicke -.\" and Matt Caswell . -.\" Copyright (c) 2000, 2001, 2002, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: October 24 2021 $ -.Dt SSL_WRITE 3 -.Os -.Sh NAME -.Nm SSL_write_ex , -.Nm SSL_write -.Nd write bytes to a TLS connection -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft int -.Fn SSL_write_ex "SSL *ssl" "const void *buf" "size_t num" "size_t *written" -.Ft int -.Fn SSL_write "SSL *ssl" "const void *buf" "int num" -.Sh DESCRIPTION -.Fn SSL_write_ex -and -.Fn SSL_write -write -.Fa num -bytes from the buffer -.Fa buf -into the specified -.Fa ssl -connection. -On success -.Fn SSL_write_ex -stores the number of bytes written in -.Pf * Fa written . -.Pp -In the following, -.Fn SSL_write_ex -and -.Fn SSL_write -are called -.Dq write functions . -.Pp -If necessary, a write function negotiates a TLS session, -if not already explicitly performed by -.Xr SSL_connect 3 -or -.Xr SSL_accept 3 . -If the peer requests a re-negotiation, -it will be performed transparently during the -write function operation. -The behaviour of the write functions depends on the underlying -.Vt BIO . -.Pp -For the transparent negotiation to succeed, the -.Fa ssl -must have been initialized to client or server mode. -This is done by calling -.Xr SSL_set_connect_state 3 -or -.Xr SSL_set_accept_state 3 -before the first call to a write function. -.Pp -If the underlying -.Vt BIO -is -.Em blocking , -the write function -will only return once the write operation has been finished or an error -occurred, except when a renegotiation takes place, in which case a -.Dv SSL_ERROR_WANT_READ -may occur. -This behaviour can be controlled with the -.Dv SSL_MODE_AUTO_RETRY -flag of the -.Xr SSL_CTX_set_mode 3 -call. -.Pp -If the underlying -.Vt BIO -is -.Em non-blocking , -the write function will also return when the underlying -.Vt BIO -could not satisfy the needs of the function to continue the operation. -In this case a call to -.Xr SSL_get_error 3 -with the return value of the write function will yield -.Dv SSL_ERROR_WANT_READ -or -.Dv SSL_ERROR_WANT_WRITE . -As at any time a re-negotiation is possible, a call to -a write function can also cause read operations. -The calling process then must repeat the call after taking appropriate action -to satisfy the needs of the write function. -The action depends on the underlying -.Vt BIO . -When using a non-blocking socket, nothing is to be done, but -.Xr select 2 -can be used to check for the required condition. -When using a buffering -.Vt BIO , -like a -.Vt BIO -pair, data must be written into or retrieved out of the BIO before being able -to continue. -.Pp -The write functions -will only return with success when the complete contents of -.Fa buf -of length -.Fa num -have been written. -This default behaviour can be changed with the -.Dv SSL_MODE_ENABLE_PARTIAL_WRITE -option of -.Xr SSL_CTX_set_mode 3 . -When this flag is set, the write functions will also return with -success when a partial write has been successfully completed. -In this case the write function operation is considered completed. -The bytes are sent and a new write call with a new buffer (with the -already sent bytes removed) must be started. -A partial write is performed with the size of a message block, -which is 16kB. -.Pp -When a write function call has to be repeated because -.Xr SSL_get_error 3 -returned -.Dv SSL_ERROR_WANT_READ -or -.Dv SSL_ERROR_WANT_WRITE , -it must be repeated with the same arguments. -.Pp -When calling -.Fn SSL_write -with -.Fa num Ns =0 -bytes to be sent, the behaviour is undefined. -.Fn SSL_write_ex -can be called with -.Fa num Ns =0 , -but will not send application data to the peer. -.Sh RETURN VALUES -.Fn SSL_write_ex -returns 1 for success or 0 for failure. -Success means that all requested application data bytes have been -written to the TLS connection or, if -.Dv SSL_MODE_ENABLE_PARTIAL_WRITE -is in use, at least one application data byte has been written -to the TLS connection. -Failure means that not all the requested bytes have been written yet (if -.Dv SSL_MODE_ENABLE_PARTIAL_WRITE -is not in use) or no bytes could be written to the TLS connection (if -.Dv SSL_MODE_ENABLE_PARTIAL_WRITE -is in use). -Failures can be retryable (e.g. the network write buffer has temporarily -filled up) or non-retryable (e.g. a fatal network error). -In the event of a failure, call -.Xr SSL_get_error 3 -to find out the reason -which indicates whether the call is retryable or not. -.Pp -For -.Fn SSL_write , -the following return values can occur: -.Bl -tag -width Ds -.It >0 -The write operation was successful. -The return value is the number of bytes actually written to the TLS -connection. -.It 0 -The write operation was not successful. -Probably the underlying connection was closed. -Call -.Xr SSL_get_error 3 -with the return value to find out whether an error occurred or the connection -was shut down cleanly -.Pq Dv SSL_ERROR_ZERO_RETURN . -.It <0 -The write operation was not successful, because either an error occurred or -action must be taken by the calling process. -Call -.Xr SSL_get_error 3 -with the return value to find out the reason. -.El -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr ssl 3 , -.Xr SSL_accept 3 , -.Xr SSL_connect 3 , -.Xr SSL_CTX_new 3 , -.Xr SSL_CTX_set_mode 3 , -.Xr SSL_get_error 3 , -.Xr SSL_read 3 , -.Xr SSL_set_connect_state 3 -.Sh HISTORY -.Fn SSL_write -appeared in SSLeay 0.4 or earlier and has been available since -.Ox 2.4 . -.Pp -.Fn SSL_write_ex -first appeared in OpenSSL 1.1.1 and has been available since -.Ox 7.1 . diff --git a/src/lib/libssl/man/d2i_SSL_SESSION.3 b/src/lib/libssl/man/d2i_SSL_SESSION.3 deleted file mode 100644 index 7a2bc529ab..0000000000 --- a/src/lib/libssl/man/d2i_SSL_SESSION.3 +++ /dev/null @@ -1,181 +0,0 @@ -.\" $OpenBSD: d2i_SSL_SESSION.3,v 1.7 2019/06/08 15:25:43 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2001, 2005, 2014 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 8 2019 $ -.Dt D2I_SSL_SESSION 3 -.Os -.Sh NAME -.Nm d2i_SSL_SESSION , -.Nm i2d_SSL_SESSION -.Nd convert SSL_SESSION object from/to ASN1 representation -.Sh SYNOPSIS -.In openssl/ssl.h -.Ft SSL_SESSION * -.Fn d2i_SSL_SESSION "SSL_SESSION **a" "const unsigned char **pp" "long length" -.Ft int -.Fn i2d_SSL_SESSION "SSL_SESSION *in" "unsigned char **pp" -.Sh DESCRIPTION -.Fn d2i_SSL_SESSION -transforms the external ASN1 representation of an SSL/TLS session, -stored as binary data at location -.Fa pp -with length -.Fa length , -into -an -.Vt SSL_SESSION -object. -.Pp -.Fn i2d_SSL_SESSION -transforms the -.Vt SSL_SESSION -object -.Fa in -into the ASN1 representation and stores it into the memory location pointed to -by -.Fa pp . -The length of the resulting ASN1 representation is returned. -If -.Fa pp -is the -.Dv NULL -pointer, only the length is calculated and returned. -.Pp -The -.Vt SSL_SESSION -object is built from several -.Xr malloc 3 Ns --ed parts; it can therefore not be moved, copied or stored directly. -In order to store session data on disk or into a database, -it must be transformed into a binary ASN1 representation. -.Pp -When using -.Fn d2i_SSL_SESSION , -the -.Vt SSL_SESSION -object is automatically allocated. -The reference count is 1, so that the session must be explicitly removed using -.Xr SSL_SESSION_free 3 , -unless the -.Vt SSL_SESSION -object is completely taken over, when being called inside the -.Fn get_session_cb , -see -.Xr SSL_CTX_sess_set_get_cb 3 . -.Pp -.Vt SSL_SESSION -objects keep internal link information about the session cache list when being -inserted into one -.Vt SSL_CTX -object's session cache. -One -.Vt SSL_SESSION -object, regardless of its reference count, must therefore only be used with one -.Vt SSL_CTX -object (and the -.Vt SSL -objects created from this -.Vt SSL_CTX -object). -.Pp -When using -.Fn i2d_SSL_SESSION , -the memory location pointed to by -.Fa pp -must be large enough to hold the binary representation of the session. -There is no known limit on the size of the created ASN1 representation, -so call -.Fn i2d_SSL_SESSION -first with -.Fa pp Ns = Ns Dv NULL -to obtain the encoded size, before allocating the required amount of memory and -calling -.Fn i2d_SSL_SESSION -again. -Note that this will advance the value contained in -.Fa *pp -so it is necessary to save a copy of the original allocation. -For example: -.Bd -literal -offset indent -char *p, *pp; -int elen, len; - -elen = i2d_SSL_SESSION(sess, NULL); -p = pp = malloc(elen); -if (p != NULL) { - len = i2d_SSL_SESSION(sess, &pp); - assert(elen == len); - assert(p + len == pp); -} -.Ed -.Sh RETURN VALUES -.Fn d2i_SSL_SESSION -returns a pointer to the newly allocated -.Vt SSL_SESSION -object. -In case of failure a -.Dv NULL -pointer is returned and the error message can be retrieved from the error -stack. -.Pp -.Fn i2d_SSL_SESSION -returns the size of the ASN1 representation in bytes. -When the session is not valid, 0 is returned and no operation is performed. -.Sh SEE ALSO -.Xr d2i_X509 3 , -.Xr ssl 3 , -.Xr SSL_CTX_sess_set_get_cb 3 , -.Xr SSL_SESSION_free 3 -.Sh HISTORY -.Fn d2i_SSL_SESSION -and -.Fn i2d_SSL_SESSION -first appeared in SSLeay 0.5.2 and have been available since -.Ox 2.4 . diff --git a/src/lib/libssl/man/ssl.3 b/src/lib/libssl/man/ssl.3 deleted file mode 100644 index 314a1b0a94..0000000000 --- a/src/lib/libssl/man/ssl.3 +++ /dev/null @@ -1,353 +0,0 @@ -.\" $OpenBSD: ssl.3,v 1.26 2024/08/31 10:51:48 tb Exp $ -.\" full merge up to: OpenSSL e330f55d Nov 11 00:51:04 2016 +0100 -.\" selective merge up to: OpenSSL 322755cc Sep 1 08:40:51 2018 +0800 -.\" -.\" This file was written by Ralf S. Engelschall , -.\" Ben Laurie , and Ulf Moeller . -.\" Copyright (c) 1998-2002, 2005, 2013, 2015 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 31 2024 $ -.Dt SSL 3 -.Os -.Sh NAME -.Nm ssl -.Nd OpenSSL TLS library -.Sh DESCRIPTION -The -.Nm ssl -library implements the Transport Layer Security (TLS) protocol, -the successor to the Secure Sockets Layer (SSL) protocol. -.Pp -An -.Vt SSL_CTX -object is created as a framework to establish TLS/SSL enabled connections (see -.Xr SSL_CTX_new 3 ) . -Various options regarding certificates, algorithms, etc., can be set in this -object. -.Pp -When a network connection has been created, it can be assigned to an -.Vt SSL -object. -After the -.Vt SSL -object has been created using -.Xr SSL_new 3 , -.Xr SSL_set_fd 3 -or -.Xr SSL_set_bio 3 -can be used to associate the network connection with the object. -.Pp -Then the TLS/SSL handshake is performed using -.Xr SSL_accept 3 -or -.Xr SSL_connect 3 -respectively. -.Xr SSL_read 3 -and -.Xr SSL_write 3 -are used to read and write data on the TLS/SSL connection. -.Xr SSL_shutdown 3 -can be used to shut down the TLS/SSL connection. -.Sh DATA STRUCTURES -Currently the -.Nm ssl -library functions deal with the following data structures: -.Bl -tag -width Ds -.It Vt SSL_METHOD No (SSL Method) -That's a dispatch structure describing the internal -.Nm ssl -library methods/functions which implement the various protocol versions. -It's needed to create an -.Vt SSL_CTX . -See -.Xr TLS_method 3 -for constructors. -.It Vt SSL_CIPHER No (SSL Cipher) -This structure holds the algorithm information for a particular cipher which -is a core part of the SSL/TLS protocol. -The available ciphers are configured on an -.Vt SSL_CTX -basis and the actually used ones are then part of the -.Vt SSL_SESSION . -.It Vt SSL_CTX No (SSL Context) -That's the global context structure which is created by a server or client -once per program lifetime and which holds mainly default values for the -.Vt SSL -structures which are later created for the connections. -.It Vt SSL_SESSION No (SSL Session) -This is a structure containing the current TLS/SSL session details for a -connection: -.Vt SSL_CIPHER Ns s , -client and server certificates, keys, etc. -.It Vt SSL No (SSL Connection) -That's the main SSL/TLS structure which is created by a server or client per -established connection. -This actually is the core structure in the SSL API. -At run-time the application usually deals with this structure which has -links to mostly all other structures. -.El -.Sh HEADER FILES -Currently the -.Nm ssl -library provides the following C header files containing the prototypes for the -data structures and functions: -.Bl -tag -width Ds -.It Pa ssl.h -That's the common header file for the SSL/TLS API. -Include it into your program to make the API of the -.Nm ssl -library available. -It internally includes both more private SSL headers and headers from the -.Em crypto -library. -Whenever you need hardcore details on the internals of the SSL API, look inside -this header file. -.It Pa ssl3.h -That's the sub header file dealing with the SSLv3 protocol only. -.Bf Em -Usually you don't have to include it explicitly because it's already included -by -.Pa ssl.h . -.Ef -.It Pa tls1.h -That's the sub header file dealing with the TLSv1 protocol only. -.Bf Em -Usually you don't have to include it explicitly because it's already included -by -.Pa ssl.h . -.Ef -.El -.Sh API FUNCTIONS -.Ss Ciphers -The following pages describe functions acting on -.Vt SSL_CIPHER -objects: -.Xr SSL_get_ciphers 3 , -.Xr SSL_get_current_cipher 3 , -.Xr SSL_CIPHER_get_name 3 -.Ss Protocol contexts -The following pages describe functions acting on -.Vt SSL_CTX -objects. -.Pp -Constructors and destructors: -.Xr SSL_CTX_new 3 , -.Xr SSL_CTX_set_ssl_version 3 , -.Xr SSL_CTX_free 3 -.Pp -Certificate configuration: -.Xr SSL_CTX_add_extra_chain_cert 3 , -.Xr SSL_CTX_get0_certificate 3 , -.Xr SSL_CTX_load_verify_locations 3 , -.Xr SSL_CTX_set_cert_store 3 , -.Xr SSL_CTX_set_cert_verify_callback 3 , -.Xr SSL_CTX_set_client_cert_cb 3 , -.Xr SSL_CTX_set_default_passwd_cb 3 , -.Xr SSL_CTX_set_tlsext_status_cb 3 -.Pp -Session configuration: -.Xr SSL_CTX_add_session 3 , -.Xr SSL_CTX_flush_sessions 3 , -.Xr SSL_CTX_sess_number 3 , -.Xr SSL_CTX_sess_set_cache_size 3 , -.Xr SSL_CTX_sess_set_get_cb 3 , -.Xr SSL_CTX_sessions 3 , -.Xr SSL_CTX_set_session_cache_mode 3 , -.Xr SSL_CTX_set_timeout 3 , -.Xr SSL_CTX_set_tlsext_ticket_key_cb 3 -.Pp -Various configuration: -.Xr SSL_CTX_get_ex_new_index 3 , -.Xr SSL_CTX_set_tlsext_servername_callback 3 -.Ss Common configuration of contexts and connections -The functions on the following pages each come in two variants: -one to directly configure a single -.Vt SSL -connection and another to be called on an -.Vt SSL_CTX -object, to set up defaults for all future -.Vt SSL -connections created from that context. -.Pp -Protocol and algorithm configuration: -.Xr SSL_CTX_set_alpn_select_cb 3 , -.Xr SSL_CTX_set_cipher_list 3 , -.Xr SSL_CTX_set_min_proto_version 3 , -.Xr SSL_CTX_set_options 3 , -.Xr SSL_CTX_set_security_level 3 , -.Xr SSL_CTX_set_tlsext_use_srtp 3 , -.Xr SSL_CTX_set_tmp_dh_callback 3 , -.Xr SSL_CTX_set1_groups 3 -.Pp -Certificate configuration: -.Xr SSL_CTX_add1_chain_cert 3 , -.Xr SSL_CTX_get_verify_mode 3 , -.Xr SSL_CTX_set_client_CA_list 3 , -.Xr SSL_CTX_set_max_cert_list 3 , -.Xr SSL_CTX_set_verify 3 , -.Xr SSL_CTX_use_certificate 3 , -.Xr SSL_get_client_CA_list 3 -.Xr SSL_set1_param 3 -.Pp -Session configuration: -.Xr SSL_CTX_set_generate_session_id 3 , -.Xr SSL_CTX_set_session_id_context 3 -.Pp -Various configuration: -.Xr SSL_CTX_ctrl 3 , -.Xr SSL_CTX_set_info_callback 3 , -.Xr SSL_CTX_set_mode 3 , -.Xr SSL_CTX_set_msg_callback 3 , -.Xr SSL_CTX_set_quiet_shutdown 3 , -.Xr SSL_CTX_set_read_ahead 3 , -.Xr SSL_set_max_send_fragment 3 -.Ss Sessions -The following pages describe functions acting on -.Vt SSL_SESSION -objects. -.Pp -Constructors and destructors: -.Xr SSL_SESSION_new 3 , -.Xr SSL_SESSION_free 3 -.Pp -Accessors: -.Xr SSL_SESSION_get_compress_id 3 , -.Xr SSL_SESSION_get_ex_new_index 3 , -.Xr SSL_SESSION_get_id 3 , -.Xr SSL_SESSION_get_protocol_version 3 , -.Xr SSL_SESSION_get_time 3 , -.Xr SSL_SESSION_get0_peer 3 , -.Xr SSL_SESSION_has_ticket 3 , -.Xr SSL_SESSION_set1_id_context 3 -.Pp -Encoding and decoding: -.Xr d2i_SSL_SESSION 3 , -.Xr PEM_read_SSL_SESSION 3 , -.Xr SSL_SESSION_print 3 -.Ss Connections -The following pages describe functions acting on -.Vt SSL -connection objects: -.Pp -Constructors and destructors: -.Xr SSL_new 3 , -.Xr SSL_dup 3 , -.Xr SSL_free 3 , -.Xr BIO_f_ssl 3 -.Pp -To change the configuration: -.Xr SSL_clear 3 , -.Xr SSL_set_SSL_CTX 3 , -.Xr SSL_copy_session_id 3 , -.Xr SSL_set_bio 3 , -.Xr SSL_set_connect_state 3 , -.Xr SSL_set_fd 3 , -.Xr SSL_set_session 3 , -.Xr SSL_set1_host 3 , -.Xr SSL_set_verify_result 3 -.Pp -To inspect the configuration: -.Xr SSL_get_certificate 3 , -.Xr SSL_get_default_timeout 3 , -.Xr SSL_get_ex_new_index 3 , -.Xr SSL_get_fd 3 , -.Xr SSL_get_rbio 3 , -.Xr SSL_get_SSL_CTX 3 -.Pp -To transmit data: -.Xr DTLSv1_listen 3 , -.Xr SSL_accept 3 , -.Xr SSL_connect 3 , -.Xr SSL_do_handshake 3 , -.Xr SSL_read 3 , -.Xr SSL_read_early_data 3 , -.Xr SSL_renegotiate 3 , -.Xr SSL_shutdown 3 , -.Xr SSL_write 3 -.Pp -To inspect the state after a connection is established: -.Xr SSL_export_keying_material 3 , -.Xr SSL_get_client_random 3 , -.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 , -.Xr SSL_get_peer_cert_chain 3 , -.Xr SSL_get_peer_certificate 3 , -.Xr SSL_get_server_tmp_key 3 , -.Xr SSL_get_servername 3 , -.Xr SSL_get_session 3 , -.Xr SSL_get_shared_ciphers 3 , -.Xr SSL_get_verify_result 3 , -.Xr SSL_get_version 3 , -.Xr SSL_session_reused 3 -.Pp -To inspect the state during ongoing communication: -.Xr SSL_get_error 3 , -.Xr SSL_get_shutdown 3 , -.Xr SSL_get_state 3 , -.Xr SSL_num_renegotiations 3 , -.Xr SSL_pending 3 , -.Xr SSL_rstate_string 3 , -.Xr SSL_state_string 3 , -.Xr SSL_want 3 -.Ss Utility functions -.Xr SSL_alert_type_string 3 , -.Xr SSL_dup_CA_list 3 , -.Xr SSL_load_client_CA_file 3 -.Ss Obsolete functions -.Xr OPENSSL_init_ssl 3 , -.Xr SSL_COMP_get_compression_methods 3 , -.Xr SSL_CTX_set_tmp_rsa_callback 3 , -.Xr SSL_library_init 3 , -.Xr SSL_set_tmp_ecdh 3 -.Sh SEE ALSO -.Xr openssl 1 , -.Xr crypto 3 , -.Xr tls_init 3 -.Sh HISTORY -The -.Nm -document appeared in OpenSSL 0.9.2. diff --git a/src/lib/libssl/pqueue.c b/src/lib/libssl/pqueue.c deleted file mode 100644 index 602969deb0..0000000000 --- a/src/lib/libssl/pqueue.c +++ /dev/null @@ -1,201 +0,0 @@ -/* $OpenBSD: pqueue.c,v 1.5 2014/06/12 15:49:31 deraadt Exp $ */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include - -#include "pqueue.h" - -typedef struct _pqueue { - pitem *items; - int count; -} pqueue_s; - -pitem * -pitem_new(unsigned char *prio64be, void *data) -{ - pitem *item = malloc(sizeof(pitem)); - - if (item == NULL) - return NULL; - - memcpy(item->priority, prio64be, sizeof(item->priority)); - - item->data = data; - item->next = NULL; - - return item; -} - -void -pitem_free(pitem *item) -{ - free(item); -} - -pqueue_s * -pqueue_new(void) -{ - return calloc(1, sizeof(pqueue_s)); -} - -void -pqueue_free(pqueue_s *pq) -{ - free(pq); -} - -pitem * -pqueue_insert(pqueue_s *pq, pitem *item) -{ - pitem *curr, *next; - - if (pq->items == NULL) { - pq->items = item; - return item; - } - - for (curr = NULL, next = pq->items; next != NULL; - curr = next, next = next->next) { - /* we can compare 64-bit value in big-endian encoding - * with memcmp:-) */ - int cmp = memcmp(next->priority, item->priority, - sizeof(item->priority)); - if (cmp > 0) { /* next > item */ - item->next = next; - - if (curr == NULL) - pq->items = item; - else - curr->next = item; - - return item; - } else if (cmp == 0) /* duplicates not allowed */ - return NULL; - } - - item->next = NULL; - curr->next = item; - - return item; -} - -pitem * -pqueue_peek(pqueue_s *pq) -{ - return pq->items; -} - -pitem * -pqueue_pop(pqueue_s *pq) -{ - pitem *item = pq->items; - - if (pq->items != NULL) - pq->items = pq->items->next; - - return item; -} - -pitem * -pqueue_find(pqueue_s *pq, unsigned char *prio64be) -{ - pitem *next; - - for (next = pq->items; next != NULL; next = next->next) - if (memcmp(next->priority, prio64be, - sizeof(next->priority)) == 0) - return next; - - return NULL; -} - -pitem * -pqueue_iterator(pqueue_s *pq) -{ - return pqueue_peek(pq); -} - -pitem * -pqueue_next(pitem **item) -{ - pitem *ret; - - if (item == NULL || *item == NULL) - return NULL; - - /* *item != NULL */ - ret = *item; - *item = (*item)->next; - - return ret; -} - -int -pqueue_size(pqueue_s *pq) -{ - pitem *item = pq->items; - int count = 0; - - while (item != NULL) { - count++; - item = item->next; - } - return count; -} diff --git a/src/lib/libssl/pqueue.h b/src/lib/libssl/pqueue.h deleted file mode 100644 index cdda4a3961..0000000000 --- a/src/lib/libssl/pqueue.h +++ /dev/null @@ -1,93 +0,0 @@ -/* $OpenBSD: pqueue.h,v 1.4 2016/11/04 18:28:58 guenther Exp $ */ - -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_PQUEUE_H -#define HEADER_PQUEUE_H - -__BEGIN_HIDDEN_DECLS - -typedef struct _pqueue *pqueue; - -typedef struct _pitem { - unsigned char priority[8]; /* 64-bit value in big-endian encoding */ - void *data; - struct _pitem *next; -} pitem; - -typedef struct _pitem *piterator; - -pitem *pitem_new(unsigned char *prio64be, void *data); -void pitem_free(pitem *item); - -pqueue pqueue_new(void); -void pqueue_free(pqueue pq); - -pitem *pqueue_insert(pqueue pq, pitem *item); -pitem *pqueue_peek(pqueue pq); -pitem *pqueue_pop(pqueue pq); -pitem *pqueue_find(pqueue pq, unsigned char *prio64be); -pitem *pqueue_iterator(pqueue pq); -pitem *pqueue_next(piterator *iter); - -int pqueue_size(pqueue pq); - -__END_HIDDEN_DECLS - -#endif /* ! HEADER_PQUEUE_H */ diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c deleted file mode 100644 index 32b7460870..0000000000 --- a/src/lib/libssl/s3_cbc.c +++ /dev/null @@ -1,628 +0,0 @@ -/* $OpenBSD: s3_cbc.c,v 1.26 2022/11/26 16:08:55 tb Exp $ */ -/* ==================================================================== - * Copyright (c) 2012 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include - -#include "ssl_local.h" - -/* MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's length - * field. (SHA-384/512 have 128-bit length.) */ -#define MAX_HASH_BIT_COUNT_BYTES 16 - -/* MAX_HASH_BLOCK_SIZE is the maximum hash block size that we'll support. - * Currently SHA-384/512 has a 128-byte block size and that's the largest - * supported by TLS.) */ -#define MAX_HASH_BLOCK_SIZE 128 - -/* Some utility functions are needed: - * - * These macros return the given value with the MSB copied to all the other - * bits. They use the fact that arithmetic shift shifts-in the sign bit. - * However, this is not ensured by the C standard so you may need to replace - * them with something else on odd CPUs. */ -#define DUPLICATE_MSB_TO_ALL(x) ((unsigned int)((int)(x) >> (sizeof(int) * 8 - 1))) -#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x))) - -/* constant_time_lt returns 0xff if a=b and 0x00 otherwise. */ -static unsigned int -constant_time_ge(unsigned int a, unsigned int b) -{ - a -= b; - return DUPLICATE_MSB_TO_ALL(~a); -} - -/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */ -static unsigned char -constant_time_eq_8(unsigned int a, unsigned int b) -{ - unsigned int c = a ^ b; - c--; - return DUPLICATE_MSB_TO_ALL_8(c); -} - -/* ssl3_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC - * record in |rec| in constant time and returns 1 if the padding is valid and - * -1 otherwise. It also removes any explicit IV from the start of the record - * without leaking any timing about whether there was enough space after the - * padding was removed. - * - * block_size: the block size of the cipher used to encrypt the record. - * returns: - * 0: (in non-constant time) if the record is publicly invalid. - * 1: if the padding was valid - * -1: otherwise. */ -int -ssl3_cbc_remove_padding(SSL3_RECORD_INTERNAL *rec, unsigned int eiv_len, - unsigned int mac_size) -{ - unsigned int padding_length, good, to_check, i; - const unsigned int overhead = 1 /* padding length byte */ + mac_size; - - /* - * These lengths are all public so we can test them in - * non-constant time. - */ - if (overhead + eiv_len > rec->length) - return 0; - - /* We can now safely skip explicit IV, if any. */ - rec->data += eiv_len; - rec->input += eiv_len; - rec->length -= eiv_len; - - padding_length = rec->data[rec->length - 1]; - - good = constant_time_ge(rec->length, overhead + padding_length); - /* The padding consists of a length byte at the end of the record and - * then that many bytes of padding, all with the same value as the - * length byte. Thus, with the length byte included, there are i+1 - * bytes of padding. - * - * We can't check just |padding_length+1| bytes because that leaks - * decrypted information. Therefore we always have to check the maximum - * amount of padding possible. (Again, the length of the record is - * public information so we can use it.) */ - to_check = 256; /* maximum amount of padding, inc length byte. */ - if (to_check > rec->length) - to_check = rec->length; - - for (i = 0; i < to_check; i++) { - unsigned char mask = constant_time_ge(padding_length, i); - unsigned char b = rec->data[rec->length - 1 - i]; - /* The final |padding_length+1| bytes should all have the value - * |padding_length|. Therefore the XOR should be zero. */ - good &= ~(mask&(padding_length ^ b)); - } - - /* If any of the final |padding_length+1| bytes had the wrong value, - * one or more of the lower eight bits of |good| will be cleared. We - * AND the bottom 8 bits together and duplicate the result to all the - * bits. */ - good &= good >> 4; - good &= good >> 2; - good &= good >> 1; - good <<= sizeof(good)*8 - 1; - good = DUPLICATE_MSB_TO_ALL(good); - - padding_length = good & (padding_length + 1); - rec->length -= padding_length; - rec->padding_length = padding_length; - - return (int)((good & 1) | (~good & -1)); -} - -/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in - * constant time (independent of the concrete value of rec->length, which may - * vary within a 256-byte window). - * - * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to - * this function. - * - * On entry: - * rec->orig_len >= md_size - * md_size <= EVP_MAX_MD_SIZE - * - * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with - * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into - * a single or pair of cache-lines, then the variable memory accesses don't - * actually affect the timing. CPUs with smaller cache-lines [if any] are - * not multi-core and are not considered vulnerable to cache-timing attacks. - */ -#define CBC_MAC_ROTATE_IN_PLACE - -void -ssl3_cbc_copy_mac(unsigned char* out, const SSL3_RECORD_INTERNAL *rec, - unsigned int md_size, unsigned int orig_len) -{ -#if defined(CBC_MAC_ROTATE_IN_PLACE) - unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE]; - unsigned char *rotated_mac; -#else - unsigned char rotated_mac[EVP_MAX_MD_SIZE]; -#endif - - /* mac_end is the index of |rec->data| just after the end of the MAC. */ - unsigned int mac_end = rec->length; - unsigned int mac_start = mac_end - md_size; - /* scan_start contains the number of bytes that we can ignore because - * the MAC's position can only vary by 255 bytes. */ - unsigned int scan_start = 0; - unsigned int i, j; - unsigned int div_spoiler; - unsigned int rotate_offset; - - OPENSSL_assert(orig_len >= md_size); - OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); - -#if defined(CBC_MAC_ROTATE_IN_PLACE) - rotated_mac = rotated_mac_buf + ((0 - (size_t)rotated_mac_buf)&63); -#endif - - /* This information is public so it's safe to branch based on it. */ - if (orig_len > md_size + 255 + 1) - scan_start = orig_len - (md_size + 255 + 1); - /* div_spoiler contains a multiple of md_size that is used to cause the - * modulo operation to be constant time. Without this, the time varies - * based on the amount of padding when running on Intel chips at least. - * - * The aim of right-shifting md_size is so that the compiler doesn't - * figure out that it can remove div_spoiler as that would require it - * to prove that md_size is always even, which I hope is beyond it. */ - div_spoiler = md_size >> 1; - div_spoiler <<= (sizeof(div_spoiler) - 1) * 8; - rotate_offset = (div_spoiler + mac_start - scan_start) % md_size; - - memset(rotated_mac, 0, md_size); - for (i = scan_start, j = 0; i < orig_len; i++) { - unsigned char mac_started = constant_time_ge(i, mac_start); - unsigned char mac_ended = constant_time_ge(i, mac_end); - unsigned char b = rec->data[i]; - rotated_mac[j++] |= b & mac_started & ~mac_ended; - j &= constant_time_lt(j, md_size); - } - - /* Now rotate the MAC */ -#if defined(CBC_MAC_ROTATE_IN_PLACE) - j = 0; - for (i = 0; i < md_size; i++) { - /* in case cache-line is 32 bytes, touch second line */ - ((volatile unsigned char *)rotated_mac)[rotate_offset^32]; - out[j++] = rotated_mac[rotate_offset++]; - rotate_offset &= constant_time_lt(rotate_offset, md_size); - } -#else - memset(out, 0, md_size); - rotate_offset = md_size - rotate_offset; - rotate_offset &= constant_time_lt(rotate_offset, md_size); - for (i = 0; i < md_size; i++) { - for (j = 0; j < md_size; j++) - out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset); - rotate_offset++; - rotate_offset &= constant_time_lt(rotate_offset, md_size); - } -#endif -} - -#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -#define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ - *((c)++)=(unsigned char)(((l)>>48)&0xff), \ - *((c)++)=(unsigned char)(((l)>>40)&0xff), \ - *((c)++)=(unsigned char)(((l)>>32)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -/* u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in - * little-endian order. The value of p is advanced by four. */ -#define u32toLE(n, p) \ - (*((p)++)=(unsigned char)(n), \ - *((p)++)=(unsigned char)(n>>8), \ - *((p)++)=(unsigned char)(n>>16), \ - *((p)++)=(unsigned char)(n>>24)) - -/* These functions serialize the state of a hash and thus perform the standard - * "final" operation without adding the padding and length that such a function - * typically does. */ -static void -tls1_md5_final_raw(void* ctx, unsigned char *md_out) -{ - MD5_CTX *md5 = ctx; - u32toLE(md5->A, md_out); - u32toLE(md5->B, md_out); - u32toLE(md5->C, md_out); - u32toLE(md5->D, md_out); -} - -static void -tls1_sha1_final_raw(void* ctx, unsigned char *md_out) -{ - SHA_CTX *sha1 = ctx; - l2n(sha1->h0, md_out); - l2n(sha1->h1, md_out); - l2n(sha1->h2, md_out); - l2n(sha1->h3, md_out); - l2n(sha1->h4, md_out); -} - -static void -tls1_sha256_final_raw(void* ctx, unsigned char *md_out) -{ - SHA256_CTX *sha256 = ctx; - unsigned int i; - - for (i = 0; i < 8; i++) { - l2n(sha256->h[i], md_out); - } -} - -static void -tls1_sha512_final_raw(void* ctx, unsigned char *md_out) -{ - SHA512_CTX *sha512 = ctx; - unsigned int i; - - for (i = 0; i < 8; i++) { - l2n8(sha512->h[i], md_out); - } -} - -/* Largest hash context ever used by the functions above. */ -#define LARGEST_DIGEST_CTX SHA512_CTX - -/* Type giving the alignment needed by the above */ -#define LARGEST_DIGEST_CTX_ALIGNMENT SHA_LONG64 - -/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function - * which ssl3_cbc_digest_record supports. */ -char -ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) -{ - switch (EVP_MD_CTX_type(ctx)) { - case NID_md5: - case NID_sha1: - case NID_sha224: - case NID_sha256: - case NID_sha384: - case NID_sha512: - return 1; - default: - return 0; - } -} - -/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded TLS - * record. - * - * ctx: the EVP_MD_CTX from which we take the hash function. - * ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX. - * md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written. - * md_out_size: if non-NULL, the number of output bytes is written here. - * header: the 13-byte, TLS record header. - * data: the record data itself, less any preceeding explicit IV. - * data_plus_mac_size: the secret, reported length of the data and MAC - * once the padding has been removed. - * data_plus_mac_plus_padding_size: the public length of the whole - * record, including padding. - * - * On entry: by virtue of having been through one of the remove_padding - * functions, above, we know that data_plus_mac_size is large enough to contain - * a padding byte and MAC. (If the padding was invalid, it might contain the - * padding too. ) - */ -int -ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, - size_t* md_out_size, const unsigned char header[13], - const unsigned char *data, size_t data_plus_mac_size, - size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret, - unsigned int mac_secret_length) -{ - union { - /* - * Alignment here is to allow this to be cast as SHA512_CTX - * without losing alignment required by the 64-bit SHA_LONG64 - * integer it contains. - */ - LARGEST_DIGEST_CTX_ALIGNMENT align; - unsigned char c[sizeof(LARGEST_DIGEST_CTX)]; - } md_state; - void (*md_final_raw)(void *ctx, unsigned char *md_out); - void (*md_transform)(void *ctx, const unsigned char *block); - unsigned int md_size, md_block_size = 64; - unsigned int header_length, variance_blocks, - len, max_mac_bytes, num_blocks, - num_starting_blocks, k, mac_end_offset, c, index_a, index_b; - unsigned int bits; /* at most 18 bits */ - unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES]; - /* hmac_pad is the masked HMAC key. */ - unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE]; - unsigned char first_block[MAX_HASH_BLOCK_SIZE]; - unsigned char mac_out[EVP_MAX_MD_SIZE]; - unsigned int i, j, md_out_size_u; - EVP_MD_CTX *md_ctx; - /* mdLengthSize is the number of bytes in the length field that terminates - * the hash. */ - unsigned int md_length_size = 8; - char length_is_big_endian = 1; - - /* This is a, hopefully redundant, check that allows us to forget about - * many possible overflows later in this function. */ - OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024); - - switch (EVP_MD_CTX_type(ctx)) { - case NID_md5: - MD5_Init((MD5_CTX*)md_state.c); - md_final_raw = tls1_md5_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform; - md_size = 16; - length_is_big_endian = 0; - break; - case NID_sha1: - SHA1_Init((SHA_CTX*)md_state.c); - md_final_raw = tls1_sha1_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform; - md_size = 20; - break; - case NID_sha224: - SHA224_Init((SHA256_CTX*)md_state.c); - md_final_raw = tls1_sha256_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; - md_size = 224/8; - break; - case NID_sha256: - SHA256_Init((SHA256_CTX*)md_state.c); - md_final_raw = tls1_sha256_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; - md_size = 32; - break; - case NID_sha384: - SHA384_Init((SHA512_CTX*)md_state.c); - md_final_raw = tls1_sha512_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; - md_size = 384/8; - md_block_size = 128; - md_length_size = 16; - break; - case NID_sha512: - SHA512_Init((SHA512_CTX*)md_state.c); - md_final_raw = tls1_sha512_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; - md_size = 64; - md_block_size = 128; - md_length_size = 16; - break; - default: - /* ssl3_cbc_record_digest_supported should have been - * called first to check that the hash function is - * supported. */ - OPENSSL_assert(0); - if (md_out_size) - *md_out_size = 0; - return 0; - } - - OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES); - OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE); - OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); - - header_length = 13; - - /* variance_blocks is the number of blocks of the hash that we have to - * calculate in constant time because they could be altered by the - * padding value. - * - * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not - * required to be minimal. Therefore we say that the final six blocks - * can vary based on the padding. - * - * Later in the function, if the message is short and there obviously - * cannot be this many blocks then variance_blocks can be reduced. */ - variance_blocks = 6; - /* From now on we're dealing with the MAC, which conceptually has 13 - * bytes of `header' before the start of the data (TLS) */ - len = data_plus_mac_plus_padding_size + header_length; - /* max_mac_bytes contains the maximum bytes of bytes in the MAC, including - * |header|, assuming that there's no padding. */ - max_mac_bytes = len - md_size - 1; - /* num_blocks is the maximum number of hash blocks. */ - num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size; - /* In order to calculate the MAC in constant time we have to handle - * the final blocks specially because the padding value could cause the - * end to appear somewhere in the final |variance_blocks| blocks and we - * can't leak where. However, |num_starting_blocks| worth of data can - * be hashed right away because no padding value can affect whether - * they are plaintext. */ - num_starting_blocks = 0; - /* k is the starting byte offset into the conceptual header||data where - * we start processing. */ - k = 0; - /* mac_end_offset is the index just past the end of the data to be - * MACed. */ - mac_end_offset = data_plus_mac_size + header_length - md_size; - /* c is the index of the 0x80 byte in the final hash block that - * contains application data. */ - c = mac_end_offset % md_block_size; - /* index_a is the hash block number that contains the 0x80 terminating - * value. */ - index_a = mac_end_offset / md_block_size; - /* index_b is the hash block number that contains the 64-bit hash - * length, in bits. */ - index_b = (mac_end_offset + md_length_size) / md_block_size; - /* bits is the hash-length in bits. It includes the additional hash - * block for the masked HMAC key. */ - - if (num_blocks > variance_blocks) { - num_starting_blocks = num_blocks - variance_blocks; - k = md_block_size*num_starting_blocks; - } - - bits = 8*mac_end_offset; - /* Compute the initial HMAC block. */ - bits += 8*md_block_size; - memset(hmac_pad, 0, md_block_size); - OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad)); - memcpy(hmac_pad, mac_secret, mac_secret_length); - for (i = 0; i < md_block_size; i++) - hmac_pad[i] ^= 0x36; - - md_transform(md_state.c, hmac_pad); - - if (length_is_big_endian) { - memset(length_bytes, 0, md_length_size - 4); - length_bytes[md_length_size - 4] = (unsigned char)(bits >> 24); - length_bytes[md_length_size - 3] = (unsigned char)(bits >> 16); - length_bytes[md_length_size - 2] = (unsigned char)(bits >> 8); - length_bytes[md_length_size - 1] = (unsigned char)bits; - } else { - memset(length_bytes, 0, md_length_size); - length_bytes[md_length_size - 5] = (unsigned char)(bits >> 24); - length_bytes[md_length_size - 6] = (unsigned char)(bits >> 16); - length_bytes[md_length_size - 7] = (unsigned char)(bits >> 8); - length_bytes[md_length_size - 8] = (unsigned char)bits; - } - - if (k > 0) { - /* k is a multiple of md_block_size. */ - memcpy(first_block, header, 13); - memcpy(first_block + 13, data, md_block_size - 13); - md_transform(md_state.c, first_block); - for (i = 1; i < k/md_block_size; i++) - md_transform(md_state.c, data + md_block_size*i - 13); - } - - memset(mac_out, 0, sizeof(mac_out)); - - /* We now process the final hash blocks. For each block, we construct - * it in constant time. If the |i==index_a| then we'll include the 0x80 - * bytes and zero pad etc. For each block we selectively copy it, in - * constant time, to |mac_out|. */ - for (i = num_starting_blocks; i <= num_starting_blocks + variance_blocks; i++) { - unsigned char block[MAX_HASH_BLOCK_SIZE]; - unsigned char is_block_a = constant_time_eq_8(i, index_a); - unsigned char is_block_b = constant_time_eq_8(i, index_b); - for (j = 0; j < md_block_size; j++) { - unsigned char b = 0, is_past_c, is_past_cp1; - if (k < header_length) - b = header[k]; - else if (k < data_plus_mac_plus_padding_size + header_length) - b = data[k - header_length]; - k++; - - is_past_c = is_block_a & constant_time_ge(j, c); - is_past_cp1 = is_block_a & constant_time_ge(j, c + 1); - /* If this is the block containing the end of the - * application data, and we are at the offset for the - * 0x80 value, then overwrite b with 0x80. */ - b = (b&~is_past_c) | (0x80&is_past_c); - /* If this is the block containing the end of the - * application data and we're past the 0x80 value then - * just write zero. */ - b = b&~is_past_cp1; - /* If this is index_b (the final block), but not - * index_a (the end of the data), then the 64-bit - * length didn't fit into index_a and we're having to - * add an extra block of zeros. */ - b &= ~is_block_b | is_block_a; - - /* The final bytes of one of the blocks contains the - * length. */ - if (j >= md_block_size - md_length_size) { - /* If this is index_b, write a length byte. */ - b = (b&~is_block_b) | (is_block_b&length_bytes[j - (md_block_size - md_length_size)]); - } - block[j] = b; - } - - md_transform(md_state.c, block); - md_final_raw(md_state.c, block); - /* If this is index_b, copy the hash value to |mac_out|. */ - for (j = 0; j < md_size; j++) - mac_out[j] |= block[j]&is_block_b; - } - - if ((md_ctx = EVP_MD_CTX_new()) == NULL) - return 0; - if (!EVP_DigestInit_ex(md_ctx, EVP_MD_CTX_md(ctx), NULL /* engine */)) { - EVP_MD_CTX_free(md_ctx); - return 0; - } - - /* Complete the HMAC in the standard manner. */ - for (i = 0; i < md_block_size; i++) - hmac_pad[i] ^= 0x6a; - - EVP_DigestUpdate(md_ctx, hmac_pad, md_block_size); - EVP_DigestUpdate(md_ctx, mac_out, md_size); - - EVP_DigestFinal(md_ctx, md_out, &md_out_size_u); - if (md_out_size) - *md_out_size = md_out_size_u; - EVP_MD_CTX_free(md_ctx); - - return 1; -} diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c deleted file mode 100644 index 86b32aec15..0000000000 --- a/src/lib/libssl/s3_lib.c +++ /dev/null @@ -1,2534 +0,0 @@ -/* $OpenBSD: s3_lib.c,v 1.257 2024/07/23 14:40:53 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * ECC cipher suite support in OpenSSL originally written by - * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. - * - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -#include "bytestring.h" -#include "dtls_local.h" -#include "ssl_local.h" -#include "ssl_sigalgs.h" -#include "ssl_tlsext.h" -#include "tls_content.h" - -#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER)) - -/* list of available SSLv3 ciphers (sorted by id) */ -const SSL_CIPHER ssl3_ciphers[] = { - - /* - * SSLv3 RSA cipher suites (RFC 6101, appendix A.6). - */ - { - .value = 0x0001, - .name = SSL3_TXT_RSA_NULL_MD5, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_eNULL, - .algorithm_mac = SSL_MD5, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_STRONG_NONE, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 0, - .alg_bits = 0, - }, - { - .value = 0x0002, - .name = SSL3_TXT_RSA_NULL_SHA, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_eNULL, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_STRONG_NONE, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 0, - .alg_bits = 0, - }, - { - .value = 0x0004, - .name = SSL3_TXT_RSA_RC4_128_MD5, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_RC4, - .algorithm_mac = SSL_MD5, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_LOW, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0x0005, - .name = SSL3_TXT_RSA_RC4_128_SHA, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_RC4, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_LOW, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0x000a, - .name = SSL3_TXT_RSA_DES_192_CBC3_SHA, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_3DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_MEDIUM, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 112, - .alg_bits = 168, - }, - - /* - * SSLv3 DHE cipher suites (RFC 6101, appendix A.6). - */ - { - .value = 0x0016, - .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_3DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_MEDIUM, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 112, - .alg_bits = 168, - }, - { - .value = 0x0018, - .name = SSL3_TXT_ADH_RC4_128_MD5, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aNULL, - .algorithm_enc = SSL_RC4, - .algorithm_mac = SSL_MD5, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_LOW, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0x001b, - .name = SSL3_TXT_ADH_DES_192_CBC_SHA, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aNULL, - .algorithm_enc = SSL_3DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_MEDIUM, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 112, - .alg_bits = 168, - }, - - /* - * TLSv1.0 AES cipher suites (RFC 3268). - */ - { - .value = 0x002f, - .name = TLS1_TXT_RSA_WITH_AES_128_SHA, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_AES128, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0x0033, - .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_AES128, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0x0034, - .name = TLS1_TXT_ADH_WITH_AES_128_SHA, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aNULL, - .algorithm_enc = SSL_AES128, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0x0035, - .name = TLS1_TXT_RSA_WITH_AES_256_SHA, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_AES256, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 256, - .alg_bits = 256, - }, - { - .value = 0x0039, - .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_AES256, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 256, - .alg_bits = 256, - }, - { - .value = 0x003a, - .name = TLS1_TXT_ADH_WITH_AES_256_SHA, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aNULL, - .algorithm_enc = SSL_AES256, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 256, - .alg_bits = 256, - }, - - /* - * TLSv1.2 RSA cipher suites (RFC 5246, appendix A.5). - */ - { - .value = 0x003b, - .name = TLS1_TXT_RSA_WITH_NULL_SHA256, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_eNULL, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_STRONG_NONE, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 0, - .alg_bits = 0, - }, - { - .value = 0x003c, - .name = TLS1_TXT_RSA_WITH_AES_128_SHA256, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_AES128, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0x003d, - .name = TLS1_TXT_RSA_WITH_AES_256_SHA256, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_AES256, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 256, - .alg_bits = 256, - }, - -#ifndef OPENSSL_NO_CAMELLIA - /* - * TLSv1.0 Camellia 128 bit cipher suites (RFC 4132). - */ - { - .value = 0x0041, - .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_CAMELLIA128, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0x0045, - .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_CAMELLIA128, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0x0046, - .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aNULL, - .algorithm_enc = SSL_CAMELLIA128, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, -#endif /* OPENSSL_NO_CAMELLIA */ - - /* - * TLSv1.2 DHE cipher suites (RFC 5246, appendix A.5). - */ - { - .value = 0x0067, - .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_AES128, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0x006b, - .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_AES256, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 256, - .alg_bits = 256, - }, - { - .value = 0x006c, - .name = TLS1_TXT_ADH_WITH_AES_128_SHA256, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aNULL, - .algorithm_enc = SSL_AES128, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0x006d, - .name = TLS1_TXT_ADH_WITH_AES_256_SHA256, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aNULL, - .algorithm_enc = SSL_AES256, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 256, - .alg_bits = 256, - }, - -#ifndef OPENSSL_NO_CAMELLIA - /* - * TLSv1.0 Camellia 256 bit cipher suites (RFC 4132). - */ - { - .value = 0x0084, - .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_CAMELLIA256, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 256, - .alg_bits = 256, - }, - { - .value = 0x0088, - .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_CAMELLIA256, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 256, - .alg_bits = 256, - }, - { - .value = 0x0089, - .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aNULL, - .algorithm_enc = SSL_CAMELLIA256, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 256, - .alg_bits = 256, - }, -#endif /* OPENSSL_NO_CAMELLIA */ - - /* - * TLSv1.2 AES GCM cipher suites (RFC 5288). - */ - { - .value = 0x009c, - .name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_AES128GCM, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0x009d, - .name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_AES256GCM, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA384, - .strength_bits = 256, - .alg_bits = 256, - }, - { - .value = 0x009e, - .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_AES128GCM, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0x009f, - .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_AES256GCM, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA384, - .strength_bits = 256, - .alg_bits = 256, - }, - { - .value = 0x00a6, - .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aNULL, - .algorithm_enc = SSL_AES128GCM, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0x00a7, - .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aNULL, - .algorithm_enc = SSL_AES256GCM, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA384, - .strength_bits = 256, - .alg_bits = 256, - }, - -#ifndef OPENSSL_NO_CAMELLIA - /* - * TLSv1.2 Camellia SHA-256 cipher suites (RFC 5932). - */ - { - .value = 0x00ba, - .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_CAMELLIA128, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0x000be, - .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_CAMELLIA128, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0x00bf, - .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aNULL, - .algorithm_enc = SSL_CAMELLIA128, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0x00c0, - .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_CAMELLIA256, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 256, - .alg_bits = 256, - }, - { - .value = 0x00c4, - .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_CAMELLIA256, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 256, - .alg_bits = 256, - }, - { - .value = 0x00c5, - .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aNULL, - .algorithm_enc = SSL_CAMELLIA256, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 256, - .alg_bits = 256, - }, -#endif /* OPENSSL_NO_CAMELLIA */ - -#ifdef LIBRESSL_HAS_TLS1_3 - /* - * TLSv1.3 cipher suites (RFC 8446). - */ - { - .value = 0x1301, - .name = TLS1_3_RFC_AES_128_GCM_SHA256, - .algorithm_mkey = SSL_kTLS1_3, - .algorithm_auth = SSL_aTLS1_3, - .algorithm_enc = SSL_AES128GCM, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_3, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, /* XXX */ - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0x1302, - .name = TLS1_3_RFC_AES_256_GCM_SHA384, - .algorithm_mkey = SSL_kTLS1_3, - .algorithm_auth = SSL_aTLS1_3, - .algorithm_enc = SSL_AES256GCM, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_3, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA384, /* XXX */ - .strength_bits = 256, - .alg_bits = 256, - }, - { - .value = 0x1303, - .name = TLS1_3_RFC_CHACHA20_POLY1305_SHA256, - .algorithm_mkey = SSL_kTLS1_3, - .algorithm_auth = SSL_aTLS1_3, - .algorithm_enc = SSL_CHACHA20POLY1305, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_3, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, /* XXX */ - .strength_bits = 256, - .alg_bits = 256, - }, -#endif - - /* - * TLSv1.0 Elliptic Curve cipher suites (RFC 4492, section 6). - */ - { - .value = 0xc006, - .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aECDSA, - .algorithm_enc = SSL_eNULL, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_STRONG_NONE, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 0, - .alg_bits = 0, - }, - { - .value = 0xc007, - .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aECDSA, - .algorithm_enc = SSL_RC4, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_LOW, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0xc008, - .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aECDSA, - .algorithm_enc = SSL_3DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_MEDIUM, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 112, - .alg_bits = 168, - }, - { - .value = 0xc009, - .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aECDSA, - .algorithm_enc = SSL_AES128, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0xc00a, - .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aECDSA, - .algorithm_enc = SSL_AES256, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 256, - .alg_bits = 256, - }, - { - .value = 0xc010, - .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_eNULL, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_STRONG_NONE, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 0, - .alg_bits = 0, - }, - { - .value = 0xc011, - .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_RC4, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_LOW, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0xc012, - .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_3DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_MEDIUM, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 112, - .alg_bits = 168, - }, - { - .value = 0xc013, - .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_AES128, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0xc014, - .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_AES256, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 256, - .alg_bits = 256, - }, - { - .value = 0xc015, - .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aNULL, - .algorithm_enc = SSL_eNULL, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_STRONG_NONE, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 0, - .alg_bits = 0, - }, - { - .value = 0xc016, - .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aNULL, - .algorithm_enc = SSL_RC4, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_LOW, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0xc017, - .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aNULL, - .algorithm_enc = SSL_3DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_MEDIUM, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 112, - .alg_bits = 168, - }, - { - .value = 0xc018, - .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aNULL, - .algorithm_enc = SSL_AES128, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0xc019, - .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aNULL, - .algorithm_enc = SSL_AES256, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 256, - .alg_bits = 256, - }, - - /* - * TLSv1.2 Elliptic Curve HMAC cipher suites (RFC 5289, section 3.1). - */ - { - .value = 0xc023, - .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aECDSA, - .algorithm_enc = SSL_AES128, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0xc024, - .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aECDSA, - .algorithm_enc = SSL_AES256, - .algorithm_mac = SSL_SHA384, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA384, - .strength_bits = 256, - .alg_bits = 256, - }, - { - .value = 0xc027, - .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_AES128, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0xc028, - .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_AES256, - .algorithm_mac = SSL_SHA384, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA384, - .strength_bits = 256, - .alg_bits = 256, - }, - - /* - * TLSv1.2 Elliptic Curve GCM cipher suites (RFC 5289, section 3.2). - */ - { - .value = 0xc02b, - .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aECDSA, - .algorithm_enc = SSL_AES128GCM, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0xc02c, - .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aECDSA, - .algorithm_enc = SSL_AES256GCM, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA384, - .strength_bits = 256, - .alg_bits = 256, - }, - { - .value = 0xc02f, - .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_AES128GCM, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 128, - .alg_bits = 128, - }, - { - .value = 0xc030, - .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_AES256GCM, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA384, - .strength_bits = 256, - .alg_bits = 256, - }, - - /* - * TLSv1.2 ChaCha20-Poly1305 cipher suites (RFC 7905). - */ - { - .value = 0xcca8, - .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_CHACHA20POLY1305, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 256, - .alg_bits = 256, - }, - { - .value = 0xcca9, - .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aECDSA, - .algorithm_enc = SSL_CHACHA20POLY1305, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 256, - .alg_bits = 256, - }, - { - .value = 0xccaa, - .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_CHACHA20POLY1305, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, - .strength_bits = 256, - .alg_bits = 256, - }, -}; - -int -ssl3_num_ciphers(void) -{ - return (SSL3_NUM_CIPHERS); -} - -const SSL_CIPHER * -ssl3_get_cipher_by_index(int idx) -{ - if (idx < 0 || idx >= SSL3_NUM_CIPHERS) - return NULL; - - return &ssl3_ciphers[idx]; -} - -static int -ssl3_cipher_value_cmp(const void *value, const void *cipher) -{ - uint16_t a = *(const uint16_t *)value; - uint16_t b = ((const SSL_CIPHER *)cipher)->value; - - return a < b ? -1 : a > b; -} - -const SSL_CIPHER * -ssl3_get_cipher_by_value(uint16_t value) -{ - return bsearch(&value, ssl3_ciphers, SSL3_NUM_CIPHERS, - sizeof(ssl3_ciphers[0]), ssl3_cipher_value_cmp); -} - -int -ssl3_pending(const SSL *s) -{ - if (s->s3->rcontent == NULL) - return 0; - if (tls_content_type(s->s3->rcontent) != SSL3_RT_APPLICATION_DATA) - return 0; - - return tls_content_remaining(s->s3->rcontent); -} - -int -ssl3_handshake_msg_hdr_len(SSL *s) -{ - return (SSL_is_dtls(s) ? DTLS1_HM_HEADER_LENGTH : - SSL3_HM_HEADER_LENGTH); -} - -int -ssl3_handshake_msg_start(SSL *s, CBB *handshake, CBB *body, uint8_t msg_type) -{ - int ret = 0; - - if (!CBB_init(handshake, SSL3_RT_MAX_PLAIN_LENGTH)) - goto err; - if (!CBB_add_u8(handshake, msg_type)) - goto err; - if (SSL_is_dtls(s)) { - unsigned char *data; - - if (!CBB_add_space(handshake, &data, DTLS1_HM_HEADER_LENGTH - - SSL3_HM_HEADER_LENGTH)) - goto err; - } - if (!CBB_add_u24_length_prefixed(handshake, body)) - goto err; - - ret = 1; - - err: - return (ret); -} - -int -ssl3_handshake_msg_finish(SSL *s, CBB *handshake) -{ - unsigned char *data = NULL; - size_t outlen; - int ret = 0; - - if (!CBB_finish(handshake, &data, &outlen)) - goto err; - - if (outlen > INT_MAX) - goto err; - - if (!BUF_MEM_grow_clean(s->init_buf, outlen)) - goto err; - - memcpy(s->init_buf->data, data, outlen); - - s->init_num = (int)outlen; - s->init_off = 0; - - if (SSL_is_dtls(s)) { - unsigned long len; - uint8_t msg_type; - CBS cbs; - - CBS_init(&cbs, data, outlen); - if (!CBS_get_u8(&cbs, &msg_type)) - goto err; - - len = outlen - ssl3_handshake_msg_hdr_len(s); - - dtls1_set_message_header(s, msg_type, len, 0, len); - dtls1_buffer_message(s, 0); - } - - ret = 1; - - err: - free(data); - - return (ret); -} - -int -ssl3_handshake_write(SSL *s) -{ - return ssl3_record_write(s, SSL3_RT_HANDSHAKE); -} - -int -ssl3_record_write(SSL *s, int type) -{ - if (SSL_is_dtls(s)) - return dtls1_do_write(s, type); - - return ssl3_do_write(s, type); -} - -int -ssl3_new(SSL *s) -{ - if ((s->s3 = calloc(1, sizeof(*s->s3))) == NULL) - return (0); - - s->method->ssl_clear(s); - - return (1); -} - -void -ssl3_free(SSL *s) -{ - if (s == NULL) - return; - - tls1_cleanup_key_block(s); - ssl3_release_read_buffer(s); - ssl3_release_write_buffer(s); - - tls_content_free(s->s3->rcontent); - - tls_buffer_free(s->s3->alert_fragment); - tls_buffer_free(s->s3->handshake_fragment); - - freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len); - - sk_SSL_CIPHER_free(s->s3->hs.client_ciphers); - sk_X509_pop_free(s->s3->hs.peer_certs, X509_free); - sk_X509_pop_free(s->s3->hs.peer_certs_no_leaf, X509_free); - sk_X509_pop_free(s->s3->hs.verified_chain, X509_free); - tls_key_share_free(s->s3->hs.key_share); - - tls13_secrets_destroy(s->s3->hs.tls13.secrets); - freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len); - tls13_clienthello_hash_clear(&s->s3->hs.tls13); - - tls_buffer_free(s->s3->hs.tls13.quic_read_buffer); - - sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free); - - tls1_transcript_free(s); - tls1_transcript_hash_free(s); - - free(s->s3->alpn_selected); - - freezero(s->s3->peer_quic_transport_params, - s->s3->peer_quic_transport_params_len); - - freezero(s->s3, sizeof(*s->s3)); - - s->s3 = NULL; -} - -void -ssl3_clear(SSL *s) -{ - unsigned char *rp, *wp; - size_t rlen, wlen; - - tls1_cleanup_key_block(s); - sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free); - - tls_buffer_free(s->s3->alert_fragment); - s->s3->alert_fragment = NULL; - tls_buffer_free(s->s3->handshake_fragment); - s->s3->handshake_fragment = NULL; - - freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len); - s->s3->hs.sigalgs = NULL; - s->s3->hs.sigalgs_len = 0; - - sk_SSL_CIPHER_free(s->s3->hs.client_ciphers); - s->s3->hs.client_ciphers = NULL; - sk_X509_pop_free(s->s3->hs.peer_certs, X509_free); - s->s3->hs.peer_certs = NULL; - sk_X509_pop_free(s->s3->hs.peer_certs_no_leaf, X509_free); - s->s3->hs.peer_certs_no_leaf = NULL; - sk_X509_pop_free(s->s3->hs.verified_chain, X509_free); - s->s3->hs.verified_chain = NULL; - - tls_key_share_free(s->s3->hs.key_share); - s->s3->hs.key_share = NULL; - - tls13_secrets_destroy(s->s3->hs.tls13.secrets); - s->s3->hs.tls13.secrets = NULL; - freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len); - s->s3->hs.tls13.cookie = NULL; - s->s3->hs.tls13.cookie_len = 0; - tls13_clienthello_hash_clear(&s->s3->hs.tls13); - - tls_buffer_free(s->s3->hs.tls13.quic_read_buffer); - s->s3->hs.tls13.quic_read_buffer = NULL; - s->s3->hs.tls13.quic_read_level = ssl_encryption_initial; - s->s3->hs.tls13.quic_write_level = ssl_encryption_initial; - - s->s3->hs.extensions_seen = 0; - - rp = s->s3->rbuf.buf; - wp = s->s3->wbuf.buf; - rlen = s->s3->rbuf.len; - wlen = s->s3->wbuf.len; - - tls_content_free(s->s3->rcontent); - s->s3->rcontent = NULL; - - tls1_transcript_free(s); - tls1_transcript_hash_free(s); - - free(s->s3->alpn_selected); - s->s3->alpn_selected = NULL; - s->s3->alpn_selected_len = 0; - - freezero(s->s3->peer_quic_transport_params, - s->s3->peer_quic_transport_params_len); - s->s3->peer_quic_transport_params = NULL; - s->s3->peer_quic_transport_params_len = 0; - - memset(s->s3, 0, sizeof(*s->s3)); - - s->s3->rbuf.buf = rp; - s->s3->wbuf.buf = wp; - s->s3->rbuf.len = rlen; - s->s3->wbuf.len = wlen; - - ssl_free_wbio_buffer(s); - - /* Not needed... */ - s->s3->renegotiate = 0; - s->s3->total_renegotiations = 0; - s->s3->num_renegotiations = 0; - s->s3->in_read_app_data = 0; - - s->packet_length = 0; - s->version = TLS1_2_VERSION; - - s->s3->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); -} - -long -_SSL_get_shared_group(SSL *s, long n) -{ - size_t count; - int nid; - - /* OpenSSL document that they return -1 for clients. They return 0. */ - if (!s->server) - return 0; - - if (n == -1) { - if (!tls1_count_shared_groups(s, &count)) - return 0; - - if (count > LONG_MAX) - count = LONG_MAX; - - return count; - } - - /* Undocumented special case added for Suite B profile support. */ - if (n == -2) - n = 0; - - if (n < 0) - return 0; - - if (!tls1_get_shared_group_by_index(s, n, &nid)) - return NID_undef; - - return nid; -} - -long -_SSL_get_peer_tmp_key(SSL *s, EVP_PKEY **key) -{ - EVP_PKEY *pkey = NULL; - int ret = 0; - - *key = NULL; - - if (s->s3->hs.key_share == NULL) - goto err; - - if ((pkey = EVP_PKEY_new()) == NULL) - goto err; - if (!tls_key_share_peer_pkey(s->s3->hs.key_share, pkey)) - goto err; - - *key = pkey; - pkey = NULL; - - ret = 1; - - err: - EVP_PKEY_free(pkey); - - return (ret); -} - -static int -_SSL_session_reused(SSL *s) -{ - return s->hit; -} - -static int -_SSL_num_renegotiations(SSL *s) -{ - return s->s3->num_renegotiations; -} - -static int -_SSL_clear_num_renegotiations(SSL *s) -{ - int renegs; - - renegs = s->s3->num_renegotiations; - s->s3->num_renegotiations = 0; - - return renegs; -} - -static int -_SSL_total_renegotiations(SSL *s) -{ - return s->s3->total_renegotiations; -} - -static int -_SSL_set_tmp_dh(SSL *s, DH *dh) -{ - DH *dhe_params; - - if (dh == NULL) { - SSLerror(s, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (!ssl_security_dh(s, dh)) { - SSLerror(s, SSL_R_DH_KEY_TOO_SMALL); - return 0; - } - - if ((dhe_params = DHparams_dup(dh)) == NULL) { - SSLerror(s, ERR_R_DH_LIB); - return 0; - } - - DH_free(s->cert->dhe_params); - s->cert->dhe_params = dhe_params; - - return 1; -} - -static int -_SSL_set_dh_auto(SSL *s, int state) -{ - s->cert->dhe_params_auto = state; - return 1; -} - -static int -_SSL_set_tmp_ecdh(SSL *s, EC_KEY *ecdh) -{ - const EC_GROUP *group; - int nid; - - if (ecdh == NULL) - return 0; - if ((group = EC_KEY_get0_group(ecdh)) == NULL) - return 0; - - nid = EC_GROUP_get_curve_name(group); - return SSL_set1_groups(s, &nid, 1); -} - -static int -_SSL_set_ecdh_auto(SSL *s, int state) -{ - return 1; -} - -static int -_SSL_set_tlsext_host_name(SSL *s, const char *name) -{ - int is_ip; - CBS cbs; - - free(s->tlsext_hostname); - s->tlsext_hostname = NULL; - - if (name == NULL) - return 1; - - CBS_init(&cbs, name, strlen(name)); - - if (!tlsext_sni_is_valid_hostname(&cbs, &is_ip)) { - SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME); - return 0; - } - if ((s->tlsext_hostname = strdup(name)) == NULL) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - return 0; - } - - return 1; -} - -static int -_SSL_set_tlsext_debug_arg(SSL *s, void *arg) -{ - s->tlsext_debug_arg = arg; - return 1; -} - -static int -_SSL_get_tlsext_status_type(SSL *s) -{ - return s->tlsext_status_type; -} - -static int -_SSL_set_tlsext_status_type(SSL *s, int type) -{ - s->tlsext_status_type = type; - return 1; -} - -static int -_SSL_get_tlsext_status_exts(SSL *s, STACK_OF(X509_EXTENSION) **exts) -{ - *exts = s->tlsext_ocsp_exts; - return 1; -} - -static int -_SSL_set_tlsext_status_exts(SSL *s, STACK_OF(X509_EXTENSION) *exts) -{ - /* XXX - leak... */ - s->tlsext_ocsp_exts = exts; - return 1; -} - -static int -_SSL_get_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) **ids) -{ - *ids = s->tlsext_ocsp_ids; - return 1; -} - -static int -_SSL_set_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) *ids) -{ - /* XXX - leak... */ - s->tlsext_ocsp_ids = ids; - return 1; -} - -static int -_SSL_get_tlsext_status_ocsp_resp(SSL *s, unsigned char **resp) -{ - if (s->tlsext_ocsp_resp != NULL && - s->tlsext_ocsp_resp_len < INT_MAX) { - *resp = s->tlsext_ocsp_resp; - return (int)s->tlsext_ocsp_resp_len; - } - - *resp = NULL; - - return -1; -} - -static int -_SSL_set_tlsext_status_ocsp_resp(SSL *s, unsigned char *resp, int resp_len) -{ - free(s->tlsext_ocsp_resp); - s->tlsext_ocsp_resp = NULL; - s->tlsext_ocsp_resp_len = 0; - - if (resp_len < 0) - return 0; - - s->tlsext_ocsp_resp = resp; - s->tlsext_ocsp_resp_len = (size_t)resp_len; - - return 1; -} - -int -SSL_set0_chain(SSL *ssl, STACK_OF(X509) *chain) -{ - return ssl_cert_set0_chain(NULL, ssl, chain); -} -LSSL_ALIAS(SSL_set0_chain); - -int -SSL_set1_chain(SSL *ssl, STACK_OF(X509) *chain) -{ - return ssl_cert_set1_chain(NULL, ssl, chain); -} -LSSL_ALIAS(SSL_set1_chain); - -int -SSL_add0_chain_cert(SSL *ssl, X509 *x509) -{ - return ssl_cert_add0_chain_cert(NULL, ssl, x509); -} -LSSL_ALIAS(SSL_add0_chain_cert); - -int -SSL_add1_chain_cert(SSL *ssl, X509 *x509) -{ - return ssl_cert_add1_chain_cert(NULL, ssl, x509); -} -LSSL_ALIAS(SSL_add1_chain_cert); - -int -SSL_get0_chain_certs(const SSL *ssl, STACK_OF(X509) **out_chain) -{ - *out_chain = NULL; - - if (ssl->cert->key != NULL) - *out_chain = ssl->cert->key->chain; - - return 1; -} -LSSL_ALIAS(SSL_get0_chain_certs); - -int -SSL_clear_chain_certs(SSL *ssl) -{ - return ssl_cert_set0_chain(NULL, ssl, NULL); -} -LSSL_ALIAS(SSL_clear_chain_certs); - -int -SSL_set1_groups(SSL *s, const int *groups, size_t groups_len) -{ - return tls1_set_groups(&s->tlsext_supportedgroups, - &s->tlsext_supportedgroups_length, groups, groups_len); -} -LSSL_ALIAS(SSL_set1_groups); - -int -SSL_set1_groups_list(SSL *s, const char *groups) -{ - return tls1_set_group_list(&s->tlsext_supportedgroups, - &s->tlsext_supportedgroups_length, groups); -} -LSSL_ALIAS(SSL_set1_groups_list); - -static int -_SSL_get_signature_nid(SSL *s, int *nid) -{ - const struct ssl_sigalg *sigalg; - - if ((sigalg = s->s3->hs.our_sigalg) == NULL) - return 0; - - *nid = EVP_MD_type(sigalg->md()); - - return 1; -} - -static int -_SSL_get_peer_signature_nid(SSL *s, int *nid) -{ - const struct ssl_sigalg *sigalg; - - if ((sigalg = s->s3->hs.peer_sigalg) == NULL) - return 0; - - *nid = EVP_MD_type(sigalg->md()); - - return 1; -} - -int -SSL_get_signature_type_nid(const SSL *s, int *nid) -{ - const struct ssl_sigalg *sigalg; - - if ((sigalg = s->s3->hs.our_sigalg) == NULL) - return 0; - - *nid = sigalg->key_type; - if (sigalg->key_type == EVP_PKEY_RSA && - (sigalg->flags & SIGALG_FLAG_RSA_PSS)) - *nid = EVP_PKEY_RSA_PSS; - - return 1; -} -LSSL_ALIAS(SSL_get_signature_type_nid); - -int -SSL_get_peer_signature_type_nid(const SSL *s, int *nid) -{ - const struct ssl_sigalg *sigalg; - - if ((sigalg = s->s3->hs.peer_sigalg) == NULL) - return 0; - - *nid = sigalg->key_type; - if (sigalg->key_type == EVP_PKEY_RSA && - (sigalg->flags & SIGALG_FLAG_RSA_PSS)) - *nid = EVP_PKEY_RSA_PSS; - - return 1; -} -LSSL_ALIAS(SSL_get_peer_signature_type_nid); - -long -ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) -{ - switch (cmd) { - case SSL_CTRL_GET_SESSION_REUSED: - return _SSL_session_reused(s); - - case SSL_CTRL_GET_NUM_RENEGOTIATIONS: - return _SSL_num_renegotiations(s); - - case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: - return _SSL_clear_num_renegotiations(s); - - case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: - return _SSL_total_renegotiations(s); - - case SSL_CTRL_SET_TMP_DH: - return _SSL_set_tmp_dh(s, parg); - - case SSL_CTRL_SET_TMP_DH_CB: - SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - - case SSL_CTRL_SET_DH_AUTO: - return _SSL_set_dh_auto(s, larg); - - case SSL_CTRL_SET_TMP_ECDH: - return _SSL_set_tmp_ecdh(s, parg); - - case SSL_CTRL_SET_TMP_ECDH_CB: - SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - - case SSL_CTRL_SET_ECDH_AUTO: - return _SSL_set_ecdh_auto(s, larg); - - case SSL_CTRL_SET_TLSEXT_HOSTNAME: - if (larg != TLSEXT_NAMETYPE_host_name) { - SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); - return 0; - } - return _SSL_set_tlsext_host_name(s, parg); - - case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: - return _SSL_set_tlsext_debug_arg(s, parg); - - case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE: - return _SSL_get_tlsext_status_type(s); - - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: - return _SSL_set_tlsext_status_type(s, larg); - - case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: - return _SSL_get_tlsext_status_exts(s, parg); - - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: - return _SSL_set_tlsext_status_exts(s, parg); - - case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: - return _SSL_get_tlsext_status_ids(s, parg); - - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: - return _SSL_set_tlsext_status_ids(s, parg); - - case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: - return _SSL_get_tlsext_status_ocsp_resp(s, parg); - - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: - return _SSL_set_tlsext_status_ocsp_resp(s, parg, larg); - - case SSL_CTRL_CHAIN: - if (larg == 0) - return SSL_set0_chain(s, (STACK_OF(X509) *)parg); - else - return SSL_set1_chain(s, (STACK_OF(X509) *)parg); - - case SSL_CTRL_CHAIN_CERT: - if (larg == 0) - return SSL_add0_chain_cert(s, (X509 *)parg); - else - return SSL_add1_chain_cert(s, (X509 *)parg); - - case SSL_CTRL_GET_CHAIN_CERTS: - return SSL_get0_chain_certs(s, (STACK_OF(X509) **)parg); - - case SSL_CTRL_SET_GROUPS: - return SSL_set1_groups(s, parg, larg); - - case SSL_CTRL_SET_GROUPS_LIST: - return SSL_set1_groups_list(s, parg); - - case SSL_CTRL_GET_SHARED_GROUP: - return _SSL_get_shared_group(s, larg); - - /* XXX - rename to SSL_CTRL_GET_PEER_TMP_KEY and remove server check. */ - case SSL_CTRL_GET_SERVER_TMP_KEY: - if (s->server != 0) - return 0; - return _SSL_get_peer_tmp_key(s, parg); - - case SSL_CTRL_GET_MIN_PROTO_VERSION: - return SSL_get_min_proto_version(s); - - case SSL_CTRL_GET_MAX_PROTO_VERSION: - return SSL_get_max_proto_version(s); - - case SSL_CTRL_SET_MIN_PROTO_VERSION: - if (larg < 0 || larg > UINT16_MAX) - return 0; - return SSL_set_min_proto_version(s, larg); - - case SSL_CTRL_SET_MAX_PROTO_VERSION: - if (larg < 0 || larg > UINT16_MAX) - return 0; - return SSL_set_max_proto_version(s, larg); - - case SSL_CTRL_GET_SIGNATURE_NID: - return _SSL_get_signature_nid(s, parg); - - case SSL_CTRL_GET_PEER_SIGNATURE_NID: - return _SSL_get_peer_signature_nid(s, parg); - - /* - * Legacy controls that should eventually be removed. - */ - case SSL_CTRL_GET_CLIENT_CERT_REQUEST: - return 0; - - case SSL_CTRL_GET_FLAGS: - return (int)(s->s3->flags); - - case SSL_CTRL_NEED_TMP_RSA: - return 0; - - case SSL_CTRL_SET_TMP_RSA: - case SSL_CTRL_SET_TMP_RSA_CB: - SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - - return 0; -} - -long -ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) -{ - switch (cmd) { - case SSL_CTRL_SET_TMP_RSA_CB: - SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - - case SSL_CTRL_SET_TMP_DH_CB: - s->cert->dhe_params_cb = (DH *(*)(SSL *, int, int))fp; - return 1; - - case SSL_CTRL_SET_TMP_ECDH_CB: - return 1; - - case SSL_CTRL_SET_TLSEXT_DEBUG_CB: - s->tlsext_debug_cb = (void (*)(SSL *, int , int, - unsigned char *, int, void *))fp; - return 1; - } - - return 0; -} - -static int -_SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh) -{ - DH *dhe_params; - - if (dh == NULL) { - SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (!ssl_ctx_security_dh(ctx, dh)) { - SSLerrorx(SSL_R_DH_KEY_TOO_SMALL); - return 0; - } - - if ((dhe_params = DHparams_dup(dh)) == NULL) { - SSLerrorx(ERR_R_DH_LIB); - return 0; - } - - DH_free(ctx->cert->dhe_params); - ctx->cert->dhe_params = dhe_params; - - return 1; -} - -static int -_SSL_CTX_set_dh_auto(SSL_CTX *ctx, int state) -{ - ctx->cert->dhe_params_auto = state; - return 1; -} - -static int -_SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, EC_KEY *ecdh) -{ - const EC_GROUP *group; - int nid; - - if (ecdh == NULL) - return 0; - if ((group = EC_KEY_get0_group(ecdh)) == NULL) - return 0; - - nid = EC_GROUP_get_curve_name(group); - return SSL_CTX_set1_groups(ctx, &nid, 1); -} - -static int -_SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state) -{ - return 1; -} - -static int -_SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg) -{ - ctx->tlsext_servername_arg = arg; - return 1; -} - -static int -_SSL_CTX_get_tlsext_ticket_keys(SSL_CTX *ctx, unsigned char *keys, int keys_len) -{ - if (keys == NULL) - return 48; - - if (keys_len != 48) { - SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH); - return 0; - } - - memcpy(keys, ctx->tlsext_tick_key_name, 16); - memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); - memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); - - return 1; -} - -static int -_SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, unsigned char *keys, int keys_len) -{ - if (keys == NULL) - return 48; - - if (keys_len != 48) { - SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH); - return 0; - } - - memcpy(ctx->tlsext_tick_key_name, keys, 16); - memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16); - memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); - - return 1; -} - -static int -_SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg) -{ - *arg = ctx->tlsext_status_arg; - return 1; -} - -static int -_SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg) -{ - ctx->tlsext_status_arg = arg; - return 1; -} - -int -SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *chain) -{ - return ssl_cert_set0_chain(ctx, NULL, chain); -} -LSSL_ALIAS(SSL_CTX_set0_chain); - -int -SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *chain) -{ - return ssl_cert_set1_chain(ctx, NULL, chain); -} -LSSL_ALIAS(SSL_CTX_set1_chain); - -int -SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509) -{ - return ssl_cert_add0_chain_cert(ctx, NULL, x509); -} -LSSL_ALIAS(SSL_CTX_add0_chain_cert); - -int -SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509) -{ - return ssl_cert_add1_chain_cert(ctx, NULL, x509); -} -LSSL_ALIAS(SSL_CTX_add1_chain_cert); - -int -SSL_CTX_get0_chain_certs(const SSL_CTX *ctx, STACK_OF(X509) **out_chain) -{ - *out_chain = NULL; - - if (ctx->cert->key != NULL) - *out_chain = ctx->cert->key->chain; - - return 1; -} -LSSL_ALIAS(SSL_CTX_get0_chain_certs); - -int -SSL_CTX_clear_chain_certs(SSL_CTX *ctx) -{ - return ssl_cert_set0_chain(ctx, NULL, NULL); -} -LSSL_ALIAS(SSL_CTX_clear_chain_certs); - -static int -_SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *cert) -{ - if (ctx->extra_certs == NULL) { - if ((ctx->extra_certs = sk_X509_new_null()) == NULL) - return 0; - } - if (sk_X509_push(ctx->extra_certs, cert) == 0) - return 0; - - return 1; -} - -static int -_SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **certs) -{ - *certs = ctx->extra_certs; - if (*certs == NULL) - *certs = ctx->cert->key->chain; - - return 1; -} - -static int -_SSL_CTX_get_extra_chain_certs_only(SSL_CTX *ctx, STACK_OF(X509) **certs) -{ - *certs = ctx->extra_certs; - return 1; -} - -static int -_SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx) -{ - sk_X509_pop_free(ctx->extra_certs, X509_free); - ctx->extra_certs = NULL; - return 1; -} - -int -SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len) -{ - return tls1_set_groups(&ctx->tlsext_supportedgroups, - &ctx->tlsext_supportedgroups_length, groups, groups_len); -} -LSSL_ALIAS(SSL_CTX_set1_groups); - -int -SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups) -{ - return tls1_set_group_list(&ctx->tlsext_supportedgroups, - &ctx->tlsext_supportedgroups_length, groups); -} -LSSL_ALIAS(SSL_CTX_set1_groups_list); - -long -ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) -{ - switch (cmd) { - case SSL_CTRL_SET_TMP_DH: - return _SSL_CTX_set_tmp_dh(ctx, parg); - - case SSL_CTRL_SET_TMP_DH_CB: - SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - - case SSL_CTRL_SET_DH_AUTO: - return _SSL_CTX_set_dh_auto(ctx, larg); - - case SSL_CTRL_SET_TMP_ECDH: - return _SSL_CTX_set_tmp_ecdh(ctx, parg); - - case SSL_CTRL_SET_TMP_ECDH_CB: - SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - - case SSL_CTRL_SET_ECDH_AUTO: - return _SSL_CTX_set_ecdh_auto(ctx, larg); - - case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: - return _SSL_CTX_set_tlsext_servername_arg(ctx, parg); - - case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: - return _SSL_CTX_get_tlsext_ticket_keys(ctx, parg, larg); - - case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: - return _SSL_CTX_set_tlsext_ticket_keys(ctx, parg, larg); - - case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG: - return _SSL_CTX_get_tlsext_status_arg(ctx, parg); - - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: - return _SSL_CTX_set_tlsext_status_arg(ctx, parg); - - case SSL_CTRL_CHAIN: - if (larg == 0) - return SSL_CTX_set0_chain(ctx, (STACK_OF(X509) *)parg); - else - return SSL_CTX_set1_chain(ctx, (STACK_OF(X509) *)parg); - - case SSL_CTRL_CHAIN_CERT: - if (larg == 0) - return SSL_CTX_add0_chain_cert(ctx, (X509 *)parg); - else - return SSL_CTX_add1_chain_cert(ctx, (X509 *)parg); - - case SSL_CTRL_GET_CHAIN_CERTS: - return SSL_CTX_get0_chain_certs(ctx, (STACK_OF(X509) **)parg); - - case SSL_CTRL_EXTRA_CHAIN_CERT: - return _SSL_CTX_add_extra_chain_cert(ctx, parg); - - case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: - if (larg == 0) - return _SSL_CTX_get_extra_chain_certs(ctx, parg); - else - return _SSL_CTX_get_extra_chain_certs_only(ctx, parg); - - case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: - return _SSL_CTX_clear_extra_chain_certs(ctx); - - case SSL_CTRL_SET_GROUPS: - return SSL_CTX_set1_groups(ctx, parg, larg); - - case SSL_CTRL_SET_GROUPS_LIST: - return SSL_CTX_set1_groups_list(ctx, parg); - - case SSL_CTRL_GET_MIN_PROTO_VERSION: - return SSL_CTX_get_min_proto_version(ctx); - - case SSL_CTRL_GET_MAX_PROTO_VERSION: - return SSL_CTX_get_max_proto_version(ctx); - - case SSL_CTRL_SET_MIN_PROTO_VERSION: - if (larg < 0 || larg > UINT16_MAX) - return 0; - return SSL_CTX_set_min_proto_version(ctx, larg); - - case SSL_CTRL_SET_MAX_PROTO_VERSION: - if (larg < 0 || larg > UINT16_MAX) - return 0; - return SSL_CTX_set_max_proto_version(ctx, larg); - - /* - * Legacy controls that should eventually be removed. - */ - case SSL_CTRL_NEED_TMP_RSA: - return 0; - - case SSL_CTRL_SET_TMP_RSA: - case SSL_CTRL_SET_TMP_RSA_CB: - SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - - return 0; -} - -long -ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) -{ - switch (cmd) { - case SSL_CTRL_SET_TMP_RSA_CB: - SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - - case SSL_CTRL_SET_TMP_DH_CB: - ctx->cert->dhe_params_cb = - (DH *(*)(SSL *, int, int))fp; - return 1; - - case SSL_CTRL_SET_TMP_ECDH_CB: - return 1; - - case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: - ctx->tlsext_servername_callback = - (int (*)(SSL *, int *, void *))fp; - return 1; - - case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB: - *(int (**)(SSL *, void *))fp = ctx->tlsext_status_cb; - return 1; - - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: - ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp; - return 1; - - case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: - ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *, - unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; - return 1; - } - - return 0; -} - -SSL_CIPHER * -ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, - STACK_OF(SSL_CIPHER) *srvr) -{ - unsigned long alg_k, alg_a, mask_k, mask_a; - STACK_OF(SSL_CIPHER) *prio, *allow; - SSL_CIPHER *c, *ret = NULL; - int can_use_ecc; - int i, ii, nid, ok; - SSL_CERT *cert; - - /* Let's see which ciphers we can support */ - cert = s->cert; - - can_use_ecc = tls1_get_supported_group(s, &nid); - - /* - * Do not set the compare functions, because this may lead to a - * reordering by "id". We want to keep the original ordering. - * We may pay a price in performance during sk_SSL_CIPHER_find(), - * but would have to pay with the price of sk_SSL_CIPHER_dup(). - */ - - if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { - prio = srvr; - allow = clnt; - } else { - prio = clnt; - allow = srvr; - } - - for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { - c = sk_SSL_CIPHER_value(prio, i); - - /* Skip TLS v1.2 only ciphersuites if not supported. */ - if ((c->algorithm_ssl & SSL_TLSV1_2) && - !SSL_USE_TLS1_2_CIPHERS(s)) - continue; - - /* Skip TLS v1.3 only ciphersuites if not supported. */ - if ((c->algorithm_ssl & SSL_TLSV1_3) && - !SSL_USE_TLS1_3_CIPHERS(s)) - continue; - - /* If TLS v1.3, only allow TLS v1.3 ciphersuites. */ - if (SSL_USE_TLS1_3_CIPHERS(s) && - !(c->algorithm_ssl & SSL_TLSV1_3)) - continue; - - if (!ssl_security_shared_cipher(s, c)) - continue; - - ssl_set_cert_masks(cert, c); - mask_k = cert->mask_k; - mask_a = cert->mask_a; - - alg_k = c->algorithm_mkey; - alg_a = c->algorithm_auth; - - ok = (alg_k & mask_k) && (alg_a & mask_a); - - /* - * If we are considering an ECC cipher suite that uses our - * certificate check it. - */ - if (alg_a & SSL_aECDSA) - ok = ok && tls1_check_ec_server_key(s); - /* - * If we are considering an ECC cipher suite that uses - * an ephemeral EC key check it. - */ - if (alg_k & SSL_kECDHE) - ok = ok && can_use_ecc; - - if (!ok) - continue; - ii = sk_SSL_CIPHER_find(allow, c); - if (ii >= 0) { - ret = sk_SSL_CIPHER_value(allow, ii); - break; - } - } - return (ret); -} - -#define SSL3_CT_RSA_SIGN 1 -#define SSL3_CT_RSA_FIXED_DH 3 -#define SSL3_CT_ECDSA_SIGN 64 - -int -ssl3_get_req_cert_types(SSL *s, CBB *cbb) -{ - unsigned long alg_k; - - alg_k = s->s3->hs.cipher->algorithm_mkey; - - if ((alg_k & SSL_kDHE) != 0) { - if (!CBB_add_u8(cbb, SSL3_CT_RSA_FIXED_DH)) - return 0; - } - - if (!CBB_add_u8(cbb, SSL3_CT_RSA_SIGN)) - return 0; - - /* - * ECDSA certs can be used with RSA cipher suites as well - * so we don't need to check for SSL_kECDH or SSL_kECDHE. - */ - if (!CBB_add_u8(cbb, SSL3_CT_ECDSA_SIGN)) - return 0; - - return 1; -} - -int -ssl3_shutdown(SSL *s) -{ - int ret; - - /* - * Don't do anything much if we have not done the handshake or - * we don't want to send messages :-) - */ - if ((s->quiet_shutdown) || (s->s3->hs.state == SSL_ST_BEFORE)) { - s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); - return (1); - } - - if (!(s->shutdown & SSL_SENT_SHUTDOWN)) { - s->shutdown|=SSL_SENT_SHUTDOWN; - ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); - /* - * Our shutdown alert has been sent now, and if it still needs - * to be written, s->s3->alert_dispatch will be true - */ - if (s->s3->alert_dispatch) - return (-1); /* return WANT_WRITE */ - } else if (s->s3->alert_dispatch) { - /* resend it if not sent */ - ret = ssl3_dispatch_alert(s); - if (ret == -1) { - /* - * We only get to return -1 here the 2nd/Nth - * invocation, we must have already signalled - * return 0 upon a previous invoation, - * return WANT_WRITE - */ - return (ret); - } - } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { - /* If we are waiting for a close from our peer, we are closed */ - s->method->ssl_read_bytes(s, 0, NULL, 0, 0); - if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { - return (-1); /* return WANT_READ */ - } - } - - if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && - !s->s3->alert_dispatch) - return (1); - else - return (0); -} - -int -ssl3_write(SSL *s, const void *buf, int len) -{ - errno = 0; - - if (s->s3->renegotiate) - ssl3_renegotiate_check(s); - - return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, - buf, len); -} - -static int -ssl3_read_internal(SSL *s, void *buf, int len, int peek) -{ - int ret; - - errno = 0; - if (s->s3->renegotiate) - ssl3_renegotiate_check(s); - s->s3->in_read_app_data = 1; - - ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, - peek); - if ((ret == -1) && (s->s3->in_read_app_data == 2)) { - /* - * ssl3_read_bytes decided to call s->handshake_func, - * which called ssl3_read_bytes to read handshake data. - * However, ssl3_read_bytes actually found application data - * and thinks that application data makes sense here; so disable - * handshake processing and try to read application data again. - */ - s->in_handshake++; - ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, - buf, len, peek); - s->in_handshake--; - } else - s->s3->in_read_app_data = 0; - - return (ret); -} - -int -ssl3_read(SSL *s, void *buf, int len) -{ - return ssl3_read_internal(s, buf, len, 0); -} - -int -ssl3_peek(SSL *s, void *buf, int len) -{ - return ssl3_read_internal(s, buf, len, 1); -} - -int -ssl3_renegotiate(SSL *s) -{ - if (s->handshake_func == NULL) - return 1; - - if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) - return 0; - - s->s3->renegotiate = 1; - - return 1; -} - -int -ssl3_renegotiate_check(SSL *s) -{ - if (!s->s3->renegotiate) - return 0; - if (SSL_in_init(s) || s->s3->rbuf.left != 0 || s->s3->wbuf.left != 0) - return 0; - - s->s3->hs.state = SSL_ST_RENEGOTIATE; - s->s3->renegotiate = 0; - s->s3->num_renegotiations++; - s->s3->total_renegotiations++; - - return 1; -} diff --git a/src/lib/libssl/shlib_version b/src/lib/libssl/shlib_version deleted file mode 100644 index c2665004b4..0000000000 --- a/src/lib/libssl/shlib_version +++ /dev/null @@ -1,3 +0,0 @@ -# Don't forget to give libtls the same type of bump! -major=59 -minor=1 diff --git a/src/lib/libssl/srtp.h b/src/lib/libssl/srtp.h deleted file mode 100644 index 686e9d924a..0000000000 --- a/src/lib/libssl/srtp.h +++ /dev/null @@ -1,148 +0,0 @@ -/* $OpenBSD: srtp.h,v 1.8 2025/03/13 10:26:41 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* - * DTLS code by Eric Rescorla - * - * Copyright (C) 2006, Network Resonance, Inc. - * Copyright (C) 2011, RTFM, Inc. - */ - -#ifndef HEADER_D1_SRTP_H -#define HEADER_D1_SRTP_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define SRTP_AES128_CM_SHA1_80 0x0001 -#define SRTP_AES128_CM_SHA1_32 0x0002 -#define SRTP_AES128_F8_SHA1_80 0x0003 -#define SRTP_AES128_F8_SHA1_32 0x0004 -#define SRTP_NULL_SHA1_80 0x0005 -#define SRTP_NULL_SHA1_32 0x0006 - -/* AEAD SRTP protection profiles from RFC 7714 */ -#define SRTP_AEAD_AES_128_GCM 0x0007 -#define SRTP_AEAD_AES_256_GCM 0x0008 - -int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); -int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); - -STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); -SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h deleted file mode 100644 index a1ed22b778..0000000000 --- a/src/lib/libssl/ssl.h +++ /dev/null @@ -1,2343 +0,0 @@ -/* $OpenBSD: ssl.h,v 1.247 2025/03/12 14:03:55 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#ifndef HEADER_SSL_H -#define HEADER_SSL_H - -#include - -#include - -#include -#include -#include - -#include - -#ifndef OPENSSL_NO_DEPRECATED -#include -#include -#include - -#ifndef OPENSSL_NO_X509 -#include -#endif -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* SSLeay version number for ASN.1 encoding of the session information */ -/* Version 0 - initial version - * Version 1 - added the optional peer certificate - */ -#define SSL_SESSION_ASN1_VERSION 0x0001 - -/* text strings for the ciphers */ -#define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5 -#define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5 -#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 -#define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5 -#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 -#define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5 -#define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5 -#define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA -#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 -#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA - -/* VRS Additional Kerberos5 entries - */ -#define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA -#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA -#define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 -#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 - -#define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA -#define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA -#define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 -#define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 - -#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA -#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 -#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA -#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 -#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA -#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 -#define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 - -#define SSL_MAX_SSL_SESSION_ID_LENGTH 32 -#define SSL_MAX_SID_CTX_LENGTH 32 - -#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) -#define SSL_MAX_KEY_ARG_LENGTH 8 -#define SSL_MAX_MASTER_KEY_LENGTH 48 - - -/* These are used to specify which ciphers to use and not to use */ - -#define SSL_TXT_LOW "LOW" -#define SSL_TXT_MEDIUM "MEDIUM" -#define SSL_TXT_HIGH "HIGH" - -#define SSL_TXT_kFZA "kFZA" /* unused! */ -#define SSL_TXT_aFZA "aFZA" /* unused! */ -#define SSL_TXT_eFZA "eFZA" /* unused! */ -#define SSL_TXT_FZA "FZA" /* unused! */ - -#define SSL_TXT_aNULL "aNULL" -#define SSL_TXT_eNULL "eNULL" -#define SSL_TXT_NULL "NULL" - -#define SSL_TXT_kRSA "kRSA" -#define SSL_TXT_kDHr "kDHr" /* no such ciphersuites supported! */ -#define SSL_TXT_kDHd "kDHd" /* no such ciphersuites supported! */ -#define SSL_TXT_kDH "kDH" /* no such ciphersuites supported! */ -#define SSL_TXT_kEDH "kEDH" -#define SSL_TXT_kKRB5 "kKRB5" -#define SSL_TXT_kECDHr "kECDHr" -#define SSL_TXT_kECDHe "kECDHe" -#define SSL_TXT_kECDH "kECDH" -#define SSL_TXT_kEECDH "kEECDH" -#define SSL_TXT_kPSK "kPSK" -#define SSL_TXT_kSRP "kSRP" - -#define SSL_TXT_aRSA "aRSA" -#define SSL_TXT_aDSS "aDSS" -#define SSL_TXT_aDH "aDH" /* no such ciphersuites supported! */ -#define SSL_TXT_aECDH "aECDH" -#define SSL_TXT_aKRB5 "aKRB5" -#define SSL_TXT_aECDSA "aECDSA" -#define SSL_TXT_aPSK "aPSK" - -#define SSL_TXT_DSS "DSS" -#define SSL_TXT_DH "DH" -#define SSL_TXT_DHE "DHE" /* same as "kDHE:-ADH" */ -#define SSL_TXT_EDH "EDH" /* previous name for DHE */ -#define SSL_TXT_ADH "ADH" -#define SSL_TXT_RSA "RSA" -#define SSL_TXT_ECDH "ECDH" -#define SSL_TXT_ECDHE "ECDHE" /* same as "kECDHE:-AECDH" */ -#define SSL_TXT_EECDH "EECDH" /* previous name for ECDHE */ -#define SSL_TXT_AECDH "AECDH" -#define SSL_TXT_ECDSA "ECDSA" -#define SSL_TXT_KRB5 "KRB5" -#define SSL_TXT_PSK "PSK" -#define SSL_TXT_SRP "SRP" - -#define SSL_TXT_DES "DES" -#define SSL_TXT_3DES "3DES" -#define SSL_TXT_RC4 "RC4" -#define SSL_TXT_RC2 "RC2" -#define SSL_TXT_IDEA "IDEA" -#define SSL_TXT_SEED "SEED" -#define SSL_TXT_AES128 "AES128" -#define SSL_TXT_AES256 "AES256" -#define SSL_TXT_AES "AES" -#define SSL_TXT_AES_GCM "AESGCM" -#define SSL_TXT_CAMELLIA128 "CAMELLIA128" -#define SSL_TXT_CAMELLIA256 "CAMELLIA256" -#define SSL_TXT_CAMELLIA "CAMELLIA" -#define SSL_TXT_CHACHA20 "CHACHA20" - -#define SSL_TXT_AEAD "AEAD" -#define SSL_TXT_MD5 "MD5" -#define SSL_TXT_SHA1 "SHA1" -#define SSL_TXT_SHA "SHA" /* same as "SHA1" */ -#define SSL_TXT_SHA256 "SHA256" -#define SSL_TXT_SHA384 "SHA384" - -#define SSL_TXT_DTLS1 "DTLSv1" -#define SSL_TXT_DTLS1_2 "DTLSv1.2" -#define SSL_TXT_SSLV2 "SSLv2" -#define SSL_TXT_SSLV3 "SSLv3" -#define SSL_TXT_TLSV1 "TLSv1" -#define SSL_TXT_TLSV1_1 "TLSv1.1" -#define SSL_TXT_TLSV1_2 "TLSv1.2" -#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) -#define SSL_TXT_TLSV1_3 "TLSv1.3" -#endif - -#define SSL_TXT_EXP "EXP" -#define SSL_TXT_EXPORT "EXPORT" - -#define SSL_TXT_ALL "ALL" - -/* - * COMPLEMENTOF* definitions. These identifiers are used to (de-select) - * ciphers normally not being used. - * Example: "RC4" will activate all ciphers using RC4 including ciphers - * without authentication, which would normally disabled by DEFAULT (due - * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" - * will make sure that it is also disabled in the specific selection. - * COMPLEMENTOF* identifiers are portable between version, as adjustments - * to the default cipher setup will also be included here. - * - * COMPLEMENTOFDEFAULT does not experience the same special treatment that - * DEFAULT gets, as only selection is being done and no sorting as needed - * for DEFAULT. - */ -#define SSL_TXT_CMPALL "COMPLEMENTOFALL" -#define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" - -/* The following cipher list is used by default. - * It also is substituted when an application-defined cipher list string - * starts with 'DEFAULT'. */ -#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" -/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always - * starts with a reasonable order, and all we have to do for DEFAULT is - * throwing out anonymous and unencrypted ciphersuites! - * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable - * some of them.) - */ - -/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ -#define SSL_SENT_SHUTDOWN 1 -#define SSL_RECEIVED_SHUTDOWN 2 - - -#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 -#define SSL_FILETYPE_PEM X509_FILETYPE_PEM - -/* This is needed to stop compilers complaining about the - * 'struct ssl_st *' function parameters used to prototype callbacks - * in SSL_CTX. */ -typedef struct ssl_st *ssl_crock_st; - -typedef struct ssl_method_st SSL_METHOD; -typedef struct ssl_cipher_st SSL_CIPHER; -typedef struct ssl_session_st SSL_SESSION; - -#if defined(LIBRESSL_HAS_QUIC) || defined(LIBRESSL_INTERNAL) -typedef struct ssl_quic_method_st SSL_QUIC_METHOD; -#endif - -DECLARE_STACK_OF(SSL_CIPHER) - -/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ -typedef struct srtp_protection_profile_st { - const char *name; - unsigned long id; -} SRTP_PROTECTION_PROFILE; - -DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) - -typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, - int len, void *arg); -typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, - STACK_OF(SSL_CIPHER) *peer_ciphers, const SSL_CIPHER **cipher, void *arg); - -/* Allow initial connection to servers that don't support RI */ -#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L - -/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added - * in OpenSSL 0.9.6d. Usually (depending on the application protocol) - * the workaround is not needed. - * Unfortunately some broken SSL/TLS implementations cannot handle it - * at all, which is why it was previously included in SSL_OP_ALL. - * Now it's not. - */ -#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L - -/* DTLS options */ -#define SSL_OP_NO_QUERY_MTU 0x00001000L -/* Turn on Cookie Exchange (on relevant for servers) */ -#define SSL_OP_COOKIE_EXCHANGE 0x00002000L -/* Don't use RFC4507 ticket extension */ -#define SSL_OP_NO_TICKET 0x00004000L - -/* As server, disallow session resumption on renegotiation */ -#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L -/* Disallow client initiated renegotiation. */ -#define SSL_OP_NO_CLIENT_RENEGOTIATION 0x00020000L -/* Disallow client and server initiated renegotiation. */ -#define SSL_OP_NO_RENEGOTIATION 0x00040000L -/* Allow client initiated renegotiation. */ -#define SSL_OP_ALLOW_CLIENT_RENEGOTIATION 0x00080000L -/* If set, always create a new key when using tmp_dh parameters */ -#define SSL_OP_SINGLE_DH_USE 0x00100000L -/* Set on servers to choose the cipher according to the server's - * preferences */ -#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L - -#define SSL_OP_NO_TLSv1 0x04000000L -#define SSL_OP_NO_TLSv1_2 0x08000000L -#define SSL_OP_NO_TLSv1_1 0x10000000L - -#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) -#define SSL_OP_NO_TLSv1_3 0x20000000L -#endif - -#define SSL_OP_NO_DTLSv1 0x40000000L -#define SSL_OP_NO_DTLSv1_2 0x80000000L - -/* SSL_OP_ALL: various bug workarounds that should be rather harmless. */ -#define SSL_OP_ALL \ - (SSL_OP_LEGACY_SERVER_CONNECT) - -/* Obsolete flags kept for compatibility. No sane code should use them. */ -#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0 -#define SSL_OP_CISCO_ANYCONNECT 0x0 -#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x0 -#define SSL_OP_EPHEMERAL_RSA 0x0 -#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 -#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0 -#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 -#define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 -#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x0 -#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0 -#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0 -#define SSL_OP_NO_COMPRESSION 0x0 -#define SSL_OP_NO_SSLv2 0x0 -#define SSL_OP_NO_SSLv3 0x0 -#define SSL_OP_PKCS1_CHECK_1 0x0 -#define SSL_OP_PKCS1_CHECK_2 0x0 -#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x0 -#define SSL_OP_SINGLE_ECDH_USE 0x0 -#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 -#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 -#define SSL_OP_TLSEXT_PADDING 0x0 -#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 -#define SSL_OP_TLS_D5_BUG 0x0 -#define SSL_OP_TLS_ROLLBACK_BUG 0x0 - -/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success - * when just a single record has been written): */ -#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L -/* Make it possible to retry SSL_write() with changed buffer location - * (buffer contents must stay the same!); this is not the default to avoid - * the misconception that non-blocking SSL_write() behaves like - * non-blocking write(): */ -#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L -/* Never bother the application with retries if the transport - * is blocking: */ -#define SSL_MODE_AUTO_RETRY 0x00000004L -/* Don't attempt to automatically build certificate chain */ -#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L -/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and - * TLS only.) "Released" buffers are put onto a free-list in the context - * or just freed (depending on the context's setting for freelist_max_len). */ -#define SSL_MODE_RELEASE_BUFFERS 0x00000010L - -/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, - * they cannot be used to clear bits. */ - -#define SSL_CTX_set_options(ctx,op) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) -#define SSL_CTX_clear_options(ctx,op) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) -#define SSL_CTX_get_options(ctx) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) -#define SSL_set_options(ssl,op) \ - SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) -#define SSL_clear_options(ssl,op) \ - SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) -#define SSL_get_options(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) - -#define SSL_CTX_set_mode(ctx,op) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) -#define SSL_CTX_clear_mode(ctx,op) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) -#define SSL_CTX_get_mode(ctx) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) -#define SSL_clear_mode(ssl,op) \ - SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) -#define SSL_set_mode(ssl,op) \ - SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) -#define SSL_get_mode(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) -#define SSL_set_mtu(ssl, mtu) \ - SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) - -#define SSL_get_secure_renegotiation_support(ssl) \ - SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) - -void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, - int version, int content_type, const void *buf, size_t len, SSL *ssl, - void *arg)); -void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, - int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); -#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) -#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) -typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); -void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); -SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); -int SSL_set_num_tickets(SSL *s, size_t num_tickets); -size_t SSL_get_num_tickets(const SSL *s); -int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); -size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); -STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s); - -#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */ - -#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) - -/* This callback type is used inside SSL_CTX, SSL, and in the functions that set - * them. It is used to override the generation of SSL/TLS session IDs in a - * server. Return value should be zero on an error, non-zero to proceed. Also, - * callbacks should themselves check if the id they generate is unique otherwise - * the SSL handshake will fail with an error - callbacks can do this using the - * 'ssl' value they're passed by; - * SSL_has_matching_session_id(ssl, id, *id_len) - * The length value passed in is set at the maximum size the session ID can be. - * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback - * can alter this length to be less if desired, but under SSLv2 session IDs are - * supposed to be fixed at 16 bytes so the id will be padded after the callback - * returns in this case. It is also an error for the callback to set the size to - * zero. */ -typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, - unsigned int *id_len); - -typedef struct ssl_comp_st SSL_COMP; - -#ifdef LIBRESSL_INTERNAL -DECLARE_STACK_OF(SSL_COMP) -struct lhash_st_SSL_SESSION { - int dummy; -}; -#endif - -#define SSL_SESS_CACHE_OFF 0x0000 -#define SSL_SESS_CACHE_CLIENT 0x0001 -#define SSL_SESS_CACHE_SERVER 0x0002 -#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) -#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 -/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ -#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 -#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 -#define SSL_SESS_CACHE_NO_INTERNAL \ - (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) - -struct lhash_st_SSL_SESSION *SSL_CTX_sessions(SSL_CTX *ctx); -#define SSL_CTX_sess_number(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) -#define SSL_CTX_sess_connect(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) -#define SSL_CTX_sess_connect_good(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) -#define SSL_CTX_sess_connect_renegotiate(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) -#define SSL_CTX_sess_accept(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) -#define SSL_CTX_sess_accept_renegotiate(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) -#define SSL_CTX_sess_accept_good(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) -#define SSL_CTX_sess_hits(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) -#define SSL_CTX_sess_cb_hits(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) -#define SSL_CTX_sess_misses(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) -#define SSL_CTX_sess_timeouts(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) -#define SSL_CTX_sess_cache_full(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) - -void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, - int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess)); -int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, - SSL_SESSION *sess); -void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, - void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess)); -void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, - SSL_SESSION *sess); -void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, - SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, - const unsigned char *data, int len, int *copy)); -SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, - const unsigned char *data, int len, int *copy); -void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl, - int type, int val)); -void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, - int val); -void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, - int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); -int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, - EVP_PKEY **pkey); -void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, - int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, - unsigned int *cookie_len)); -void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, - int (*app_verify_cookie_cb)(SSL *ssl, const unsigned char *cookie, - unsigned int cookie_len)); -void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL *ssl, - const unsigned char **out, unsigned int *outlen, void *arg), void *arg); -void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, int (*cb)(SSL *ssl, - unsigned char **out, unsigned char *outlen, const unsigned char *in, - unsigned int inlen, void *arg), void *arg); - -int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, const unsigned char *client, - unsigned int client_len); -void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, - unsigned int *len); - -#define OPENSSL_NPN_UNSUPPORTED 0 -#define OPENSSL_NPN_NEGOTIATED 1 -#define OPENSSL_NPN_NO_OVERLAP 2 - -int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, - unsigned int protos_len); -int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, - unsigned int protos_len); -void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, - int (*cb)(SSL *ssl, const unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, void *arg), void *arg); -void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, - unsigned int *len); - -#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) -typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, - const unsigned char **id, size_t *idlen, SSL_SESSION **sess); -void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); -#endif - -#define SSL_NOTHING 1 -#define SSL_WRITING 2 -#define SSL_READING 3 -#define SSL_X509_LOOKUP 4 - -/* These will only be used when doing non-blocking IO */ -#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) -#define SSL_want_read(s) (SSL_want(s) == SSL_READING) -#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) -#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) - -#define SSL_MAC_FLAG_READ_MAC_STREAM 1 -#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 - -#ifdef __cplusplus -} -#endif - -#include -#include /* This is mostly sslv3 with a few tweaks */ -#include /* Datagram TLS */ -#include /* Support for the use_srtp extension */ - -#ifdef __cplusplus -extern "C" { -#endif - -/* compatibility */ -#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) -#define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) -#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a)) -#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) -#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) -#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) - -/* The following are the possible values for ssl->state are are - * used to indicate where we are up to in the SSL connection establishment. - * The macros that follow are about the only things you should need to use - * and even then, only when using non-blocking IO. - * It can also be useful to work out where you were when the connection - * failed */ - -#define SSL_ST_CONNECT 0x1000 -#define SSL_ST_ACCEPT 0x2000 -#define SSL_ST_MASK 0x0FFF -#define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT) -#define SSL_ST_BEFORE 0x4000 -#define SSL_ST_OK 0x03 -#define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) - -#define SSL_CB_LOOP 0x01 -#define SSL_CB_EXIT 0x02 -#define SSL_CB_READ 0x04 -#define SSL_CB_WRITE 0x08 -#define SSL_CB_ALERT 0x4000 /* used in callback */ -#define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) -#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) -#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) -#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) -#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) -#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) -#define SSL_CB_HANDSHAKE_START 0x10 -#define SSL_CB_HANDSHAKE_DONE 0x20 - -/* Is the SSL_connection established? */ -#define SSL_get_state(a) (SSL_state((a))) -#define SSL_is_init_finished(a) (SSL_state((a)) == SSL_ST_OK) -#define SSL_in_init(a) (SSL_state((a))&SSL_ST_INIT) -#define SSL_in_before(a) (SSL_state((a))&SSL_ST_BEFORE) -#define SSL_in_connect_init(a) (SSL_state((a))&SSL_ST_CONNECT) -#define SSL_in_accept_init(a) (SSL_state((a))&SSL_ST_ACCEPT) - -/* The following 2 states are kept in ssl->rstate when reads fail, - * you should not need these */ -#define SSL_ST_READ_HEADER 0xF0 -#define SSL_ST_READ_BODY 0xF1 -#define SSL_ST_READ_DONE 0xF2 - -/* Obtain latest Finished message - * -- that we sent (SSL_get_finished) - * -- that we expected from peer (SSL_get_peer_finished). - * Returns length (0 == no Finished so far), copies up to 'count' bytes. */ -size_t SSL_get_finished(const SSL *s, void *buf, size_t count); -size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); - -/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options - * are 'ored' with SSL_VERIFY_PEER if they are desired */ -#define SSL_VERIFY_NONE 0x00 -#define SSL_VERIFY_PEER 0x01 -#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 -#define SSL_VERIFY_CLIENT_ONCE 0x04 -#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) -#define SSL_VERIFY_POST_HANDSHAKE 0x08 - -int SSL_verify_client_post_handshake(SSL *s); -void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); -void SSL_set_post_handshake_auth(SSL *s, int val); -#endif - -#define OpenSSL_add_ssl_algorithms() SSL_library_init() -#define SSLeay_add_ssl_algorithms() SSL_library_init() - -/* More backward compatibility */ -#define SSL_get_cipher(s) \ - SSL_CIPHER_get_name(SSL_get_current_cipher(s)) -#define SSL_get_cipher_bits(s,np) \ - SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) -#define SSL_get_cipher_version(s) \ - SSL_CIPHER_get_version(SSL_get_current_cipher(s)) -#define SSL_get_cipher_name(s) \ - SSL_CIPHER_get_name(SSL_get_current_cipher(s)) -#define SSL_get_time(a) SSL_SESSION_get_time(a) -#define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) -#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) -#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) - -#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) -#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) - -SSL_SESSION *PEM_read_bio_SSL_SESSION(BIO *bp, SSL_SESSION **x, - pem_password_cb *cb, void *u); -SSL_SESSION *PEM_read_SSL_SESSION(FILE *fp, SSL_SESSION **x, - pem_password_cb *cb, void *u); -int PEM_write_bio_SSL_SESSION(BIO *bp, SSL_SESSION *x); -int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x); - -/* - * TLS Alerts. - * - * https://www.iana.org/assignments/tls-parameters/#tls-parameters-6 - */ - -/* Obsolete alerts. */ -#ifndef LIBRESSL_INTERNAL -#define SSL_AD_DECRYPTION_FAILED 21 /* Removed in TLSv1.1 */ -#define SSL_AD_NO_CERTIFICATE 41 /* Removed in TLSv1.0 */ -#define SSL_AD_EXPORT_RESTRICTION 60 /* Removed in TLSv1.1 */ -#endif - -#define SSL_AD_CLOSE_NOTIFY 0 -#define SSL_AD_UNEXPECTED_MESSAGE 10 -#define SSL_AD_BAD_RECORD_MAC 20 -#define SSL_AD_RECORD_OVERFLOW 22 -#define SSL_AD_DECOMPRESSION_FAILURE 30 /* Removed in TLSv1.3 */ -#define SSL_AD_HANDSHAKE_FAILURE 40 -#define SSL_AD_BAD_CERTIFICATE 42 -#define SSL_AD_UNSUPPORTED_CERTIFICATE 43 -#define SSL_AD_CERTIFICATE_REVOKED 44 -#define SSL_AD_CERTIFICATE_EXPIRED 45 -#define SSL_AD_CERTIFICATE_UNKNOWN 46 -#define SSL_AD_ILLEGAL_PARAMETER 47 -#define SSL_AD_UNKNOWN_CA 48 -#define SSL_AD_ACCESS_DENIED 49 -#define SSL_AD_DECODE_ERROR 50 -#define SSL_AD_DECRYPT_ERROR 51 -#define SSL_AD_PROTOCOL_VERSION 70 -#define SSL_AD_INSUFFICIENT_SECURITY 71 -#define SSL_AD_INTERNAL_ERROR 80 -#define SSL_AD_INAPPROPRIATE_FALLBACK 86 -#define SSL_AD_USER_CANCELLED 90 -#define SSL_AD_NO_RENEGOTIATION 100 /* Removed in TLSv1.3 */ -#define SSL_AD_MISSING_EXTENSION 109 /* Added in TLSv1.3. */ -#define SSL_AD_UNSUPPORTED_EXTENSION 110 -#define SSL_AD_CERTIFICATE_UNOBTAINABLE 111 /* Removed in TLSv1.3 */ -#define SSL_AD_UNRECOGNIZED_NAME 112 -#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 -#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE 114 /* Removed in TLSv1.3 */ -#define SSL_AD_UNKNOWN_PSK_IDENTITY 115 -#define SSL_AD_CERTIFICATE_REQUIRED 116 -#define SSL_AD_NO_APPLICATION_PROTOCOL 120 - -/* Offset to get an SSL_R_... value from an SSL_AD_... value. */ -#define SSL_AD_REASON_OFFSET 1000 - -#define SSL_ERROR_NONE 0 -#define SSL_ERROR_SSL 1 -#define SSL_ERROR_WANT_READ 2 -#define SSL_ERROR_WANT_WRITE 3 -#define SSL_ERROR_WANT_X509_LOOKUP 4 -#define SSL_ERROR_SYSCALL 5 -#define SSL_ERROR_ZERO_RETURN 6 -#define SSL_ERROR_WANT_CONNECT 7 -#define SSL_ERROR_WANT_ACCEPT 8 -#define SSL_ERROR_WANT_ASYNC 9 -#define SSL_ERROR_WANT_ASYNC_JOB 10 -#define SSL_ERROR_WANT_CLIENT_HELLO_CB 11 - -#define SSL_CTRL_NEED_TMP_RSA 1 -#define SSL_CTRL_SET_TMP_RSA 2 -#define SSL_CTRL_SET_TMP_DH 3 -#define SSL_CTRL_SET_TMP_ECDH 4 -#define SSL_CTRL_SET_TMP_RSA_CB 5 -#define SSL_CTRL_SET_TMP_DH_CB 6 -#define SSL_CTRL_SET_TMP_ECDH_CB 7 - -#define SSL_CTRL_GET_SESSION_REUSED 8 -#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 -#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 -#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 -#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 -#define SSL_CTRL_GET_FLAGS 13 -#define SSL_CTRL_EXTRA_CHAIN_CERT 14 - -#define SSL_CTRL_SET_MSG_CALLBACK 15 -#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 - -/* only applies to datagram connections */ -#define SSL_CTRL_SET_MTU 17 -/* Stats */ -#define SSL_CTRL_SESS_NUMBER 20 -#define SSL_CTRL_SESS_CONNECT 21 -#define SSL_CTRL_SESS_CONNECT_GOOD 22 -#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 -#define SSL_CTRL_SESS_ACCEPT 24 -#define SSL_CTRL_SESS_ACCEPT_GOOD 25 -#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 -#define SSL_CTRL_SESS_HIT 27 -#define SSL_CTRL_SESS_CB_HIT 28 -#define SSL_CTRL_SESS_MISSES 29 -#define SSL_CTRL_SESS_TIMEOUTS 30 -#define SSL_CTRL_SESS_CACHE_FULL 31 -#define SSL_CTRL_OPTIONS 32 -#define SSL_CTRL_MODE 33 - -#define SSL_CTRL_GET_READ_AHEAD 40 -#define SSL_CTRL_SET_READ_AHEAD 41 -#define SSL_CTRL_SET_SESS_CACHE_SIZE 42 -#define SSL_CTRL_GET_SESS_CACHE_SIZE 43 -#define SSL_CTRL_SET_SESS_CACHE_MODE 44 -#define SSL_CTRL_GET_SESS_CACHE_MODE 45 - -#define SSL_CTRL_GET_MAX_CERT_LIST 50 -#define SSL_CTRL_SET_MAX_CERT_LIST 51 - -#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 - -/* see tls1.h for macros based on these */ -#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 -#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 -#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 -#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 -#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 -#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 -#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 -#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 -#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 -#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 -#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 -#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 -#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 -#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 -#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 -#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 -#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 -#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 -#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 - -#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 - -#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 -#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 -#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 - -#define SSL_CTRL_SET_SRP_ARG 78 -#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 -#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 -#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 - -#define DTLS_CTRL_GET_TIMEOUT 73 -#define DTLS_CTRL_HANDLE_TIMEOUT 74 -#define DTLS_CTRL_LISTEN 75 - -#define SSL_CTRL_GET_RI_SUPPORT 76 -#define SSL_CTRL_CLEAR_OPTIONS 77 -#define SSL_CTRL_CLEAR_MODE 78 - -#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 -#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 - -#define SSL_CTRL_CHAIN 88 -#define SSL_CTRL_CHAIN_CERT 89 - -#define SSL_CTRL_SET_GROUPS 91 -#define SSL_CTRL_SET_GROUPS_LIST 92 -#define SSL_CTRL_GET_SHARED_GROUP 93 -#define SSL_CTRL_SET_ECDH_AUTO 94 - -#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) -#define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 -#define SSL_CTRL_GET_PEER_TMP_KEY 109 -#define SSL_CTRL_GET_SERVER_TMP_KEY SSL_CTRL_GET_PEER_TMP_KEY -#else -#define SSL_CTRL_GET_SERVER_TMP_KEY 109 -#endif - -#define SSL_CTRL_GET_CHAIN_CERTS 115 - -#define SSL_CTRL_SET_DH_AUTO 118 - -#define SSL_CTRL_SET_MIN_PROTO_VERSION 123 -#define SSL_CTRL_SET_MAX_PROTO_VERSION 124 -#define SSL_CTRL_GET_MIN_PROTO_VERSION 130 -#define SSL_CTRL_GET_MAX_PROTO_VERSION 131 - -#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) -#define SSL_CTRL_GET_SIGNATURE_NID 132 -#endif - -#define DTLSv1_get_timeout(ssl, arg) \ - SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) -#define DTLSv1_handle_timeout(ssl) \ - SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) -#define DTLSv1_listen(ssl, peer) \ - SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) - -#define SSL_session_reused(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) -#define SSL_num_renegotiations(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) -#define SSL_clear_num_renegotiations(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) -#define SSL_total_renegotiations(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) - -#define SSL_CTX_need_tmp_RSA(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) -#define SSL_CTX_set_tmp_rsa(ctx,rsa) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) -#define SSL_CTX_set_tmp_dh(ctx,dh) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) -#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) -#define SSL_CTX_set_dh_auto(ctx, onoff) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) -#define SSL_CTX_set_ecdh_auto(ctx, onoff) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) - -#define SSL_need_tmp_RSA(ssl) \ - SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) -#define SSL_set_tmp_rsa(ssl,rsa) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) -#define SSL_set_tmp_dh(ssl,dh) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) -#define SSL_set_tmp_ecdh(ssl,ecdh) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) -#define SSL_set_dh_auto(s, onoff) \ - SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) -#define SSL_set_ecdh_auto(s, onoff) \ - SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) - -int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *chain); -int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *chain); -int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509); -int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509); -int SSL_CTX_get0_chain_certs(const SSL_CTX *ctx, STACK_OF(X509) **out_chain); -int SSL_CTX_clear_chain_certs(SSL_CTX *ctx); - -int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *chain); -int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *chain); -int SSL_add0_chain_cert(SSL *ssl, X509 *x509); -int SSL_add1_chain_cert(SSL *ssl, X509 *x509); -int SSL_get0_chain_certs(const SSL *ssl, STACK_OF(X509) **out_chain); -int SSL_clear_chain_certs(SSL *ssl); - -int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len); -int SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups); - -int SSL_set1_groups(SSL *ssl, const int *groups, size_t groups_len); -int SSL_set1_groups_list(SSL *ssl, const char *groups); - -int SSL_CTX_get_min_proto_version(SSL_CTX *ctx); -int SSL_CTX_get_max_proto_version(SSL_CTX *ctx); -int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version); -int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version); - -int SSL_get_min_proto_version(SSL *ssl); -int SSL_get_max_proto_version(SSL *ssl); -int SSL_set_min_proto_version(SSL *ssl, uint16_t version); -int SSL_set_max_proto_version(SSL *ssl, uint16_t version); - -const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); - -#ifndef LIBRESSL_INTERNAL -#define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS -#define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST - -#define SSL_CTX_set1_curves SSL_CTX_set1_groups -#define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list -#define SSL_set1_curves SSL_set1_groups -#define SSL_set1_curves_list SSL_set1_groups_list -#endif - -#define SSL_CTX_add_extra_chain_cert(ctx, x509) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, (char *)x509) -#define SSL_CTX_get_extra_chain_certs(ctx, px509) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 0, px509) -#define SSL_CTX_get_extra_chain_certs_only(ctx, px509) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 1, px509) -#define SSL_CTX_clear_extra_chain_certs(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS, 0, NULL) - -#define SSL_get_shared_group(s, n) \ - SSL_ctrl((s), SSL_CTRL_GET_SHARED_GROUP, (n), NULL) -#define SSL_get_shared_curve SSL_get_shared_group - -#define SSL_get_server_tmp_key(s, pk) \ - SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) - -#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) -#define SSL_get_signature_nid(s, pn) \ - SSL_ctrl(s, SSL_CTRL_GET_SIGNATURE_NID, 0, pn) - -#define SSL_get_peer_signature_nid(s, pn) \ - SSL_ctrl(s, SSL_CTRL_GET_PEER_SIGNATURE_NID, 0, pn) -#define SSL_get_peer_tmp_key(s, pk) \ - SSL_ctrl(s, SSL_CTRL_GET_PEER_TMP_KEY, 0, pk) -#endif /* LIBRESSL_HAS_TLS1_3 || LIBRESSL_INTERNAL */ - -#ifndef LIBRESSL_INTERNAL -/* - * Also provide those functions as macros for compatibility with - * existing users. - */ -#define SSL_CTX_set0_chain SSL_CTX_set0_chain -#define SSL_CTX_set1_chain SSL_CTX_set1_chain -#define SSL_CTX_add0_chain_cert SSL_CTX_add0_chain_cert -#define SSL_CTX_add1_chain_cert SSL_CTX_add1_chain_cert -#define SSL_CTX_get0_chain_certs SSL_CTX_get0_chain_certs -#define SSL_CTX_clear_chain_certs SSL_CTX_clear_chain_certs - -#define SSL_add0_chain_cert SSL_add0_chain_cert -#define SSL_add1_chain_cert SSL_add1_chain_cert -#define SSL_set0_chain SSL_set0_chain -#define SSL_set1_chain SSL_set1_chain -#define SSL_get0_chain_certs SSL_get0_chain_certs -#define SSL_clear_chain_certs SSL_clear_chain_certs - -#define SSL_CTX_set1_groups SSL_CTX_set1_groups -#define SSL_CTX_set1_groups_list SSL_CTX_set1_groups_list -#define SSL_set1_groups SSL_set1_groups -#define SSL_set1_groups_list SSL_set1_groups_list - -#define SSL_CTX_get_min_proto_version SSL_CTX_get_min_proto_version -#define SSL_CTX_get_max_proto_version SSL_CTX_get_max_proto_version -#define SSL_CTX_set_min_proto_version SSL_CTX_set_min_proto_version -#define SSL_CTX_set_max_proto_version SSL_CTX_set_max_proto_version - -#define SSL_get_min_proto_version SSL_get_min_proto_version -#define SSL_get_max_proto_version SSL_get_max_proto_version -#define SSL_set_min_proto_version SSL_set_min_proto_version -#define SSL_set_max_proto_version SSL_set_max_proto_version -#endif - -const BIO_METHOD *BIO_f_ssl(void); -BIO *BIO_new_ssl(SSL_CTX *ctx, int client); -BIO *BIO_new_ssl_connect(SSL_CTX *ctx); -BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); -int BIO_ssl_copy_session_id(BIO *to, BIO *from); -void BIO_ssl_shutdown(BIO *ssl_bio); - -STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); -int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); -#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) -int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); -#endif -SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); -void SSL_CTX_free(SSL_CTX *); -int SSL_CTX_up_ref(SSL_CTX *ctx); -long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); -long SSL_CTX_get_timeout(const SSL_CTX *ctx); -X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); -void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); -void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store); -X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); -EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); -int SSL_want(const SSL *s); -int SSL_clear(SSL *s); - -void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); - -const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); -int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); -const char * SSL_CIPHER_get_version(const SSL_CIPHER *c); -const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); -unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); -uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *c); -const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); -int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); -int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); -int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); -int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); -const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); -int SSL_CIPHER_is_aead(const SSL_CIPHER *c); - -int SSL_get_fd(const SSL *s); -int SSL_get_rfd(const SSL *s); -int SSL_get_wfd(const SSL *s); -const char * SSL_get_cipher_list(const SSL *s, int n); -char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len); -int SSL_get_read_ahead(const SSL * s); -int SSL_pending(const SSL *s); -int SSL_set_fd(SSL *s, int fd); -int SSL_set_rfd(SSL *s, int fd); -int SSL_set_wfd(SSL *s, int fd); -void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); -BIO * SSL_get_rbio(const SSL *s); -void SSL_set0_rbio(SSL *s, BIO *rbio); -BIO * SSL_get_wbio(const SSL *s); -int SSL_set_cipher_list(SSL *s, const char *str); -#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) -int SSL_set_ciphersuites(SSL *s, const char *str); -#endif -void SSL_set_read_ahead(SSL *s, int yes); -int SSL_get_verify_mode(const SSL *s); -int SSL_get_verify_depth(const SSL *s); -int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *); -void SSL_set_verify(SSL *s, int mode, - int (*callback)(int ok, X509_STORE_CTX *ctx)); -void SSL_set_verify_depth(SSL *s, int depth); -int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); -int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len); -int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); -int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len); -int SSL_use_certificate(SSL *ssl, X509 *x); -int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); - -int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); -int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); -int SSL_use_certificate_file(SSL *ssl, const char *file, int type); -int SSL_use_certificate_chain_file(SSL *ssl, const char *file); -int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); -int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); -int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); -int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */ -int SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len); -STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); -int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, - const char *file); -int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, - const char *dir); - -void SSL_load_error_strings(void ); -const char *SSL_state_string(const SSL *s); -const char *SSL_rstate_string(const SSL *s); -const char *SSL_state_string_long(const SSL *s); -const char *SSL_rstate_string_long(const SSL *s); -const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *ss); -size_t SSL_SESSION_get_master_key(const SSL_SESSION *ss, - unsigned char *out, size_t max_out); -int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); -long SSL_SESSION_get_time(const SSL_SESSION *s); -long SSL_SESSION_set_time(SSL_SESSION *s, long t); -long SSL_SESSION_get_timeout(const SSL_SESSION *s); -long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); -int SSL_copy_session_id(SSL *to, const SSL *from); -X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); -int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, - unsigned int sid_len); -int SSL_SESSION_set1_id_context(SSL_SESSION *s, - const unsigned char *sid_ctx, unsigned int sid_ctx_len); -#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) -int SSL_SESSION_is_resumable(const SSL_SESSION *s); -#endif - -SSL_SESSION *SSL_SESSION_new(void); -void SSL_SESSION_free(SSL_SESSION *ses); -int SSL_SESSION_up_ref(SSL_SESSION *ss); -const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *ss, - unsigned int *len); -const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *ss, - unsigned int *len); -#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) -uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *sess); -int SSL_SESSION_set_max_early_data(SSL_SESSION *sess, uint32_t max_early_data); -#endif -unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); -int SSL_SESSION_has_ticket(const SSL_SESSION *s); -unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *ss); -int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); -int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); -int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); -int SSL_set_session(SSL *to, SSL_SESSION *session); -int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); -int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c); -int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); -int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); -int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, - unsigned int id_len); -SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, - long length); - -#ifdef HEADER_X509_H -X509 * SSL_get_peer_certificate(const SSL *s); -#endif - -STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); - -int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); -int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); -int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *); -void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, - int (*callback)(int, X509_STORE_CTX *)); -void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); -void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg); -int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); -int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); -int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); -int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len); -int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); -int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); - -pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); -void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); -void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); -void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); - -int SSL_CTX_check_private_key(const SSL_CTX *ctx); -int SSL_check_private_key(const SSL *ctx); - -int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len); - -int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len); - -int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); -int SSL_set_purpose(SSL *s, int purpose); -int SSL_CTX_set_trust(SSL_CTX *s, int trust); -int SSL_set_trust(SSL *s, int trust); -int SSL_set1_host(SSL *s, const char *hostname); -void SSL_set_hostflags(SSL *s, unsigned int flags); -const char *SSL_get0_peername(SSL *s); - -X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); -int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); -X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); -int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); - -SSL *SSL_new(SSL_CTX *ctx); -void SSL_free(SSL *ssl); -int SSL_up_ref(SSL *ssl); -int SSL_accept(SSL *ssl); -int SSL_connect(SSL *ssl); -int SSL_is_dtls(const SSL *s); -int SSL_is_server(const SSL *s); -int SSL_read(SSL *ssl, void *buf, int num); -int SSL_peek(SSL *ssl, void *buf, int num); -int SSL_write(SSL *ssl, const void *buf, int num); -int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *bytes_read); -int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *bytes_peeked); -int SSL_write_ex(SSL *ssl, const void *buf, size_t num, size_t *bytes_written); - -#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) -uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); -int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data); - -uint32_t SSL_get_max_early_data(const SSL *s); -int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); - -#define SSL_EARLY_DATA_NOT_SENT 0 -#define SSL_EARLY_DATA_REJECTED 1 -#define SSL_EARLY_DATA_ACCEPTED 2 -int SSL_get_early_data_status(const SSL *s); - -#define SSL_READ_EARLY_DATA_ERROR 0 -#define SSL_READ_EARLY_DATA_SUCCESS 1 -#define SSL_READ_EARLY_DATA_FINISH 2 -int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes); -int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written); -#endif - -long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); -long SSL_callback_ctrl(SSL *, int, void (*)(void)); -long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); -long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); - -int SSL_get_error(const SSL *s, int ret_code); -const char *SSL_get_version(const SSL *s); - -/* This sets the 'default' SSL version that SSL_new() will create */ -int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); - -const SSL_METHOD *SSLv23_method(void); /* SSLv3 or TLSv1.* */ -const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 or TLSv1.* */ -const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 or TLSv1.* */ - -const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ -const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ -const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ - -const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */ -const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */ -const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */ - -const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */ -const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */ -const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */ - -const SSL_METHOD *TLS_method(void); /* TLS v1.0 or later */ -const SSL_METHOD *TLS_server_method(void); /* TLS v1.0 or later */ -const SSL_METHOD *TLS_client_method(void); /* TLS v1.0 or later */ - -const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ -const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ -const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ - -const SSL_METHOD *DTLSv1_2_method(void); /* DTLSv1.2 */ -const SSL_METHOD *DTLSv1_2_server_method(void); /* DTLSv1.2 */ -const SSL_METHOD *DTLSv1_2_client_method(void); /* DTLSv1.2 */ - -const SSL_METHOD *DTLS_method(void); /* DTLS v1.0 or later */ -const SSL_METHOD *DTLS_server_method(void); /* DTLS v1.0 or later */ -const SSL_METHOD *DTLS_client_method(void); /* DTLS v1.0 or later */ - -STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); -STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); -STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); - -int SSL_do_handshake(SSL *s); -int SSL_renegotiate(SSL *s); -int SSL_renegotiate_abbreviated(SSL *s); -int SSL_renegotiate_pending(SSL *s); -int SSL_shutdown(SSL *s); - -const SSL_METHOD *SSL_get_ssl_method(SSL *s); -int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); -const char *SSL_alert_type_string_long(int value); -const char *SSL_alert_type_string(int value); -const char *SSL_alert_desc_string_long(int value); -const char *SSL_alert_desc_string(int value); - -void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); -void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); -STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); -STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); -int SSL_add_client_CA(SSL *ssl, X509 *x); -int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); - -void SSL_set_connect_state(SSL *s); -void SSL_set_accept_state(SSL *s); - -long SSL_get_default_timeout(const SSL *s); - -char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); -STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk); - -SSL *SSL_dup(SSL *ssl); - -X509 *SSL_get_certificate(const SSL *ssl); -/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); - -void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode); -int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); -void SSL_set_quiet_shutdown(SSL *ssl,int mode); -int SSL_get_quiet_shutdown(const SSL *ssl); -void SSL_set_shutdown(SSL *ssl,int mode); -int SSL_get_shutdown(const SSL *ssl); -int SSL_version(const SSL *ssl); -int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); -int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, - const char *CApath); -int SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len); -#define SSL_get0_session SSL_get_session /* just peek at pointer */ -SSL_SESSION *SSL_get_session(const SSL *ssl); -SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ -SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); -SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx); -void SSL_set_info_callback(SSL *ssl, - void (*cb)(const SSL *ssl, int type, int val)); -void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val); -int SSL_state(const SSL *ssl); -void SSL_set_state(SSL *ssl, int state); - -void SSL_set_verify_result(SSL *ssl, long v); -long SSL_get_verify_result(const SSL *ssl); - -int SSL_set_ex_data(SSL *ssl, int idx, void *data); -void *SSL_get_ex_data(const SSL *ssl, int idx); -int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); - -int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); -void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); -int SSL_SESSION_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); - -int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); -void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); -int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); - -int SSL_get_ex_data_X509_STORE_CTX_idx(void ); - -#define SSL_CTX_sess_set_cache_size(ctx,t) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) -#define SSL_CTX_sess_get_cache_size(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) -#define SSL_CTX_set_session_cache_mode(ctx,m) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) -#define SSL_CTX_get_session_cache_mode(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) - -#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) -#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) -#define SSL_CTX_get_read_ahead(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) -#define SSL_CTX_set_read_ahead(ctx,m) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) -#define SSL_CTX_get_max_cert_list(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) -#define SSL_CTX_set_max_cert_list(ctx,m) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) -#define SSL_get_max_cert_list(ssl) \ - SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) -#define SSL_set_max_cert_list(ssl,m) \ - SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) - -#define SSL_CTX_set_max_send_fragment(ctx,m) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) -#define SSL_set_max_send_fragment(ssl,m) \ - SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) - -/* NB: the keylength is only applicable when is_export is true */ -void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, - RSA *(*cb)(SSL *ssl, int is_export, int keylength)); - -void SSL_set_tmp_rsa_callback(SSL *ssl, - RSA *(*cb)(SSL *ssl, int is_export, int keylength)); -void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, - DH *(*dh)(SSL *ssl, int is_export, int keylength)); -void SSL_set_tmp_dh_callback(SSL *ssl, - DH *(*dh)(SSL *ssl, int is_export, int keylength)); -void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, - EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)); -void SSL_set_tmp_ecdh_callback(SSL *ssl, - EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)); - -size_t SSL_get_client_random(const SSL *s, unsigned char *out, size_t max_out); -size_t SSL_get_server_random(const SSL *s, unsigned char *out, size_t max_out); - -const void *SSL_get_current_compression(SSL *s); -const void *SSL_get_current_expansion(SSL *s); - -const char *SSL_COMP_get_name(const void *comp); -void *SSL_COMP_get_compression_methods(void); - -/* TLS extensions functions */ -int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); - -int SSL_set_session_ticket_ext_cb(SSL *s, - tls_session_ticket_ext_cb_fn cb, void *arg); - -/* Pre-shared secret session resumption functions */ -int SSL_set_session_secret_cb(SSL *s, - tls_session_secret_cb_fn tls_session_secret_cb, void *arg); - -int SSL_cache_hit(SSL *s); - -/* What the "other" parameter contains in security callback */ -/* Mask for type */ -#define SSL_SECOP_OTHER_TYPE 0xffff0000 -#define SSL_SECOP_OTHER_NONE 0 -#define SSL_SECOP_OTHER_CIPHER (1 << 16) -#define SSL_SECOP_OTHER_CURVE (2 << 16) -#define SSL_SECOP_OTHER_DH (3 << 16) -#define SSL_SECOP_OTHER_PKEY (4 << 16) -#define SSL_SECOP_OTHER_SIGALG (5 << 16) -#define SSL_SECOP_OTHER_CERT (6 << 16) - -/* Indicated operation refers to peer key or certificate */ -#define SSL_SECOP_PEER 0x1000 - -/* Values for "op" parameter in security callback */ - -/* Called to filter ciphers */ -/* Ciphers client supports */ -#define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) -/* Cipher shared by client/server */ -#define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) -/* Sanity check of cipher server selects */ -#define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) -/* Curves supported by client */ -#define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) -/* Curves shared by client/server */ -#define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) -/* Sanity check of curve server selects */ -#define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) -/* Temporary DH key */ -/* - * XXX: changed in OpenSSL e2b420fdd70 to (7 | SSL_SECOP_OTHER_PKEY) - * Needs switching internal use of DH to EVP_PKEY. The code is not reachable - * from outside the library as long as we do not expose the callback in the API. - */ -#define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_DH) -/* SSL/TLS version */ -#define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) -/* Session tickets */ -#define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) -/* Supported signature algorithms sent to peer */ -#define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) -/* Shared signature algorithm */ -#define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) -/* Sanity check signature algorithm allowed */ -#define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) -/* Used to get mask of supported public key signature algorithms */ -#define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) -/* Use to see if compression is allowed */ -#define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) -/* EE key in certificate */ -#define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) -/* CA key in certificate */ -#define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) -/* CA digest algorithm in certificate */ -#define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) -/* Peer EE key in certificate */ -#define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) -/* Peer CA key in certificate */ -#define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) -/* Peer CA digest algorithm in certificate */ -#define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) - -void SSL_set_security_level(SSL *ssl, int level); -int SSL_get_security_level(const SSL *ssl); - -void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); -int SSL_CTX_get_security_level(const SSL_CTX *ctx); - -#if defined(LIBRESSL_HAS_QUIC) || defined(LIBRESSL_INTERNAL) -/* - * QUIC integration. - * - * QUIC acts as an underlying transport for the TLS 1.3 handshake. The following - * functions allow a QUIC implementation to serve as the underlying transport as - * described in RFC 9001. - * - * When configured for QUIC, |SSL_do_handshake| will drive the handshake as - * before, but it will not use the configured |BIO|. It will call functions on - * |SSL_QUIC_METHOD| to configure secrets and send data. If data is needed from - * the peer, it will return |SSL_ERROR_WANT_READ|. As the caller receives data - * it can decrypt, it calls |SSL_provide_quic_data|. Subsequent - * |SSL_do_handshake| calls will then consume that data and progress the - * handshake. After the handshake is complete, the caller should continue to - * call |SSL_provide_quic_data| for any post-handshake data, followed by - * |SSL_process_quic_post_handshake| to process it. It is an error to call - * |SSL_peek|, |SSL_read| and |SSL_write| in QUIC. - * - * To avoid DoS attacks, the QUIC implementation must limit the amount of data - * being queued up. The implementation can call - * |SSL_quic_max_handshake_flight_len| to get the maximum buffer length at each - * encryption level. - * - * QUIC implementations must additionally configure transport parameters with - * |SSL_set_quic_transport_params|. |SSL_get_peer_quic_transport_params| may be - * used to query the value received from the peer. This extension is handled - * as an opaque byte string, which the caller is responsible for serializing - * and parsing. See RFC 9000 section 7.4 for further details. - */ - -/* - * ssl_encryption_level_t specifies the QUIC encryption level used to transmit - * handshake messages. - */ -typedef enum ssl_encryption_level_t { - ssl_encryption_initial = 0, - ssl_encryption_early_data, - ssl_encryption_handshake, - ssl_encryption_application, -} OSSL_ENCRYPTION_LEVEL; - -/* - * ssl_quic_method_st (aka |SSL_QUIC_METHOD|) describes custom QUIC hooks. - * - * Note that we provide both the new (BoringSSL) secrets interface - * (set_read_secret/set_write_secret) along with the old interface - * (set_encryption_secrets), which quictls is still using. - * - * Since some consumers fail to use named initialisers, the order of these - * functions is important. Hopefully all of these consumers use the old version. - */ -struct ssl_quic_method_st { - /* - * set_encryption_secrets configures the read and write secrets for the - * given encryption level. This function will always be called before an - * encryption level other than |ssl_encryption_initial| is used. - * - * When reading packets at a given level, the QUIC implementation must - * send ACKs at the same level, so this function provides read and write - * secrets together. The exception is |ssl_encryption_early_data|, where - * secrets are only available in the client to server direction. The - * other secret will be NULL. The server acknowledges such data at - * |ssl_encryption_application|, which will be configured in the same - * |SSL_do_handshake| call. - * - * This function should use |SSL_get_current_cipher| to determine the TLS - * cipher suite. - */ - int (*set_encryption_secrets)(SSL *ssl, enum ssl_encryption_level_t level, - const uint8_t *read_secret, const uint8_t *write_secret, - size_t secret_len); - - /* - * add_handshake_data adds handshake data to the current flight at the - * given encryption level. It returns one on success and zero on error. - * Callers should defer writing data to the network until |flush_flight| - * to better pack QUIC packets into transport datagrams. - * - * If |level| is not |ssl_encryption_initial|, this function will not be - * called before |level| is initialized with |set_write_secret|. - */ - int (*add_handshake_data)(SSL *ssl, enum ssl_encryption_level_t level, - const uint8_t *data, size_t len); - - /* - * flush_flight is called when the current flight is complete and should - * be written to the transport. Note a flight may contain data at - * several encryption levels. It returns one on success and zero on - * error. - */ - int (*flush_flight)(SSL *ssl); - - /* - * send_alert sends a fatal alert at the specified encryption level. It - * returns one on success and zero on error. - * - * If |level| is not |ssl_encryption_initial|, this function will not be - * called before |level| is initialized with |set_write_secret|. - */ - int (*send_alert)(SSL *ssl, enum ssl_encryption_level_t level, - uint8_t alert); - - /* - * set_read_secret configures the read secret and cipher suite for the - * given encryption level. It returns one on success and zero to - * terminate the handshake with an error. It will be called at most once - * per encryption level. - * - * Read keys will not be released before QUIC may use them. Once a level - * has been initialized, QUIC may begin processing data from it. - * Handshake data should be passed to |SSL_provide_quic_data| and - * application data (if |level| is |ssl_encryption_early_data| or - * |ssl_encryption_application|) may be processed according to the rules - * of the QUIC protocol. - */ - int (*set_read_secret)(SSL *ssl, enum ssl_encryption_level_t level, - const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len); - - /* - * set_write_secret behaves like |set_read_secret| but configures the - * write secret and cipher suite for the given encryption level. It will - * be called at most once per encryption level. - * - * Write keys will not be released before QUIC may use them. If |level| - * is |ssl_encryption_early_data| or |ssl_encryption_application|, QUIC - * may begin sending application data at |level|. - */ - int (*set_write_secret)(SSL *ssl, enum ssl_encryption_level_t level, - const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len); -}; - -/* - * SSL_CTX_set_quic_method configures the QUIC hooks. This should only be - * configured with a minimum version of TLS 1.3. |quic_method| must remain valid - * for the lifetime of |ctx|. It returns one on success and zero on error. - */ -int SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method); - -/* - * SSL_set_quic_method configures the QUIC hooks. This should only be - * configured with a minimum version of TLS 1.3. |quic_method| must remain valid - * for the lifetime of |ssl|. It returns one on success and zero on error. - */ -int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method); - -/* SSL_is_quic returns true if an SSL has been configured for use with QUIC. */ -int SSL_is_quic(const SSL *ssl); - -/* - * SSL_quic_max_handshake_flight_len returns returns the maximum number of bytes - * that may be received at the given encryption level. This function should be - * used to limit buffering in the QUIC implementation. See RFC 9000 section 7.5. - */ -size_t SSL_quic_max_handshake_flight_len(const SSL *ssl, - enum ssl_encryption_level_t level); - -/* - * SSL_quic_read_level returns the current read encryption level. - */ -enum ssl_encryption_level_t SSL_quic_read_level(const SSL *ssl); - -/* - * SSL_quic_write_level returns the current write encryption level. - */ -enum ssl_encryption_level_t SSL_quic_write_level(const SSL *ssl); - -/* - * SSL_provide_quic_data provides data from QUIC at a particular encryption - * level |level|. It returns one on success and zero on error. Note this - * function will return zero if the handshake is not expecting data from |level| - * at this time. The QUIC implementation should then close the connection with - * an error. - */ -int SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level, - const uint8_t *data, size_t len); - -/* - * SSL_process_quic_post_handshake processes any data that QUIC has provided - * after the handshake has completed. This includes NewSessionTicket messages - * sent by the server. It returns one on success and zero on error. - */ -int SSL_process_quic_post_handshake(SSL *ssl); - -/* - * SSL_set_quic_transport_params configures |ssl| to send |params| (of length - * |params_len|) in the quic_transport_parameters extension in either the - * ClientHello or EncryptedExtensions handshake message. It is an error to set - * transport parameters if |ssl| is not configured for QUIC. The buffer pointed - * to by |params| only need be valid for the duration of the call to this - * function. This function returns 1 on success and 0 on failure. - */ -int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, - size_t params_len); - -/* - * SSL_get_peer_quic_transport_params provides the caller with the value of the - * quic_transport_parameters extension sent by the peer. A pointer to the buffer - * containing the TransportParameters will be put in |*out_params|, and its - * length in |*params_len|. This buffer will be valid for the lifetime of the - * |SSL|. If no params were received from the peer, |*out_params_len| will be 0. - */ -void SSL_get_peer_quic_transport_params(const SSL *ssl, - const uint8_t **out_params, size_t *out_params_len); - -/* - * SSL_set_quic_use_legacy_codepoint configures whether to use the legacy QUIC - * extension codepoint 0xffa5 as opposed to the official value 57. This is - * unsupported in LibreSSL. - */ -void SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy); - -#endif - -void ERR_load_SSL_strings(void); - -/* Error codes for the SSL functions. */ - -/* Function codes. */ -#define SSL_F_CLIENT_CERTIFICATE 100 -#define SSL_F_CLIENT_FINISHED 167 -#define SSL_F_CLIENT_HELLO 101 -#define SSL_F_CLIENT_MASTER_KEY 102 -#define SSL_F_D2I_SSL_SESSION 103 -#define SSL_F_DO_DTLS1_WRITE 245 -#define SSL_F_DO_SSL3_WRITE 104 -#define SSL_F_DTLS1_ACCEPT 246 -#define SSL_F_DTLS1_ADD_CERT_TO_BUF 295 -#define SSL_F_DTLS1_BUFFER_RECORD 247 -#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 316 -#define SSL_F_DTLS1_CLIENT_HELLO 248 -#define SSL_F_DTLS1_CONNECT 249 -#define SSL_F_DTLS1_ENC 250 -#define SSL_F_DTLS1_GET_HELLO_VERIFY 251 -#define SSL_F_DTLS1_GET_MESSAGE 252 -#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 -#define SSL_F_DTLS1_GET_RECORD 254 -#define SSL_F_DTLS1_HANDLE_TIMEOUT 297 -#define SSL_F_DTLS1_HEARTBEAT 305 -#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 -#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 -#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 -#define SSL_F_DTLS1_PROCESS_RECORD 257 -#define SSL_F_DTLS1_READ_BYTES 258 -#define SSL_F_DTLS1_READ_FAILED 259 -#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 -#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 -#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 -#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 -#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 -#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 -#define SSL_F_DTLS1_SEND_SERVER_HELLO 266 -#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 -#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 -#define SSL_F_GET_CLIENT_FINISHED 105 -#define SSL_F_GET_CLIENT_HELLO 106 -#define SSL_F_GET_CLIENT_MASTER_KEY 107 -#define SSL_F_GET_SERVER_FINISHED 108 -#define SSL_F_GET_SERVER_HELLO 109 -#define SSL_F_GET_SERVER_VERIFY 110 -#define SSL_F_I2D_SSL_SESSION 111 -#define SSL_F_READ_N 112 -#define SSL_F_REQUEST_CERTIFICATE 113 -#define SSL_F_SERVER_FINISH 239 -#define SSL_F_SERVER_HELLO 114 -#define SSL_F_SERVER_VERIFY 240 -#define SSL_F_SSL23_ACCEPT 115 -#define SSL_F_SSL23_CLIENT_HELLO 116 -#define SSL_F_SSL23_CONNECT 117 -#define SSL_F_SSL23_GET_CLIENT_HELLO 118 -#define SSL_F_SSL23_GET_SERVER_HELLO 119 -#define SSL_F_SSL23_PEEK 237 -#define SSL_F_SSL23_READ 120 -#define SSL_F_SSL23_WRITE 121 -#define SSL_F_SSL2_ACCEPT 122 -#define SSL_F_SSL2_CONNECT 123 -#define SSL_F_SSL2_ENC_INIT 124 -#define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 -#define SSL_F_SSL2_PEEK 234 -#define SSL_F_SSL2_READ 125 -#define SSL_F_SSL2_READ_INTERNAL 236 -#define SSL_F_SSL2_SET_CERTIFICATE 126 -#define SSL_F_SSL2_WRITE 127 -#define SSL_F_SSL3_ACCEPT 128 -#define SSL_F_SSL3_ADD_CERT_TO_BUF 296 -#define SSL_F_SSL3_CALLBACK_CTRL 233 -#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 -#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 -#define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 -#define SSL_F_SSL3_CLIENT_HELLO 131 -#define SSL_F_SSL3_CONNECT 132 -#define SSL_F_SSL3_CTRL 213 -#define SSL_F_SSL3_CTX_CTRL 133 -#define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 -#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 -#define SSL_F_SSL3_ENC 134 -#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 -#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 -#define SSL_F_SSL3_GET_CERT_STATUS 289 -#define SSL_F_SSL3_GET_CERT_VERIFY 136 -#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 -#define SSL_F_SSL3_GET_CLIENT_HELLO 138 -#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 -#define SSL_F_SSL3_GET_FINISHED 140 -#define SSL_F_SSL3_GET_KEY_EXCHANGE 141 -#define SSL_F_SSL3_GET_MESSAGE 142 -#define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 -#define SSL_F_SSL3_GET_NEXT_PROTO 306 -#define SSL_F_SSL3_GET_RECORD 143 -#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 -#define SSL_F_SSL3_GET_SERVER_DONE 145 -#define SSL_F_SSL3_GET_SERVER_HELLO 146 -#define SSL_F_SSL3_HANDSHAKE_MAC 285 -#define SSL_F_SSL3_NEW_SESSION_TICKET 287 -#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 -#define SSL_F_SSL3_PEEK 235 -#define SSL_F_SSL3_READ_BYTES 148 -#define SSL_F_SSL3_READ_N 149 -#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 -#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 -#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 -#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 -#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 -#define SSL_F_SSL3_SEND_SERVER_HELLO 242 -#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 -#define SSL_F_SSL3_SETUP_KEY_BLOCK 157 -#define SSL_F_SSL3_SETUP_READ_BUFFER 156 -#define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 -#define SSL_F_SSL3_WRITE_BYTES 158 -#define SSL_F_SSL3_WRITE_PENDING 159 -#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 -#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 -#define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307 -#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 -#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 -#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299 -#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278 -#define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308 -#define SSL_F_SSL_BAD_METHOD 160 -#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 -#define SSL_F_SSL_CERT_DUP 221 -#define SSL_F_SSL_CERT_INST 222 -#define SSL_F_SSL_CERT_INSTANTIATE 214 -#define SSL_F_SSL_CERT_NEW 162 -#define SSL_F_SSL_CHECK_PRIVATE_KEY 163 -#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 -#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 -#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 -#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 -#define SSL_F_SSL_CLEAR 164 -#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 -#define SSL_F_SSL_CREATE_CIPHER_LIST 166 -#define SSL_F_SSL_CTRL 232 -#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 -#define SSL_F_SSL_CTX_MAKE_PROFILES 309 -#define SSL_F_SSL_CTX_NEW 169 -#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 -#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 -#define SSL_F_SSL_CTX_SET_PURPOSE 226 -#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 -#define SSL_F_SSL_CTX_SET_SSL_VERSION 170 -#define SSL_F_SSL_CTX_SET_TRUST 229 -#define SSL_F_SSL_CTX_USE_CERTIFICATE 171 -#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 -#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 -#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 -#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 -#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 -#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 -#define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 -#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 -#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 -#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 -#define SSL_F_SSL_DO_HANDSHAKE 180 -#define SSL_F_SSL_GET_NEW_SESSION 181 -#define SSL_F_SSL_GET_PREV_SESSION 217 -#define SSL_F_SSL_GET_SERVER_SEND_CERT 182 -#define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 -#define SSL_F_SSL_GET_SIGN_PKEY 183 -#define SSL_F_SSL_INIT_WBIO_BUFFER 184 -#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 -#define SSL_F_SSL_NEW 186 -#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 -#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 -#define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 -#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 -#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 -#define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 -#define SSL_F_SSL_PEEK 270 -#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 -#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 -#define SSL_F_SSL_READ 223 -#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 -#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 -#define SSL_F_SSL_SESSION_NEW 189 -#define SSL_F_SSL_SESSION_PRINT_FP 190 -#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 -#define SSL_F_SSL_SESS_CERT_NEW 225 -#define SSL_F_SSL_SET_CERT 191 -#define SSL_F_SSL_SET_CIPHER_LIST 271 -#define SSL_F_SSL_SET_FD 192 -#define SSL_F_SSL_SET_PKEY 193 -#define SSL_F_SSL_SET_PURPOSE 227 -#define SSL_F_SSL_SET_RFD 194 -#define SSL_F_SSL_SET_SESSION 195 -#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 -#define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 -#define SSL_F_SSL_SET_TRUST 228 -#define SSL_F_SSL_SET_WFD 196 -#define SSL_F_SSL_SHUTDOWN 224 -#define SSL_F_SSL_SRP_CTX_INIT 313 -#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 -#define SSL_F_SSL_UNDEFINED_FUNCTION 197 -#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 -#define SSL_F_SSL_USE_CERTIFICATE 198 -#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 -#define SSL_F_SSL_USE_CERTIFICATE_FILE 200 -#define SSL_F_SSL_USE_PRIVATEKEY 201 -#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 -#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 -#define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273 -#define SSL_F_SSL_USE_RSAPRIVATEKEY 204 -#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 -#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 -#define SSL_F_SSL_VERIFY_CERT_CHAIN 207 -#define SSL_F_SSL_WRITE 208 -#define SSL_F_TLS1_AEAD_CTX_INIT 339 -#define SSL_F_TLS1_CERT_VERIFY_MAC 286 -#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 -#define SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD 340 -#define SSL_F_TLS1_CHANGE_CIPHER_STATE_CIPHER 338 -#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274 -#define SSL_F_TLS1_ENC 210 -#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 -#define SSL_F_TLS1_HEARTBEAT 315 -#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275 -#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276 -#define SSL_F_TLS1_PRF 284 -#define SSL_F_TLS1_SETUP_KEY_BLOCK 211 -#define SSL_F_WRITE_PENDING 212 - -/* Reason codes. */ -#define SSL_R_APP_DATA_IN_HANDSHAKE 100 -#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 -#define SSL_R_BAD_ALERT_RECORD 101 -#define SSL_R_BAD_AUTHENTICATION_TYPE 102 -#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 -#define SSL_R_BAD_CHECKSUM 104 -#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 -#define SSL_R_BAD_DECOMPRESSION 107 -#define SSL_R_BAD_DH_G_LENGTH 108 -#define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 -#define SSL_R_BAD_DH_P_LENGTH 110 -#define SSL_R_BAD_DIGEST_LENGTH 111 -#define SSL_R_BAD_DSA_SIGNATURE 112 -#define SSL_R_BAD_ECC_CERT 304 -#define SSL_R_BAD_ECDSA_SIGNATURE 305 -#define SSL_R_BAD_ECPOINT 306 -#define SSL_R_BAD_HANDSHAKE_LENGTH 332 -#define SSL_R_BAD_HELLO_REQUEST 105 -#define SSL_R_BAD_LENGTH 271 -#define SSL_R_BAD_MAC_DECODE 113 -#define SSL_R_BAD_MAC_LENGTH 333 -#define SSL_R_BAD_MESSAGE_TYPE 114 -#define SSL_R_BAD_PACKET_LENGTH 115 -#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 -#define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316 -#define SSL_R_BAD_RESPONSE_ARGUMENT 117 -#define SSL_R_BAD_RSA_DECRYPT 118 -#define SSL_R_BAD_RSA_ENCRYPT 119 -#define SSL_R_BAD_RSA_E_LENGTH 120 -#define SSL_R_BAD_RSA_MODULUS_LENGTH 121 -#define SSL_R_BAD_RSA_SIGNATURE 122 -#define SSL_R_BAD_SIGNATURE 123 -#define SSL_R_BAD_SRP_A_LENGTH 347 -#define SSL_R_BAD_SRP_B_LENGTH 348 -#define SSL_R_BAD_SRP_G_LENGTH 349 -#define SSL_R_BAD_SRP_N_LENGTH 350 -#define SSL_R_BAD_SRP_S_LENGTH 351 -#define SSL_R_BAD_SRTP_MKI_VALUE 352 -#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 -#define SSL_R_BAD_SSL_FILETYPE 124 -#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 -#define SSL_R_BAD_STATE 126 -#define SSL_R_BAD_WRITE_RETRY 127 -#define SSL_R_BIO_NOT_SET 128 -#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 -#define SSL_R_BN_LIB 130 -#define SSL_R_CA_DN_LENGTH_MISMATCH 131 -#define SSL_R_CA_DN_TOO_LONG 132 -#define SSL_R_CA_KEY_TOO_SMALL 397 -#define SSL_R_CA_MD_TOO_WEAK 398 -#define SSL_R_CCS_RECEIVED_EARLY 133 -#define SSL_R_CERTIFICATE_VERIFY_FAILED 134 -#define SSL_R_CERT_LENGTH_MISMATCH 135 -#define SSL_R_CHALLENGE_IS_DIFFERENT 136 -#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 -#define SSL_R_CIPHER_COMPRESSION_UNAVAILABLE 371 -#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 -#define SSL_R_CIPHER_TABLE_SRC_ERROR 139 -#define SSL_R_CLIENTHELLO_TLSEXT 226 -#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 -#define SSL_R_COMPRESSION_DISABLED 343 -#define SSL_R_COMPRESSION_FAILURE 141 -#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 -#define SSL_R_COMPRESSION_LIBRARY_ERROR 142 -#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 -#define SSL_R_CONNECTION_TYPE_NOT_SET 144 -#define SSL_R_COOKIE_MISMATCH 308 -#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 -#define SSL_R_DATA_LENGTH_TOO_LONG 146 -#define SSL_R_DECRYPTION_FAILED 147 -#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 -#define SSL_R_DH_KEY_TOO_SMALL 394 -#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 -#define SSL_R_DIGEST_CHECK_FAILED 149 -#define SSL_R_DTLS_MESSAGE_TOO_BIG 334 -#define SSL_R_DUPLICATE_COMPRESSION_ID 309 -#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317 -#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 -#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322 -#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323 -#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 -#define SSL_R_EE_KEY_TOO_SMALL 399 -#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 -#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 -#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 -#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 -#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 -#define SSL_R_EXTRA_DATA_IN_MESSAGE 153 -#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 -#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355 -#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356 -#define SSL_R_HTTPS_PROXY_REQUEST 155 -#define SSL_R_HTTP_REQUEST 156 -#define SSL_R_ILLEGAL_PADDING 283 -#define SSL_R_INAPPROPRIATE_FALLBACK 373 -#define SSL_R_INCONSISTENT_COMPRESSION 340 -#define SSL_R_INVALID_CHALLENGE_LENGTH 158 -#define SSL_R_INVALID_COMMAND 280 -#define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 -#define SSL_R_INVALID_PURPOSE 278 -#define SSL_R_INVALID_SRP_USERNAME 357 -#define SSL_R_INVALID_STATUS_RESPONSE 328 -#define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 -#define SSL_R_INVALID_TRUST 279 -#define SSL_R_KEY_ARG_TOO_LONG 284 -#define SSL_R_KRB5 285 -#define SSL_R_KRB5_C_CC_PRINC 286 -#define SSL_R_KRB5_C_GET_CRED 287 -#define SSL_R_KRB5_C_INIT 288 -#define SSL_R_KRB5_C_MK_REQ 289 -#define SSL_R_KRB5_S_BAD_TICKET 290 -#define SSL_R_KRB5_S_INIT 291 -#define SSL_R_KRB5_S_RD_REQ 292 -#define SSL_R_KRB5_S_TKT_EXPIRED 293 -#define SSL_R_KRB5_S_TKT_NYV 294 -#define SSL_R_KRB5_S_TKT_SKEW 295 -#define SSL_R_LENGTH_MISMATCH 159 -#define SSL_R_LENGTH_TOO_SHORT 160 -#define SSL_R_LIBRARY_BUG 274 -#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 -#define SSL_R_MESSAGE_TOO_LONG 296 -#define SSL_R_MISSING_DH_DSA_CERT 162 -#define SSL_R_MISSING_DH_KEY 163 -#define SSL_R_MISSING_DH_RSA_CERT 164 -#define SSL_R_MISSING_DSA_SIGNING_CERT 165 -#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 -#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 -#define SSL_R_MISSING_RSA_CERTIFICATE 168 -#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 -#define SSL_R_MISSING_RSA_SIGNING_CERT 170 -#define SSL_R_MISSING_SRP_PARAM 358 -#define SSL_R_MISSING_TMP_DH_KEY 171 -#define SSL_R_MISSING_TMP_ECDH_KEY 311 -#define SSL_R_MISSING_TMP_RSA_KEY 172 -#define SSL_R_MISSING_TMP_RSA_PKEY 173 -#define SSL_R_MISSING_VERIFY_MESSAGE 174 -#define SSL_R_MULTIPLE_SGC_RESTARTS 346 -#define SSL_R_NON_SSLV2_INITIAL_PACKET 175 -#define SSL_R_NO_APPLICATION_PROTOCOL 235 -#define SSL_R_NO_CERTIFICATES_RETURNED 176 -#define SSL_R_NO_CERTIFICATE_ASSIGNED 177 -#define SSL_R_NO_CERTIFICATE_RETURNED 178 -#define SSL_R_NO_CERTIFICATE_SET 179 -#define SSL_R_NO_CERTIFICATE_SPECIFIED 180 -#define SSL_R_NO_CIPHERS_AVAILABLE 181 -#define SSL_R_NO_CIPHERS_PASSED 182 -#define SSL_R_NO_CIPHERS_SPECIFIED 183 -#define SSL_R_NO_CIPHER_LIST 184 -#define SSL_R_NO_CIPHER_MATCH 185 -#define SSL_R_NO_CLIENT_CERT_METHOD 331 -#define SSL_R_NO_CLIENT_CERT_RECEIVED 186 -#define SSL_R_NO_COMPRESSION_SPECIFIED 187 -#define SSL_R_NO_METHOD_SPECIFIED 188 -#define SSL_R_NO_PRIVATEKEY 189 -#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 -#define SSL_R_NO_PROTOCOLS_AVAILABLE 191 -#define SSL_R_NO_PUBLICKEY 192 -#define SSL_R_NO_RENEGOTIATION 339 -#define SSL_R_NO_REQUIRED_DIGEST 324 -#define SSL_R_NO_SHARED_CIPHER 193 -#define SSL_R_NO_SRTP_PROFILES 359 -#define SSL_R_NO_VERIFY_CALLBACK 194 -#define SSL_R_NULL_SSL_CTX 195 -#define SSL_R_NULL_SSL_METHOD_PASSED 196 -#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 -#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 -#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 -#define SSL_R_PACKET_LENGTH_TOO_LONG 198 -#define SSL_R_PARSE_TLSEXT 227 -#define SSL_R_PATH_TOO_LONG 270 -#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 -#define SSL_R_PEER_ERROR 200 -#define SSL_R_PEER_ERROR_CERTIFICATE 201 -#define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 -#define SSL_R_PEER_ERROR_NO_CIPHER 203 -#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 -#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 -#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 -#define SSL_R_PROTOCOL_IS_SHUTDOWN 207 -#define SSL_R_PSK_IDENTITY_NOT_FOUND 223 -#define SSL_R_PSK_NO_CLIENT_CB 224 -#define SSL_R_PSK_NO_SERVER_CB 225 -#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 -#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 -#define SSL_R_PUBLIC_KEY_NOT_RSA 210 -#define SSL_R_READ_BIO_NOT_SET 211 -#define SSL_R_READ_TIMEOUT_EXPIRED 312 -#define SSL_R_READ_WRONG_PACKET_TYPE 212 -#define SSL_R_RECORD_LENGTH_MISMATCH 213 -#define SSL_R_RECORD_TOO_LARGE 214 -#define SSL_R_RECORD_TOO_SMALL 298 -#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 -#define SSL_R_RENEGOTIATION_ENCODING_ERR 336 -#define SSL_R_RENEGOTIATION_MISMATCH 337 -#define SSL_R_REQUIRED_CIPHER_MISSING 215 -#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342 -#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 -#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 -#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 -#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 -#define SSL_R_SERVERHELLO_TLSEXT 275 -#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 -#define SSL_R_SHORT_READ 219 -#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 -#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 -#define SSL_R_SRP_A_CALC 361 -#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 -#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 -#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 -#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 -#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 -#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321 -#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 -#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 -#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 -#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 -#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 -#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 -#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 -#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 -#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 -#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 -#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 -#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 -#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 -#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 -#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 -#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 -#define SSL_R_SSL_HANDSHAKE_FAILURE 229 -#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 -#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 -#define SSL_R_SSL_SESSION_ID_CONFLICT 302 -#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 -#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 -#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 -#define SSL_R_SSL_SESSION_ID_TOO_LONG 408 -#define SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109 -#define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 -#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 -#define SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120 -#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 -#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 -#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 -#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 -#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 -#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 -#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 -#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 -#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 -#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 -#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 -#define SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115 -#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 -#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 -#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 -#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 -#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 -#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 -#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 -#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365 -#define SSL_R_TLS_HEARTBEAT_PENDING 366 -#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 -#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 -#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 -#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 -#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 -#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 -#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 -#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 -#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 -#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 -#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 -#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 -#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 -#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 -#define SSL_R_UNEXPECTED_MESSAGE 244 -#define SSL_R_UNEXPECTED_RECORD 245 -#define SSL_R_UNINITIALIZED 276 -#define SSL_R_UNKNOWN_ALERT_TYPE 246 -#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 -#define SSL_R_UNKNOWN_CIPHER_RETURNED 248 -#define SSL_R_UNKNOWN_CIPHER_TYPE 249 -#define SSL_R_UNKNOWN_DIGEST 368 -#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 -#define SSL_R_UNKNOWN_PKEY_TYPE 251 -#define SSL_R_UNKNOWN_PROTOCOL 252 -#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 -#define SSL_R_UNKNOWN_SSL_VERSION 254 -#define SSL_R_UNKNOWN_STATE 255 -#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 -#define SSL_R_UNSUPPORTED_CIPHER 256 -#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 -#define SSL_R_UNSUPPORTED_DIGEST_TYPE 326 -#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 -#define SSL_R_UNSUPPORTED_PROTOCOL 258 -#define SSL_R_UNSUPPORTED_SSL_VERSION 259 -#define SSL_R_UNSUPPORTED_STATUS_TYPE 329 -#define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 -#define SSL_R_VERSION_TOO_LOW 396 -#define SSL_R_WRITE_BIO_NOT_SET 260 -#define SSL_R_WRONG_CIPHER_RETURNED 261 -#define SSL_R_WRONG_CURVE 378 -#define SSL_R_WRONG_MESSAGE_TYPE 262 -#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 -#define SSL_R_WRONG_SIGNATURE_LENGTH 264 -#define SSL_R_WRONG_SIGNATURE_SIZE 265 -#define SSL_R_WRONG_SIGNATURE_TYPE 370 -#define SSL_R_WRONG_SSL_VERSION 266 -#define SSL_R_WRONG_VERSION_NUMBER 267 -#define SSL_R_X509_LIB 268 -#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 -#define SSL_R_PEER_BEHAVING_BADLY 666 -#define SSL_R_QUIC_INTERNAL_ERROR 667 -#define SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED 668 -#define SSL_R_UNKNOWN 999 - -/* - * OpenSSL compatible OPENSSL_INIT options - */ - -/* - * These are provided for compatibility, but have no effect - * on how LibreSSL is initialized. - */ -#define OPENSSL_INIT_LOAD_SSL_STRINGS _OPENSSL_INIT_FLAG_NOOP -#define OPENSSL_INIT_SSL_DEFAULT _OPENSSL_INIT_FLAG_NOOP - -int OPENSSL_init_ssl(uint64_t opts, const void *settings); -int SSL_library_init(void); - -/* - * A few things still use this without #ifdef guard. - */ - -#define SSL2_VERSION 0x0002 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h deleted file mode 100644 index 1b1110b4e9..0000000000 --- a/src/lib/libssl/ssl3.h +++ /dev/null @@ -1,441 +0,0 @@ -/* $OpenBSD: ssl3.h,v 1.60 2024/03/02 11:47:41 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - -#ifndef HEADER_SSL3_H -#define HEADER_SSL3_H - -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* TLS_EMPTY_RENEGOTIATION_INFO_SCSV from RFC 5746. */ -#define SSL3_CK_SCSV 0x030000FF - -/* TLS_FALLBACK_SCSV from draft-ietf-tls-downgrade-scsv-03. */ -#define SSL3_CK_FALLBACK_SCSV 0x03005600 - -#define SSL3_CK_RSA_NULL_MD5 0x03000001 -#define SSL3_CK_RSA_NULL_SHA 0x03000002 -#define SSL3_CK_RSA_RC4_40_MD5 0x03000003 -#define SSL3_CK_RSA_RC4_128_MD5 0x03000004 -#define SSL3_CK_RSA_RC4_128_SHA 0x03000005 -#define SSL3_CK_RSA_RC2_40_MD5 0x03000006 -#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 -#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 -#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 -#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A - -#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B -#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C -#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D -#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E -#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F -#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 - -#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 -#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 -#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 -#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 -#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 -#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 - -#define SSL3_CK_ADH_RC4_40_MD5 0x03000017 -#define SSL3_CK_ADH_RC4_128_MD5 0x03000018 -#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 -#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A -#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B - -/* VRS Additional Kerberos5 entries - */ -#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E -#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F -#define SSL3_CK_KRB5_RC4_128_SHA 0x03000020 -#define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021 -#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022 -#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023 -#define SSL3_CK_KRB5_RC4_128_MD5 0x03000024 -#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025 - -#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026 -#define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027 -#define SSL3_CK_KRB5_RC4_40_SHA 0x03000028 -#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029 -#define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A -#define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B - -#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" -#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" -#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" -#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" -#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" -#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" -#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" -#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" -#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" -#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" - -#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" -#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" -#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" -#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" -#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" -#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" - -#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" -#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" -#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" -#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" -#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" -#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" - -#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" -#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" -#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" -#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" -#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" - -#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" -#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" -#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" -#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" -#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" -#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" -#define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" -#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" - -#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" -#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" -#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA" -#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" -#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5" -#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5" - -#define SSL3_SSL_SESSION_ID_LENGTH 32 -#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 - -#define SSL3_MASTER_SECRET_SIZE 48 -#define SSL3_RANDOM_SIZE 32 -#define SSL3_SEQUENCE_SIZE 8 -#define SSL3_SESSION_ID_SIZE 32 -#define SSL3_CIPHER_VALUE_SIZE 2 - -#define SSL3_RT_HEADER_LENGTH 5 -#define SSL3_HM_HEADER_LENGTH 4 - -#define SSL3_ALIGN_PAYLOAD 8 - -/* This is the maximum MAC (digest) size used by the SSL library. - * Currently maximum of 20 is used by SHA1, but we reserve for - * future extension for 512-bit hashes. - */ - -#define SSL3_RT_MAX_MD_SIZE 64 - -/* Maximum block size used in all ciphersuites. Currently 16 for AES. - */ - -#define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16 - -#define SSL3_RT_MAX_EXTRA (16384) - -/* Maximum plaintext length: defined by SSL/TLS standards */ -#define SSL3_RT_MAX_PLAIN_LENGTH 16384 -/* Maximum compression overhead: defined by SSL/TLS standards */ -#define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024 - -/* The standards give a maximum encryption overhead of 1024 bytes. - * In practice the value is lower than this. The overhead is the maximum - * number of padding bytes (256) plus the mac size. - */ -#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) - -/* OpenSSL currently only uses a padding length of at most one block so - * the send overhead is smaller. - */ - -#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ - (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) - -/* If compression isn't used don't include the compression overhead */ -#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH -#define SSL3_RT_MAX_ENCRYPTED_LENGTH \ - (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) -#define SSL3_RT_MAX_PACKET_SIZE \ - (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) - -#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" -#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" - -#define SSL3_VERSION 0x0300 -#define SSL3_VERSION_MAJOR 0x03 -#define SSL3_VERSION_MINOR 0x00 - -#define SSL3_RT_CHANGE_CIPHER_SPEC 20 -#define SSL3_RT_ALERT 21 -#define SSL3_RT_HANDSHAKE 22 -#define SSL3_RT_APPLICATION_DATA 23 - -#define SSL3_AL_WARNING 1 -#define SSL3_AL_FATAL 2 - -#ifndef LIBRESSL_INTERNAL -#define SSL3_AD_CLOSE_NOTIFY 0 -#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */ -#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */ -#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */ -#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */ -#define SSL3_AD_NO_CERTIFICATE 41 -#define SSL3_AD_BAD_CERTIFICATE 42 -#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 -#define SSL3_AD_CERTIFICATE_REVOKED 44 -#define SSL3_AD_CERTIFICATE_EXPIRED 45 -#define SSL3_AD_CERTIFICATE_UNKNOWN 46 -#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */ -#endif - -#define TLS1_HB_REQUEST 1 -#define TLS1_HB_RESPONSE 2 - -#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 -#define TLS1_FLAGS_FREEZE_TRANSCRIPT 0x0020 -#define SSL3_FLAGS_CCS_OK 0x0080 - -/* SSLv3 */ -/*client */ -/* extra state */ -#define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) -/* write to server */ -#define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) -#define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) -/* read from server */ -#define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) -#define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) -#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT) -#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT) -#define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) -#define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) -#define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) -#define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT) -#define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT) -#define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) -#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) -#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) -/* write to server */ -#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) -#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) -#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) -#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) -#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) -#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) -#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) -#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) -#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) -#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) -#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) -#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) -/* read from server */ -#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) -#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) -#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) -#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) -#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) -#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) -#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) -#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) - -/* server */ -/* extra state */ -#define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) -/* read from client */ -/* Do not change the number values, they do matter */ -#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) -#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) -#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) -/* write to client */ -#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) -#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) -#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) -#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) -#define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) -#define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT) -#define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT) -#define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT) -#define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT) -#define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT) -#define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT) -#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) -#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) -#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) -#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) -/* read from client */ -#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) -#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) -#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) -#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) -#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) -#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) -#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) -#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) -#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) -#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) -/* write to client */ -#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) -#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) -#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) -#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) -#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) -#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) -#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) -#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) - -#define SSL3_MT_HELLO_REQUEST 0 -#define SSL3_MT_CLIENT_HELLO 1 -#define SSL3_MT_SERVER_HELLO 2 -#define SSL3_MT_NEWSESSION_TICKET 4 -#define SSL3_MT_CERTIFICATE 11 -#define SSL3_MT_SERVER_KEY_EXCHANGE 12 -#define SSL3_MT_CERTIFICATE_REQUEST 13 -#define SSL3_MT_SERVER_DONE 14 -#define SSL3_MT_CERTIFICATE_VERIFY 15 -#define SSL3_MT_CLIENT_KEY_EXCHANGE 16 -#define SSL3_MT_FINISHED 20 -#define SSL3_MT_CERTIFICATE_STATUS 22 - -#define DTLS1_MT_HELLO_VERIFY_REQUEST 3 - -#define SSL3_MT_CCS 1 - -#ifndef LIBRESSL_INTERNAL -/* These are used when changing over to a new cipher */ -#define SSL3_CC_READ 0x01 -#define SSL3_CC_WRITE 0x02 -#define SSL3_CC_CLIENT 0x10 -#define SSL3_CC_SERVER 0x20 -#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) -#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) -#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) -#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) -#endif - -#ifdef __cplusplus -} -#endif -#endif diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c deleted file mode 100644 index fcf4631a59..0000000000 --- a/src/lib/libssl/ssl_asn1.c +++ /dev/null @@ -1,410 +0,0 @@ -/* $OpenBSD: ssl_asn1.c,v 1.69 2024/07/22 14:47:15 jsing Exp $ */ -/* - * Copyright (c) 2016 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#include -#include - -#include "bytestring.h" -#include "ssl_local.h" - -#define SSLASN1_TAG (CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC) -#define SSLASN1_TIME_TAG (SSLASN1_TAG | 1) -#define SSLASN1_TIMEOUT_TAG (SSLASN1_TAG | 2) -#define SSLASN1_PEER_CERT_TAG (SSLASN1_TAG | 3) -#define SSLASN1_SESSION_ID_CTX_TAG (SSLASN1_TAG | 4) -#define SSLASN1_VERIFY_RESULT_TAG (SSLASN1_TAG | 5) -#define SSLASN1_HOSTNAME_TAG (SSLASN1_TAG | 6) -#define SSLASN1_LIFETIME_TAG (SSLASN1_TAG | 9) -#define SSLASN1_TICKET_TAG (SSLASN1_TAG | 10) - -static uint64_t -time_max(void) -{ - if (sizeof(time_t) == sizeof(int32_t)) - return INT32_MAX; - if (sizeof(time_t) == sizeof(int64_t)) - return INT64_MAX; - return 0; -} - -static int -SSL_SESSION_encode(SSL_SESSION *s, unsigned char **out, size_t *out_len, - int ticket_encoding) -{ - CBB cbb, session, cipher_suite, session_id, master_key, time, timeout; - CBB peer_cert, sidctx, verify_result, hostname, lifetime, ticket, value; - unsigned char *peer_cert_bytes = NULL; - int len, rv = 0; - - if (!CBB_init(&cbb, 0)) - goto err; - - if (!CBB_add_asn1(&cbb, &session, CBS_ASN1_SEQUENCE)) - goto err; - - /* Session ASN1 version. */ - if (!CBB_add_asn1_uint64(&session, SSL_SESSION_ASN1_VERSION)) - goto err; - - /* TLS/SSL protocol version. */ - if (s->ssl_version < 0) - goto err; - if (!CBB_add_asn1_uint64(&session, s->ssl_version)) - goto err; - - /* Cipher suite value. */ - if (!CBB_add_asn1(&session, &cipher_suite, CBS_ASN1_OCTETSTRING)) - goto err; - if (!CBB_add_u16(&cipher_suite, s->cipher_value)) - goto err; - - /* Session ID - zero length for a ticket. */ - if (!CBB_add_asn1(&session, &session_id, CBS_ASN1_OCTETSTRING)) - goto err; - if (!CBB_add_bytes(&session_id, s->session_id, - ticket_encoding ? 0 : s->session_id_length)) - goto err; - - /* Master key. */ - if (!CBB_add_asn1(&session, &master_key, CBS_ASN1_OCTETSTRING)) - goto err; - if (!CBB_add_bytes(&master_key, s->master_key, s->master_key_length)) - goto err; - - /* Time [1]. */ - if (s->time != 0) { - if (s->time < 0) - goto err; - if (!CBB_add_asn1(&session, &time, SSLASN1_TIME_TAG)) - goto err; - if (!CBB_add_asn1_uint64(&time, s->time)) - goto err; - } - - /* Timeout [2]. */ - if (s->timeout != 0) { - if (s->timeout < 0) - goto err; - if (!CBB_add_asn1(&session, &timeout, SSLASN1_TIMEOUT_TAG)) - goto err; - if (!CBB_add_asn1_uint64(&timeout, s->timeout)) - goto err; - } - - /* Peer certificate [3]. */ - if (s->peer_cert != NULL) { - if ((len = i2d_X509(s->peer_cert, &peer_cert_bytes)) <= 0) - goto err; - if (!CBB_add_asn1(&session, &peer_cert, SSLASN1_PEER_CERT_TAG)) - goto err; - if (!CBB_add_bytes(&peer_cert, peer_cert_bytes, len)) - goto err; - } - - /* Session ID context [4]. */ - /* XXX - Actually handle this as optional? */ - if (!CBB_add_asn1(&session, &sidctx, SSLASN1_SESSION_ID_CTX_TAG)) - goto err; - if (!CBB_add_asn1(&sidctx, &value, CBS_ASN1_OCTETSTRING)) - goto err; - if (!CBB_add_bytes(&value, s->sid_ctx, s->sid_ctx_length)) - goto err; - - /* Verify result [5]. */ - if (s->verify_result != X509_V_OK) { - if (s->verify_result < 0) - goto err; - if (!CBB_add_asn1(&session, &verify_result, - SSLASN1_VERIFY_RESULT_TAG)) - goto err; - if (!CBB_add_asn1_uint64(&verify_result, s->verify_result)) - goto err; - } - - /* Hostname [6]. */ - if (s->tlsext_hostname != NULL) { - if (!CBB_add_asn1(&session, &hostname, SSLASN1_HOSTNAME_TAG)) - goto err; - if (!CBB_add_asn1(&hostname, &value, CBS_ASN1_OCTETSTRING)) - goto err; - if (!CBB_add_bytes(&value, (const uint8_t *)s->tlsext_hostname, - strlen(s->tlsext_hostname))) - goto err; - } - - /* PSK identity hint [7]. */ - /* PSK identity [8]. */ - - /* Ticket lifetime hint [9]. */ - if (s->tlsext_tick_lifetime_hint > 0) { - if (!CBB_add_asn1(&session, &lifetime, SSLASN1_LIFETIME_TAG)) - goto err; - if (!CBB_add_asn1_uint64(&lifetime, - s->tlsext_tick_lifetime_hint)) - goto err; - } - - /* Ticket [10]. */ - if (s->tlsext_tick != NULL) { - if (!CBB_add_asn1(&session, &ticket, SSLASN1_TICKET_TAG)) - goto err; - if (!CBB_add_asn1(&ticket, &value, CBS_ASN1_OCTETSTRING)) - goto err; - if (!CBB_add_bytes(&value, s->tlsext_tick, s->tlsext_ticklen)) - goto err; - } - - /* Compression method [11]. */ - /* SRP username [12]. */ - - if (!CBB_finish(&cbb, out, out_len)) - goto err; - - rv = 1; - - err: - CBB_cleanup(&cbb); - free(peer_cert_bytes); - - return rv; -} - -int -SSL_SESSION_ticket(SSL_SESSION *ss, unsigned char **out, size_t *out_len) -{ - if (ss == NULL) - return 0; - - if (ss->cipher_value == 0) - return 0; - - return SSL_SESSION_encode(ss, out, out_len, 1); -} - -int -i2d_SSL_SESSION(SSL_SESSION *ss, unsigned char **pp) -{ - unsigned char *data = NULL; - size_t data_len = 0; - int rv = -1; - - if (ss == NULL) - return 0; - - if (ss->cipher_value == 0) - return 0; - - if (!SSL_SESSION_encode(ss, &data, &data_len, 0)) - goto err; - - if (data_len > INT_MAX) - goto err; - - if (pp != NULL) { - if (*pp == NULL) { - *pp = data; - data = NULL; - } else { - memcpy(*pp, data, data_len); - *pp += data_len; - } - } - - rv = (int)data_len; - - err: - freezero(data, data_len); - - return rv; -} -LSSL_ALIAS(i2d_SSL_SESSION); - -SSL_SESSION * -d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) -{ - CBS cbs, session, cipher_suite, session_id, master_key, peer_cert; - CBS hostname, ticket; - uint64_t version, tls_version, stime, timeout, verify_result, lifetime; - const unsigned char *peer_cert_bytes; - SSL_SESSION *s = NULL; - size_t data_len; - int present; - - if (a != NULL) - s = *a; - - if (s == NULL) { - if ((s = SSL_SESSION_new()) == NULL) { - SSLerrorx(ERR_R_MALLOC_FAILURE); - return (NULL); - } - } - - CBS_init(&cbs, *pp, length); - - if (!CBS_get_asn1(&cbs, &session, CBS_ASN1_SEQUENCE)) - goto err; - - /* Session ASN1 version. */ - if (!CBS_get_asn1_uint64(&session, &version)) - goto err; - if (version != SSL_SESSION_ASN1_VERSION) - goto err; - - /* TLS/SSL Protocol Version. */ - if (!CBS_get_asn1_uint64(&session, &tls_version)) - goto err; - if (tls_version > INT_MAX) - goto err; - s->ssl_version = (int)tls_version; - - /* Cipher suite value. */ - if (!CBS_get_asn1(&session, &cipher_suite, CBS_ASN1_OCTETSTRING)) - goto err; - if (!CBS_get_u16(&cipher_suite, &s->cipher_value)) - goto err; - if (CBS_len(&cipher_suite) != 0) - goto err; - - /* Session ID. */ - if (!CBS_get_asn1(&session, &session_id, CBS_ASN1_OCTETSTRING)) - goto err; - if (!CBS_write_bytes(&session_id, s->session_id, sizeof(s->session_id), - &s->session_id_length)) - goto err; - - /* Master key. */ - if (!CBS_get_asn1(&session, &master_key, CBS_ASN1_OCTETSTRING)) - goto err; - if (!CBS_write_bytes(&master_key, s->master_key, sizeof(s->master_key), - &s->master_key_length)) - goto err; - - /* Time [1]. */ - s->time = time(NULL); - if (!CBS_get_optional_asn1_uint64(&session, &stime, SSLASN1_TIME_TAG, - 0)) - goto err; - if (stime > time_max()) - goto err; - if (stime != 0) - s->time = (time_t)stime; - - /* Timeout [2]. */ - s->timeout = 3; - if (!CBS_get_optional_asn1_uint64(&session, &timeout, - SSLASN1_TIMEOUT_TAG, 0)) - goto err; - if (timeout > LONG_MAX) - goto err; - if (timeout != 0) - s->timeout = (long)timeout; - - /* Peer certificate [3]. */ - X509_free(s->peer_cert); - s->peer_cert = NULL; - if (!CBS_get_optional_asn1(&session, &peer_cert, &present, - SSLASN1_PEER_CERT_TAG)) - goto err; - if (present) { - data_len = CBS_len(&peer_cert); - if (data_len > LONG_MAX) - goto err; - peer_cert_bytes = CBS_data(&peer_cert); - if (d2i_X509(&s->peer_cert, &peer_cert_bytes, - (long)data_len) == NULL) - goto err; - } - - /* Session ID context [4]. */ - s->sid_ctx_length = 0; - if (!CBS_get_optional_asn1_octet_string(&session, &session_id, &present, - SSLASN1_SESSION_ID_CTX_TAG)) - goto err; - if (present) { - if (!CBS_write_bytes(&session_id, (uint8_t *)&s->sid_ctx, - sizeof(s->sid_ctx), &s->sid_ctx_length)) - goto err; - } - - /* Verify result [5]. */ - s->verify_result = X509_V_OK; - if (!CBS_get_optional_asn1_uint64(&session, &verify_result, - SSLASN1_VERIFY_RESULT_TAG, X509_V_OK)) - goto err; - if (verify_result > LONG_MAX) - goto err; - s->verify_result = (long)verify_result; - - /* Hostname [6]. */ - free(s->tlsext_hostname); - s->tlsext_hostname = NULL; - if (!CBS_get_optional_asn1_octet_string(&session, &hostname, &present, - SSLASN1_HOSTNAME_TAG)) - goto err; - if (present) { - if (CBS_contains_zero_byte(&hostname)) - goto err; - if (!CBS_strdup(&hostname, &s->tlsext_hostname)) - goto err; - } - - /* PSK identity hint [7]. */ - /* PSK identity [8]. */ - - /* Ticket lifetime [9]. */ - s->tlsext_tick_lifetime_hint = 0; - if (!CBS_get_optional_asn1_uint64(&session, &lifetime, - SSLASN1_LIFETIME_TAG, 0)) - goto err; - if (lifetime > UINT32_MAX) - goto err; - if (lifetime > 0) - s->tlsext_tick_lifetime_hint = (uint32_t)lifetime; - - /* Ticket [10]. */ - free(s->tlsext_tick); - s->tlsext_tick = NULL; - if (!CBS_get_optional_asn1_octet_string(&session, &ticket, &present, - SSLASN1_TICKET_TAG)) - goto err; - if (present) { - if (!CBS_stow(&ticket, &s->tlsext_tick, &s->tlsext_ticklen)) - goto err; - } - - /* Compression method [11]. */ - /* SRP username [12]. */ - - *pp = CBS_data(&cbs); - - if (a != NULL) - *a = s; - - return (s); - - err: - ERR_asprintf_error_data("offset=%d", (int)(CBS_data(&cbs) - *pp)); - - if (s != NULL && (a == NULL || *a != s)) - SSL_SESSION_free(s); - - return (NULL); -} -LSSL_ALIAS(d2i_SSL_SESSION); diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c deleted file mode 100644 index 995f1c4601..0000000000 --- a/src/lib/libssl/ssl_both.c +++ /dev/null @@ -1,577 +0,0 @@ -/* $OpenBSD: ssl_both.c,v 1.47 2024/02/03 15:58:33 beck Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - -#include -#include -#include - -#include -#include -#include -#include - -#include "bytestring.h" -#include "dtls_local.h" -#include "ssl_local.h" - -/* - * Send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or - * SSL3_RT_CHANGE_CIPHER_SPEC). - */ -int -ssl3_do_write(SSL *s, int type) -{ - int ret; - - ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off], - s->init_num); - if (ret < 0) - return (-1); - - if (type == SSL3_RT_HANDSHAKE) - /* - * Should not be done for 'Hello Request's, but in that case - * we'll ignore the result anyway. - */ - tls1_transcript_record(s, - (unsigned char *)&s->init_buf->data[s->init_off], ret); - - if (ret == s->init_num) { - ssl_msg_callback(s, 1, type, s->init_buf->data, - (size_t)(s->init_off + s->init_num)); - return (1); - } - - s->init_off += ret; - s->init_num -= ret; - - return (0); -} - -static int -ssl3_add_cert(CBB *cbb, X509 *x) -{ - unsigned char *data; - int cert_len; - int ret = 0; - CBB cert; - - if ((cert_len = i2d_X509(x, NULL)) < 0) - goto err; - - if (!CBB_add_u24_length_prefixed(cbb, &cert)) - goto err; - if (!CBB_add_space(&cert, &data, cert_len)) - goto err; - if (i2d_X509(x, &data) < 0) - goto err; - if (!CBB_flush(cbb)) - goto err; - - ret = 1; - - err: - return (ret); -} - -int -ssl3_output_cert_chain(SSL *s, CBB *cbb, SSL_CERT_PKEY *cpk) -{ - X509_STORE_CTX *xs_ctx = NULL; - STACK_OF(X509) *chain; - CBB cert_list; - X509 *x; - int ret = 0; - int i; - - if (!CBB_add_u24_length_prefixed(cbb, &cert_list)) - goto err; - - /* Send an empty certificate list when no certificate is available. */ - if (cpk == NULL) - goto done; - - if ((chain = cpk->chain) == NULL) - chain = s->ctx->extra_certs; - - if (chain != NULL || (s->mode & SSL_MODE_NO_AUTO_CHAIN)) { - if (!ssl3_add_cert(&cert_list, cpk->x509)) - goto err; - } else { - if ((xs_ctx = X509_STORE_CTX_new()) == NULL) - goto err; - if (!X509_STORE_CTX_init(xs_ctx, s->ctx->cert_store, - cpk->x509, NULL)) { - SSLerror(s, ERR_R_X509_LIB); - goto err; - } - X509_VERIFY_PARAM_set_flags(X509_STORE_CTX_get0_param(xs_ctx), - X509_V_FLAG_LEGACY_VERIFY); - X509_verify_cert(xs_ctx); - ERR_clear_error(); - chain = X509_STORE_CTX_get0_chain(xs_ctx); - } - - for (i = 0; i < sk_X509_num(chain); i++) { - x = sk_X509_value(chain, i); - if (!ssl3_add_cert(&cert_list, x)) - goto err; - } - - done: - if (!CBB_flush(cbb)) - goto err; - - ret = 1; - - err: - X509_STORE_CTX_free(xs_ctx); - - return (ret); -} - -/* - * Obtain handshake message of message type 'mt' (any if mt == -1), - * maximum acceptable body length 'max'. - * The first four bytes (msg_type and length) are read in state 'st1', - * the body is read in state 'stn'. - */ -int -ssl3_get_message(SSL *s, int st1, int stn, int mt, long max) -{ - unsigned char *p; - uint32_t l; - long n; - int i, al; - CBS cbs; - uint8_t u8; - - if (SSL_is_dtls(s)) - return dtls1_get_message(s, st1, stn, mt, max); - - if (s->s3->hs.tls12.reuse_message) { - s->s3->hs.tls12.reuse_message = 0; - if ((mt >= 0) && (s->s3->hs.tls12.message_type != mt)) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); - goto fatal_err; - } - s->init_msg = s->init_buf->data + - SSL3_HM_HEADER_LENGTH; - s->init_num = (int)s->s3->hs.tls12.message_size; - return 1; - } - - p = (unsigned char *)s->init_buf->data; - - if (s->s3->hs.state == st1) { - int skip_message; - - do { - while (s->init_num < SSL3_HM_HEADER_LENGTH) { - i = s->method->ssl_read_bytes(s, - SSL3_RT_HANDSHAKE, &p[s->init_num], - SSL3_HM_HEADER_LENGTH - s->init_num, 0); - if (i <= 0) { - s->rwstate = SSL_READING; - return i; - } - s->init_num += i; - } - - skip_message = 0; - if (!s->server && p[0] == SSL3_MT_HELLO_REQUEST) { - /* - * The server may always send 'Hello Request' - * messages -- we are doing a handshake anyway - * now, so ignore them if their format is - * correct. Does not count for 'Finished' MAC. - */ - if (p[1] == 0 && p[2] == 0 &&p[3] == 0) { - s->init_num = 0; - skip_message = 1; - - ssl_msg_callback(s, 0, - SSL3_RT_HANDSHAKE, p, - SSL3_HM_HEADER_LENGTH); - } - } - } while (skip_message); - - if ((mt >= 0) && (*p != mt)) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); - goto fatal_err; - } - - CBS_init(&cbs, p, SSL3_HM_HEADER_LENGTH); - if (!CBS_get_u8(&cbs, &u8) || - !CBS_get_u24(&cbs, &l)) { - SSLerror(s, ERR_R_BUF_LIB); - goto err; - } - s->s3->hs.tls12.message_type = u8; - - if (l > (unsigned long)max) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE); - goto fatal_err; - } - if (l && !BUF_MEM_grow_clean(s->init_buf, - l + SSL3_HM_HEADER_LENGTH)) { - SSLerror(s, ERR_R_BUF_LIB); - goto err; - } - s->s3->hs.tls12.message_size = l; - s->s3->hs.state = stn; - - s->init_msg = s->init_buf->data + - SSL3_HM_HEADER_LENGTH; - s->init_num = 0; - } - - /* next state (stn) */ - p = s->init_msg; - n = s->s3->hs.tls12.message_size - s->init_num; - while (n > 0) { - i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, - &p[s->init_num], n, 0); - if (i <= 0) { - s->rwstate = SSL_READING; - return i; - } - s->init_num += i; - n -= i; - } - - /* Feed this message into MAC computation. */ - if (s->mac_packet) { - tls1_transcript_record(s, (unsigned char *)s->init_buf->data, - s->init_num + SSL3_HM_HEADER_LENGTH); - - ssl_msg_callback(s, 0, SSL3_RT_HANDSHAKE, - s->init_buf->data, - (size_t)s->init_num + SSL3_HM_HEADER_LENGTH); - } - - return 1; - - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - err: - return -1; -} - -int -ssl_cert_type(EVP_PKEY *pkey) -{ - if (pkey == NULL) - return -1; - - switch (EVP_PKEY_id(pkey)) { - case EVP_PKEY_EC: - return SSL_PKEY_ECC; - case EVP_PKEY_RSA: - case EVP_PKEY_RSA_PSS: - return SSL_PKEY_RSA; - } - - return -1; -} - -int -ssl_verify_alarm_type(long type) -{ - int al; - - switch (type) { - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - case X509_V_ERR_UNABLE_TO_GET_CRL: - case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: - al = SSL_AD_UNKNOWN_CA; - break; - case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: - case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: - case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: - case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: - case X509_V_ERR_CERT_NOT_YET_VALID: - case X509_V_ERR_CRL_NOT_YET_VALID: - case X509_V_ERR_CERT_UNTRUSTED: - case X509_V_ERR_CERT_REJECTED: - al = SSL_AD_BAD_CERTIFICATE; - break; - case X509_V_ERR_CERT_SIGNATURE_FAILURE: - case X509_V_ERR_CRL_SIGNATURE_FAILURE: - al = SSL_AD_DECRYPT_ERROR; - break; - case X509_V_ERR_CERT_HAS_EXPIRED: - case X509_V_ERR_CRL_HAS_EXPIRED: - al = SSL_AD_CERTIFICATE_EXPIRED; - break; - case X509_V_ERR_CERT_REVOKED: - al = SSL_AD_CERTIFICATE_REVOKED; - break; - case X509_V_ERR_OUT_OF_MEM: - al = SSL_AD_INTERNAL_ERROR; - break; - case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: - case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: - case X509_V_ERR_CERT_CHAIN_TOO_LONG: - case X509_V_ERR_PATH_LENGTH_EXCEEDED: - case X509_V_ERR_INVALID_CA: - al = SSL_AD_UNKNOWN_CA; - break; - case X509_V_ERR_APPLICATION_VERIFICATION: - al = SSL_AD_HANDSHAKE_FAILURE; - break; - case X509_V_ERR_INVALID_PURPOSE: - al = SSL_AD_UNSUPPORTED_CERTIFICATE; - break; - default: - al = SSL_AD_CERTIFICATE_UNKNOWN; - break; - } - return (al); -} - -int -ssl3_setup_init_buffer(SSL *s) -{ - BUF_MEM *buf = NULL; - - if (s->init_buf != NULL) - return (1); - - if ((buf = BUF_MEM_new()) == NULL) - goto err; - if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) - goto err; - - s->init_buf = buf; - return (1); - - err: - BUF_MEM_free(buf); - return (0); -} - -void -ssl3_release_init_buffer(SSL *s) -{ - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; - s->init_msg = NULL; - s->init_num = 0; - s->init_off = 0; -} - -int -ssl3_setup_read_buffer(SSL *s) -{ - unsigned char *p; - size_t len, align, headerlen; - - if (SSL_is_dtls(s)) - headerlen = DTLS1_RT_HEADER_LENGTH; - else - headerlen = SSL3_RT_HEADER_LENGTH; - - align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); - - if (s->s3->rbuf.buf == NULL) { - len = SSL3_RT_MAX_PLAIN_LENGTH + - SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align; - if ((p = calloc(1, len)) == NULL) - goto err; - s->s3->rbuf.buf = p; - s->s3->rbuf.len = len; - } - - s->packet = s->s3->rbuf.buf; - return 1; - - err: - SSLerror(s, ERR_R_MALLOC_FAILURE); - return 0; -} - -int -ssl3_setup_write_buffer(SSL *s) -{ - unsigned char *p; - size_t len, align, headerlen; - - if (SSL_is_dtls(s)) - headerlen = DTLS1_RT_HEADER_LENGTH + 1; - else - headerlen = SSL3_RT_HEADER_LENGTH; - - align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); - - if (s->s3->wbuf.buf == NULL) { - len = s->max_send_fragment + - SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align; - if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) - len += headerlen + align + - SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; - - if ((p = calloc(1, len)) == NULL) - goto err; - s->s3->wbuf.buf = p; - s->s3->wbuf.len = len; - } - - return 1; - - err: - SSLerror(s, ERR_R_MALLOC_FAILURE); - return 0; -} - -int -ssl3_setup_buffers(SSL *s) -{ - if (!ssl3_setup_read_buffer(s)) - return 0; - if (!ssl3_setup_write_buffer(s)) - return 0; - return 1; -} - -void -ssl3_release_buffer(SSL3_BUFFER_INTERNAL *b) -{ - freezero(b->buf, b->len); - b->buf = NULL; - b->len = 0; -} - -void -ssl3_release_read_buffer(SSL *s) -{ - ssl3_release_buffer(&s->s3->rbuf); -} - -void -ssl3_release_write_buffer(SSL *s) -{ - ssl3_release_buffer(&s->s3->wbuf); -} diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c deleted file mode 100644 index 5b2fe1a48d..0000000000 --- a/src/lib/libssl/ssl_cert.c +++ /dev/null @@ -1,737 +0,0 @@ -/* $OpenBSD: ssl_cert.c,v 1.108 2024/02/03 15:58:33 beck Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - -#include - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include "ssl_local.h" - -int -SSL_get_ex_data_X509_STORE_CTX_idx(void) -{ - static volatile int ssl_x509_store_ctx_idx = -1; - int got_write_lock = 0; - - CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); - - if (ssl_x509_store_ctx_idx < 0) { - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - got_write_lock = 1; - - if (ssl_x509_store_ctx_idx < 0) { - ssl_x509_store_ctx_idx = - X509_STORE_CTX_get_ex_new_index( - 0, "SSL for verify callback", NULL, NULL, NULL); - } - } - - if (got_write_lock) - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - else - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); - - return ssl_x509_store_ctx_idx; -} -LSSL_ALIAS(SSL_get_ex_data_X509_STORE_CTX_idx); - -SSL_CERT * -ssl_cert_new(void) -{ - SSL_CERT *ret; - - ret = calloc(1, sizeof(SSL_CERT)); - if (ret == NULL) { - SSLerrorx(ERR_R_MALLOC_FAILURE); - return (NULL); - } - ret->key = &(ret->pkeys[SSL_PKEY_RSA]); - ret->references = 1; - ret->security_cb = ssl_security_default_cb; - ret->security_level = OPENSSL_TLS_SECURITY_LEVEL; - ret->security_ex_data = NULL; - return (ret); -} - -SSL_CERT * -ssl_cert_dup(SSL_CERT *cert) -{ - SSL_CERT *ret; - int i; - - ret = calloc(1, sizeof(SSL_CERT)); - if (ret == NULL) { - SSLerrorx(ERR_R_MALLOC_FAILURE); - return (NULL); - } - - /* - * same as ret->key = ret->pkeys + (cert->key - cert->pkeys), - * if you find that more readable - */ - ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]]; - - ret->valid = cert->valid; - ret->mask_k = cert->mask_k; - ret->mask_a = cert->mask_a; - - if (cert->dhe_params != NULL) { - ret->dhe_params = DHparams_dup(cert->dhe_params); - if (ret->dhe_params == NULL) { - SSLerrorx(ERR_R_DH_LIB); - goto err; - } - } - ret->dhe_params_cb = cert->dhe_params_cb; - ret->dhe_params_auto = cert->dhe_params_auto; - - for (i = 0; i < SSL_PKEY_NUM; i++) { - if (cert->pkeys[i].x509 != NULL) { - ret->pkeys[i].x509 = cert->pkeys[i].x509; - X509_up_ref(ret->pkeys[i].x509); - } - - if (cert->pkeys[i].privatekey != NULL) { - ret->pkeys[i].privatekey = cert->pkeys[i].privatekey; - EVP_PKEY_up_ref(ret->pkeys[i].privatekey); - switch (i) { - /* - * If there was anything special to do for - * certain types of keys, we'd do it here. - * (Nothing at the moment, I think.) - */ - - case SSL_PKEY_RSA: - /* We have an RSA key. */ - break; - - case SSL_PKEY_ECC: - /* We have an ECC key */ - break; - - default: - /* Can't happen. */ - SSLerrorx(SSL_R_LIBRARY_BUG); - } - } - - if (cert->pkeys[i].chain != NULL) { - if ((ret->pkeys[i].chain = - X509_chain_up_ref(cert->pkeys[i].chain)) == NULL) - goto err; - } - } - - ret->security_cb = cert->security_cb; - ret->security_level = cert->security_level; - ret->security_ex_data = cert->security_ex_data; - - /* - * ret->extra_certs *should* exist, but currently the own certificate - * chain is held inside SSL_CTX - */ - - ret->references = 1; - - return (ret); - - err: - DH_free(ret->dhe_params); - - for (i = 0; i < SSL_PKEY_NUM; i++) { - X509_free(ret->pkeys[i].x509); - EVP_PKEY_free(ret->pkeys[i].privatekey); - sk_X509_pop_free(ret->pkeys[i].chain, X509_free); - } - free (ret); - return NULL; -} - - -void -ssl_cert_free(SSL_CERT *c) -{ - int i; - - if (c == NULL) - return; - - i = CRYPTO_add(&c->references, -1, CRYPTO_LOCK_SSL_CERT); - if (i > 0) - return; - - DH_free(c->dhe_params); - - for (i = 0; i < SSL_PKEY_NUM; i++) { - X509_free(c->pkeys[i].x509); - EVP_PKEY_free(c->pkeys[i].privatekey); - sk_X509_pop_free(c->pkeys[i].chain, X509_free); - } - - free(c); -} - -SSL_CERT * -ssl_get0_cert(SSL_CTX *ctx, SSL *ssl) -{ - if (ssl != NULL) - return ssl->cert; - - return ctx->cert; -} - -int -ssl_cert_set0_chain(SSL_CTX *ctx, SSL *ssl, STACK_OF(X509) *chain) -{ - SSL_CERT *ssl_cert; - SSL_CERT_PKEY *cpk; - X509 *x509; - int ssl_err; - int i; - - if ((ssl_cert = ssl_get0_cert(ctx, ssl)) == NULL) - return 0; - - if ((cpk = ssl_cert->key) == NULL) - return 0; - - for (i = 0; i < sk_X509_num(chain); i++) { - x509 = sk_X509_value(chain, i); - if (!ssl_security_cert(ctx, ssl, x509, 0, &ssl_err)) { - SSLerrorx(ssl_err); - return 0; - } - } - - sk_X509_pop_free(cpk->chain, X509_free); - cpk->chain = chain; - - return 1; -} - -int -ssl_cert_set1_chain(SSL_CTX *ctx, SSL *ssl, STACK_OF(X509) *chain) -{ - STACK_OF(X509) *new_chain = NULL; - - if (chain != NULL) { - if ((new_chain = X509_chain_up_ref(chain)) == NULL) - return 0; - } - if (!ssl_cert_set0_chain(ctx, ssl, new_chain)) { - sk_X509_pop_free(new_chain, X509_free); - return 0; - } - - return 1; -} - -int -ssl_cert_add0_chain_cert(SSL_CTX *ctx, SSL *ssl, X509 *cert) -{ - SSL_CERT *ssl_cert; - SSL_CERT_PKEY *cpk; - int ssl_err; - - if ((ssl_cert = ssl_get0_cert(ctx, ssl)) == NULL) - return 0; - - if ((cpk = ssl_cert->key) == NULL) - return 0; - - if (!ssl_security_cert(ctx, ssl, cert, 0, &ssl_err)) { - SSLerrorx(ssl_err); - return 0; - } - - if (cpk->chain == NULL) { - if ((cpk->chain = sk_X509_new_null()) == NULL) - return 0; - } - if (!sk_X509_push(cpk->chain, cert)) - return 0; - - return 1; -} - -int -ssl_cert_add1_chain_cert(SSL_CTX *ctx, SSL *ssl, X509 *cert) -{ - if (!ssl_cert_add0_chain_cert(ctx, ssl, cert)) - return 0; - - X509_up_ref(cert); - - return 1; -} - -int -ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *certs) -{ - X509_STORE_CTX *ctx = NULL; - X509_VERIFY_PARAM *param; - X509 *cert; - int ret = 0; - - if (sk_X509_num(certs) < 1) - goto err; - - if ((ctx = X509_STORE_CTX_new()) == NULL) - goto err; - - cert = sk_X509_value(certs, 0); - if (!X509_STORE_CTX_init(ctx, s->ctx->cert_store, cert, certs)) { - SSLerror(s, ERR_R_X509_LIB); - goto err; - } - X509_STORE_CTX_set_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s); - - /* - * We need to inherit the verify parameters. These can be - * determined by the context: if its a server it will verify - * SSL client certificates or vice versa. - */ - X509_STORE_CTX_set_default(ctx, s->server ? "ssl_client" : "ssl_server"); - - param = X509_STORE_CTX_get0_param(ctx); - - X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s)); - - /* - * Anything non-default in "param" should overwrite anything - * in the ctx. - */ - X509_VERIFY_PARAM_set1(param, s->param); - - if (s->verify_callback) - X509_STORE_CTX_set_verify_cb(ctx, s->verify_callback); - - if (s->ctx->app_verify_callback != NULL) - ret = s->ctx->app_verify_callback(ctx, - s->ctx->app_verify_arg); - else - ret = X509_verify_cert(ctx); - - s->verify_result = X509_STORE_CTX_get_error(ctx); - sk_X509_pop_free(s->s3->hs.verified_chain, X509_free); - s->s3->hs.verified_chain = NULL; - if (X509_STORE_CTX_get0_chain(ctx) != NULL) { - s->s3->hs.verified_chain = X509_STORE_CTX_get1_chain(ctx); - if (s->s3->hs.verified_chain == NULL) { - SSLerrorx(ERR_R_MALLOC_FAILURE); - ret = 0; - } - } - - err: - X509_STORE_CTX_free(ctx); - - return (ret); -} - -static void -set_client_CA_list(STACK_OF(X509_NAME) **ca_list, - STACK_OF(X509_NAME) *name_list) -{ - sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); - *ca_list = name_list; -} - -STACK_OF(X509_NAME) * -SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk) -{ - int i; - STACK_OF(X509_NAME) *ret; - X509_NAME *name = NULL; - - if ((ret = sk_X509_NAME_new_null()) == NULL) - goto err; - - for (i = 0; i < sk_X509_NAME_num(sk); i++) { - if ((name = X509_NAME_dup(sk_X509_NAME_value(sk, i))) == NULL) - goto err; - if (!sk_X509_NAME_push(ret, name)) - goto err; - } - return (ret); - - err: - X509_NAME_free(name); - sk_X509_NAME_pop_free(ret, X509_NAME_free); - return NULL; -} -LSSL_ALIAS(SSL_dup_CA_list); - -void -SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) -{ - set_client_CA_list(&(s->client_CA), name_list); -} -LSSL_ALIAS(SSL_set_client_CA_list); - -void -SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) -{ - set_client_CA_list(&(ctx->client_CA), name_list); -} -LSSL_ALIAS(SSL_CTX_set_client_CA_list); - -STACK_OF(X509_NAME) * -SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) -{ - return (ctx->client_CA); -} -LSSL_ALIAS(SSL_CTX_get_client_CA_list); - -STACK_OF(X509_NAME) * -SSL_get_client_CA_list(const SSL *s) -{ - if (!s->server) { - /* We are in the client. */ - if ((s->version >> 8) == SSL3_VERSION_MAJOR) - return (s->s3->hs.tls12.ca_names); - else - return (NULL); - } else { - if (s->client_CA != NULL) - return (s->client_CA); - else - return (s->ctx->client_CA); - } -} -LSSL_ALIAS(SSL_get_client_CA_list); - -static int -add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x) -{ - X509_NAME *name; - - if (x == NULL) - return (0); - if ((*sk == NULL) && ((*sk = sk_X509_NAME_new_null()) == NULL)) - return (0); - - if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL) - return (0); - - if (!sk_X509_NAME_push(*sk, name)) { - X509_NAME_free(name); - return (0); - } - return (1); -} - -int -SSL_add_client_CA(SSL *ssl, X509 *x) -{ - return (add_client_CA(&(ssl->client_CA), x)); -} -LSSL_ALIAS(SSL_add_client_CA); - -int -SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) -{ - return (add_client_CA(&(ctx->client_CA), x)); -} -LSSL_ALIAS(SSL_CTX_add_client_CA); - -static int -xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) -{ - return (X509_NAME_cmp(*a, *b)); -} - -/*! - * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed; - * it doesn't really have anything to do with clients (except that a common use - * for a stack of CAs is to send it to the client). Actually, it doesn't have - * much to do with CAs, either, since it will load any old cert. - * \param file the file containing one or more certs. - * \return a ::STACK containing the certs. - */ -STACK_OF(X509_NAME) * -SSL_load_client_CA_file(const char *file) -{ - BIO *in; - X509 *x = NULL; - X509_NAME *xn = NULL; - STACK_OF(X509_NAME) *ret = NULL, *sk; - - sk = sk_X509_NAME_new(xname_cmp); - - in = BIO_new(BIO_s_file()); - - if ((sk == NULL) || (in == NULL)) { - SSLerrorx(ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!BIO_read_filename(in, file)) - goto err; - - for (;;) { - if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) - break; - if (ret == NULL) { - ret = sk_X509_NAME_new_null(); - if (ret == NULL) { - SSLerrorx(ERR_R_MALLOC_FAILURE); - goto err; - } - } - if ((xn = X509_get_subject_name(x)) == NULL) - goto err; - /* check for duplicates */ - xn = X509_NAME_dup(xn); - if (xn == NULL) - goto err; - if (sk_X509_NAME_find(sk, xn) >= 0) - X509_NAME_free(xn); - else { - if (!sk_X509_NAME_push(sk, xn)) - goto err; - if (!sk_X509_NAME_push(ret, xn)) - goto err; - } - } - - if (0) { - err: - sk_X509_NAME_pop_free(ret, X509_NAME_free); - ret = NULL; - } - sk_X509_NAME_free(sk); - BIO_free(in); - X509_free(x); - if (ret != NULL) - ERR_clear_error(); - - return (ret); -} -LSSL_ALIAS(SSL_load_client_CA_file); - -/*! - * Add a file of certs to a stack. - * \param stack the stack to add to. - * \param file the file to add from. All certs in this file that are not - * already in the stack will be added. - * \return 1 for success, 0 for failure. Note that in the case of failure some - * certs may have been added to \c stack. - */ - -int -SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, - const char *file) -{ - BIO *in; - X509 *x = NULL; - X509_NAME *xn = NULL; - int ret = 1; - int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b); - - oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp); - - in = BIO_new(BIO_s_file()); - - if (in == NULL) { - SSLerrorx(ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!BIO_read_filename(in, file)) - goto err; - - for (;;) { - if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) - break; - if ((xn = X509_get_subject_name(x)) == NULL) - goto err; - xn = X509_NAME_dup(xn); - if (xn == NULL) - goto err; - if (sk_X509_NAME_find(stack, xn) >= 0) - X509_NAME_free(xn); - else - if (!sk_X509_NAME_push(stack, xn)) - goto err; - } - - ERR_clear_error(); - - if (0) { - err: - ret = 0; - } - BIO_free(in); - X509_free(x); - - (void)sk_X509_NAME_set_cmp_func(stack, oldcmp); - - return ret; -} -LSSL_ALIAS(SSL_add_file_cert_subjects_to_stack); - -/*! - * Add a directory of certs to a stack. - * \param stack the stack to append to. - * \param dir the directory to append from. All files in this directory will be - * examined as potential certs. Any that are acceptable to - * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will - * be included. - * \return 1 for success, 0 for failure. Note that in the case of failure some - * certs may have been added to \c stack. - */ - -int -SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *dir) -{ - DIR *dirp = NULL; - char *path = NULL; - int ret = 0; - - dirp = opendir(dir); - if (dirp) { - struct dirent *dp; - while ((dp = readdir(dirp)) != NULL) { - if (asprintf(&path, "%s/%s", dir, dp->d_name) != -1) { - ret = SSL_add_file_cert_subjects_to_stack( - stack, path); - free(path); - } - if (!ret) - break; - } - (void) closedir(dirp); - } - if (!ret) { - SYSerror(errno); - ERR_asprintf_error_data("opendir ('%s')", dir); - SSLerrorx(ERR_R_SYS_LIB); - } - return ret; -} -LSSL_ALIAS(SSL_add_dir_cert_subjects_to_stack); diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c deleted file mode 100644 index 7d84e42cfe..0000000000 --- a/src/lib/libssl/ssl_ciph.c +++ /dev/null @@ -1,1631 +0,0 @@ -/* $OpenBSD: ssl_ciph.c,v 1.151 2025/01/18 12:20:37 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#include - -#include -#include -#include - -#include "ssl_local.h" - -#define CIPHER_ADD 1 -#define CIPHER_KILL 2 -#define CIPHER_DEL 3 -#define CIPHER_ORD 4 -#define CIPHER_SPECIAL 5 - -typedef struct cipher_order_st { - const SSL_CIPHER *cipher; - int active; - int dead; - struct cipher_order_st *next, *prev; -} CIPHER_ORDER; - -static const SSL_CIPHER cipher_aliases[] = { - - /* "ALL" doesn't include eNULL (must be specifically enabled) */ - { - .name = SSL_TXT_ALL, - .algorithm_enc = ~SSL_eNULL, - }, - - /* "COMPLEMENTOFALL" */ - { - .name = SSL_TXT_CMPALL, - .algorithm_enc = SSL_eNULL, - }, - - /* - * "COMPLEMENTOFDEFAULT" - * (does *not* include ciphersuites not found in ALL!) - */ - { - .name = SSL_TXT_CMPDEF, - .algorithm_mkey = SSL_kDHE|SSL_kECDHE, - .algorithm_auth = SSL_aNULL, - .algorithm_enc = ~SSL_eNULL, - }, - - /* - * key exchange aliases - * (some of those using only a single bit here combine multiple key - * exchange algs according to the RFCs, e.g. kEDH combines DHE_DSS - * and DHE_RSA) - */ - { - .name = SSL_TXT_kRSA, - .algorithm_mkey = SSL_kRSA, - }, - { - .name = SSL_TXT_kEDH, - .algorithm_mkey = SSL_kDHE, - }, - { - .name = SSL_TXT_DH, - .algorithm_mkey = SSL_kDHE, - }, - { - .name = SSL_TXT_kEECDH, - .algorithm_mkey = SSL_kECDHE, - }, - { - .name = SSL_TXT_ECDH, - .algorithm_mkey = SSL_kECDHE, - }, - - /* server authentication aliases */ - { - .name = SSL_TXT_aRSA, - .algorithm_auth = SSL_aRSA, - }, - { - .name = SSL_TXT_aNULL, - .algorithm_auth = SSL_aNULL, - }, - { - .name = SSL_TXT_aECDSA, - .algorithm_auth = SSL_aECDSA, - }, - { - .name = SSL_TXT_ECDSA, - .algorithm_auth = SSL_aECDSA, - }, - - /* aliases combining key exchange and server authentication */ - { - .name = SSL_TXT_DHE, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = ~SSL_aNULL, - }, - { - .name = SSL_TXT_EDH, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = ~SSL_aNULL, - }, - { - .name = SSL_TXT_ECDHE, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = ~SSL_aNULL, - }, - { - .name = SSL_TXT_EECDH, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = ~SSL_aNULL, - }, - { - .name = SSL_TXT_NULL, - .algorithm_enc = SSL_eNULL, - }, - { - .name = SSL_TXT_RSA, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - }, - { - .name = SSL_TXT_ADH, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aNULL, - }, - { - .name = SSL_TXT_AECDH, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aNULL, - }, - - /* symmetric encryption aliases */ - { - .name = SSL_TXT_3DES, - .algorithm_enc = SSL_3DES, - }, - { - .name = SSL_TXT_RC4, - .algorithm_enc = SSL_RC4, - }, - { - .name = SSL_TXT_eNULL, - .algorithm_enc = SSL_eNULL, - }, - { - .name = SSL_TXT_AES128, - .algorithm_enc = SSL_AES128|SSL_AES128GCM, - }, - { - .name = SSL_TXT_AES256, - .algorithm_enc = SSL_AES256|SSL_AES256GCM, - }, - { - .name = SSL_TXT_AES, - .algorithm_enc = SSL_AES, - }, - { - .name = SSL_TXT_AES_GCM, - .algorithm_enc = SSL_AES128GCM|SSL_AES256GCM, - }, - { - .name = SSL_TXT_CAMELLIA128, - .algorithm_enc = SSL_CAMELLIA128, - }, - { - .name = SSL_TXT_CAMELLIA256, - .algorithm_enc = SSL_CAMELLIA256, - }, - { - .name = SSL_TXT_CAMELLIA, - .algorithm_enc = SSL_CAMELLIA128|SSL_CAMELLIA256, - }, - { - .name = SSL_TXT_CHACHA20, - .algorithm_enc = SSL_CHACHA20POLY1305, - }, - - /* MAC aliases */ - { - .name = SSL_TXT_AEAD, - .algorithm_mac = SSL_AEAD, - }, - { - .name = SSL_TXT_MD5, - .algorithm_mac = SSL_MD5, - }, - { - .name = SSL_TXT_SHA1, - .algorithm_mac = SSL_SHA1, - }, - { - .name = SSL_TXT_SHA, - .algorithm_mac = SSL_SHA1, - }, - { - .name = SSL_TXT_SHA256, - .algorithm_mac = SSL_SHA256, - }, - { - .name = SSL_TXT_SHA384, - .algorithm_mac = SSL_SHA384, - }, - - /* protocol version aliases */ - { - .name = SSL_TXT_SSLV3, - .algorithm_ssl = SSL_SSLV3, - }, - { - .name = SSL_TXT_TLSV1, - .algorithm_ssl = SSL_TLSV1, - }, - { - .name = SSL_TXT_TLSV1_2, - .algorithm_ssl = SSL_TLSV1_2, - }, - { - .name = SSL_TXT_TLSV1_3, - .algorithm_ssl = SSL_TLSV1_3, - }, - - /* cipher suite aliases */ -#ifdef LIBRESSL_HAS_TLS1_3 - { - .value = 0x1301, - .name = "TLS_AES_128_GCM_SHA256", - .algorithm_ssl = SSL_TLSV1_3, - }, - { - .value = 0x1302, - .name = "TLS_AES_256_GCM_SHA384", - .algorithm_ssl = SSL_TLSV1_3, - }, - { - .value = 0x1303, - .name = "TLS_CHACHA20_POLY1305_SHA256", - .algorithm_ssl = SSL_TLSV1_3, - }, -#endif - - /* strength classes */ - { - .name = SSL_TXT_LOW, - .algo_strength = SSL_LOW, - }, - { - .name = SSL_TXT_MEDIUM, - .algo_strength = SSL_MEDIUM, - }, - { - .name = SSL_TXT_HIGH, - .algo_strength = SSL_HIGH, - }, -}; - -int -ssl_cipher_get_evp(SSL *s, const EVP_CIPHER **enc, const EVP_MD **md, - int *mac_pkey_type, int *mac_secret_size) -{ - const SSL_CIPHER *cipher; - - *enc = NULL; - *md = NULL; - *mac_pkey_type = NID_undef; - *mac_secret_size = 0; - - if ((cipher = s->s3->hs.cipher) == NULL) - return 0; - - /* - * This function does not handle EVP_AEAD. - * See ssl_cipher_get_evp_aead instead. - */ - if (cipher->algorithm_mac & SSL_AEAD) - return 0; - - switch (cipher->algorithm_enc) { - case SSL_3DES: - *enc = EVP_des_ede3_cbc(); - break; - case SSL_RC4: - *enc = EVP_rc4(); - break; - case SSL_eNULL: - *enc = EVP_enc_null(); - break; - case SSL_AES128: - *enc = EVP_aes_128_cbc(); - break; - case SSL_AES256: - *enc = EVP_aes_256_cbc(); - break; - case SSL_CAMELLIA128: - *enc = EVP_camellia_128_cbc(); - break; - case SSL_CAMELLIA256: - *enc = EVP_camellia_256_cbc(); - break; - } - - switch (cipher->algorithm_mac) { - case SSL_MD5: - *md = EVP_md5(); - break; - case SSL_SHA1: - *md = EVP_sha1(); - break; - case SSL_SHA256: - *md = EVP_sha256(); - break; - case SSL_SHA384: - *md = EVP_sha384(); - break; - } - if (*enc == NULL || *md == NULL) - return 0; - - /* XXX remove these from ssl_cipher_get_evp? */ - /* - * EVP_CIPH_FLAG_AEAD_CIPHER and EVP_CIPH_GCM_MODE ciphers are not - * supported via EVP_CIPHER (they should be using EVP_AEAD instead). - */ - if (EVP_CIPHER_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER) - return 0; - if (EVP_CIPHER_mode(*enc) == EVP_CIPH_GCM_MODE) - return 0; - - *mac_pkey_type = EVP_PKEY_HMAC; - *mac_secret_size = EVP_MD_size(*md); - return 1; -} - -/* - * ssl_cipher_get_evp_aead sets aead to point to the correct EVP_AEAD object - * for s->cipher. It returns 1 on success and 0 on error. - */ -int -ssl_cipher_get_evp_aead(SSL *s, const EVP_AEAD **aead) -{ - const SSL_CIPHER *cipher; - - *aead = NULL; - - if ((cipher = s->s3->hs.cipher) == NULL) - return 0; - if ((cipher->algorithm_mac & SSL_AEAD) == 0) - return 0; - - switch (cipher->algorithm_enc) { - case SSL_AES128GCM: - *aead = EVP_aead_aes_128_gcm(); - return 1; - case SSL_AES256GCM: - *aead = EVP_aead_aes_256_gcm(); - return 1; - case SSL_CHACHA20POLY1305: - *aead = EVP_aead_chacha20_poly1305(); - return 1; - default: - break; - } - return 0; -} - -int -ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md) -{ - const SSL_CIPHER *cipher; - - *md = NULL; - - if ((cipher = s->s3->hs.cipher) == NULL) - return 0; - - switch (cipher->algorithm2 & SSL_HANDSHAKE_MAC_MASK) { - case SSL_HANDSHAKE_MAC_SHA256: - *md = EVP_sha256(); - return 1; - case SSL_HANDSHAKE_MAC_SHA384: - *md = EVP_sha384(); - return 1; - default: - break; - } - - return 0; -} - -#define ITEM_SEP(a) \ - (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) - -static void -ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, - CIPHER_ORDER **tail) -{ - if (curr == *tail) - return; - if (curr == *head) - *head = curr->next; - if (curr->prev != NULL) - curr->prev->next = curr->next; - if (curr->next != NULL) - curr->next->prev = curr->prev; - (*tail)->next = curr; - curr->prev= *tail; - curr->next = NULL; - *tail = curr; -} - -static void -ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, - CIPHER_ORDER **tail) -{ - if (curr == *head) - return; - if (curr == *tail) - *tail = curr->prev; - if (curr->next != NULL) - curr->next->prev = curr->prev; - if (curr->prev != NULL) - curr->prev->next = curr->next; - (*head)->prev = curr; - curr->next= *head; - curr->prev = NULL; - *head = curr; -} - -static void -ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers, - unsigned long disabled_mkey, unsigned long disabled_auth, - unsigned long disabled_enc, unsigned long disabled_mac, - unsigned long disabled_ssl, CIPHER_ORDER *co_list, - CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) -{ - int i, co_list_num; - const SSL_CIPHER *c; - - /* - * We have num_of_ciphers descriptions compiled in, depending on the - * method selected (SSLv3, TLSv1, etc). These will later be sorted in - * a linked list with at most num entries. - */ - - /* - * Get the initial list of ciphers, iterating backwards over the - * cipher list - the list is ordered by cipher value and we currently - * hope that ciphers with higher cipher values are preferable... - */ - co_list_num = 0; /* actual count of ciphers */ - for (i = num_of_ciphers - 1; i >= 0; i--) { - c = ssl3_get_cipher_by_index(i); - - /* - * Drop any invalid ciphers and any which use unavailable - * algorithms. - */ - if ((c != NULL) && - !(c->algorithm_mkey & disabled_mkey) && - !(c->algorithm_auth & disabled_auth) && - !(c->algorithm_enc & disabled_enc) && - !(c->algorithm_mac & disabled_mac) && - !(c->algorithm_ssl & disabled_ssl)) { - co_list[co_list_num].cipher = c; - co_list[co_list_num].next = NULL; - co_list[co_list_num].prev = NULL; - co_list[co_list_num].active = 0; - co_list_num++; - } - } - - /* - * Prepare linked list from list entries - */ - if (co_list_num > 0) { - co_list[0].prev = NULL; - - if (co_list_num > 1) { - co_list[0].next = &co_list[1]; - - for (i = 1; i < co_list_num - 1; i++) { - co_list[i].prev = &co_list[i - 1]; - co_list[i].next = &co_list[i + 1]; - } - - co_list[co_list_num - 1].prev = - &co_list[co_list_num - 2]; - } - - co_list[co_list_num - 1].next = NULL; - - *head_p = &co_list[0]; - *tail_p = &co_list[co_list_num - 1]; - } -} - -static void -ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, int num_of_group_aliases, - unsigned long disabled_mkey, unsigned long disabled_auth, - unsigned long disabled_enc, unsigned long disabled_mac, - unsigned long disabled_ssl, CIPHER_ORDER *head) -{ - CIPHER_ORDER *ciph_curr; - const SSL_CIPHER **ca_curr; - int i; - unsigned long mask_mkey = ~disabled_mkey; - unsigned long mask_auth = ~disabled_auth; - unsigned long mask_enc = ~disabled_enc; - unsigned long mask_mac = ~disabled_mac; - unsigned long mask_ssl = ~disabled_ssl; - - /* - * First, add the real ciphers as already collected - */ - ciph_curr = head; - ca_curr = ca_list; - while (ciph_curr != NULL) { - *ca_curr = ciph_curr->cipher; - ca_curr++; - ciph_curr = ciph_curr->next; - } - - /* - * Now we add the available ones from the cipher_aliases[] table. - * They represent either one or more algorithms, some of which - * in any affected category must be supported (set in enabled_mask), - * or represent a cipher strength value (will be added in any case because algorithms=0). - */ - for (i = 0; i < num_of_group_aliases; i++) { - unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; - unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; - unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; - unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac; - unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl; - - if (algorithm_mkey) - if ((algorithm_mkey & mask_mkey) == 0) - continue; - - if (algorithm_auth) - if ((algorithm_auth & mask_auth) == 0) - continue; - - if (algorithm_enc) - if ((algorithm_enc & mask_enc) == 0) - continue; - - if (algorithm_mac) - if ((algorithm_mac & mask_mac) == 0) - continue; - - if (algorithm_ssl) - if ((algorithm_ssl & mask_ssl) == 0) - continue; - - *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); - ca_curr++; - } - - *ca_curr = NULL; /* end of list */ -} - -static void -ssl_cipher_apply_rule(uint16_t cipher_value, unsigned long alg_mkey, - unsigned long alg_auth, unsigned long alg_enc, unsigned long alg_mac, - unsigned long alg_ssl, unsigned long algo_strength, int rule, - int strength_bits, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) -{ - CIPHER_ORDER *head, *tail, *curr, *next, *last; - const SSL_CIPHER *cp; - int reverse = 0; - - if (rule == CIPHER_DEL) - reverse = 1; /* needed to maintain sorting between currently deleted ciphers */ - - head = *head_p; - tail = *tail_p; - - if (reverse) { - next = tail; - last = head; - } else { - next = head; - last = tail; - } - - curr = NULL; - for (;;) { - if (curr == last) - break; - curr = next; - next = reverse ? curr->prev : curr->next; - - cp = curr->cipher; - - if (cipher_value != 0 && cp->value != cipher_value) - continue; - - /* - * Selection criteria is either the value of strength_bits - * or the algorithms used. - */ - if (strength_bits >= 0) { - if (strength_bits != cp->strength_bits) - continue; - } else { - if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) - continue; - if (alg_auth && !(alg_auth & cp->algorithm_auth)) - continue; - if (alg_enc && !(alg_enc & cp->algorithm_enc)) - continue; - if (alg_mac && !(alg_mac & cp->algorithm_mac)) - continue; - if (alg_ssl && !(alg_ssl & cp->algorithm_ssl)) - continue; - if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) - continue; - } - - /* add the cipher if it has not been added yet. */ - if (rule == CIPHER_ADD) { - /* reverse == 0 */ - if (!curr->active) { - ll_append_tail(&head, curr, &tail); - curr->active = 1; - } - } - /* Move the added cipher to this location */ - else if (rule == CIPHER_ORD) { - /* reverse == 0 */ - if (curr->active) { - ll_append_tail(&head, curr, &tail); - } - } else if (rule == CIPHER_DEL) { - /* reverse == 1 */ - if (curr->active) { - /* most recently deleted ciphersuites get best positions - * for any future CIPHER_ADD (note that the CIPHER_DEL loop - * works in reverse to maintain the order) */ - ll_append_head(&head, curr, &tail); - curr->active = 0; - } - } else if (rule == CIPHER_KILL) { - /* reverse == 0 */ - if (head == curr) - head = curr->next; - else - curr->prev->next = curr->next; - if (tail == curr) - tail = curr->prev; - curr->active = 0; - if (curr->next != NULL) - curr->next->prev = curr->prev; - if (curr->prev != NULL) - curr->prev->next = curr->next; - curr->next = NULL; - curr->prev = NULL; - } - } - - *head_p = head; - *tail_p = tail; -} - -static int -ssl_cipher_strength_sort(CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) -{ - int max_strength_bits, i, *number_uses; - CIPHER_ORDER *curr; - - /* - * This routine sorts the ciphers with descending strength. The sorting - * must keep the pre-sorted sequence, so we apply the normal sorting - * routine as '+' movement to the end of the list. - */ - max_strength_bits = 0; - curr = *head_p; - while (curr != NULL) { - if (curr->active && - (curr->cipher->strength_bits > max_strength_bits)) - max_strength_bits = curr->cipher->strength_bits; - curr = curr->next; - } - - number_uses = calloc((max_strength_bits + 1), sizeof(int)); - if (!number_uses) { - SSLerrorx(ERR_R_MALLOC_FAILURE); - return (0); - } - - /* - * Now find the strength_bits values actually used - */ - curr = *head_p; - while (curr != NULL) { - if (curr->active) - number_uses[curr->cipher->strength_bits]++; - curr = curr->next; - } - /* - * Go through the list of used strength_bits values in descending - * order. - */ - for (i = max_strength_bits; i >= 0; i--) - if (number_uses[i] > 0) - ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p); - - free(number_uses); - return (1); -} - -static int -ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p, - CIPHER_ORDER **tail_p, const SSL_CIPHER **ca_list, SSL_CERT *cert, - int *tls13_seen) -{ - unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl; - unsigned long algo_strength; - int j, multi, found, rule, retval, ok, buflen; - uint16_t cipher_value = 0; - const char *l, *buf; - char ch; - - *tls13_seen = 0; - - retval = 1; - l = rule_str; - for (;;) { - ch = *l; - - if (ch == '\0') - break; - - if (ch == '-') { - rule = CIPHER_DEL; - l++; - } else if (ch == '+') { - rule = CIPHER_ORD; - l++; - } else if (ch == '!') { - rule = CIPHER_KILL; - l++; - } else if (ch == '@') { - rule = CIPHER_SPECIAL; - l++; - } else { - rule = CIPHER_ADD; - } - - if (ITEM_SEP(ch)) { - l++; - continue; - } - - alg_mkey = 0; - alg_auth = 0; - alg_enc = 0; - alg_mac = 0; - alg_ssl = 0; - algo_strength = 0; - - for (;;) { - ch = *l; - buf = l; - buflen = 0; - while (((ch >= 'A') && (ch <= 'Z')) || - ((ch >= '0') && (ch <= '9')) || - ((ch >= 'a') && (ch <= 'z')) || - (ch == '-') || (ch == '.') || - (ch == '_') || (ch == '=')) { - ch = *(++l); - buflen++; - } - - if (buflen == 0) { - /* - * We hit something we cannot deal with, - * it is no command or separator nor - * alphanumeric, so we call this an error. - */ - SSLerrorx(SSL_R_INVALID_COMMAND); - return 0; - } - - if (rule == CIPHER_SPECIAL) { - /* unused -- avoid compiler warning */ - found = 0; - /* special treatment */ - break; - } - - /* check for multi-part specification */ - if (ch == '+') { - multi = 1; - l++; - } else - multi = 0; - - /* - * Now search for the cipher alias in the ca_list. - * Be careful with the strncmp, because the "buflen" - * limitation will make the rule "ADH:SOME" and the - * cipher "ADH-MY-CIPHER" look like a match for - * buflen=3. So additionally check whether the cipher - * name found has the correct length. We can save a - * strlen() call: just checking for the '\0' at the - * right place is sufficient, we have to strncmp() - * anyway (we cannot use strcmp(), because buf is not - * '\0' terminated.) - */ - j = found = 0; - cipher_value = 0; - while (ca_list[j]) { - if (!strncmp(buf, ca_list[j]->name, buflen) && - (ca_list[j]->name[buflen] == '\0')) { - found = 1; - break; - } else - j++; - } - - if (!found) - break; /* ignore this entry */ - - if (ca_list[j]->algorithm_mkey) { - if (alg_mkey) { - alg_mkey &= ca_list[j]->algorithm_mkey; - if (!alg_mkey) { - found = 0; - break; - } - } else - alg_mkey = ca_list[j]->algorithm_mkey; - } - - if (ca_list[j]->algorithm_auth) { - if (alg_auth) { - alg_auth &= ca_list[j]->algorithm_auth; - if (!alg_auth) { - found = 0; - break; - } - } else - alg_auth = ca_list[j]->algorithm_auth; - } - - if (ca_list[j]->algorithm_enc) { - if (alg_enc) { - alg_enc &= ca_list[j]->algorithm_enc; - if (!alg_enc) { - found = 0; - break; - } - } else - alg_enc = ca_list[j]->algorithm_enc; - } - - if (ca_list[j]->algorithm_mac) { - if (alg_mac) { - alg_mac &= ca_list[j]->algorithm_mac; - if (!alg_mac) { - found = 0; - break; - } - } else - alg_mac = ca_list[j]->algorithm_mac; - } - - if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { - if (algo_strength & SSL_STRONG_MASK) { - algo_strength &= - (ca_list[j]->algo_strength & - SSL_STRONG_MASK) | ~SSL_STRONG_MASK; - if (!(algo_strength & - SSL_STRONG_MASK)) { - found = 0; - break; - } - } else - algo_strength |= - ca_list[j]->algo_strength & - SSL_STRONG_MASK; - } - - if (ca_list[j]->value != 0) { - /* - * explicit ciphersuite found; its protocol - * version does not become part of the search - * pattern! - */ - cipher_value = ca_list[j]->value; - if (ca_list[j]->algorithm_ssl == SSL_TLSV1_3) - *tls13_seen = 1; - } else { - /* - * not an explicit ciphersuite; only in this - * case, the protocol version is considered - * part of the search pattern - */ - if (ca_list[j]->algorithm_ssl) { - if (alg_ssl) { - alg_ssl &= - ca_list[j]->algorithm_ssl; - if (!alg_ssl) { - found = 0; - break; - } - } else - alg_ssl = - ca_list[j]->algorithm_ssl; - } - } - - if (!multi) - break; - } - - /* - * Ok, we have the rule, now apply it - */ - if (rule == CIPHER_SPECIAL) { - /* special command */ - ok = 0; - if (buflen == 8 && strncmp(buf, "STRENGTH", 8) == 0) { - ok = ssl_cipher_strength_sort(head_p, tail_p); - } else if (buflen == 10 && - strncmp(buf, "SECLEVEL=", 9) == 0) { - int level = buf[9] - '0'; - - if (level >= 0 && level <= 5) { - cert->security_level = level; - ok = 1; - } else { - SSLerrorx(SSL_R_INVALID_COMMAND); - } - } else { - SSLerrorx(SSL_R_INVALID_COMMAND); - } - if (ok == 0) - retval = 0; - - while ((*l != '\0') && !ITEM_SEP(*l)) - l++; - } else if (found) { - if (alg_ssl == SSL_TLSV1_3) - *tls13_seen = 1; - ssl_cipher_apply_rule(cipher_value, alg_mkey, alg_auth, - alg_enc, alg_mac, alg_ssl, algo_strength, rule, - -1, head_p, tail_p); - } else { - while ((*l != '\0') && !ITEM_SEP(*l)) - l++; - } - if (*l == '\0') - break; /* done */ - } - - return (retval); -} - -static inline int -ssl_aes_is_accelerated(void) -{ - return (OPENSSL_cpu_caps() & CRYPTO_CPU_CAPS_ACCELERATED_AES) != 0; -} - -STACK_OF(SSL_CIPHER) * -ssl_create_cipher_list(const SSL_METHOD *ssl_method, - STACK_OF(SSL_CIPHER) **cipher_list, - STACK_OF(SSL_CIPHER) *cipher_list_tls13, - const char *rule_str, SSL_CERT *cert) -{ - int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; - unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl; - STACK_OF(SSL_CIPHER) *cipherstack = NULL, *ret = NULL; - const char *rule_p; - CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; - const SSL_CIPHER **ca_list = NULL; - const SSL_CIPHER *cipher; - int tls13_seen = 0; - int any_active; - int i; - - /* - * Return with error if nothing to do. - */ - if (rule_str == NULL || cipher_list == NULL) - goto err; - - disabled_mkey = 0; - disabled_auth = 0; - disabled_enc = 0; - disabled_mac = 0; - disabled_ssl = 0; - -#ifdef SSL_FORBID_ENULL - disabled_enc |= SSL_eNULL; -#endif - - /* DTLS cannot be used with stream ciphers. */ - if (ssl_method->dtls) - disabled_enc |= SSL_RC4; - - /* - * Now we have to collect the available ciphers from the compiled - * in ciphers. We cannot get more than the number compiled in, so - * it is used for allocation. - */ - num_of_ciphers = ssl3_num_ciphers(); - co_list = reallocarray(NULL, num_of_ciphers, sizeof(CIPHER_ORDER)); - if (co_list == NULL) { - SSLerrorx(ERR_R_MALLOC_FAILURE); - goto err; - } - - ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, - disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, - co_list, &head, &tail); - - - /* Now arrange all ciphers by preference: */ - - /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */ - ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); - ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); - - if (ssl_aes_is_accelerated()) { - /* - * We have hardware assisted AES - prefer AES as a symmetric - * cipher, with CHACHA20 second. - */ - ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, - CIPHER_ADD, -1, &head, &tail); - ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, - 0, 0, 0, CIPHER_ADD, -1, &head, &tail); - } else { - /* - * CHACHA20 is fast and safe on all hardware and is thus our - * preferred symmetric cipher, with AES second. - */ - ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, - 0, 0, 0, CIPHER_ADD, -1, &head, &tail); - ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, - CIPHER_ADD, -1, &head, &tail); - } - - /* Temporarily enable everything else for sorting */ - ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); - - /* Low priority for MD5 */ - ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail); - - /* Move anonymous ciphers to the end. Usually, these will remain disabled. - * (For applications that allow them, they aren't too bad, but we prefer - * authenticated ciphers.) */ - ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); - - /* Move ciphers without forward secrecy to the end */ - ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); - - /* RC4 is sort of broken - move it to the end */ - ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); - - /* Now sort by symmetric encryption strength. The above ordering remains - * in force within each class */ - if (!ssl_cipher_strength_sort(&head, &tail)) - goto err; - - /* Now disable everything (maintaining the ordering!) */ - ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); - - /* TLSv1.3 first. */ - ssl_cipher_apply_rule(0, 0, 0, 0, 0, SSL_TLSV1_3, 0, CIPHER_ADD, -1, &head, &tail); - ssl_cipher_apply_rule(0, 0, 0, 0, 0, SSL_TLSV1_3, 0, CIPHER_DEL, -1, &head, &tail); - - /* - * We also need cipher aliases for selecting based on the rule_str. - * There might be two types of entries in the rule_str: 1) names - * of ciphers themselves 2) aliases for groups of ciphers. - * For 1) we need the available ciphers and for 2) the cipher - * groups of cipher_aliases added together in one list (otherwise - * we would be happy with just the cipher_aliases table). - */ - num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); - num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; - ca_list = reallocarray(NULL, num_of_alias_max, sizeof(SSL_CIPHER *)); - if (ca_list == NULL) { - SSLerrorx(ERR_R_MALLOC_FAILURE); - goto err; - } - ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mkey, - disabled_auth, disabled_enc, disabled_mac, disabled_ssl, head); - - /* - * If the rule_string begins with DEFAULT, apply the default rule - * before using the (possibly available) additional rules. - */ - ok = 1; - rule_p = rule_str; - if (strncmp(rule_str, "DEFAULT", 7) == 0) { - ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, - &head, &tail, ca_list, cert, &tls13_seen); - rule_p += 7; - if (*rule_p == ':') - rule_p++; - } - - if (ok && (strlen(rule_p) > 0)) - ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, - cert, &tls13_seen); - - if (!ok) { - /* Rule processing failure */ - goto err; - } - - /* - * Allocate new "cipherstack" for the result, return with error - * if we cannot get one. - */ - if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { - SSLerrorx(ERR_R_MALLOC_FAILURE); - goto err; - } - - /* Prefer TLSv1.3 cipher suites. */ - if (cipher_list_tls13 != NULL) { - for (i = 0; i < sk_SSL_CIPHER_num(cipher_list_tls13); i++) { - cipher = sk_SSL_CIPHER_value(cipher_list_tls13, i); - if (!sk_SSL_CIPHER_push(cipherstack, cipher)) { - SSLerrorx(ERR_R_MALLOC_FAILURE); - goto err; - } - } - tls13_seen = 1; - } - - /* - * The cipher selection for the list is done. The ciphers are added - * to the resulting precedence to the STACK_OF(SSL_CIPHER). - * - * If the rule string did not contain any references to TLSv1.3 and - * TLSv1.3 cipher suites have not been configured separately, - * include inactive TLSv1.3 cipher suites. This avoids attempts to - * use TLSv1.3 with an older rule string that does not include - * TLSv1.3 cipher suites. If the rule string resulted in no active - * cipher suites then we return an empty stack. - */ - any_active = 0; - for (curr = head; curr != NULL; curr = curr->next) { - if (curr->active || - (!tls13_seen && curr->cipher->algorithm_ssl == SSL_TLSV1_3)) { - if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { - SSLerrorx(ERR_R_MALLOC_FAILURE); - goto err; - } - } - any_active |= curr->active; - } - if (!any_active) - sk_SSL_CIPHER_zero(cipherstack); - - sk_SSL_CIPHER_free(*cipher_list); - *cipher_list = cipherstack; - cipherstack = NULL; - - ret = *cipher_list; - - err: - sk_SSL_CIPHER_free(cipherstack); - free((void *)ca_list); - free(co_list); - - return ret; -} - -char * -SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) -{ - unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl; - const char *ver, *kx, *au, *enc, *mac; - char *ret; - int l; - - alg_mkey = cipher->algorithm_mkey; - alg_auth = cipher->algorithm_auth; - alg_enc = cipher->algorithm_enc; - alg_mac = cipher->algorithm_mac; - alg_ssl = cipher->algorithm_ssl; - - if (alg_ssl & SSL_SSLV3) - ver = "SSLv3"; - else if (alg_ssl & SSL_TLSV1_2) - ver = "TLSv1.2"; - else if (alg_ssl & SSL_TLSV1_3) - ver = "TLSv1.3"; - else - ver = "unknown"; - - switch (alg_mkey) { - case SSL_kRSA: - kx = "RSA"; - break; - case SSL_kDHE: - kx = "DH"; - break; - case SSL_kECDHE: - kx = "ECDH"; - break; - case SSL_kTLS1_3: - kx = "TLSv1.3"; - break; - default: - kx = "unknown"; - } - - switch (alg_auth) { - case SSL_aRSA: - au = "RSA"; - break; - case SSL_aNULL: - au = "None"; - break; - case SSL_aECDSA: - au = "ECDSA"; - break; - case SSL_aTLS1_3: - au = "TLSv1.3"; - break; - default: - au = "unknown"; - break; - } - - switch (alg_enc) { - case SSL_3DES: - enc = "3DES(168)"; - break; - case SSL_RC4: - enc = "RC4(128)"; - break; - case SSL_eNULL: - enc = "None"; - break; - case SSL_AES128: - enc = "AES(128)"; - break; - case SSL_AES256: - enc = "AES(256)"; - break; - case SSL_AES128GCM: - enc = "AESGCM(128)"; - break; - case SSL_AES256GCM: - enc = "AESGCM(256)"; - break; - case SSL_CAMELLIA128: - enc = "Camellia(128)"; - break; - case SSL_CAMELLIA256: - enc = "Camellia(256)"; - break; - case SSL_CHACHA20POLY1305: - enc = "ChaCha20-Poly1305"; - break; - default: - enc = "unknown"; - break; - } - - switch (alg_mac) { - case SSL_MD5: - mac = "MD5"; - break; - case SSL_SHA1: - mac = "SHA1"; - break; - case SSL_SHA256: - mac = "SHA256"; - break; - case SSL_SHA384: - mac = "SHA384"; - break; - case SSL_AEAD: - mac = "AEAD"; - break; - default: - mac = "unknown"; - break; - } - - if (asprintf(&ret, "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n", - cipher->name, ver, kx, au, enc, mac) == -1) - return "OPENSSL_malloc Error"; - - if (buf != NULL) { - l = strlcpy(buf, ret, len); - free(ret); - ret = buf; - if (l >= len) - ret = "Buffer too small"; - } - - return (ret); -} -LSSL_ALIAS(SSL_CIPHER_description); - -const char * -SSL_CIPHER_get_version(const SSL_CIPHER *cipher) -{ - if (cipher == NULL) - return "(NONE)"; - - return "TLSv1/SSLv3"; -} -LSSL_ALIAS(SSL_CIPHER_get_version); - -/* return the actual cipher being used */ -const char * -SSL_CIPHER_get_name(const SSL_CIPHER *cipher) -{ - if (cipher == NULL) - return "(NONE)"; - - return cipher->name; -} -LSSL_ALIAS(SSL_CIPHER_get_name); - -/* number of bits for symmetric cipher */ -int -SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) -{ - int ret = 0; - - if (c != NULL) { - if (alg_bits != NULL) - *alg_bits = c->alg_bits; - ret = c->strength_bits; - } - return (ret); -} -LSSL_ALIAS(SSL_CIPHER_get_bits); - -unsigned long -SSL_CIPHER_get_id(const SSL_CIPHER *cipher) -{ - return SSL3_CK_ID | cipher->value; -} -LSSL_ALIAS(SSL_CIPHER_get_id); - -uint16_t -SSL_CIPHER_get_value(const SSL_CIPHER *cipher) -{ - return cipher->value; -} -LSSL_ALIAS(SSL_CIPHER_get_value); - -const SSL_CIPHER * -SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr) -{ - uint16_t cipher_value; - CBS cbs; - - /* This API is documented with ptr being an array of length two. */ - CBS_init(&cbs, ptr, 2); - if (!CBS_get_u16(&cbs, &cipher_value)) - return NULL; - - return ssl3_get_cipher_by_value(cipher_value); -} -LSSL_ALIAS(SSL_CIPHER_find); - -int -SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c) -{ - switch (c->algorithm_enc) { - case SSL_eNULL: - return NID_undef; - case SSL_3DES: - return NID_des_ede3_cbc; - case SSL_AES128: - return NID_aes_128_cbc; - case SSL_AES128GCM: - return NID_aes_128_gcm; - case SSL_AES256: - return NID_aes_256_cbc; - case SSL_AES256GCM: - return NID_aes_256_gcm; - case SSL_CAMELLIA128: - return NID_camellia_128_cbc; - case SSL_CAMELLIA256: - return NID_camellia_256_cbc; - case SSL_CHACHA20POLY1305: - return NID_chacha20_poly1305; - case SSL_RC4: - return NID_rc4; - default: - return NID_undef; - } -} -LSSL_ALIAS(SSL_CIPHER_get_cipher_nid); - -int -SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c) -{ - switch (c->algorithm_mac) { - case SSL_AEAD: - return NID_undef; - case SSL_MD5: - return NID_md5; - case SSL_SHA1: - return NID_sha1; - case SSL_SHA256: - return NID_sha256; - case SSL_SHA384: - return NID_sha384; - default: - return NID_undef; - } -} -LSSL_ALIAS(SSL_CIPHER_get_digest_nid); - -int -SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c) -{ - switch (c->algorithm_mkey) { - case SSL_kDHE: - return NID_kx_dhe; - case SSL_kECDHE: - return NID_kx_ecdhe; - case SSL_kRSA: - return NID_kx_rsa; - default: - return NID_undef; - } -} -LSSL_ALIAS(SSL_CIPHER_get_kx_nid); - -int -SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c) -{ - switch (c->algorithm_auth) { - case SSL_aNULL: - return NID_auth_null; - case SSL_aECDSA: - return NID_auth_ecdsa; - case SSL_aRSA: - return NID_auth_rsa; - default: - return NID_undef; - } -} -LSSL_ALIAS(SSL_CIPHER_get_auth_nid); - -const EVP_MD * -SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c) -{ - switch (c->algorithm2 & SSL_HANDSHAKE_MAC_MASK) { - case SSL_HANDSHAKE_MAC_SHA256: - return EVP_sha256(); - case SSL_HANDSHAKE_MAC_SHA384: - return EVP_sha384(); - default: - return NULL; - } -} -LSSL_ALIAS(SSL_CIPHER_get_handshake_digest); - -int -SSL_CIPHER_is_aead(const SSL_CIPHER *c) -{ - return (c->algorithm_mac & SSL_AEAD) == SSL_AEAD; -} -LSSL_ALIAS(SSL_CIPHER_is_aead); - -void * -SSL_COMP_get_compression_methods(void) -{ - return NULL; -} -LSSL_ALIAS(SSL_COMP_get_compression_methods); - -const char * -SSL_COMP_get_name(const void *comp) -{ - return NULL; -} -LSSL_ALIAS(SSL_COMP_get_name); diff --git a/src/lib/libssl/ssl_ciphers.c b/src/lib/libssl/ssl_ciphers.c deleted file mode 100644 index 503ef9d03c..0000000000 --- a/src/lib/libssl/ssl_ciphers.c +++ /dev/null @@ -1,286 +0,0 @@ -/* $OpenBSD: ssl_ciphers.c,v 1.18 2024/07/22 14:47:15 jsing Exp $ */ -/* - * Copyright (c) 2015-2017 Doug Hogan - * Copyright (c) 2015-2018, 2020 Joel Sing - * Copyright (c) 2019 Theo Buehler - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#include "bytestring.h" -#include "ssl_local.h" - -int -ssl_cipher_in_list(STACK_OF(SSL_CIPHER) *ciphers, const SSL_CIPHER *cipher) -{ - int i; - - for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { - if (sk_SSL_CIPHER_value(ciphers, i)->value == cipher->value) - return 1; - } - - return 0; -} - -int -ssl_cipher_allowed_in_tls_version_range(const SSL_CIPHER *cipher, uint16_t min_ver, - uint16_t max_ver) -{ - switch(cipher->algorithm_ssl) { - case SSL_SSLV3: - return (min_ver <= TLS1_2_VERSION); - case SSL_TLSV1_2: - return (min_ver <= TLS1_2_VERSION && TLS1_2_VERSION <= max_ver); - case SSL_TLSV1_3: - return (min_ver <= TLS1_3_VERSION && TLS1_3_VERSION <= max_ver); - } - return 0; -} - -int -ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb) -{ - SSL_CIPHER *cipher; - int num_ciphers = 0; - uint16_t min_vers, max_vers; - int i; - - if (ciphers == NULL) - return 0; - - if (!ssl_supported_tls_version_range(s, &min_vers, &max_vers)) - return 0; - - for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { - if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL) - return 0; - if (!ssl_cipher_allowed_in_tls_version_range(cipher, min_vers, - max_vers)) - continue; - if (!ssl_security_cipher_check(s, cipher)) - continue; - if (!CBB_add_u16(cbb, cipher->value)) - return 0; - - num_ciphers++; - } - - /* Add SCSV if there are other ciphers and we're not renegotiating. */ - if (num_ciphers > 0 && !s->renegotiate) { - if (!CBB_add_u16(cbb, SSL3_CK_SCSV & SSL3_CK_VALUE_MASK)) - return 0; - } - - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -STACK_OF(SSL_CIPHER) * -ssl_bytes_to_cipher_list(SSL *s, CBS *cbs) -{ - STACK_OF(SSL_CIPHER) *ciphers = NULL; - const SSL_CIPHER *cipher; - uint16_t cipher_value; - unsigned long cipher_id; - - s->s3->send_connection_binding = 0; - - if ((ciphers = sk_SSL_CIPHER_new_null()) == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - - while (CBS_len(cbs) > 0) { - if (!CBS_get_u16(cbs, &cipher_value)) { - SSLerror(s, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); - goto err; - } - - cipher_id = SSL3_CK_ID | cipher_value; - - if (cipher_id == SSL3_CK_SCSV) { - /* - * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is fatal if - * renegotiating. - */ - if (s->renegotiate) { - SSLerror(s, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_HANDSHAKE_FAILURE); - - goto err; - } - s->s3->send_connection_binding = 1; - continue; - } - - if (cipher_id == SSL3_CK_FALLBACK_SCSV) { - /* - * TLS_FALLBACK_SCSV indicates that the client - * previously tried a higher protocol version. - * Fail if the current version is an unexpected - * downgrade. - */ - if (s->s3->hs.negotiated_tls_version < - s->s3->hs.our_max_tls_version) { - SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK); - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_INAPPROPRIATE_FALLBACK); - goto err; - } - continue; - } - - if ((cipher = ssl3_get_cipher_by_value(cipher_value)) != NULL) { - if (!sk_SSL_CIPHER_push(ciphers, cipher)) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - } - } - - return (ciphers); - - err: - sk_SSL_CIPHER_free(ciphers); - - return (NULL); -} - -struct ssl_tls13_ciphersuite { - const char *name; - const char *alias; - uint16_t value; -}; - -static const struct ssl_tls13_ciphersuite ssl_tls13_ciphersuites[] = { - { - .name = TLS1_3_RFC_AES_128_GCM_SHA256, - .alias = TLS1_3_TXT_AES_128_GCM_SHA256, - .value = 0x1301, - }, - { - .name = TLS1_3_RFC_AES_256_GCM_SHA384, - .alias = TLS1_3_TXT_AES_256_GCM_SHA384, - .value = 0x1302, - }, - { - .name = TLS1_3_RFC_CHACHA20_POLY1305_SHA256, - .alias = TLS1_3_TXT_CHACHA20_POLY1305_SHA256, - .value = 0x1303, - }, - { - .name = TLS1_3_RFC_AES_128_CCM_SHA256, - .alias = TLS1_3_TXT_AES_128_CCM_SHA256, - .value = 0x1304, - }, - { - .name = TLS1_3_RFC_AES_128_CCM_8_SHA256, - .alias = TLS1_3_TXT_AES_128_CCM_8_SHA256, - .value = 0x1305, - }, - { - .name = NULL, - }, -}; - -int -ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str) -{ - const struct ssl_tls13_ciphersuite *ciphersuite; - STACK_OF(SSL_CIPHER) *ciphers; - const SSL_CIPHER *cipher; - char *s = NULL; - char *p, *q; - int i; - int ret = 0; - - if ((ciphers = sk_SSL_CIPHER_new_null()) == NULL) - goto err; - - /* An empty string is valid and means no ciphers. */ - if (strcmp(str, "") == 0) - goto done; - - if ((s = strdup(str)) == NULL) - goto err; - - q = s; - while ((p = strsep(&q, ":")) != NULL) { - ciphersuite = &ssl_tls13_ciphersuites[0]; - for (i = 0; ciphersuite->name != NULL; i++) { - if (strcmp(p, ciphersuite->name) == 0) - break; - if (strcmp(p, ciphersuite->alias) == 0) - break; - ciphersuite = &ssl_tls13_ciphersuites[i]; - } - if (ciphersuite->name == NULL) - goto err; - - /* We know about the cipher suite, but it is not supported. */ - if ((cipher = ssl3_get_cipher_by_value(ciphersuite->value)) == NULL) - continue; - - if (!sk_SSL_CIPHER_push(ciphers, cipher)) - goto err; - } - - done: - sk_SSL_CIPHER_free(*out_ciphers); - *out_ciphers = ciphers; - ciphers = NULL; - ret = 1; - - err: - sk_SSL_CIPHER_free(ciphers); - free(s); - - return ret; -} - -int -ssl_merge_cipherlists(STACK_OF(SSL_CIPHER) *cipherlist, - STACK_OF(SSL_CIPHER) *cipherlist_tls13, - STACK_OF(SSL_CIPHER) **out_cipherlist) -{ - STACK_OF(SSL_CIPHER) *ciphers = NULL; - const SSL_CIPHER *cipher; - int i, ret = 0; - - if ((ciphers = sk_SSL_CIPHER_dup(cipherlist_tls13)) == NULL) - goto err; - for (i = 0; i < sk_SSL_CIPHER_num(cipherlist); i++) { - cipher = sk_SSL_CIPHER_value(cipherlist, i); - if (cipher->algorithm_ssl == SSL_TLSV1_3) - continue; - if (!sk_SSL_CIPHER_push(ciphers, cipher)) - goto err; - } - - sk_SSL_CIPHER_free(*out_cipherlist); - *out_cipherlist = ciphers; - ciphers = NULL; - - ret = 1; - - err: - sk_SSL_CIPHER_free(ciphers); - - return ret; -} diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c deleted file mode 100644 index 0d3dcf78af..0000000000 --- a/src/lib/libssl/ssl_clnt.c +++ /dev/null @@ -1,2456 +0,0 @@ -/* $OpenBSD: ssl_clnt.c,v 1.169 2025/03/09 15:53:36 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * ECC cipher suite support in OpenSSL originally written by - * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. - * - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -#include "bytestring.h" -#include "dtls_local.h" -#include "ssl_local.h" -#include "ssl_sigalgs.h" -#include "ssl_tlsext.h" - -static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b); - -static int ssl3_send_client_hello(SSL *s); -static int ssl3_get_dtls_hello_verify(SSL *s); -static int ssl3_get_server_hello(SSL *s); -static int ssl3_get_certificate_request(SSL *s); -static int ssl3_get_new_session_ticket(SSL *s); -static int ssl3_get_cert_status(SSL *s); -static int ssl3_get_server_done(SSL *s); -static int ssl3_send_client_verify(SSL *s); -static int ssl3_send_client_certificate(SSL *s); -static int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey); -static int ssl3_send_client_key_exchange(SSL *s); -static int ssl3_get_server_key_exchange(SSL *s); -static int ssl3_get_server_certificate(SSL *s); -static int ssl3_check_cert_and_algorithm(SSL *s); -static int ssl3_check_finished(SSL *s); -static int ssl3_send_client_change_cipher_spec(SSL *s); -static int ssl3_send_client_finished(SSL *s); -static int ssl3_get_server_finished(SSL *s); - -int -ssl3_connect(SSL *s) -{ - int new_state, state, skip = 0; - int ret = -1; - - ERR_clear_error(); - errno = 0; - - s->in_handshake++; - if (!SSL_in_init(s) || SSL_in_before(s)) - SSL_clear(s); - - for (;;) { - state = s->s3->hs.state; - - switch (s->s3->hs.state) { - case SSL_ST_RENEGOTIATE: - s->renegotiate = 1; - s->s3->hs.state = SSL_ST_CONNECT; - s->ctx->stats.sess_connect_renegotiate++; - /* break */ - case SSL_ST_BEFORE: - case SSL_ST_CONNECT: - case SSL_ST_BEFORE|SSL_ST_CONNECT: - case SSL_ST_OK|SSL_ST_CONNECT: - - s->server = 0; - - ssl_info_callback(s, SSL_CB_HANDSHAKE_START, 1); - - if (!ssl_legacy_stack_version(s, s->version)) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - ret = -1; - goto end; - } - - if (!ssl_supported_tls_version_range(s, - &s->s3->hs.our_min_tls_version, - &s->s3->hs.our_max_tls_version)) { - SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); - ret = -1; - goto end; - } - - if (!ssl_security_version(s, - s->s3->hs.our_min_tls_version)) { - SSLerror(s, SSL_R_VERSION_TOO_LOW); - ret = -1; - goto end; - } - - if (!ssl3_setup_init_buffer(s)) { - ret = -1; - goto end; - } - if (!ssl3_setup_buffers(s)) { - ret = -1; - goto end; - } - if (!ssl_init_wbio_buffer(s, 0)) { - ret = -1; - goto end; - } - - /* don't push the buffering BIO quite yet */ - - if (!tls1_transcript_init(s)) { - ret = -1; - goto end; - } - - s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_A; - s->ctx->stats.sess_connect++; - s->init_num = 0; - - if (SSL_is_dtls(s)) { - /* mark client_random uninitialized */ - memset(s->s3->client_random, 0, - sizeof(s->s3->client_random)); - s->d1->send_cookie = 0; - s->hit = 0; - } - break; - - case SSL3_ST_CW_CLNT_HELLO_A: - case SSL3_ST_CW_CLNT_HELLO_B: - s->shutdown = 0; - - if (SSL_is_dtls(s)) { - /* every DTLS ClientHello resets Finished MAC */ - tls1_transcript_reset(s); - - dtls1_start_timer(s); - } - - ret = ssl3_send_client_hello(s); - if (ret <= 0) - goto end; - - if (SSL_is_dtls(s) && s->d1->send_cookie) { - s->s3->hs.state = SSL3_ST_CW_FLUSH; - s->s3->hs.tls12.next_state = SSL3_ST_CR_SRVR_HELLO_A; - } else - s->s3->hs.state = SSL3_ST_CR_SRVR_HELLO_A; - - s->init_num = 0; - - /* turn on buffering for the next lot of output */ - if (s->bbio != s->wbio) - s->wbio = BIO_push(s->bbio, s->wbio); - - break; - - case SSL3_ST_CR_SRVR_HELLO_A: - case SSL3_ST_CR_SRVR_HELLO_B: - ret = ssl3_get_server_hello(s); - if (ret <= 0) - goto end; - - if (s->hit) { - s->s3->hs.state = SSL3_ST_CR_FINISHED_A; - if (!SSL_is_dtls(s)) { - if (s->tlsext_ticket_expected) { - /* receive renewed session ticket */ - s->s3->hs.state = SSL3_ST_CR_SESSION_TICKET_A; - } - - /* No client certificate verification. */ - tls1_transcript_free(s); - } - } else if (SSL_is_dtls(s)) { - s->s3->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; - } else { - s->s3->hs.state = SSL3_ST_CR_CERT_A; - } - s->init_num = 0; - break; - - case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: - case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: - ret = ssl3_get_dtls_hello_verify(s); - if (ret <= 0) - goto end; - dtls1_stop_timer(s); - if (s->d1->send_cookie) /* start again, with a cookie */ - s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_A; - else - s->s3->hs.state = SSL3_ST_CR_CERT_A; - s->init_num = 0; - break; - - case SSL3_ST_CR_CERT_A: - case SSL3_ST_CR_CERT_B: - ret = ssl3_check_finished(s); - if (ret <= 0) - goto end; - if (ret == 2) { - s->hit = 1; - if (s->tlsext_ticket_expected) - s->s3->hs.state = SSL3_ST_CR_SESSION_TICKET_A; - else - s->s3->hs.state = SSL3_ST_CR_FINISHED_A; - s->init_num = 0; - break; - } - /* Check if it is anon DH/ECDH. */ - if (!(s->s3->hs.cipher->algorithm_auth & - SSL_aNULL)) { - ret = ssl3_get_server_certificate(s); - if (ret <= 0) - goto end; - if (s->tlsext_status_expected) - s->s3->hs.state = SSL3_ST_CR_CERT_STATUS_A; - else - s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A; - } else { - skip = 1; - s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A; - } - s->init_num = 0; - break; - - case SSL3_ST_CR_KEY_EXCH_A: - case SSL3_ST_CR_KEY_EXCH_B: - ret = ssl3_get_server_key_exchange(s); - if (ret <= 0) - goto end; - s->s3->hs.state = SSL3_ST_CR_CERT_REQ_A; - s->init_num = 0; - - /* - * At this point we check that we have the - * required stuff from the server. - */ - if (!ssl3_check_cert_and_algorithm(s)) { - ret = -1; - goto end; - } - break; - - case SSL3_ST_CR_CERT_REQ_A: - case SSL3_ST_CR_CERT_REQ_B: - ret = ssl3_get_certificate_request(s); - if (ret <= 0) - goto end; - s->s3->hs.state = SSL3_ST_CR_SRVR_DONE_A; - s->init_num = 0; - break; - - case SSL3_ST_CR_SRVR_DONE_A: - case SSL3_ST_CR_SRVR_DONE_B: - ret = ssl3_get_server_done(s); - if (ret <= 0) - goto end; - if (SSL_is_dtls(s)) - dtls1_stop_timer(s); - if (s->s3->hs.tls12.cert_request) - s->s3->hs.state = SSL3_ST_CW_CERT_A; - else - s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_A; - s->init_num = 0; - - break; - - case SSL3_ST_CW_CERT_A: - case SSL3_ST_CW_CERT_B: - case SSL3_ST_CW_CERT_C: - case SSL3_ST_CW_CERT_D: - if (SSL_is_dtls(s)) - dtls1_start_timer(s); - ret = ssl3_send_client_certificate(s); - if (ret <= 0) - goto end; - s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_A; - s->init_num = 0; - break; - - case SSL3_ST_CW_KEY_EXCH_A: - case SSL3_ST_CW_KEY_EXCH_B: - if (SSL_is_dtls(s)) - dtls1_start_timer(s); - ret = ssl3_send_client_key_exchange(s); - if (ret <= 0) - goto end; - /* - * EAY EAY EAY need to check for DH fix cert - * sent back - */ - /* - * For TLS, cert_req is set to 2, so a cert chain - * of nothing is sent, but no verify packet is sent - */ - /* - * XXX: For now, we do not support client - * authentication in ECDH cipher suites with - * ECDH (rather than ECDSA) certificates. - * We need to skip the certificate verify - * message when client's ECDH public key is sent - * inside the client certificate. - */ - if (s->s3->hs.tls12.cert_request == 1) { - s->s3->hs.state = SSL3_ST_CW_CERT_VRFY_A; - } else { - s->s3->hs.state = SSL3_ST_CW_CHANGE_A; - s->s3->change_cipher_spec = 0; - } - - s->init_num = 0; - break; - - case SSL3_ST_CW_CERT_VRFY_A: - case SSL3_ST_CW_CERT_VRFY_B: - if (SSL_is_dtls(s)) - dtls1_start_timer(s); - ret = ssl3_send_client_verify(s); - if (ret <= 0) - goto end; - s->s3->hs.state = SSL3_ST_CW_CHANGE_A; - s->init_num = 0; - s->s3->change_cipher_spec = 0; - break; - - case SSL3_ST_CW_CHANGE_A: - case SSL3_ST_CW_CHANGE_B: - if (SSL_is_dtls(s) && !s->hit) - dtls1_start_timer(s); - ret = ssl3_send_client_change_cipher_spec(s); - if (ret <= 0) - goto end; - - s->s3->hs.state = SSL3_ST_CW_FINISHED_A; - s->init_num = 0; - s->session->cipher_value = s->s3->hs.cipher->value; - - if (!tls1_setup_key_block(s)) { - ret = -1; - goto end; - } - if (!tls1_change_write_cipher_state(s)) { - ret = -1; - goto end; - } - break; - - case SSL3_ST_CW_FINISHED_A: - case SSL3_ST_CW_FINISHED_B: - if (SSL_is_dtls(s) && !s->hit) - dtls1_start_timer(s); - ret = ssl3_send_client_finished(s); - if (ret <= 0) - goto end; - if (!SSL_is_dtls(s)) - s->s3->flags |= SSL3_FLAGS_CCS_OK; - s->s3->hs.state = SSL3_ST_CW_FLUSH; - - /* clear flags */ - if (s->hit) { - s->s3->hs.tls12.next_state = SSL_ST_OK; - } else { - /* Allow NewSessionTicket if ticket expected */ - if (s->tlsext_ticket_expected) - s->s3->hs.tls12.next_state = - SSL3_ST_CR_SESSION_TICKET_A; - else - s->s3->hs.tls12.next_state = - SSL3_ST_CR_FINISHED_A; - } - s->init_num = 0; - break; - - case SSL3_ST_CR_SESSION_TICKET_A: - case SSL3_ST_CR_SESSION_TICKET_B: - ret = ssl3_get_new_session_ticket(s); - if (ret <= 0) - goto end; - s->s3->hs.state = SSL3_ST_CR_FINISHED_A; - s->init_num = 0; - break; - - case SSL3_ST_CR_CERT_STATUS_A: - case SSL3_ST_CR_CERT_STATUS_B: - ret = ssl3_get_cert_status(s); - if (ret <= 0) - goto end; - s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A; - s->init_num = 0; - break; - - case SSL3_ST_CR_FINISHED_A: - case SSL3_ST_CR_FINISHED_B: - if (SSL_is_dtls(s)) - s->d1->change_cipher_spec_ok = 1; - else - s->s3->flags |= SSL3_FLAGS_CCS_OK; - ret = ssl3_get_server_finished(s); - if (ret <= 0) - goto end; - if (SSL_is_dtls(s)) - dtls1_stop_timer(s); - - if (s->hit) - s->s3->hs.state = SSL3_ST_CW_CHANGE_A; - else - s->s3->hs.state = SSL_ST_OK; - s->init_num = 0; - break; - - case SSL3_ST_CW_FLUSH: - s->rwstate = SSL_WRITING; - if (BIO_flush(s->wbio) <= 0) { - if (SSL_is_dtls(s)) { - /* If the write error was fatal, stop trying */ - if (!BIO_should_retry(s->wbio)) { - s->rwstate = SSL_NOTHING; - s->s3->hs.state = s->s3->hs.tls12.next_state; - } - } - ret = -1; - goto end; - } - s->rwstate = SSL_NOTHING; - s->s3->hs.state = s->s3->hs.tls12.next_state; - break; - - case SSL_ST_OK: - /* clean a few things up */ - tls1_cleanup_key_block(s); - - if (s->s3->handshake_transcript != NULL) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - ret = -1; - goto end; - } - - if (!SSL_is_dtls(s)) - ssl3_release_init_buffer(s); - - ssl_free_wbio_buffer(s); - - s->init_num = 0; - s->renegotiate = 0; - s->new_session = 0; - - ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); - if (s->hit) - s->ctx->stats.sess_hit++; - - ret = 1; - /* s->server=0; */ - s->handshake_func = ssl3_connect; - s->ctx->stats.sess_connect_good++; - - ssl_info_callback(s, SSL_CB_HANDSHAKE_DONE, 1); - - if (SSL_is_dtls(s)) { - /* done with handshaking */ - s->d1->handshake_read_seq = 0; - s->d1->next_handshake_write_seq = 0; - } - - goto end; - /* break; */ - - default: - SSLerror(s, SSL_R_UNKNOWN_STATE); - ret = -1; - goto end; - /* break; */ - } - - /* did we do anything */ - if (!s->s3->hs.tls12.reuse_message && !skip) { - if (s->s3->hs.state != state) { - new_state = s->s3->hs.state; - s->s3->hs.state = state; - ssl_info_callback(s, SSL_CB_CONNECT_LOOP, 1); - s->s3->hs.state = new_state; - } - } - skip = 0; - } - - end: - s->in_handshake--; - ssl_info_callback(s, SSL_CB_CONNECT_EXIT, ret); - - return (ret); -} - -static int -ssl3_send_client_hello(SSL *s) -{ - CBB cbb, client_hello, session_id, cookie, cipher_suites; - CBB compression_methods; - uint16_t max_version; - size_t sl; - - memset(&cbb, 0, sizeof(cbb)); - - if (s->s3->hs.state == SSL3_ST_CW_CLNT_HELLO_A) { - SSL_SESSION *sess = s->session; - - if (!ssl_max_supported_version(s, &max_version)) { - SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); - return (-1); - } - s->version = max_version; - - if (sess == NULL || sess->ssl_version != s->version || - (sess->session_id_length == 0 && sess->tlsext_tick == NULL) || - sess->not_resumable) { - if (!ssl_get_new_session(s, 0)) - goto err; - } - /* else use the pre-loaded session */ - - /* - * If a DTLS ClientHello message is being resent after a - * HelloVerifyRequest, we must retain the original client - * random value. - */ - if (!SSL_is_dtls(s) || s->d1->send_cookie == 0) - arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); - - if (!ssl3_handshake_msg_start(s, &cbb, &client_hello, - SSL3_MT_CLIENT_HELLO)) - goto err; - - if (!CBB_add_u16(&client_hello, s->version)) - goto err; - - /* Random stuff */ - if (!CBB_add_bytes(&client_hello, s->s3->client_random, - sizeof(s->s3->client_random))) - goto err; - - /* Session ID */ - if (!CBB_add_u8_length_prefixed(&client_hello, &session_id)) - goto err; - if (!s->new_session && - s->session->session_id_length > 0) { - sl = s->session->session_id_length; - if (sl > sizeof(s->session->session_id)) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - if (!CBB_add_bytes(&session_id, - s->session->session_id, sl)) - goto err; - } - - /* DTLS Cookie. */ - if (SSL_is_dtls(s)) { - if (s->d1->cookie_len > sizeof(s->d1->cookie)) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - if (!CBB_add_u8_length_prefixed(&client_hello, &cookie)) - goto err; - if (!CBB_add_bytes(&cookie, s->d1->cookie, - s->d1->cookie_len)) - goto err; - } - - /* Ciphers supported */ - if (!CBB_add_u16_length_prefixed(&client_hello, &cipher_suites)) - return 0; - if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), - &cipher_suites)) { - SSLerror(s, SSL_R_NO_CIPHERS_AVAILABLE); - goto err; - } - - /* Add in compression methods (null) */ - if (!CBB_add_u8_length_prefixed(&client_hello, - &compression_methods)) - goto err; - if (!CBB_add_u8(&compression_methods, 0)) - goto err; - - /* TLS extensions */ - if (!tlsext_client_build(s, SSL_TLSEXT_MSG_CH, &client_hello)) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - - if (!ssl3_handshake_msg_finish(s, &cbb)) - goto err; - - s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_B; - } - - /* SSL3_ST_CW_CLNT_HELLO_B */ - return (ssl3_handshake_write(s)); - - err: - CBB_cleanup(&cbb); - - return (-1); -} - -static int -ssl3_get_dtls_hello_verify(SSL *s) -{ - CBS hello_verify_request, cookie; - size_t cookie_len; - uint16_t ssl_version; - int al, ret; - - if ((ret = ssl3_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, - DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->max_cert_list)) <= 0) - return ret; - - if (s->s3->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { - s->d1->send_cookie = 0; - s->s3->hs.tls12.reuse_message = 1; - return (1); - } - - if (s->init_num < 0) - goto decode_err; - - CBS_init(&hello_verify_request, s->init_msg, - s->init_num); - - if (!CBS_get_u16(&hello_verify_request, &ssl_version)) - goto decode_err; - if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie)) - goto decode_err; - if (CBS_len(&hello_verify_request) != 0) - goto decode_err; - - /* - * Per RFC 6347 section 4.2.1, the HelloVerifyRequest should always - * contain DTLSv1.0 the version that is going to be negotiated. - * Tolerate DTLSv1.2 just in case. - */ - if (ssl_version != DTLS1_VERSION && ssl_version != DTLS1_2_VERSION) { - SSLerror(s, SSL_R_WRONG_SSL_VERSION); - s->version = (s->version & 0xff00) | (ssl_version & 0xff); - al = SSL_AD_PROTOCOL_VERSION; - goto fatal_err; - } - - if (!CBS_write_bytes(&cookie, s->d1->cookie, - sizeof(s->d1->cookie), &cookie_len)) { - s->d1->cookie_len = 0; - al = SSL_AD_ILLEGAL_PARAMETER; - goto fatal_err; - } - s->d1->cookie_len = cookie_len; - s->d1->send_cookie = 1; - - return 1; - - decode_err: - al = SSL_AD_DECODE_ERROR; - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - return -1; -} - -static int -ssl3_get_server_hello(SSL *s) -{ - CBS cbs, server_random, session_id; - uint16_t server_version, cipher_suite; - uint8_t compression_method; - const SSL_CIPHER *cipher; - const SSL_METHOD *method; - int al, ret; - - s->first_packet = 1; - if ((ret = ssl3_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, - SSL3_ST_CR_SRVR_HELLO_B, -1, 20000 /* ?? */)) <= 0) - return ret; - s->first_packet = 0; - - if (s->init_num < 0) - goto decode_err; - - CBS_init(&cbs, s->init_msg, s->init_num); - - if (SSL_is_dtls(s)) { - if (s->s3->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { - if (s->d1->send_cookie == 0) { - s->s3->hs.tls12.reuse_message = 1; - return (1); - } else { - /* Already sent a cookie. */ - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); - goto fatal_err; - } - } - } - - if (s->s3->hs.tls12.message_type != SSL3_MT_SERVER_HELLO) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); - goto fatal_err; - } - - if (!CBS_get_u16(&cbs, &server_version)) - goto decode_err; - - if (!ssl_check_version_from_server(s, server_version)) { - SSLerror(s, SSL_R_WRONG_SSL_VERSION); - s->version = (s->version & 0xff00) | (server_version & 0xff); - al = SSL_AD_PROTOCOL_VERSION; - goto fatal_err; - } - s->s3->hs.peer_legacy_version = server_version; - s->version = server_version; - - s->s3->hs.negotiated_tls_version = ssl_tls_version(server_version); - if (s->s3->hs.negotiated_tls_version == 0) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - - if ((method = ssl_get_method(server_version)) == NULL) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - s->method = method; - - /* Server random. */ - if (!CBS_get_bytes(&cbs, &server_random, SSL3_RANDOM_SIZE)) - goto decode_err; - if (!CBS_write_bytes(&server_random, s->s3->server_random, - sizeof(s->s3->server_random), NULL)) - goto err; - - if (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION && - s->s3->hs.negotiated_tls_version < s->s3->hs.our_max_tls_version) { - /* - * RFC 8446 section 4.1.3. We must not downgrade if the server - * random value contains the TLS 1.2 or TLS 1.1 magical value. - */ - if (!CBS_skip(&server_random, - CBS_len(&server_random) - sizeof(tls13_downgrade_12))) - goto err; - if (s->s3->hs.negotiated_tls_version == TLS1_2_VERSION && - CBS_mem_equal(&server_random, tls13_downgrade_12, - sizeof(tls13_downgrade_12))) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK); - goto fatal_err; - } - if (CBS_mem_equal(&server_random, tls13_downgrade_11, - sizeof(tls13_downgrade_11))) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK); - goto fatal_err; - } - } - - /* Session ID. */ - if (!CBS_get_u8_length_prefixed(&cbs, &session_id)) - goto decode_err; - - if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG); - goto fatal_err; - } - - /* Cipher suite. */ - if (!CBS_get_u16(&cbs, &cipher_suite)) - goto decode_err; - - /* - * Check if we want to resume the session based on external - * pre-shared secret. - */ - if (s->tls_session_secret_cb != NULL) { - const SSL_CIPHER *pref_cipher = NULL; - int master_key_length = sizeof(s->session->master_key); - - if (!s->tls_session_secret_cb(s, - s->session->master_key, &master_key_length, NULL, - &pref_cipher, s->tls_session_secret_cb_arg)) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - if (master_key_length <= 0) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - s->session->master_key_length = master_key_length; - - /* - * XXX - this appears to be completely broken. The - * client cannot change the cipher at this stage, - * as the server has already made a selection. - */ - if ((s->s3->hs.cipher = pref_cipher) == NULL) - s->s3->hs.cipher = - ssl3_get_cipher_by_value(cipher_suite); - s->s3->flags |= SSL3_FLAGS_CCS_OK; - } - - if (s->session->session_id_length != 0 && - CBS_mem_equal(&session_id, s->session->session_id, - s->session->session_id_length)) { - if (s->sid_ctx_length != s->session->sid_ctx_length || - timingsafe_memcmp(s->session->sid_ctx, - s->sid_ctx, s->sid_ctx_length) != 0) { - /* actually a client application bug */ - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); - goto fatal_err; - } - s->s3->flags |= SSL3_FLAGS_CCS_OK; - s->hit = 1; - } else { - /* a miss or crap from the other end */ - - /* If we were trying for session-id reuse, make a new - * SSL_SESSION so we don't stuff up other people */ - s->hit = 0; - if (s->session->session_id_length > 0) { - if (!ssl_get_new_session(s, 0)) { - al = SSL_AD_INTERNAL_ERROR; - goto fatal_err; - } - } - - /* - * XXX - improve the handling for the case where there is a - * zero length session identifier. - */ - if (!CBS_write_bytes(&session_id, s->session->session_id, - sizeof(s->session->session_id), - &s->session->session_id_length)) - goto err; - - s->session->ssl_version = s->version; - } - - if ((cipher = ssl3_get_cipher_by_value(cipher_suite)) == NULL) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL_R_UNKNOWN_CIPHER_RETURNED); - goto fatal_err; - } - - /* TLS v1.2 only ciphersuites require v1.2 or later. */ - if ((cipher->algorithm_ssl & SSL_TLSV1_2) && - s->s3->hs.negotiated_tls_version < TLS1_2_VERSION) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED); - goto fatal_err; - } - - if (!ssl_cipher_in_list(SSL_get_ciphers(s), cipher)) { - /* we did not say we would use this cipher */ - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED); - goto fatal_err; - } - - /* - * Depending on the session caching (internal/external), the cipher - * and/or cipher_id values may not be set. Make sure that - * cipher_id is set and use it for comparison. - */ - if (s->hit && (s->session->cipher_value != cipher->value)) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); - goto fatal_err; - } - s->s3->hs.cipher = cipher; - s->session->cipher_value = cipher->value; - - if (!tls1_transcript_hash_init(s)) - goto err; - - /* - * Don't digest cached records if no sigalgs: we may need them for - * client authentication. - */ - if (!SSL_USE_SIGALGS(s)) - tls1_transcript_free(s); - - if (!CBS_get_u8(&cbs, &compression_method)) - goto decode_err; - - if (compression_method != 0) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); - goto fatal_err; - } - - if (!tlsext_client_parse(s, SSL_TLSEXT_MSG_SH, &cbs, &al)) { - SSLerror(s, SSL_R_PARSE_TLSEXT); - goto fatal_err; - } - - if (CBS_len(&cbs) != 0) - goto decode_err; - - /* - * Determine if we need to see RI. Strictly speaking if we want to - * avoid an attack we should *always* see RI even on initial server - * hello because the client doesn't see any renegotiation during an - * attack. However this would mean we could not connect to any server - * which doesn't support RI so for the immediate future tolerate RI - * absence on initial connect only. - */ - if (!s->s3->renegotiate_seen && - !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - goto fatal_err; - } - - if (ssl_check_serverhello_tlsext(s) <= 0) { - SSLerror(s, SSL_R_SERVERHELLO_TLSEXT); - goto err; - } - - return (1); - - decode_err: - /* wrong packet length */ - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - err: - return (-1); -} - -static int -ssl3_get_server_certificate(SSL *s) -{ - CBS cbs, cert_list, cert_data; - STACK_OF(X509) *certs = NULL; - X509 *cert = NULL; - const uint8_t *p; - int al, ret; - - if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A, - SSL3_ST_CR_CERT_B, -1, s->max_cert_list)) <= 0) - return ret; - - ret = -1; - - if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { - s->s3->hs.tls12.reuse_message = 1; - return (1); - } - - if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); - goto fatal_err; - } - - if ((certs = sk_X509_new_null()) == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (s->init_num < 0) - goto decode_err; - - CBS_init(&cbs, s->init_msg, s->init_num); - - if (!CBS_get_u24_length_prefixed(&cbs, &cert_list)) - goto decode_err; - if (CBS_len(&cbs) != 0) - goto decode_err; - - while (CBS_len(&cert_list) > 0) { - if (!CBS_get_u24_length_prefixed(&cert_list, &cert_data)) - goto decode_err; - p = CBS_data(&cert_data); - if ((cert = d2i_X509(NULL, &p, CBS_len(&cert_data))) == NULL) { - al = SSL_AD_BAD_CERTIFICATE; - SSLerror(s, ERR_R_ASN1_LIB); - goto fatal_err; - } - if (p != CBS_data(&cert_data) + CBS_len(&cert_data)) - goto decode_err; - if (!sk_X509_push(certs, cert)) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - cert = NULL; - } - - /* A server must always provide a non-empty certificate list. */ - if (sk_X509_num(certs) < 1) { - SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); - goto decode_err; - } - - if (ssl_verify_cert_chain(s, certs) <= 0 && - s->verify_mode != SSL_VERIFY_NONE) { - al = ssl_verify_alarm_type(s->verify_result); - SSLerror(s, SSL_R_CERTIFICATE_VERIFY_FAILED); - goto fatal_err; - } - s->session->verify_result = s->verify_result; - ERR_clear_error(); - - if (!tls_process_peer_certs(s, certs)) - goto err; - - ret = 1; - - if (0) { - decode_err: - /* wrong packet length */ - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - } - err: - sk_X509_pop_free(certs, X509_free); - X509_free(cert); - - return (ret); -} - -static int -ssl3_get_server_kex_dhe(SSL *s, CBS *cbs) -{ - int decode_error, invalid_params, invalid_key; - int nid = NID_dhKeyAgreement; - - tls_key_share_free(s->s3->hs.key_share); - if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL) - goto err; - - if (!tls_key_share_peer_params(s->s3->hs.key_share, cbs, - &decode_error, &invalid_params)) { - if (decode_error) { - SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - } - goto err; - } - if (!tls_key_share_peer_public(s->s3->hs.key_share, cbs, - &decode_error, &invalid_key)) { - if (decode_error) { - SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - } - goto err; - } - - if (invalid_params) { - SSLerror(s, SSL_R_BAD_DH_P_LENGTH); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); - goto err; - } - if (invalid_key) { - SSLerror(s, SSL_R_BAD_DH_PUB_KEY_LENGTH); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); - goto err; - } - - if (!tls_key_share_peer_security(s, s->s3->hs.key_share)) { - SSLerror(s, SSL_R_DH_KEY_TOO_SMALL); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - return 0; - } - - return 1; - - err: - return 0; -} - -static int -ssl3_get_server_kex_ecdhe(SSL *s, CBS *cbs) -{ - uint8_t curve_type; - uint16_t group_id; - int decode_error; - CBS public; - - if (!CBS_get_u8(cbs, &curve_type)) - goto decode_err; - if (!CBS_get_u16(cbs, &group_id)) - goto decode_err; - - /* Only named curves are supported. */ - if (curve_type != NAMED_CURVE_TYPE) { - SSLerror(s, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - goto err; - } - - if (!CBS_get_u8_length_prefixed(cbs, &public)) - goto decode_err; - - /* - * Check that the group is one of our preferences - if it is not, - * the server has sent us an invalid group. - */ - if (!tls1_check_group(s, group_id)) { - SSLerror(s, SSL_R_WRONG_CURVE); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); - goto err; - } - - tls_key_share_free(s->s3->hs.key_share); - if ((s->s3->hs.key_share = tls_key_share_new(group_id)) == NULL) - goto err; - - if (!tls_key_share_peer_public(s->s3->hs.key_share, &public, - &decode_error, NULL)) { - if (decode_error) - goto decode_err; - goto err; - } - - return 1; - - decode_err: - SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - err: - return 0; -} - -static int -ssl3_get_server_key_exchange(SSL *s) -{ - CBB cbb; - CBS cbs, params, signature; - EVP_MD_CTX *md_ctx; - unsigned char *signed_params = NULL; - size_t signed_params_len; - size_t params_len; - long alg_k, alg_a; - int al, ret; - - memset(&cbb, 0, sizeof(cbb)); - - alg_k = s->s3->hs.cipher->algorithm_mkey; - alg_a = s->s3->hs.cipher->algorithm_auth; - - /* - * Use same message size as in ssl3_get_certificate_request() - * as ServerKeyExchange message may be skipped. - */ - if ((ret = ssl3_get_message(s, SSL3_ST_CR_KEY_EXCH_A, - SSL3_ST_CR_KEY_EXCH_B, -1, s->max_cert_list)) <= 0) - return ret; - - if ((md_ctx = EVP_MD_CTX_new()) == NULL) - goto err; - - if (s->init_num < 0) - goto err; - - CBS_init(&cbs, s->init_msg, s->init_num); - - if (s->s3->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { - /* - * Do not skip server key exchange if this cipher suite uses - * ephemeral keys. - */ - if (alg_k & (SSL_kDHE|SSL_kECDHE)) { - SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); - al = SSL_AD_UNEXPECTED_MESSAGE; - goto fatal_err; - } - - s->s3->hs.tls12.reuse_message = 1; - EVP_MD_CTX_free(md_ctx); - return (1); - } - - if (!CBB_init(&cbb, 0)) - goto err; - if (!CBB_add_bytes(&cbb, s->s3->client_random, SSL3_RANDOM_SIZE)) - goto err; - if (!CBB_add_bytes(&cbb, s->s3->server_random, SSL3_RANDOM_SIZE)) - goto err; - - CBS_dup(&cbs, ¶ms); - - if (alg_k & SSL_kDHE) { - if (!ssl3_get_server_kex_dhe(s, &cbs)) - goto err; - } else if (alg_k & SSL_kECDHE) { - if (!ssl3_get_server_kex_ecdhe(s, &cbs)) - goto err; - } else if (alg_k != 0) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); - goto fatal_err; - } - - if ((params_len = CBS_offset(&cbs)) > CBS_len(¶ms)) - goto err; - if (!CBB_add_bytes(&cbb, CBS_data(¶ms), params_len)) - goto err; - if (!CBB_finish(&cbb, &signed_params, &signed_params_len)) - goto err; - - /* if it was signed, check the signature */ - if ((alg_a & SSL_aNULL) == 0) { - uint16_t sigalg_value = SIGALG_NONE; - const struct ssl_sigalg *sigalg; - EVP_PKEY_CTX *pctx; - EVP_PKEY *pkey = NULL; - - if ((alg_a & SSL_aRSA) != 0 && - s->session->peer_cert_type == SSL_PKEY_RSA) { - pkey = X509_get0_pubkey(s->session->peer_cert); - } else if ((alg_a & SSL_aECDSA) != 0 && - s->session->peer_cert_type == SSL_PKEY_ECC) { - pkey = X509_get0_pubkey(s->session->peer_cert); - } - if (pkey == NULL) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE); - goto fatal_err; - } - - if (SSL_USE_SIGALGS(s)) { - if (!CBS_get_u16(&cbs, &sigalg_value)) - goto decode_err; - } - if (!CBS_get_u16_length_prefixed(&cbs, &signature)) - goto decode_err; - if (CBS_len(&signature) > EVP_PKEY_size(pkey)) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_WRONG_SIGNATURE_LENGTH); - goto fatal_err; - } - - if ((sigalg = ssl_sigalg_for_peer(s, pkey, - sigalg_value)) == NULL) { - al = SSL_AD_DECODE_ERROR; - goto fatal_err; - } - s->s3->hs.peer_sigalg = sigalg; - - if (!EVP_DigestVerifyInit(md_ctx, &pctx, sigalg->md(), - NULL, pkey)) - goto err; - if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) && - (!EVP_PKEY_CTX_set_rsa_padding(pctx, - RSA_PKCS1_PSS_PADDING) || - !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) - goto err; - if (EVP_DigestVerify(md_ctx, CBS_data(&signature), - CBS_len(&signature), signed_params, signed_params_len) <= 0) { - al = SSL_AD_DECRYPT_ERROR; - SSLerror(s, SSL_R_BAD_SIGNATURE); - goto fatal_err; - } - } - - if (CBS_len(&cbs) != 0) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE); - goto fatal_err; - } - - EVP_MD_CTX_free(md_ctx); - free(signed_params); - - return (1); - - decode_err: - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - - err: - CBB_cleanup(&cbb); - EVP_MD_CTX_free(md_ctx); - free(signed_params); - - return (-1); -} - -static int -ssl3_get_certificate_request(SSL *s) -{ - CBS cert_request, cert_types, rdn_list; - X509_NAME *xn = NULL; - const unsigned char *q; - STACK_OF(X509_NAME) *ca_sk = NULL; - int ret; - - if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_REQ_A, - SSL3_ST_CR_CERT_REQ_B, -1, s->max_cert_list)) <= 0) - return ret; - - ret = 0; - - s->s3->hs.tls12.cert_request = 0; - - if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_DONE) { - s->s3->hs.tls12.reuse_message = 1; - /* - * If we get here we don't need any cached handshake records - * as we wont be doing client auth. - */ - tls1_transcript_free(s); - return (1); - } - - if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_REQUEST) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); - SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE); - goto err; - } - - /* TLS does not like anon-DH with client cert */ - if (s->s3->hs.cipher->algorithm_auth & SSL_aNULL) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); - SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); - goto err; - } - - if (s->init_num < 0) - goto decode_err; - CBS_init(&cert_request, s->init_msg, s->init_num); - - if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!CBS_get_u8_length_prefixed(&cert_request, &cert_types)) - goto decode_err; - - if (SSL_USE_SIGALGS(s)) { - CBS sigalgs; - - if (CBS_len(&cert_request) < 2) { - SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - if (!CBS_get_u16_length_prefixed(&cert_request, &sigalgs)) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); - goto err; - } - if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs, - &s->s3->hs.sigalgs_len)) - goto err; - } - - /* get the CA RDNs */ - if (CBS_len(&cert_request) < 2) { - SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - - if (!CBS_get_u16_length_prefixed(&cert_request, &rdn_list) || - CBS_len(&cert_request) != 0) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerror(s, SSL_R_LENGTH_MISMATCH); - goto err; - } - - while (CBS_len(&rdn_list) > 0) { - CBS rdn; - - if (CBS_len(&rdn_list) < 2) { - SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - - if (!CBS_get_u16_length_prefixed(&rdn_list, &rdn)) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerror(s, SSL_R_CA_DN_TOO_LONG); - goto err; - } - - q = CBS_data(&rdn); - if ((xn = d2i_X509_NAME(NULL, &q, CBS_len(&rdn))) == NULL) { - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_DECODE_ERROR); - SSLerror(s, ERR_R_ASN1_LIB); - goto err; - } - - if (q != CBS_data(&rdn) + CBS_len(&rdn)) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerror(s, SSL_R_CA_DN_LENGTH_MISMATCH); - goto err; - } - if (!sk_X509_NAME_push(ca_sk, xn)) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - xn = NULL; /* avoid free in err block */ - } - - /* we should setup a certificate to return.... */ - s->s3->hs.tls12.cert_request = 1; - sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free); - s->s3->hs.tls12.ca_names = ca_sk; - ca_sk = NULL; - - ret = 1; - if (0) { - decode_err: - SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - } - err: - X509_NAME_free(xn); - sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); - return (ret); -} - -static int -ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b) -{ - return (X509_NAME_cmp(*a, *b)); -} - -static int -ssl3_get_new_session_ticket(SSL *s) -{ - uint32_t lifetime_hint; - CBS cbs, session_ticket; - unsigned int session_id_length = 0; - int al, ret; - - if ((ret = ssl3_get_message(s, SSL3_ST_CR_SESSION_TICKET_A, - SSL3_ST_CR_SESSION_TICKET_B, -1, 16384)) <= 0) - return ret; - - if (s->s3->hs.tls12.message_type == SSL3_MT_FINISHED) { - s->s3->hs.tls12.reuse_message = 1; - return (1); - } - if (s->s3->hs.tls12.message_type != SSL3_MT_NEWSESSION_TICKET) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); - goto fatal_err; - } - - if (s->init_num < 0) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_LENGTH_MISMATCH); - goto fatal_err; - } - - CBS_init(&cbs, s->init_msg, s->init_num); - if (!CBS_get_u32(&cbs, &lifetime_hint) || - !CBS_get_u16_length_prefixed(&cbs, &session_ticket) || - CBS_len(&cbs) != 0) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_LENGTH_MISMATCH); - goto fatal_err; - } - s->session->tlsext_tick_lifetime_hint = lifetime_hint; - - if (!CBS_stow(&session_ticket, &s->session->tlsext_tick, - &s->session->tlsext_ticklen)) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - - /* - * There are two ways to detect a resumed ticket session. - * One is to set an appropriate session ID and then the server - * must return a match in ServerHello. This allows the normal - * client session ID matching to work and we know much - * earlier that the ticket has been accepted. - * - * The other way is to set zero length session ID when the - * ticket is presented and rely on the handshake to determine - * session resumption. - * - * We choose the former approach because this fits in with - * assumptions elsewhere in OpenSSL. The session ID is set - * to the SHA256 hash of the ticket. - */ - /* XXX - ensure this doesn't overflow session_id if hash is changed. */ - if (!EVP_Digest(CBS_data(&session_ticket), CBS_len(&session_ticket), - s->session->session_id, &session_id_length, EVP_sha256(), NULL)) { - al = SSL_AD_INTERNAL_ERROR; - SSLerror(s, ERR_R_EVP_LIB); - goto fatal_err; - } - s->session->session_id_length = session_id_length; - - return (1); - - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - err: - return (-1); -} - -static int -ssl3_get_cert_status(SSL *s) -{ - CBS cert_status, response; - uint8_t status_type; - int al, ret; - - if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_STATUS_A, - SSL3_ST_CR_CERT_STATUS_B, -1, 16384)) <= 0) - return ret; - - if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { - /* - * Tell the callback the server did not send us an OSCP - * response, and has decided to head directly to key exchange. - */ - if (s->ctx->tlsext_status_cb) { - free(s->tlsext_ocsp_resp); - s->tlsext_ocsp_resp = NULL; - s->tlsext_ocsp_resp_len = 0; - - ret = s->ctx->tlsext_status_cb(s, - s->ctx->tlsext_status_arg); - if (ret == 0) { - al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; - SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE); - goto fatal_err; - } - if (ret < 0) { - al = SSL_AD_INTERNAL_ERROR; - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto fatal_err; - } - } - s->s3->hs.tls12.reuse_message = 1; - return (1); - } - - if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE && - s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_STATUS) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); - goto fatal_err; - } - - if (s->init_num < 0) { - /* need at least status type + length */ - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_LENGTH_MISMATCH); - goto fatal_err; - } - - CBS_init(&cert_status, s->init_msg, s->init_num); - if (!CBS_get_u8(&cert_status, &status_type) || - CBS_len(&cert_status) < 3) { - /* need at least status type + length */ - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_LENGTH_MISMATCH); - goto fatal_err; - } - - if (status_type != TLSEXT_STATUSTYPE_ocsp) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_UNSUPPORTED_STATUS_TYPE); - goto fatal_err; - } - - if (!CBS_get_u24_length_prefixed(&cert_status, &response) || - CBS_len(&cert_status) != 0) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_LENGTH_MISMATCH); - goto fatal_err; - } - - if (!CBS_stow(&response, &s->tlsext_ocsp_resp, - &s->tlsext_ocsp_resp_len)) { - al = SSL_AD_INTERNAL_ERROR; - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto fatal_err; - } - - if (s->ctx->tlsext_status_cb) { - ret = s->ctx->tlsext_status_cb(s, - s->ctx->tlsext_status_arg); - if (ret == 0) { - al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; - SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE); - goto fatal_err; - } - if (ret < 0) { - al = SSL_AD_INTERNAL_ERROR; - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto fatal_err; - } - } - return (1); - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - return (-1); -} - -static int -ssl3_get_server_done(SSL *s) -{ - int ret; - - if ((ret = ssl3_get_message(s, SSL3_ST_CR_SRVR_DONE_A, - SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE, - 30 /* should be very small, like 0 :-) */)) <= 0) - return ret; - - if (s->init_num != 0) { - /* should contain no data */ - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerror(s, SSL_R_LENGTH_MISMATCH); - return -1; - } - - return 1; -} - -static int -ssl3_send_client_kex_rsa(SSL *s, CBB *cbb) -{ - unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH]; - unsigned char *enc_pms = NULL; - uint16_t max_legacy_version; - EVP_PKEY *pkey; - RSA *rsa; - int ret = 0; - int enc_len; - CBB epms; - - /* - * RSA-Encrypted Premaster Secret Message - RFC 5246 section 7.4.7.1. - */ - - pkey = X509_get0_pubkey(s->session->peer_cert); - if (pkey == NULL || (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - - /* - * Our maximum legacy protocol version - while RFC 5246 section 7.4.7.1 - * says "The latest (newest) version supported by the client", if we're - * doing RSA key exchange then we have to presume that we're talking to - * a server that does not understand the supported versions extension - * and therefore our maximum version is that sent in the ClientHello. - */ - if (!ssl_max_legacy_version(s, &max_legacy_version)) - goto err; - pms[0] = max_legacy_version >> 8; - pms[1] = max_legacy_version & 0xff; - arc4random_buf(&pms[2], sizeof(pms) - 2); - - if ((enc_pms = malloc(RSA_size(rsa))) == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - - enc_len = RSA_public_encrypt(sizeof(pms), pms, enc_pms, rsa, - RSA_PKCS1_PADDING); - if (enc_len <= 0) { - SSLerror(s, SSL_R_BAD_RSA_ENCRYPT); - goto err; - } - - if (!CBB_add_u16_length_prefixed(cbb, &epms)) - goto err; - if (!CBB_add_bytes(&epms, enc_pms, enc_len)) - goto err; - if (!CBB_flush(cbb)) - goto err; - - if (!tls12_derive_master_secret(s, pms, sizeof(pms))) - goto err; - - ret = 1; - - err: - explicit_bzero(pms, sizeof(pms)); - free(enc_pms); - - return ret; -} - -static int -ssl3_send_client_kex_dhe(SSL *s, CBB *cbb) -{ - uint8_t *key = NULL; - size_t key_len = 0; - int ret = 0; - - /* Ensure that we have an ephemeral key from the server for DHE. */ - if (s->s3->hs.key_share == NULL) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - SSLerror(s, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); - goto err; - } - - if (!tls_key_share_generate(s->s3->hs.key_share)) - goto err; - if (!tls_key_share_public(s->s3->hs.key_share, cbb)) - goto err; - if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len)) - goto err; - - if (!tls_key_share_peer_security(s, s->s3->hs.key_share)) { - SSLerror(s, SSL_R_DH_KEY_TOO_SMALL); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - return 0; - } - - if (!tls12_derive_master_secret(s, key, key_len)) - goto err; - - ret = 1; - - err: - freezero(key, key_len); - - return ret; -} - -static int -ssl3_send_client_kex_ecdhe(SSL *s, CBB *cbb) -{ - uint8_t *key = NULL; - size_t key_len = 0; - CBB public; - int ret = 0; - - /* Ensure that we have an ephemeral key for ECDHE. */ - if (s->s3->hs.key_share == NULL) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - - if (!tls_key_share_generate(s->s3->hs.key_share)) - goto err; - - if (!CBB_add_u8_length_prefixed(cbb, &public)) - return 0; - if (!tls_key_share_public(s->s3->hs.key_share, &public)) - goto err; - if (!CBB_flush(cbb)) - goto err; - - if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len)) - goto err; - - if (!tls12_derive_master_secret(s, key, key_len)) - goto err; - - ret = 1; - - err: - freezero(key, key_len); - - return ret; -} - -static int -ssl3_send_client_key_exchange(SSL *s) -{ - unsigned long alg_k; - CBB cbb, kex; - - memset(&cbb, 0, sizeof(cbb)); - - if (s->s3->hs.state == SSL3_ST_CW_KEY_EXCH_A) { - alg_k = s->s3->hs.cipher->algorithm_mkey; - - if (!ssl3_handshake_msg_start(s, &cbb, &kex, - SSL3_MT_CLIENT_KEY_EXCHANGE)) - goto err; - - if (alg_k & SSL_kRSA) { - if (!ssl3_send_client_kex_rsa(s, &kex)) - goto err; - } else if (alg_k & SSL_kDHE) { - if (!ssl3_send_client_kex_dhe(s, &kex)) - goto err; - } else if (alg_k & SSL_kECDHE) { - if (!ssl3_send_client_kex_ecdhe(s, &kex)) - goto err; - } else { - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_HANDSHAKE_FAILURE); - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - - if (!ssl3_handshake_msg_finish(s, &cbb)) - goto err; - - s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_B; - } - - /* SSL3_ST_CW_KEY_EXCH_B */ - return (ssl3_handshake_write(s)); - - err: - CBB_cleanup(&cbb); - - return (-1); -} - -static int -ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey, - const struct ssl_sigalg *sigalg, CBB *cert_verify) -{ - CBB cbb_signature; - EVP_PKEY_CTX *pctx = NULL; - EVP_MD_CTX *mctx = NULL; - const unsigned char *hdata; - unsigned char *signature = NULL; - size_t signature_len, hdata_len; - int ret = 0; - - if ((mctx = EVP_MD_CTX_new()) == NULL) - goto err; - - if (!tls1_transcript_data(s, &hdata, &hdata_len)) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - if (!EVP_DigestSignInit(mctx, &pctx, sigalg->md(), NULL, pkey)) { - SSLerror(s, ERR_R_EVP_LIB); - goto err; - } - if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) && - (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) || - !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) { - SSLerror(s, ERR_R_EVP_LIB); - goto err; - } - if (!EVP_DigestSign(mctx, NULL, &signature_len, hdata, hdata_len)) { - SSLerror(s, ERR_R_EVP_LIB); - goto err; - } - if ((signature = calloc(1, signature_len)) == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!EVP_DigestSign(mctx, signature, &signature_len, hdata, hdata_len)) { - SSLerror(s, ERR_R_EVP_LIB); - goto err; - } - - if (!CBB_add_u16(cert_verify, sigalg->value)) - goto err; - if (!CBB_add_u16_length_prefixed(cert_verify, &cbb_signature)) - goto err; - if (!CBB_add_bytes(&cbb_signature, signature, signature_len)) - goto err; - if (!CBB_flush(cert_verify)) - goto err; - - ret = 1; - - err: - EVP_MD_CTX_free(mctx); - free(signature); - return ret; -} - -static int -ssl3_send_client_verify_rsa(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) -{ - CBB cbb_signature; - RSA *rsa; - unsigned char data[EVP_MAX_MD_SIZE]; - unsigned char *signature = NULL; - unsigned int signature_len; - size_t data_len; - int ret = 0; - - if (!tls1_transcript_hash_value(s, data, sizeof(data), &data_len)) - goto err; - if ((signature = calloc(1, EVP_PKEY_size(pkey))) == NULL) - goto err; - if ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) - goto err; - if (RSA_sign(NID_md5_sha1, data, data_len, signature, &signature_len, - rsa) <= 0 ) { - SSLerror(s, ERR_R_RSA_LIB); - goto err; - } - - if (!CBB_add_u16_length_prefixed(cert_verify, &cbb_signature)) - goto err; - if (!CBB_add_bytes(&cbb_signature, signature, signature_len)) - goto err; - if (!CBB_flush(cert_verify)) - goto err; - - ret = 1; - err: - free(signature); - return ret; -} - -static int -ssl3_send_client_verify_ec(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) -{ - CBB cbb_signature; - EC_KEY *eckey; - unsigned char data[EVP_MAX_MD_SIZE]; - unsigned char *signature = NULL; - unsigned int signature_len; - int ret = 0; - - if (!tls1_transcript_hash_value(s, data, sizeof(data), NULL)) - goto err; - if ((signature = calloc(1, EVP_PKEY_size(pkey))) == NULL) - goto err; - if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) - goto err; - if (!ECDSA_sign(0, &data[MD5_DIGEST_LENGTH], SHA_DIGEST_LENGTH, - signature, &signature_len, eckey)) { - SSLerror(s, ERR_R_ECDSA_LIB); - goto err; - } - - if (!CBB_add_u16_length_prefixed(cert_verify, &cbb_signature)) - goto err; - if (!CBB_add_bytes(&cbb_signature, signature, signature_len)) - goto err; - if (!CBB_flush(cert_verify)) - goto err; - - ret = 1; - err: - free(signature); - return ret; -} - -static int -ssl3_send_client_verify(SSL *s) -{ - const struct ssl_sigalg *sigalg; - CBB cbb, cert_verify; - EVP_PKEY *pkey; - - memset(&cbb, 0, sizeof(cbb)); - - if (s->s3->hs.state == SSL3_ST_CW_CERT_VRFY_A) { - if (!ssl3_handshake_msg_start(s, &cbb, &cert_verify, - SSL3_MT_CERTIFICATE_VERIFY)) - goto err; - - pkey = s->cert->key->privatekey; - if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) { - SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); - goto err; - } - s->s3->hs.our_sigalg = sigalg; - - /* - * For TLS v1.2 send signature algorithm and signature using - * agreed digest and cached handshake records. - */ - if (SSL_USE_SIGALGS(s)) { - if (!ssl3_send_client_verify_sigalgs(s, pkey, sigalg, - &cert_verify)) - goto err; - } else if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) { - if (!ssl3_send_client_verify_rsa(s, pkey, &cert_verify)) - goto err; - } else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { - if (!ssl3_send_client_verify_ec(s, pkey, &cert_verify)) - goto err; - } else { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - - tls1_transcript_free(s); - - if (!ssl3_handshake_msg_finish(s, &cbb)) - goto err; - - s->s3->hs.state = SSL3_ST_CW_CERT_VRFY_B; - } - - return (ssl3_handshake_write(s)); - - err: - CBB_cleanup(&cbb); - - return (-1); -} - -static int -ssl3_send_client_certificate(SSL *s) -{ - EVP_PKEY *pkey = NULL; - X509 *x509 = NULL; - CBB cbb, client_cert; - int i; - - memset(&cbb, 0, sizeof(cbb)); - - if (s->s3->hs.state == SSL3_ST_CW_CERT_A) { - if (s->cert->key->x509 == NULL || - s->cert->key->privatekey == NULL) - s->s3->hs.state = SSL3_ST_CW_CERT_B; - else - s->s3->hs.state = SSL3_ST_CW_CERT_C; - } - - /* We need to get a client cert */ - if (s->s3->hs.state == SSL3_ST_CW_CERT_B) { - /* - * If we get an error, we need to - * ssl->rwstate = SSL_X509_LOOKUP; return(-1); - * We then get retried later. - */ - i = ssl_do_client_cert_cb(s, &x509, &pkey); - if (i < 0) { - s->rwstate = SSL_X509_LOOKUP; - return (-1); - } - s->rwstate = SSL_NOTHING; - if ((i == 1) && (pkey != NULL) && (x509 != NULL)) { - s->s3->hs.state = SSL3_ST_CW_CERT_B; - if (!SSL_use_certificate(s, x509) || - !SSL_use_PrivateKey(s, pkey)) - i = 0; - } else if (i == 1) { - i = 0; - SSLerror(s, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); - } - - X509_free(x509); - EVP_PKEY_free(pkey); - if (i == 0) { - s->s3->hs.tls12.cert_request = 2; - - /* There is no client certificate to verify. */ - tls1_transcript_free(s); - } - - /* Ok, we have a cert */ - s->s3->hs.state = SSL3_ST_CW_CERT_C; - } - - if (s->s3->hs.state == SSL3_ST_CW_CERT_C) { - if (!ssl3_handshake_msg_start(s, &cbb, &client_cert, - SSL3_MT_CERTIFICATE)) - goto err; - if (!ssl3_output_cert_chain(s, &client_cert, - (s->s3->hs.tls12.cert_request == 2) ? NULL : s->cert->key)) - goto err; - if (!ssl3_handshake_msg_finish(s, &cbb)) - goto err; - - s->s3->hs.state = SSL3_ST_CW_CERT_D; - } - - /* SSL3_ST_CW_CERT_D */ - return (ssl3_handshake_write(s)); - - err: - CBB_cleanup(&cbb); - - return (0); -} - -#define has_bits(i,m) (((i)&(m)) == (m)) - -static int -ssl3_check_cert_and_algorithm(SSL *s) -{ - long alg_k, alg_a; - int nid = NID_undef; - int i; - - alg_k = s->s3->hs.cipher->algorithm_mkey; - alg_a = s->s3->hs.cipher->algorithm_auth; - - /* We don't have a certificate. */ - if (alg_a & SSL_aNULL) - return (1); - - if (s->s3->hs.key_share != NULL) - nid = tls_key_share_nid(s->s3->hs.key_share); - - /* This is the passed certificate. */ - - if (s->session->peer_cert_type == SSL_PKEY_ECC) { - if (!ssl_check_srvr_ecc_cert_and_alg(s, s->session->peer_cert)) { - SSLerror(s, SSL_R_BAD_ECC_CERT); - goto fatal_err; - } - return (1); - } - - i = X509_certificate_type(s->session->peer_cert, NULL); - - /* Check that we have a certificate if we require one. */ - if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) { - SSLerror(s, SSL_R_MISSING_RSA_SIGNING_CERT); - goto fatal_err; - } - if ((alg_k & SSL_kRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) { - SSLerror(s, SSL_R_MISSING_RSA_ENCRYPTING_CERT); - goto fatal_err; - } - if ((alg_k & SSL_kDHE) && - !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (nid == NID_dhKeyAgreement))) { - SSLerror(s, SSL_R_MISSING_DH_KEY); - goto fatal_err; - } - - return (1); - - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - - return (0); -} - -/* - * Check to see if handshake is full or resumed. Usually this is just a - * case of checking to see if a cache hit has occurred. In the case of - * session tickets we have to check the next message to be sure. - */ - -static int -ssl3_check_finished(SSL *s) -{ - int ret; - - /* If we have no ticket it cannot be a resumed session. */ - if (!s->session->tlsext_tick) - return (1); - /* this function is called when we really expect a Certificate - * message, so permit appropriate message length */ - if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A, - SSL3_ST_CR_CERT_B, -1, s->max_cert_list)) <= 0) - return ret; - - s->s3->hs.tls12.reuse_message = 1; - if ((s->s3->hs.tls12.message_type == SSL3_MT_FINISHED) || - (s->s3->hs.tls12.message_type == SSL3_MT_NEWSESSION_TICKET)) - return (2); - - return (1); -} - -static int -ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) -{ - if (s->ctx->client_cert_cb == NULL) - return 0; - - return s->ctx->client_cert_cb(s, px509, ppkey); -} - -static int -ssl3_send_client_change_cipher_spec(SSL *s) -{ - size_t outlen; - CBB cbb; - - memset(&cbb, 0, sizeof(cbb)); - - if (s->s3->hs.state == SSL3_ST_CW_CHANGE_A) { - if (!CBB_init_fixed(&cbb, s->init_buf->data, - s->init_buf->length)) - goto err; - if (!CBB_add_u8(&cbb, SSL3_MT_CCS)) - goto err; - if (!CBB_finish(&cbb, NULL, &outlen)) - goto err; - - if (outlen > INT_MAX) - goto err; - - s->init_num = (int)outlen; - s->init_off = 0; - - if (SSL_is_dtls(s)) { - s->d1->handshake_write_seq = - s->d1->next_handshake_write_seq; - dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, - s->d1->handshake_write_seq, 0, 0); - dtls1_buffer_message(s, 1); - } - - s->s3->hs.state = SSL3_ST_CW_CHANGE_B; - } - - /* SSL3_ST_CW_CHANGE_B */ - return ssl3_record_write(s, SSL3_RT_CHANGE_CIPHER_SPEC); - - err: - CBB_cleanup(&cbb); - - return -1; -} - -static int -ssl3_send_client_finished(SSL *s) -{ - CBB cbb, finished; - - memset(&cbb, 0, sizeof(cbb)); - - if (s->s3->hs.state == SSL3_ST_CW_FINISHED_A) { - if (!tls12_derive_finished(s)) - goto err; - - /* Copy finished so we can use it for renegotiation checks. */ - memcpy(s->s3->previous_client_finished, - s->s3->hs.finished, s->s3->hs.finished_len); - s->s3->previous_client_finished_len = - s->s3->hs.finished_len; - - if (!ssl3_handshake_msg_start(s, &cbb, &finished, - SSL3_MT_FINISHED)) - goto err; - if (!CBB_add_bytes(&finished, s->s3->hs.finished, - s->s3->hs.finished_len)) - goto err; - if (!ssl3_handshake_msg_finish(s, &cbb)) - goto err; - - s->s3->hs.state = SSL3_ST_CW_FINISHED_B; - } - - return (ssl3_handshake_write(s)); - - err: - CBB_cleanup(&cbb); - - return (-1); -} - -static int -ssl3_get_server_finished(SSL *s) -{ - int al, md_len, ret; - CBS cbs; - - /* should actually be 36+4 :-) */ - if ((ret = ssl3_get_message(s, SSL3_ST_CR_FINISHED_A, - SSL3_ST_CR_FINISHED_B, SSL3_MT_FINISHED, 64)) <= 0) - return ret; - - /* If this occurs, we have missed a message */ - if (!s->s3->change_cipher_spec) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_GOT_A_FIN_BEFORE_A_CCS); - goto fatal_err; - } - s->s3->change_cipher_spec = 0; - - md_len = TLS1_FINISH_MAC_LENGTH; - - if (s->init_num < 0) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_BAD_DIGEST_LENGTH); - goto fatal_err; - } - - CBS_init(&cbs, s->init_msg, s->init_num); - - if (s->s3->hs.peer_finished_len != md_len || - CBS_len(&cbs) != md_len) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_BAD_DIGEST_LENGTH); - goto fatal_err; - } - - if (!CBS_mem_equal(&cbs, s->s3->hs.peer_finished, CBS_len(&cbs))) { - al = SSL_AD_DECRYPT_ERROR; - SSLerror(s, SSL_R_DIGEST_CHECK_FAILED); - goto fatal_err; - } - - /* Copy finished so we can use it for renegotiation checks. */ - OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_server_finished, - s->s3->hs.peer_finished, md_len); - s->s3->previous_server_finished_len = md_len; - - return (1); - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - return (0); -} diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c deleted file mode 100644 index eac2d9e61f..0000000000 --- a/src/lib/libssl/ssl_err.c +++ /dev/null @@ -1,676 +0,0 @@ -/* $OpenBSD: ssl_err.c,v 1.53 2024/10/09 08:00:29 tb Exp $ */ -/* ==================================================================== - * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include - -#include -#include -#include - -#include "ssl_local.h" - -#ifndef OPENSSL_NO_ERR - -#define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0) -#define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason) - -/* See SSL_state_func_code below */ -static const ERR_STRING_DATA SSL_str_functs[] = { - {ERR_FUNC(1), "CONNECT_CW_FLUSH"}, - {ERR_FUNC(2), "CONNECT_CW_CLNT_HELLO"}, - {ERR_FUNC(3), "CONNECT_CW_CLNT_HELLO"}, - {ERR_FUNC(4), "CONNECT_CR_SRVR_HELLO"}, - {ERR_FUNC(5), "CONNECT_CR_SRVR_HELLO"}, - {ERR_FUNC(6), "CONNECT_CR_CERT"}, - {ERR_FUNC(7), "CONNECT_CR_CERT"}, - {ERR_FUNC(8), "CONNECT_CR_KEY_EXCH"}, - {ERR_FUNC(9), "CONNECT_CR_KEY_EXCH"}, - {ERR_FUNC(10), "CONNECT_CR_CERT_REQ"}, - {ERR_FUNC(11), "CONNECT_CR_CERT_REQ"}, - {ERR_FUNC(12), "CONNECT_CR_SRVR_DONE"}, - {ERR_FUNC(13), "CONNECT_CR_SRVR_DONE"}, - {ERR_FUNC(14), "CONNECT_CW_CERT"}, - {ERR_FUNC(15), "CONNECT_CW_CERT"}, - {ERR_FUNC(16), "CONNECT_CW_CERT_C"}, - {ERR_FUNC(17), "CONNECT_CW_CERT_D"}, - {ERR_FUNC(18), "CONNECT_CW_KEY_EXCH"}, - {ERR_FUNC(19), "CONNECT_CW_KEY_EXCH"}, - {ERR_FUNC(20), "CONNECT_CW_CERT_VRFY"}, - {ERR_FUNC(21), "CONNECT_CW_CERT_VRFY"}, - {ERR_FUNC(22), "CONNECT_CW_CHANGE"}, - {ERR_FUNC(23), "CONNECT_CW_CHANGE"}, - {ERR_FUNC(26), "CONNECT_CW_FINISHED"}, - {ERR_FUNC(27), "CONNECT_CW_FINISHED"}, - {ERR_FUNC(28), "CONNECT_CR_CHANGE"}, - {ERR_FUNC(29), "CONNECT_CR_CHANGE"}, - {ERR_FUNC(30), "CONNECT_CR_FINISHED"}, - {ERR_FUNC(31), "CONNECT_CR_FINISHED"}, - {ERR_FUNC(32), "CONNECT_CR_SESSION_TICKET"}, - {ERR_FUNC(33), "CONNECT_CR_SESSION_TICKET"}, - {ERR_FUNC(34), "CONNECT_CR_CERT_STATUS"}, - {ERR_FUNC(35), "CONNECT_CR_CERT_STATUS"}, - {ERR_FUNC(36), "ACCEPT_SW_FLUSH"}, - {ERR_FUNC(37), "ACCEPT_SR_CLNT_HELLO"}, - {ERR_FUNC(38), "ACCEPT_SR_CLNT_HELLO"}, - {ERR_FUNC(39), "ACCEPT_SR_CLNT_HELLO_C"}, - {ERR_FUNC(40), "ACCEPT_SW_HELLO_REQ"}, - {ERR_FUNC(41), "ACCEPT_SW_HELLO_REQ"}, - {ERR_FUNC(42), "ACCEPT_SW_HELLO_REQ_C"}, - {ERR_FUNC(43), "ACCEPT_SW_SRVR_HELLO"}, - {ERR_FUNC(44), "ACCEPT_SW_SRVR_HELLO"}, - {ERR_FUNC(45), "ACCEPT_SW_CERT"}, - {ERR_FUNC(46), "ACCEPT_SW_CERT"}, - {ERR_FUNC(47), "ACCEPT_SW_KEY_EXCH"}, - {ERR_FUNC(48), "ACCEPT_SW_KEY_EXCH"}, - {ERR_FUNC(49), "ACCEPT_SW_CERT_REQ"}, - {ERR_FUNC(50), "ACCEPT_SW_CERT_REQ"}, - {ERR_FUNC(51), "ACCEPT_SW_SRVR_DONE"}, - {ERR_FUNC(52), "ACCEPT_SW_SRVR_DONE"}, - {ERR_FUNC(53), "ACCEPT_SR_CERT"}, - {ERR_FUNC(54), "ACCEPT_SR_CERT"}, - {ERR_FUNC(55), "ACCEPT_SR_KEY_EXCH"}, - {ERR_FUNC(56), "ACCEPT_SR_KEY_EXCH"}, - {ERR_FUNC(57), "ACCEPT_SR_CERT_VRFY"}, - {ERR_FUNC(58), "ACCEPT_SR_CERT_VRFY"}, - {ERR_FUNC(59), "ACCEPT_SR_CHANGE"}, - {ERR_FUNC(60), "ACCEPT_SR_CHANGE"}, - {ERR_FUNC(63), "ACCEPT_SR_FINISHED"}, - {ERR_FUNC(64), "ACCEPT_SR_FINISHED"}, - {ERR_FUNC(65), "ACCEPT_SW_CHANGE"}, - {ERR_FUNC(66), "ACCEPT_SW_CHANGE"}, - {ERR_FUNC(67), "ACCEPT_SW_FINISHED"}, - {ERR_FUNC(68), "ACCEPT_SW_FINISHED"}, - {ERR_FUNC(69), "ACCEPT_SW_SESSION_TICKET"}, - {ERR_FUNC(70), "ACCEPT_SW_SESSION_TICKET"}, - {ERR_FUNC(71), "ACCEPT_SW_CERT_STATUS"}, - {ERR_FUNC(72), "ACCEPT_SW_CERT_STATUS"}, - {ERR_FUNC(73), "ST_BEFORE"}, - {ERR_FUNC(74), "ST_ACCEPT"}, - {ERR_FUNC(75), "ST_CONNECT"}, - {ERR_FUNC(76), "ST_OK"}, - {ERR_FUNC(77), "ST_RENEGOTIATE"}, - {ERR_FUNC(78), "ST_BEFORE_CONNECT"}, - {ERR_FUNC(79), "ST_OK_CONNECT"}, - {ERR_FUNC(80), "ST_BEFORE_ACCEPT"}, - {ERR_FUNC(81), "ST_OK_ACCEPT"}, - {ERR_FUNC(83), "DTLS1_ST_CR_HELLO_VERIFY_REQUEST"}, - {ERR_FUNC(84), "DTLS1_ST_CR_HELLO_VERIFY_REQUEST"}, - {ERR_FUNC(85), "DTLS1_ST_SW_HELLO_VERIFY_REQUEST"}, - {ERR_FUNC(86), "DTLS1_ST_SW_HELLO_VERIFY_REQUEST"}, - {ERR_FUNC(0xfff), "(UNKNOWN)SSL_internal"}, - {0, NULL} -}; - -static const ERR_STRING_DATA SSL_str_reasons[] = { - {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) , "app data in handshake"}, - {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT), "attempt to reuse session in different context"}, - {ERR_REASON(SSL_R_BAD_ALERT_RECORD) , "bad alert record"}, - {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE), "bad authentication type"}, - {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC), "bad change cipher spec"}, - {ERR_REASON(SSL_R_BAD_CHECKSUM) , "bad checksum"}, - {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK), "bad data returned by callback"}, - {ERR_REASON(SSL_R_BAD_DECOMPRESSION) , "bad decompression"}, - {ERR_REASON(SSL_R_BAD_DH_G_LENGTH) , "bad dh g length"}, - {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) , "bad dh pub key length"}, - {ERR_REASON(SSL_R_BAD_DH_P_LENGTH) , "bad dh p length"}, - {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) , "bad digest length"}, - {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) , "bad dsa signature"}, - {ERR_REASON(SSL_R_BAD_ECC_CERT) , "bad ecc cert"}, - {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) , "bad ecdsa signature"}, - {ERR_REASON(SSL_R_BAD_ECPOINT) , "bad ecpoint"}, - {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) , "bad handshake length"}, - {ERR_REASON(SSL_R_BAD_HELLO_REQUEST) , "bad hello request"}, - {ERR_REASON(SSL_R_BAD_LENGTH) , "bad length"}, - {ERR_REASON(SSL_R_BAD_MAC_DECODE) , "bad mac decode"}, - {ERR_REASON(SSL_R_BAD_MAC_LENGTH) , "bad mac length"}, - {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) , "bad message type"}, - {ERR_REASON(SSL_R_BAD_PACKET_LENGTH) , "bad packet length"}, - {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER), "bad protocol version number"}, - {ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH), "bad psk identity hint length"}, - {ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) , "bad response argument"}, - {ERR_REASON(SSL_R_BAD_RSA_DECRYPT) , "bad rsa decrypt"}, - {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) , "bad rsa encrypt"}, - {ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) , "bad rsa e length"}, - {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH), "bad rsa modulus length"}, - {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) , "bad rsa signature"}, - {ERR_REASON(SSL_R_BAD_SIGNATURE) , "bad signature"}, - {ERR_REASON(SSL_R_BAD_SRP_A_LENGTH) , "bad srp a length"}, - {ERR_REASON(SSL_R_BAD_SRP_B_LENGTH) , "bad srp b length"}, - {ERR_REASON(SSL_R_BAD_SRP_G_LENGTH) , "bad srp g length"}, - {ERR_REASON(SSL_R_BAD_SRP_N_LENGTH) , "bad srp n length"}, - {ERR_REASON(SSL_R_BAD_SRP_S_LENGTH) , "bad srp s length"}, - {ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE) , "bad srtp mki value"}, - {ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST), "bad srtp protection profile list"}, - {ERR_REASON(SSL_R_BAD_SSL_FILETYPE) , "bad ssl filetype"}, - {ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH), "bad ssl session id length"}, - {ERR_REASON(SSL_R_BAD_STATE) , "bad state"}, - {ERR_REASON(SSL_R_BAD_WRITE_RETRY) , "bad write retry"}, - {ERR_REASON(SSL_R_BIO_NOT_SET) , "bio not set"}, - {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), "block cipher pad is wrong"}, - {ERR_REASON(SSL_R_BN_LIB) , "bn lib"}, - {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) , "ca dn length mismatch"}, - {ERR_REASON(SSL_R_CA_DN_TOO_LONG) , "ca dn too long"}, - {ERR_REASON(SSL_R_CA_KEY_TOO_SMALL) , "ca key too small"}, - {ERR_REASON(SSL_R_CA_MD_TOO_WEAK) , "ca md too weak"}, - {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) , "ccs received early"}, - {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED), "certificate verify failed"}, - {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) , "cert length mismatch"}, - {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT), "challenge is different"}, - {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"}, - {ERR_REASON(SSL_R_CIPHER_COMPRESSION_UNAVAILABLE), "cipher compression unavailable"}, - {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE), "cipher or hash unavailable"}, - {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR), "cipher table src error"}, - {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) , "clienthello tlsext"}, - {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG), "compressed length too long"}, - {ERR_REASON(SSL_R_COMPRESSION_DISABLED) , "compression disabled"}, - {ERR_REASON(SSL_R_COMPRESSION_FAILURE) , "compression failure"}, - {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE), "compression id not within private range"}, - {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR), "compression library error"}, - {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT), "connection id is different"}, - {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"}, - {ERR_REASON(SSL_R_COOKIE_MISMATCH) , "cookie mismatch"}, - {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED), "data between ccs and finished"}, - {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) , "data length too long"}, - {ERR_REASON(SSL_R_DECRYPTION_FAILED) , "decryption failed"}, - {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), "decryption failed or bad record mac"}, - {ERR_REASON(SSL_R_DH_KEY_TOO_SMALL) , "dh key too small"}, - {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), "dh public value length is wrong"}, - {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) , "digest check failed"}, - {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) , "dtls message too big"}, - {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID), "duplicate compression id"}, - {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT), "ecc cert not for key agreement"}, - {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING), "ecc cert not for signing"}, - {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE), "ecc cert should have rsa signature"}, - {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE), "ecc cert should have sha1 signature"}, - {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER), "ecgroup too large for cipher"}, - {ERR_REASON(SSL_R_EE_KEY_TOO_SMALL) , "ee key too small"}, - {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST), "empty srtp protection profile list"}, - {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG), "encrypted length too long"}, - {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY), "error generating tmp rsa key"}, - {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST), "error in received cipher list"}, - {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE), "excessive message size"}, - {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) , "extra data in message"}, - {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS), "got a fin before a ccs"}, - {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS), "got next proto before a ccs"}, - {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION), "got next proto without seeing extension"}, - {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) , "https proxy request"}, - {ERR_REASON(SSL_R_HTTP_REQUEST) , "http request"}, - {ERR_REASON(SSL_R_ILLEGAL_PADDING) , "illegal padding"}, - {ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK), "inappropriate fallback"}, - {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION), "inconsistent compression"}, - {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH), "invalid challenge length"}, - {ERR_REASON(SSL_R_INVALID_COMMAND) , "invalid command"}, - {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM), "invalid compression algorithm"}, - {ERR_REASON(SSL_R_INVALID_PURPOSE) , "invalid purpose"}, - {ERR_REASON(SSL_R_INVALID_SRP_USERNAME) , "invalid srp username"}, - {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE), "invalid status response"}, - {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH), "invalid ticket keys length"}, - {ERR_REASON(SSL_R_INVALID_TRUST) , "invalid trust"}, - {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) , "key arg too long"}, - {ERR_REASON(SSL_R_KRB5) , "krb5"}, - {ERR_REASON(SSL_R_KRB5_C_CC_PRINC) , "krb5 client cc principal (no tkt?)"}, - {ERR_REASON(SSL_R_KRB5_C_GET_CRED) , "krb5 client get cred"}, - {ERR_REASON(SSL_R_KRB5_C_INIT) , "krb5 client init"}, - {ERR_REASON(SSL_R_KRB5_C_MK_REQ) , "krb5 client mk_req (expired tkt?)"}, - {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) , "krb5 server bad ticket"}, - {ERR_REASON(SSL_R_KRB5_S_INIT) , "krb5 server init"}, - {ERR_REASON(SSL_R_KRB5_S_RD_REQ) , "krb5 server rd_req (keytab perms?)"}, - {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) , "krb5 server tkt expired"}, - {ERR_REASON(SSL_R_KRB5_S_TKT_NYV) , "krb5 server tkt not yet valid"}, - {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) , "krb5 server tkt skew"}, - {ERR_REASON(SSL_R_LENGTH_MISMATCH) , "length mismatch"}, - {ERR_REASON(SSL_R_LENGTH_TOO_SHORT) , "length too short"}, - {ERR_REASON(SSL_R_LIBRARY_BUG) , "library bug"}, - {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS), "library has no ciphers"}, - {ERR_REASON(SSL_R_MESSAGE_TOO_LONG) , "message too long"}, - {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) , "missing dh dsa cert"}, - {ERR_REASON(SSL_R_MISSING_DH_KEY) , "missing dh key"}, - {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) , "missing dh rsa cert"}, - {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT), "missing dsa signing cert"}, - {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY), "missing export tmp dh key"}, - {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY), "missing export tmp rsa key"}, - {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"}, - {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT), "missing rsa encrypting cert"}, - {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT), "missing rsa signing cert"}, - {ERR_REASON(SSL_R_MISSING_SRP_PARAM) , "can't find SRP server param"}, - {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) , "missing tmp dh key"}, - {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) , "missing tmp ecdh key"}, - {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) , "missing tmp rsa key"}, - {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) , "missing tmp rsa pkey"}, - {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE), "missing verify message"}, - {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) , "multiple sgc restarts"}, - {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET), "non sslv2 initial packet"}, - {ERR_REASON(SSL_R_NO_APPLICATION_PROTOCOL), "no application protocol"}, - {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"}, - {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED), "no certificate assigned"}, - {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED), "no certificate returned"}, - {ERR_REASON(SSL_R_NO_CERTIFICATE_SET) , "no certificate set"}, - {ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED), "no certificate specified"}, - {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) , "no ciphers available"}, - {ERR_REASON(SSL_R_NO_CIPHERS_PASSED) , "no ciphers passed"}, - {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) , "no ciphers specified"}, - {ERR_REASON(SSL_R_NO_CIPHER_LIST) , "no cipher list"}, - {ERR_REASON(SSL_R_NO_CIPHER_MATCH) , "no cipher match"}, - {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) , "no client cert method"}, - {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED), "no client cert received"}, - {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"}, - {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) , "no method specified"}, - {ERR_REASON(SSL_R_NO_PRIVATEKEY) , "no privatekey"}, - {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"}, - {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE), "no protocols available"}, - {ERR_REASON(SSL_R_NO_PUBLICKEY) , "no publickey"}, - {ERR_REASON(SSL_R_NO_RENEGOTIATION) , "no renegotiation"}, - {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) , "digest requred for handshake isn't computed"}, - {ERR_REASON(SSL_R_NO_SHARED_CIPHER) , "no shared cipher"}, - {ERR_REASON(SSL_R_NO_SRTP_PROFILES) , "no srtp profiles"}, - {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) , "no verify callback"}, - {ERR_REASON(SSL_R_NULL_SSL_CTX) , "null ssl ctx"}, - {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"}, - {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), "old session cipher not returned"}, - {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), "old session compression algorithm not returned"}, - {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE), "only tls allowed in fips mode"}, - {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"}, - {ERR_REASON(SSL_R_PARSE_TLSEXT) , "parse tlsext"}, - {ERR_REASON(SSL_R_PATH_TOO_LONG) , "path too long"}, - {ERR_REASON(SSL_R_PEER_BEHAVING_BADLY) , "peer is doing strange or hostile things"}, - {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE), "peer did not return a certificate"}, - {ERR_REASON(SSL_R_PEER_ERROR) , "peer error"}, - {ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE), "peer error certificate"}, - {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE), "peer error no certificate"}, - {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) , "peer error no cipher"}, - {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE), "peer error unsupported certificate type"}, - {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG), "pre mac length too long"}, - {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS), "problems mapping cipher functions"}, - {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) , "protocol is shutdown"}, - {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND), "psk identity not found"}, - {ERR_REASON(SSL_R_PSK_NO_CLIENT_CB) , "psk no client cb"}, - {ERR_REASON(SSL_R_PSK_NO_SERVER_CB) , "psk no server cb"}, - {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR), "public key encrypt error"}, - {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) , "public key is not rsa"}, - {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) , "public key not rsa"}, - {ERR_REASON(SSL_R_QUIC_INTERNAL_ERROR) , "QUIC: internal error"}, - {ERR_REASON(SSL_R_READ_BIO_NOT_SET) , "read bio not set"}, - {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) , "read timeout expired"}, - {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE), "read wrong packet type"}, - {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH), "record length mismatch"}, - {ERR_REASON(SSL_R_RECORD_TOO_LARGE) , "record too large"}, - {ERR_REASON(SSL_R_RECORD_TOO_SMALL) , "record too small"}, - {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG), "renegotiate ext too long"}, - {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR), "renegotiation encoding err"}, - {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH), "renegotiation mismatch"}, - {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING), "required cipher missing"}, - {ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING), "required compresssion algorithm missing"}, - {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO), "reuse cert length not zero"}, - {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO), "reuse cert type not zero"}, - {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO), "reuse cipher list not zero"}, - {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING), "scsv received when renegotiating"}, - {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) , "serverhello tlsext"}, - {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED), "session id context uninitialized"}, - {ERR_REASON(SSL_R_SHORT_READ) , "short read"}, - {ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR), "signature algorithms error"}, - {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE), "signature for non signing certificate"}, - {ERR_REASON(SSL_R_SRP_A_CALC) , "error with the srp params"}, - {ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES), "srtp could not allocate profiles"}, - {ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG), "srtp protection profile list too long"}, - {ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE), "srtp unknown protection profile"}, - {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE), "ssl23 doing session id reuse"}, - {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG), "ssl2 connection id too long"}, - {ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT), "ssl3 ext invalid ecpointformat"}, - {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME), "ssl3 ext invalid servername"}, - {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE), "ssl3 ext invalid servername type"}, - {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"}, - {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT), "ssl3 session id too short"}, - {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE), "sslv3 alert bad certificate"}, - {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC), "sslv3 alert bad record mac"}, - {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED), "sslv3 alert certificate expired"}, - {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED), "sslv3 alert certificate revoked"}, - {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN), "sslv3 alert certificate unknown"}, - {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE), "sslv3 alert decompression failure"}, - {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE), "sslv3 alert handshake failure"}, - {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER), "sslv3 alert illegal parameter"}, - {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE), "sslv3 alert no certificate"}, - {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE), "sslv3 alert unexpected message"}, - {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE), "sslv3 alert unsupported certificate"}, - {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION), "ssl ctx has no default ssl version"}, - {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) , "ssl handshake failure"}, - {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS), "ssl library has no ciphers"}, - {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED), "ssl session id callback failed"}, - {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT), "ssl session id conflict"}, - {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG), "ssl session id context too long"}, - {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), "ssl session id has bad length"}, - {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT), "ssl session id is different"}, - {ERR_REASON(SSL_R_SSL_SESSION_ID_TOO_LONG), "ssl session id is too long"}, - {ERR_REASON(SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED), "tlsv13 alert certificate required"}, - {ERR_REASON(SSL_R_TLSV13_ALERT_MISSING_EXTENSION), "tlsv13 alert missing extension"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED), "tlsv1 alert access denied"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), "tlsv1 alert decryption failed"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR), "tlsv1 alert decrypt error"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION), "tlsv1 alert export restriction"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK), "tlsv1 alert inappropriate fallback"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY), "tlsv1 alert insufficient security"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR), "tlsv1 alert internal error"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL), "tlsv1 alert no application protocol"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), "tlsv1 alert no renegotiation"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), "tlsv1 alert protocol version"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW), "tlsv1 alert record overflow"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY), "tlsv1 alert unknown psk_identity"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED), "tlsv1 alert user cancelled"}, - {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE), "tlsv1 bad certificate hash value"}, - {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE), "tlsv1 bad certificate status response"}, - {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE), "tlsv1 certificate unobtainable"}, - {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"}, - {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION), "tlsv1 unsupported extension"}, - {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER), "tls client cert req with anon cipher"}, - {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT), "peer does not accept heartbeats"}, - {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) , "heartbeat request already pending"}, - {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL), "tls illegal exporter label"}, - {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST), "tls invalid ecpointformat list"}, - {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST), "tls peer did not respond with certificate list"}, - {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG), "tls rsa encrypted value length is wrong"}, - {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), "unable to decode dh certs"}, - {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS), "unable to decode ecdh certs"}, - {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY), "unable to extract public key"}, - {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS), "unable to find dh parameters"}, - {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS), "unable to find ecdh parameters"}, - {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS), "unable to find public key parameters"}, - {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD), "unable to find ssl method"}, - {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES), "unable to load ssl2 md5 routines"}, - {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES), "unable to load ssl3 md5 routines"}, - {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES), "unable to load ssl3 sha1 routines"}, - {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) , "unexpected message"}, - {ERR_REASON(SSL_R_UNEXPECTED_RECORD) , "unexpected record"}, - {ERR_REASON(SSL_R_UNINITIALIZED) , "uninitialized"}, - {ERR_REASON(SSL_R_UNKNOWN), "unknown failure occurred"}, - {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) , "unknown alert type"}, - {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE), "unknown certificate type"}, - {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED), "unknown cipher returned"}, - {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) , "unknown cipher type"}, - {ERR_REASON(SSL_R_UNKNOWN_DIGEST) , "unknown digest"}, - {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), "unknown key exchange type"}, - {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) , "unknown pkey type"}, - {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) , "unknown protocol"}, - {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE), "unknown remote error type"}, - {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) , "unknown ssl version"}, - {ERR_REASON(SSL_R_UNKNOWN_STATE) , "unknown state"}, - {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED), "unsafe legacy renegotiation disabled"}, - {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) , "unsupported cipher"}, - {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM), "unsupported compression algorithm"}, - {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE), "unsupported digest type"}, - {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE), "unsupported elliptic curve"}, - {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) , "unsupported protocol"}, - {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION), "unsupported ssl version"}, - {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE), "unsupported status type"}, - {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"}, - {ERR_REASON(SSL_R_VERSION_TOO_LOW) , "version too low"}, - {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) , "write bio not set"}, - {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) , "wrong cipher returned"}, - {ERR_REASON(SSL_R_WRONG_CURVE) , "wrong curve"}, - {ERR_REASON(SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED), "QUIC: wrong encryption level received"}, - {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) , "wrong message type"}, - {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"}, - {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"}, - {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) , "wrong signature size"}, - {ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE) , "wrong signature type"}, - {ERR_REASON(SSL_R_WRONG_SSL_VERSION) , "wrong ssl version"}, - {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) , "wrong version number"}, - {ERR_REASON(SSL_R_X509_LIB) , "x509 lib"}, - {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"}, - {0, NULL} -}; - -#endif - -void -ERR_load_SSL_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) { - /* TMP UGLY CASTS */ - ERR_load_strings(0, (ERR_STRING_DATA *)SSL_str_functs); - ERR_load_strings(0, (ERR_STRING_DATA *)SSL_str_reasons); - } -#endif -} -LSSL_ALIAS(ERR_load_SSL_strings); - -void -SSL_load_error_strings(void) -{ -#ifndef OPENSSL_NO_ERR - ERR_load_crypto_strings(); - ERR_load_SSL_strings(); -#endif -} -LSSL_ALIAS(SSL_load_error_strings); - -int -SSL_state_func_code(int state) { - switch (state) { - case SSL3_ST_CW_FLUSH: - return 1; - case SSL3_ST_CW_CLNT_HELLO_A: - return 2; - case SSL3_ST_CW_CLNT_HELLO_B: - return 3; - case SSL3_ST_CR_SRVR_HELLO_A: - return 4; - case SSL3_ST_CR_SRVR_HELLO_B: - return 5; - case SSL3_ST_CR_CERT_A: - return 6; - case SSL3_ST_CR_CERT_B: - return 7; - case SSL3_ST_CR_KEY_EXCH_A: - return 8; - case SSL3_ST_CR_KEY_EXCH_B: - return 9; - case SSL3_ST_CR_CERT_REQ_A: - return 10; - case SSL3_ST_CR_CERT_REQ_B: - return 11; - case SSL3_ST_CR_SRVR_DONE_A: - return 12; - case SSL3_ST_CR_SRVR_DONE_B: - return 13; - case SSL3_ST_CW_CERT_A: - return 14; - case SSL3_ST_CW_CERT_B: - return 15; - case SSL3_ST_CW_CERT_C: - return 16; - case SSL3_ST_CW_CERT_D: - return 17; - case SSL3_ST_CW_KEY_EXCH_A: - return 18; - case SSL3_ST_CW_KEY_EXCH_B: - return 19; - case SSL3_ST_CW_CERT_VRFY_A: - return 20; - case SSL3_ST_CW_CERT_VRFY_B: - return 21; - case SSL3_ST_CW_CHANGE_A: - return 22; - case SSL3_ST_CW_CHANGE_B: - return 23; - case SSL3_ST_CW_FINISHED_A: - return 26; - case SSL3_ST_CW_FINISHED_B: - return 27; - case SSL3_ST_CR_CHANGE_A: - return 28; - case SSL3_ST_CR_CHANGE_B: - return 29; - case SSL3_ST_CR_FINISHED_A: - return 30; - case SSL3_ST_CR_FINISHED_B: - return 31; - case SSL3_ST_CR_SESSION_TICKET_A: - return 32; - case SSL3_ST_CR_SESSION_TICKET_B: - return 33; - case SSL3_ST_CR_CERT_STATUS_A: - return 34; - case SSL3_ST_CR_CERT_STATUS_B: - return 35; - case SSL3_ST_SW_FLUSH: - return 36; - case SSL3_ST_SR_CLNT_HELLO_A: - return 37; - case SSL3_ST_SR_CLNT_HELLO_B: - return 38; - case SSL3_ST_SR_CLNT_HELLO_C: - return 39; - case SSL3_ST_SW_HELLO_REQ_A: - return 40; - case SSL3_ST_SW_HELLO_REQ_B: - return 41; - case SSL3_ST_SW_HELLO_REQ_C: - return 42; - case SSL3_ST_SW_SRVR_HELLO_A: - return 43; - case SSL3_ST_SW_SRVR_HELLO_B: - return 44; - case SSL3_ST_SW_CERT_A: - return 45; - case SSL3_ST_SW_CERT_B: - return 46; - case SSL3_ST_SW_KEY_EXCH_A: - return 47; - case SSL3_ST_SW_KEY_EXCH_B: - return 48; - case SSL3_ST_SW_CERT_REQ_A: - return 49; - case SSL3_ST_SW_CERT_REQ_B: - return 50; - case SSL3_ST_SW_SRVR_DONE_A: - return 51; - case SSL3_ST_SW_SRVR_DONE_B: - return 52; - case SSL3_ST_SR_CERT_A: - return 53; - case SSL3_ST_SR_CERT_B: - return 54; - case SSL3_ST_SR_KEY_EXCH_A: - return 55; - case SSL3_ST_SR_KEY_EXCH_B: - return 56; - case SSL3_ST_SR_CERT_VRFY_A: - return 57; - case SSL3_ST_SR_CERT_VRFY_B: - return 58; - case SSL3_ST_SR_CHANGE_A: - return 59; - case SSL3_ST_SR_CHANGE_B: - return 60; - case SSL3_ST_SR_FINISHED_A: - return 63; - case SSL3_ST_SR_FINISHED_B: - return 64; - case SSL3_ST_SW_CHANGE_A: - return 65; - case SSL3_ST_SW_CHANGE_B: - return 66; - case SSL3_ST_SW_FINISHED_A: - return 67; - case SSL3_ST_SW_FINISHED_B: - return 68; - case SSL3_ST_SW_SESSION_TICKET_A: - return 69; - case SSL3_ST_SW_SESSION_TICKET_B: - return 70; - case SSL3_ST_SW_CERT_STATUS_A: - return 71; - case SSL3_ST_SW_CERT_STATUS_B: - return 72; - case SSL_ST_BEFORE: - return 73; - case SSL_ST_ACCEPT: - return 74; - case SSL_ST_CONNECT: - return 75; - case SSL_ST_OK: - return 76; - case SSL_ST_RENEGOTIATE: - return 77; - case SSL_ST_BEFORE|SSL_ST_CONNECT: - return 78; - case SSL_ST_OK|SSL_ST_CONNECT: - return 79; - case SSL_ST_BEFORE|SSL_ST_ACCEPT: - return 80; - case SSL_ST_OK|SSL_ST_ACCEPT: - return 81; - case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: - return 83; - case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: - return 84; - case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: - return 85; - case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: - return 86; - default: - break; - } - return 0xfff; -} - -void -SSL_error_internal(const SSL *s, int r, char *f, int l) -{ - ERR_PUT_error(ERR_LIB_SSL, - (SSL_state_func_code(s->s3->hs.state)), r, f, l); -} diff --git a/src/lib/libssl/ssl_init.c b/src/lib/libssl/ssl_init.c deleted file mode 100644 index b314e714c1..0000000000 --- a/src/lib/libssl/ssl_init.c +++ /dev/null @@ -1,58 +0,0 @@ -/* $OpenBSD: ssl_init.c,v 1.6 2023/11/22 15:53:53 tb Exp $ */ -/* - * Copyright (c) 2018 Bob Beck - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* OpenSSL style init */ - -#include -#include - -#include - -#include "ssl_local.h" - -static pthread_t ssl_init_thread; - -int -SSL_library_init(void) -{ - return OPENSSL_init_ssl(0, NULL); -} -LSSL_ALIAS(SSL_library_init); - -static void -OPENSSL_init_ssl_internal(void) -{ - ssl_init_thread = pthread_self(); - SSL_load_error_strings(); -} - -int -OPENSSL_init_ssl(uint64_t opts, const void *settings) -{ - static pthread_once_t once = PTHREAD_ONCE_INIT; - - if (pthread_equal(pthread_self(), ssl_init_thread)) - return 1; /* don't recurse */ - - OPENSSL_init_crypto(opts, settings); - - if (pthread_once(&once, OPENSSL_init_ssl_internal) != 0) - return 0; - - return 1; -} -LSSL_ALIAS(OPENSSL_init_ssl); diff --git a/src/lib/libssl/ssl_kex.c b/src/lib/libssl/ssl_kex.c deleted file mode 100644 index fa420a35a3..0000000000 --- a/src/lib/libssl/ssl_kex.c +++ /dev/null @@ -1,422 +0,0 @@ -/* $OpenBSD: ssl_kex.c,v 1.12 2023/07/28 16:02:34 tb Exp $ */ -/* - * Copyright (c) 2020, 2021 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#include -#include -#include -#include -#include - -#include "bytestring.h" - -#define DHE_MINIMUM_BITS 1024 - -int -ssl_kex_generate_dhe(DH *dh, DH *dh_params) -{ - BIGNUM *p = NULL, *g = NULL; - int ret = 0; - - if ((p = BN_dup(DH_get0_p(dh_params))) == NULL) - goto err; - if ((g = BN_dup(DH_get0_g(dh_params))) == NULL) - goto err; - - if (!DH_set0_pqg(dh, p, NULL, g)) - goto err; - p = NULL; - g = NULL; - - if (!DH_generate_key(dh)) - goto err; - - ret = 1; - - err: - BN_free(p); - BN_free(g); - - return ret; -} - -int -ssl_kex_generate_dhe_params_auto(DH *dh, size_t key_bits) -{ - BIGNUM *p = NULL, *g = NULL; - int ret = 0; - - if (key_bits >= 8192) - p = BN_get_rfc3526_prime_8192(NULL); - else if (key_bits >= 4096) - p = BN_get_rfc3526_prime_4096(NULL); - else if (key_bits >= 3072) - p = BN_get_rfc3526_prime_3072(NULL); - else if (key_bits >= 2048) - p = BN_get_rfc3526_prime_2048(NULL); - else if (key_bits >= 1536) - p = BN_get_rfc3526_prime_1536(NULL); - else - p = BN_get_rfc2409_prime_1024(NULL); - - if (p == NULL) - goto err; - - if ((g = BN_new()) == NULL) - goto err; - if (!BN_set_word(g, 2)) - goto err; - - if (!DH_set0_pqg(dh, p, NULL, g)) - goto err; - p = NULL; - g = NULL; - - if (!DH_generate_key(dh)) - goto err; - - ret = 1; - - err: - BN_free(p); - BN_free(g); - - return ret; -} - -int -ssl_kex_params_dhe(DH *dh, CBB *cbb) -{ - int dh_p_len, dh_g_len; - CBB dh_p, dh_g; - uint8_t *data; - - if ((dh_p_len = BN_num_bytes(DH_get0_p(dh))) <= 0) - return 0; - if ((dh_g_len = BN_num_bytes(DH_get0_g(dh))) <= 0) - return 0; - - if (!CBB_add_u16_length_prefixed(cbb, &dh_p)) - return 0; - if (!CBB_add_space(&dh_p, &data, dh_p_len)) - return 0; - if (BN_bn2bin(DH_get0_p(dh), data) != dh_p_len) - return 0; - - if (!CBB_add_u16_length_prefixed(cbb, &dh_g)) - return 0; - if (!CBB_add_space(&dh_g, &data, dh_g_len)) - return 0; - if (BN_bn2bin(DH_get0_g(dh), data) != dh_g_len) - return 0; - - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -int -ssl_kex_public_dhe(DH *dh, CBB *cbb) -{ - uint8_t *data; - int dh_y_len; - CBB dh_y; - - if ((dh_y_len = BN_num_bytes(DH_get0_pub_key(dh))) <= 0) - return 0; - - if (!CBB_add_u16_length_prefixed(cbb, &dh_y)) - return 0; - if (!CBB_add_space(&dh_y, &data, dh_y_len)) - return 0; - if (BN_bn2bin(DH_get0_pub_key(dh), data) != dh_y_len) - return 0; - - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -int -ssl_kex_peer_params_dhe(DH *dh, CBS *cbs, int *decode_error, - int *invalid_params) -{ - BIGNUM *p = NULL, *g = NULL; - CBS dh_p, dh_g; - int ret = 0; - - *decode_error = 0; - *invalid_params = 0; - - if (!CBS_get_u16_length_prefixed(cbs, &dh_p)) { - *decode_error = 1; - goto err; - } - if (!CBS_get_u16_length_prefixed(cbs, &dh_g)) { - *decode_error = 1; - goto err; - } - - if ((p = BN_bin2bn(CBS_data(&dh_p), CBS_len(&dh_p), NULL)) == NULL) - goto err; - if ((g = BN_bin2bn(CBS_data(&dh_g), CBS_len(&dh_g), NULL)) == NULL) - goto err; - - if (!DH_set0_pqg(dh, p, NULL, g)) - goto err; - p = NULL; - g = NULL; - - /* XXX - consider calling DH_check(). */ - - if (DH_bits(dh) < DHE_MINIMUM_BITS) - *invalid_params = 1; - - ret = 1; - - err: - BN_free(p); - BN_free(g); - - return ret; -} - -int -ssl_kex_peer_public_dhe(DH *dh, CBS *cbs, int *decode_error, - int *invalid_key) -{ - BIGNUM *pub_key = NULL; - int check_flags; - CBS dh_y; - int ret = 0; - - *decode_error = 0; - *invalid_key = 0; - - if (!CBS_get_u16_length_prefixed(cbs, &dh_y)) { - *decode_error = 1; - goto err; - } - - if ((pub_key = BN_bin2bn(CBS_data(&dh_y), CBS_len(&dh_y), - NULL)) == NULL) - goto err; - - if (!DH_set0_key(dh, pub_key, NULL)) - goto err; - pub_key = NULL; - - if (!DH_check_pub_key(dh, DH_get0_pub_key(dh), &check_flags)) - goto err; - if (check_flags != 0) - *invalid_key = 1; - - ret = 1; - - err: - BN_free(pub_key); - - return ret; -} - -int -ssl_kex_derive_dhe(DH *dh, DH *dh_peer, - uint8_t **shared_key, size_t *shared_key_len) -{ - uint8_t *key = NULL; - int key_len = 0; - int ret = 0; - - if ((key_len = DH_size(dh)) <= 0) - goto err; - if ((key = calloc(1, key_len)) == NULL) - goto err; - - if ((key_len = DH_compute_key(key, DH_get0_pub_key(dh_peer), dh)) <= 0) - goto err; - - *shared_key = key; - *shared_key_len = key_len; - key = NULL; - - ret = 1; - - err: - freezero(key, key_len); - - return ret; -} - -int -ssl_kex_dummy_ecdhe_x25519(EVP_PKEY *pkey) -{ - EC_GROUP *group = NULL; - EC_POINT *point = NULL; - EC_KEY *ec_key = NULL; - BIGNUM *order = NULL; - int ret = 0; - - /* Fudge up an EC_KEY that looks like X25519... */ - if ((group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) == NULL) - goto err; - if ((point = EC_POINT_new(group)) == NULL) - goto err; - if ((order = BN_new()) == NULL) - goto err; - if (!BN_set_bit(order, 252)) - goto err; - if (!EC_GROUP_set_generator(group, point, order, NULL)) - goto err; - EC_GROUP_set_curve_name(group, NID_X25519); - if ((ec_key = EC_KEY_new()) == NULL) - goto err; - if (!EC_KEY_set_group(ec_key, group)) - goto err; - if (!EVP_PKEY_set1_EC_KEY(pkey, ec_key)) - goto err; - - ret = 1; - - err: - EC_GROUP_free(group); - EC_POINT_free(point); - EC_KEY_free(ec_key); - BN_free(order); - - return ret; -} - -int -ssl_kex_generate_ecdhe_ecp(EC_KEY *ecdh, int nid) -{ - EC_GROUP *group; - int ret = 0; - - if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) - goto err; - - if (!EC_KEY_set_group(ecdh, group)) - goto err; - if (!EC_KEY_generate_key(ecdh)) - goto err; - - ret = 1; - - err: - EC_GROUP_free(group); - - return ret; -} - -int -ssl_kex_public_ecdhe_ecp(EC_KEY *ecdh, CBB *cbb) -{ - const EC_GROUP *group; - const EC_POINT *point; - uint8_t *ecp; - size_t ecp_len; - int ret = 0; - - if ((group = EC_KEY_get0_group(ecdh)) == NULL) - goto err; - if ((point = EC_KEY_get0_public_key(ecdh)) == NULL) - goto err; - - if ((ecp_len = EC_POINT_point2oct(group, point, - POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL)) == 0) - goto err; - if (!CBB_add_space(cbb, &ecp, ecp_len)) - goto err; - if ((EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, - ecp, ecp_len, NULL)) == 0) - goto err; - - ret = 1; - - err: - return ret; -} - -int -ssl_kex_peer_public_ecdhe_ecp(EC_KEY *ecdh, int nid, CBS *cbs) -{ - EC_GROUP *group = NULL; - EC_POINT *point = NULL; - int ret = 0; - - if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) - goto err; - - if (!EC_KEY_set_group(ecdh, group)) - goto err; - - if ((point = EC_POINT_new(group)) == NULL) - goto err; - if (EC_POINT_oct2point(group, point, CBS_data(cbs), CBS_len(cbs), - NULL) == 0) - goto err; - if (!EC_KEY_set_public_key(ecdh, point)) - goto err; - - ret = 1; - - err: - EC_GROUP_free(group); - EC_POINT_free(point); - - return ret; -} - -int -ssl_kex_derive_ecdhe_ecp(EC_KEY *ecdh, EC_KEY *ecdh_peer, - uint8_t **shared_key, size_t *shared_key_len) -{ - const EC_POINT *point; - uint8_t *key = NULL; - int key_len = 0; - int ret = 0; - - if (!EC_GROUP_check(EC_KEY_get0_group(ecdh), NULL)) - goto err; - if (!EC_GROUP_check(EC_KEY_get0_group(ecdh_peer), NULL)) - goto err; - - if ((point = EC_KEY_get0_public_key(ecdh_peer)) == NULL) - goto err; - - if ((key_len = ECDH_size(ecdh)) <= 0) - goto err; - if ((key = calloc(1, key_len)) == NULL) - goto err; - - if (ECDH_compute_key(key, key_len, point, ecdh, NULL) <= 0) - goto err; - - *shared_key = key; - *shared_key_len = key_len; - key = NULL; - - ret = 1; - - err: - freezero(key, key_len); - - return ret; -} diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c deleted file mode 100644 index ce68981493..0000000000 --- a/src/lib/libssl/ssl_lib.c +++ /dev/null @@ -1,3663 +0,0 @@ -/* $OpenBSD: ssl_lib.c,v 1.331 2025/03/12 14:03:55 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#include -#include -#include - -#include -#include - -#include -#include -#include -#include -#include -#include - -#include "bytestring.h" -#include "dtls_local.h" -#include "ssl_local.h" -#include "ssl_sigalgs.h" -#include "ssl_tlsext.h" -#include "tls12_internal.h" - -int -SSL_clear(SSL *s) -{ - if (s->method == NULL) { - SSLerror(s, SSL_R_NO_METHOD_SPECIFIED); - return (0); - } - - if (ssl_clear_bad_session(s)) { - SSL_SESSION_free(s->session); - s->session = NULL; - } - - s->error = 0; - s->hit = 0; - s->shutdown = 0; - - if (s->renegotiate) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - return (0); - } - - s->version = s->method->version; - s->client_version = s->version; - s->rwstate = SSL_NOTHING; - s->rstate = SSL_ST_READ_HEADER; - - tls13_ctx_free(s->tls13); - s->tls13 = NULL; - - ssl3_release_init_buffer(s); - - ssl_clear_cipher_state(s); - - s->first_packet = 0; - - /* - * Check to see if we were changed into a different method, if - * so, revert back if we are not doing session-id reuse. - */ - if (!s->in_handshake && (s->session == NULL) && - (s->method != s->ctx->method)) { - s->method->ssl_free(s); - s->method = s->ctx->method; - if (!s->method->ssl_new(s)) - return (0); - } else - s->method->ssl_clear(s); - - return (1); -} -LSSL_ALIAS(SSL_clear); - -/* Used to change an SSL_CTXs default SSL method type */ -int -SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) -{ - STACK_OF(SSL_CIPHER) *ciphers; - - ctx->method = meth; - - ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, - ctx->cipher_list_tls13, SSL_DEFAULT_CIPHER_LIST, - ctx->cert); - if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) <= 0) { - SSLerrorx(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); - return (0); - } - return (1); -} -LSSL_ALIAS(SSL_CTX_set_ssl_version); - -SSL * -SSL_new(SSL_CTX *ctx) -{ - SSL *s; - CBS cbs; - - if (ctx == NULL) { - SSLerrorx(SSL_R_NULL_SSL_CTX); - return (NULL); - } - if (ctx->method == NULL) { - SSLerrorx(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); - return (NULL); - } - - if ((s = calloc(1, sizeof(*s))) == NULL) - goto err; - - if ((s->rl = tls12_record_layer_new()) == NULL) - goto err; - - s->min_tls_version = ctx->min_tls_version; - s->max_tls_version = ctx->max_tls_version; - s->min_proto_version = ctx->min_proto_version; - s->max_proto_version = ctx->max_proto_version; - - s->options = ctx->options; - s->mode = ctx->mode; - s->max_cert_list = ctx->max_cert_list; - s->num_tickets = ctx->num_tickets; - - if ((s->cert = ssl_cert_dup(ctx->cert)) == NULL) - goto err; - - s->read_ahead = ctx->read_ahead; - s->msg_callback = ctx->msg_callback; - s->msg_callback_arg = ctx->msg_callback_arg; - s->verify_mode = ctx->verify_mode; - s->sid_ctx_length = ctx->sid_ctx_length; - OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); - memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); - s->verify_callback = ctx->default_verify_callback; - s->generate_session_id = ctx->generate_session_id; - - s->param = X509_VERIFY_PARAM_new(); - if (!s->param) - goto err; - X509_VERIFY_PARAM_inherit(s->param, ctx->param); - s->quiet_shutdown = ctx->quiet_shutdown; - s->max_send_fragment = ctx->max_send_fragment; - - CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); - s->ctx = ctx; - s->tlsext_debug_cb = NULL; - s->tlsext_debug_arg = NULL; - s->tlsext_ticket_expected = 0; - s->tlsext_status_type = -1; - s->tlsext_status_expected = 0; - s->tlsext_ocsp_ids = NULL; - s->tlsext_ocsp_exts = NULL; - s->tlsext_ocsp_resp = NULL; - s->tlsext_ocsp_resp_len = 0; - CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); - s->initial_ctx = ctx; - - if (!tlsext_randomize_build_order(s)) - goto err; - - if (ctx->tlsext_ecpointformatlist != NULL) { - s->tlsext_ecpointformatlist = - calloc(ctx->tlsext_ecpointformatlist_length, - sizeof(ctx->tlsext_ecpointformatlist[0])); - if (s->tlsext_ecpointformatlist == NULL) - goto err; - memcpy(s->tlsext_ecpointformatlist, - ctx->tlsext_ecpointformatlist, - ctx->tlsext_ecpointformatlist_length * - sizeof(ctx->tlsext_ecpointformatlist[0])); - s->tlsext_ecpointformatlist_length = - ctx->tlsext_ecpointformatlist_length; - } - if (ctx->tlsext_supportedgroups != NULL) { - s->tlsext_supportedgroups = - calloc(ctx->tlsext_supportedgroups_length, - sizeof(ctx->tlsext_supportedgroups[0])); - if (s->tlsext_supportedgroups == NULL) - goto err; - memcpy(s->tlsext_supportedgroups, - ctx->tlsext_supportedgroups, - ctx->tlsext_supportedgroups_length * - sizeof(ctx->tlsext_supportedgroups[0])); - s->tlsext_supportedgroups_length = - ctx->tlsext_supportedgroups_length; - } - - CBS_init(&cbs, ctx->alpn_client_proto_list, - ctx->alpn_client_proto_list_len); - if (!CBS_stow(&cbs, &s->alpn_client_proto_list, - &s->alpn_client_proto_list_len)) - goto err; - - s->verify_result = X509_V_OK; - - s->method = ctx->method; - s->quic_method = ctx->quic_method; - - if (!s->method->ssl_new(s)) - goto err; - - s->references = 1; - s->server = ctx->method->server; - - SSL_clear(s); - - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); - - return (s); - - err: - SSL_free(s); - SSLerrorx(ERR_R_MALLOC_FAILURE); - return (NULL); -} -LSSL_ALIAS(SSL_new); - -int -SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, - unsigned int sid_ctx_len) -{ - if (sid_ctx_len > sizeof ctx->sid_ctx) { - SSLerrorx(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); - return (0); - } - ctx->sid_ctx_length = sid_ctx_len; - memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len); - - return (1); -} -LSSL_ALIAS(SSL_CTX_set_session_id_context); - -int -SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, - unsigned int sid_ctx_len) -{ - if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { - SSLerror(ssl, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); - return (0); - } - ssl->sid_ctx_length = sid_ctx_len; - memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); - - return (1); -} -LSSL_ALIAS(SSL_set_session_id_context); - -int -SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) -{ - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - ctx->generate_session_id = cb; - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - return (1); -} -LSSL_ALIAS(SSL_CTX_set_generate_session_id); - -int -SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) -{ - CRYPTO_w_lock(CRYPTO_LOCK_SSL); - ssl->generate_session_id = cb; - CRYPTO_w_unlock(CRYPTO_LOCK_SSL); - return (1); -} -LSSL_ALIAS(SSL_set_generate_session_id); - -int -SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, - unsigned int id_len) -{ - /* - * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp - * shows how we can "construct" a session to give us the desired - * check - ie. to find if there's a session in the hash table - * that would conflict with any new session built out of this - * id/id_len and the ssl_version in use by this SSL. - */ - SSL_SESSION r, *p; - - if (id_len > sizeof r.session_id) - return (0); - - r.ssl_version = ssl->version; - r.session_id_length = id_len; - memcpy(r.session_id, id, id_len); - - CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); - p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); - return (p != NULL); -} -LSSL_ALIAS(SSL_has_matching_session_id); - -int -SSL_CTX_set_purpose(SSL_CTX *s, int purpose) -{ - return (X509_VERIFY_PARAM_set_purpose(s->param, purpose)); -} -LSSL_ALIAS(SSL_CTX_set_purpose); - -int -SSL_set_purpose(SSL *s, int purpose) -{ - return (X509_VERIFY_PARAM_set_purpose(s->param, purpose)); -} -LSSL_ALIAS(SSL_set_purpose); - -int -SSL_CTX_set_trust(SSL_CTX *s, int trust) -{ - return (X509_VERIFY_PARAM_set_trust(s->param, trust)); -} -LSSL_ALIAS(SSL_CTX_set_trust); - -int -SSL_set_trust(SSL *s, int trust) -{ - return (X509_VERIFY_PARAM_set_trust(s->param, trust)); -} -LSSL_ALIAS(SSL_set_trust); - -int -SSL_set1_host(SSL *s, const char *hostname) -{ - struct in_addr ina; - struct in6_addr in6a; - - if (hostname != NULL && *hostname != '\0' && - (inet_pton(AF_INET, hostname, &ina) == 1 || - inet_pton(AF_INET6, hostname, &in6a) == 1)) - return X509_VERIFY_PARAM_set1_ip_asc(s->param, hostname); - else - return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0); -} -LSSL_ALIAS(SSL_set1_host); - -void -SSL_set_hostflags(SSL *s, unsigned int flags) -{ - X509_VERIFY_PARAM_set_hostflags(s->param, flags); -} -LSSL_ALIAS(SSL_set_hostflags); - -const char * -SSL_get0_peername(SSL *s) -{ - return X509_VERIFY_PARAM_get0_peername(s->param); -} -LSSL_ALIAS(SSL_get0_peername); - -X509_VERIFY_PARAM * -SSL_CTX_get0_param(SSL_CTX *ctx) -{ - return (ctx->param); -} -LSSL_ALIAS(SSL_CTX_get0_param); - -int -SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) -{ - return (X509_VERIFY_PARAM_set1(ctx->param, vpm)); -} -LSSL_ALIAS(SSL_CTX_set1_param); - -X509_VERIFY_PARAM * -SSL_get0_param(SSL *ssl) -{ - return (ssl->param); -} -LSSL_ALIAS(SSL_get0_param); - -int -SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) -{ - return (X509_VERIFY_PARAM_set1(ssl->param, vpm)); -} -LSSL_ALIAS(SSL_set1_param); - -void -SSL_free(SSL *s) -{ - int i; - - if (s == NULL) - return; - - i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL); - if (i > 0) - return; - - X509_VERIFY_PARAM_free(s->param); - - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); - - if (s->bbio != NULL) { - /* If the buffering BIO is in place, pop it off */ - if (s->bbio == s->wbio) { - s->wbio = BIO_pop(s->wbio); - } - BIO_free(s->bbio); - s->bbio = NULL; - } - - if (s->rbio != s->wbio) - BIO_free_all(s->rbio); - BIO_free_all(s->wbio); - - tls13_ctx_free(s->tls13); - - ssl3_release_init_buffer(s); - - sk_SSL_CIPHER_free(s->cipher_list); - sk_SSL_CIPHER_free(s->cipher_list_tls13); - - /* Make the next call work :-) */ - if (s->session != NULL) { - ssl_clear_bad_session(s); - SSL_SESSION_free(s->session); - } - - ssl_clear_cipher_state(s); - - ssl_cert_free(s->cert); - - free(s->tlsext_build_order); - - free(s->tlsext_hostname); - SSL_CTX_free(s->initial_ctx); - - free(s->tlsext_ecpointformatlist); - free(s->tlsext_supportedgroups); - - sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, - X509_EXTENSION_free); - sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); - free(s->tlsext_ocsp_resp); - - sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); - - if (s->method != NULL) - s->method->ssl_free(s); - - SSL_CTX_free(s->ctx); - - free(s->alpn_client_proto_list); - - free(s->quic_transport_params); - -#ifndef OPENSSL_NO_SRTP - sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); -#endif - - tls12_record_layer_free(s->rl); - - free(s); -} -LSSL_ALIAS(SSL_free); - -int -SSL_up_ref(SSL *s) -{ - return CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL) > 1; -} -LSSL_ALIAS(SSL_up_ref); - -void -SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) -{ - /* If the output buffering BIO is still in place, remove it */ - if (s->bbio != NULL) { - if (s->wbio == s->bbio) { - s->wbio = BIO_next(s->wbio); - BIO_set_next(s->bbio, NULL); - } - } - - if (s->rbio != rbio && s->rbio != s->wbio) - BIO_free_all(s->rbio); - if (s->wbio != wbio) - BIO_free_all(s->wbio); - s->rbio = rbio; - s->wbio = wbio; -} -LSSL_ALIAS(SSL_set_bio); - -BIO * -SSL_get_rbio(const SSL *s) -{ - return (s->rbio); -} -LSSL_ALIAS(SSL_get_rbio); - -void -SSL_set0_rbio(SSL *s, BIO *rbio) -{ - BIO_free_all(s->rbio); - s->rbio = rbio; -} -LSSL_ALIAS(SSL_set0_rbio); - -BIO * -SSL_get_wbio(const SSL *s) -{ - return (s->wbio); -} -LSSL_ALIAS(SSL_get_wbio); - -int -SSL_get_fd(const SSL *s) -{ - return (SSL_get_rfd(s)); -} -LSSL_ALIAS(SSL_get_fd); - -int -SSL_get_rfd(const SSL *s) -{ - int ret = -1; - BIO *b, *r; - - b = SSL_get_rbio(s); - r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); - if (r != NULL) - BIO_get_fd(r, &ret); - return (ret); -} -LSSL_ALIAS(SSL_get_rfd); - -int -SSL_get_wfd(const SSL *s) -{ - int ret = -1; - BIO *b, *r; - - b = SSL_get_wbio(s); - r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); - if (r != NULL) - BIO_get_fd(r, &ret); - return (ret); -} -LSSL_ALIAS(SSL_get_wfd); - -int -SSL_set_fd(SSL *s, int fd) -{ - int ret = 0; - BIO *bio = NULL; - - bio = BIO_new(BIO_s_socket()); - - if (bio == NULL) { - SSLerror(s, ERR_R_BUF_LIB); - goto err; - } - BIO_set_fd(bio, fd, BIO_NOCLOSE); - SSL_set_bio(s, bio, bio); - ret = 1; - err: - return (ret); -} -LSSL_ALIAS(SSL_set_fd); - -int -SSL_set_wfd(SSL *s, int fd) -{ - int ret = 0; - BIO *bio = NULL; - - if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) - || ((int)BIO_get_fd(s->rbio, NULL) != fd)) { - bio = BIO_new(BIO_s_socket()); - - if (bio == NULL) { - SSLerror(s, ERR_R_BUF_LIB); - goto err; - } - BIO_set_fd(bio, fd, BIO_NOCLOSE); - SSL_set_bio(s, SSL_get_rbio(s), bio); - } else - SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s)); - ret = 1; - err: - return (ret); -} -LSSL_ALIAS(SSL_set_wfd); - -int -SSL_set_rfd(SSL *s, int fd) -{ - int ret = 0; - BIO *bio = NULL; - - if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) - || ((int)BIO_get_fd(s->wbio, NULL) != fd)) { - bio = BIO_new(BIO_s_socket()); - - if (bio == NULL) { - SSLerror(s, ERR_R_BUF_LIB); - goto err; - } - BIO_set_fd(bio, fd, BIO_NOCLOSE); - SSL_set_bio(s, bio, SSL_get_wbio(s)); - } else - SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s)); - ret = 1; - err: - return (ret); -} -LSSL_ALIAS(SSL_set_rfd); - - -/* return length of latest Finished message we sent, copy to 'buf' */ -size_t -SSL_get_finished(const SSL *s, void *buf, size_t count) -{ - size_t ret; - - ret = s->s3->hs.finished_len; - if (count > ret) - count = ret; - memcpy(buf, s->s3->hs.finished, count); - return (ret); -} -LSSL_ALIAS(SSL_get_finished); - -/* return length of latest Finished message we expected, copy to 'buf' */ -size_t -SSL_get_peer_finished(const SSL *s, void *buf, size_t count) -{ - size_t ret; - - ret = s->s3->hs.peer_finished_len; - if (count > ret) - count = ret; - memcpy(buf, s->s3->hs.peer_finished, count); - return (ret); -} -LSSL_ALIAS(SSL_get_peer_finished); - - -int -SSL_get_verify_mode(const SSL *s) -{ - return (s->verify_mode); -} -LSSL_ALIAS(SSL_get_verify_mode); - -int -SSL_get_verify_depth(const SSL *s) -{ - return (X509_VERIFY_PARAM_get_depth(s->param)); -} -LSSL_ALIAS(SSL_get_verify_depth); - -int -(*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *) -{ - return (s->verify_callback); -} -LSSL_ALIAS(SSL_get_verify_callback); - -void -SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb) -{ - ctx->keylog_callback = cb; -} -LSSL_ALIAS(SSL_CTX_set_keylog_callback); - -SSL_CTX_keylog_cb_func -SSL_CTX_get_keylog_callback(const SSL_CTX *ctx) -{ - return (ctx->keylog_callback); -} -LSSL_ALIAS(SSL_CTX_get_keylog_callback); - -int -SSL_set_num_tickets(SSL *s, size_t num_tickets) -{ - s->num_tickets = num_tickets; - - return 1; -} -LSSL_ALIAS(SSL_set_num_tickets); - -size_t -SSL_get_num_tickets(const SSL *s) -{ - return s->num_tickets; -} -LSSL_ALIAS(SSL_get_num_tickets); - -int -SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) -{ - ctx->num_tickets = num_tickets; - - return 1; -} -LSSL_ALIAS(SSL_CTX_set_num_tickets); - -size_t -SSL_CTX_get_num_tickets(const SSL_CTX *ctx) -{ - return ctx->num_tickets; -} -LSSL_ALIAS(SSL_CTX_get_num_tickets); - -int -SSL_CTX_get_verify_mode(const SSL_CTX *ctx) -{ - return (ctx->verify_mode); -} -LSSL_ALIAS(SSL_CTX_get_verify_mode); - -int -SSL_CTX_get_verify_depth(const SSL_CTX *ctx) -{ - return (X509_VERIFY_PARAM_get_depth(ctx->param)); -} -LSSL_ALIAS(SSL_CTX_get_verify_depth); - -int -(*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *) -{ - return (ctx->default_verify_callback); -} -LSSL_ALIAS(SSL_CTX_get_verify_callback); - -void -SSL_set_verify(SSL *s, int mode, - int (*callback)(int ok, X509_STORE_CTX *ctx)) -{ - s->verify_mode = mode; - if (callback != NULL) - s->verify_callback = callback; -} -LSSL_ALIAS(SSL_set_verify); - -void -SSL_set_verify_depth(SSL *s, int depth) -{ - X509_VERIFY_PARAM_set_depth(s->param, depth); -} -LSSL_ALIAS(SSL_set_verify_depth); - -void -SSL_set_read_ahead(SSL *s, int yes) -{ - s->read_ahead = yes; -} -LSSL_ALIAS(SSL_set_read_ahead); - -int -SSL_get_read_ahead(const SSL *s) -{ - return (s->read_ahead); -} -LSSL_ALIAS(SSL_get_read_ahead); - -int -SSL_pending(const SSL *s) -{ - return (s->method->ssl_pending(s)); -} -LSSL_ALIAS(SSL_pending); - -X509 * -SSL_get_peer_certificate(const SSL *s) -{ - X509 *cert; - - if (s == NULL || s->session == NULL) - return NULL; - - if ((cert = s->session->peer_cert) == NULL) - return NULL; - - X509_up_ref(cert); - - return cert; -} -LSSL_ALIAS(SSL_get_peer_certificate); - -STACK_OF(X509) * -SSL_get_peer_cert_chain(const SSL *s) -{ - if (s == NULL) - return NULL; - - /* - * Achtung! Due to API inconsistency, a client includes the peer's leaf - * certificate in the peer certificate chain, while a server does not. - */ - if (!s->server) - return s->s3->hs.peer_certs; - - return s->s3->hs.peer_certs_no_leaf; -} -LSSL_ALIAS(SSL_get_peer_cert_chain); - -STACK_OF(X509) * -SSL_get0_verified_chain(const SSL *s) -{ - if (s->s3 == NULL) - return NULL; - return s->s3->hs.verified_chain; -} -LSSL_ALIAS(SSL_get0_verified_chain); - -/* - * Now in theory, since the calling process own 't' it should be safe to - * modify. We need to be able to read f without being hassled - */ -int -SSL_copy_session_id(SSL *t, const SSL *f) -{ - SSL_CERT *tmp; - - /* Do we need to do SSL locking? */ - if (!SSL_set_session(t, SSL_get_session(f))) - return 0; - - /* What if we are set up for one protocol but want to talk another? */ - if (t->method != f->method) { - t->method->ssl_free(t); - t->method = f->method; - if (!t->method->ssl_new(t)) - return 0; - } - - tmp = t->cert; - if (f->cert != NULL) { - CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT); - t->cert = f->cert; - } else - t->cert = NULL; - ssl_cert_free(tmp); - - if (!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length)) - return 0; - - return 1; -} -LSSL_ALIAS(SSL_copy_session_id); - -/* Fix this so it checks all the valid key/cert options */ -int -SSL_CTX_check_private_key(const SSL_CTX *ctx) -{ - if ((ctx == NULL) || (ctx->cert == NULL) || - (ctx->cert->key->x509 == NULL)) { - SSLerrorx(SSL_R_NO_CERTIFICATE_ASSIGNED); - return (0); - } - if (ctx->cert->key->privatekey == NULL) { - SSLerrorx(SSL_R_NO_PRIVATE_KEY_ASSIGNED); - return (0); - } - return (X509_check_private_key(ctx->cert->key->x509, - ctx->cert->key->privatekey)); -} -LSSL_ALIAS(SSL_CTX_check_private_key); - -/* Fix this function so that it takes an optional type parameter */ -int -SSL_check_private_key(const SSL *ssl) -{ - if (ssl == NULL) { - SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); - return (0); - } - if (ssl->cert == NULL) { - SSLerror(ssl, SSL_R_NO_CERTIFICATE_ASSIGNED); - return (0); - } - if (ssl->cert->key->x509 == NULL) { - SSLerror(ssl, SSL_R_NO_CERTIFICATE_ASSIGNED); - return (0); - } - if (ssl->cert->key->privatekey == NULL) { - SSLerror(ssl, SSL_R_NO_PRIVATE_KEY_ASSIGNED); - return (0); - } - return (X509_check_private_key(ssl->cert->key->x509, - ssl->cert->key->privatekey)); -} -LSSL_ALIAS(SSL_check_private_key); - -int -SSL_accept(SSL *s) -{ - if (s->handshake_func == NULL) - SSL_set_accept_state(s); /* Not properly initialized yet */ - - return (s->method->ssl_accept(s)); -} -LSSL_ALIAS(SSL_accept); - -int -SSL_connect(SSL *s) -{ - if (s->handshake_func == NULL) - SSL_set_connect_state(s); /* Not properly initialized yet */ - - return (s->method->ssl_connect(s)); -} -LSSL_ALIAS(SSL_connect); - -int -SSL_is_dtls(const SSL *s) -{ - return s->method->dtls; -} -LSSL_ALIAS(SSL_is_dtls); - -int -SSL_is_server(const SSL *s) -{ - return s->server; -} -LSSL_ALIAS(SSL_is_server); - -static long -ssl_get_default_timeout(void) -{ - /* - * 2 hours, the 24 hours mentioned in the TLSv1 spec - * is way too long for http, the cache would over fill. - */ - return (2 * 60 * 60); -} - -long -SSL_get_default_timeout(const SSL *s) -{ - return (ssl_get_default_timeout()); -} -LSSL_ALIAS(SSL_get_default_timeout); - -int -SSL_read(SSL *s, void *buf, int num) -{ - if (num < 0) { - SSLerror(s, SSL_R_BAD_LENGTH); - return -1; - } - - if (SSL_is_quic(s)) { - SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (-1); - } - - if (s->handshake_func == NULL) { - SSLerror(s, SSL_R_UNINITIALIZED); - return (-1); - } - - if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { - s->rwstate = SSL_NOTHING; - return (0); - } - return ssl3_read(s, buf, num); -} -LSSL_ALIAS(SSL_read); - -int -SSL_read_ex(SSL *s, void *buf, size_t num, size_t *bytes_read) -{ - int ret; - - /* We simply don't bother supporting enormous reads */ - if (num > INT_MAX) { - SSLerror(s, SSL_R_BAD_LENGTH); - return 0; - } - - ret = SSL_read(s, buf, (int)num); - if (ret < 0) - ret = 0; - *bytes_read = ret; - - return ret > 0; -} -LSSL_ALIAS(SSL_read_ex); - -int -SSL_peek(SSL *s, void *buf, int num) -{ - if (num < 0) { - SSLerror(s, SSL_R_BAD_LENGTH); - return -1; - } - - if (SSL_is_quic(s)) { - SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (-1); - } - - if (s->handshake_func == NULL) { - SSLerror(s, SSL_R_UNINITIALIZED); - return (-1); - } - - if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { - return (0); - } - return ssl3_peek(s, buf, num); -} -LSSL_ALIAS(SSL_peek); - -int -SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *bytes_peeked) -{ - int ret; - - /* We simply don't bother supporting enormous peeks */ - if (num > INT_MAX) { - SSLerror(s, SSL_R_BAD_LENGTH); - return 0; - } - - ret = SSL_peek(s, buf, (int)num); - if (ret < 0) - ret = 0; - *bytes_peeked = ret; - - return ret > 0; -} -LSSL_ALIAS(SSL_peek_ex); - -int -SSL_write(SSL *s, const void *buf, int num) -{ - if (num < 0) { - SSLerror(s, SSL_R_BAD_LENGTH); - return -1; - } - - if (SSL_is_quic(s)) { - SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (-1); - } - - if (s->handshake_func == NULL) { - SSLerror(s, SSL_R_UNINITIALIZED); - return (-1); - } - - if (s->shutdown & SSL_SENT_SHUTDOWN) { - s->rwstate = SSL_NOTHING; - SSLerror(s, SSL_R_PROTOCOL_IS_SHUTDOWN); - return (-1); - } - return ssl3_write(s, buf, num); -} -LSSL_ALIAS(SSL_write); - -int -SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *bytes_written) -{ - int ret; - - /* We simply don't bother supporting enormous writes */ - if (num > INT_MAX) { - SSLerror(s, SSL_R_BAD_LENGTH); - return 0; - } - - if (num == 0) { - /* This API is special */ - bytes_written = 0; - return 1; - } - - ret = SSL_write(s, buf, (int)num); - if (ret < 0) - ret = 0; - *bytes_written = ret; - - return ret > 0; -} -LSSL_ALIAS(SSL_write_ex); - -uint32_t -SSL_CTX_get_max_early_data(const SSL_CTX *ctx) -{ - return 0; -} -LSSL_ALIAS(SSL_CTX_get_max_early_data); - -int -SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data) -{ - return 1; -} -LSSL_ALIAS(SSL_CTX_set_max_early_data); - -uint32_t -SSL_get_max_early_data(const SSL *s) -{ - return 0; -} -LSSL_ALIAS(SSL_get_max_early_data); - -int -SSL_set_max_early_data(SSL *s, uint32_t max_early_data) -{ - return 1; -} -LSSL_ALIAS(SSL_set_max_early_data); - -int -SSL_get_early_data_status(const SSL *s) -{ - return SSL_EARLY_DATA_REJECTED; -} -LSSL_ALIAS(SSL_get_early_data_status); - -int -SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes) -{ - *readbytes = 0; - - if (!s->server) { - SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return SSL_READ_EARLY_DATA_ERROR; - } - - return SSL_READ_EARLY_DATA_FINISH; -} -LSSL_ALIAS(SSL_read_early_data); - -int -SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written) -{ - *written = 0; - SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; -} -LSSL_ALIAS(SSL_write_early_data); - -int -SSL_shutdown(SSL *s) -{ - /* - * Note that this function behaves differently from what one might - * expect. Return values are 0 for no success (yet), - * 1 for success; but calling it once is usually not enough, - * even if blocking I/O is used (see ssl3_shutdown). - */ - - if (s->handshake_func == NULL) { - SSLerror(s, SSL_R_UNINITIALIZED); - return (-1); - } - - if (s != NULL && !SSL_in_init(s)) - return (s->method->ssl_shutdown(s)); - - return (1); -} -LSSL_ALIAS(SSL_shutdown); - -int -SSL_renegotiate(SSL *s) -{ - if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0) { - SSLerror(s, SSL_R_NO_RENEGOTIATION); - return 0; - } - - if (s->renegotiate == 0) - s->renegotiate = 1; - - s->new_session = 1; - - return (s->method->ssl_renegotiate(s)); -} -LSSL_ALIAS(SSL_renegotiate); - -int -SSL_renegotiate_abbreviated(SSL *s) -{ - if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0) { - SSLerror(s, SSL_R_NO_RENEGOTIATION); - return 0; - } - - if (s->renegotiate == 0) - s->renegotiate = 1; - - s->new_session = 0; - - return (s->method->ssl_renegotiate(s)); -} -LSSL_ALIAS(SSL_renegotiate_abbreviated); - -int -SSL_renegotiate_pending(SSL *s) -{ - /* - * Becomes true when negotiation is requested; - * false again once a handshake has finished. - */ - return (s->renegotiate != 0); -} -LSSL_ALIAS(SSL_renegotiate_pending); - -long -SSL_ctrl(SSL *s, int cmd, long larg, void *parg) -{ - long l; - - switch (cmd) { - case SSL_CTRL_GET_READ_AHEAD: - return (s->read_ahead); - case SSL_CTRL_SET_READ_AHEAD: - l = s->read_ahead; - s->read_ahead = larg; - return (l); - - case SSL_CTRL_SET_MSG_CALLBACK_ARG: - s->msg_callback_arg = parg; - return (1); - - case SSL_CTRL_OPTIONS: - return (s->options|=larg); - case SSL_CTRL_CLEAR_OPTIONS: - return (s->options&=~larg); - case SSL_CTRL_MODE: - return (s->mode|=larg); - case SSL_CTRL_CLEAR_MODE: - return (s->mode &=~larg); - case SSL_CTRL_GET_MAX_CERT_LIST: - return (s->max_cert_list); - case SSL_CTRL_SET_MAX_CERT_LIST: - l = s->max_cert_list; - s->max_cert_list = larg; - return (l); - case SSL_CTRL_SET_MTU: - if (larg < (long)dtls1_min_mtu()) - return (0); - if (SSL_is_dtls(s)) { - s->d1->mtu = larg; - return (larg); - } - return (0); - case SSL_CTRL_SET_MAX_SEND_FRAGMENT: - if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) - return (0); - s->max_send_fragment = larg; - return (1); - case SSL_CTRL_GET_RI_SUPPORT: - if (s->s3) - return (s->s3->send_connection_binding); - else return (0); - default: - if (SSL_is_dtls(s)) - return dtls1_ctrl(s, cmd, larg, parg); - return ssl3_ctrl(s, cmd, larg, parg); - } -} -LSSL_ALIAS(SSL_ctrl); - -long -SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) -{ - switch (cmd) { - case SSL_CTRL_SET_MSG_CALLBACK: - s->msg_callback = (ssl_msg_callback_fn *)(fp); - return (1); - - default: - return (ssl3_callback_ctrl(s, cmd, fp)); - } -} -LSSL_ALIAS(SSL_callback_ctrl); - -struct lhash_st_SSL_SESSION * -SSL_CTX_sessions(SSL_CTX *ctx) -{ - return (ctx->sessions); -} -LSSL_ALIAS(SSL_CTX_sessions); - -long -SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) -{ - long l; - - switch (cmd) { - case SSL_CTRL_GET_READ_AHEAD: - return (ctx->read_ahead); - case SSL_CTRL_SET_READ_AHEAD: - l = ctx->read_ahead; - ctx->read_ahead = larg; - return (l); - - case SSL_CTRL_SET_MSG_CALLBACK_ARG: - ctx->msg_callback_arg = parg; - return (1); - - case SSL_CTRL_GET_MAX_CERT_LIST: - return (ctx->max_cert_list); - case SSL_CTRL_SET_MAX_CERT_LIST: - l = ctx->max_cert_list; - ctx->max_cert_list = larg; - return (l); - - case SSL_CTRL_SET_SESS_CACHE_SIZE: - l = ctx->session_cache_size; - ctx->session_cache_size = larg; - return (l); - case SSL_CTRL_GET_SESS_CACHE_SIZE: - return (ctx->session_cache_size); - case SSL_CTRL_SET_SESS_CACHE_MODE: - l = ctx->session_cache_mode; - ctx->session_cache_mode = larg; - return (l); - case SSL_CTRL_GET_SESS_CACHE_MODE: - return (ctx->session_cache_mode); - - case SSL_CTRL_SESS_NUMBER: - return (lh_SSL_SESSION_num_items(ctx->sessions)); - case SSL_CTRL_SESS_CONNECT: - return (ctx->stats.sess_connect); - case SSL_CTRL_SESS_CONNECT_GOOD: - return (ctx->stats.sess_connect_good); - case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: - return (ctx->stats.sess_connect_renegotiate); - case SSL_CTRL_SESS_ACCEPT: - return (ctx->stats.sess_accept); - case SSL_CTRL_SESS_ACCEPT_GOOD: - return (ctx->stats.sess_accept_good); - case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: - return (ctx->stats.sess_accept_renegotiate); - case SSL_CTRL_SESS_HIT: - return (ctx->stats.sess_hit); - case SSL_CTRL_SESS_CB_HIT: - return (ctx->stats.sess_cb_hit); - case SSL_CTRL_SESS_MISSES: - return (ctx->stats.sess_miss); - case SSL_CTRL_SESS_TIMEOUTS: - return (ctx->stats.sess_timeout); - case SSL_CTRL_SESS_CACHE_FULL: - return (ctx->stats.sess_cache_full); - case SSL_CTRL_OPTIONS: - return (ctx->options|=larg); - case SSL_CTRL_CLEAR_OPTIONS: - return (ctx->options&=~larg); - case SSL_CTRL_MODE: - return (ctx->mode|=larg); - case SSL_CTRL_CLEAR_MODE: - return (ctx->mode&=~larg); - case SSL_CTRL_SET_MAX_SEND_FRAGMENT: - if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) - return (0); - ctx->max_send_fragment = larg; - return (1); - default: - return (ssl3_ctx_ctrl(ctx, cmd, larg, parg)); - } -} -LSSL_ALIAS(SSL_CTX_ctrl); - -long -SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) -{ - switch (cmd) { - case SSL_CTRL_SET_MSG_CALLBACK: - ctx->msg_callback = (ssl_msg_callback_fn *)fp; - return (1); - - default: - return (ssl3_ctx_callback_ctrl(ctx, cmd, fp)); - } -} -LSSL_ALIAS(SSL_CTX_callback_ctrl); - -STACK_OF(SSL_CIPHER) * -SSL_get_ciphers(const SSL *s) -{ - if (s == NULL) - return (NULL); - if (s->cipher_list != NULL) - return (s->cipher_list); - - return (s->ctx->cipher_list); -} -LSSL_ALIAS(SSL_get_ciphers); - -STACK_OF(SSL_CIPHER) * -SSL_get_client_ciphers(const SSL *s) -{ - if (s == NULL || !s->server) - return NULL; - return s->s3->hs.client_ciphers; -} -LSSL_ALIAS(SSL_get_client_ciphers); - -STACK_OF(SSL_CIPHER) * -SSL_get1_supported_ciphers(SSL *s) -{ - STACK_OF(SSL_CIPHER) *supported_ciphers = NULL, *ciphers; - SSL_CIPHER *cipher; - uint16_t min_vers, max_vers; - int i; - - if (s == NULL) - return NULL; - if (!ssl_supported_tls_version_range(s, &min_vers, &max_vers)) - return NULL; - if ((ciphers = SSL_get_ciphers(s)) == NULL) - return NULL; - if ((supported_ciphers = sk_SSL_CIPHER_new_null()) == NULL) - return NULL; - - for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { - if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL) - goto err; - if (!ssl_cipher_allowed_in_tls_version_range(cipher, min_vers, - max_vers)) - continue; - if (!ssl_security_supported_cipher(s, cipher)) - continue; - if (!sk_SSL_CIPHER_push(supported_ciphers, cipher)) - goto err; - } - - if (sk_SSL_CIPHER_num(supported_ciphers) > 0) - return supported_ciphers; - - err: - sk_SSL_CIPHER_free(supported_ciphers); - return NULL; -} -LSSL_ALIAS(SSL_get1_supported_ciphers); - -/* See if we have any ECC cipher suites. */ -int -ssl_has_ecc_ciphers(SSL *s) -{ - STACK_OF(SSL_CIPHER) *ciphers; - unsigned long alg_k, alg_a; - SSL_CIPHER *cipher; - int i; - - if ((ciphers = SSL_get_ciphers(s)) == NULL) - return 0; - - for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { - cipher = sk_SSL_CIPHER_value(ciphers, i); - - alg_k = cipher->algorithm_mkey; - alg_a = cipher->algorithm_auth; - - if ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) - return 1; - } - - return 0; -} - -/* The old interface to get the same thing as SSL_get_ciphers(). */ -const char * -SSL_get_cipher_list(const SSL *s, int n) -{ - STACK_OF(SSL_CIPHER) *ciphers; - const SSL_CIPHER *cipher; - - if ((ciphers = SSL_get_ciphers(s)) == NULL) - return (NULL); - if ((cipher = sk_SSL_CIPHER_value(ciphers, n)) == NULL) - return (NULL); - - return (cipher->name); -} -LSSL_ALIAS(SSL_get_cipher_list); - -STACK_OF(SSL_CIPHER) * -SSL_CTX_get_ciphers(const SSL_CTX *ctx) -{ - if (ctx == NULL) - return NULL; - return ctx->cipher_list; -} -LSSL_ALIAS(SSL_CTX_get_ciphers); - -/* Specify the ciphers to be used by default by the SSL_CTX. */ -int -SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) -{ - STACK_OF(SSL_CIPHER) *ciphers; - - /* - * ssl_create_cipher_list may return an empty stack if it was unable to - * find a cipher matching the given rule string (for example if the - * rule string specifies a cipher which has been disabled). This is not - * an error as far as ssl_create_cipher_list is concerned, and hence - * ctx->cipher_list has been updated. - */ - ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, - ctx->cipher_list_tls13, str, ctx->cert); - if (ciphers == NULL) { - return (0); - } else if (sk_SSL_CIPHER_num(ciphers) == 0) { - SSLerrorx(SSL_R_NO_CIPHER_MATCH); - return (0); - } - return (1); -} -LSSL_ALIAS(SSL_CTX_set_cipher_list); - -int -SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str) -{ - if (!ssl_parse_ciphersuites(&ctx->cipher_list_tls13, str)) { - SSLerrorx(SSL_R_NO_CIPHER_MATCH); - return 0; - } - if (!ssl_merge_cipherlists(ctx->cipher_list, - ctx->cipher_list_tls13, &ctx->cipher_list)) - return 0; - - return 1; -} -LSSL_ALIAS(SSL_CTX_set_ciphersuites); - -/* Specify the ciphers to be used by the SSL. */ -int -SSL_set_cipher_list(SSL *s, const char *str) -{ - STACK_OF(SSL_CIPHER) *ciphers, *ciphers_tls13; - - if ((ciphers_tls13 = s->cipher_list_tls13) == NULL) - ciphers_tls13 = s->ctx->cipher_list_tls13; - - /* See comment in SSL_CTX_set_cipher_list. */ - ciphers = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, - ciphers_tls13, str, s->cert); - if (ciphers == NULL) { - return (0); - } else if (sk_SSL_CIPHER_num(ciphers) == 0) { - SSLerror(s, SSL_R_NO_CIPHER_MATCH); - return (0); - } - return (1); -} -LSSL_ALIAS(SSL_set_cipher_list); - -int -SSL_set_ciphersuites(SSL *s, const char *str) -{ - STACK_OF(SSL_CIPHER) *ciphers; - - if ((ciphers = s->cipher_list) == NULL) - ciphers = s->ctx->cipher_list; - - if (!ssl_parse_ciphersuites(&s->cipher_list_tls13, str)) { - SSLerrorx(SSL_R_NO_CIPHER_MATCH); - return (0); - } - if (!ssl_merge_cipherlists(ciphers, s->cipher_list_tls13, - &s->cipher_list)) - return 0; - - return 1; -} -LSSL_ALIAS(SSL_set_ciphersuites); - -char * -SSL_get_shared_ciphers(const SSL *s, char *buf, int len) -{ - STACK_OF(SSL_CIPHER) *client_ciphers, *server_ciphers; - const SSL_CIPHER *cipher; - size_t curlen = 0; - char *end; - int i; - - if (!s->server || len < 2) - return NULL; - - if ((client_ciphers = s->s3->hs.client_ciphers) == NULL) - return NULL; - if ((server_ciphers = SSL_get_ciphers(s)) == NULL) - return NULL; - if (sk_SSL_CIPHER_num(client_ciphers) == 0 || - sk_SSL_CIPHER_num(server_ciphers) == 0) - return NULL; - - buf[0] = '\0'; - for (i = 0; i < sk_SSL_CIPHER_num(client_ciphers); i++) { - cipher = sk_SSL_CIPHER_value(client_ciphers, i); - - if (sk_SSL_CIPHER_find(server_ciphers, cipher) < 0) - continue; - - end = buf + curlen; - if (strlcat(buf, cipher->name, len) >= len || - (curlen = strlcat(buf, ":", len)) >= len) { - /* remove truncated cipher from list */ - *end = '\0'; - break; - } - } - /* remove trailing colon */ - if ((end = strrchr(buf, ':')) != NULL) - *end = '\0'; - return buf; -} -LSSL_ALIAS(SSL_get_shared_ciphers); - -/* - * Return a servername extension value if provided in Client Hello, or NULL. - * So far, only host_name types are defined (RFC 3546). - */ -const char * -SSL_get_servername(const SSL *s, const int type) -{ - if (type != TLSEXT_NAMETYPE_host_name) - return (NULL); - - return (s->session && !s->tlsext_hostname ? - s->session->tlsext_hostname : - s->tlsext_hostname); -} -LSSL_ALIAS(SSL_get_servername); - -int -SSL_get_servername_type(const SSL *s) -{ - if (s->session && - (!s->tlsext_hostname ? - s->session->tlsext_hostname : s->tlsext_hostname)) - return (TLSEXT_NAMETYPE_host_name); - return (-1); -} -LSSL_ALIAS(SSL_get_servername_type); - -/* - * SSL_select_next_proto implements standard protocol selection. It is - * expected that this function is called from the callback set by - * SSL_CTX_set_alpn_select_cb. - * - * The protocol data is assumed to be a vector of 8-bit, length prefixed byte - * strings. The length byte itself is not included in the length. A byte - * string of length 0 is invalid. No byte string may be truncated. - * - * It returns either: - * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or - * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. - * - * XXX - the out argument points into server_list or client_list and should - * therefore really be const. We can't fix that without breaking the callers. - */ -int -SSL_select_next_proto(unsigned char **out, unsigned char *outlen, - const unsigned char *peer_list, unsigned int peer_list_len, - const unsigned char *supported_list, unsigned int supported_list_len) -{ - CBS peer, peer_proto, supported, supported_proto; - - *out = NULL; - *outlen = 0; - - /* First check that the supported list is well-formed. */ - CBS_init(&supported, supported_list, supported_list_len); - if (!tlsext_alpn_check_format(&supported)) - goto err; - - /* - * Use first supported protocol as fallback. This is one way of doing - * NPN's "opportunistic" protocol selection (see security considerations - * in draft-agl-tls-nextprotoneg-04), and it is the documented behavior - * of this API. For ALPN it's the callback's responsibility to fail on - * OPENSSL_NPN_NO_OVERLAP. - */ - - if (!CBS_get_u8_length_prefixed(&supported, &supported_proto)) - goto err; - - *out = (unsigned char *)CBS_data(&supported_proto); - *outlen = CBS_len(&supported_proto); - - /* Now check that the peer list is well-formed. */ - CBS_init(&peer, peer_list, peer_list_len); - if (!tlsext_alpn_check_format(&peer)) - goto err; - - /* - * Walk the peer list and select the first protocol that appears in - * the supported list. Thus we honor peer preference rather than local - * preference contrary to a SHOULD in RFC 7301, section 3.2. - */ - while (CBS_len(&peer) > 0) { - if (!CBS_get_u8_length_prefixed(&peer, &peer_proto)) - goto err; - - CBS_init(&supported, supported_list, supported_list_len); - - while (CBS_len(&supported) > 0) { - if (!CBS_get_u8_length_prefixed(&supported, - &supported_proto)) - goto err; - - if (CBS_mem_equal(&supported_proto, - CBS_data(&peer_proto), CBS_len(&peer_proto))) { - *out = (unsigned char *)CBS_data(&peer_proto); - *outlen = CBS_len(&peer_proto); - - return OPENSSL_NPN_NEGOTIATED; - } - } - } - - err: - return OPENSSL_NPN_NO_OVERLAP; -} -LSSL_ALIAS(SSL_select_next_proto); - -/* SSL_get0_next_proto_negotiated is deprecated. */ -void -SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, - unsigned int *len) -{ - *data = NULL; - *len = 0; -} -LSSL_ALIAS(SSL_get0_next_proto_negotiated); - -/* SSL_CTX_set_next_protos_advertised_cb is deprecated. */ -void -SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, - const unsigned char **out, unsigned int *outlen, void *arg), void *arg) -{ -} -LSSL_ALIAS(SSL_CTX_set_next_protos_advertised_cb); - -/* SSL_CTX_set_next_proto_select_cb is deprecated. */ -void -SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, - unsigned char **out, unsigned char *outlen, const unsigned char *in, - unsigned int inlen, void *arg), void *arg) -{ -} -LSSL_ALIAS(SSL_CTX_set_next_proto_select_cb); - -/* - * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified - * protocols, which must be in wire-format (i.e. a series of non-empty, - * 8-bit length-prefixed strings). Returns 0 on success. - */ -int -SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, - unsigned int protos_len) -{ - CBS cbs; - int failed = 1; - - if (protos == NULL) - protos_len = 0; - - CBS_init(&cbs, protos, protos_len); - - if (protos_len > 0) { - if (!tlsext_alpn_check_format(&cbs)) - goto err; - } - - if (!CBS_stow(&cbs, &ctx->alpn_client_proto_list, - &ctx->alpn_client_proto_list_len)) - goto err; - - failed = 0; - - err: - /* NOTE: Return values are the reverse of what you expect. */ - return failed; -} -LSSL_ALIAS(SSL_CTX_set_alpn_protos); - -/* - * SSL_set_alpn_protos sets the ALPN protocol list to the specified - * protocols, which must be in wire-format (i.e. a series of non-empty, - * 8-bit length-prefixed strings). Returns 0 on success. - */ -int -SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, - unsigned int protos_len) -{ - CBS cbs; - int failed = 1; - - if (protos == NULL) - protos_len = 0; - - CBS_init(&cbs, protos, protos_len); - - if (protos_len > 0) { - if (!tlsext_alpn_check_format(&cbs)) - goto err; - } - - if (!CBS_stow(&cbs, &ssl->alpn_client_proto_list, - &ssl->alpn_client_proto_list_len)) - goto err; - - failed = 0; - - err: - /* NOTE: Return values are the reverse of what you expect. */ - return failed; -} -LSSL_ALIAS(SSL_set_alpn_protos); - -/* - * SSL_CTX_set_alpn_select_cb sets a callback function that is called during - * ClientHello processing in order to select an ALPN protocol from the - * client's list of offered protocols. - */ -void -SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx, - int (*cb) (SSL *ssl, const unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, void *arg), void *arg) -{ - ctx->alpn_select_cb = cb; - ctx->alpn_select_cb_arg = arg; -} -LSSL_ALIAS(SSL_CTX_set_alpn_select_cb); - -/* - * SSL_get0_alpn_selected gets the selected ALPN protocol (if any). On return - * it sets data to point to len bytes of protocol name (not including the - * leading length-prefix byte). If the server didn't respond with* a negotiated - * protocol then len will be zero. - */ -void -SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, - unsigned int *len) -{ - *data = ssl->s3->alpn_selected; - *len = ssl->s3->alpn_selected_len; -} -LSSL_ALIAS(SSL_get0_alpn_selected); - -void -SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb) -{ - return; -} -LSSL_ALIAS(SSL_set_psk_use_session_callback); - -int -SSL_export_keying_material(SSL *s, unsigned char *out, size_t out_len, - const char *label, size_t label_len, const unsigned char *context, - size_t context_len, int use_context) -{ - if (s->tls13 != NULL && s->version == TLS1_3_VERSION) { - if (!use_context) { - context = NULL; - context_len = 0; - } - return tls13_exporter(s->tls13, label, label_len, context, - context_len, out, out_len); - } - - return tls12_exporter(s, label, label_len, context, context_len, - use_context, out, out_len); -} -LSSL_ALIAS(SSL_export_keying_material); - -static unsigned long -ssl_session_hash(const SSL_SESSION *a) -{ - unsigned long l; - - l = (unsigned long) - ((unsigned int) a->session_id[0] )| - ((unsigned int) a->session_id[1]<< 8L)| - ((unsigned long)a->session_id[2]<<16L)| - ((unsigned long)a->session_id[3]<<24L); - return (l); -} - -/* - * NB: If this function (or indeed the hash function which uses a sort of - * coarser function than this one) is changed, ensure - * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being - * able to construct an SSL_SESSION that will collide with any existing session - * with a matching session ID. - */ -static int -ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) -{ - if (a->ssl_version != b->ssl_version) - return (1); - if (a->session_id_length != b->session_id_length) - return (1); - if (timingsafe_memcmp(a->session_id, b->session_id, a->session_id_length) != 0) - return (1); - return (0); -} - -/* - * These wrapper functions should remain rather than redeclaring - * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each - * variable. The reason is that the functions aren't static, they're exposed via - * ssl.h. - */ -static unsigned long -ssl_session_LHASH_HASH(const void *arg) -{ - const SSL_SESSION *a = arg; - - return ssl_session_hash(a); -} - -static int -ssl_session_LHASH_COMP(const void *arg1, const void *arg2) -{ - const SSL_SESSION *a = arg1; - const SSL_SESSION *b = arg2; - - return ssl_session_cmp(a, b); -} - -SSL_CTX * -SSL_CTX_new(const SSL_METHOD *meth) -{ - SSL_CTX *ret; - - if (!OPENSSL_init_ssl(0, NULL)) { - SSLerrorx(SSL_R_LIBRARY_BUG); - return (NULL); - } - - if (meth == NULL) { - SSLerrorx(SSL_R_NULL_SSL_METHOD_PASSED); - return (NULL); - } - - if ((ret = calloc(1, sizeof(*ret))) == NULL) { - SSLerrorx(ERR_R_MALLOC_FAILURE); - return (NULL); - } - - if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { - SSLerrorx(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); - goto err; - } - - ret->method = meth; - ret->min_tls_version = meth->min_tls_version; - ret->max_tls_version = meth->max_tls_version; - ret->min_proto_version = 0; - ret->max_proto_version = 0; - ret->mode = SSL_MODE_AUTO_RETRY; - - ret->cert_store = NULL; - ret->session_cache_mode = SSL_SESS_CACHE_SERVER; - ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; - ret->session_cache_head = NULL; - ret->session_cache_tail = NULL; - - /* We take the system default */ - ret->session_timeout = ssl_get_default_timeout(); - - ret->new_session_cb = NULL; - ret->remove_session_cb = NULL; - ret->get_session_cb = NULL; - ret->generate_session_id = NULL; - - memset((char *)&ret->stats, 0, sizeof(ret->stats)); - - ret->references = 1; - ret->quiet_shutdown = 0; - - ret->info_callback = NULL; - - ret->app_verify_callback = NULL; - ret->app_verify_arg = NULL; - - ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; - ret->read_ahead = 0; - ret->msg_callback = NULL; - ret->msg_callback_arg = NULL; - ret->verify_mode = SSL_VERIFY_NONE; - ret->sid_ctx_length = 0; - ret->default_verify_callback = NULL; - - if ((ret->cert = ssl_cert_new()) == NULL) - goto err; - - ret->default_passwd_callback = NULL; - ret->default_passwd_callback_userdata = NULL; - ret->client_cert_cb = NULL; - ret->app_gen_cookie_cb = NULL; - ret->app_verify_cookie_cb = NULL; - - ret->sessions = lh_SSL_SESSION_new(); - if (ret->sessions == NULL) - goto err; - ret->cert_store = X509_STORE_new(); - if (ret->cert_store == NULL) - goto err; - - ssl_create_cipher_list(ret->method, &ret->cipher_list, - NULL, SSL_DEFAULT_CIPHER_LIST, ret->cert); - if (ret->cipher_list == NULL || - sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { - SSLerrorx(SSL_R_LIBRARY_HAS_NO_CIPHERS); - goto err2; - } - - ret->param = X509_VERIFY_PARAM_new(); - if (!ret->param) - goto err; - - if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL) - goto err; - - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); - - ret->extra_certs = NULL; - - ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; - - ret->tlsext_servername_callback = 0; - ret->tlsext_servername_arg = NULL; - - /* Setup RFC4507 ticket keys */ - arc4random_buf(ret->tlsext_tick_key_name, 16); - arc4random_buf(ret->tlsext_tick_hmac_key, 16); - arc4random_buf(ret->tlsext_tick_aes_key, 16); - - ret->tlsext_status_cb = 0; - ret->tlsext_status_arg = NULL; - - /* - * Default is to connect to non-RI servers. When RI is more widely - * deployed might change this. - */ - ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; - - return (ret); - err: - SSLerrorx(ERR_R_MALLOC_FAILURE); - err2: - SSL_CTX_free(ret); - return (NULL); -} -LSSL_ALIAS(SSL_CTX_new); - -void -SSL_CTX_free(SSL_CTX *ctx) -{ - int i; - - if (ctx == NULL) - return; - - i = CRYPTO_add(&ctx->references, -1, CRYPTO_LOCK_SSL_CTX); - if (i > 0) - return; - - X509_VERIFY_PARAM_free(ctx->param); - - /* - * Free internal session cache. However: the remove_cb() may reference - * the ex_data of SSL_CTX, thus the ex_data store can only be removed - * after the sessions were flushed. - * As the ex_data handling routines might also touch the session cache, - * the most secure solution seems to be: empty (flush) the cache, then - * free ex_data, then finally free the cache. - * (See ticket [openssl.org #212].) - */ - if (ctx->sessions != NULL) - SSL_CTX_flush_sessions(ctx, 0); - - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ctx, &ctx->ex_data); - - lh_SSL_SESSION_free(ctx->sessions); - - X509_STORE_free(ctx->cert_store); - sk_SSL_CIPHER_free(ctx->cipher_list); - sk_SSL_CIPHER_free(ctx->cipher_list_tls13); - ssl_cert_free(ctx->cert); - sk_X509_NAME_pop_free(ctx->client_CA, X509_NAME_free); - sk_X509_pop_free(ctx->extra_certs, X509_free); - -#ifndef OPENSSL_NO_SRTP - if (ctx->srtp_profiles) - sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles); -#endif - - free(ctx->tlsext_ecpointformatlist); - free(ctx->tlsext_supportedgroups); - - free(ctx->alpn_client_proto_list); - - free(ctx); -} -LSSL_ALIAS(SSL_CTX_free); - -int -SSL_CTX_up_ref(SSL_CTX *ctx) -{ - return CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX) > 1; -} -LSSL_ALIAS(SSL_CTX_up_ref); - -pem_password_cb * -SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx) -{ - return (ctx->default_passwd_callback); -} -LSSL_ALIAS(SSL_CTX_get_default_passwd_cb); - -void -SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) -{ - ctx->default_passwd_callback = cb; -} -LSSL_ALIAS(SSL_CTX_set_default_passwd_cb); - -void * -SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx) -{ - return ctx->default_passwd_callback_userdata; -} -LSSL_ALIAS(SSL_CTX_get_default_passwd_cb_userdata); - -void -SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) -{ - ctx->default_passwd_callback_userdata = u; -} -LSSL_ALIAS(SSL_CTX_set_default_passwd_cb_userdata); - -void -SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, - int (*cb)(X509_STORE_CTX *, void *), void *arg) -{ - ctx->app_verify_callback = cb; - ctx->app_verify_arg = arg; -} -LSSL_ALIAS(SSL_CTX_set_cert_verify_callback); - -void -SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *)) -{ - ctx->verify_mode = mode; - ctx->default_verify_callback = cb; -} -LSSL_ALIAS(SSL_CTX_set_verify); - -void -SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) -{ - X509_VERIFY_PARAM_set_depth(ctx->param, depth); -} -LSSL_ALIAS(SSL_CTX_set_verify_depth); - -void -ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher) -{ - unsigned long mask_a, mask_k; - SSL_CERT_PKEY *cpk; - - if (c == NULL) - return; - - mask_a = SSL_aNULL | SSL_aTLS1_3; - mask_k = SSL_kECDHE | SSL_kTLS1_3; - - if (c->dhe_params != NULL || c->dhe_params_cb != NULL || - c->dhe_params_auto != 0) - mask_k |= SSL_kDHE; - - cpk = &(c->pkeys[SSL_PKEY_ECC]); - if (cpk->x509 != NULL && cpk->privatekey != NULL) { - /* Key usage, if present, must allow signing. */ - if (X509_get_key_usage(cpk->x509) & X509v3_KU_DIGITAL_SIGNATURE) - mask_a |= SSL_aECDSA; - } - - cpk = &(c->pkeys[SSL_PKEY_RSA]); - if (cpk->x509 != NULL && cpk->privatekey != NULL) { - mask_a |= SSL_aRSA; - mask_k |= SSL_kRSA; - } - - c->mask_k = mask_k; - c->mask_a = mask_a; - c->valid = 1; -} - -/* See if this handshake is using an ECC cipher suite. */ -int -ssl_using_ecc_cipher(SSL *s) -{ - unsigned long alg_a, alg_k; - - alg_a = s->s3->hs.cipher->algorithm_auth; - alg_k = s->s3->hs.cipher->algorithm_mkey; - - return s->session->tlsext_ecpointformatlist != NULL && - s->session->tlsext_ecpointformatlist_length > 0 && - ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)); -} - -int -ssl_check_srvr_ecc_cert_and_alg(SSL *s, X509 *x) -{ - const SSL_CIPHER *cs = s->s3->hs.cipher; - unsigned long alg_a; - - alg_a = cs->algorithm_auth; - - if (alg_a & SSL_aECDSA) { - /* Key usage, if present, must allow signing. */ - if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) { - SSLerror(s, SSL_R_ECC_CERT_NOT_FOR_SIGNING); - return (0); - } - } - - return (1); -} - -SSL_CERT_PKEY * -ssl_get_server_send_pkey(const SSL *s) -{ - unsigned long alg_a; - SSL_CERT *c; - int i; - - c = s->cert; - ssl_set_cert_masks(c, s->s3->hs.cipher); - - alg_a = s->s3->hs.cipher->algorithm_auth; - - if (alg_a & SSL_aECDSA) { - i = SSL_PKEY_ECC; - } else if (alg_a & SSL_aRSA) { - i = SSL_PKEY_RSA; - } else { /* if (alg_a & SSL_aNULL) */ - SSLerror(s, ERR_R_INTERNAL_ERROR); - return (NULL); - } - - return (c->pkeys + i); -} - -EVP_PKEY * -ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd, - const struct ssl_sigalg **sap) -{ - const struct ssl_sigalg *sigalg = NULL; - EVP_PKEY *pkey = NULL; - unsigned long alg_a; - SSL_CERT *c; - int idx = -1; - - alg_a = cipher->algorithm_auth; - c = s->cert; - - if (alg_a & SSL_aRSA) { - idx = SSL_PKEY_RSA; - } else if ((alg_a & SSL_aECDSA) && - (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) - idx = SSL_PKEY_ECC; - if (idx == -1) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - return (NULL); - } - - pkey = c->pkeys[idx].privatekey; - if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) { - SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); - return (NULL); - } - *pmd = sigalg->md(); - *sap = sigalg; - - return (pkey); -} - -size_t -ssl_dhe_params_auto_key_bits(SSL *s) -{ - SSL_CERT_PKEY *cpk; - int key_bits; - - if (s->cert->dhe_params_auto == 2) { - key_bits = 1024; - } else if (s->s3->hs.cipher->algorithm_auth & SSL_aNULL) { - key_bits = 1024; - if (s->s3->hs.cipher->strength_bits == 256) - key_bits = 3072; - } else { - if ((cpk = ssl_get_server_send_pkey(s)) == NULL) - return 0; - if (cpk->privatekey == NULL || - EVP_PKEY_get0_RSA(cpk->privatekey) == NULL) - return 0; - if ((key_bits = EVP_PKEY_bits(cpk->privatekey)) <= 0) - return 0; - } - - return key_bits; -} - -static int -ssl_should_update_external_cache(SSL *s, int mode) -{ - int cache_mode; - - cache_mode = s->session_ctx->session_cache_mode; - - /* Don't cache if mode says not to */ - if ((cache_mode & mode) == 0) - return 0; - - /* if it is not already cached, cache it */ - if (!s->hit) - return 1; - - /* If it's TLS 1.3, do it to match OpenSSL */ - if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION) - return 1; - - return 0; -} - -static int -ssl_should_update_internal_cache(SSL *s, int mode) -{ - int cache_mode; - - cache_mode = s->session_ctx->session_cache_mode; - - /* Don't cache if mode says not to */ - if ((cache_mode & mode) == 0) - return 0; - - /* If it is already cached, don't cache it again */ - if (s->hit) - return 0; - - if ((cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE) != 0) - return 0; - - /* If we are lesser than TLS 1.3, Cache it. */ - if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION) - return 1; - - /* Below this we consider TLS 1.3 or later */ - - /* If it's not a server, add it? OpenSSL does this. */ - if (!s->server) - return 1; - - /* XXX if we support early data / PSK need to add */ - - /* - * If we have the remove session callback, we will want - * to know about this even if it's a stateless ticket - * from 1.3 so we can know when it is removed. - */ - if (s->session_ctx->remove_session_cb != NULL) - return 1; - - /* If we have set OP_NO_TICKET, cache it. */ - if ((s->options & SSL_OP_NO_TICKET) != 0) - return 1; - - /* Otherwise do not cache */ - return 0; -} - -void -ssl_update_cache(SSL *s, int mode) -{ - int cache_mode, do_callback; - - if (s->session->session_id_length == 0) - return; - - cache_mode = s->session_ctx->session_cache_mode; - do_callback = ssl_should_update_external_cache(s, mode); - - if (ssl_should_update_internal_cache(s, mode)) { - /* - * XXX should we fail if the add to the internal cache - * fails? OpenSSL doesn't care.. - */ - (void) SSL_CTX_add_session(s->session_ctx, s->session); - } - - /* - * Update the "external cache" by calling the new session - * callback if present, even with TLS 1.3 without early data - * "because some application just want to know about the - * creation of a session and aren't doing a full cache". - * Apparently, if they are doing a full cache, they'll have - * some fun, but we endeavour to give application writers the - * same glorious experience they expect from OpenSSL which - * does it this way. - */ - if (do_callback && s->session_ctx->new_session_cb != NULL) { - CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); - if (!s->session_ctx->new_session_cb(s, s->session)) - SSL_SESSION_free(s->session); - } - - /* Auto flush every 255 connections. */ - if (!(cache_mode & SSL_SESS_CACHE_NO_AUTO_CLEAR) && - (cache_mode & mode) != 0) { - int connections; - if (mode & SSL_SESS_CACHE_CLIENT) - connections = s->session_ctx->stats.sess_connect_good; - else - connections = s->session_ctx->stats.sess_accept_good; - if ((connections & 0xff) == 0xff) - SSL_CTX_flush_sessions(s->session_ctx, time(NULL)); - } -} - -const SSL_METHOD * -SSL_get_ssl_method(SSL *s) -{ - return (s->method); -} -LSSL_ALIAS(SSL_get_ssl_method); - -int -SSL_set_ssl_method(SSL *s, const SSL_METHOD *method) -{ - int (*handshake_func)(SSL *) = NULL; - int ret = 1; - - if (s->method == method) - return (ret); - - if (s->handshake_func == s->method->ssl_connect) - handshake_func = method->ssl_connect; - else if (s->handshake_func == s->method->ssl_accept) - handshake_func = method->ssl_accept; - - if (s->method->version == method->version) { - s->method = method; - } else { - s->method->ssl_free(s); - s->method = method; - ret = s->method->ssl_new(s); - } - s->handshake_func = handshake_func; - - return (ret); -} -LSSL_ALIAS(SSL_set_ssl_method); - -int -SSL_get_error(const SSL *s, int i) -{ - unsigned long l; - int reason; - BIO *bio; - - if (i > 0) - return (SSL_ERROR_NONE); - - /* - * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake - * etc, where we do encode the error. - */ - if ((l = ERR_peek_error()) != 0) { - if (ERR_GET_LIB(l) == ERR_LIB_SYS) - return (SSL_ERROR_SYSCALL); - else - return (SSL_ERROR_SSL); - } - - if (SSL_want_read(s)) { - bio = SSL_get_rbio(s); - if (BIO_should_read(bio)) { - return (SSL_ERROR_WANT_READ); - } else if (BIO_should_write(bio)) { - /* - * This one doesn't make too much sense... We never - * try to write to the rbio, and an application - * program where rbio and wbio are separate couldn't - * even know what it should wait for. However if we - * ever set s->rwstate incorrectly (so that we have - * SSL_want_read(s) instead of SSL_want_write(s)) - * and rbio and wbio *are* the same, this test works - * around that bug; so it might be safer to keep it. - */ - return (SSL_ERROR_WANT_WRITE); - } else if (BIO_should_io_special(bio)) { - reason = BIO_get_retry_reason(bio); - if (reason == BIO_RR_CONNECT) - return (SSL_ERROR_WANT_CONNECT); - else if (reason == BIO_RR_ACCEPT) - return (SSL_ERROR_WANT_ACCEPT); - else - return (SSL_ERROR_SYSCALL); /* unknown */ - } - } - - if (SSL_want_write(s)) { - bio = SSL_get_wbio(s); - if (BIO_should_write(bio)) { - return (SSL_ERROR_WANT_WRITE); - } else if (BIO_should_read(bio)) { - /* - * See above (SSL_want_read(s) with - * BIO_should_write(bio)) - */ - return (SSL_ERROR_WANT_READ); - } else if (BIO_should_io_special(bio)) { - reason = BIO_get_retry_reason(bio); - if (reason == BIO_RR_CONNECT) - return (SSL_ERROR_WANT_CONNECT); - else if (reason == BIO_RR_ACCEPT) - return (SSL_ERROR_WANT_ACCEPT); - else - return (SSL_ERROR_SYSCALL); - } - } - - if (SSL_want_x509_lookup(s)) - return (SSL_ERROR_WANT_X509_LOOKUP); - - if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && - (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) - return (SSL_ERROR_ZERO_RETURN); - - return (SSL_ERROR_SYSCALL); -} -LSSL_ALIAS(SSL_get_error); - -int -SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method) -{ - if (ctx->method->dtls) - return 0; - - ctx->quic_method = quic_method; - - return 1; -} -LSSL_ALIAS(SSL_CTX_set_quic_method); - -int -SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method) -{ - if (ssl->method->dtls) - return 0; - - ssl->quic_method = quic_method; - - return 1; -} -LSSL_ALIAS(SSL_set_quic_method); - -size_t -SSL_quic_max_handshake_flight_len(const SSL *ssl, - enum ssl_encryption_level_t level) -{ - size_t flight_len; - - /* Limit flights to 16K when there are no large certificate messages. */ - flight_len = 16384; - - switch (level) { - case ssl_encryption_initial: - return flight_len; - - case ssl_encryption_early_data: - /* QUIC does not send EndOfEarlyData. */ - return 0; - - case ssl_encryption_handshake: - if (ssl->server) { - /* - * Servers may receive Certificate message if configured - * to request client certificates. - */ - if ((SSL_get_verify_mode(ssl) & SSL_VERIFY_PEER) != 0 && - ssl->max_cert_list > flight_len) - flight_len = ssl->max_cert_list; - } else { - /* - * Clients may receive both Certificate message and a - * CertificateRequest message. - */ - if (ssl->max_cert_list * 2 > flight_len) - flight_len = ssl->max_cert_list * 2; - } - return flight_len; - case ssl_encryption_application: - /* - * Note there is not actually a bound on the number of - * NewSessionTickets one may send in a row. This level may need - * more involved flow control. - */ - return flight_len; - } - - return 0; -} -LSSL_ALIAS(SSL_quic_max_handshake_flight_len); - -enum ssl_encryption_level_t -SSL_quic_read_level(const SSL *ssl) -{ - return ssl->s3->hs.tls13.quic_read_level; -} -LSSL_ALIAS(SSL_quic_read_level); - -enum ssl_encryption_level_t -SSL_quic_write_level(const SSL *ssl) -{ - return ssl->s3->hs.tls13.quic_write_level; -} -LSSL_ALIAS(SSL_quic_write_level); - -int -SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level, - const uint8_t *data, size_t len) -{ - if (!SSL_is_quic(ssl)) { - SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - - if (level != SSL_quic_read_level(ssl)) { - SSLerror(ssl, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED); - return 0; - } - - if (ssl->s3->hs.tls13.quic_read_buffer == NULL) { - ssl->s3->hs.tls13.quic_read_buffer = tls_buffer_new(0); - if (ssl->s3->hs.tls13.quic_read_buffer == NULL) { - SSLerror(ssl, ERR_R_MALLOC_FAILURE); - return 0; - } - } - - /* XXX - note that this does not currently downsize. */ - tls_buffer_set_capacity_limit(ssl->s3->hs.tls13.quic_read_buffer, - SSL_quic_max_handshake_flight_len(ssl, level)); - - /* - * XXX - an append that fails due to exceeding capacity should set - * SSL_R_EXCESSIVE_MESSAGE_SIZE. - */ - return tls_buffer_append(ssl->s3->hs.tls13.quic_read_buffer, data, len); -} -LSSL_ALIAS(SSL_provide_quic_data); - -int -SSL_process_quic_post_handshake(SSL *ssl) -{ - /* XXX - this needs to run PHH received. */ - return 1; -} -LSSL_ALIAS(SSL_process_quic_post_handshake); - -int -SSL_do_handshake(SSL *s) -{ - if (s->handshake_func == NULL) { - SSLerror(s, SSL_R_CONNECTION_TYPE_NOT_SET); - return (-1); - } - - s->method->ssl_renegotiate_check(s); - - if (!SSL_in_init(s) && !SSL_in_before(s)) - return 1; - - return s->handshake_func(s); -} -LSSL_ALIAS(SSL_do_handshake); - -/* - * For the next 2 functions, SSL_clear() sets shutdown and so - * one of these calls will reset it - */ -void -SSL_set_accept_state(SSL *s) -{ - s->server = 1; - s->shutdown = 0; - s->s3->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE; - s->handshake_func = s->method->ssl_accept; - ssl_clear_cipher_state(s); -} -LSSL_ALIAS(SSL_set_accept_state); - -void -SSL_set_connect_state(SSL *s) -{ - s->server = 0; - s->shutdown = 0; - s->s3->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE; - s->handshake_func = s->method->ssl_connect; - ssl_clear_cipher_state(s); -} -LSSL_ALIAS(SSL_set_connect_state); - -int -ssl_undefined_function(SSL *s) -{ - SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (0); -} - -int -ssl_undefined_void_function(void) -{ - SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (0); -} - -int -ssl_undefined_const_function(const SSL *s) -{ - SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (0); -} - -const char * -ssl_version_string(int ver) -{ - switch (ver) { - case TLS1_VERSION: - return (SSL_TXT_TLSV1); - case TLS1_1_VERSION: - return (SSL_TXT_TLSV1_1); - case TLS1_2_VERSION: - return (SSL_TXT_TLSV1_2); - case TLS1_3_VERSION: - return (SSL_TXT_TLSV1_3); - case DTLS1_VERSION: - return (SSL_TXT_DTLS1); - case DTLS1_2_VERSION: - return (SSL_TXT_DTLS1_2); - default: - return ("unknown"); - } -} - -const char * -SSL_get_version(const SSL *s) -{ - return ssl_version_string(s->version); -} -LSSL_ALIAS(SSL_get_version); - -SSL * -SSL_dup(SSL *s) -{ - STACK_OF(X509_NAME) *sk; - X509_NAME *xn; - SSL *ret; - int i; - - if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL) - goto err; - - ret->version = s->version; - ret->method = s->method; - - if (s->session != NULL) { - if (!SSL_copy_session_id(ret, s)) - goto err; - } else { - /* - * No session has been established yet, so we have to expect - * that s->cert or ret->cert will be changed later -- - * they should not both point to the same object, - * and thus we can't use SSL_copy_session_id. - */ - - ret->method->ssl_free(ret); - ret->method = s->method; - ret->method->ssl_new(ret); - - ssl_cert_free(ret->cert); - if ((ret->cert = ssl_cert_dup(s->cert)) == NULL) - goto err; - - if (!SSL_set_session_id_context(ret, s->sid_ctx, - s->sid_ctx_length)) - goto err; - } - - ret->options = s->options; - ret->mode = s->mode; - SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); - SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); - ret->msg_callback = s->msg_callback; - ret->msg_callback_arg = s->msg_callback_arg; - SSL_set_verify(ret, SSL_get_verify_mode(s), - SSL_get_verify_callback(s)); - SSL_set_verify_depth(ret, SSL_get_verify_depth(s)); - ret->generate_session_id = s->generate_session_id; - - SSL_set_info_callback(ret, SSL_get_info_callback(s)); - - /* copy app data, a little dangerous perhaps */ - if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, - &ret->ex_data, &s->ex_data)) - goto err; - - /* setup rbio, and wbio */ - if (s->rbio != NULL) { - if (!BIO_dup_state(s->rbio,(char *)&ret->rbio)) - goto err; - } - if (s->wbio != NULL) { - if (s->wbio != s->rbio) { - if (!BIO_dup_state(s->wbio,(char *)&ret->wbio)) - goto err; - } else - ret->wbio = ret->rbio; - } - ret->rwstate = s->rwstate; - ret->in_handshake = s->in_handshake; - ret->handshake_func = s->handshake_func; - ret->server = s->server; - ret->renegotiate = s->renegotiate; - ret->new_session = s->new_session; - ret->quiet_shutdown = s->quiet_shutdown; - ret->shutdown = s->shutdown; - /* SSL_dup does not really work at any state, though */ - ret->s3->hs.state = s->s3->hs.state; - ret->rstate = s->rstate; - - /* - * Would have to copy ret->init_buf, ret->init_msg, ret->init_num, - * ret->init_off - */ - ret->init_num = 0; - - ret->hit = s->hit; - - X509_VERIFY_PARAM_inherit(ret->param, s->param); - - if (s->cipher_list != NULL) { - if ((ret->cipher_list = - sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) - goto err; - } - if (s->cipher_list_tls13 != NULL) { - if ((ret->cipher_list_tls13 = - sk_SSL_CIPHER_dup(s->cipher_list_tls13)) == NULL) - goto err; - } - - /* Dup the client_CA list */ - if (s->client_CA != NULL) { - if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; - ret->client_CA = sk; - for (i = 0; i < sk_X509_NAME_num(sk); i++) { - xn = sk_X509_NAME_value(sk, i); - if (sk_X509_NAME_set(sk, i, - X509_NAME_dup(xn)) == NULL) { - X509_NAME_free(xn); - goto err; - } - } - } - - return ret; - err: - SSL_free(ret); - return NULL; -} -LSSL_ALIAS(SSL_dup); - -void -ssl_clear_cipher_state(SSL *s) -{ - tls12_record_layer_clear_read_state(s->rl); - tls12_record_layer_clear_write_state(s->rl); -} - -void -ssl_info_callback(const SSL *s, int type, int value) -{ - ssl_info_callback_fn *cb; - - if ((cb = s->info_callback) == NULL) - cb = s->ctx->info_callback; - if (cb != NULL) - cb(s, type, value); -} - -void -ssl_msg_callback(SSL *s, int is_write, int content_type, - const void *msg_buf, size_t msg_len) -{ - if (s->msg_callback == NULL) - return; - - s->msg_callback(is_write, s->version, content_type, - msg_buf, msg_len, s, s->msg_callback_arg); -} - -void -ssl_msg_callback_cbs(SSL *s, int is_write, int content_type, CBS *cbs) -{ - ssl_msg_callback(s, is_write, content_type, CBS_data(cbs), CBS_len(cbs)); -} - -/* Fix this function so that it takes an optional type parameter */ -X509 * -SSL_get_certificate(const SSL *s) -{ - return (s->cert->key->x509); -} -LSSL_ALIAS(SSL_get_certificate); - -/* Fix this function so that it takes an optional type parameter */ -EVP_PKEY * -SSL_get_privatekey(const SSL *s) -{ - return (s->cert->key->privatekey); -} -LSSL_ALIAS(SSL_get_privatekey); - -const SSL_CIPHER * -SSL_get_current_cipher(const SSL *s) -{ - return s->s3->hs.cipher; -} -LSSL_ALIAS(SSL_get_current_cipher); - -const void * -SSL_get_current_compression(SSL *s) -{ - return (NULL); -} -LSSL_ALIAS(SSL_get_current_compression); - -const void * -SSL_get_current_expansion(SSL *s) -{ - return (NULL); -} -LSSL_ALIAS(SSL_get_current_expansion); - -size_t -SSL_get_client_random(const SSL *s, unsigned char *out, size_t max_out) -{ - size_t len = sizeof(s->s3->client_random); - - if (out == NULL) - return len; - - if (len > max_out) - len = max_out; - - memcpy(out, s->s3->client_random, len); - - return len; -} -LSSL_ALIAS(SSL_get_client_random); - -size_t -SSL_get_server_random(const SSL *s, unsigned char *out, size_t max_out) -{ - size_t len = sizeof(s->s3->server_random); - - if (out == NULL) - return len; - - if (len > max_out) - len = max_out; - - memcpy(out, s->s3->server_random, len); - - return len; -} -LSSL_ALIAS(SSL_get_server_random); - -int -ssl_init_wbio_buffer(SSL *s, int push) -{ - BIO *bbio; - - if (s->bbio == NULL) { - bbio = BIO_new(BIO_f_buffer()); - if (bbio == NULL) - return (0); - s->bbio = bbio; - } else { - bbio = s->bbio; - if (s->bbio == s->wbio) - s->wbio = BIO_pop(s->wbio); - } - (void)BIO_reset(bbio); -/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ - if (!BIO_set_read_buffer_size(bbio, 1)) { - SSLerror(s, ERR_R_BUF_LIB); - return (0); - } - if (push) { - if (s->wbio != bbio) - s->wbio = BIO_push(bbio, s->wbio); - } else { - if (s->wbio == bbio) - s->wbio = BIO_pop(bbio); - } - return (1); -} - -void -ssl_free_wbio_buffer(SSL *s) -{ - if (s == NULL) - return; - - if (s->bbio == NULL) - return; - - if (s->bbio == s->wbio) { - /* remove buffering */ - s->wbio = BIO_pop(s->wbio); - } - BIO_free(s->bbio); - s->bbio = NULL; -} - -void -SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) -{ - ctx->quiet_shutdown = mode; -} -LSSL_ALIAS(SSL_CTX_set_quiet_shutdown); - -int -SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) -{ - return (ctx->quiet_shutdown); -} -LSSL_ALIAS(SSL_CTX_get_quiet_shutdown); - -void -SSL_set_quiet_shutdown(SSL *s, int mode) -{ - s->quiet_shutdown = mode; -} -LSSL_ALIAS(SSL_set_quiet_shutdown); - -int -SSL_get_quiet_shutdown(const SSL *s) -{ - return (s->quiet_shutdown); -} -LSSL_ALIAS(SSL_get_quiet_shutdown); - -void -SSL_set_shutdown(SSL *s, int mode) -{ - s->shutdown = mode; -} -LSSL_ALIAS(SSL_set_shutdown); - -int -SSL_get_shutdown(const SSL *s) -{ - return (s->shutdown); -} -LSSL_ALIAS(SSL_get_shutdown); - -int -SSL_version(const SSL *s) -{ - return (s->version); -} -LSSL_ALIAS(SSL_version); - -SSL_CTX * -SSL_get_SSL_CTX(const SSL *ssl) -{ - return (ssl->ctx); -} -LSSL_ALIAS(SSL_get_SSL_CTX); - -SSL_CTX * -SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) -{ - SSL_CERT *new_cert; - - if (ctx == NULL) - ctx = ssl->initial_ctx; - if (ssl->ctx == ctx) - return (ssl->ctx); - - if ((new_cert = ssl_cert_dup(ctx->cert)) == NULL) - return NULL; - ssl_cert_free(ssl->cert); - ssl->cert = new_cert; - - SSL_CTX_up_ref(ctx); - SSL_CTX_free(ssl->ctx); /* decrement reference count */ - ssl->ctx = ctx; - - return (ssl->ctx); -} -LSSL_ALIAS(SSL_set_SSL_CTX); - -int -SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) -{ - return (X509_STORE_set_default_paths(ctx->cert_store)); -} -LSSL_ALIAS(SSL_CTX_set_default_verify_paths); - -int -SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, - const char *CApath) -{ - return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath)); -} -LSSL_ALIAS(SSL_CTX_load_verify_locations); - -int -SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len) -{ - return (X509_STORE_load_mem(ctx->cert_store, buf, len)); -} -LSSL_ALIAS(SSL_CTX_load_verify_mem); - -void -SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int val)) -{ - ssl->info_callback = cb; -} -LSSL_ALIAS(SSL_set_info_callback); - -void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val) -{ - return (ssl->info_callback); -} -LSSL_ALIAS(SSL_get_info_callback); - -int -SSL_state(const SSL *ssl) -{ - return (ssl->s3->hs.state); -} -LSSL_ALIAS(SSL_state); - -void -SSL_set_state(SSL *ssl, int state) -{ - ssl->s3->hs.state = state; -} -LSSL_ALIAS(SSL_set_state); - -void -SSL_set_verify_result(SSL *ssl, long arg) -{ - ssl->verify_result = arg; -} -LSSL_ALIAS(SSL_set_verify_result); - -long -SSL_get_verify_result(const SSL *ssl) -{ - return (ssl->verify_result); -} -LSSL_ALIAS(SSL_get_verify_result); - -int -SSL_verify_client_post_handshake(SSL *ssl) -{ - return 0; -} -LSSL_ALIAS(SSL_verify_client_post_handshake); - -void -SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val) -{ - return; -} -LSSL_ALIAS(SSL_CTX_set_post_handshake_auth); - -void -SSL_set_post_handshake_auth(SSL *ssl, int val) -{ - return; -} -LSSL_ALIAS(SSL_set_post_handshake_auth); - -int -SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -{ - return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, - new_func, dup_func, free_func)); -} -LSSL_ALIAS(SSL_get_ex_new_index); - -int -SSL_set_ex_data(SSL *s, int idx, void *arg) -{ - return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); -} -LSSL_ALIAS(SSL_set_ex_data); - -void * -SSL_get_ex_data(const SSL *s, int idx) -{ - return (CRYPTO_get_ex_data(&s->ex_data, idx)); -} -LSSL_ALIAS(SSL_get_ex_data); - -int -SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -{ - return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, - new_func, dup_func, free_func)); -} -LSSL_ALIAS(SSL_CTX_get_ex_new_index); - -int -SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) -{ - return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); -} -LSSL_ALIAS(SSL_CTX_set_ex_data); - -void * -SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) -{ - return (CRYPTO_get_ex_data(&s->ex_data, idx)); -} -LSSL_ALIAS(SSL_CTX_get_ex_data); - -int -ssl_ok(SSL *s) -{ - return (1); -} - -X509_STORE * -SSL_CTX_get_cert_store(const SSL_CTX *ctx) -{ - return (ctx->cert_store); -} -LSSL_ALIAS(SSL_CTX_get_cert_store); - -void -SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) -{ - X509_STORE_free(ctx->cert_store); - ctx->cert_store = store; -} -LSSL_ALIAS(SSL_CTX_set_cert_store); - -void -SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store) -{ - if (store != NULL) - X509_STORE_up_ref(store); - - SSL_CTX_set_cert_store(ctx, store); -} -LSSL_ALIAS(SSL_CTX_set1_cert_store); - -X509 * -SSL_CTX_get0_certificate(const SSL_CTX *ctx) -{ - if (ctx->cert == NULL) - return NULL; - - return ctx->cert->key->x509; -} -LSSL_ALIAS(SSL_CTX_get0_certificate); - -EVP_PKEY * -SSL_CTX_get0_privatekey(const SSL_CTX *ctx) -{ - if (ctx->cert == NULL) - return NULL; - - return ctx->cert->key->privatekey; -} -LSSL_ALIAS(SSL_CTX_get0_privatekey); - -int -SSL_want(const SSL *s) -{ - return (s->rwstate); -} -LSSL_ALIAS(SSL_want); - -void -SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, - int keylength)) -{ - SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); -} -LSSL_ALIAS(SSL_CTX_set_tmp_rsa_callback); - -void -SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export, - int keylength)) -{ - SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); -} -LSSL_ALIAS(SSL_set_tmp_rsa_callback); - -void -SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export, - int keylength)) -{ - SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); -} -LSSL_ALIAS(SSL_CTX_set_tmp_dh_callback); - -void -SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export, - int keylength)) -{ - SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); -} -LSSL_ALIAS(SSL_set_tmp_dh_callback); - -void -SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, - int is_export, int keylength)) -{ - SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB, - (void (*)(void))ecdh); -} -LSSL_ALIAS(SSL_CTX_set_tmp_ecdh_callback); - -void -SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, - int keylength)) -{ - SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); -} -LSSL_ALIAS(SSL_set_tmp_ecdh_callback); - - -void -SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, - int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) -{ - SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, - (void (*)(void))cb); -} -LSSL_ALIAS(SSL_CTX_set_msg_callback); - -void -SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, - int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) -{ - SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); -} -LSSL_ALIAS(SSL_set_msg_callback); - -int -SSL_cache_hit(SSL *s) -{ - return (s->hit); -} -LSSL_ALIAS(SSL_cache_hit); - -int -SSL_CTX_get_min_proto_version(SSL_CTX *ctx) -{ - return ctx->min_proto_version; -} -LSSL_ALIAS(SSL_CTX_get_min_proto_version); - -int -SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version) -{ - return ssl_version_set_min(ctx->method, version, - ctx->max_tls_version, &ctx->min_tls_version, - &ctx->min_proto_version); -} -LSSL_ALIAS(SSL_CTX_set_min_proto_version); - -int -SSL_CTX_get_max_proto_version(SSL_CTX *ctx) -{ - return ctx->max_proto_version; -} -LSSL_ALIAS(SSL_CTX_get_max_proto_version); - -int -SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version) -{ - return ssl_version_set_max(ctx->method, version, - ctx->min_tls_version, &ctx->max_tls_version, - &ctx->max_proto_version); -} -LSSL_ALIAS(SSL_CTX_set_max_proto_version); - -int -SSL_get_min_proto_version(SSL *ssl) -{ - return ssl->min_proto_version; -} -LSSL_ALIAS(SSL_get_min_proto_version); - -int -SSL_set_min_proto_version(SSL *ssl, uint16_t version) -{ - return ssl_version_set_min(ssl->method, version, - ssl->max_tls_version, &ssl->min_tls_version, - &ssl->min_proto_version); -} -LSSL_ALIAS(SSL_set_min_proto_version); -int -SSL_get_max_proto_version(SSL *ssl) -{ - return ssl->max_proto_version; -} -LSSL_ALIAS(SSL_get_max_proto_version); - -int -SSL_set_max_proto_version(SSL *ssl, uint16_t version) -{ - return ssl_version_set_max(ssl->method, version, - ssl->min_tls_version, &ssl->max_tls_version, - &ssl->max_proto_version); -} -LSSL_ALIAS(SSL_set_max_proto_version); - -const SSL_METHOD * -SSL_CTX_get_ssl_method(const SSL_CTX *ctx) -{ - return ctx->method; -} -LSSL_ALIAS(SSL_CTX_get_ssl_method); - -int -SSL_CTX_get_security_level(const SSL_CTX *ctx) -{ - return ctx->cert->security_level; -} -LSSL_ALIAS(SSL_CTX_get_security_level); - -void -SSL_CTX_set_security_level(SSL_CTX *ctx, int level) -{ - ctx->cert->security_level = level; -} -LSSL_ALIAS(SSL_CTX_set_security_level); - -int -SSL_get_security_level(const SSL *ssl) -{ - return ssl->cert->security_level; -} -LSSL_ALIAS(SSL_get_security_level); - -void -SSL_set_security_level(SSL *ssl, int level) -{ - ssl->cert->security_level = level; -} -LSSL_ALIAS(SSL_set_security_level); - -int -SSL_is_quic(const SSL *ssl) -{ - return ssl->quic_method != NULL; -} -LSSL_ALIAS(SSL_is_quic); - -int -SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, - size_t params_len) -{ - freezero(ssl->quic_transport_params, - ssl->quic_transport_params_len); - ssl->quic_transport_params = NULL; - ssl->quic_transport_params_len = 0; - - if ((ssl->quic_transport_params = malloc(params_len)) == NULL) - return 0; - - memcpy(ssl->quic_transport_params, params, params_len); - ssl->quic_transport_params_len = params_len; - - return 1; -} -LSSL_ALIAS(SSL_set_quic_transport_params); - -void -SSL_get_peer_quic_transport_params(const SSL *ssl, const uint8_t **out_params, - size_t *out_params_len) -{ - *out_params = ssl->s3->peer_quic_transport_params; - *out_params_len = ssl->s3->peer_quic_transport_params_len; -} -LSSL_ALIAS(SSL_get_peer_quic_transport_params); - -void -SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy) -{ - /* Not supported. */ -} -LSSL_ALIAS(SSL_set_quic_use_legacy_codepoint); diff --git a/src/lib/libssl/ssl_local.h b/src/lib/libssl/ssl_local.h deleted file mode 100644 index 6095940388..0000000000 --- a/src/lib/libssl/ssl_local.h +++ /dev/null @@ -1,1463 +0,0 @@ -/* $OpenBSD: ssl_local.h,v 1.27 2025/03/09 15:12:18 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#ifndef HEADER_SSL_LOCL_H -#define HEADER_SSL_LOCL_H - -#include - -#include -#include -#include -#include -#include - -#include - -#include -#include -#include -#include -#include -#include - -#include "bytestring.h" -#include "tls_content.h" -#include "tls13_internal.h" - -__BEGIN_HIDDEN_DECLS - -#ifndef CTASSERT -#define CTASSERT(x) extern char _ctassert[(x) ? 1 : -1 ] \ - __attribute__((__unused__)) -#endif - -#ifndef LIBRESSL_HAS_DTLS1_2 -#define LIBRESSL_HAS_DTLS1_2 -#endif - -/* LOCAL STUFF */ - -#define SSL_DECRYPT 0 -#define SSL_ENCRYPT 1 - -/* - * Define the Bitmasks for SSL_CIPHER.algorithms. - * This bits are used packed as dense as possible. If new methods/ciphers - * etc will be added, the bits a likely to change, so this information - * is for internal library use only, even though SSL_CIPHER.algorithms - * can be publicly accessed. - * Use the according functions for cipher management instead. - * - * The bit mask handling in the selection and sorting scheme in - * ssl_create_cipher_list() has only limited capabilities, reflecting - * that the different entities within are mutually exclusive: - * ONLY ONE BIT PER MASK CAN BE SET AT A TIME. - */ - -/* Bits for algorithm_mkey (key exchange algorithm) */ -#define SSL_kRSA 0x00000001L /* RSA key exchange */ -#define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */ -#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */ -#define SSL_kTLS1_3 0x00000400L /* TLSv1.3 key exchange */ - -/* Bits for algorithm_auth (server authentication) */ -#define SSL_aRSA 0x00000001L /* RSA auth */ -#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */ -#define SSL_aECDSA 0x00000040L /* ECDSA auth*/ -#define SSL_aTLS1_3 0x00000400L /* TLSv1.3 authentication */ - -/* Bits for algorithm_enc (symmetric encryption) */ -#define SSL_3DES 0x00000002L -#define SSL_RC4 0x00000004L -#define SSL_eNULL 0x00000010L -#define SSL_AES128 0x00000020L -#define SSL_AES256 0x00000040L -#define SSL_CAMELLIA128 0x00000080L -#define SSL_CAMELLIA256 0x00000100L -#define SSL_AES128GCM 0x00000400L -#define SSL_AES256GCM 0x00000800L -#define SSL_CHACHA20POLY1305 0x00001000L - -#define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM) -#define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) - - -/* Bits for algorithm_mac (symmetric authentication) */ - -#define SSL_MD5 0x00000001L -#define SSL_SHA1 0x00000002L -#define SSL_SHA256 0x00000010L -#define SSL_SHA384 0x00000020L -/* Not a real MAC, just an indication it is part of cipher */ -#define SSL_AEAD 0x00000040L -#define SSL_STREEBOG256 0x00000080L - -/* Bits for algorithm_ssl (protocol version) */ -#define SSL_SSLV3 0x00000002L -#define SSL_TLSV1 SSL_SSLV3 /* for now */ -#define SSL_TLSV1_2 0x00000004L -#define SSL_TLSV1_3 0x00000008L - - -/* Bits for algorithm2 (handshake digests and other extra flags) */ - -#define SSL_HANDSHAKE_MAC_MASK 0xff0 -#define SSL_HANDSHAKE_MAC_SHA256 0x080 -#define SSL_HANDSHAKE_MAC_SHA384 0x100 - -#define SSL3_CK_ID 0x03000000 -#define SSL3_CK_VALUE_MASK 0x0000ffff - -/* - * Cipher strength information. - */ -#define SSL_STRONG_MASK 0x000001fcL -#define SSL_STRONG_NONE 0x00000004L -#define SSL_LOW 0x00000020L -#define SSL_MEDIUM 0x00000040L -#define SSL_HIGH 0x00000080L - -/* - * The keylength (measured in RSA key bits, I guess) for temporary keys. - * Cipher argument is so that this can be variable in the future. - */ -#define SSL_C_PKEYLENGTH(c) 1024 - -/* See if we use signature algorithms extension. */ -#define SSL_USE_SIGALGS(s) \ - (s->method->enc_flags & SSL_ENC_FLAG_SIGALGS) - -/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */ -#define SSL_USE_TLS1_2_CIPHERS(s) \ - (s->method->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) - -/* Allow TLS 1.3 ciphersuites only. */ -#define SSL_USE_TLS1_3_CIPHERS(s) \ - (s->method->enc_flags & SSL_ENC_FLAG_TLS1_3_CIPHERS) - -#define SSL_PKEY_RSA 0 -#define SSL_PKEY_ECC 1 -#define SSL_PKEY_NUM 2 - -#define SSL_MAX_EMPTY_RECORDS 32 - -/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | - * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) - * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) - * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN - * SSL_aRSA <- RSA_ENC | RSA_SIGN - * SSL_aDSS <- DSA_SIGN - */ - -/* From ECC-TLS draft, used in encoding the curve type in - * ECParameters - */ -#define EXPLICIT_PRIME_CURVE_TYPE 1 -#define EXPLICIT_CHAR2_CURVE_TYPE 2 -#define NAMED_CURVE_TYPE 3 - -typedef struct ssl_cert_pkey_st { - X509 *x509; - EVP_PKEY *privatekey; - STACK_OF(X509) *chain; -} SSL_CERT_PKEY; - -typedef struct ssl_cert_st { - /* Current active set */ - /* ALWAYS points to an element of the pkeys array - * Probably it would make more sense to store - * an index, not a pointer. */ - SSL_CERT_PKEY *key; - - SSL_CERT_PKEY pkeys[SSL_PKEY_NUM]; - - /* The following masks are for the key and auth - * algorithms that are supported by the certs below */ - int valid; - unsigned long mask_k; - unsigned long mask_a; - - DH *dhe_params; - DH *(*dhe_params_cb)(SSL *ssl, int is_export, int keysize); - int dhe_params_auto; - - int (*security_cb)(const SSL *s, const SSL_CTX *ctx, int op, int bits, - int nid, void *other, void *ex_data); /* Not exposed in API. */ - int security_level; - void *security_ex_data; /* Not exposed in API. */ - - int references; /* >1 only if SSL_copy_session_id is used */ -} SSL_CERT; - -struct ssl_comp_st { - int id; - const char *name; -}; - -struct ssl_cipher_st { - uint16_t value; /* Cipher suite value. */ - - const char *name; /* text name */ - - unsigned long algorithm_mkey; /* key exchange algorithm */ - unsigned long algorithm_auth; /* server authentication */ - unsigned long algorithm_enc; /* symmetric encryption */ - unsigned long algorithm_mac; /* symmetric authentication */ - unsigned long algorithm_ssl; /* (major) protocol version */ - - unsigned long algo_strength; /* strength and export flags */ - unsigned long algorithm2; /* Extra flags */ - int strength_bits; /* Number of bits really used */ - int alg_bits; /* Number of bits for algorithm */ -}; - -struct ssl_method_st { - int dtls; - int server; - int version; - - uint16_t min_tls_version; - uint16_t max_tls_version; - - int (*ssl_new)(SSL *s); - void (*ssl_clear)(SSL *s); - void (*ssl_free)(SSL *s); - - int (*ssl_accept)(SSL *s); - int (*ssl_connect)(SSL *s); - int (*ssl_shutdown)(SSL *s); - - int (*ssl_renegotiate)(SSL *s); - int (*ssl_renegotiate_check)(SSL *s); - - int (*ssl_pending)(const SSL *s); - int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, - int peek); - int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); - - unsigned int enc_flags; /* SSL_ENC_FLAG_* */ -}; - -/* - * Let's make this into an ASN.1 type structure as follows - * SSL_SESSION_ID ::= SEQUENCE { - * version INTEGER, -- structure version number - * SSLversion INTEGER, -- SSL version number - * Cipher OCTET STRING, -- the 2 byte cipher ID - * Session_ID OCTET STRING, -- the Session ID - * Master_key OCTET STRING, -- the master key - * KRB5_principal OCTET STRING -- optional Kerberos principal - * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time - * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds - * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate - * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context - * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer' - * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension - * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint - * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity - * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket - * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only) - * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method - * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username - * } - * Look in ssl/ssl_asn1.c for more details - * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). - */ -struct ssl_session_st { - int ssl_version; /* what ssl version session info is - * being kept in here? */ - - size_t master_key_length; - unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; - - /* session_id - valid? */ - size_t session_id_length; - unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; - - /* this is used to determine whether the session is being reused in - * the appropriate context. It is up to the application to set this, - * via SSL_new */ - size_t sid_ctx_length; - unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; - - /* Peer provided leaf (end-entity) certificate. */ - X509 *peer_cert; - int peer_cert_type; - - /* when app_verify_callback accepts a session where the peer's certificate - * is not ok, we must remember the error for session reuse: */ - long verify_result; /* only for servers */ - - long timeout; - time_t time; - int references; - - uint16_t cipher_value; - - char *tlsext_hostname; - - /* Session resumption - RFC 5077 and RFC 8446. */ - unsigned char *tlsext_tick; /* Session ticket */ - size_t tlsext_ticklen; /* Session ticket length */ - uint32_t tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ - uint32_t tlsext_tick_age_add; /* TLSv1.3 ticket age obfuscation (in ms) */ - struct tls13_secret resumption_master_secret; - - CRYPTO_EX_DATA ex_data; /* application specific data */ - - /* These are used to make removal of session-ids more - * efficient and to implement a maximum cache size. */ - struct ssl_session_st *prev, *next; - - /* Used to indicate that session resumption is not allowed. - * Applications can also set this bit for a new session via - * not_resumable_session_cb to disable session caching and tickets. */ - int not_resumable; - - size_t tlsext_ecpointformatlist_length; - uint8_t *tlsext_ecpointformatlist; /* peer's list */ - size_t tlsext_supportedgroups_length; - uint16_t *tlsext_supportedgroups; /* peer's list */ -}; - -struct ssl_sigalg; - -typedef struct ssl_handshake_tls12_st { - /* Used when SSL_ST_FLUSH_DATA is entered. */ - int next_state; - - /* Handshake message type and size. */ - int message_type; - unsigned long message_size; - - /* Reuse current handshake message. */ - int reuse_message; - - /* Client certificate requests. */ - int cert_request; - STACK_OF(X509_NAME) *ca_names; - - /* Record-layer key block for TLS 1.2 and earlier. */ - struct tls12_key_block *key_block; - - /* Transcript hash prior to sending certificate verify message. */ - uint8_t cert_verify[EVP_MAX_MD_SIZE]; -} SSL_HANDSHAKE_TLS12; - -typedef struct ssl_handshake_tls13_st { - int use_legacy; - int hrr; - - /* Client indicates psk_dhe_ke support in PskKeyExchangeMode. */ - int use_psk_dhe_ke; - - /* Certificate selected for use (static pointer). */ - const SSL_CERT_PKEY *cpk; - - /* Version proposed by peer server. */ - uint16_t server_version; - - uint16_t server_group; - struct tls13_secrets *secrets; - - uint8_t *cookie; - size_t cookie_len; - - /* Preserved transcript hash. */ - uint8_t transcript_hash[EVP_MAX_MD_SIZE]; - size_t transcript_hash_len; - - /* Legacy session ID. */ - uint8_t legacy_session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; - size_t legacy_session_id_len; - - /* ClientHello hash, used to validate following HelloRetryRequest */ - EVP_MD_CTX *clienthello_md_ctx; - unsigned char *clienthello_hash; - unsigned int clienthello_hash_len; - - /* QUIC read buffer and read/write encryption levels. */ - struct tls_buffer *quic_read_buffer; - enum ssl_encryption_level_t quic_read_level; - enum ssl_encryption_level_t quic_write_level; -} SSL_HANDSHAKE_TLS13; - -typedef struct ssl_handshake_st { - /* - * Minimum and maximum versions supported for this handshake. These are - * initialised at the start of a handshake based on the method in use - * and the current protocol version configuration. - */ - uint16_t our_min_tls_version; - uint16_t our_max_tls_version; - - /* - * Version negotiated for this session. For a client this is set once - * the server selected version is parsed from the ServerHello (either - * from the legacy version or supported versions extension). For a - * server this is set once we select the version we will use with the - * client. - */ - uint16_t negotiated_tls_version; - - /* - * Legacy version advertised by our peer. For a server this is the - * version specified by the client in the ClientHello message. For a - * client, this is the version provided in the ServerHello message. - */ - uint16_t peer_legacy_version; - - /* - * Current handshake state - contains one of the SSL3_ST_* values and - * is used by the TLSv1.2 state machine, as well as being updated by - * the TLSv1.3 stack due to it being exposed externally. - */ - int state; - - /* Cipher being negotiated in this handshake. */ - const SSL_CIPHER *cipher; - - /* Ciphers sent by the client. */ - STACK_OF(SSL_CIPHER) *client_ciphers; - - /* Extensions seen in this handshake. */ - uint32_t extensions_seen; - - /* Extensions processed in this handshake. */ - uint32_t extensions_processed; - - /* Signature algorithms selected for use (static pointers). */ - const struct ssl_sigalg *our_sigalg; - const struct ssl_sigalg *peer_sigalg; - - /* sigalgs offered in this handshake in wire form */ - uint8_t *sigalgs; - size_t sigalgs_len; - - /* Key share for ephemeral key exchange. */ - struct tls_key_share *key_share; - - /* - * Copies of the verify data sent in our finished message and the - * verify data received in the finished message sent by our peer. - */ - uint8_t finished[EVP_MAX_MD_SIZE]; - size_t finished_len; - uint8_t peer_finished[EVP_MAX_MD_SIZE]; - size_t peer_finished_len; - - /* List of certificates received from our peer. */ - STACK_OF(X509) *peer_certs; - STACK_OF(X509) *peer_certs_no_leaf; - - /* Certificate chain resulting from X.509 verification. */ - STACK_OF(X509) *verified_chain; - - SSL_HANDSHAKE_TLS12 tls12; - SSL_HANDSHAKE_TLS13 tls13; -} SSL_HANDSHAKE; - -typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; - -/* TLS Session Ticket extension struct. */ -struct tls_session_ticket_ext_st { - unsigned short length; - void *data; -}; - -struct tls12_key_block; - -struct tls12_key_block *tls12_key_block_new(void); -void tls12_key_block_free(struct tls12_key_block *kb); -void tls12_key_block_client_write(struct tls12_key_block *kb, CBS *mac_key, - CBS *key, CBS *iv); -void tls12_key_block_server_write(struct tls12_key_block *kb, CBS *mac_key, - CBS *key, CBS *iv); -int tls12_key_block_generate(struct tls12_key_block *kb, SSL *s, - const EVP_AEAD *aead, const EVP_CIPHER *cipher, const EVP_MD *mac_hash); - -struct tls12_record_layer; - -struct tls12_record_layer *tls12_record_layer_new(void); -void tls12_record_layer_free(struct tls12_record_layer *rl); -void tls12_record_layer_alert(struct tls12_record_layer *rl, - uint8_t *alert_desc); -int tls12_record_layer_write_overhead(struct tls12_record_layer *rl, - size_t *overhead); -int tls12_record_layer_read_protected(struct tls12_record_layer *rl); -int tls12_record_layer_write_protected(struct tls12_record_layer *rl); -void tls12_record_layer_set_aead(struct tls12_record_layer *rl, - const EVP_AEAD *aead); -void tls12_record_layer_set_cipher_hash(struct tls12_record_layer *rl, - const EVP_CIPHER *cipher, const EVP_MD *handshake_hash, - const EVP_MD *mac_hash); -void tls12_record_layer_set_version(struct tls12_record_layer *rl, - uint16_t version); -void tls12_record_layer_set_initial_epoch(struct tls12_record_layer *rl, - uint16_t epoch); -uint16_t tls12_record_layer_read_epoch(struct tls12_record_layer *rl); -uint16_t tls12_record_layer_write_epoch(struct tls12_record_layer *rl); -int tls12_record_layer_use_write_epoch(struct tls12_record_layer *rl, - uint16_t epoch); -void tls12_record_layer_write_epoch_done(struct tls12_record_layer *rl, - uint16_t epoch); -void tls12_record_layer_clear_read_state(struct tls12_record_layer *rl); -void tls12_record_layer_clear_write_state(struct tls12_record_layer *rl); -void tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl); -int tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl, - CBS *mac_key, CBS *key, CBS *iv); -int tls12_record_layer_change_write_cipher_state(struct tls12_record_layer *rl, - CBS *mac_key, CBS *key, CBS *iv); -int tls12_record_layer_open_record(struct tls12_record_layer *rl, - uint8_t *buf, size_t buf_len, struct tls_content *out); -int tls12_record_layer_seal_record(struct tls12_record_layer *rl, - uint8_t content_type, const uint8_t *content, size_t content_len, - CBB *out); - -typedef void (ssl_info_callback_fn)(const SSL *s, int type, int val); -typedef void (ssl_msg_callback_fn)(int is_write, int version, int content_type, - const void *buf, size_t len, SSL *ssl, void *arg); - -struct ssl_ctx_st { - const SSL_METHOD *method; - const SSL_QUIC_METHOD *quic_method; - - STACK_OF(SSL_CIPHER) *cipher_list; - - struct x509_store_st /* X509_STORE */ *cert_store; - - /* If timeout is not 0, it is the default timeout value set - * when SSL_new() is called. This has been put in to make - * life easier to set things up */ - long session_timeout; - - int references; - - /* Default values to use in SSL structures follow (these are copied by SSL_new) */ - - STACK_OF(X509) *extra_certs; - - int verify_mode; - size_t sid_ctx_length; - unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; - - X509_VERIFY_PARAM *param; - - /* - * XXX - * default_passwd_cb used by python and openvpn, need to keep it until we - * add an accessor - */ - /* Default password callback. */ - pem_password_cb *default_passwd_callback; - - /* Default password callback user data. */ - void *default_passwd_callback_userdata; - - uint16_t min_tls_version; - uint16_t max_tls_version; - - /* - * These may be zero to imply minimum or maximum version supported by - * the method. - */ - uint16_t min_proto_version; - uint16_t max_proto_version; - - unsigned long options; - unsigned long mode; - - /* If this callback is not null, it will be called each - * time a session id is added to the cache. If this function - * returns 1, it means that the callback will do a - * SSL_SESSION_free() when it has finished using it. Otherwise, - * on 0, it means the callback has finished with it. - * If remove_session_cb is not null, it will be called when - * a session-id is removed from the cache. After the call, - * OpenSSL will SSL_SESSION_free() it. */ - int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess); - void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess); - SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, - const unsigned char *data, int len, int *copy); - - /* if defined, these override the X509_verify_cert() calls */ - int (*app_verify_callback)(X509_STORE_CTX *, void *); - void *app_verify_arg; - - /* get client cert callback */ - int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); - - /* cookie generate callback */ - int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, - unsigned int *cookie_len); - - /* verify cookie callback */ - int (*app_verify_cookie_cb)(SSL *ssl, const unsigned char *cookie, - unsigned int cookie_len); - - ssl_info_callback_fn *info_callback; - - /* callback that allows applications to peek at protocol messages */ - ssl_msg_callback_fn *msg_callback; - void *msg_callback_arg; - - int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */ - - /* Default generate session ID callback. */ - GEN_SESSION_CB generate_session_id; - - /* TLS extensions servername callback */ - int (*tlsext_servername_callback)(SSL*, int *, void *); - void *tlsext_servername_arg; - - /* Callback to support customisation of ticket key setting */ - int (*tlsext_ticket_key_cb)(SSL *ssl, unsigned char *name, - unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc); - - /* certificate status request info */ - /* Callback for status request */ - int (*tlsext_status_cb)(SSL *ssl, void *arg); - void *tlsext_status_arg; - - struct lhash_st_SSL_SESSION *sessions; - - /* Most session-ids that will be cached, default is - * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */ - unsigned long session_cache_size; - struct ssl_session_st *session_cache_head; - struct ssl_session_st *session_cache_tail; - - /* This can have one of 2 values, ored together, - * SSL_SESS_CACHE_CLIENT, - * SSL_SESS_CACHE_SERVER, - * Default is SSL_SESSION_CACHE_SERVER, which means only - * SSL_accept which cache SSL_SESSIONS. */ - int session_cache_mode; - - struct { - int sess_connect; /* SSL new conn - started */ - int sess_connect_renegotiate;/* SSL reneg - requested */ - int sess_connect_good; /* SSL new conne/reneg - finished */ - int sess_accept; /* SSL new accept - started */ - int sess_accept_renegotiate;/* SSL reneg - requested */ - int sess_accept_good; /* SSL accept/reneg - finished */ - int sess_miss; /* session lookup misses */ - int sess_timeout; /* reuse attempt on timeouted session */ - int sess_cache_full; /* session removed due to full cache */ - int sess_hit; /* session reuse actually done */ - int sess_cb_hit; /* session-id that was not - * in the cache was - * passed back via the callback. This - * indicates that the application is - * supplying session-id's from other - * processes - spooky :-) */ - } stats; - - CRYPTO_EX_DATA ex_data; - - STACK_OF(SSL_CIPHER) *cipher_list_tls13; - - SSL_CERT *cert; - - /* Default values used when no per-SSL value is defined follow */ - - /* what we put in client cert requests */ - STACK_OF(X509_NAME) *client_CA; - - long max_cert_list; - - int read_ahead; - - int quiet_shutdown; - - /* Maximum amount of data to send in one fragment. - * actual record size can be more than this due to - * padding and MAC overheads. - */ - unsigned int max_send_fragment; - - /* RFC 4507 session ticket keys */ - unsigned char tlsext_tick_key_name[16]; - unsigned char tlsext_tick_hmac_key[16]; - unsigned char tlsext_tick_aes_key[16]; - - /* SRTP profiles we are willing to do from RFC 5764 */ - STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; - - /* - * ALPN information. - */ - - /* - * Server callback function that allows the server to select the - * protocol for the connection. - * out: on successful return, this must point to the raw protocol - * name (without the length prefix). - * outlen: on successful return, this contains the length of out. - * in: points to the client's list of supported protocols in - * wire-format. - * inlen: the length of in. - */ - int (*alpn_select_cb)(SSL *s, const unsigned char **out, - unsigned char *outlen, const unsigned char *in, unsigned int inlen, - void *arg); - void *alpn_select_cb_arg; - - /* Client list of supported protocols in wire format. */ - uint8_t *alpn_client_proto_list; - size_t alpn_client_proto_list_len; - - size_t tlsext_ecpointformatlist_length; - uint8_t *tlsext_ecpointformatlist; /* our list */ - size_t tlsext_supportedgroups_length; - uint16_t *tlsext_supportedgroups; /* our list */ - SSL_CTX_keylog_cb_func keylog_callback; /* Unused. For OpenSSL compatibility. */ - size_t num_tickets; /* Unused, for OpenSSL compatibility */ -}; - -struct ssl_st { - /* protocol version - * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) - */ - int version; - - const SSL_METHOD *method; - const SSL_QUIC_METHOD *quic_method; - - /* There are 2 BIO's even though they are normally both the - * same. This is so data can be read and written to different - * handlers */ - - BIO *rbio; /* used by SSL_read */ - BIO *wbio; /* used by SSL_write */ - BIO *bbio; /* used during session-id reuse to concatenate - * messages */ - int server; /* are we the server side? - mostly used by SSL_clear*/ - - struct ssl3_state_st *s3; /* SSLv3 variables */ - struct dtls1_state_st *d1; /* DTLSv1 variables */ - - X509_VERIFY_PARAM *param; - - /* crypto */ - STACK_OF(SSL_CIPHER) *cipher_list; - - /* This is used to hold the server certificate used */ - SSL_CERT *cert; - - /* the session_id_context is used to ensure sessions are only reused - * in the appropriate context */ - size_t sid_ctx_length; - unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; - - /* This can also be in the session once a session is established */ - SSL_SESSION *session; - - /* Used in SSL2 and SSL3 */ - int verify_mode; /* 0 don't care about verify failure. - * 1 fail if verify fails */ - int error; /* error bytes to be written */ - int error_code; /* actual code */ - - SSL_CTX *ctx; - - long verify_result; - - int references; - - int client_version; /* what was passed, used for - * SSLv3/TLS rollback check */ - - unsigned int max_send_fragment; - - const struct tls_extension **tlsext_build_order; - size_t tlsext_build_order_len; - - char *tlsext_hostname; - - /* certificate status request info */ - /* Status type or -1 if no status type */ - int tlsext_status_type; - - SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ -#define session_ctx initial_ctx - - struct tls13_ctx *tls13; - - uint16_t min_tls_version; - uint16_t max_tls_version; - - /* - * These may be zero to imply minimum or maximum version supported by - * the method. - */ - uint16_t min_proto_version; - uint16_t max_proto_version; - - unsigned long options; /* protocol behaviour */ - unsigned long mode; /* API behaviour */ - - /* Client list of supported protocols in wire format. */ - uint8_t *alpn_client_proto_list; - size_t alpn_client_proto_list_len; - - /* QUIC transport params we will send */ - uint8_t *quic_transport_params; - size_t quic_transport_params_len; - - /* XXX Callbacks */ - - /* true when we are actually in SSL_accept() or SSL_connect() */ - int in_handshake; - int (*handshake_func)(SSL *); - - ssl_info_callback_fn *info_callback; - - /* callback that allows applications to peek at protocol messages */ - ssl_msg_callback_fn *msg_callback; - void *msg_callback_arg; - - int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */ - - /* Default generate session ID callback. */ - GEN_SESSION_CB generate_session_id; - - /* TLS extension debug callback */ - void (*tlsext_debug_cb)(SSL *s, int client_server, int type, - unsigned char *data, int len, void *arg); - void *tlsext_debug_arg; - - /* TLS Session Ticket extension callback */ - tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb; - void *tls_session_ticket_ext_cb_arg; - - /* TLS pre-shared secret session resumption */ - tls_session_secret_cb_fn tls_session_secret_cb; - void *tls_session_secret_cb_arg; - - /* XXX non-callback */ - - /* This holds a variable that indicates what we were doing - * when a 0 or -1 is returned. This is needed for - * non-blocking IO so we know what request needs re-doing when - * in SSL_accept or SSL_connect */ - int rwstate; - - /* Imagine that here's a boolean member "init" that is - * switched as soon as SSL_set_{accept/connect}_state - * is called for the first time, so that "state" and - * "handshake_func" are properly initialized. But as - * handshake_func is == 0 until then, we use this - * test instead of an "init" member. - */ - - int new_session;/* Generate a new session or reuse an old one. - * NB: For servers, the 'new' session may actually be a previously - * cached session or even the previous session unless - * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ - int quiet_shutdown;/* don't send shutdown packets */ - int shutdown; /* we have shut things down, 0x01 sent, 0x02 - * for received */ - BUF_MEM *init_buf; /* buffer used during init */ - void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */ - int init_num; /* amount read/written */ - int init_off; /* amount read/written */ - - /* used internally to point at a raw packet */ - unsigned char *packet; - unsigned int packet_length; - - int read_ahead; /* Read as many input bytes as possible - * (for non-blocking reads) */ - - int hit; /* reusing a previous session */ - - STACK_OF(SSL_CIPHER) *cipher_list_tls13; - - struct tls12_record_layer *rl; - - /* session info */ - - /* extra application data */ - CRYPTO_EX_DATA ex_data; - - /* client cert? */ - /* for server side, keep the list of CA_dn we can use */ - STACK_OF(X509_NAME) *client_CA; - - long max_cert_list; - int first_packet; - - /* Expect OCSP CertificateStatus message */ - int tlsext_status_expected; - /* OCSP status request only */ - STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; - X509_EXTENSIONS *tlsext_ocsp_exts; - - /* OCSP response received or to be sent */ - unsigned char *tlsext_ocsp_resp; - size_t tlsext_ocsp_resp_len; - - /* RFC4507 session ticket expected to be received or sent */ - int tlsext_ticket_expected; - - size_t tlsext_ecpointformatlist_length; - uint8_t *tlsext_ecpointformatlist; /* our list */ - size_t tlsext_supportedgroups_length; - uint16_t *tlsext_supportedgroups; /* our list */ - - /* TLS Session Ticket extension override */ - TLS_SESSION_TICKET_EXT *tlsext_session_ticket; - - STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */ - const SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */ - - int renegotiate;/* 1 if we are renegotiating. - * 2 if we are a server and are inside a handshake - * (i.e. not just sending a HelloRequest) */ - - int rstate; /* where we are when reading */ - - int mac_packet; - - int empty_record_count; - - size_t num_tickets; /* Unused, for OpenSSL compatibility */ -}; - -typedef struct ssl3_record_internal_st { - int type; /* type of record */ - unsigned int length; /* How many bytes available */ - unsigned int padding_length; /* Number of padding bytes. */ - unsigned int off; /* read/write offset into 'buf' */ - unsigned char *data; /* pointer to the record data */ - unsigned char *input; /* where the decode bytes are */ - uint16_t epoch; /* epoch number, needed by DTLS1 */ - unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */ -} SSL3_RECORD_INTERNAL; - -typedef struct ssl3_buffer_internal_st { - unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes, - * see ssl3_setup_buffers() */ - size_t len; /* buffer size */ - int offset; /* where to 'copy from' */ - int left; /* how many bytes left */ -} SSL3_BUFFER_INTERNAL; - -typedef struct ssl3_state_st { - long flags; - - unsigned char server_random[SSL3_RANDOM_SIZE]; - unsigned char client_random[SSL3_RANDOM_SIZE]; - - SSL3_BUFFER_INTERNAL rbuf; /* read IO goes into here */ - SSL3_BUFFER_INTERNAL wbuf; /* write IO goes into here */ - - SSL3_RECORD_INTERNAL rrec; /* each decoded record goes in here */ - - struct tls_content *rcontent; /* Content from opened TLS records. */ - - /* we allow one fatal and one warning alert to be outstanding, - * send close alert via the warning alert */ - int alert_dispatch; - unsigned char send_alert[2]; - - /* flags for countermeasure against known-IV weakness */ - int need_empty_fragments; - int empty_fragment_done; - - /* Unprocessed Alert/Handshake protocol data. */ - struct tls_buffer *alert_fragment; - struct tls_buffer *handshake_fragment; - - /* partial write - check the numbers match */ - unsigned int wnum; /* number of bytes sent so far */ - int wpend_tot; /* number bytes written */ - int wpend_type; - int wpend_ret; /* number of bytes submitted */ - const unsigned char *wpend_buf; - - /* Transcript of handshake messages that have been sent and received. */ - struct tls_buffer *handshake_transcript; - - /* Rolling hash of handshake messages. */ - EVP_MD_CTX *handshake_hash; - - /* this is set whenerver we see a change_cipher_spec message - * come in when we are not looking for one */ - int change_cipher_spec; - - int warn_alert; - int fatal_alert; - - /* This flag is set when we should renegotiate ASAP, basically when - * there is no more data in the read or write buffers */ - int renegotiate; - int total_renegotiations; - int num_renegotiations; - - int in_read_app_data; - - SSL_HANDSHAKE hs; - - /* Connection binding to prevent renegotiation attacks */ - unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; - unsigned char previous_client_finished_len; - unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; - unsigned char previous_server_finished_len; - int send_connection_binding; /* TODOEKR */ - - /* Set if we saw a Renegotiation Indication extension from our peer. */ - int renegotiate_seen; - - /* - * ALPN information. - * - * In a server these point to the selected ALPN protocol after the - * ClientHello has been processed. In a client these contain the - * protocol that the server selected once the ServerHello has been - * processed. - */ - uint8_t *alpn_selected; - size_t alpn_selected_len; - - /* Contains the QUIC transport params received from our peer. */ - uint8_t *peer_quic_transport_params; - size_t peer_quic_transport_params_len; -} SSL3_STATE; - -/* - * Flag values for enc_flags. - */ - -/* Uses signature algorithms extension. */ -#define SSL_ENC_FLAG_SIGALGS (1 << 1) - -/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */ -#define SSL_ENC_FLAG_TLS1_2_CIPHERS (1 << 4) - -/* Allow TLS 1.3 ciphersuites only. */ -#define SSL_ENC_FLAG_TLS1_3_CIPHERS (1 << 5) - -#define TLSV1_ENC_FLAGS 0 -#define TLSV1_1_ENC_FLAGS 0 -#define TLSV1_2_ENC_FLAGS (SSL_ENC_FLAG_SIGALGS | \ - SSL_ENC_FLAG_TLS1_2_CIPHERS) -#define TLSV1_3_ENC_FLAGS (SSL_ENC_FLAG_SIGALGS | \ - SSL_ENC_FLAG_TLS1_3_CIPHERS) - -extern const SSL_CIPHER ssl3_ciphers[]; - -const char *ssl_version_string(int ver); -int ssl_version_set_min(const SSL_METHOD *meth, uint16_t proto_ver, - uint16_t max_tls_ver, uint16_t *out_tls_ver, uint16_t *out_proto_ver); -int ssl_version_set_max(const SSL_METHOD *meth, uint16_t proto_ver, - uint16_t min_tls_ver, uint16_t *out_tls_ver, uint16_t *out_proto_ver); -int ssl_enabled_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver); -int ssl_supported_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver); -uint16_t ssl_tls_version(uint16_t version); -uint16_t ssl_effective_tls_version(SSL *s); -int ssl_max_supported_version(SSL *s, uint16_t *max_ver); -int ssl_max_legacy_version(SSL *s, uint16_t *max_ver); -int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver); -int ssl_check_version_from_server(SSL *s, uint16_t server_version); -int ssl_legacy_stack_version(SSL *s, uint16_t version); -int ssl_cipher_in_list(STACK_OF(SSL_CIPHER) *ciphers, const SSL_CIPHER *cipher); -int ssl_cipher_allowed_in_tls_version_range(const SSL_CIPHER *cipher, - uint16_t min_ver, uint16_t max_ver); - -const SSL_METHOD *tls_legacy_method(void); -const SSL_METHOD *ssl_get_method(uint16_t version); - -void ssl_clear_cipher_state(SSL *s); -int ssl_clear_bad_session(SSL *s); - -void ssl_info_callback(const SSL *s, int type, int value); -void ssl_msg_callback(SSL *s, int is_write, int content_type, - const void *msg_buf, size_t msg_len); -void ssl_msg_callback_cbs(SSL *s, int is_write, int content_type, CBS *cbs); - -SSL_CERT *ssl_cert_new(void); -SSL_CERT *ssl_cert_dup(SSL_CERT *cert); -void ssl_cert_free(SSL_CERT *c); -SSL_CERT *ssl_get0_cert(SSL_CTX *ctx, SSL *ssl); -int ssl_cert_set0_chain(SSL_CTX *ctx, SSL *ssl, STACK_OF(X509) *chain); -int ssl_cert_set1_chain(SSL_CTX *ctx, SSL *ssl, STACK_OF(X509) *chain); -int ssl_cert_add0_chain_cert(SSL_CTX *ctx, SSL *ssl, X509 *cert); -int ssl_cert_add1_chain_cert(SSL_CTX *ctx, SSL *ssl, X509 *cert); - -int ssl_security_default_cb(const SSL *ssl, const SSL_CTX *ctx, int op, - int bits, int nid, void *other, void *ex_data); - -int ssl_security_cipher_check(const SSL *ssl, SSL_CIPHER *cipher); -int ssl_security_shared_cipher(const SSL *ssl, SSL_CIPHER *cipher); -int ssl_security_supported_cipher(const SSL *ssl, SSL_CIPHER *cipher); -int ssl_ctx_security_dh(const SSL_CTX *ctx, DH *dh); -int ssl_security_dh(const SSL *ssl, DH *dh); -int ssl_security_sigalg_check(const SSL *ssl, const EVP_PKEY *pkey); -int ssl_security_tickets(const SSL *ssl); -int ssl_security_version(const SSL *ssl, int version); -int ssl_security_cert(const SSL_CTX *ctx, const SSL *ssl, X509 *x509, - int is_peer, int *out_error); -int ssl_security_cert_chain(const SSL *ssl, STACK_OF(X509) *sk, - X509 *x509, int *out_error); -int ssl_security_shared_group(const SSL *ssl, uint16_t group_id); -int ssl_security_supported_group(const SSL *ssl, uint16_t group_id); - -SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int include_ticket); -int ssl_get_new_session(SSL *s, int session); -int ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, - int *alert); -int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb); -STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, CBS *cbs); -STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, - STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) *tls13, - const char *rule_str, SSL_CERT *cert); -int ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str); -int ssl_merge_cipherlists(STACK_OF(SSL_CIPHER) *cipherlist, - STACK_OF(SSL_CIPHER) *cipherlist_tls13, - STACK_OF(SSL_CIPHER) **out_cipherlist); -void ssl_update_cache(SSL *s, int mode); -int ssl_cipher_get_evp(SSL *s, const EVP_CIPHER **enc, - const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size); -int ssl_cipher_get_evp_aead(SSL *s, const EVP_AEAD **aead); -int ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md); - -int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); -int ssl_undefined_function(SSL *s); -int ssl_undefined_void_function(void); -int ssl_undefined_const_function(const SSL *s); -SSL_CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); -EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd, - const struct ssl_sigalg **sap); -size_t ssl_dhe_params_auto_key_bits(SSL *s); -int ssl_cert_type(EVP_PKEY *pkey); -void ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher); -STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); -int ssl_has_ecc_ciphers(SSL *s); -int ssl_verify_alarm_type(long type); - -int SSL_SESSION_ticket(SSL_SESSION *ss, unsigned char **out, size_t *out_len); - -int ssl3_do_write(SSL *s, int type); -int ssl3_send_alert(SSL *s, int level, int desc); -int ssl3_get_req_cert_types(SSL *s, CBB *cbb); -int ssl3_get_message(SSL *s, int st1, int stn, int mt, long max); -int ssl3_num_ciphers(void); -const SSL_CIPHER *ssl3_get_cipher_by_index(int idx); -const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value); -int ssl3_renegotiate(SSL *ssl); - -int ssl3_renegotiate_check(SSL *ssl); - -void ssl_force_want_read(SSL *s); - -int ssl3_dispatch_alert(SSL *s); -int ssl3_read_alert(SSL *s); -int ssl3_read_change_cipher_spec(SSL *s); -int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); -int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); -int ssl3_output_cert_chain(SSL *s, CBB *cbb, SSL_CERT_PKEY *cpk); -SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, - STACK_OF(SSL_CIPHER) *srvr); -int ssl3_setup_buffers(SSL *s); -int ssl3_setup_init_buffer(SSL *s); -void ssl3_release_init_buffer(SSL *s); -int ssl3_setup_read_buffer(SSL *s); -int ssl3_setup_write_buffer(SSL *s); -void ssl3_release_buffer(SSL3_BUFFER_INTERNAL *b); -void ssl3_release_read_buffer(SSL *s); -void ssl3_release_write_buffer(SSL *s); -int ssl3_new(SSL *s); -void ssl3_free(SSL *s); -int ssl3_accept(SSL *s); -int ssl3_connect(SSL *s); -int ssl3_read(SSL *s, void *buf, int len); -int ssl3_peek(SSL *s, void *buf, int len); -int ssl3_write(SSL *s, const void *buf, int len); -int ssl3_shutdown(SSL *s); -void ssl3_clear(SSL *s); -long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg); -long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg); -long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)); -long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void)); -int ssl3_pending(const SSL *s); - -int ssl3_handshake_msg_hdr_len(SSL *s); -int ssl3_handshake_msg_start(SSL *s, CBB *handshake, CBB *body, - uint8_t msg_type); -int ssl3_handshake_msg_finish(SSL *s, CBB *handshake); -int ssl3_handshake_write(SSL *s); -int ssl3_record_write(SSL *s, int type); - -int ssl3_do_change_cipher_spec(SSL *ssl); - -int ssl3_packet_read(SSL *s, int plen); -int ssl3_packet_extend(SSL *s, int plen); -int ssl_server_legacy_first_packet(SSL *s); -int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, - unsigned int len); - -int ssl_kex_generate_dhe(DH *dh, DH *dh_params); -int ssl_kex_generate_dhe_params_auto(DH *dh, size_t key_len); -int ssl_kex_params_dhe(DH *dh, CBB *cbb); -int ssl_kex_public_dhe(DH *dh, CBB *cbb); -int ssl_kex_peer_params_dhe(DH *dh, CBS *cbs, int *decode_error, - int *invalid_params); -int ssl_kex_peer_public_dhe(DH *dh, CBS *cbs, int *decode_error, - int *invalid_key); -int ssl_kex_derive_dhe(DH *dh, DH *dh_peer, - uint8_t **shared_key, size_t *shared_key_len); - -int ssl_kex_dummy_ecdhe_x25519(EVP_PKEY *pkey); -int ssl_kex_generate_ecdhe_ecp(EC_KEY *ecdh, int nid); -int ssl_kex_public_ecdhe_ecp(EC_KEY *ecdh, CBB *cbb); -int ssl_kex_peer_public_ecdhe_ecp(EC_KEY *ecdh, int nid, CBS *cbs); -int ssl_kex_derive_ecdhe_ecp(EC_KEY *ecdh, EC_KEY *ecdh_peer, - uint8_t **shared_key, size_t *shared_key_len); - -int tls1_new(SSL *s); -void tls1_free(SSL *s); -void tls1_clear(SSL *s); - -int ssl_init_wbio_buffer(SSL *s, int push); -void ssl_free_wbio_buffer(SSL *s); - -int tls1_transcript_hash_init(SSL *s); -int tls1_transcript_hash_update(SSL *s, const unsigned char *buf, size_t len); -int tls1_transcript_hash_value(SSL *s, unsigned char *out, size_t len, - size_t *outlen); -void tls1_transcript_hash_free(SSL *s); - -int tls1_transcript_init(SSL *s); -void tls1_transcript_free(SSL *s); -void tls1_transcript_reset(SSL *s); -int tls1_transcript_append(SSL *s, const unsigned char *buf, size_t len); -int tls1_transcript_data(SSL *s, const unsigned char **data, size_t *len); -void tls1_transcript_freeze(SSL *s); -void tls1_transcript_unfreeze(SSL *s); -int tls1_transcript_record(SSL *s, const unsigned char *buf, size_t len); - -int tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len, - const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len, - const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len, - const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len); - -void tls1_cleanup_key_block(SSL *s); -int tls1_change_read_cipher_state(SSL *s); -int tls1_change_write_cipher_state(SSL *s); -int tls1_setup_key_block(SSL *s); -int tls1_generate_key_block(SSL *s, uint8_t *key_block, size_t key_block_len); -int ssl_ok(SSL *s); - -int tls12_derive_finished(SSL *s); -int tls12_derive_peer_finished(SSL *s); -int tls12_derive_master_secret(SSL *s, uint8_t *premaster_secret, - size_t premaster_secret_len); - -int ssl_using_ecc_cipher(SSL *s); -int ssl_check_srvr_ecc_cert_and_alg(SSL *s, X509 *x); - -void tls1_get_formatlist(const SSL *s, int client_formats, - const uint8_t **pformats, size_t *pformatslen); -void tls1_get_group_list(const SSL *s, int client_groups, - const uint16_t **pgroups, size_t *pgroupslen); - -int tls1_set_groups(uint16_t **out_group_ids, size_t *out_group_ids_len, - const int *groups, size_t ngroups); -int tls1_set_group_list(uint16_t **out_group_ids, size_t *out_group_ids_len, - const char *groups); - -int tls1_ec_group_id2nid(uint16_t group_id, int *out_nid); -int tls1_ec_group_id2bits(uint16_t group_id, int *out_bits); -int tls1_ec_nid2group_id(int nid, uint16_t *out_group_id); -int tls1_check_group(SSL *s, uint16_t group_id); -int tls1_count_shared_groups(const SSL *ssl, size_t *out_count); -int tls1_get_shared_group_by_index(const SSL *ssl, size_t index, int *out_nid); -int tls1_get_supported_group(const SSL *s, int *out_nid); - -int ssl_check_clienthello_tlsext_early(SSL *s); -int ssl_check_clienthello_tlsext_late(SSL *s); -int ssl_check_serverhello_tlsext(SSL *s); - -#define TLS1_TICKET_FATAL_ERROR -1 -#define TLS1_TICKET_NONE 0 -#define TLS1_TICKET_EMPTY 1 -#define TLS1_TICKET_NOT_DECRYPTED 2 -#define TLS1_TICKET_DECRYPTED 3 - -int tls1_process_ticket(SSL *s, CBS *ext_block, int *alert, SSL_SESSION **ret); - -int tls1_check_ec_server_key(SSL *s); - -/* s3_cbc.c */ -void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD_INTERNAL *rec, - unsigned int md_size, unsigned int orig_len); -int ssl3_cbc_remove_padding(SSL3_RECORD_INTERNAL *rec, unsigned int eiv_len, - unsigned int mac_size); -char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); -int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out, - size_t *md_out_size, const unsigned char header[13], - const unsigned char *data, size_t data_plus_mac_size, - size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret, - unsigned int mac_secret_length); -int SSL_state_func_code(int _state); - -#define SSLerror(s, r) SSL_error_internal(s, r, OPENSSL_FILE, OPENSSL_LINE) -#define SSLerrorx(r) ERR_PUT_error(ERR_LIB_SSL,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) -void SSL_error_internal(const SSL *s, int r, char *f, int l); - -#ifndef OPENSSL_NO_SRTP - -int srtp_find_profile_by_name(const char *profile_name, - const SRTP_PROTECTION_PROFILE **pptr, unsigned int len); -int srtp_find_profile_by_num(unsigned int profile_num, - const SRTP_PROTECTION_PROFILE **pptr); - -#endif /* OPENSSL_NO_SRTP */ - -int tls_process_peer_certs(SSL *s, STACK_OF(X509) *peer_certs); - -__END_HIDDEN_DECLS - -#endif /* !HEADER_SSL_LOCL_H */ diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c deleted file mode 100644 index dee52decf1..0000000000 --- a/src/lib/libssl/ssl_methods.c +++ /dev/null @@ -1,554 +0,0 @@ -/* $OpenBSD: ssl_methods.c,v 1.32 2024/07/23 14:40:54 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "dtls_local.h" -#include "ssl_local.h" -#include "tls13_internal.h" - -static const SSL_METHOD DTLS_method_data = { - .dtls = 1, - .server = 1, - .version = DTLS1_2_VERSION, - .min_tls_version = TLS1_1_VERSION, - .max_tls_version = TLS1_2_VERSION, - .ssl_new = dtls1_new, - .ssl_clear = dtls1_clear, - .ssl_free = dtls1_free, - .ssl_accept = ssl3_accept, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = dtls1_read_bytes, - .ssl_write_bytes = dtls1_write_app_data_bytes, - .enc_flags = TLSV1_2_ENC_FLAGS, -}; - -static const SSL_METHOD DTLS_client_method_data = { - .dtls = 1, - .server = 0, - .version = DTLS1_2_VERSION, - .min_tls_version = TLS1_1_VERSION, - .max_tls_version = TLS1_2_VERSION, - .ssl_new = dtls1_new, - .ssl_clear = dtls1_clear, - .ssl_free = dtls1_free, - .ssl_accept = ssl_undefined_function, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = dtls1_read_bytes, - .ssl_write_bytes = dtls1_write_app_data_bytes, - .enc_flags = TLSV1_2_ENC_FLAGS, -}; - -static const SSL_METHOD DTLSv1_method_data = { - .dtls = 1, - .server = 1, - .version = DTLS1_VERSION, - .min_tls_version = TLS1_1_VERSION, - .max_tls_version = TLS1_1_VERSION, - .ssl_new = dtls1_new, - .ssl_clear = dtls1_clear, - .ssl_free = dtls1_free, - .ssl_accept = ssl3_accept, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = dtls1_read_bytes, - .ssl_write_bytes = dtls1_write_app_data_bytes, - .enc_flags = TLSV1_1_ENC_FLAGS, -}; - -static const SSL_METHOD DTLSv1_client_method_data = { - .dtls = 1, - .server = 0, - .version = DTLS1_VERSION, - .min_tls_version = TLS1_1_VERSION, - .max_tls_version = TLS1_1_VERSION, - .ssl_new = dtls1_new, - .ssl_clear = dtls1_clear, - .ssl_free = dtls1_free, - .ssl_accept = ssl_undefined_function, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = dtls1_read_bytes, - .ssl_write_bytes = dtls1_write_app_data_bytes, - .enc_flags = TLSV1_1_ENC_FLAGS, -}; - -static const SSL_METHOD DTLSv1_2_method_data = { - .dtls = 1, - .server = 1, - .version = DTLS1_2_VERSION, - .min_tls_version = TLS1_2_VERSION, - .max_tls_version = TLS1_2_VERSION, - .ssl_new = dtls1_new, - .ssl_clear = dtls1_clear, - .ssl_free = dtls1_free, - .ssl_accept = ssl3_accept, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = dtls1_read_bytes, - .ssl_write_bytes = dtls1_write_app_data_bytes, - .enc_flags = TLSV1_2_ENC_FLAGS, -}; - -static const SSL_METHOD DTLSv1_2_client_method_data = { - .dtls = 1, - .server = 0, - .version = DTLS1_2_VERSION, - .min_tls_version = TLS1_2_VERSION, - .max_tls_version = TLS1_2_VERSION, - .ssl_new = dtls1_new, - .ssl_clear = dtls1_clear, - .ssl_free = dtls1_free, - .ssl_accept = ssl_undefined_function, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = dtls1_read_bytes, - .ssl_write_bytes = dtls1_write_app_data_bytes, - .enc_flags = TLSV1_2_ENC_FLAGS, -}; - -const SSL_METHOD * -DTLSv1_client_method(void) -{ - return &DTLSv1_client_method_data; -} -LSSL_ALIAS(DTLSv1_client_method); - -const SSL_METHOD * -DTLSv1_method(void) -{ - return &DTLSv1_method_data; -} -LSSL_ALIAS(DTLSv1_method); - -const SSL_METHOD * -DTLSv1_server_method(void) -{ - return &DTLSv1_method_data; -} -LSSL_ALIAS(DTLSv1_server_method); - -const SSL_METHOD * -DTLSv1_2_client_method(void) -{ - return &DTLSv1_2_client_method_data; -} -LSSL_ALIAS(DTLSv1_2_client_method); - -const SSL_METHOD * -DTLSv1_2_method(void) -{ - return &DTLSv1_2_method_data; -} -LSSL_ALIAS(DTLSv1_2_method); - -const SSL_METHOD * -DTLSv1_2_server_method(void) -{ - return &DTLSv1_2_method_data; -} -LSSL_ALIAS(DTLSv1_2_server_method); - -const SSL_METHOD * -DTLS_client_method(void) -{ - return &DTLS_client_method_data; -} -LSSL_ALIAS(DTLS_client_method); - -const SSL_METHOD * -DTLS_method(void) -{ - return &DTLS_method_data; -} -LSSL_ALIAS(DTLS_method); - -const SSL_METHOD * -DTLS_server_method(void) -{ - return &DTLS_method_data; -} -LSSL_ALIAS(DTLS_server_method); - -static const SSL_METHOD TLS_method_data = { - .dtls = 0, - .server = 1, - .version = TLS1_3_VERSION, - .min_tls_version = TLS1_VERSION, - .max_tls_version = TLS1_3_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = tls13_legacy_accept, - .ssl_connect = tls13_legacy_connect, - .ssl_shutdown = tls13_legacy_shutdown, - .ssl_renegotiate = ssl_undefined_function, - .ssl_renegotiate_check = ssl_ok, - .ssl_pending = tls13_legacy_pending, - .ssl_read_bytes = tls13_legacy_read_bytes, - .ssl_write_bytes = tls13_legacy_write_bytes, - .enc_flags = TLSV1_3_ENC_FLAGS, -}; - -static const SSL_METHOD TLS_legacy_method_data = { - .dtls = 0, - .server = 1, - .version = TLS1_2_VERSION, - .min_tls_version = TLS1_VERSION, - .max_tls_version = TLS1_2_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl3_accept, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl_undefined_function, - .ssl_renegotiate_check = ssl_ok, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .enc_flags = TLSV1_2_ENC_FLAGS, -}; - -static const SSL_METHOD TLS_client_method_data = { - .dtls = 0, - .server = 0, - .version = TLS1_3_VERSION, - .min_tls_version = TLS1_VERSION, - .max_tls_version = TLS1_3_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = tls13_legacy_accept, - .ssl_connect = tls13_legacy_connect, - .ssl_shutdown = tls13_legacy_shutdown, - .ssl_renegotiate = ssl_undefined_function, - .ssl_renegotiate_check = ssl_ok, - .ssl_pending = tls13_legacy_pending, - .ssl_read_bytes = tls13_legacy_read_bytes, - .ssl_write_bytes = tls13_legacy_write_bytes, - .enc_flags = TLSV1_3_ENC_FLAGS, -}; - -static const SSL_METHOD TLSv1_method_data = { - .dtls = 0, - .server = 1, - .version = TLS1_VERSION, - .min_tls_version = TLS1_VERSION, - .max_tls_version = TLS1_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl3_accept, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .enc_flags = TLSV1_ENC_FLAGS, -}; - -static const SSL_METHOD TLSv1_client_method_data = { - .dtls = 0, - .server = 0, - .version = TLS1_VERSION, - .min_tls_version = TLS1_VERSION, - .max_tls_version = TLS1_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl_undefined_function, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .enc_flags = TLSV1_ENC_FLAGS, -}; - -static const SSL_METHOD TLSv1_1_method_data = { - .dtls = 0, - .server = 1, - .version = TLS1_1_VERSION, - .min_tls_version = TLS1_1_VERSION, - .max_tls_version = TLS1_1_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl3_accept, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .enc_flags = TLSV1_1_ENC_FLAGS, -}; - -static const SSL_METHOD TLSv1_1_client_method_data = { - .dtls = 0, - .server = 0, - .version = TLS1_1_VERSION, - .min_tls_version = TLS1_1_VERSION, - .max_tls_version = TLS1_1_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl_undefined_function, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .enc_flags = TLSV1_1_ENC_FLAGS, -}; - -static const SSL_METHOD TLSv1_2_method_data = { - .dtls = 0, - .server = 1, - .version = TLS1_2_VERSION, - .min_tls_version = TLS1_2_VERSION, - .max_tls_version = TLS1_2_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl3_accept, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .enc_flags = TLSV1_2_ENC_FLAGS, -}; - -static const SSL_METHOD TLSv1_2_client_method_data = { - .dtls = 0, - .server = 0, - .version = TLS1_2_VERSION, - .min_tls_version = TLS1_2_VERSION, - .max_tls_version = TLS1_2_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl_undefined_function, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .enc_flags = TLSV1_2_ENC_FLAGS, -}; - -const SSL_METHOD * -TLS_client_method(void) -{ - return (&TLS_client_method_data); -} -LSSL_ALIAS(TLS_client_method); - -const SSL_METHOD * -TLS_method(void) -{ - return (&TLS_method_data); -} -LSSL_ALIAS(TLS_method); - -const SSL_METHOD * -TLS_server_method(void) -{ - return TLS_method(); -} -LSSL_ALIAS(TLS_server_method); - -const SSL_METHOD * -tls_legacy_method(void) -{ - return (&TLS_legacy_method_data); -} - -const SSL_METHOD * -SSLv23_client_method(void) -{ - return TLS_client_method(); -} -LSSL_ALIAS(SSLv23_client_method); - -const SSL_METHOD * -SSLv23_method(void) -{ - return TLS_method(); -} -LSSL_ALIAS(SSLv23_method); - -const SSL_METHOD * -SSLv23_server_method(void) -{ - return TLS_method(); -} -LSSL_ALIAS(SSLv23_server_method); - -const SSL_METHOD * -TLSv1_client_method(void) -{ - return (&TLSv1_client_method_data); -} -LSSL_ALIAS(TLSv1_client_method); - -const SSL_METHOD * -TLSv1_method(void) -{ - return (&TLSv1_method_data); -} -LSSL_ALIAS(TLSv1_method); - -const SSL_METHOD * -TLSv1_server_method(void) -{ - return (&TLSv1_method_data); -} -LSSL_ALIAS(TLSv1_server_method); - -const SSL_METHOD * -TLSv1_1_client_method(void) -{ - return (&TLSv1_1_client_method_data); -} -LSSL_ALIAS(TLSv1_1_client_method); - -const SSL_METHOD * -TLSv1_1_method(void) -{ - return (&TLSv1_1_method_data); -} -LSSL_ALIAS(TLSv1_1_method); - -const SSL_METHOD * -TLSv1_1_server_method(void) -{ - return (&TLSv1_1_method_data); -} -LSSL_ALIAS(TLSv1_1_server_method); - -const SSL_METHOD * -TLSv1_2_client_method(void) -{ - return (&TLSv1_2_client_method_data); -} -LSSL_ALIAS(TLSv1_2_client_method); - -const SSL_METHOD * -TLSv1_2_method(void) -{ - return (&TLSv1_2_method_data); -} -LSSL_ALIAS(TLSv1_2_method); - -const SSL_METHOD * -TLSv1_2_server_method(void) -{ - return (&TLSv1_2_method_data); -} -LSSL_ALIAS(TLSv1_2_server_method); - -const SSL_METHOD * -ssl_get_method(uint16_t version) -{ - if (version == TLS1_3_VERSION) - return (TLS_method()); - if (version == TLS1_2_VERSION) - return (TLSv1_2_method()); - if (version == TLS1_1_VERSION) - return (TLSv1_1_method()); - if (version == TLS1_VERSION) - return (TLSv1_method()); - if (version == DTLS1_VERSION) - return (DTLSv1_method()); - if (version == DTLS1_2_VERSION) - return (DTLSv1_2_method()); - - return (NULL); -} diff --git a/src/lib/libssl/ssl_packet.c b/src/lib/libssl/ssl_packet.c deleted file mode 100644 index 32d6cceb7a..0000000000 --- a/src/lib/libssl/ssl_packet.c +++ /dev/null @@ -1,88 +0,0 @@ -/* $OpenBSD: ssl_packet.c,v 1.16 2024/06/28 13:37:49 jsing Exp $ */ -/* - * Copyright (c) 2016, 2017 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "bytestring.h" -#include "ssl_local.h" - -static int -ssl_is_sslv3_handshake(CBS *header) -{ - uint16_t record_version; - uint8_t record_type; - CBS cbs; - - CBS_dup(header, &cbs); - - if (!CBS_get_u8(&cbs, &record_type) || - !CBS_get_u16(&cbs, &record_version)) - return 0; - - if (record_type != SSL3_RT_HANDSHAKE) - return 0; - if ((record_version >> 8) != SSL3_VERSION_MAJOR) - return 0; - - return 1; -} - -/* - * Potentially do legacy processing on the first packet received by a TLS - * server. We return 1 if we want SSLv3/TLS record processing to continue - * normally, otherwise we must set an SSLerr and return -1. - */ -int -ssl_server_legacy_first_packet(SSL *s) -{ - const char *data; - CBS header; - - if (SSL_is_dtls(s)) - return 1; - - CBS_init(&header, s->packet, SSL3_RT_HEADER_LENGTH); - - if (ssl_is_sslv3_handshake(&header) == 1) - return 1; - - /* Only continue if this is not a version locked method. */ - if (s->method->min_tls_version == s->method->max_tls_version) - return 1; - - /* Ensure that we have SSL3_RT_HEADER_LENGTH (5 bytes) of the packet. */ - if (CBS_len(&header) != SSL3_RT_HEADER_LENGTH) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - return -1; - } - data = (const char *)CBS_data(&header); - - /* Is this a cleartext protocol? */ - if (strncmp("GET ", data, 4) == 0 || - strncmp("POST ", data, 5) == 0 || - strncmp("HEAD ", data, 5) == 0 || - strncmp("PUT ", data, 4) == 0) { - SSLerror(s, SSL_R_HTTP_REQUEST); - return -1; - } - if (strncmp("CONNE", data, 5) == 0) { - SSLerror(s, SSL_R_HTTPS_PROXY_REQUEST); - return -1; - } - - SSLerror(s, SSL_R_UNKNOWN_PROTOCOL); - - return -1; -} diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c deleted file mode 100644 index 7032175aac..0000000000 --- a/src/lib/libssl/ssl_pkt.c +++ /dev/null @@ -1,1322 +0,0 @@ -/* $OpenBSD: ssl_pkt.c,v 1.69 2025/03/12 14:03:55 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include - -#include -#include - -#include "bytestring.h" -#include "dtls_local.h" -#include "ssl_local.h" -#include "tls_content.h" - -static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, - unsigned int len); -static int ssl3_get_record(SSL *s); - -/* - * Force a WANT_READ return for certain error conditions where - * we don't want to spin internally. - */ -void -ssl_force_want_read(SSL *s) -{ - BIO *bio; - - bio = SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - - s->rwstate = SSL_READING; -} - -/* - * If extend == 0, obtain new n-byte packet; if extend == 1, increase - * packet by another n bytes. - * The packet will be in the sub-array of s->s3->rbuf.buf specified - * by s->packet and s->packet_length. - * (If s->read_ahead is set, 'max' bytes may be stored in rbuf - * [plus s->packet_length bytes if extend == 1].) - */ -static int -ssl3_read_n(SSL *s, int n, int max, int extend) -{ - SSL3_BUFFER_INTERNAL *rb = &(s->s3->rbuf); - int i, len, left; - size_t align; - unsigned char *pkt; - - if (n <= 0) - return n; - - if (rb->buf == NULL) { - if (!ssl3_setup_read_buffer(s)) - return -1; - } - if (rb->buf == NULL) - return -1; - - left = rb->left; - align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH; - align = (-align) & (SSL3_ALIGN_PAYLOAD - 1); - - if (!extend) { - /* start with empty packet ... */ - if (left == 0) - rb->offset = align; - else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) { - /* check if next packet length is large - * enough to justify payload alignment... */ - pkt = rb->buf + rb->offset; - if (pkt[0] == SSL3_RT_APPLICATION_DATA && - (pkt[3]<<8|pkt[4]) >= 128) { - /* Note that even if packet is corrupted - * and its length field is insane, we can - * only be led to wrong decision about - * whether memmove will occur or not. - * Header values has no effect on memmove - * arguments and therefore no buffer - * overrun can be triggered. */ - memmove(rb->buf + align, pkt, left); - rb->offset = align; - } - } - s->packet = rb->buf + rb->offset; - s->packet_length = 0; - /* ... now we can act as if 'extend' was set */ - } - - /* For DTLS/UDP reads should not span multiple packets - * because the read operation returns the whole packet - * at once (as long as it fits into the buffer). */ - if (SSL_is_dtls(s)) { - if (left > 0 && n > left) - n = left; - } - - /* if there is enough in the buffer from a previous read, take some */ - if (left >= n) { - s->packet_length += n; - rb->left = left - n; - rb->offset += n; - return (n); - } - - /* else we need to read more data */ - - len = s->packet_length; - pkt = rb->buf + align; - /* Move any available bytes to front of buffer: - * 'len' bytes already pointed to by 'packet', - * 'left' extra ones at the end */ - if (s->packet != pkt) { - /* len > 0 */ - memmove(pkt, s->packet, len + left); - s->packet = pkt; - rb->offset = len + align; - } - - if (n > (int)(rb->len - rb->offset)) { - /* does not happen */ - SSLerror(s, ERR_R_INTERNAL_ERROR); - return -1; - } - - if (s->read_ahead || SSL_is_dtls(s)) { - if (max < n) - max = n; - if (max > (int)(rb->len - rb->offset)) - max = rb->len - rb->offset; - } else { - /* ignore max parameter */ - max = n; - } - - while (left < n) { - /* Now we have len+left bytes at the front of s->s3->rbuf.buf - * and need to read in more until we have len+n (up to - * len+max if possible) */ - - errno = 0; - if (s->rbio != NULL) { - s->rwstate = SSL_READING; - i = BIO_read(s->rbio, pkt + len + left, max - left); - } else { - SSLerror(s, SSL_R_READ_BIO_NOT_SET); - i = -1; - } - - if (i <= 0) { - rb->left = left; - if (s->mode & SSL_MODE_RELEASE_BUFFERS && - !SSL_is_dtls(s)) { - if (len + left == 0) - ssl3_release_read_buffer(s); - } - return (i); - } - left += i; - - /* - * reads should *never* span multiple packets for DTLS because - * the underlying transport protocol is message oriented as - * opposed to byte oriented as in the TLS case. - */ - if (SSL_is_dtls(s)) { - if (n > left) - n = left; /* makes the while condition false */ - } - } - - /* done reading, now the book-keeping */ - rb->offset += n; - rb->left = left - n; - s->packet_length += n; - s->rwstate = SSL_NOTHING; - - return (n); -} - -int -ssl3_packet_read(SSL *s, int plen) -{ - int n; - - n = ssl3_read_n(s, plen, s->s3->rbuf.len, 0); - if (n <= 0) - return n; - if (s->packet_length < plen) - return s->packet_length; - - return plen; -} - -int -ssl3_packet_extend(SSL *s, int plen) -{ - int rlen, n; - - if (s->packet_length >= plen) - return plen; - rlen = plen - s->packet_length; - - n = ssl3_read_n(s, rlen, rlen, 1); - if (n <= 0) - return n; - if (s->packet_length < plen) - return s->packet_length; - - return plen; -} - -/* Call this to get a new input record. - * It will return <= 0 if more data is needed, normally due to an error - * or non-blocking IO. - * When it finishes, one packet has been decoded and can be found in - * ssl->s3->rrec.type - is the type of record - * ssl->s3->rrec.data, - data - * ssl->s3->rrec.length, - number of bytes - */ -/* used only by ssl3_read_bytes */ -static int -ssl3_get_record(SSL *s) -{ - SSL3_BUFFER_INTERNAL *rb = &(s->s3->rbuf); - SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec); - uint8_t alert_desc; - int al, n; - int ret = -1; - - again: - /* check if we have the header */ - if ((s->rstate != SSL_ST_READ_BODY) || - (s->packet_length < SSL3_RT_HEADER_LENGTH)) { - CBS header; - uint16_t len, ssl_version; - uint8_t type; - - n = ssl3_packet_read(s, SSL3_RT_HEADER_LENGTH); - if (n <= 0) - return (n); - - s->mac_packet = 1; - s->rstate = SSL_ST_READ_BODY; - - if (s->server && s->first_packet) { - if ((ret = ssl_server_legacy_first_packet(s)) != 1) - return (ret); - ret = -1; - } - - CBS_init(&header, s->packet, SSL3_RT_HEADER_LENGTH); - - /* Pull apart the header into the SSL3_RECORD_INTERNAL */ - if (!CBS_get_u8(&header, &type) || - !CBS_get_u16(&header, &ssl_version) || - !CBS_get_u16(&header, &len)) { - SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - goto err; - } - - rr->type = type; - rr->length = len; - - /* Lets check version */ - if (!s->first_packet && ssl_version != s->version) { - if ((s->version & 0xFF00) == (ssl_version & 0xFF00) && - !tls12_record_layer_write_protected(s->rl)) { - /* Send back error using their minor version number :-) */ - s->version = ssl_version; - } - SSLerror(s, SSL_R_WRONG_VERSION_NUMBER); - al = SSL_AD_PROTOCOL_VERSION; - goto fatal_err; - } - - if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) { - SSLerror(s, SSL_R_WRONG_VERSION_NUMBER); - goto err; - } - - if (rr->length > rb->len - SSL3_RT_HEADER_LENGTH) { - al = SSL_AD_RECORD_OVERFLOW; - SSLerror(s, SSL_R_PACKET_LENGTH_TOO_LONG); - goto fatal_err; - } - } - - n = ssl3_packet_extend(s, SSL3_RT_HEADER_LENGTH + rr->length); - if (n <= 0) - return (n); - if (n != SSL3_RT_HEADER_LENGTH + rr->length) - return (n); - - s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */ - - /* - * A full record has now been read from the wire, which now needs - * to be processed. - */ - tls12_record_layer_set_version(s->rl, s->version); - - if (!tls12_record_layer_open_record(s->rl, s->packet, s->packet_length, - s->s3->rcontent)) { - tls12_record_layer_alert(s->rl, &alert_desc); - - if (alert_desc == 0) - goto err; - - if (alert_desc == SSL_AD_RECORD_OVERFLOW) - SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); - else if (alert_desc == SSL_AD_BAD_RECORD_MAC) - SSLerror(s, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); - - al = alert_desc; - goto fatal_err; - } - - /* we have pulled in a full packet so zero things */ - s->packet_length = 0; - - if (tls_content_remaining(s->s3->rcontent) == 0) { - /* - * Zero-length fragments are only permitted for application - * data, as per RFC 5246 section 6.2.1. - */ - if (rr->type != SSL3_RT_APPLICATION_DATA) { - SSLerror(s, SSL_R_BAD_LENGTH); - al = SSL_AD_UNEXPECTED_MESSAGE; - goto fatal_err; - } - - tls_content_clear(s->s3->rcontent); - - /* - * CBC countermeasures for known IV weaknesses can legitimately - * insert a single empty record, so we allow ourselves to read - * once past a single empty record without forcing want_read. - */ - if (s->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) { - SSLerror(s, SSL_R_PEER_BEHAVING_BADLY); - return -1; - } - if (s->empty_record_count > 1) { - ssl_force_want_read(s); - return -1; - } - goto again; - } - - s->empty_record_count = 0; - - return (1); - - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - err: - return (ret); -} - -/* Call this to write data in records of type 'type' - * It will return <= 0 if not all data has been sent or non-blocking IO. - */ -int -ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) -{ - const unsigned char *buf = buf_; - unsigned int tot, n, nw; - int i; - - if (len < 0) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - return -1; - } - - s->rwstate = SSL_NOTHING; - tot = s->s3->wnum; - s->s3->wnum = 0; - - if (SSL_in_init(s) && !s->in_handshake) { - i = s->handshake_func(s); - if (i < 0) - return (i); - if (i == 0) { - SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); - return -1; - } - } - - if (len < tot) - len = tot; - n = (len - tot); - for (;;) { - if (n > s->max_send_fragment) - nw = s->max_send_fragment; - else - nw = n; - - i = do_ssl3_write(s, type, &(buf[tot]), nw); - if (i <= 0) { - s->s3->wnum = tot; - return i; - } - - if ((i == (int)n) || (type == SSL3_RT_APPLICATION_DATA && - (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) { - /* - * Next chunk of data should get another prepended - * empty fragment in ciphersuites with known-IV - * weakness. - */ - s->s3->empty_fragment_done = 0; - - return tot + i; - } - - n -= i; - tot += i; - } -} - -static int -do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) -{ - SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf); - SSL_SESSION *sess = s->session; - int need_empty_fragment = 0; - size_t align, out_len; - CBB cbb; - int ret; - - memset(&cbb, 0, sizeof(cbb)); - - if (wb->buf == NULL) - if (!ssl3_setup_write_buffer(s)) - return -1; - - /* - * First check if there is a SSL3_BUFFER_INTERNAL still being written - * out. This will happen with non blocking IO. - */ - if (wb->left != 0) - return (ssl3_write_pending(s, type, buf, len)); - - /* If we have an alert to send, let's send it. */ - if (s->s3->alert_dispatch) { - if ((ret = ssl3_dispatch_alert(s)) <= 0) - return (ret); - /* If it went, fall through and send more stuff. */ - - /* We may have released our buffer, if so get it again. */ - if (wb->buf == NULL) - if (!ssl3_setup_write_buffer(s)) - return -1; - } - - if (len == 0) - return 0; - - /* - * Countermeasure against known-IV weakness in CBC ciphersuites - * (see http://www.openssl.org/~bodo/tls-cbc.txt). Note that this - * is unnecessary for AEAD. - */ - if (sess != NULL && tls12_record_layer_write_protected(s->rl)) { - if (s->s3->need_empty_fragments && - !s->s3->empty_fragment_done && - type == SSL3_RT_APPLICATION_DATA) - need_empty_fragment = 1; - } - - /* - * An extra fragment would be a couple of cipher blocks, which would - * be a multiple of SSL3_ALIGN_PAYLOAD, so if we want to align the real - * payload, then we can just simply pretend we have two headers. - */ - align = (size_t)wb->buf + SSL3_RT_HEADER_LENGTH; - if (need_empty_fragment) - align += SSL3_RT_HEADER_LENGTH; - align = (-align) & (SSL3_ALIGN_PAYLOAD - 1); - wb->offset = align; - - if (!CBB_init_fixed(&cbb, wb->buf + align, wb->len - align)) - goto err; - - tls12_record_layer_set_version(s->rl, s->version); - - if (need_empty_fragment) { - if (!tls12_record_layer_seal_record(s->rl, type, - buf, 0, &cbb)) - goto err; - s->s3->empty_fragment_done = 1; - } - - if (!tls12_record_layer_seal_record(s->rl, type, buf, len, &cbb)) - goto err; - - if (!CBB_finish(&cbb, NULL, &out_len)) - goto err; - - wb->left = out_len; - - /* - * Memorize arguments so that ssl3_write_pending can detect - * bad write retries later. - */ - s->s3->wpend_tot = len; - s->s3->wpend_buf = buf; - s->s3->wpend_type = type; - s->s3->wpend_ret = len; - - /* We now just need to write the buffer. */ - return ssl3_write_pending(s, type, buf, len); - - err: - CBB_cleanup(&cbb); - - return -1; -} - -/* if s->s3->wbuf.left != 0, we need to call this */ -int -ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) -{ - int i; - SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf); - - /* XXXX */ - if ((s->s3->wpend_tot > (int)len) || ((s->s3->wpend_buf != buf) && - !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) || - (s->s3->wpend_type != type)) { - SSLerror(s, SSL_R_BAD_WRITE_RETRY); - return (-1); - } - - for (;;) { - errno = 0; - if (s->wbio != NULL) { - s->rwstate = SSL_WRITING; - i = BIO_write(s->wbio, (char *)&(wb->buf[wb->offset]), - (unsigned int)wb->left); - } else { - SSLerror(s, SSL_R_BIO_NOT_SET); - i = -1; - } - if (i == wb->left) { - wb->left = 0; - wb->offset += i; - if (s->mode & SSL_MODE_RELEASE_BUFFERS && - !SSL_is_dtls(s)) - ssl3_release_write_buffer(s); - s->rwstate = SSL_NOTHING; - return (s->s3->wpend_ret); - } else if (i <= 0) { - /* - * For DTLS, just drop it. That's kind of the - * whole point in using a datagram service. - */ - if (SSL_is_dtls(s)) - wb->left = 0; - return (i); - } - wb->offset += i; - wb->left -= i; - } -} - -static ssize_t -ssl3_read_cb(void *buf, size_t n, void *cb_arg) -{ - SSL *s = cb_arg; - - return tls_content_read(s->s3->rcontent, buf, n); -} - -#define SSL3_ALERT_LENGTH 2 - -int -ssl3_read_alert(SSL *s) -{ - uint8_t alert_level, alert_descr; - ssize_t ret; - CBS cbs; - - /* - * TLSv1.2 permits an alert to be fragmented across multiple records or - * for multiple alerts to be be coalesced into a single alert record. - * In the case of DTLS, there is no way to reassemble an alert - * fragmented across multiple records, hence a full alert must be - * available in the record. - */ - if (s->s3->alert_fragment == NULL) { - if ((s->s3->alert_fragment = tls_buffer_new(0)) == NULL) - return -1; - tls_buffer_set_capacity_limit(s->s3->alert_fragment, - SSL3_ALERT_LENGTH); - } - ret = tls_buffer_extend(s->s3->alert_fragment, SSL3_ALERT_LENGTH, - ssl3_read_cb, s); - if (ret <= 0 && ret != TLS_IO_WANT_POLLIN) - return -1; - if (ret != SSL3_ALERT_LENGTH) { - if (SSL_is_dtls(s)) { - SSLerror(s, SSL_R_BAD_LENGTH); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - return -1; - } - return 1; - } - - if (!tls_buffer_data(s->s3->alert_fragment, &cbs)) - return -1; - - ssl_msg_callback_cbs(s, 0, SSL3_RT_ALERT, &cbs); - - if (!CBS_get_u8(&cbs, &alert_level)) - return -1; - if (!CBS_get_u8(&cbs, &alert_descr)) - return -1; - - tls_buffer_free(s->s3->alert_fragment); - s->s3->alert_fragment = NULL; - - ssl_info_callback(s, SSL_CB_READ_ALERT, - (alert_level << 8) | alert_descr); - - if (alert_level == SSL3_AL_WARNING) { - s->s3->warn_alert = alert_descr; - if (alert_descr == SSL_AD_CLOSE_NOTIFY) { - s->shutdown |= SSL_RECEIVED_SHUTDOWN; - return 0; - } - /* We requested renegotiation and the peer rejected it. */ - if (alert_descr == SSL_AD_NO_RENEGOTIATION) { - SSLerror(s, SSL_R_NO_RENEGOTIATION); - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_HANDSHAKE_FAILURE); - return -1; - } - } else if (alert_level == SSL3_AL_FATAL) { - s->rwstate = SSL_NOTHING; - s->s3->fatal_alert = alert_descr; - SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr); - ERR_asprintf_error_data("SSL alert number %d", alert_descr); - s->shutdown |= SSL_RECEIVED_SHUTDOWN; - SSL_CTX_remove_session(s->ctx, s->session); - return 0; - } else { - SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); - return -1; - } - - return 1; -} - -int -ssl3_read_change_cipher_spec(SSL *s) -{ - const uint8_t ccs[1] = { SSL3_MT_CCS }; - - /* - * 'Change Cipher Spec' is just a single byte, so we know exactly what - * the record payload has to look like. - */ - if (tls_content_remaining(s->s3->rcontent) != sizeof(ccs)) { - SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - return -1; - } - if (!tls_content_equal(s->s3->rcontent, ccs, sizeof(ccs))) { - SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); - return -1; - } - - /* XDTLS: check that epoch is consistent */ - - ssl_msg_callback_cbs(s, 0, SSL3_RT_CHANGE_CIPHER_SPEC, - tls_content_cbs(s->s3->rcontent)); - - /* Check that we have a cipher to change to. */ - if (s->s3->hs.cipher == NULL) { - SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); - return -1; - } - - /* Check that we should be receiving a Change Cipher Spec. */ - if (SSL_is_dtls(s)) { - if (!s->d1->change_cipher_spec_ok) { - /* - * We can't process a CCS now, because previous - * handshake messages are still missing, so just - * drop it. - */ - tls_content_clear(s->s3->rcontent); - return 1; - } - s->d1->change_cipher_spec_ok = 0; - } else { - if ((s->s3->flags & SSL3_FLAGS_CCS_OK) == 0) { - SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_UNEXPECTED_MESSAGE); - return -1; - } - s->s3->flags &= ~SSL3_FLAGS_CCS_OK; - } - - tls_content_clear(s->s3->rcontent); - - s->s3->change_cipher_spec = 1; - if (!ssl3_do_change_cipher_spec(s)) - return -1; - - return 1; -} - -static int -ssl3_read_handshake_unexpected(SSL *s) -{ - uint32_t hs_msg_length; - uint8_t hs_msg_type; - ssize_t ssret; - CBS cbs; - int ret; - - /* - * We need four bytes of handshake data so we have a handshake message - * header - this may be in the same record or fragmented across multiple - * records. - */ - if (s->s3->handshake_fragment == NULL) { - if ((s->s3->handshake_fragment = tls_buffer_new(0)) == NULL) - return -1; - tls_buffer_set_capacity_limit(s->s3->handshake_fragment, - SSL3_HM_HEADER_LENGTH); - } - ssret = tls_buffer_extend(s->s3->handshake_fragment, SSL3_HM_HEADER_LENGTH, - ssl3_read_cb, s); - if (ssret <= 0 && ssret != TLS_IO_WANT_POLLIN) - return -1; - if (ssret != SSL3_HM_HEADER_LENGTH) - return 1; - - if (s->in_handshake) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - return -1; - } - - /* - * This code currently deals with HelloRequest and ClientHello messages - - * anything else is pushed to the handshake_func. Almost all of this - * belongs in the client/server handshake code. - */ - - /* Parse handshake message header. */ - if (!tls_buffer_data(s->s3->handshake_fragment, &cbs)) - return -1; - if (!CBS_get_u8(&cbs, &hs_msg_type)) - return -1; - if (!CBS_get_u24(&cbs, &hs_msg_length)) - return -1; - - if (hs_msg_type == SSL3_MT_HELLO_REQUEST) { - /* - * Incoming HelloRequest messages should only be received by a - * client. A server may send these at any time - a client should - * ignore the message if received in the middle of a handshake. - * See RFC 5246 sections 7.4 and 7.4.1.1. - */ - if (s->server) { - SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_UNEXPECTED_MESSAGE); - return -1; - } - - if (hs_msg_length != 0) { - SSLerror(s, SSL_R_BAD_HELLO_REQUEST); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - return -1; - } - - if (!tls_buffer_data(s->s3->handshake_fragment, &cbs)) - return -1; - ssl_msg_callback_cbs(s, 0, SSL3_RT_HANDSHAKE, &cbs); - - tls_buffer_free(s->s3->handshake_fragment); - s->s3->handshake_fragment = NULL; - - if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0) { - ssl3_send_alert(s, SSL3_AL_WARNING, - SSL_AD_NO_RENEGOTIATION); - return 1; - } - - /* - * It should be impossible to hit this, but keep the safety - * harness for now... - */ - if (s->session == NULL || s->s3->hs.cipher == NULL) - return 1; - - /* - * Ignore this message if we're currently handshaking, - * renegotiation is already pending or renegotiation is disabled - * via flags. - */ - if (!SSL_is_init_finished(s) || s->s3->renegotiate || - (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) != 0) - return 1; - - if (!ssl3_renegotiate(s)) - return 1; - if (!ssl3_renegotiate_check(s)) - return 1; - - } else if (hs_msg_type == SSL3_MT_CLIENT_HELLO) { - /* - * Incoming ClientHello messages should only be received by a - * server. A client may send these in response to server - * initiated renegotiation (HelloRequest) or in order to - * initiate renegotiation by the client. See RFC 5246 section - * 7.4.1.2. - */ - if (!s->server) { - SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_UNEXPECTED_MESSAGE); - return -1; - } - - /* - * A client should not be sending a ClientHello unless we're not - * currently handshaking. - */ - if (!SSL_is_init_finished(s)) { - SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_UNEXPECTED_MESSAGE); - return -1; - } - - if ((s->options & SSL_OP_NO_CLIENT_RENEGOTIATION) != 0 || - ((s->options & SSL_OP_NO_RENEGOTIATION) != 0 && - (s->options & SSL_OP_ALLOW_CLIENT_RENEGOTIATION) == 0)) { - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_NO_RENEGOTIATION); - return -1; - } - - if (s->session == NULL || s->s3->hs.cipher == NULL) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - return -1; - } - - /* Client requested renegotiation but it is not permitted. */ - if (!s->s3->send_connection_binding || - (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) != 0) { - ssl3_send_alert(s, SSL3_AL_WARNING, - SSL_AD_NO_RENEGOTIATION); - return 1; - } - - s->s3->hs.state = SSL_ST_ACCEPT; - s->renegotiate = 1; - s->new_session = 1; - - } else { - SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); - return -1; - } - - if ((ret = s->handshake_func(s)) < 0) - return ret; - if (ret == 0) { - SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); - return -1; - } - - if (!(s->mode & SSL_MODE_AUTO_RETRY)) { - if (s->s3->rbuf.left == 0) { - ssl_force_want_read(s); - return -1; - } - } - - /* - * We either finished a handshake or ignored the request, now try again - * to obtain the (application) data we were asked for. - */ - return 1; -} - -/* Return up to 'len' payload bytes received in 'type' records. - * 'type' is one of the following: - * - * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) - * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us) - * - 0 (during a shutdown, no data has to be returned) - * - * If we don't have stored data to work from, read a SSL/TLS record first - * (possibly multiple records if we still don't have anything to return). - * - * This function must handle any surprises the peer may have for us, such as - * Alert records (e.g. close_notify), ChangeCipherSpec records (not really - * a surprise, but handled as if it were), or renegotiation requests. - * Also if record payloads contain fragments too small to process, we store - * them until there is enough for the respective protocol (the record protocol - * may use arbitrary fragmentation and even interleaving): - * Change cipher spec protocol - * just 1 byte needed, no need for keeping anything stored - * Alert protocol - * 2 bytes needed (AlertLevel, AlertDescription) - * Handshake protocol - * 4 bytes needed (HandshakeType, uint24 length) -- we just have - * to detect unexpected Client Hello and Hello Request messages - * here, anything else is handled by higher layers - * Application data protocol - * none of our business - */ -int -ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) -{ - int rrcount = 0; - ssize_t ssret; - int ret; - - if (s->s3->rbuf.buf == NULL) { - if (!ssl3_setup_read_buffer(s)) - return -1; - } - - if (s->s3->rcontent == NULL) { - if ((s->s3->rcontent = tls_content_new()) == NULL) - return -1; - } - - if (len < 0) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - return -1; - } - - if (type != 0 && type != SSL3_RT_APPLICATION_DATA && - type != SSL3_RT_HANDSHAKE) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - return -1; - } - if (peek && type != SSL3_RT_APPLICATION_DATA) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - return -1; - } - - if (type == SSL3_RT_HANDSHAKE && - s->s3->handshake_fragment != NULL && - tls_buffer_remaining(s->s3->handshake_fragment) > 0) { - ssize_t ssn; - - if ((ssn = tls_buffer_read(s->s3->handshake_fragment, buf, - len)) <= 0) - return -1; - - if (tls_buffer_remaining(s->s3->handshake_fragment) == 0) { - tls_buffer_free(s->s3->handshake_fragment); - s->s3->handshake_fragment = NULL; - } - - return (int)ssn; - } - - if (SSL_in_init(s) && !s->in_handshake) { - if ((ret = s->handshake_func(s)) < 0) - return ret; - if (ret == 0) { - SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); - return -1; - } - } - - start: - /* - * Do not process more than three consecutive records, otherwise the - * peer can cause us to loop indefinitely. Instead, return with an - * SSL_ERROR_WANT_READ so the caller can choose when to handle further - * processing. In the future, the total number of non-handshake and - * non-application data records per connection should probably also be - * limited... - */ - if (rrcount++ >= 3) { - ssl_force_want_read(s); - return -1; - } - - s->rwstate = SSL_NOTHING; - - if (tls_content_remaining(s->s3->rcontent) == 0) { - if ((ret = ssl3_get_record(s)) <= 0) - return ret; - } - - /* We now have a packet which can be read and processed. */ - - if (s->s3->change_cipher_spec && - tls_content_type(s->s3->rcontent) != SSL3_RT_HANDSHAKE) { - SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); - return -1; - } - - /* - * If the other end has shut down, throw anything we read away (even in - * 'peek' mode). - */ - if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { - s->rwstate = SSL_NOTHING; - tls_content_clear(s->s3->rcontent); - s->s3->rrec.length = 0; - return 0; - } - - /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ - if (tls_content_type(s->s3->rcontent) == type) { - /* - * Make sure that we are not getting application data when we - * are doing a handshake for the first time. - */ - if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA && - !tls12_record_layer_read_protected(s->rl)) { - SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE); - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_UNEXPECTED_MESSAGE); - return -1; - } - - if (len <= 0) - return len; - - if (peek) { - ssret = tls_content_peek(s->s3->rcontent, buf, len); - } else { - ssret = tls_content_read(s->s3->rcontent, buf, len); - } - if (ssret < INT_MIN || ssret > INT_MAX) - return -1; - if (ssret < 0) - return (int)ssret; - - if (tls_content_remaining(s->s3->rcontent) == 0) { - s->rstate = SSL_ST_READ_HEADER; - - if (s->mode & SSL_MODE_RELEASE_BUFFERS && - s->s3->rbuf.left == 0) - ssl3_release_read_buffer(s); - } - - return ssret; - } - - if (tls_content_type(s->s3->rcontent) == SSL3_RT_ALERT) { - if ((ret = ssl3_read_alert(s)) <= 0) - return ret; - goto start; - } - - if (s->shutdown & SSL_SENT_SHUTDOWN) { - s->rwstate = SSL_NOTHING; - tls_content_clear(s->s3->rcontent); - s->s3->rrec.length = 0; - return 0; - } - - if (tls_content_type(s->s3->rcontent) == SSL3_RT_APPLICATION_DATA) { - /* - * At this point, we were expecting handshake data, but have - * application data. If the library was running inside - * ssl3_read() (i.e. in_read_app_data is set) and it makes - * sense to read application data at this point (session - * renegotiation not yet started), we will indulge it. - */ - if (s->s3->in_read_app_data != 0 && - s->s3->total_renegotiations != 0 && - (((s->s3->hs.state & SSL_ST_CONNECT) && - (s->s3->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) && - (s->s3->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || ( - (s->s3->hs.state & SSL_ST_ACCEPT) && - (s->s3->hs.state <= SSL3_ST_SW_HELLO_REQ_A) && - (s->s3->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) { - s->s3->in_read_app_data = 2; - return -1; - } else { - SSLerror(s, SSL_R_UNEXPECTED_RECORD); - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_UNEXPECTED_MESSAGE); - return -1; - } - } - - if (tls_content_type(s->s3->rcontent) == SSL3_RT_CHANGE_CIPHER_SPEC) { - if ((ret = ssl3_read_change_cipher_spec(s)) <= 0) - return ret; - goto start; - } - - if (tls_content_type(s->s3->rcontent) == SSL3_RT_HANDSHAKE) { - if ((ret = ssl3_read_handshake_unexpected(s)) <= 0) - return ret; - goto start; - } - - /* - * Unknown record type - TLSv1.2 sends an unexpected message alert while - * earlier versions silently ignore the record. - */ - if (ssl_effective_tls_version(s) <= TLS1_1_VERSION) { - tls_content_clear(s->s3->rcontent); - goto start; - } - SSLerror(s, SSL_R_UNEXPECTED_RECORD); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); - return -1; -} - -int -ssl3_do_change_cipher_spec(SSL *s) -{ - if (s->s3->hs.tls12.key_block == NULL) { - if (s->session == NULL || s->session->master_key_length == 0) { - /* might happen if dtls1_read_bytes() calls this */ - SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); - return (0); - } - - s->session->cipher_value = s->s3->hs.cipher->value; - - if (!tls1_setup_key_block(s)) - return (0); - } - - if (!tls1_change_read_cipher_state(s)) - return (0); - - /* - * We have to record the message digest at this point so we can get it - * before we read the finished message. - */ - if (!tls12_derive_peer_finished(s)) - return (0); - - return (1); -} - -static int -ssl3_write_alert(SSL *s) -{ - if (SSL_is_dtls(s)) - return do_dtls1_write(s, SSL3_RT_ALERT, s->s3->send_alert, - sizeof(s->s3->send_alert)); - - return do_ssl3_write(s, SSL3_RT_ALERT, s->s3->send_alert, - sizeof(s->s3->send_alert)); -} - -int -ssl3_send_alert(SSL *s, int level, int desc) -{ - /* If alert is fatal, remove session from cache. */ - if (level == SSL3_AL_FATAL) - SSL_CTX_remove_session(s->ctx, s->session); - - s->s3->alert_dispatch = 1; - s->s3->send_alert[0] = level; - s->s3->send_alert[1] = desc; - - /* - * If data is still being written out, the alert will be dispatched at - * some point in the future. - */ - if (s->s3->wbuf.left != 0) - return -1; - - return ssl3_dispatch_alert(s); -} - -int -ssl3_dispatch_alert(SSL *s) -{ - int ret; - - s->s3->alert_dispatch = 0; - if ((ret = ssl3_write_alert(s)) <= 0) { - s->s3->alert_dispatch = 1; - return ret; - } - - /* - * Alert sent to BIO. If it is important, flush it now. - * If the message does not get sent due to non-blocking IO, - * we will not worry too much. - */ - if (s->s3->send_alert[0] == SSL3_AL_FATAL) - (void)BIO_flush(s->wbio); - - ssl_msg_callback(s, 1, SSL3_RT_ALERT, s->s3->send_alert, 2); - - ssl_info_callback(s, SSL_CB_WRITE_ALERT, - (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]); - - return ret; -} diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c deleted file mode 100644 index 6c8a2be3d3..0000000000 --- a/src/lib/libssl/ssl_rsa.c +++ /dev/null @@ -1,777 +0,0 @@ -/* $OpenBSD: ssl_rsa.c,v 1.51 2023/12/30 06:25:56 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include -#include -#include -#include -#include - -#include "ssl_local.h" - -static int ssl_get_password_cb_and_arg(SSL_CTX *ctx, SSL *ssl, - pem_password_cb **passwd_cb, void **passwd_arg); -static int ssl_set_cert(SSL_CTX *ctx, SSL *ssl, X509 *x509); -static int ssl_set_pkey(SSL_CTX *ctx, SSL *ssl, EVP_PKEY *pkey); -static int ssl_use_certificate_chain_bio(SSL_CTX *ctx, SSL *ssl, BIO *in); -static int ssl_use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, - const char *file); - -int -SSL_use_certificate(SSL *ssl, X509 *x) -{ - if (x == NULL) { - SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER); - return (0); - } - return ssl_set_cert(NULL, ssl, x); -} -LSSL_ALIAS(SSL_use_certificate); - -int -SSL_use_certificate_file(SSL *ssl, const char *file, int type) -{ - int j; - BIO *in; - int ret = 0; - X509 *x = NULL; - - in = BIO_new(BIO_s_file()); - if (in == NULL) { - SSLerror(ssl, ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in, file) <= 0) { - SSLerror(ssl, ERR_R_SYS_LIB); - goto end; - } - if (type == SSL_FILETYPE_ASN1) { - j = ERR_R_ASN1_LIB; - x = d2i_X509_bio(in, NULL); - } else if (type == SSL_FILETYPE_PEM) { - j = ERR_R_PEM_LIB; - x = PEM_read_bio_X509(in, NULL, - ssl->ctx->default_passwd_callback, - ssl->ctx->default_passwd_callback_userdata); - } else { - SSLerror(ssl, SSL_R_BAD_SSL_FILETYPE); - goto end; - } - - if (x == NULL) { - SSLerror(ssl, j); - goto end; - } - - ret = SSL_use_certificate(ssl, x); - end: - X509_free(x); - BIO_free(in); - return (ret); -} -LSSL_ALIAS(SSL_use_certificate_file); - -int -SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) -{ - X509 *x; - int ret; - - x = d2i_X509(NULL, &d, (long)len); - if (x == NULL) { - SSLerror(ssl, ERR_R_ASN1_LIB); - return (0); - } - - ret = SSL_use_certificate(ssl, x); - X509_free(x); - return (ret); -} -LSSL_ALIAS(SSL_use_certificate_ASN1); - -int -SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) -{ - EVP_PKEY *pkey = NULL; - int ret = 0; - - if (rsa == NULL) { - SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER); - goto err; - } - if ((pkey = EVP_PKEY_new()) == NULL) { - SSLerror(ssl, ERR_R_EVP_LIB); - goto err; - } - if (!EVP_PKEY_set1_RSA(pkey, rsa)) - goto err; - if (!ssl_set_pkey(NULL, ssl, pkey)) - goto err; - - ret = 1; - - err: - EVP_PKEY_free(pkey); - - return ret; -} -LSSL_ALIAS(SSL_use_RSAPrivateKey); - -static int -ssl_set_pkey(SSL_CTX *ctx, SSL *ssl, EVP_PKEY *pkey) -{ - SSL_CERT *c; - int i; - - i = ssl_cert_type(pkey); - if (i < 0) { - SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE); - return (0); - } - - if ((c = ssl_get0_cert(ctx, ssl)) == NULL) - return (0); - - if (c->pkeys[i].x509 != NULL) { - EVP_PKEY *pktmp; - - if ((pktmp = X509_get0_pubkey(c->pkeys[i].x509)) == NULL) - return 0; - - /* - * Callers of EVP_PKEY_copy_parameters() can't distinguish - * errors from the absence of a param_copy() method. So - * pretend it can never fail. - */ - EVP_PKEY_copy_parameters(pktmp, pkey); - - ERR_clear_error(); - - /* - * Don't check the public/private key, this is mostly - * for smart cards. - */ - if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA || - !(RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK)) { - if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { - X509_free(c->pkeys[i].x509); - c->pkeys[i].x509 = NULL; - return 0; - } - } - } - - EVP_PKEY_free(c->pkeys[i].privatekey); - EVP_PKEY_up_ref(pkey); - c->pkeys[i].privatekey = pkey; - c->key = &(c->pkeys[i]); - - c->valid = 0; - return 1; -} - -int -SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) -{ - int j, ret = 0; - BIO *in; - RSA *rsa = NULL; - - in = BIO_new(BIO_s_file()); - if (in == NULL) { - SSLerror(ssl, ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in, file) <= 0) { - SSLerror(ssl, ERR_R_SYS_LIB); - goto end; - } - if (type == SSL_FILETYPE_ASN1) { - j = ERR_R_ASN1_LIB; - rsa = d2i_RSAPrivateKey_bio(in, NULL); - } else if (type == SSL_FILETYPE_PEM) { - j = ERR_R_PEM_LIB; - rsa = PEM_read_bio_RSAPrivateKey(in, NULL, - ssl->ctx->default_passwd_callback, - ssl->ctx->default_passwd_callback_userdata); - } else { - SSLerror(ssl, SSL_R_BAD_SSL_FILETYPE); - goto end; - } - if (rsa == NULL) { - SSLerror(ssl, j); - goto end; - } - ret = SSL_use_RSAPrivateKey(ssl, rsa); - RSA_free(rsa); - end: - BIO_free(in); - return (ret); -} -LSSL_ALIAS(SSL_use_RSAPrivateKey_file); - -int -SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len) -{ - int ret; - RSA *rsa; - - if ((rsa = d2i_RSAPrivateKey(NULL, &d, (long)len)) == NULL) { - SSLerror(ssl, ERR_R_ASN1_LIB); - return (0); - } - - ret = SSL_use_RSAPrivateKey(ssl, rsa); - RSA_free(rsa); - return (ret); -} -LSSL_ALIAS(SSL_use_RSAPrivateKey_ASN1); - -int -SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) -{ - int ret; - - if (pkey == NULL) { - SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER); - return (0); - } - ret = ssl_set_pkey(NULL, ssl, pkey); - return (ret); -} -LSSL_ALIAS(SSL_use_PrivateKey); - -int -SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) -{ - int j, ret = 0; - BIO *in; - EVP_PKEY *pkey = NULL; - - in = BIO_new(BIO_s_file()); - if (in == NULL) { - SSLerror(ssl, ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in, file) <= 0) { - SSLerror(ssl, ERR_R_SYS_LIB); - goto end; - } - if (type == SSL_FILETYPE_PEM) { - j = ERR_R_PEM_LIB; - pkey = PEM_read_bio_PrivateKey(in, NULL, - ssl->ctx->default_passwd_callback, - ssl->ctx->default_passwd_callback_userdata); - } else if (type == SSL_FILETYPE_ASN1) { - j = ERR_R_ASN1_LIB; - pkey = d2i_PrivateKey_bio(in, NULL); - } else { - SSLerror(ssl, SSL_R_BAD_SSL_FILETYPE); - goto end; - } - if (pkey == NULL) { - SSLerror(ssl, j); - goto end; - } - ret = SSL_use_PrivateKey(ssl, pkey); - EVP_PKEY_free(pkey); - end: - BIO_free(in); - return (ret); -} -LSSL_ALIAS(SSL_use_PrivateKey_file); - -int -SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) -{ - int ret; - EVP_PKEY *pkey; - - if ((pkey = d2i_PrivateKey(type, NULL, &d, (long)len)) == NULL) { - SSLerror(ssl, ERR_R_ASN1_LIB); - return (0); - } - - ret = SSL_use_PrivateKey(ssl, pkey); - EVP_PKEY_free(pkey); - return (ret); -} -LSSL_ALIAS(SSL_use_PrivateKey_ASN1); - -int -SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) -{ - if (x == NULL) { - SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); - return (0); - } - return ssl_set_cert(ctx, NULL, x); -} -LSSL_ALIAS(SSL_CTX_use_certificate); - -static int -ssl_get_password_cb_and_arg(SSL_CTX *ctx, SSL *ssl, - pem_password_cb **passwd_cb, void **passwd_arg) -{ - if (ssl != NULL) - ctx = ssl->ctx; - - *passwd_cb = ctx->default_passwd_callback; - *passwd_arg = ctx->default_passwd_callback_userdata; - - return 1; -} - -static int -ssl_set_cert(SSL_CTX *ctx, SSL *ssl, X509 *x) -{ - SSL_CERT *c; - EVP_PKEY *pkey; - int ssl_err; - int i; - - if (!ssl_security_cert(ctx, ssl, x, 1, &ssl_err)) { - SSLerrorx(ssl_err); - return (0); - } - - if ((c = ssl_get0_cert(ctx, ssl)) == NULL) - return (0); - - pkey = X509_get_pubkey(x); - if (pkey == NULL) { - SSLerrorx(SSL_R_X509_LIB); - return (0); - } - - i = ssl_cert_type(pkey); - if (i < 0) { - SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE); - EVP_PKEY_free(pkey); - return (0); - } - - if (c->pkeys[i].privatekey != NULL) { - EVP_PKEY *priv_key = c->pkeys[i].privatekey; - - EVP_PKEY_copy_parameters(pkey, priv_key); - ERR_clear_error(); - - /* - * Don't check the public/private key, this is mostly - * for smart cards. - */ - if (EVP_PKEY_id(priv_key) != EVP_PKEY_RSA || - !(RSA_flags(EVP_PKEY_get0_RSA(priv_key)) & RSA_METHOD_FLAG_NO_CHECK)) { - if (!X509_check_private_key(x, priv_key)) { - /* - * don't fail for a cert/key mismatch, just free - * current private key (when switching to a - * different cert & key, first this function - * should be used, then ssl_set_pkey. - */ - EVP_PKEY_free(c->pkeys[i].privatekey); - c->pkeys[i].privatekey = NULL; - ERR_clear_error(); - } - } - } - - EVP_PKEY_free(pkey); - - X509_free(c->pkeys[i].x509); - X509_up_ref(x); - c->pkeys[i].x509 = x; - c->key = &(c->pkeys[i]); - - c->valid = 0; - return (1); -} - -int -SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) -{ - int j; - BIO *in; - int ret = 0; - X509 *x = NULL; - - in = BIO_new(BIO_s_file()); - if (in == NULL) { - SSLerrorx(ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in, file) <= 0) { - SSLerrorx(ERR_R_SYS_LIB); - goto end; - } - if (type == SSL_FILETYPE_ASN1) { - j = ERR_R_ASN1_LIB; - x = d2i_X509_bio(in, NULL); - } else if (type == SSL_FILETYPE_PEM) { - j = ERR_R_PEM_LIB; - x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); - } else { - SSLerrorx(SSL_R_BAD_SSL_FILETYPE); - goto end; - } - - if (x == NULL) { - SSLerrorx(j); - goto end; - } - - ret = SSL_CTX_use_certificate(ctx, x); - end: - X509_free(x); - BIO_free(in); - return (ret); -} -LSSL_ALIAS(SSL_CTX_use_certificate_file); - -int -SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) -{ - X509 *x; - int ret; - - x = d2i_X509(NULL, &d, (long)len); - if (x == NULL) { - SSLerrorx(ERR_R_ASN1_LIB); - return (0); - } - - ret = SSL_CTX_use_certificate(ctx, x); - X509_free(x); - return (ret); -} -LSSL_ALIAS(SSL_CTX_use_certificate_ASN1); - -int -SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) -{ - EVP_PKEY *pkey = NULL; - int ret = 0; - - if (rsa == NULL) { - SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); - goto err; - } - if ((pkey = EVP_PKEY_new()) == NULL) { - SSLerrorx(ERR_R_EVP_LIB); - goto err; - } - if (!EVP_PKEY_set1_RSA(pkey, rsa)) - goto err; - if (!ssl_set_pkey(ctx, NULL, pkey)) - goto err; - - ret = 1; - - err: - EVP_PKEY_free(pkey); - - return ret; -} -LSSL_ALIAS(SSL_CTX_use_RSAPrivateKey); - -int -SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) -{ - int j, ret = 0; - BIO *in; - RSA *rsa = NULL; - - in = BIO_new(BIO_s_file()); - if (in == NULL) { - SSLerrorx(ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in, file) <= 0) { - SSLerrorx(ERR_R_SYS_LIB); - goto end; - } - if (type == SSL_FILETYPE_ASN1) { - j = ERR_R_ASN1_LIB; - rsa = d2i_RSAPrivateKey_bio(in, NULL); - } else if (type == SSL_FILETYPE_PEM) { - j = ERR_R_PEM_LIB; - rsa = PEM_read_bio_RSAPrivateKey(in, NULL, - ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); - } else { - SSLerrorx(SSL_R_BAD_SSL_FILETYPE); - goto end; - } - if (rsa == NULL) { - SSLerrorx(j); - goto end; - } - ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); - RSA_free(rsa); - end: - BIO_free(in); - return (ret); -} -LSSL_ALIAS(SSL_CTX_use_RSAPrivateKey_file); - -int -SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) -{ - int ret; - RSA *rsa; - - if ((rsa = d2i_RSAPrivateKey(NULL, &d, (long)len)) == NULL) { - SSLerrorx(ERR_R_ASN1_LIB); - return (0); - } - - ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); - RSA_free(rsa); - return (ret); -} -LSSL_ALIAS(SSL_CTX_use_RSAPrivateKey_ASN1); - -int -SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) -{ - if (pkey == NULL) { - SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); - return (0); - } - return ssl_set_pkey(ctx, NULL, pkey); -} -LSSL_ALIAS(SSL_CTX_use_PrivateKey); - -int -SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) -{ - int j, ret = 0; - BIO *in; - EVP_PKEY *pkey = NULL; - - in = BIO_new(BIO_s_file()); - if (in == NULL) { - SSLerrorx(ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in, file) <= 0) { - SSLerrorx(ERR_R_SYS_LIB); - goto end; - } - if (type == SSL_FILETYPE_PEM) { - j = ERR_R_PEM_LIB; - pkey = PEM_read_bio_PrivateKey(in, NULL, - ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); - } else if (type == SSL_FILETYPE_ASN1) { - j = ERR_R_ASN1_LIB; - pkey = d2i_PrivateKey_bio(in, NULL); - } else { - SSLerrorx(SSL_R_BAD_SSL_FILETYPE); - goto end; - } - if (pkey == NULL) { - SSLerrorx(j); - goto end; - } - ret = SSL_CTX_use_PrivateKey(ctx, pkey); - EVP_PKEY_free(pkey); - end: - BIO_free(in); - return (ret); -} -LSSL_ALIAS(SSL_CTX_use_PrivateKey_file); - -int -SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, - long len) -{ - int ret; - EVP_PKEY *pkey; - - if ((pkey = d2i_PrivateKey(type, NULL, &d, (long)len)) == NULL) { - SSLerrorx(ERR_R_ASN1_LIB); - return (0); - } - - ret = SSL_CTX_use_PrivateKey(ctx, pkey); - EVP_PKEY_free(pkey); - return (ret); -} -LSSL_ALIAS(SSL_CTX_use_PrivateKey_ASN1); - - -/* - * Read a bio that contains our certificate in "PEM" format, - * possibly followed by a sequence of CA certificates that should be - * sent to the peer in the Certificate message. - */ -static int -ssl_use_certificate_chain_bio(SSL_CTX *ctx, SSL *ssl, BIO *in) -{ - pem_password_cb *passwd_cb; - void *passwd_arg; - X509 *ca, *x = NULL; - unsigned long err; - int ret = 0; - - if (!ssl_get_password_cb_and_arg(ctx, ssl, &passwd_cb, &passwd_arg)) - goto err; - - if ((x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_arg)) == - NULL) { - SSLerrorx(ERR_R_PEM_LIB); - goto err; - } - - if (!ssl_set_cert(ctx, ssl, x)) - goto err; - - if (!ssl_cert_set0_chain(ctx, ssl, NULL)) - goto err; - - /* Process any additional CA certificates. */ - while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_arg)) != - NULL) { - if (!ssl_cert_add0_chain_cert(ctx, ssl, ca)) { - X509_free(ca); - goto err; - } - } - - /* When the while loop ends, it's usually just EOF. */ - err = ERR_peek_last_error(); - if (ERR_GET_LIB(err) == ERR_LIB_PEM && - ERR_GET_REASON(err) == PEM_R_NO_START_LINE) { - ERR_clear_error(); - ret = 1; - } - - err: - X509_free(x); - - return (ret); -} - -int -ssl_use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) -{ - BIO *in; - int ret = 0; - - in = BIO_new(BIO_s_file()); - if (in == NULL) { - SSLerrorx(ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in, file) <= 0) { - SSLerrorx(ERR_R_SYS_LIB); - goto end; - } - - ret = ssl_use_certificate_chain_bio(ctx, ssl, in); - - end: - BIO_free(in); - return (ret); -} - -int -SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) -{ - return ssl_use_certificate_chain_file(ctx, NULL, file); -} -LSSL_ALIAS(SSL_CTX_use_certificate_chain_file); - -int -SSL_use_certificate_chain_file(SSL *ssl, const char *file) -{ - return ssl_use_certificate_chain_file(NULL, ssl, file); -} -LSSL_ALIAS(SSL_use_certificate_chain_file); - -int -SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len) -{ - BIO *in; - int ret = 0; - - in = BIO_new_mem_buf(buf, len); - if (in == NULL) { - SSLerrorx(ERR_R_BUF_LIB); - goto end; - } - - ret = ssl_use_certificate_chain_bio(ctx, NULL, in); - - end: - BIO_free(in); - return (ret); -} -LSSL_ALIAS(SSL_CTX_use_certificate_chain_mem); diff --git a/src/lib/libssl/ssl_seclevel.c b/src/lib/libssl/ssl_seclevel.c deleted file mode 100644 index 979da31942..0000000000 --- a/src/lib/libssl/ssl_seclevel.c +++ /dev/null @@ -1,479 +0,0 @@ -/* $OpenBSD: ssl_seclevel.c,v 1.30 2025/01/18 10:52:09 tb Exp $ */ -/* - * Copyright (c) 2020-2022 Theo Buehler - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "bytestring.h" -#include "ssl_local.h" - -static int -ssl_security_normalize_level(const SSL_CTX *ctx, const SSL *ssl, int *out_level) -{ - int security_level; - - if (ctx != NULL) - security_level = SSL_CTX_get_security_level(ctx); - else - security_level = SSL_get_security_level(ssl); - - if (security_level < 0) - security_level = 0; - if (security_level > 5) - security_level = 5; - - *out_level = security_level; - - return 1; -} - -static int -ssl_security_level_to_minimum_bits(int security_level, int *out_minimum_bits) -{ - if (security_level < 0) - return 0; - - if (security_level == 0) - *out_minimum_bits = 0; - else if (security_level == 1) - *out_minimum_bits = 80; - else if (security_level == 2) - *out_minimum_bits = 112; - else if (security_level == 3) - *out_minimum_bits = 128; - else if (security_level == 4) - *out_minimum_bits = 192; - else if (security_level >= 5) - *out_minimum_bits = 256; - - return 1; -} - -static int -ssl_security_level_and_minimum_bits(const SSL_CTX *ctx, const SSL *ssl, - int *out_level, int *out_minimum_bits) -{ - int security_level = 0, minimum_bits = 0; - - if (!ssl_security_normalize_level(ctx, ssl, &security_level)) - return 0; - if (!ssl_security_level_to_minimum_bits(security_level, &minimum_bits)) - return 0; - - if (out_level != NULL) - *out_level = security_level; - if (out_minimum_bits != NULL) - *out_minimum_bits = minimum_bits; - - return 1; -} - -static int -ssl_security_secop_cipher(const SSL_CTX *ctx, const SSL *ssl, int bits, - void *arg) -{ - const SSL_CIPHER *cipher = arg; - int security_level, minimum_bits; - - if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level, - &minimum_bits)) - return 0; - - if (security_level <= 0) - return 1; - - if (bits < minimum_bits) - return 0; - - /* No unauthenticated ciphersuites. */ - if (cipher->algorithm_auth & SSL_aNULL) - return 0; - - if (cipher->algorithm_mac & SSL_MD5) - return 0; - - if (security_level <= 1) - return 1; - - if (cipher->algorithm_enc & SSL_RC4) - return 0; - - if (security_level <= 2) - return 1; - - /* Security level >= 3 requires a cipher with forward secrecy. */ - if ((cipher->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)) == 0 && - cipher->algorithm_ssl != SSL_TLSV1_3) - return 0; - - if (security_level <= 3) - return 1; - - if (cipher->algorithm_mac & SSL_SHA1) - return 0; - - return 1; -} - -static int -ssl_security_secop_version(const SSL_CTX *ctx, const SSL *ssl, int version) -{ - int min_version = TLS1_2_VERSION; - int security_level; - - if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level, NULL)) - return 0; - - if (security_level < 4) - min_version = TLS1_1_VERSION; - if (security_level < 3) - min_version = TLS1_VERSION; - - return ssl_tls_version(version) >= min_version; -} - -static int -ssl_security_secop_compression(const SSL_CTX *ctx, const SSL *ssl) -{ - return 0; -} - -static int -ssl_security_secop_tickets(const SSL_CTX *ctx, const SSL *ssl) -{ - int security_level; - - if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level, NULL)) - return 0; - - return security_level < 3; -} - -static int -ssl_security_secop_tmp_dh(const SSL_CTX *ctx, const SSL *ssl, int bits) -{ - int security_level, minimum_bits; - - if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level, - &minimum_bits)) - return 0; - - /* Disallow DHE keys weaker than 1024 bits even at security level 0. */ - if (security_level <= 0 && bits < 80) - return 0; - - return bits >= minimum_bits; -} - -static int -ssl_security_secop_default(const SSL_CTX *ctx, const SSL *ssl, int bits) -{ - int minimum_bits; - - if (!ssl_security_level_and_minimum_bits(ctx, ssl, NULL, &minimum_bits)) - return 0; - - return bits >= minimum_bits; -} - -int -ssl_security_default_cb(const SSL *ssl, const SSL_CTX *ctx, int secop, int bits, - int version, void *cipher, void *ex_data) -{ - switch (secop) { - case SSL_SECOP_CIPHER_SUPPORTED: - case SSL_SECOP_CIPHER_SHARED: - case SSL_SECOP_CIPHER_CHECK: - return ssl_security_secop_cipher(ctx, ssl, bits, cipher); - case SSL_SECOP_VERSION: - return ssl_security_secop_version(ctx, ssl, version); - case SSL_SECOP_COMPRESSION: - return ssl_security_secop_compression(ctx, ssl); - case SSL_SECOP_TICKET: - return ssl_security_secop_tickets(ctx, ssl); - case SSL_SECOP_TMP_DH: - return ssl_security_secop_tmp_dh(ctx, ssl, bits); - default: - return ssl_security_secop_default(ctx, ssl, bits); - } -} - -static int -ssl_ctx_security(const SSL_CTX *ctx, int secop, int bits, int nid, void *other) -{ - return ctx->cert->security_cb(NULL, ctx, secop, bits, nid, - other, ctx->cert->security_ex_data); -} - -static int -ssl_security(const SSL *ssl, int secop, int bits, int nid, void *other) -{ - return ssl->cert->security_cb(ssl, NULL, secop, bits, nid, other, - ssl->cert->security_ex_data); -} - -int -ssl_security_sigalg_check(const SSL *ssl, const EVP_PKEY *pkey) -{ - int bits; - - bits = EVP_PKEY_security_bits(pkey); - - return ssl_security(ssl, SSL_SECOP_SIGALG_CHECK, bits, 0, NULL); -} - -int -ssl_security_tickets(const SSL *ssl) -{ - return ssl_security(ssl, SSL_SECOP_TICKET, 0, 0, NULL); -} - -int -ssl_security_version(const SSL *ssl, int version) -{ - return ssl_security(ssl, SSL_SECOP_VERSION, 0, version, NULL); -} - -static int -ssl_security_cipher(const SSL *ssl, SSL_CIPHER *cipher, int secop) -{ - return ssl_security(ssl, secop, cipher->strength_bits, 0, cipher); -} - -int -ssl_security_cipher_check(const SSL *ssl, SSL_CIPHER *cipher) -{ - return ssl_security_cipher(ssl, cipher, SSL_SECOP_CIPHER_CHECK); -} - -int -ssl_security_shared_cipher(const SSL *ssl, SSL_CIPHER *cipher) -{ - return ssl_security_cipher(ssl, cipher, SSL_SECOP_CIPHER_SHARED); -} - -int -ssl_security_supported_cipher(const SSL *ssl, SSL_CIPHER *cipher) -{ - return ssl_security_cipher(ssl, cipher, SSL_SECOP_CIPHER_SUPPORTED); -} - -int -ssl_ctx_security_dh(const SSL_CTX *ctx, DH *dh) -{ - int bits; - - bits = DH_security_bits(dh); - - return ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, bits, 0, dh); -} - -int -ssl_security_dh(const SSL *ssl, DH *dh) -{ - int bits; - - bits = DH_security_bits(dh); - - return ssl_security(ssl, SSL_SECOP_TMP_DH, bits, 0, dh); -} - -static int -ssl_cert_pubkey_security_bits(const X509 *x509) -{ - EVP_PKEY *pkey; - - if ((pkey = X509_get0_pubkey(x509)) == NULL) - return -1; - - return EVP_PKEY_security_bits(pkey); -} - -static int -ssl_security_cert_key(const SSL_CTX *ctx, const SSL *ssl, X509 *x509, int secop) -{ - int security_bits; - - security_bits = ssl_cert_pubkey_security_bits(x509); - - if (ssl != NULL) - return ssl_security(ssl, secop, security_bits, 0, x509); - - return ssl_ctx_security(ctx, secop, security_bits, 0, x509); -} - -static int -ssl_security_cert_sig_security_bits(X509 *x509, int *out_md_nid) -{ - int pkey_nid, security_bits; - uint32_t flags; - - *out_md_nid = NID_undef; - - /* - * Returning -1 security bits makes the default security callback fail - * to match bonkers behavior in OpenSSL. This in turn lets a security - * callback override such failures. - */ - if (!X509_get_signature_info(x509, out_md_nid, &pkey_nid, &security_bits, - &flags)) - return -1; - /* - * OpenSSL doesn't check flags. Test RSA-PSS certs we were provided have - * a salt length distinct from hash length and thus fail this check. - */ - if ((flags & X509_SIG_INFO_TLS) == 0) - return -1; - - /* Weird OpenSSL behavior only relevant for EdDSA certs in LibreSSL. */ - if (*out_md_nid == NID_undef) - *out_md_nid = pkey_nid; - - return security_bits; -} - -static int -ssl_security_cert_sig(const SSL_CTX *ctx, const SSL *ssl, X509 *x509, int secop) -{ - int md_nid = NID_undef, security_bits = -1; - - /* Don't check signature if self signed. */ - if ((X509_get_extension_flags(x509) & EXFLAG_SS) != 0) - return 1; - - /* - * The default security callback fails on -1 security bits. It ignores - * the md_nid (aka version) argument we pass from here. - */ - security_bits = ssl_security_cert_sig_security_bits(x509, &md_nid); - - if (ssl != NULL) - return ssl_security(ssl, secop, security_bits, md_nid, x509); - - return ssl_ctx_security(ctx, secop, security_bits, md_nid, x509); -} - -int -ssl_security_cert(const SSL_CTX *ctx, const SSL *ssl, X509 *x509, - int is_ee, int *out_error) -{ - int key_error, operation; - - *out_error = 0; - - if (is_ee) { - operation = SSL_SECOP_EE_KEY; - key_error = SSL_R_EE_KEY_TOO_SMALL; - } else { - operation = SSL_SECOP_CA_KEY; - key_error = SSL_R_CA_KEY_TOO_SMALL; - } - - if (!ssl_security_cert_key(ctx, ssl, x509, operation)) { - *out_error = key_error; - return 0; - } - - if (!ssl_security_cert_sig(ctx, ssl, x509, SSL_SECOP_CA_MD)) { - *out_error = SSL_R_CA_MD_TOO_WEAK; - return 0; - } - - return 1; -} - -/* - * Check security of a chain. If |sk| includes the end entity certificate - * then |x509| must be NULL. - */ -int -ssl_security_cert_chain(const SSL *ssl, STACK_OF(X509) *sk, X509 *x509, - int *out_error) -{ - int start_idx = 0; - int is_ee; - int i; - - if (x509 == NULL) { - x509 = sk_X509_value(sk, 0); - start_idx = 1; - } - - is_ee = 1; - if (!ssl_security_cert(NULL, ssl, x509, is_ee, out_error)) - return 0; - - is_ee = 0; - for (i = start_idx; i < sk_X509_num(sk); i++) { - x509 = sk_X509_value(sk, i); - - if (!ssl_security_cert(NULL, ssl, x509, is_ee, out_error)) - return 0; - } - - return 1; -} - -static int -ssl_security_group(const SSL *ssl, uint16_t group_id, int secop) -{ - CBB cbb; - int bits, nid; - uint8_t group[2]; - - memset(&cbb, 0, sizeof(cbb)); - - if (!tls1_ec_group_id2bits(group_id, &bits)) - goto err; - if (!tls1_ec_group_id2nid(group_id, &nid)) - goto err; - - if (!CBB_init_fixed(&cbb, group, sizeof(group))) - goto err; - if (!CBB_add_u16(&cbb, group_id)) - goto err; - if (!CBB_finish(&cbb, NULL, NULL)) - goto err; - - return ssl_security(ssl, secop, bits, nid, group); - - err: - CBB_cleanup(&cbb); - - return 0; -} - -int -ssl_security_shared_group(const SSL *ssl, uint16_t group_id) -{ - return ssl_security_group(ssl, group_id, SSL_SECOP_CURVE_SHARED); -} - -int -ssl_security_supported_group(const SSL *ssl, uint16_t group_id) -{ - return ssl_security_group(ssl, group_id, SSL_SECOP_CURVE_SUPPORTED); -} diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c deleted file mode 100644 index a5cfc33c04..0000000000 --- a/src/lib/libssl/ssl_sess.c +++ /dev/null @@ -1,1347 +0,0 @@ -/* $OpenBSD: ssl_sess.c,v 1.129 2025/03/09 15:53:36 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#include -#include - -#include "ssl_local.h" - -static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); -static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s); -static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); - -/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ -SSL_SESSION * -SSL_get_session(const SSL *ssl) -{ - return (ssl->session); -} -LSSL_ALIAS(SSL_get_session); - -/* variant of SSL_get_session: caller really gets something */ -SSL_SESSION * -SSL_get1_session(SSL *ssl) -{ - SSL_SESSION *sess; - - /* - * Need to lock this all up rather than just use CRYPTO_add so that - * somebody doesn't free ssl->session between when we check it's - * non-null and when we up the reference count. - */ - CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); - sess = ssl->session; - if (sess) - sess->references++; - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); - - return (sess); -} -LSSL_ALIAS(SSL_get1_session); - -int -SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -{ - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, - argl, argp, new_func, dup_func, free_func); -} -LSSL_ALIAS(SSL_SESSION_get_ex_new_index); - -int -SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) -{ - return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); -} -LSSL_ALIAS(SSL_SESSION_set_ex_data); - -void * -SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) -{ - return (CRYPTO_get_ex_data(&s->ex_data, idx)); -} -LSSL_ALIAS(SSL_SESSION_get_ex_data); - -uint32_t -SSL_SESSION_get_max_early_data(const SSL_SESSION *s) -{ - return 0; -} -LSSL_ALIAS(SSL_SESSION_get_max_early_data); - -int -SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data) -{ - return 1; -} -LSSL_ALIAS(SSL_SESSION_set_max_early_data); - -SSL_SESSION * -SSL_SESSION_new(void) -{ - SSL_SESSION *ss; - - if (!OPENSSL_init_ssl(0, NULL)) { - SSLerrorx(SSL_R_LIBRARY_BUG); - return(NULL); - } - - if ((ss = calloc(1, sizeof(*ss))) == NULL) { - SSLerrorx(ERR_R_MALLOC_FAILURE); - return (NULL); - } - - ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ - ss->references = 1; - ss->timeout = 60 * 5 + 4; /* 5 minutes 4 seconds timeout by default */ - ss->time = time(NULL); - ss->prev = NULL; - ss->next = NULL; - ss->tlsext_hostname = NULL; - - ss->peer_cert_type = -1; - - ss->tlsext_ecpointformatlist_length = 0; - ss->tlsext_ecpointformatlist = NULL; - ss->tlsext_supportedgroups_length = 0; - ss->tlsext_supportedgroups = NULL; - - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); - - return (ss); -} -LSSL_ALIAS(SSL_SESSION_new); - -SSL_SESSION * -ssl_session_dup(SSL_SESSION *sess, int include_ticket) -{ - SSL_SESSION *copy; - CBS cbs; - - if ((copy = calloc(1, sizeof(*copy))) == NULL) { - SSLerrorx(ERR_R_MALLOC_FAILURE); - goto err; - } - - copy->ssl_version = sess->ssl_version; - - CBS_init(&cbs, sess->master_key, sess->master_key_length); - if (!CBS_write_bytes(&cbs, copy->master_key, sizeof(copy->master_key), - ©->master_key_length)) - goto err; - - CBS_init(&cbs, sess->session_id, sess->session_id_length); - if (!CBS_write_bytes(&cbs, copy->session_id, sizeof(copy->session_id), - ©->session_id_length)) - goto err; - - CBS_init(&cbs, sess->sid_ctx, sess->sid_ctx_length); - if (!CBS_write_bytes(&cbs, copy->sid_ctx, sizeof(copy->sid_ctx), - ©->sid_ctx_length)) - goto err; - - if (sess->peer_cert != NULL) { - if (!X509_up_ref(sess->peer_cert)) - goto err; - copy->peer_cert = sess->peer_cert; - } - copy->peer_cert_type = sess->peer_cert_type; - - copy->verify_result = sess->verify_result; - - copy->timeout = sess->timeout; - copy->time = sess->time; - copy->references = 1; - - copy->cipher_value = sess->cipher_value; - - if (sess->tlsext_hostname != NULL) { - copy->tlsext_hostname = strdup(sess->tlsext_hostname); - if (copy->tlsext_hostname == NULL) - goto err; - } - - if (include_ticket) { - CBS_init(&cbs, sess->tlsext_tick, sess->tlsext_ticklen); - if (!CBS_stow(&cbs, ©->tlsext_tick, ©->tlsext_ticklen)) - goto err; - copy->tlsext_tick_lifetime_hint = - sess->tlsext_tick_lifetime_hint; - - /* - * XXX - copy sess->resumption_master_secret and all other - * TLSv1.3 info here. - */ - } - - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, copy, - ©->ex_data)) - goto err; - - if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ©->ex_data, - &sess->ex_data)) - goto err; - - /* Omit prev/next: the new session gets its own slot in the cache. */ - - copy->not_resumable = sess->not_resumable; - - CBS_init(&cbs, sess->tlsext_ecpointformatlist, - sess->tlsext_ecpointformatlist_length); - if (!CBS_stow(&cbs, ©->tlsext_ecpointformatlist, - ©->tlsext_ecpointformatlist_length)) - goto err; - - if (sess->tlsext_supportedgroups != NULL) { - if ((copy->tlsext_supportedgroups = calloc(sizeof(uint16_t), - sess->tlsext_supportedgroups_length)) == NULL) - goto err; - memcpy(copy->tlsext_supportedgroups, - sess->tlsext_supportedgroups, - sizeof(uint16_t) * sess->tlsext_supportedgroups_length); - copy->tlsext_supportedgroups_length = - sess->tlsext_supportedgroups_length; - } - - return copy; - - err: - SSL_SESSION_free(copy); - - return NULL; -} - -const unsigned char * -SSL_SESSION_get_id(const SSL_SESSION *ss, unsigned int *len) -{ - if (len != NULL) - *len = (unsigned int)ss->session_id_length; - return ss->session_id; -} -LSSL_ALIAS(SSL_SESSION_get_id); - -const unsigned char * -SSL_SESSION_get0_id_context(const SSL_SESSION *ss, unsigned int *len) -{ - if (len != NULL) - *len = (unsigned int)ss->sid_ctx_length; - return ss->sid_ctx; -} -LSSL_ALIAS(SSL_SESSION_get0_id_context); - -unsigned int -SSL_SESSION_get_compress_id(const SSL_SESSION *ss) -{ - return 0; -} -LSSL_ALIAS(SSL_SESSION_get_compress_id); - -unsigned long -SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s) -{ - return s->tlsext_tick_lifetime_hint; -} -LSSL_ALIAS(SSL_SESSION_get_ticket_lifetime_hint); - -int -SSL_SESSION_has_ticket(const SSL_SESSION *s) -{ - return (s->tlsext_ticklen > 0) ? 1 : 0; -} -LSSL_ALIAS(SSL_SESSION_has_ticket); - -/* - * SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling - * the ID with random gunk repeatedly until we have no conflict is going to - * complete in one iteration pretty much "most" of the time (btw: - * understatement). So, if it takes us 10 iterations and we still can't avoid - * a conflict - well that's a reasonable point to call it quits. Either the - * arc4random code is broken or someone is trying to open roughly very close to - * 2^128 (or 2^256) SSL sessions to our server. How you might store that many - * sessions is perhaps a more interesting question... - */ - -#define MAX_SESS_ID_ATTEMPTS 10 - -static int -def_generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len) -{ - unsigned int retry = 0; - - do { - arc4random_buf(id, *id_len); - } while (SSL_has_matching_session_id(ssl, id, *id_len) && - (++retry < MAX_SESS_ID_ATTEMPTS)); - - if (retry < MAX_SESS_ID_ATTEMPTS) - return 1; - - /* else - woops a session_id match */ - /* XXX We should also check the external cache -- - * but the probability of a collision is negligible, and - * we could not prevent the concurrent creation of sessions - * with identical IDs since we currently don't have means - * to atomically check whether a session ID already exists - * and make a reservation for it if it does not - * (this problem applies to the internal cache as well). - */ - return 0; -} - -int -ssl_get_new_session(SSL *s, int session) -{ - unsigned int tmp; - SSL_SESSION *ss = NULL; - GEN_SESSION_CB cb = def_generate_session_id; - - /* This gets used by clients and servers. */ - - if ((ss = SSL_SESSION_new()) == NULL) - return (0); - - /* If the context has a default timeout, use it */ - if (s->session_ctx->session_timeout == 0) - ss->timeout = SSL_get_default_timeout(s); - else - ss->timeout = s->session_ctx->session_timeout; - - if (s->session != NULL) { - SSL_SESSION_free(s->session); - s->session = NULL; - } - - if (session) { - switch (s->version) { - case TLS1_VERSION: - case TLS1_1_VERSION: - case TLS1_2_VERSION: - case DTLS1_VERSION: - case DTLS1_2_VERSION: - ss->ssl_version = s->version; - ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; - break; - default: - SSLerror(s, SSL_R_UNSUPPORTED_SSL_VERSION); - SSL_SESSION_free(ss); - return (0); - } - - /* If RFC4507 ticket use empty session ID. */ - if (s->tlsext_ticket_expected) { - ss->session_id_length = 0; - goto sess_id_done; - } - - /* Choose which callback will set the session ID. */ - CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); - if (s->generate_session_id) - cb = s->generate_session_id; - else if (s->session_ctx->generate_session_id) - cb = s->session_ctx->generate_session_id; - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); - - /* Choose a session ID. */ - tmp = ss->session_id_length; - if (!cb(s, ss->session_id, &tmp)) { - /* The callback failed */ - SSLerror(s, SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); - SSL_SESSION_free(ss); - return (0); - } - - /* - * Don't allow the callback to set the session length to zero. - * nor set it higher than it was. - */ - if (tmp == 0 || tmp > ss->session_id_length) { - /* The callback set an illegal length */ - SSLerror(s, SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); - SSL_SESSION_free(ss); - return (0); - } - ss->session_id_length = tmp; - - /* Finally, check for a conflict. */ - if (SSL_has_matching_session_id(s, ss->session_id, - ss->session_id_length)) { - SSLerror(s, SSL_R_SSL_SESSION_ID_CONFLICT); - SSL_SESSION_free(ss); - return (0); - } - - sess_id_done: - if (s->tlsext_hostname) { - ss->tlsext_hostname = strdup(s->tlsext_hostname); - if (ss->tlsext_hostname == NULL) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - SSL_SESSION_free(ss); - return 0; - } - } - } else { - ss->session_id_length = 0; - } - - if (s->sid_ctx_length > sizeof ss->sid_ctx) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - SSL_SESSION_free(ss); - return 0; - } - - memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length); - ss->sid_ctx_length = s->sid_ctx_length; - s->session = ss; - ss->ssl_version = s->version; - ss->verify_result = X509_V_OK; - - return (1); -} - -static SSL_SESSION * -ssl_session_from_cache(SSL *s, CBS *session_id) -{ - SSL_SESSION *sess; - SSL_SESSION data; - - if ((s->session_ctx->session_cache_mode & - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) - return NULL; - - memset(&data, 0, sizeof(data)); - - data.ssl_version = s->version; - - if (!CBS_write_bytes(session_id, data.session_id, - sizeof(data.session_id), &data.session_id_length)) - return NULL; - - CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); - sess = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data); - if (sess != NULL) - CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION); - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); - - if (sess == NULL) - s->session_ctx->stats.sess_miss++; - - return sess; -} - -static SSL_SESSION * -ssl_session_from_callback(SSL *s, CBS *session_id) -{ - SSL_SESSION *sess; - int copy; - - if (s->session_ctx->get_session_cb == NULL) - return NULL; - - copy = 1; - if ((sess = s->session_ctx->get_session_cb(s, - CBS_data(session_id), CBS_len(session_id), ©)) == NULL) - return NULL; - /* - * The copy handler may have set copy == 0 to indicate that the session - * structures are shared between threads and that it handles the - * reference count itself. If it didn't set copy to zero, we must - * increment the reference count. - */ - if (copy) - CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION); - - s->session_ctx->stats.sess_cb_hit++; - - /* Add the externally cached session to the internal cache as well. */ - if (!(s->session_ctx->session_cache_mode & - SSL_SESS_CACHE_NO_INTERNAL_STORE)) { - /* - * The following should not return 1, - * otherwise, things are very strange. - */ - SSL_CTX_add_session(s->session_ctx, sess); - } - - return sess; -} - -static SSL_SESSION * -ssl_session_by_id(SSL *s, CBS *session_id) -{ - SSL_SESSION *sess; - - if (CBS_len(session_id) == 0) - return NULL; - - if ((sess = ssl_session_from_cache(s, session_id)) == NULL) - sess = ssl_session_from_callback(s, session_id); - - return sess; -} - -/* - * ssl_get_prev_session attempts to find an SSL_SESSION to be used to resume - * this connection. It is only called by servers. - * - * session_id: points at the session ID in the ClientHello. This code will - * read past the end of this in order to parse out the session ticket - * extension, if any. - * ext_block: a CBS for the ClientHello extensions block. - * alert: alert that the caller should send in case of failure. - * - * Returns: - * -1: error - * 0: a session may have been found. - * - * Side effects: - * - If a session is found then s->session is pointed at it (after freeing - * an existing session if need be) and s->verify_result is set from the - * session. - * - For both new and resumed sessions, s->tlsext_ticket_expected - * indicates whether the server should issue a new session ticket or not. - */ -int -ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert) -{ - SSL_SESSION *sess = NULL; - int alert_desc = SSL_AD_INTERNAL_ERROR, fatal = 0; - int ticket_decrypted = 0; - - /* This is used only by servers. */ - - if (CBS_len(session_id) > SSL_MAX_SSL_SESSION_ID_LENGTH) - goto err; - - /* Sets s->tlsext_ticket_expected. */ - switch (tls1_process_ticket(s, ext_block, &alert_desc, &sess)) { - case TLS1_TICKET_FATAL_ERROR: - fatal = 1; - goto err; - case TLS1_TICKET_NONE: - case TLS1_TICKET_EMPTY: - if ((sess = ssl_session_by_id(s, session_id)) == NULL) - goto err; - break; - case TLS1_TICKET_NOT_DECRYPTED: - goto err; - case TLS1_TICKET_DECRYPTED: - ticket_decrypted = 1; - - /* - * The session ID is used by some clients to detect that the - * ticket has been accepted so we copy it into sess. - */ - if (!CBS_write_bytes(session_id, sess->session_id, - sizeof(sess->session_id), &sess->session_id_length)) { - fatal = 1; - goto err; - } - break; - default: - SSLerror(s, ERR_R_INTERNAL_ERROR); - fatal = 1; - goto err; - } - - /* Now sess is non-NULL and we own one of its reference counts. */ - - if (sess->sid_ctx_length != s->sid_ctx_length || - timingsafe_memcmp(sess->sid_ctx, s->sid_ctx, - sess->sid_ctx_length) != 0) { - /* - * We have the session requested by the client, but we don't - * want to use it in this context. Treat it like a cache miss. - */ - goto err; - } - - if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) { - /* - * We can't be sure if this session is being used out of - * context, which is especially important for SSL_VERIFY_PEER. - * The application should have used - * SSL[_CTX]_set_session_id_context. - * - * For this error case, we generate an error instead of treating - * the event like a cache miss (otherwise it would be easy for - * applications to effectively disable the session cache by - * accident without anyone noticing). - */ - SSLerror(s, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); - fatal = 1; - goto err; - } - - if (sess->timeout < (time(NULL) - sess->time)) { - s->session_ctx->stats.sess_timeout++; - if (!ticket_decrypted) { - /* The session was from the cache, so remove it. */ - SSL_CTX_remove_session(s->session_ctx, sess); - } - goto err; - } - - s->session_ctx->stats.sess_hit++; - - SSL_SESSION_free(s->session); - s->session = sess; - s->verify_result = s->session->verify_result; - - return 1; - - err: - SSL_SESSION_free(sess); - if (ticket_decrypted) { - /* - * The session was from a ticket. Issue a ticket for the new - * session. - */ - s->tlsext_ticket_expected = 1; - } - if (fatal) { - *alert = alert_desc; - return -1; - } - return 0; -} - -int -SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) -{ - int ret = 0; - SSL_SESSION *s; - - /* - * Add just 1 reference count for the SSL_CTX's session cache - * even though it has two ways of access: each session is in a - * doubly linked list and an lhash. - */ - CRYPTO_add(&c->references, 1, CRYPTO_LOCK_SSL_SESSION); - - /* - * If session c is in already in cache, we take back the increment - * later. - */ - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - s = lh_SSL_SESSION_insert(ctx->sessions, c); - - /* - * s != NULL iff we already had a session with the given PID. - * In this case, s == c should hold (then we did not really modify - * ctx->sessions), or we're in trouble. - */ - if (s != NULL && s != c) { - /* We *are* in trouble ... */ - SSL_SESSION_list_remove(ctx, s); - SSL_SESSION_free(s); - /* - * ... so pretend the other session did not exist in cache - * (we cannot handle two SSL_SESSION structures with identical - * session ID in the same cache, which could happen e.g. when - * two threads concurrently obtain the same session from an - * external cache). - */ - s = NULL; - } - - /* Put at the head of the queue unless it is already in the cache */ - if (s == NULL) - SSL_SESSION_list_add(ctx, c); - - if (s != NULL) { - /* - * existing cache entry -- decrement previously incremented - * reference count because it already takes into account the - * cache. - */ - SSL_SESSION_free(s); /* s == c */ - ret = 0; - } else { - /* - * New cache entry -- remove old ones if cache has become - * too large. - */ - - ret = 1; - - if (SSL_CTX_sess_get_cache_size(ctx) > 0) { - while (SSL_CTX_sess_number(ctx) > - SSL_CTX_sess_get_cache_size(ctx)) { - if (!remove_session_lock(ctx, - ctx->session_cache_tail, 0)) - break; - else - ctx->stats.sess_cache_full++; - } - } - } - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - return (ret); -} -LSSL_ALIAS(SSL_CTX_add_session); - -int -SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) -{ - return remove_session_lock(ctx, c, 1); -} -LSSL_ALIAS(SSL_CTX_remove_session); - -static int -remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) -{ - SSL_SESSION *r; - int ret = 0; - - if (c == NULL || c->session_id_length == 0) - return 0; - - if (lck) - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) { - ret = 1; - r = lh_SSL_SESSION_delete(ctx->sessions, c); - SSL_SESSION_list_remove(ctx, c); - } - if (lck) - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - - if (ret) { - r->not_resumable = 1; - if (ctx->remove_session_cb != NULL) - ctx->remove_session_cb(ctx, r); - SSL_SESSION_free(r); - } - - return ret; -} - -void -SSL_SESSION_free(SSL_SESSION *ss) -{ - int i; - - if (ss == NULL) - return; - - i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION); - if (i > 0) - return; - - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); - - explicit_bzero(ss->master_key, sizeof ss->master_key); - explicit_bzero(ss->session_id, sizeof ss->session_id); - - X509_free(ss->peer_cert); - - free(ss->tlsext_hostname); - free(ss->tlsext_tick); - free(ss->tlsext_ecpointformatlist); - free(ss->tlsext_supportedgroups); - - tls13_secret_cleanup(&ss->resumption_master_secret); - - freezero(ss, sizeof(*ss)); -} -LSSL_ALIAS(SSL_SESSION_free); - -int -SSL_SESSION_up_ref(SSL_SESSION *ss) -{ - return CRYPTO_add(&ss->references, 1, CRYPTO_LOCK_SSL_SESSION) > 1; -} -LSSL_ALIAS(SSL_SESSION_up_ref); - -int -SSL_set_session(SSL *s, SSL_SESSION *session) -{ - const SSL_METHOD *method; - - if (session == NULL) { - SSL_SESSION_free(s->session); - s->session = NULL; - - return SSL_set_ssl_method(s, s->ctx->method); - } - - if ((method = ssl_get_method(session->ssl_version)) == NULL) { - SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD); - return (0); - } - - if (!SSL_set_ssl_method(s, method)) - return (0); - - CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); - SSL_SESSION_free(s->session); - s->session = session; - s->verify_result = s->session->verify_result; - - return (1); -} -LSSL_ALIAS(SSL_set_session); - -size_t -SSL_SESSION_get_master_key(const SSL_SESSION *ss, unsigned char *out, - size_t max_out) -{ - size_t len = ss->master_key_length; - - if (out == NULL) - return len; - - if (len > max_out) - len = max_out; - - memcpy(out, ss->master_key, len); - - return len; -} -LSSL_ALIAS(SSL_SESSION_get_master_key); - -long -SSL_SESSION_set_timeout(SSL_SESSION *s, long t) -{ - if (s == NULL) - return (0); - s->timeout = t; - return (1); -} -LSSL_ALIAS(SSL_SESSION_set_timeout); - -long -SSL_SESSION_get_timeout(const SSL_SESSION *s) -{ - if (s == NULL) - return (0); - return (s->timeout); -} -LSSL_ALIAS(SSL_SESSION_get_timeout); - -/* XXX 2038 */ -long -SSL_SESSION_get_time(const SSL_SESSION *s) -{ - if (s == NULL) - return (0); - return (s->time); -} -LSSL_ALIAS(SSL_SESSION_get_time); - -/* XXX 2038 */ -long -SSL_SESSION_set_time(SSL_SESSION *s, long t) -{ - if (s == NULL) - return (0); - s->time = t; - return (t); -} -LSSL_ALIAS(SSL_SESSION_set_time); - -int -SSL_SESSION_get_protocol_version(const SSL_SESSION *s) -{ - return s->ssl_version; -} -LSSL_ALIAS(SSL_SESSION_get_protocol_version); - -const SSL_CIPHER * -SSL_SESSION_get0_cipher(const SSL_SESSION *s) -{ - return ssl3_get_cipher_by_value(s->cipher_value); -} -LSSL_ALIAS(SSL_SESSION_get0_cipher); - -X509 * -SSL_SESSION_get0_peer(SSL_SESSION *s) -{ - return s->peer_cert; -} -LSSL_ALIAS(SSL_SESSION_get0_peer); - -int -SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, - unsigned int sid_len) -{ - if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) { - SSLerrorx(SSL_R_SSL_SESSION_ID_TOO_LONG); - return 0; - } - s->session_id_length = sid_len; - memmove(s->session_id, sid, sid_len); - return 1; -} -LSSL_ALIAS(SSL_SESSION_set1_id); - -int -SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, - unsigned int sid_ctx_len) -{ - if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { - SSLerrorx(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); - return 0; - } - s->sid_ctx_length = sid_ctx_len; - memcpy(s->sid_ctx, sid_ctx, sid_ctx_len); - - return 1; -} -LSSL_ALIAS(SSL_SESSION_set1_id_context); - -int -SSL_SESSION_is_resumable(const SSL_SESSION *s) -{ - return 0; -} -LSSL_ALIAS(SSL_SESSION_is_resumable); - -long -SSL_CTX_set_timeout(SSL_CTX *s, long t) -{ - long l; - - if (s == NULL) - return (0); - l = s->session_timeout; - s->session_timeout = t; - - return (l); -} -LSSL_ALIAS(SSL_CTX_set_timeout); - -long -SSL_CTX_get_timeout(const SSL_CTX *s) -{ - if (s == NULL) - return (0); - return (s->session_timeout); -} -LSSL_ALIAS(SSL_CTX_get_timeout); - -int -SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, - void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, - const SSL_CIPHER **cipher, void *arg), void *arg) -{ - if (s == NULL) - return (0); - s->tls_session_secret_cb = tls_session_secret_cb; - s->tls_session_secret_cb_arg = arg; - return (1); -} -LSSL_ALIAS(SSL_set_session_secret_cb); - -int -SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, - void *arg) -{ - if (s == NULL) - return (0); - s->tls_session_ticket_ext_cb = cb; - s->tls_session_ticket_ext_cb_arg = arg; - return (1); -} -LSSL_ALIAS(SSL_set_session_ticket_ext_cb); - -int -SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) -{ - if (s->version >= TLS1_VERSION) { - free(s->tlsext_session_ticket); - s->tlsext_session_ticket = - malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); - if (!s->tlsext_session_ticket) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - return 0; - } - - if (ext_data) { - s->tlsext_session_ticket->length = ext_len; - s->tlsext_session_ticket->data = - s->tlsext_session_ticket + 1; - memcpy(s->tlsext_session_ticket->data, - ext_data, ext_len); - } else { - s->tlsext_session_ticket->length = 0; - s->tlsext_session_ticket->data = NULL; - } - - return 1; - } - - return 0; -} -LSSL_ALIAS(SSL_set_session_ticket_ext); - -typedef struct timeout_param_st { - SSL_CTX *ctx; - long time; - struct lhash_st_SSL_SESSION *cache; -} TIMEOUT_PARAM; - -static void -timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) -{ - if ((p->time == 0) || (p->time > (s->time + s->timeout))) { - /* timeout */ - /* The reason we don't call SSL_CTX_remove_session() is to - * save on locking overhead */ - (void)lh_SSL_SESSION_delete(p->cache, s); - SSL_SESSION_list_remove(p->ctx, s); - s->not_resumable = 1; - if (p->ctx->remove_session_cb != NULL) - p->ctx->remove_session_cb(p->ctx, s); - SSL_SESSION_free(s); - } -} - -static void -timeout_LHASH_DOALL_ARG(void *arg1, void *arg2) -{ - SSL_SESSION *a = arg1; - TIMEOUT_PARAM *b = arg2; - - timeout_doall_arg(a, b); -} - -/* XXX 2038 */ -void -SSL_CTX_flush_sessions(SSL_CTX *s, long t) -{ - TIMEOUT_PARAM tp; - - tp.ctx = s; - tp.cache = s->sessions; - if (tp.cache == NULL) - return; - tp.time = t; - - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - lh_SSL_SESSION_doall_arg(tp.cache, timeout_LHASH_DOALL_ARG, - TIMEOUT_PARAM, &tp); - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); -} -LSSL_ALIAS(SSL_CTX_flush_sessions); - -int -ssl_clear_bad_session(SSL *s) -{ - if ((s->session != NULL) && !(s->shutdown & SSL_SENT_SHUTDOWN) && - !(SSL_in_init(s) || SSL_in_before(s))) { - SSL_CTX_remove_session(s->ctx, s->session); - return (1); - } else - return (0); -} - -/* locked by SSL_CTX in the calling function */ -static void -SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) -{ - if (s->next == NULL || s->prev == NULL) - return; - - if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) { - /* last element in list */ - if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) { - /* only one element in list */ - ctx->session_cache_head = NULL; - ctx->session_cache_tail = NULL; - } else { - ctx->session_cache_tail = s->prev; - s->prev->next = - (SSL_SESSION *)&(ctx->session_cache_tail); - } - } else { - if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) { - /* first element in list */ - ctx->session_cache_head = s->next; - s->next->prev = - (SSL_SESSION *)&(ctx->session_cache_head); - } else { - /* middle of list */ - s->next->prev = s->prev; - s->prev->next = s->next; - } - } - s->prev = s->next = NULL; -} - -static void -SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) -{ - if (s->next != NULL && s->prev != NULL) - SSL_SESSION_list_remove(ctx, s); - - if (ctx->session_cache_head == NULL) { - ctx->session_cache_head = s; - ctx->session_cache_tail = s; - s->prev = (SSL_SESSION *)&(ctx->session_cache_head); - s->next = (SSL_SESSION *)&(ctx->session_cache_tail); - } else { - s->next = ctx->session_cache_head; - s->next->prev = s; - s->prev = (SSL_SESSION *)&(ctx->session_cache_head); - ctx->session_cache_head = s; - } -} - -void -SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, - int (*cb)(struct ssl_st *ssl, SSL_SESSION *sess)) { - ctx->new_session_cb = cb; -} -LSSL_ALIAS(SSL_CTX_sess_set_new_cb); - -int -(*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) -{ - return ctx->new_session_cb; -} -LSSL_ALIAS(SSL_CTX_sess_get_new_cb); - -void -SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, - void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)) -{ - ctx->remove_session_cb = cb; -} -LSSL_ALIAS(SSL_CTX_sess_set_remove_cb); - -void -(*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx, SSL_SESSION *sess) -{ - return ctx->remove_session_cb; -} -LSSL_ALIAS(SSL_CTX_sess_get_remove_cb); - -void -SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(struct ssl_st *ssl, - const unsigned char *data, int len, int *copy)) -{ - ctx->get_session_cb = cb; -} -LSSL_ALIAS(SSL_CTX_sess_set_get_cb); - -SSL_SESSION * -(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, const unsigned char *data, - int len, int *copy) -{ - return ctx->get_session_cb; -} -LSSL_ALIAS(SSL_CTX_sess_get_get_cb); - -void -SSL_CTX_set_info_callback(SSL_CTX *ctx, - void (*cb)(const SSL *ssl, int type, int val)) -{ - ctx->info_callback = cb; -} -LSSL_ALIAS(SSL_CTX_set_info_callback); - -void -(*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, int val) -{ - return ctx->info_callback; -} -LSSL_ALIAS(SSL_CTX_get_info_callback); - -void -SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, - int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) -{ - ctx->client_cert_cb = cb; -} -LSSL_ALIAS(SSL_CTX_set_client_cert_cb); - -int -(*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509, - EVP_PKEY **pkey) -{ - return ctx->client_cert_cb; -} -LSSL_ALIAS(SSL_CTX_get_client_cert_cb); - -void -SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, - int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) -{ - ctx->app_gen_cookie_cb = cb; -} -LSSL_ALIAS(SSL_CTX_set_cookie_generate_cb); - -void -SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, - int (*cb)(SSL *ssl, const unsigned char *cookie, unsigned int cookie_len)) -{ - ctx->app_verify_cookie_cb = cb; -} -LSSL_ALIAS(SSL_CTX_set_cookie_verify_cb); - -int -PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x) -{ - return PEM_ASN1_write((i2d_of_void *)i2d_SSL_SESSION, - PEM_STRING_SSL_SESSION, fp, x, NULL, NULL, 0, NULL, NULL); -} -LSSL_ALIAS(PEM_write_SSL_SESSION); - -SSL_SESSION * -PEM_read_SSL_SESSION(FILE *fp, SSL_SESSION **x, pem_password_cb *cb, void *u) -{ - return PEM_ASN1_read((d2i_of_void *)d2i_SSL_SESSION, - PEM_STRING_SSL_SESSION, fp, (void **)x, cb, u); -} -LSSL_ALIAS(PEM_read_SSL_SESSION); - -SSL_SESSION * -PEM_read_bio_SSL_SESSION(BIO *bp, SSL_SESSION **x, pem_password_cb *cb, void *u) -{ - return PEM_ASN1_read_bio((d2i_of_void *)d2i_SSL_SESSION, - PEM_STRING_SSL_SESSION, bp, (void **)x, cb, u); -} -LSSL_ALIAS(PEM_read_bio_SSL_SESSION); - -int -PEM_write_bio_SSL_SESSION(BIO *bp, SSL_SESSION *x) -{ - return PEM_ASN1_write_bio((i2d_of_void *)i2d_SSL_SESSION, - PEM_STRING_SSL_SESSION, bp, x, NULL, NULL, 0, NULL, NULL); -} -LSSL_ALIAS(PEM_write_bio_SSL_SESSION); diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c deleted file mode 100644 index 18d71f6b95..0000000000 --- a/src/lib/libssl/ssl_sigalgs.c +++ /dev/null @@ -1,361 +0,0 @@ -/* $OpenBSD: ssl_sigalgs.c,v 1.50 2024/07/09 13:43:57 beck Exp $ */ -/* - * Copyright (c) 2018-2020 Bob Beck - * Copyright (c) 2021 Joel Sing - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include - -#include -#include - -#include "bytestring.h" -#include "ssl_local.h" -#include "ssl_sigalgs.h" -#include "tls13_internal.h" - -const struct ssl_sigalg sigalgs[] = { - { - .value = SIGALG_RSA_PKCS1_SHA512, - .key_type = EVP_PKEY_RSA, - .md = EVP_sha512, - .security_level = 5, - }, - { - .value = SIGALG_ECDSA_SECP521R1_SHA512, - .key_type = EVP_PKEY_EC, - .md = EVP_sha512, - .security_level = 5, - .group_nid = NID_secp521r1, - }, - { - .value = SIGALG_RSA_PKCS1_SHA384, - .key_type = EVP_PKEY_RSA, - .md = EVP_sha384, - .security_level = 4, - }, - { - .value = SIGALG_ECDSA_SECP384R1_SHA384, - .key_type = EVP_PKEY_EC, - .md = EVP_sha384, - .security_level = 4, - .group_nid = NID_secp384r1, - }, - { - .value = SIGALG_RSA_PKCS1_SHA256, - .key_type = EVP_PKEY_RSA, - .md = EVP_sha256, - .security_level = 3, - }, - { - .value = SIGALG_ECDSA_SECP256R1_SHA256, - .key_type = EVP_PKEY_EC, - .md = EVP_sha256, - .security_level = 3, - .group_nid = NID_X9_62_prime256v1, - }, - { - .value = SIGALG_RSA_PSS_RSAE_SHA256, - .key_type = EVP_PKEY_RSA, - .md = EVP_sha256, - .security_level = 3, - .flags = SIGALG_FLAG_RSA_PSS, - }, - { - .value = SIGALG_RSA_PSS_RSAE_SHA384, - .key_type = EVP_PKEY_RSA, - .md = EVP_sha384, - .security_level = 4, - .flags = SIGALG_FLAG_RSA_PSS, - }, - { - .value = SIGALG_RSA_PSS_RSAE_SHA512, - .key_type = EVP_PKEY_RSA, - .md = EVP_sha512, - .security_level = 5, - .flags = SIGALG_FLAG_RSA_PSS, - }, - { - .value = SIGALG_RSA_PSS_PSS_SHA256, - .key_type = EVP_PKEY_RSA, - .md = EVP_sha256, - .security_level = 3, - .flags = SIGALG_FLAG_RSA_PSS, - }, - { - .value = SIGALG_RSA_PSS_PSS_SHA384, - .key_type = EVP_PKEY_RSA, - .md = EVP_sha384, - .security_level = 4, - .flags = SIGALG_FLAG_RSA_PSS, - }, - { - .value = SIGALG_RSA_PSS_PSS_SHA512, - .key_type = EVP_PKEY_RSA, - .md = EVP_sha512, - .security_level = 5, - .flags = SIGALG_FLAG_RSA_PSS, - }, - { - .value = SIGALG_RSA_PKCS1_SHA224, - .key_type = EVP_PKEY_RSA, - .md = EVP_sha224, - .security_level = 2, - }, - { - .value = SIGALG_ECDSA_SECP224R1_SHA224, - .key_type = EVP_PKEY_EC, - .md = EVP_sha224, - .security_level = 2, - }, - { - .value = SIGALG_RSA_PKCS1_SHA1, - .key_type = EVP_PKEY_RSA, - .md = EVP_sha1, - .security_level = 1, - }, - { - .value = SIGALG_ECDSA_SHA1, - .key_type = EVP_PKEY_EC, - .md = EVP_sha1, - .security_level = 1, - }, - { - .value = SIGALG_RSA_PKCS1_MD5_SHA1, - .key_type = EVP_PKEY_RSA, - .md = EVP_md5_sha1, - .security_level = 1, - }, - { - .value = SIGALG_NONE, - }, -}; - -/* Sigalgs for TLSv1.3, in preference order. */ -const uint16_t tls13_sigalgs[] = { - SIGALG_RSA_PSS_RSAE_SHA512, - SIGALG_RSA_PKCS1_SHA512, - SIGALG_ECDSA_SECP521R1_SHA512, - SIGALG_RSA_PSS_RSAE_SHA384, - SIGALG_RSA_PKCS1_SHA384, - SIGALG_ECDSA_SECP384R1_SHA384, - SIGALG_RSA_PSS_RSAE_SHA256, - SIGALG_RSA_PKCS1_SHA256, - SIGALG_ECDSA_SECP256R1_SHA256, -}; -const size_t tls13_sigalgs_len = (sizeof(tls13_sigalgs) / sizeof(tls13_sigalgs[0])); - -/* Sigalgs for TLSv1.2, in preference order. */ -const uint16_t tls12_sigalgs[] = { - SIGALG_RSA_PSS_RSAE_SHA512, - SIGALG_RSA_PKCS1_SHA512, - SIGALG_ECDSA_SECP521R1_SHA512, - SIGALG_RSA_PSS_RSAE_SHA384, - SIGALG_RSA_PKCS1_SHA384, - SIGALG_ECDSA_SECP384R1_SHA384, - SIGALG_RSA_PSS_RSAE_SHA256, - SIGALG_RSA_PKCS1_SHA256, - SIGALG_ECDSA_SECP256R1_SHA256, - SIGALG_RSA_PKCS1_SHA1, /* XXX */ - SIGALG_ECDSA_SHA1, /* XXX */ -}; -const size_t tls12_sigalgs_len = (sizeof(tls12_sigalgs) / sizeof(tls12_sigalgs[0])); - -static void -ssl_sigalgs_for_version(uint16_t tls_version, const uint16_t **out_values, - size_t *out_len) -{ - if (tls_version >= TLS1_3_VERSION) { - *out_values = tls13_sigalgs; - *out_len = tls13_sigalgs_len; - } else { - *out_values = tls12_sigalgs; - *out_len = tls12_sigalgs_len; - } -} - -static const struct ssl_sigalg * -ssl_sigalg_lookup(uint16_t value) -{ - int i; - - for (i = 0; sigalgs[i].value != SIGALG_NONE; i++) { - if (sigalgs[i].value == value) - return &sigalgs[i]; - } - - return NULL; -} - -static const struct ssl_sigalg * -ssl_sigalg_from_value(SSL *s, uint16_t value) -{ - const uint16_t *values; - size_t len; - int i; - - ssl_sigalgs_for_version(s->s3->hs.negotiated_tls_version, - &values, &len); - - for (i = 0; i < len; i++) { - if (values[i] == value) - return ssl_sigalg_lookup(value); - } - - return NULL; -} - -int -ssl_sigalgs_build(uint16_t tls_version, CBB *cbb, int security_level) -{ - const struct ssl_sigalg *sigalg; - const uint16_t *values; - size_t len; - size_t i; - int ret = 0; - - ssl_sigalgs_for_version(tls_version, &values, &len); - - /* Add values in order as long as they are supported. */ - for (i = 0; i < len; i++) { - /* Do not allow the legacy value for < 1.2 to be used. */ - if (values[i] == SIGALG_RSA_PKCS1_MD5_SHA1) - return 0; - if ((sigalg = ssl_sigalg_lookup(values[i])) == NULL) - return 0; - if (sigalg->security_level < security_level) - continue; - - if (!CBB_add_u16(cbb, values[i])) - return 0; - - ret = 1; - } - return ret; -} - -static const struct ssl_sigalg * -ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey) -{ - if (SSL_get_security_level(s) > 1) - return NULL; - - /* Default signature algorithms used for TLSv1.2 and earlier. */ - switch (EVP_PKEY_id(pkey)) { - case EVP_PKEY_RSA: - if (s->s3->hs.negotiated_tls_version < TLS1_2_VERSION) - return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1); - return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1); - case EVP_PKEY_EC: - return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); - } - SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); - return NULL; -} - -static int -ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg, EVP_PKEY *pkey) -{ - if (sigalg == NULL || pkey == NULL) - return 0; - if (sigalg->key_type != EVP_PKEY_id(pkey)) - return 0; - - /* RSA PSS must have a sufficiently large RSA key. */ - if ((sigalg->flags & SIGALG_FLAG_RSA_PSS)) { - if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA || - EVP_PKEY_size(pkey) < (2 * EVP_MD_size(sigalg->md()) + 2)) - return 0; - } - - if (!ssl_security_sigalg_check(s, pkey)) - return 0; - - if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION) - return 1; - - /* RSA cannot be used without PSS in TLSv1.3. */ - if (sigalg->key_type == EVP_PKEY_RSA && - (sigalg->flags & SIGALG_FLAG_RSA_PSS) == 0) - return 0; - - /* Ensure that group matches for EC keys. */ - if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { - if (sigalg->group_nid == 0) - return 0; - if (EC_GROUP_get_curve_name(EC_KEY_get0_group( - EVP_PKEY_get0_EC_KEY(pkey))) != sigalg->group_nid) - return 0; - } - - return 1; -} - -const struct ssl_sigalg * -ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) -{ - CBS cbs; - - if (!SSL_USE_SIGALGS(s)) - return ssl_sigalg_for_legacy(s, pkey); - - /* - * RFC 5246 allows a TLS 1.2 client to send no sigalgs extension, - * in which case the server must use the default. - */ - if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION && - s->s3->hs.sigalgs == NULL) - return ssl_sigalg_for_legacy(s, pkey); - - /* - * If we get here, we have client or server sent sigalgs, use one. - */ - CBS_init(&cbs, s->s3->hs.sigalgs, s->s3->hs.sigalgs_len); - while (CBS_len(&cbs) > 0) { - const struct ssl_sigalg *sigalg; - uint16_t sigalg_value; - - if (!CBS_get_u16(&cbs, &sigalg_value)) - return NULL; - - if ((sigalg = ssl_sigalg_from_value(s, sigalg_value)) == NULL) - continue; - if (ssl_sigalg_pkey_ok(s, sigalg, pkey)) - return sigalg; - } - - return NULL; -} - -const struct ssl_sigalg * -ssl_sigalg_for_peer(SSL *s, EVP_PKEY *pkey, uint16_t sigalg_value) -{ - const struct ssl_sigalg *sigalg; - - if (!SSL_USE_SIGALGS(s)) - return ssl_sigalg_for_legacy(s, pkey); - - if ((sigalg = ssl_sigalg_from_value(s, sigalg_value)) == NULL) { - SSLerror(s, SSL_R_UNKNOWN_DIGEST); - return NULL; - } - if (!ssl_sigalg_pkey_ok(s, sigalg, pkey)) { - SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); - return NULL; - } - - return sigalg; -} diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h deleted file mode 100644 index 5211ec6b62..0000000000 --- a/src/lib/libssl/ssl_sigalgs.h +++ /dev/null @@ -1,71 +0,0 @@ -/* $OpenBSD: ssl_sigalgs.h,v 1.27 2024/02/03 15:58:34 beck Exp $ */ -/* - * Copyright (c) 2018-2019 Bob Beck - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef HEADER_SSL_SIGALGS_H -#define HEADER_SSL_SIGALGS_H - -__BEGIN_HIDDEN_DECLS - -#define SIGALG_NONE 0x0000 - -/* - * RFC 8446 Section 4.2.3 - * RFC 5246 Section 7.4.1.4.1 - */ -#define SIGALG_RSA_PKCS1_SHA224 0x0301 -#define SIGALG_RSA_PKCS1_SHA256 0x0401 -#define SIGALG_RSA_PKCS1_SHA384 0x0501 -#define SIGALG_RSA_PKCS1_SHA512 0x0601 -#define SIGALG_ECDSA_SECP224R1_SHA224 0x0303 -#define SIGALG_ECDSA_SECP256R1_SHA256 0x0403 -#define SIGALG_ECDSA_SECP384R1_SHA384 0x0503 -#define SIGALG_ECDSA_SECP521R1_SHA512 0x0603 -#define SIGALG_RSA_PSS_RSAE_SHA256 0x0804 -#define SIGALG_RSA_PSS_RSAE_SHA384 0x0805 -#define SIGALG_RSA_PSS_RSAE_SHA512 0x0806 -#define SIGALG_ED25519 0x0807 -#define SIGALG_ED448 0x0808 -#define SIGALG_RSA_PSS_PSS_SHA256 0x0809 -#define SIGALG_RSA_PSS_PSS_SHA384 0x080a -#define SIGALG_RSA_PSS_PSS_SHA512 0x080b -#define SIGALG_RSA_PKCS1_SHA1 0x0201 -#define SIGALG_ECDSA_SHA1 0x0203 -#define SIGALG_PRIVATE_START 0xFE00 -#define SIGALG_PRIVATE_END 0xFFFF - -/* Legacy sigalg for < TLSv1.2 same value as BoringSSL uses. */ -#define SIGALG_RSA_PKCS1_MD5_SHA1 0xFF01 - -#define SIGALG_FLAG_RSA_PSS 0x00000001 - -struct ssl_sigalg { - uint16_t value; - int key_type; - const EVP_MD *(*md)(void); - int security_level; - int group_nid; - int flags; -}; - -int ssl_sigalgs_build(uint16_t tls_version, CBB *cbb, int security_level); -const struct ssl_sigalg *ssl_sigalg_select(SSL *s, EVP_PKEY *pkey); -const struct ssl_sigalg *ssl_sigalg_for_peer(SSL *s, EVP_PKEY *pkey, - uint16_t sigalg_value); - -__END_HIDDEN_DECLS - -#endif diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c deleted file mode 100644 index db4ba38b51..0000000000 --- a/src/lib/libssl/ssl_srvr.c +++ /dev/null @@ -1,2496 +0,0 @@ -/* $OpenBSD: ssl_srvr.c,v 1.166 2025/03/09 15:53:36 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * ECC cipher suite support in OpenSSL originally written by - * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. - * - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "bytestring.h" -#include "crypto_internal.h" -#include "dtls_local.h" -#include "ssl_local.h" -#include "ssl_sigalgs.h" -#include "ssl_tlsext.h" - -static int ssl3_get_client_hello(SSL *s); -static int ssl3_send_dtls_hello_verify_request(SSL *s); -static int ssl3_send_server_hello(SSL *s); -static int ssl3_send_hello_request(SSL *s); -static int ssl3_send_server_certificate(SSL *s); -static int ssl3_send_server_key_exchange(SSL *s); -static int ssl3_send_certificate_request(SSL *s); -static int ssl3_send_server_done(SSL *s); -static int ssl3_get_client_certificate(SSL *s); -static int ssl3_get_client_key_exchange(SSL *s); -static int ssl3_get_cert_verify(SSL *s); -static int ssl3_send_newsession_ticket(SSL *s); -static int ssl3_send_cert_status(SSL *s); -static int ssl3_send_server_change_cipher_spec(SSL *s); -static int ssl3_send_server_finished(SSL *s); -static int ssl3_get_client_finished(SSL *s); - -int -ssl3_accept(SSL *s) -{ - unsigned long alg_k; - int new_state, state, skip = 0; - int listen = 0; - int ret = -1; - - ERR_clear_error(); - errno = 0; - - if (SSL_is_dtls(s)) - listen = s->d1->listen; - - /* init things to blank */ - s->in_handshake++; - if (!SSL_in_init(s) || SSL_in_before(s)) - SSL_clear(s); - - if (SSL_is_dtls(s)) - s->d1->listen = listen; - - for (;;) { - state = s->s3->hs.state; - - switch (s->s3->hs.state) { - case SSL_ST_RENEGOTIATE: - s->renegotiate = 1; - /* s->s3->hs.state=SSL_ST_ACCEPT; */ - - case SSL_ST_BEFORE: - case SSL_ST_ACCEPT: - case SSL_ST_BEFORE|SSL_ST_ACCEPT: - case SSL_ST_OK|SSL_ST_ACCEPT: - s->server = 1; - - ssl_info_callback(s, SSL_CB_HANDSHAKE_START, 1); - - if (!ssl_legacy_stack_version(s, s->version)) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - ret = -1; - goto end; - } - - if (!ssl_supported_tls_version_range(s, - &s->s3->hs.our_min_tls_version, - &s->s3->hs.our_max_tls_version)) { - SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); - ret = -1; - goto end; - } - - if (!ssl_security_version(s, - s->s3->hs.our_min_tls_version)) { - SSLerror(s, SSL_R_VERSION_TOO_LOW); - ret = -1; - goto end; - } - - if (!ssl3_setup_init_buffer(s)) { - ret = -1; - goto end; - } - if (!ssl3_setup_buffers(s)) { - ret = -1; - goto end; - } - - s->init_num = 0; - - if (s->s3->hs.state != SSL_ST_RENEGOTIATE) { - /* - * Ok, we now need to push on a buffering BIO - * so that the output is sent in a way that - * TCP likes :-) - */ - if (!ssl_init_wbio_buffer(s, 1)) { - ret = -1; - goto end; - } - - if (!tls1_transcript_init(s)) { - ret = -1; - goto end; - } - - s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_A; - s->ctx->stats.sess_accept++; - } else if (!SSL_is_dtls(s) && !s->s3->send_connection_binding) { - /* - * Server attempting to renegotiate with - * client that doesn't support secure - * renegotiation. - */ - SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_HANDSHAKE_FAILURE); - ret = -1; - goto end; - } else { - /* - * s->s3->hs.state == SSL_ST_RENEGOTIATE, - * we will just send a HelloRequest. - */ - s->ctx->stats.sess_accept_renegotiate++; - s->s3->hs.state = SSL3_ST_SW_HELLO_REQ_A; - } - break; - - case SSL3_ST_SW_HELLO_REQ_A: - case SSL3_ST_SW_HELLO_REQ_B: - s->shutdown = 0; - if (SSL_is_dtls(s)) { - dtls1_clear_record_buffer(s); - dtls1_start_timer(s); - } - ret = ssl3_send_hello_request(s); - if (ret <= 0) - goto end; - if (SSL_is_dtls(s)) - s->s3->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A; - else - s->s3->hs.tls12.next_state = SSL3_ST_SW_HELLO_REQ_C; - s->s3->hs.state = SSL3_ST_SW_FLUSH; - s->init_num = 0; - - if (SSL_is_dtls(s)) { - if (!tls1_transcript_init(s)) { - ret = -1; - goto end; - } - } - break; - - case SSL3_ST_SW_HELLO_REQ_C: - s->s3->hs.state = SSL_ST_OK; - break; - - case SSL3_ST_SR_CLNT_HELLO_A: - case SSL3_ST_SR_CLNT_HELLO_B: - case SSL3_ST_SR_CLNT_HELLO_C: - s->shutdown = 0; - if (SSL_is_dtls(s)) { - ret = ssl3_get_client_hello(s); - if (ret <= 0) - goto end; - dtls1_stop_timer(s); - - if (ret == 1 && - (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) - s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; - else - s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A; - - s->init_num = 0; - - /* - * Reflect ClientHello sequence to remain - * stateless while listening. - */ - if (listen) { - tls12_record_layer_reflect_seq_num( - s->rl); - } - - /* If we're just listening, stop here */ - if (listen && s->s3->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { - ret = 2; - s->d1->listen = 0; - /* - * Set expected sequence numbers to - * continue the handshake. - */ - s->d1->handshake_read_seq = 2; - s->d1->handshake_write_seq = 1; - s->d1->next_handshake_write_seq = 1; - goto end; - } - } else { - if (s->rwstate != SSL_X509_LOOKUP) { - ret = ssl3_get_client_hello(s); - if (ret <= 0) - goto end; - } - - s->renegotiate = 2; - s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A; - s->init_num = 0; - } - break; - - case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: - case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: - ret = ssl3_send_dtls_hello_verify_request(s); - if (ret <= 0) - goto end; - s->s3->hs.state = SSL3_ST_SW_FLUSH; - s->s3->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A; - - /* HelloVerifyRequest resets Finished MAC. */ - tls1_transcript_reset(s); - break; - - case SSL3_ST_SW_SRVR_HELLO_A: - case SSL3_ST_SW_SRVR_HELLO_B: - if (SSL_is_dtls(s)) { - s->renegotiate = 2; - dtls1_start_timer(s); - } - ret = ssl3_send_server_hello(s); - if (ret <= 0) - goto end; - if (s->hit) { - if (s->tlsext_ticket_expected) - s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A; - else - s->s3->hs.state = SSL3_ST_SW_CHANGE_A; - } else { - s->s3->hs.state = SSL3_ST_SW_CERT_A; - } - s->init_num = 0; - break; - - case SSL3_ST_SW_CERT_A: - case SSL3_ST_SW_CERT_B: - /* Check if it is anon DH or anon ECDH. */ - if (!(s->s3->hs.cipher->algorithm_auth & - SSL_aNULL)) { - if (SSL_is_dtls(s)) - dtls1_start_timer(s); - ret = ssl3_send_server_certificate(s); - if (ret <= 0) - goto end; - if (s->tlsext_status_expected) - s->s3->hs.state = SSL3_ST_SW_CERT_STATUS_A; - else - s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A; - } else { - skip = 1; - s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A; - } - s->init_num = 0; - break; - - case SSL3_ST_SW_KEY_EXCH_A: - case SSL3_ST_SW_KEY_EXCH_B: - alg_k = s->s3->hs.cipher->algorithm_mkey; - - /* - * Only send if using a DH key exchange. - * - * For ECC ciphersuites, we send a ServerKeyExchange - * message only if the cipher suite is ECDHE. In other - * cases, the server certificate contains the server's - * public key for key exchange. - */ - if (alg_k & (SSL_kDHE|SSL_kECDHE)) { - if (SSL_is_dtls(s)) - dtls1_start_timer(s); - ret = ssl3_send_server_key_exchange(s); - if (ret <= 0) - goto end; - } else - skip = 1; - - s->s3->hs.state = SSL3_ST_SW_CERT_REQ_A; - s->init_num = 0; - break; - - case SSL3_ST_SW_CERT_REQ_A: - case SSL3_ST_SW_CERT_REQ_B: - /* - * Determine whether or not we need to request a - * certificate. - * - * Do not request a certificate if: - * - * - We did not ask for it (SSL_VERIFY_PEER is unset). - * - * - SSL_VERIFY_CLIENT_ONCE is set and we are - * renegotiating. - * - * - We are using an anonymous ciphersuites - * (see section "Certificate request" in SSL 3 drafts - * and in RFC 2246) ... except when the application - * insists on verification (against the specs, but - * s3_clnt.c accepts this for SSL 3). - */ - if (!(s->verify_mode & SSL_VERIFY_PEER) || - ((s->session->peer_cert != NULL) && - (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || - ((s->s3->hs.cipher->algorithm_auth & - SSL_aNULL) && !(s->verify_mode & - SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) { - /* No cert request. */ - skip = 1; - s->s3->hs.tls12.cert_request = 0; - s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_A; - - if (!SSL_is_dtls(s)) - tls1_transcript_free(s); - } else { - s->s3->hs.tls12.cert_request = 1; - if (SSL_is_dtls(s)) - dtls1_start_timer(s); - ret = ssl3_send_certificate_request(s); - if (ret <= 0) - goto end; - s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_A; - s->init_num = 0; - } - break; - - case SSL3_ST_SW_SRVR_DONE_A: - case SSL3_ST_SW_SRVR_DONE_B: - if (SSL_is_dtls(s)) - dtls1_start_timer(s); - ret = ssl3_send_server_done(s); - if (ret <= 0) - goto end; - s->s3->hs.tls12.next_state = SSL3_ST_SR_CERT_A; - s->s3->hs.state = SSL3_ST_SW_FLUSH; - s->init_num = 0; - break; - - case SSL3_ST_SW_FLUSH: - /* - * This code originally checked to see if - * any data was pending using BIO_CTRL_INFO - * and then flushed. This caused problems - * as documented in PR#1939. The proposed - * fix doesn't completely resolve this issue - * as buggy implementations of BIO_CTRL_PENDING - * still exist. So instead we just flush - * unconditionally. - */ - s->rwstate = SSL_WRITING; - if (BIO_flush(s->wbio) <= 0) { - if (SSL_is_dtls(s)) { - /* If the write error was fatal, stop trying. */ - if (!BIO_should_retry(s->wbio)) { - s->rwstate = SSL_NOTHING; - s->s3->hs.state = s->s3->hs.tls12.next_state; - } - } - ret = -1; - goto end; - } - s->rwstate = SSL_NOTHING; - s->s3->hs.state = s->s3->hs.tls12.next_state; - break; - - case SSL3_ST_SR_CERT_A: - case SSL3_ST_SR_CERT_B: - if (s->s3->hs.tls12.cert_request != 0) { - ret = ssl3_get_client_certificate(s); - if (ret <= 0) - goto end; - } - s->init_num = 0; - s->s3->hs.state = SSL3_ST_SR_KEY_EXCH_A; - break; - - case SSL3_ST_SR_KEY_EXCH_A: - case SSL3_ST_SR_KEY_EXCH_B: - ret = ssl3_get_client_key_exchange(s); - if (ret <= 0) - goto end; - - if (SSL_is_dtls(s)) { - s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A; - s->init_num = 0; - } - - alg_k = s->s3->hs.cipher->algorithm_mkey; - if (SSL_USE_SIGALGS(s)) { - s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A; - s->init_num = 0; - if (!s->session->peer_cert) - break; - /* - * Freeze the transcript for use during client - * certificate verification. - */ - tls1_transcript_freeze(s); - } else { - s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A; - s->init_num = 0; - - tls1_transcript_free(s); - - /* - * We need to get hashes here so if there is - * a client cert, it can be verified. - */ - if (!tls1_transcript_hash_value(s, - s->s3->hs.tls12.cert_verify, - sizeof(s->s3->hs.tls12.cert_verify), - NULL)) { - ret = -1; - goto end; - } - } - break; - - case SSL3_ST_SR_CERT_VRFY_A: - case SSL3_ST_SR_CERT_VRFY_B: - if (SSL_is_dtls(s)) - s->d1->change_cipher_spec_ok = 1; - else - s->s3->flags |= SSL3_FLAGS_CCS_OK; - - /* we should decide if we expected this one */ - ret = ssl3_get_cert_verify(s); - if (ret <= 0) - goto end; - s->s3->hs.state = SSL3_ST_SR_FINISHED_A; - s->init_num = 0; - break; - - case SSL3_ST_SR_FINISHED_A: - case SSL3_ST_SR_FINISHED_B: - if (SSL_is_dtls(s)) - s->d1->change_cipher_spec_ok = 1; - else - s->s3->flags |= SSL3_FLAGS_CCS_OK; - ret = ssl3_get_client_finished(s); - if (ret <= 0) - goto end; - if (SSL_is_dtls(s)) - dtls1_stop_timer(s); - if (s->hit) - s->s3->hs.state = SSL_ST_OK; - else if (s->tlsext_ticket_expected) - s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A; - else - s->s3->hs.state = SSL3_ST_SW_CHANGE_A; - s->init_num = 0; - break; - - case SSL3_ST_SW_SESSION_TICKET_A: - case SSL3_ST_SW_SESSION_TICKET_B: - ret = ssl3_send_newsession_ticket(s); - if (ret <= 0) - goto end; - s->s3->hs.state = SSL3_ST_SW_CHANGE_A; - s->init_num = 0; - break; - - case SSL3_ST_SW_CERT_STATUS_A: - case SSL3_ST_SW_CERT_STATUS_B: - ret = ssl3_send_cert_status(s); - if (ret <= 0) - goto end; - s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A; - s->init_num = 0; - break; - - case SSL3_ST_SW_CHANGE_A: - case SSL3_ST_SW_CHANGE_B: - ret = ssl3_send_server_change_cipher_spec(s); - if (ret <= 0) - goto end; - s->s3->hs.state = SSL3_ST_SW_FINISHED_A; - s->init_num = 0; - s->session->cipher_value = s->s3->hs.cipher->value; - - if (!tls1_setup_key_block(s)) { - ret = -1; - goto end; - } - if (!tls1_change_write_cipher_state(s)) { - ret = -1; - goto end; - } - break; - - case SSL3_ST_SW_FINISHED_A: - case SSL3_ST_SW_FINISHED_B: - ret = ssl3_send_server_finished(s); - if (ret <= 0) - goto end; - s->s3->hs.state = SSL3_ST_SW_FLUSH; - if (s->hit) { - s->s3->hs.tls12.next_state = SSL3_ST_SR_FINISHED_A; - tls1_transcript_free(s); - } else - s->s3->hs.tls12.next_state = SSL_ST_OK; - s->init_num = 0; - break; - - case SSL_ST_OK: - /* clean a few things up */ - tls1_cleanup_key_block(s); - - if (s->s3->handshake_transcript != NULL) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - ret = -1; - goto end; - } - - if (!SSL_is_dtls(s)) - ssl3_release_init_buffer(s); - - /* remove buffering on output */ - ssl_free_wbio_buffer(s); - - s->init_num = 0; - - /* Skipped if we just sent a HelloRequest. */ - if (s->renegotiate == 2) { - s->renegotiate = 0; - s->new_session = 0; - - ssl_update_cache(s, SSL_SESS_CACHE_SERVER); - - s->ctx->stats.sess_accept_good++; - /* s->server=1; */ - s->handshake_func = ssl3_accept; - - ssl_info_callback(s, SSL_CB_HANDSHAKE_DONE, 1); - } - - ret = 1; - - if (SSL_is_dtls(s)) { - /* Done handshaking, next message is client hello. */ - s->d1->handshake_read_seq = 0; - /* Next message is server hello. */ - s->d1->handshake_write_seq = 0; - s->d1->next_handshake_write_seq = 0; - } - goto end; - /* break; */ - - default: - SSLerror(s, SSL_R_UNKNOWN_STATE); - ret = -1; - goto end; - /* break; */ - } - - if (!s->s3->hs.tls12.reuse_message && !skip) { - if (s->s3->hs.state != state) { - new_state = s->s3->hs.state; - s->s3->hs.state = state; - ssl_info_callback(s, SSL_CB_ACCEPT_LOOP, 1); - s->s3->hs.state = new_state; - } - } - skip = 0; - } - end: - /* BIO_flush(s->wbio); */ - s->in_handshake--; - ssl_info_callback(s, SSL_CB_ACCEPT_EXIT, ret); - - return (ret); -} - -static int -ssl3_send_hello_request(SSL *s) -{ - CBB cbb, hello; - - memset(&cbb, 0, sizeof(cbb)); - - if (s->s3->hs.state == SSL3_ST_SW_HELLO_REQ_A) { - if (!ssl3_handshake_msg_start(s, &cbb, &hello, - SSL3_MT_HELLO_REQUEST)) - goto err; - if (!ssl3_handshake_msg_finish(s, &cbb)) - goto err; - - s->s3->hs.state = SSL3_ST_SW_HELLO_REQ_B; - } - - /* SSL3_ST_SW_HELLO_REQ_B */ - return (ssl3_handshake_write(s)); - - err: - CBB_cleanup(&cbb); - - return (-1); -} - -static int -ssl3_get_client_hello(SSL *s) -{ - CBS cbs, client_random, session_id, cookie, cipher_suites; - CBS compression_methods; - uint16_t client_version; - uint8_t comp_method; - int comp_null; - int i, j, al, ret, cookie_valid = 0; - SSL_CIPHER *c; - STACK_OF(SSL_CIPHER) *ciphers = NULL; - const SSL_METHOD *method; - uint16_t shared_version; - - /* - * We do this so that we will respond with our native type. - * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, - * This down switching should be handled by a different method. - * If we are SSLv3, we will respond with SSLv3, even if prompted with - * TLSv1. - */ - if (s->s3->hs.state == SSL3_ST_SR_CLNT_HELLO_A) - s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_B; - - s->first_packet = 1; - if ((ret = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, - SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO, - SSL3_RT_MAX_PLAIN_LENGTH)) <= 0) - return ret; - s->first_packet = 0; - - ret = -1; - - if (s->init_num < 0) - goto err; - - CBS_init(&cbs, s->init_msg, s->init_num); - - /* Parse client hello up until the extensions (if any). */ - if (!CBS_get_u16(&cbs, &client_version)) - goto decode_err; - if (!CBS_get_bytes(&cbs, &client_random, SSL3_RANDOM_SIZE)) - goto decode_err; - if (!CBS_get_u8_length_prefixed(&cbs, &session_id)) - goto decode_err; - if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG); - goto fatal_err; - } - if (SSL_is_dtls(s)) { - if (!CBS_get_u8_length_prefixed(&cbs, &cookie)) - goto decode_err; - } - if (!CBS_get_u16_length_prefixed(&cbs, &cipher_suites)) - goto decode_err; - if (!CBS_get_u8_length_prefixed(&cbs, &compression_methods)) - goto decode_err; - - /* - * Use version from inside client hello, not from record header. - * (may differ: see RFC 2246, Appendix E, second paragraph) - */ - if (!ssl_max_shared_version(s, client_version, &shared_version)) { - if ((client_version >> 8) == SSL3_VERSION_MAJOR && - !tls12_record_layer_write_protected(s->rl)) { - /* - * Similar to ssl3_get_record, send alert using remote - * version number. - */ - s->version = client_version; - } - SSLerror(s, SSL_R_WRONG_VERSION_NUMBER); - al = SSL_AD_PROTOCOL_VERSION; - goto fatal_err; - } - s->s3->hs.peer_legacy_version = client_version; - s->version = shared_version; - - s->s3->hs.negotiated_tls_version = ssl_tls_version(shared_version); - if (s->s3->hs.negotiated_tls_version == 0) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - - if ((method = ssl_get_method(shared_version)) == NULL) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - s->method = method; - - /* - * If we require cookies (DTLS) and this ClientHello does not contain - * one, just return since we do not want to allocate any memory yet. - * So check cookie length... - */ - if (SSL_is_dtls(s)) { - if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) { - if (CBS_len(&cookie) == 0) - return (1); - } - } - - if (!CBS_write_bytes(&client_random, s->s3->client_random, - sizeof(s->s3->client_random), NULL)) - goto err; - - s->hit = 0; - - /* - * Versions before 0.9.7 always allow clients to resume sessions in - * renegotiation. 0.9.7 and later allow this by default, but optionally - * ignore resumption requests with flag - * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag - * rather than a change to default behavior so that applications - * relying on this for security won't even compile against older - * library versions). - * - * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() - * to request renegotiation but not a new session (s->new_session - * remains unset): for servers, this essentially just means that the - * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be - * ignored. - */ - if ((s->new_session && (s->options & - SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) { - if (!ssl_get_new_session(s, 1)) - goto err; - } else { - CBS ext_block; - - CBS_dup(&cbs, &ext_block); - - i = ssl_get_prev_session(s, &session_id, &ext_block, &al); - if (i == 1) { /* previous session */ - s->hit = 1; - } else if (i == -1) - goto fatal_err; - else { - /* i == 0 */ - if (!ssl_get_new_session(s, 1)) - goto err; - } - } - - if (SSL_is_dtls(s)) { - /* - * The ClientHello may contain a cookie even if the HelloVerify - * message has not been sent - make sure that it does not cause - * an overflow. - */ - if (CBS_len(&cookie) > sizeof(s->d1->rcvd_cookie)) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_COOKIE_MISMATCH); - goto fatal_err; - } - - /* Verify the cookie if appropriate option is set. */ - if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && - CBS_len(&cookie) > 0) { - size_t cookie_len; - - /* XXX - rcvd_cookie seems to only be used here... */ - if (!CBS_write_bytes(&cookie, s->d1->rcvd_cookie, - sizeof(s->d1->rcvd_cookie), &cookie_len)) - goto err; - - if (s->ctx->app_verify_cookie_cb != NULL) { - if (s->ctx->app_verify_cookie_cb(s, - s->d1->rcvd_cookie, cookie_len) == 0) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerror(s, SSL_R_COOKIE_MISMATCH); - goto fatal_err; - } - /* else cookie verification succeeded */ - /* XXX - can d1->cookie_len > sizeof(rcvd_cookie) ? */ - } else if (timingsafe_memcmp(s->d1->rcvd_cookie, - s->d1->cookie, s->d1->cookie_len) != 0) { - /* default verification */ - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerror(s, SSL_R_COOKIE_MISMATCH); - goto fatal_err; - } - cookie_valid = 1; - } - } - - /* XXX - This logic seems wrong... */ - if (CBS_len(&cipher_suites) == 0 && CBS_len(&session_id) != 0) { - /* we need a cipher if we are not resuming a session */ - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL_R_NO_CIPHERS_SPECIFIED); - goto fatal_err; - } - - if (CBS_len(&cipher_suites) > 0) { - if ((ciphers = ssl_bytes_to_cipher_list(s, - &cipher_suites)) == NULL) - goto err; - } - - /* If it is a hit, check that the cipher is in the list */ - /* XXX - CBS_len(&cipher_suites) will always be zero here... */ - if (s->hit && CBS_len(&cipher_suites) > 0) { - j = 0; - - for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { - c = sk_SSL_CIPHER_value(ciphers, i); - if (c->value == s->session->cipher_value) { - j = 1; - break; - } - } - if (j == 0) { - /* - * We need to have the cipher in the cipher - * list if we are asked to reuse it - */ - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL_R_REQUIRED_CIPHER_MISSING); - goto fatal_err; - } - } - - comp_null = 0; - while (CBS_len(&compression_methods) > 0) { - if (!CBS_get_u8(&compression_methods, &comp_method)) - goto decode_err; - if (comp_method == 0) - comp_null = 1; - } - if (comp_null == 0) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_NO_COMPRESSION_SPECIFIED); - goto fatal_err; - } - - if (!tlsext_server_parse(s, SSL_TLSEXT_MSG_CH, &cbs, &al)) { - SSLerror(s, SSL_R_PARSE_TLSEXT); - goto fatal_err; - } - - if (CBS_len(&cbs) != 0) - goto decode_err; - - if (!s->s3->renegotiate_seen && s->renegotiate) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - goto fatal_err; - } - - if (ssl_check_clienthello_tlsext_early(s) <= 0) { - SSLerror(s, SSL_R_CLIENTHELLO_TLSEXT); - goto err; - } - - /* - * Check if we want to use external pre-shared secret for this - * handshake for not reused session only. We need to generate - * server_random before calling tls_session_secret_cb in order to allow - * SessionTicket processing to use it in key derivation. - */ - arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); - - if (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION && - s->s3->hs.negotiated_tls_version < s->s3->hs.our_max_tls_version) { - /* - * RFC 8446 section 4.1.3. If we are downgrading from TLS 1.3 - * we must set the last 8 bytes of the server random to magical - * values to indicate we meant to downgrade. For TLS 1.2 it is - * recommended that we do the same. - */ - size_t index = SSL3_RANDOM_SIZE - sizeof(tls13_downgrade_12); - uint8_t *magic = &s->s3->server_random[index]; - if (s->s3->hs.negotiated_tls_version == TLS1_2_VERSION) { - /* Indicate we chose to downgrade to 1.2. */ - memcpy(magic, tls13_downgrade_12, - sizeof(tls13_downgrade_12)); - } else { - /* Indicate we chose to downgrade to 1.1 or lower */ - memcpy(magic, tls13_downgrade_11, - sizeof(tls13_downgrade_11)); - } - } - - if (!s->hit && s->tls_session_secret_cb != NULL) { - const SSL_CIPHER *pref_cipher = NULL; - int master_key_length = sizeof(s->session->master_key); - - if (!s->tls_session_secret_cb(s, - s->session->master_key, &master_key_length, ciphers, - &pref_cipher, s->tls_session_secret_cb_arg)) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - if (master_key_length <= 0) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - s->session->master_key_length = master_key_length; - - s->hit = 1; - s->session->verify_result = X509_V_OK; - - sk_SSL_CIPHER_free(s->s3->hs.client_ciphers); - s->s3->hs.client_ciphers = ciphers; - ciphers = NULL; - - /* - * XXX - this allows the callback to use any client cipher and - * completely ignore the server cipher list. We should ensure - * that the pref_cipher is in both the client list and the - * server list. - */ - - /* Check if some cipher was preferred by the callback. */ - if (pref_cipher == NULL) - pref_cipher = ssl3_choose_cipher(s, s->s3->hs.client_ciphers, - SSL_get_ciphers(s)); - if (pref_cipher == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerror(s, SSL_R_NO_SHARED_CIPHER); - goto fatal_err; - } - s->s3->hs.cipher = pref_cipher; - - /* XXX - why? */ - sk_SSL_CIPHER_free(s->cipher_list); - s->cipher_list = sk_SSL_CIPHER_dup(s->s3->hs.client_ciphers); - } - - /* - * Given s->session->ciphers and SSL_get_ciphers, we must - * pick a cipher - */ - - if (!s->hit) { - if (ciphers == NULL) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL_R_NO_CIPHERS_PASSED); - goto fatal_err; - } - sk_SSL_CIPHER_free(s->s3->hs.client_ciphers); - s->s3->hs.client_ciphers = ciphers; - ciphers = NULL; - - if ((c = ssl3_choose_cipher(s, s->s3->hs.client_ciphers, - SSL_get_ciphers(s))) == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerror(s, SSL_R_NO_SHARED_CIPHER); - goto fatal_err; - } - s->s3->hs.cipher = c; - s->session->cipher_value = s->s3->hs.cipher->value; - } else { - s->s3->hs.cipher = ssl3_get_cipher_by_value(s->session->cipher_value); - if (s->s3->hs.cipher == NULL) - goto fatal_err; - } - - if (!tls1_transcript_hash_init(s)) - goto err; - - if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER)) - tls1_transcript_free(s); - - /* - * We now have the following setup. - * client_random - * cipher_list - our preferred list of ciphers - * ciphers - the clients preferred list of ciphers - * compression - basically ignored right now - * ssl version is set - sslv3 - * s->session - The ssl session has been setup. - * s->hit - session reuse flag - * s->hs.cipher - the new cipher to use. - */ - - /* Handles TLS extensions that we couldn't check earlier */ - if (ssl_check_clienthello_tlsext_late(s) <= 0) { - SSLerror(s, SSL_R_CLIENTHELLO_TLSEXT); - goto err; - } - - ret = cookie_valid ? 2 : 1; - - if (0) { - decode_err: - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - } - err: - sk_SSL_CIPHER_free(ciphers); - - return (ret); -} - -static int -ssl3_send_dtls_hello_verify_request(SSL *s) -{ - CBB cbb, verify, cookie; - - memset(&cbb, 0, sizeof(cbb)); - - if (s->s3->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { - if (s->ctx->app_gen_cookie_cb == NULL || - s->ctx->app_gen_cookie_cb(s, s->d1->cookie, - &(s->d1->cookie_len)) == 0) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - return 0; - } - - /* - * Per RFC 6347 section 4.2.1, the HelloVerifyRequest should - * always contain DTLSv1.0 regardless of the version that is - * going to be negotiated. - */ - if (!ssl3_handshake_msg_start(s, &cbb, &verify, - DTLS1_MT_HELLO_VERIFY_REQUEST)) - goto err; - if (!CBB_add_u16(&verify, DTLS1_VERSION)) - goto err; - if (!CBB_add_u8_length_prefixed(&verify, &cookie)) - goto err; - if (!CBB_add_bytes(&cookie, s->d1->cookie, s->d1->cookie_len)) - goto err; - if (!ssl3_handshake_msg_finish(s, &cbb)) - goto err; - - s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; - } - - /* s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ - return (ssl3_handshake_write(s)); - - err: - CBB_cleanup(&cbb); - - return (-1); -} - -static int -ssl3_send_server_hello(SSL *s) -{ - CBB cbb, server_hello, session_id; - size_t sl; - - memset(&cbb, 0, sizeof(cbb)); - - if (s->s3->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { - if (!ssl3_handshake_msg_start(s, &cbb, &server_hello, - SSL3_MT_SERVER_HELLO)) - goto err; - - if (!CBB_add_u16(&server_hello, s->version)) - goto err; - if (!CBB_add_bytes(&server_hello, s->s3->server_random, - sizeof(s->s3->server_random))) - goto err; - - /* - * There are several cases for the session ID to send - * back in the server hello: - * - * - For session reuse from the session cache, - * we send back the old session ID. - * - If stateless session reuse (using a session ticket) - * is successful, we send back the client's "session ID" - * (which doesn't actually identify the session). - * - If it is a new session, we send back the new - * session ID. - * - However, if we want the new session to be single-use, - * we send back a 0-length session ID. - * - * s->hit is non-zero in either case of session reuse, - * so the following won't overwrite an ID that we're supposed - * to send back. - */ - if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) - && !s->hit) - s->session->session_id_length = 0; - - sl = s->session->session_id_length; - if (sl > sizeof(s->session->session_id)) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - if (!CBB_add_u8_length_prefixed(&server_hello, &session_id)) - goto err; - if (!CBB_add_bytes(&session_id, s->session->session_id, sl)) - goto err; - - /* Cipher suite. */ - if (!CBB_add_u16(&server_hello, s->s3->hs.cipher->value)) - goto err; - - /* Compression method (null). */ - if (!CBB_add_u8(&server_hello, 0)) - goto err; - - /* TLS extensions */ - if (!tlsext_server_build(s, SSL_TLSEXT_MSG_SH, &server_hello)) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - - if (!ssl3_handshake_msg_finish(s, &cbb)) - goto err; - } - - /* SSL3_ST_SW_SRVR_HELLO_B */ - return (ssl3_handshake_write(s)); - - err: - CBB_cleanup(&cbb); - - return (-1); -} - -static int -ssl3_send_server_done(SSL *s) -{ - CBB cbb, done; - - memset(&cbb, 0, sizeof(cbb)); - - if (s->s3->hs.state == SSL3_ST_SW_SRVR_DONE_A) { - if (!ssl3_handshake_msg_start(s, &cbb, &done, - SSL3_MT_SERVER_DONE)) - goto err; - if (!ssl3_handshake_msg_finish(s, &cbb)) - goto err; - - s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_B; - } - - /* SSL3_ST_SW_SRVR_DONE_B */ - return (ssl3_handshake_write(s)); - - err: - CBB_cleanup(&cbb); - - return (-1); -} - -static int -ssl3_send_server_kex_dhe(SSL *s, CBB *cbb) -{ - int nid = NID_dhKeyAgreement; - - tls_key_share_free(s->s3->hs.key_share); - if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL) - goto err; - - if (s->cert->dhe_params_auto != 0) { - size_t key_bits; - - if ((key_bits = ssl_dhe_params_auto_key_bits(s)) == 0) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_INTERNAL_ERROR); - goto err; - } - tls_key_share_set_key_bits(s->s3->hs.key_share, - key_bits); - } else { - DH *dh_params = s->cert->dhe_params; - - if (dh_params == NULL && s->cert->dhe_params_cb != NULL) - dh_params = s->cert->dhe_params_cb(s, 0, - SSL_C_PKEYLENGTH(s->s3->hs.cipher)); - - if (dh_params == NULL) { - SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_HANDSHAKE_FAILURE); - goto err; - } - - if (!tls_key_share_set_dh_params(s->s3->hs.key_share, dh_params)) - goto err; - } - - if (!tls_key_share_generate(s->s3->hs.key_share)) - goto err; - - if (!tls_key_share_params(s->s3->hs.key_share, cbb)) - goto err; - if (!tls_key_share_public(s->s3->hs.key_share, cbb)) - goto err; - - if (!tls_key_share_peer_security(s, s->s3->hs.key_share)) { - SSLerror(s, SSL_R_DH_KEY_TOO_SMALL); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - return 0; - } - - return 1; - - err: - return 0; -} - -static int -ssl3_send_server_kex_ecdhe(SSL *s, CBB *cbb) -{ - CBB public; - int nid; - - if (!tls1_get_supported_group(s, &nid)) { - SSLerror(s, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - goto err; - } - - tls_key_share_free(s->s3->hs.key_share); - if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL) - goto err; - - if (!tls_key_share_generate(s->s3->hs.key_share)) - goto err; - - /* - * ECC key exchange - see RFC 8422, section 5.4. - */ - if (!CBB_add_u8(cbb, NAMED_CURVE_TYPE)) - goto err; - if (!CBB_add_u16(cbb, tls_key_share_group(s->s3->hs.key_share))) - goto err; - if (!CBB_add_u8_length_prefixed(cbb, &public)) - goto err; - if (!tls_key_share_public(s->s3->hs.key_share, &public)) - goto err; - if (!CBB_flush(cbb)) - goto err; - - return 1; - - err: - return 0; -} - -static int -ssl3_send_server_key_exchange(SSL *s) -{ - CBB cbb, cbb_signature, cbb_signed_params, server_kex; - CBS params; - const struct ssl_sigalg *sigalg = NULL; - unsigned char *signed_params = NULL; - size_t signed_params_len; - unsigned char *signature = NULL; - size_t signature_len = 0; - const EVP_MD *md = NULL; - unsigned long type; - EVP_MD_CTX *md_ctx = NULL; - EVP_PKEY_CTX *pctx; - EVP_PKEY *pkey; - int al; - - memset(&cbb, 0, sizeof(cbb)); - memset(&cbb_signed_params, 0, sizeof(cbb_signed_params)); - - if ((md_ctx = EVP_MD_CTX_new()) == NULL) - goto err; - - if (s->s3->hs.state == SSL3_ST_SW_KEY_EXCH_A) { - - if (!ssl3_handshake_msg_start(s, &cbb, &server_kex, - SSL3_MT_SERVER_KEY_EXCHANGE)) - goto err; - - if (!CBB_init(&cbb_signed_params, 0)) - goto err; - - if (!CBB_add_bytes(&cbb_signed_params, s->s3->client_random, - SSL3_RANDOM_SIZE)) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - if (!CBB_add_bytes(&cbb_signed_params, s->s3->server_random, - SSL3_RANDOM_SIZE)) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - - type = s->s3->hs.cipher->algorithm_mkey; - if (type & SSL_kDHE) { - if (!ssl3_send_server_kex_dhe(s, &cbb_signed_params)) - goto err; - } else if (type & SSL_kECDHE) { - if (!ssl3_send_server_kex_ecdhe(s, &cbb_signed_params)) - goto err; - } else { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerror(s, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); - goto fatal_err; - } - - if (!CBB_finish(&cbb_signed_params, &signed_params, - &signed_params_len)) - goto err; - - CBS_init(¶ms, signed_params, signed_params_len); - if (!CBS_skip(¶ms, 2 * SSL3_RANDOM_SIZE)) - goto err; - - if (!CBB_add_bytes(&server_kex, CBS_data(¶ms), - CBS_len(¶ms))) - goto err; - - /* Add signature unless anonymous. */ - if (!(s->s3->hs.cipher->algorithm_auth & SSL_aNULL)) { - if ((pkey = ssl_get_sign_pkey(s, s->s3->hs.cipher, - &md, &sigalg)) == NULL) { - al = SSL_AD_DECODE_ERROR; - goto fatal_err; - } - s->s3->hs.our_sigalg = sigalg; - - /* Send signature algorithm. */ - if (SSL_USE_SIGALGS(s)) { - if (!CBB_add_u16(&server_kex, sigalg->value)) { - al = SSL_AD_INTERNAL_ERROR; - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto fatal_err; - } - } - - if (!EVP_DigestSignInit(md_ctx, &pctx, md, NULL, pkey)) { - SSLerror(s, ERR_R_EVP_LIB); - goto err; - } - if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) && - (!EVP_PKEY_CTX_set_rsa_padding(pctx, - RSA_PKCS1_PSS_PADDING) || - !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) { - SSLerror(s, ERR_R_EVP_LIB); - goto err; - } - if (!EVP_DigestSign(md_ctx, NULL, &signature_len, - signed_params, signed_params_len)) { - SSLerror(s, ERR_R_EVP_LIB); - goto err; - } - if ((signature = calloc(1, signature_len)) == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!EVP_DigestSign(md_ctx, signature, &signature_len, - signed_params, signed_params_len)) { - SSLerror(s, ERR_R_EVP_LIB); - goto err; - } - - if (!CBB_add_u16_length_prefixed(&server_kex, - &cbb_signature)) - goto err; - if (!CBB_add_bytes(&cbb_signature, signature, - signature_len)) - goto err; - } - - if (!ssl3_handshake_msg_finish(s, &cbb)) - goto err; - - s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_B; - } - - EVP_MD_CTX_free(md_ctx); - free(signature); - free(signed_params); - - return (ssl3_handshake_write(s)); - - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - err: - CBB_cleanup(&cbb_signed_params); - CBB_cleanup(&cbb); - EVP_MD_CTX_free(md_ctx); - free(signature); - free(signed_params); - - return (-1); -} - -static int -ssl3_send_certificate_request(SSL *s) -{ - CBB cbb, cert_request, cert_types, sigalgs, cert_auth, dn; - STACK_OF(X509_NAME) *sk = NULL; - X509_NAME *name; - int i; - - /* - * Certificate Request - RFC 5246 section 7.4.4. - */ - - memset(&cbb, 0, sizeof(cbb)); - - if (s->s3->hs.state == SSL3_ST_SW_CERT_REQ_A) { - if (!ssl3_handshake_msg_start(s, &cbb, &cert_request, - SSL3_MT_CERTIFICATE_REQUEST)) - goto err; - - if (!CBB_add_u8_length_prefixed(&cert_request, &cert_types)) - goto err; - if (!ssl3_get_req_cert_types(s, &cert_types)) - goto err; - - if (SSL_USE_SIGALGS(s)) { - if (!CBB_add_u16_length_prefixed(&cert_request, - &sigalgs)) - goto err; - if (!ssl_sigalgs_build(s->s3->hs.negotiated_tls_version, - &sigalgs, SSL_get_security_level(s))) - goto err; - } - - if (!CBB_add_u16_length_prefixed(&cert_request, &cert_auth)) - goto err; - - sk = SSL_get_client_CA_list(s); - for (i = 0; i < sk_X509_NAME_num(sk); i++) { - unsigned char *name_data; - size_t name_len; - - name = sk_X509_NAME_value(sk, i); - name_len = i2d_X509_NAME(name, NULL); - - if (!CBB_add_u16_length_prefixed(&cert_auth, &dn)) - goto err; - if (!CBB_add_space(&dn, &name_data, name_len)) - goto err; - if (i2d_X509_NAME(name, &name_data) != name_len) - goto err; - } - - if (!ssl3_handshake_msg_finish(s, &cbb)) - goto err; - - s->s3->hs.state = SSL3_ST_SW_CERT_REQ_B; - } - - /* SSL3_ST_SW_CERT_REQ_B */ - return (ssl3_handshake_write(s)); - - err: - CBB_cleanup(&cbb); - - return (-1); -} - -static int -ssl3_get_client_kex_rsa(SSL *s, CBS *cbs) -{ - uint8_t fakepms[SSL_MAX_MASTER_KEY_LENGTH]; - uint8_t *pms = NULL; - size_t pms_len = 0; - size_t pad_len; - EVP_PKEY *pkey = NULL; - RSA *rsa = NULL; - CBS enc_pms; - int decrypt_len; - uint8_t mask; - size_t i; - int valid = 1; - int ret = 0; - - /* - * Handle key exchange in the form of an RSA-Encrypted Premaster Secret - * Message. See RFC 5246, section 7.4.7.1. - */ - - arc4random_buf(fakepms, sizeof(fakepms)); - - fakepms[0] = s->s3->hs.peer_legacy_version >> 8; - fakepms[1] = s->s3->hs.peer_legacy_version & 0xff; - - pkey = s->cert->pkeys[SSL_PKEY_RSA].privatekey; - if (pkey == NULL || (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) { - SSLerror(s, SSL_R_MISSING_RSA_CERTIFICATE); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - goto err; - } - - /* - * The minimum size of an encrypted premaster secret is 11 bytes of - * padding (00 02 <8 or more non-zero bytes> 00) (RFC 8017, section - * 9.2) and 48 bytes of premaster secret (RFC 5246, section 7.4.7.1). - * This means an RSA key size of at least 472 bits. - */ - pms_len = RSA_size(rsa); - if (pms_len < 11 + SSL_MAX_MASTER_KEY_LENGTH) { - SSLerror(s, SSL_R_DECRYPTION_FAILED); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR); - goto err; - } - pad_len = pms_len - SSL_MAX_MASTER_KEY_LENGTH; - - if (!CBS_get_u16_length_prefixed(cbs, &enc_pms)) { - SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - goto err; - } - if (CBS_len(&enc_pms) != pms_len || CBS_len(cbs) != 0) { - SSLerror(s, SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - goto err; - } - - if ((pms = calloc(1, pms_len)) == NULL) - goto err; - - decrypt_len = RSA_private_decrypt(CBS_len(&enc_pms), CBS_data(&enc_pms), - pms, rsa, RSA_NO_PADDING); - - if (decrypt_len != pms_len) { - SSLerror(s, SSL_R_DECRYPTION_FAILED); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR); - goto err; - } - - /* - * All processing from here on needs to avoid leaking any information - * about the decrypted content, in order to prevent oracle attacks and - * minimise timing attacks. - */ - - /* Check padding - 00 02 <8 or more non-zero bytes> 00 */ - valid &= crypto_ct_eq_u8(pms[0], 0x00); - valid &= crypto_ct_eq_u8(pms[1], 0x02); - for (i = 2; i < pad_len - 1; i++) - valid &= crypto_ct_ne_u8(pms[i], 0x00); - valid &= crypto_ct_eq_u8(pms[pad_len - 1], 0x00); - - /* Ensure client version in premaster secret matches ClientHello version. */ - valid &= crypto_ct_eq_u8(pms[pad_len + 0], s->s3->hs.peer_legacy_version >> 8); - valid &= crypto_ct_eq_u8(pms[pad_len + 1], s->s3->hs.peer_legacy_version & 0xff); - - /* Use the premaster secret if padding is correct, if not use the fake. */ - mask = crypto_ct_eq_mask_u8(valid, 1); - for (i = 0; i < SSL_MAX_MASTER_KEY_LENGTH; i++) - pms[i] = (pms[pad_len + i] & mask) | (fakepms[i] & ~mask); - - if (!tls12_derive_master_secret(s, pms, SSL_MAX_MASTER_KEY_LENGTH)) - goto err; - - ret = 1; - - err: - freezero(pms, pms_len); - - return ret; -} - -static int -ssl3_get_client_kex_dhe(SSL *s, CBS *cbs) -{ - uint8_t *key = NULL; - size_t key_len = 0; - int decode_error, invalid_key; - int ret = 0; - - if (s->s3->hs.key_share == NULL) { - SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - goto err; - } - - if (!tls_key_share_peer_public(s->s3->hs.key_share, cbs, - &decode_error, &invalid_key)) { - if (decode_error) { - SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - } - goto err; - } - if (invalid_key) { - SSLerror(s, SSL_R_BAD_DH_PUB_KEY_LENGTH); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); - goto err; - } - - if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len)) - goto err; - - if (!tls12_derive_master_secret(s, key, key_len)) - goto err; - - ret = 1; - - err: - freezero(key, key_len); - - return ret; -} - -static int -ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs) -{ - uint8_t *key = NULL; - size_t key_len = 0; - int decode_error; - CBS public; - int ret = 0; - - if (s->s3->hs.key_share == NULL) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); - goto err; - } - - if (!CBS_get_u8_length_prefixed(cbs, &public)) { - SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - goto err; - } - if (!tls_key_share_peer_public(s->s3->hs.key_share, &public, - &decode_error, NULL)) { - if (decode_error) { - SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - } - goto err; - } - - if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len)) - goto err; - - if (!tls12_derive_master_secret(s, key, key_len)) - goto err; - - ret = 1; - - err: - freezero(key, key_len); - - return ret; -} - -static int -ssl3_get_client_key_exchange(SSL *s) -{ - unsigned long alg_k; - int al, ret; - CBS cbs; - - /* 2048 maxlen is a guess. How long a key does that permit? */ - if ((ret = ssl3_get_message(s, SSL3_ST_SR_KEY_EXCH_A, - SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048)) <= 0) - return ret; - - if (s->init_num < 0) - goto err; - - CBS_init(&cbs, s->init_msg, s->init_num); - - alg_k = s->s3->hs.cipher->algorithm_mkey; - - if (alg_k & SSL_kRSA) { - if (!ssl3_get_client_kex_rsa(s, &cbs)) - goto err; - } else if (alg_k & SSL_kDHE) { - if (!ssl3_get_client_kex_dhe(s, &cbs)) - goto err; - } else if (alg_k & SSL_kECDHE) { - if (!ssl3_get_client_kex_ecdhe(s, &cbs)) - goto err; - } else { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerror(s, SSL_R_UNKNOWN_CIPHER_TYPE); - goto fatal_err; - } - - if (CBS_len(&cbs) != 0) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - goto fatal_err; - } - - return (1); - - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - err: - return (-1); -} - -static int -ssl3_get_cert_verify(SSL *s) -{ - CBS cbs, signature; - const struct ssl_sigalg *sigalg = NULL; - uint16_t sigalg_value = SIGALG_NONE; - EVP_PKEY *pkey; - X509 *peer_cert = NULL; - EVP_MD_CTX *mctx = NULL; - int al, verify; - const unsigned char *hdata; - size_t hdatalen; - int type = 0; - int ret; - - if ((ret = ssl3_get_message(s, SSL3_ST_SR_CERT_VRFY_A, - SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH)) <= 0) - return ret; - - ret = 0; - - if (s->init_num < 0) - goto err; - - if ((mctx = EVP_MD_CTX_new()) == NULL) - goto err; - - CBS_init(&cbs, s->init_msg, s->init_num); - - peer_cert = s->session->peer_cert; - pkey = X509_get0_pubkey(peer_cert); - type = X509_certificate_type(peer_cert, pkey); - - if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) { - s->s3->hs.tls12.reuse_message = 1; - if (peer_cert != NULL) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE); - goto fatal_err; - } - ret = 1; - goto end; - } - - if (peer_cert == NULL) { - SSLerror(s, SSL_R_NO_CLIENT_CERT_RECEIVED); - al = SSL_AD_UNEXPECTED_MESSAGE; - goto fatal_err; - } - - if (!(type & EVP_PKT_SIGN)) { - SSLerror(s, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); - al = SSL_AD_ILLEGAL_PARAMETER; - goto fatal_err; - } - - if (s->s3->change_cipher_spec) { - SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); - al = SSL_AD_UNEXPECTED_MESSAGE; - goto fatal_err; - } - - if (SSL_USE_SIGALGS(s)) { - if (!CBS_get_u16(&cbs, &sigalg_value)) - goto decode_err; - } - if (!CBS_get_u16_length_prefixed(&cbs, &signature)) - goto err; - if (CBS_len(&cbs) != 0) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE); - goto fatal_err; - } - - if (CBS_len(&signature) > EVP_PKEY_size(pkey)) { - SSLerror(s, SSL_R_WRONG_SIGNATURE_SIZE); - al = SSL_AD_DECODE_ERROR; - goto fatal_err; - } - - if ((sigalg = ssl_sigalg_for_peer(s, pkey, - sigalg_value)) == NULL) { - al = SSL_AD_DECODE_ERROR; - goto fatal_err; - } - s->s3->hs.peer_sigalg = sigalg; - - if (SSL_USE_SIGALGS(s)) { - EVP_PKEY_CTX *pctx; - - if (!tls1_transcript_data(s, &hdata, &hdatalen)) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - al = SSL_AD_INTERNAL_ERROR; - goto fatal_err; - } - if (!EVP_DigestVerifyInit(mctx, &pctx, sigalg->md(), - NULL, pkey)) { - SSLerror(s, ERR_R_EVP_LIB); - al = SSL_AD_INTERNAL_ERROR; - goto fatal_err; - } - if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) && - (!EVP_PKEY_CTX_set_rsa_padding(pctx, - RSA_PKCS1_PSS_PADDING) || - !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) { - al = SSL_AD_INTERNAL_ERROR; - goto fatal_err; - } - if (EVP_DigestVerify(mctx, CBS_data(&signature), - CBS_len(&signature), hdata, hdatalen) <= 0) { - SSLerror(s, ERR_R_EVP_LIB); - al = SSL_AD_INTERNAL_ERROR; - goto fatal_err; - } - } else if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) { - RSA *rsa; - - if ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) { - al = SSL_AD_INTERNAL_ERROR; - SSLerror(s, ERR_R_EVP_LIB); - goto fatal_err; - } - verify = RSA_verify(NID_md5_sha1, s->s3->hs.tls12.cert_verify, - MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, CBS_data(&signature), - CBS_len(&signature), rsa); - if (verify < 0) { - al = SSL_AD_DECRYPT_ERROR; - SSLerror(s, SSL_R_BAD_RSA_DECRYPT); - goto fatal_err; - } - if (verify == 0) { - al = SSL_AD_DECRYPT_ERROR; - SSLerror(s, SSL_R_BAD_RSA_SIGNATURE); - goto fatal_err; - } - } else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { - EC_KEY *eckey; - - if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) { - al = SSL_AD_INTERNAL_ERROR; - SSLerror(s, ERR_R_EVP_LIB); - goto fatal_err; - } - verify = ECDSA_verify(0, - &(s->s3->hs.tls12.cert_verify[MD5_DIGEST_LENGTH]), - SHA_DIGEST_LENGTH, CBS_data(&signature), - CBS_len(&signature), eckey); - if (verify <= 0) { - al = SSL_AD_DECRYPT_ERROR; - SSLerror(s, SSL_R_BAD_ECDSA_SIGNATURE); - goto fatal_err; - } - } else { - SSLerror(s, ERR_R_INTERNAL_ERROR); - al = SSL_AD_UNSUPPORTED_CERTIFICATE; - goto fatal_err; - } - - ret = 1; - if (0) { - decode_err: - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - } - end: - tls1_transcript_free(s); - err: - EVP_MD_CTX_free(mctx); - - return (ret); -} - -static int -ssl3_get_client_certificate(SSL *s) -{ - CBS cbs, cert_list, cert_data; - STACK_OF(X509) *certs = NULL; - X509 *cert = NULL; - const uint8_t *p; - int al, ret; - - if ((ret = ssl3_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, - -1, s->max_cert_list)) <= 0) - return ret; - - ret = -1; - - if (s->s3->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { - if ((s->verify_mode & SSL_VERIFY_PEER) && - (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { - SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); - al = SSL_AD_HANDSHAKE_FAILURE; - goto fatal_err; - } - - /* - * If we asked for a client certificate and the client has none, - * it must respond with a certificate list of length zero. - */ - if (s->s3->hs.tls12.cert_request != 0) { - SSLerror(s, SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST); - al = SSL_AD_UNEXPECTED_MESSAGE; - goto fatal_err; - } - s->s3->hs.tls12.reuse_message = 1; - return (1); - } - - if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE); - goto fatal_err; - } - - if (s->init_num < 0) - goto decode_err; - - CBS_init(&cbs, s->init_msg, s->init_num); - - if (!CBS_get_u24_length_prefixed(&cbs, &cert_list)) - goto decode_err; - if (CBS_len(&cbs) != 0) - goto decode_err; - - /* - * A TLS client must send an empty certificate list, if no suitable - * certificate is available (rather than omitting the Certificate - * handshake message) - see RFC 5246 section 7.4.6. - */ - if (CBS_len(&cert_list) == 0) { - if ((s->verify_mode & SSL_VERIFY_PEER) && - (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { - SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); - al = SSL_AD_HANDSHAKE_FAILURE; - goto fatal_err; - } - /* No client certificate so free transcript. */ - tls1_transcript_free(s); - goto done; - } - - if ((certs = sk_X509_new_null()) == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - - while (CBS_len(&cert_list) > 0) { - if (!CBS_get_u24_length_prefixed(&cert_list, &cert_data)) - goto decode_err; - p = CBS_data(&cert_data); - if ((cert = d2i_X509(NULL, &p, CBS_len(&cert_data))) == NULL) { - SSLerror(s, ERR_R_ASN1_LIB); - goto err; - } - if (p != CBS_data(&cert_data) + CBS_len(&cert_data)) - goto decode_err; - if (!sk_X509_push(certs, cert)) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - cert = NULL; - } - - if (ssl_verify_cert_chain(s, certs) <= 0) { - al = ssl_verify_alarm_type(s->verify_result); - SSLerror(s, SSL_R_NO_CERTIFICATE_RETURNED); - goto fatal_err; - } - s->session->verify_result = s->verify_result; - ERR_clear_error(); - - if (!tls_process_peer_certs(s, certs)) - goto err; - - done: - ret = 1; - if (0) { - decode_err: - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - } - err: - sk_X509_pop_free(certs, X509_free); - X509_free(cert); - - return (ret); -} - -static int -ssl3_send_server_certificate(SSL *s) -{ - CBB cbb, server_cert; - SSL_CERT_PKEY *cpk; - - /* - * Server Certificate - RFC 5246, section 7.4.2. - */ - - memset(&cbb, 0, sizeof(cbb)); - - if (s->s3->hs.state == SSL3_ST_SW_CERT_A) { - if ((cpk = ssl_get_server_send_pkey(s)) == NULL) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - return (0); - } - - if (!ssl3_handshake_msg_start(s, &cbb, &server_cert, - SSL3_MT_CERTIFICATE)) - goto err; - if (!ssl3_output_cert_chain(s, &server_cert, cpk)) - goto err; - if (!ssl3_handshake_msg_finish(s, &cbb)) - goto err; - - s->s3->hs.state = SSL3_ST_SW_CERT_B; - } - - /* SSL3_ST_SW_CERT_B */ - return (ssl3_handshake_write(s)); - - err: - CBB_cleanup(&cbb); - - return (0); -} - -/* send a new session ticket (not necessarily for a new session) */ -static int -ssl3_send_newsession_ticket(SSL *s) -{ - CBB cbb, session_ticket, ticket; - SSL_CTX *tctx = s->initial_ctx; - size_t enc_session_len, enc_session_max_len, hmac_len; - size_t session_len = 0; - unsigned char *enc_session = NULL, *session = NULL; - unsigned char iv[EVP_MAX_IV_LENGTH]; - unsigned char key_name[16]; - unsigned char *hmac; - unsigned int hlen; - EVP_CIPHER_CTX *ctx = NULL; - HMAC_CTX *hctx = NULL; - int iv_len, len; - - /* - * New Session Ticket - RFC 5077, section 3.3. - */ - - memset(&cbb, 0, sizeof(cbb)); - - if ((ctx = EVP_CIPHER_CTX_new()) == NULL) - goto err; - if ((hctx = HMAC_CTX_new()) == NULL) - goto err; - - if (s->s3->hs.state == SSL3_ST_SW_SESSION_TICKET_A) { - if (!ssl3_handshake_msg_start(s, &cbb, &session_ticket, - SSL3_MT_NEWSESSION_TICKET)) - goto err; - - if (!SSL_SESSION_ticket(s->session, &session, &session_len)) - goto err; - if (session_len > 0xffff) - goto err; - - /* - * Initialize HMAC and cipher contexts. If callback is present - * it does all the work, otherwise use generated values from - * parent context. - */ - if (tctx->tlsext_ticket_key_cb != NULL) { - if (tctx->tlsext_ticket_key_cb(s, - key_name, iv, ctx, hctx, 1) < 0) - goto err; - } else { - arc4random_buf(iv, 16); - EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, - tctx->tlsext_tick_aes_key, iv); - HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, - 16, EVP_sha256(), NULL); - memcpy(key_name, tctx->tlsext_tick_key_name, 16); - } - - /* Encrypt the session state. */ - enc_session_max_len = session_len + EVP_MAX_BLOCK_LENGTH; - if ((enc_session = calloc(1, enc_session_max_len)) == NULL) - goto err; - enc_session_len = 0; - if (!EVP_EncryptUpdate(ctx, enc_session, &len, session, - session_len)) - goto err; - enc_session_len += len; - if (!EVP_EncryptFinal_ex(ctx, enc_session + enc_session_len, - &len)) - goto err; - enc_session_len += len; - - if (enc_session_len > enc_session_max_len) - goto err; - - /* Generate the HMAC. */ - if (!HMAC_Update(hctx, key_name, sizeof(key_name))) - goto err; - if (!HMAC_Update(hctx, iv, EVP_CIPHER_CTX_iv_length(ctx))) - goto err; - if (!HMAC_Update(hctx, enc_session, enc_session_len)) - goto err; - - if ((hmac_len = HMAC_size(hctx)) <= 0) - goto err; - - /* - * Ticket lifetime hint (advisory only): - * We leave this unspecified for resumed session - * (for simplicity), and guess that tickets for new - * sessions will live as long as their sessions. - */ - if (!CBB_add_u32(&session_ticket, - s->hit ? 0 : s->session->timeout)) - goto err; - - if (!CBB_add_u16_length_prefixed(&session_ticket, &ticket)) - goto err; - if (!CBB_add_bytes(&ticket, key_name, sizeof(key_name))) - goto err; - if ((iv_len = EVP_CIPHER_CTX_iv_length(ctx)) < 0) - goto err; - if (!CBB_add_bytes(&ticket, iv, iv_len)) - goto err; - if (!CBB_add_bytes(&ticket, enc_session, enc_session_len)) - goto err; - if (!CBB_add_space(&ticket, &hmac, hmac_len)) - goto err; - - if (!HMAC_Final(hctx, hmac, &hlen)) - goto err; - if (hlen != hmac_len) - goto err; - - if (!ssl3_handshake_msg_finish(s, &cbb)) - goto err; - - s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_B; - } - - EVP_CIPHER_CTX_free(ctx); - HMAC_CTX_free(hctx); - freezero(session, session_len); - free(enc_session); - - /* SSL3_ST_SW_SESSION_TICKET_B */ - return (ssl3_handshake_write(s)); - - err: - CBB_cleanup(&cbb); - EVP_CIPHER_CTX_free(ctx); - HMAC_CTX_free(hctx); - freezero(session, session_len); - free(enc_session); - - return (-1); -} - -static int -ssl3_send_cert_status(SSL *s) -{ - CBB cbb, certstatus, ocspresp; - - memset(&cbb, 0, sizeof(cbb)); - - if (s->s3->hs.state == SSL3_ST_SW_CERT_STATUS_A) { - if (!ssl3_handshake_msg_start(s, &cbb, &certstatus, - SSL3_MT_CERTIFICATE_STATUS)) - goto err; - if (!CBB_add_u8(&certstatus, s->tlsext_status_type)) - goto err; - if (!CBB_add_u24_length_prefixed(&certstatus, &ocspresp)) - goto err; - if (!CBB_add_bytes(&ocspresp, s->tlsext_ocsp_resp, - s->tlsext_ocsp_resp_len)) - goto err; - if (!ssl3_handshake_msg_finish(s, &cbb)) - goto err; - - s->s3->hs.state = SSL3_ST_SW_CERT_STATUS_B; - } - - /* SSL3_ST_SW_CERT_STATUS_B */ - return (ssl3_handshake_write(s)); - - err: - CBB_cleanup(&cbb); - - return (-1); -} - -static int -ssl3_send_server_change_cipher_spec(SSL *s) -{ - size_t outlen; - CBB cbb; - - memset(&cbb, 0, sizeof(cbb)); - - if (s->s3->hs.state == SSL3_ST_SW_CHANGE_A) { - if (!CBB_init_fixed(&cbb, s->init_buf->data, - s->init_buf->length)) - goto err; - if (!CBB_add_u8(&cbb, SSL3_MT_CCS)) - goto err; - if (!CBB_finish(&cbb, NULL, &outlen)) - goto err; - - if (outlen > INT_MAX) - goto err; - - s->init_num = (int)outlen; - s->init_off = 0; - - if (SSL_is_dtls(s)) { - s->d1->handshake_write_seq = - s->d1->next_handshake_write_seq; - dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, - s->d1->handshake_write_seq, 0, 0); - dtls1_buffer_message(s, 1); - } - - s->s3->hs.state = SSL3_ST_SW_CHANGE_B; - } - - /* SSL3_ST_SW_CHANGE_B */ - return ssl3_record_write(s, SSL3_RT_CHANGE_CIPHER_SPEC); - - err: - CBB_cleanup(&cbb); - - return -1; -} - -static int -ssl3_get_client_finished(SSL *s) -{ - int al, md_len, ret; - CBS cbs; - - /* should actually be 36+4 :-) */ - if ((ret = ssl3_get_message(s, SSL3_ST_SR_FINISHED_A, - SSL3_ST_SR_FINISHED_B, SSL3_MT_FINISHED, 64)) <= 0) - return ret; - - /* If this occurs, we have missed a message */ - if (!s->s3->change_cipher_spec) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_GOT_A_FIN_BEFORE_A_CCS); - goto fatal_err; - } - s->s3->change_cipher_spec = 0; - - md_len = TLS1_FINISH_MAC_LENGTH; - - if (s->init_num < 0) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_BAD_DIGEST_LENGTH); - goto fatal_err; - } - - CBS_init(&cbs, s->init_msg, s->init_num); - - if (s->s3->hs.peer_finished_len != md_len || - CBS_len(&cbs) != md_len) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_BAD_DIGEST_LENGTH); - goto fatal_err; - } - - if (!CBS_mem_equal(&cbs, s->s3->hs.peer_finished, CBS_len(&cbs))) { - al = SSL_AD_DECRYPT_ERROR; - SSLerror(s, SSL_R_DIGEST_CHECK_FAILED); - goto fatal_err; - } - - /* Copy finished so we can use it for renegotiation checks. */ - OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_client_finished, - s->s3->hs.peer_finished, md_len); - s->s3->previous_client_finished_len = md_len; - - return (1); - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - return (0); -} - -static int -ssl3_send_server_finished(SSL *s) -{ - CBB cbb, finished; - - memset(&cbb, 0, sizeof(cbb)); - - if (s->s3->hs.state == SSL3_ST_SW_FINISHED_A) { - if (!tls12_derive_finished(s)) - goto err; - - /* Copy finished so we can use it for renegotiation checks. */ - memcpy(s->s3->previous_server_finished, - s->s3->hs.finished, s->s3->hs.finished_len); - s->s3->previous_server_finished_len = s->s3->hs.finished_len; - - if (!ssl3_handshake_msg_start(s, &cbb, &finished, - SSL3_MT_FINISHED)) - goto err; - if (!CBB_add_bytes(&finished, s->s3->hs.finished, - s->s3->hs.finished_len)) - goto err; - if (!ssl3_handshake_msg_finish(s, &cbb)) - goto err; - - s->s3->hs.state = SSL3_ST_SW_FINISHED_B; - } - - return (ssl3_handshake_write(s)); - - err: - CBB_cleanup(&cbb); - - return (-1); -} diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c deleted file mode 100644 index b19944ca83..0000000000 --- a/src/lib/libssl/ssl_stat.c +++ /dev/null @@ -1,596 +0,0 @@ -/* $OpenBSD: ssl_stat.c,v 1.23 2024/10/12 03:54:18 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#include - -#include "ssl_local.h" - -const char * -SSL_state_string_long(const SSL *s) -{ - switch (s->s3->hs.state) { - case SSL_ST_BEFORE: - return "before SSL initialization"; - case SSL_ST_ACCEPT: - return "before accept initialization"; - case SSL_ST_CONNECT: - return "before connect initialization"; - case SSL_ST_OK: - return "SSL negotiation finished successfully"; - case SSL_ST_RENEGOTIATE: - return "SSL renegotiate ciphers"; - case SSL_ST_BEFORE|SSL_ST_CONNECT: - return "before/connect initialization"; - case SSL_ST_OK|SSL_ST_CONNECT: - return "ok/connect SSL initialization"; - case SSL_ST_BEFORE|SSL_ST_ACCEPT: - return "before/accept initialization"; - case SSL_ST_OK|SSL_ST_ACCEPT: - return "ok/accept SSL initialization"; - - /* SSLv3 additions */ - case SSL3_ST_CW_CLNT_HELLO_A: - return "SSLv3 write client hello A"; - case SSL3_ST_CW_CLNT_HELLO_B: - return "SSLv3 write client hello B"; - case SSL3_ST_CR_SRVR_HELLO_A: - return "SSLv3 read server hello A"; - case SSL3_ST_CR_SRVR_HELLO_B: - return "SSLv3 read server hello B"; - case SSL3_ST_CR_CERT_A: - return "SSLv3 read server certificate A"; - case SSL3_ST_CR_CERT_B: - return "SSLv3 read server certificate B"; - case SSL3_ST_CR_KEY_EXCH_A: - return "SSLv3 read server key exchange A"; - case SSL3_ST_CR_KEY_EXCH_B: - return "SSLv3 read server key exchange B"; - case SSL3_ST_CR_CERT_REQ_A: - return "SSLv3 read server certificate request A"; - case SSL3_ST_CR_CERT_REQ_B: - return "SSLv3 read server certificate request B"; - case SSL3_ST_CR_SESSION_TICKET_A: - return "SSLv3 read server session ticket A"; - case SSL3_ST_CR_SESSION_TICKET_B: - return "SSLv3 read server session ticket B"; - case SSL3_ST_CR_SRVR_DONE_A: - return "SSLv3 read server done A"; - case SSL3_ST_CR_SRVR_DONE_B: - return "SSLv3 read server done B"; - case SSL3_ST_CW_CERT_A: - return "SSLv3 write client certificate A"; - case SSL3_ST_CW_CERT_B: - return "SSLv3 write client certificate B"; - case SSL3_ST_CW_CERT_C: - return "SSLv3 write client certificate C"; - case SSL3_ST_CW_CERT_D: - return "SSLv3 write client certificate D"; - case SSL3_ST_CW_KEY_EXCH_A: - return "SSLv3 write client key exchange A"; - case SSL3_ST_CW_KEY_EXCH_B: - return "SSLv3 write client key exchange B"; - case SSL3_ST_CW_CERT_VRFY_A: - return "SSLv3 write certificate verify A"; - case SSL3_ST_CW_CERT_VRFY_B: - return "SSLv3 write certificate verify B"; - - case SSL3_ST_CW_CHANGE_A: - case SSL3_ST_SW_CHANGE_A: - return "SSLv3 write change cipher spec A"; - case SSL3_ST_CW_CHANGE_B: - case SSL3_ST_SW_CHANGE_B: - return "SSLv3 write change cipher spec B"; - case SSL3_ST_CW_FINISHED_A: - case SSL3_ST_SW_FINISHED_A: - return "SSLv3 write finished A"; - case SSL3_ST_CW_FINISHED_B: - case SSL3_ST_SW_FINISHED_B: - return "SSLv3 write finished B"; - case SSL3_ST_CR_CHANGE_A: - case SSL3_ST_SR_CHANGE_A: - return "SSLv3 read change cipher spec A"; - case SSL3_ST_CR_CHANGE_B: - case SSL3_ST_SR_CHANGE_B: - return "SSLv3 read change cipher spec B"; - case SSL3_ST_CR_FINISHED_A: - case SSL3_ST_SR_FINISHED_A: - return "SSLv3 read finished A"; - case SSL3_ST_CR_FINISHED_B: - case SSL3_ST_SR_FINISHED_B: - return "SSLv3 read finished B"; - - case SSL3_ST_CW_FLUSH: - case SSL3_ST_SW_FLUSH: - return "SSLv3 flush data"; - - case SSL3_ST_SR_CLNT_HELLO_A: - return "SSLv3 read client hello A"; - case SSL3_ST_SR_CLNT_HELLO_B: - return "SSLv3 read client hello B"; - case SSL3_ST_SR_CLNT_HELLO_C: - return "SSLv3 read client hello C"; - case SSL3_ST_SW_HELLO_REQ_A: - return "SSLv3 write hello request A"; - case SSL3_ST_SW_HELLO_REQ_B: - return "SSLv3 write hello request B"; - case SSL3_ST_SW_HELLO_REQ_C: - return "SSLv3 write hello request C"; - case SSL3_ST_SW_SRVR_HELLO_A: - return "SSLv3 write server hello A"; - case SSL3_ST_SW_SRVR_HELLO_B: - return "SSLv3 write server hello B"; - case SSL3_ST_SW_CERT_A: - return "SSLv3 write certificate A"; - case SSL3_ST_SW_CERT_B: - return "SSLv3 write certificate B"; - case SSL3_ST_SW_KEY_EXCH_A: - return "SSLv3 write key exchange A"; - case SSL3_ST_SW_KEY_EXCH_B: - return "SSLv3 write key exchange B"; - case SSL3_ST_SW_CERT_REQ_A: - return "SSLv3 write certificate request A"; - case SSL3_ST_SW_CERT_REQ_B: - return "SSLv3 write certificate request B"; - case SSL3_ST_SW_SESSION_TICKET_A: - return "SSLv3 write session ticket A"; - case SSL3_ST_SW_SESSION_TICKET_B: - return "SSLv3 write session ticket B"; - case SSL3_ST_SW_SRVR_DONE_A: - return "SSLv3 write server done A"; - case SSL3_ST_SW_SRVR_DONE_B: - return "SSLv3 write server done B"; - case SSL3_ST_SR_CERT_A: - return "SSLv3 read client certificate A"; - case SSL3_ST_SR_CERT_B: - return "SSLv3 read client certificate B"; - case SSL3_ST_SR_KEY_EXCH_A: - return "SSLv3 read client key exchange A"; - case SSL3_ST_SR_KEY_EXCH_B: - return "SSLv3 read client key exchange B"; - case SSL3_ST_SR_CERT_VRFY_A: - return "SSLv3 read certificate verify A"; - case SSL3_ST_SR_CERT_VRFY_B: - return "SSLv3 read certificate verify B"; - - /* DTLS */ - case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: - return "DTLS1 read hello verify request A"; - case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: - return "DTLS1 read hello verify request B"; - case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: - return "DTLS1 write hello verify request A"; - case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: - return "DTLS1 write hello verify request B"; - - default: - return "unknown state"; - } -} -LSSL_ALIAS(SSL_state_string_long); - -const char * -SSL_rstate_string_long(const SSL *s) -{ - switch (s->rstate) { - case SSL_ST_READ_HEADER: - return "read header"; - case SSL_ST_READ_BODY: - return "read body"; - case SSL_ST_READ_DONE: - return "read done"; - default: - return "unknown"; - } -} -LSSL_ALIAS(SSL_rstate_string_long); - -const char * -SSL_state_string(const SSL *s) -{ - switch (s->s3->hs.state) { - case SSL_ST_BEFORE: - return "PINIT "; - case SSL_ST_ACCEPT: - return "AINIT "; - case SSL_ST_CONNECT: - return "CINIT "; - case SSL_ST_OK: - return "SSLOK "; - - /* SSLv3 additions */ - case SSL3_ST_SW_FLUSH: - case SSL3_ST_CW_FLUSH: - return "3FLUSH"; - case SSL3_ST_CW_CLNT_HELLO_A: - return "3WCH_A"; - case SSL3_ST_CW_CLNT_HELLO_B: - return "3WCH_B"; - case SSL3_ST_CR_SRVR_HELLO_A: - return "3RSH_A"; - case SSL3_ST_CR_SRVR_HELLO_B: - return "3RSH_B"; - case SSL3_ST_CR_CERT_A: - return "3RSC_A"; - case SSL3_ST_CR_CERT_B: - return "3RSC_B"; - case SSL3_ST_CR_KEY_EXCH_A: - return "3RSKEA"; - case SSL3_ST_CR_KEY_EXCH_B: - return "3RSKEB"; - case SSL3_ST_CR_CERT_REQ_A: - return "3RCR_A"; - case SSL3_ST_CR_CERT_REQ_B: - return "3RCR_B"; - case SSL3_ST_CR_SRVR_DONE_A: - return "3RSD_A"; - case SSL3_ST_CR_SRVR_DONE_B: - return "3RSD_B"; - case SSL3_ST_CW_CERT_A: - return "3WCC_A"; - case SSL3_ST_CW_CERT_B: - return "3WCC_B"; - case SSL3_ST_CW_CERT_C: - return "3WCC_C"; - case SSL3_ST_CW_CERT_D: - return "3WCC_D"; - case SSL3_ST_CW_KEY_EXCH_A: - return "3WCKEA"; - case SSL3_ST_CW_KEY_EXCH_B: - return "3WCKEB"; - case SSL3_ST_CW_CERT_VRFY_A: - return "3WCV_A"; - case SSL3_ST_CW_CERT_VRFY_B: - return "3WCV_B"; - - case SSL3_ST_SW_CHANGE_A: - case SSL3_ST_CW_CHANGE_A: - return "3WCCSA"; - case SSL3_ST_SW_CHANGE_B: - case SSL3_ST_CW_CHANGE_B: - return "3WCCSB"; - case SSL3_ST_SW_FINISHED_A: - case SSL3_ST_CW_FINISHED_A: - return "3WFINA"; - case SSL3_ST_SW_FINISHED_B: - case SSL3_ST_CW_FINISHED_B: - return "3WFINB"; - case SSL3_ST_SR_CHANGE_A: - case SSL3_ST_CR_CHANGE_A: - return "3RCCSA"; - case SSL3_ST_SR_CHANGE_B: - case SSL3_ST_CR_CHANGE_B: - return "3RCCSB"; - case SSL3_ST_SR_FINISHED_A: - case SSL3_ST_CR_FINISHED_A: - return "3RFINA"; - case SSL3_ST_SR_FINISHED_B: - case SSL3_ST_CR_FINISHED_B: - return "3RFINB"; - - case SSL3_ST_SW_HELLO_REQ_A: - return "3WHR_A"; - case SSL3_ST_SW_HELLO_REQ_B: - return "3WHR_B"; - case SSL3_ST_SW_HELLO_REQ_C: - return "3WHR_C"; - case SSL3_ST_SR_CLNT_HELLO_A: - return "3RCH_A"; - case SSL3_ST_SR_CLNT_HELLO_B: - return "3RCH_B"; - case SSL3_ST_SR_CLNT_HELLO_C: - return "3RCH_C"; - case SSL3_ST_SW_SRVR_HELLO_A: - return "3WSH_A"; - case SSL3_ST_SW_SRVR_HELLO_B: - return "3WSH_B"; - case SSL3_ST_SW_CERT_A: - return "3WSC_A"; - case SSL3_ST_SW_CERT_B: - return "3WSC_B"; - case SSL3_ST_SW_KEY_EXCH_A: - return "3WSKEA"; - case SSL3_ST_SW_KEY_EXCH_B: - return "3WSKEB"; - case SSL3_ST_SW_CERT_REQ_A: - return "3WCR_A"; - case SSL3_ST_SW_CERT_REQ_B: - return "3WCR_B"; - case SSL3_ST_SW_SRVR_DONE_A: - return "3WSD_A"; - case SSL3_ST_SW_SRVR_DONE_B: - return "3WSD_B"; - case SSL3_ST_SR_CERT_A: - return "3RCC_A"; - case SSL3_ST_SR_CERT_B: - return "3RCC_B"; - case SSL3_ST_SR_KEY_EXCH_A: - return "3RCKEA"; - case SSL3_ST_SR_KEY_EXCH_B: - return "3RCKEB"; - case SSL3_ST_SR_CERT_VRFY_A: - return "3RCV_A"; - case SSL3_ST_SR_CERT_VRFY_B: - return "3RCV_B"; - - /* DTLS */ - case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: - return "DRCHVA"; - case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: - return "DRCHVB"; - case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: - return "DWCHVA"; - case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: - return "DWCHVB"; - - default: - return "UNKWN "; - } -} -LSSL_ALIAS(SSL_state_string); - -const char * -SSL_alert_type_string_long(int value) -{ - value >>= 8; - if (value == SSL3_AL_WARNING) - return "warning"; - else if (value == SSL3_AL_FATAL) - return "fatal"; - else - return "unknown"; -} -LSSL_ALIAS(SSL_alert_type_string_long); - -const char * -SSL_alert_type_string(int value) -{ - value >>= 8; - if (value == SSL3_AL_WARNING) - return "W"; - else if (value == SSL3_AL_FATAL) - return "F"; - else - return "U"; -} -LSSL_ALIAS(SSL_alert_type_string); - -const char * -SSL_alert_desc_string(int value) -{ - switch (value & 0xff) { - case SSL_AD_CLOSE_NOTIFY: - return "CN"; - case SSL_AD_UNEXPECTED_MESSAGE: - return "UM"; - case SSL_AD_BAD_RECORD_MAC: - return "BM"; - case SSL_AD_RECORD_OVERFLOW: - return "RO"; - case SSL_AD_DECOMPRESSION_FAILURE: - return "DF"; - case SSL_AD_HANDSHAKE_FAILURE: - return "HF"; - case SSL_AD_BAD_CERTIFICATE: - return "BC"; - case SSL_AD_UNSUPPORTED_CERTIFICATE: - return "UC"; - case SSL_AD_CERTIFICATE_REVOKED: - return "CR"; - case SSL_AD_CERTIFICATE_EXPIRED: - return "CE"; - case SSL_AD_CERTIFICATE_UNKNOWN: - return "CU"; - case SSL_AD_ILLEGAL_PARAMETER: - return "IP"; - case SSL_AD_UNKNOWN_CA: - return "CA"; - case SSL_AD_ACCESS_DENIED: - return "AD"; - case SSL_AD_DECODE_ERROR: - return "DE"; - case SSL_AD_DECRYPT_ERROR: - return "CY"; - case SSL_AD_PROTOCOL_VERSION: - return "PV"; - case SSL_AD_INSUFFICIENT_SECURITY: - return "IS"; - case SSL_AD_INTERNAL_ERROR: - return "IE"; - case SSL_AD_INAPPROPRIATE_FALLBACK: - return "IF"; - case SSL_AD_USER_CANCELLED: - return "US"; - case SSL_AD_NO_RENEGOTIATION: - return "NR"; - case SSL_AD_MISSING_EXTENSION: - return "ME"; - case SSL_AD_UNSUPPORTED_EXTENSION: - return "UE"; - case SSL_AD_CERTIFICATE_UNOBTAINABLE: - return "CO"; - case SSL_AD_UNRECOGNIZED_NAME: - return "UN"; - case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: - return "BR"; - case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: - return "BH"; - case SSL_AD_UNKNOWN_PSK_IDENTITY: - return "UP"; - case SSL_AD_CERTIFICATE_REQUIRED: - return "CQ"; /* XXX */ - case SSL_AD_NO_APPLICATION_PROTOCOL: - return "AP"; - default: - return "UK"; - } -} -LSSL_ALIAS(SSL_alert_desc_string); - -const char * -SSL_alert_desc_string_long(int value) -{ - switch (value & 0xff) { - case SSL_AD_CLOSE_NOTIFY: - return "close notify"; - case SSL_AD_UNEXPECTED_MESSAGE: - return "unexpected_message"; - case SSL_AD_BAD_RECORD_MAC: - return "bad record mac"; - case SSL_AD_RECORD_OVERFLOW: - return "record overflow"; - case SSL_AD_DECOMPRESSION_FAILURE: - return "decompression failure"; - case SSL_AD_HANDSHAKE_FAILURE: - return "handshake failure"; - case SSL_AD_BAD_CERTIFICATE: - return "bad certificate"; - case SSL_AD_UNSUPPORTED_CERTIFICATE: - return "unsupported certificate"; - case SSL_AD_CERTIFICATE_REVOKED: - return "certificate revoked"; - case SSL_AD_CERTIFICATE_EXPIRED: - return "certificate expired"; - case SSL_AD_CERTIFICATE_UNKNOWN: - return "certificate unknown"; - case SSL_AD_ILLEGAL_PARAMETER: - return "illegal parameter"; - case SSL_AD_UNKNOWN_CA: - return "unknown CA"; - case SSL_AD_ACCESS_DENIED: - return "access denied"; - case SSL_AD_DECODE_ERROR: - return "decode error"; - case SSL_AD_DECRYPT_ERROR: - return "decrypt error"; - case SSL_AD_PROTOCOL_VERSION: - return "protocol version"; - case SSL_AD_INSUFFICIENT_SECURITY: - return "insufficient security"; - case SSL_AD_INTERNAL_ERROR: - return "internal error"; - case SSL_AD_INAPPROPRIATE_FALLBACK: - return "inappropriate fallback"; - case SSL_AD_USER_CANCELLED: - return "user canceled"; - case SSL_AD_NO_RENEGOTIATION: - return "no renegotiation"; - case SSL_AD_MISSING_EXTENSION: - return "missing extension"; - case SSL_AD_UNSUPPORTED_EXTENSION: - return "unsupported extension"; - case SSL_AD_CERTIFICATE_UNOBTAINABLE: - return "certificate unobtainable"; - case SSL_AD_UNRECOGNIZED_NAME: - return "unrecognized name"; - case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: - return "bad certificate status response"; - case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: - return "bad certificate hash value"; - case SSL_AD_UNKNOWN_PSK_IDENTITY: - return "unknown PSK identity"; - case SSL_AD_CERTIFICATE_REQUIRED: - return "certificate required"; - case SSL_AD_NO_APPLICATION_PROTOCOL: - return "no application protocol"; - default: - return "unknown"; - } -} -LSSL_ALIAS(SSL_alert_desc_string_long); - -const char * -SSL_rstate_string(const SSL *s) -{ - switch (s->rstate) { - case SSL_ST_READ_HEADER: - return "RH"; - case SSL_ST_READ_BODY: - return "RB"; - case SSL_ST_READ_DONE: - return "RD"; - default: - return "unknown"; - } -} -LSSL_ALIAS(SSL_rstate_string); diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c deleted file mode 100644 index 08bf5593ec..0000000000 --- a/src/lib/libssl/ssl_tlsext.c +++ /dev/null @@ -1,2745 +0,0 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.154 2024/07/09 12:27:27 beck Exp $ */ -/* - * Copyright (c) 2016, 2017, 2019 Joel Sing - * Copyright (c) 2017 Doug Hogan - * Copyright (c) 2018-2019, 2024 Bob Beck - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#include -#include - -#include - -#include -#include - -#include "bytestring.h" -#include "ssl_local.h" -#include "ssl_sigalgs.h" -#include "ssl_tlsext.h" - -#define TLSEXT_TYPE_alpn TLSEXT_TYPE_application_layer_protocol_negotiation -#define TLSEXT_MAX_SUPPORTED_GROUPS 64 - -/* - * Supported Application-Layer Protocol Negotiation - RFC 7301 - */ - -static int -tlsext_alpn_client_needs(SSL *s, uint16_t msg_type) -{ - /* ALPN protos have been specified and this is the initial handshake */ - return s->alpn_client_proto_list != NULL && - s->s3->hs.finished_len == 0; -} - -static int -tlsext_alpn_client_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - CBB protolist; - - if (!CBB_add_u16_length_prefixed(cbb, &protolist)) - return 0; - - if (!CBB_add_bytes(&protolist, s->alpn_client_proto_list, - s->alpn_client_proto_list_len)) - return 0; - - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -int -tlsext_alpn_check_format(CBS *cbs) -{ - CBS proto_name_list; - - if (CBS_len(cbs) == 0) - return 0; - - CBS_dup(cbs, &proto_name_list); - while (CBS_len(&proto_name_list) > 0) { - CBS proto_name; - - if (!CBS_get_u8_length_prefixed(&proto_name_list, &proto_name)) - return 0; - if (CBS_len(&proto_name) == 0) - return 0; - } - - return 1; -} - -static int -tlsext_alpn_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - CBS alpn, selected_cbs; - const unsigned char *selected; - unsigned char selected_len; - int r; - - if (!CBS_get_u16_length_prefixed(cbs, &alpn)) - return 0; - if (!tlsext_alpn_check_format(&alpn)) - return 0; - - if (s->ctx->alpn_select_cb == NULL) - return 1; - - /* - * XXX - A few things should be considered here: - * 1. Ensure that the same protocol is selected on session resumption. - * 2. Should the callback be called even if no ALPN extension was sent? - * 3. TLSv1.2 and earlier: ensure that SNI has already been processed. - */ - r = s->ctx->alpn_select_cb(s, &selected, &selected_len, - CBS_data(&alpn), CBS_len(&alpn), s->ctx->alpn_select_cb_arg); - - if (r == SSL_TLSEXT_ERR_OK) { - CBS_init(&selected_cbs, selected, selected_len); - - if (!CBS_stow(&selected_cbs, &s->s3->alpn_selected, - &s->s3->alpn_selected_len)) { - *alert = SSL_AD_INTERNAL_ERROR; - return 0; - } - - return 1; - } - - /* On SSL_TLSEXT_ERR_NOACK behave as if no callback was present. */ - if (r == SSL_TLSEXT_ERR_NOACK) - return 1; - - *alert = SSL_AD_NO_APPLICATION_PROTOCOL; - SSLerror(s, SSL_R_NO_APPLICATION_PROTOCOL); - - return 0; -} - -static int -tlsext_alpn_server_needs(SSL *s, uint16_t msg_type) -{ - return s->s3->alpn_selected != NULL; -} - -static int -tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - CBB list, selected; - - if (!CBB_add_u16_length_prefixed(cbb, &list)) - return 0; - - if (!CBB_add_u8_length_prefixed(&list, &selected)) - return 0; - - if (!CBB_add_bytes(&selected, s->s3->alpn_selected, - s->s3->alpn_selected_len)) - return 0; - - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -static int -tlsext_alpn_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - CBS list, proto; - - if (s->alpn_client_proto_list == NULL) { - *alert = SSL_AD_UNSUPPORTED_EXTENSION; - return 0; - } - - if (!CBS_get_u16_length_prefixed(cbs, &list)) - return 0; - - if (!CBS_get_u8_length_prefixed(&list, &proto)) - return 0; - - if (CBS_len(&list) != 0) - return 0; - if (CBS_len(&proto) == 0) - return 0; - - if (!CBS_stow(&proto, &s->s3->alpn_selected, &s->s3->alpn_selected_len)) - return 0; - - return 1; -} - -/* - * Supported Groups - RFC 7919 section 2 - */ -static int -tlsext_supportedgroups_client_needs(SSL *s, uint16_t msg_type) -{ - return ssl_has_ecc_ciphers(s) || - (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION); -} - -static int -tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - const uint16_t *groups; - size_t groups_len; - CBB grouplist; - int i; - - tls1_get_group_list(s, 0, &groups, &groups_len); - if (groups_len == 0) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - return 0; - } - - if (!CBB_add_u16_length_prefixed(cbb, &grouplist)) - return 0; - - for (i = 0; i < groups_len; i++) { - if (!ssl_security_supported_group(s, groups[i])) - continue; - if (!CBB_add_u16(&grouplist, groups[i])) - return 0; - } - - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -static int -tlsext_supportedgroups_server_process(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert) -{ - uint16_t *groups = NULL; - size_t groups_len; - CBS grouplist; - int i, j; - int ret = 0; - - if (!CBS_get_u16_length_prefixed(cbs, &grouplist)) - goto err; - - groups_len = CBS_len(&grouplist); - if (groups_len == 0 || groups_len % 2 != 0) - goto err; - groups_len /= 2; - - if (groups_len > TLSEXT_MAX_SUPPORTED_GROUPS) - goto err; - - if (s->hit) - goto done; - - if (s->s3->hs.tls13.hrr) { - if (s->session->tlsext_supportedgroups == NULL) { - *alert = SSL_AD_HANDSHAKE_FAILURE; - return 0; - } - - /* - * The ClientHello extension hashing ensures that the client - * did not change its list of supported groups. - */ - - goto done; - } - - if (s->session->tlsext_supportedgroups != NULL) - goto err; /* XXX internal error? */ - - if ((groups = reallocarray(NULL, groups_len, sizeof(uint16_t))) == NULL) { - *alert = SSL_AD_INTERNAL_ERROR; - goto err; - } - - for (i = 0; i < groups_len; i++) { - if (!CBS_get_u16(&grouplist, &groups[i])) - goto err; - /* - * Do not allow duplicate groups to be sent. This is not - * currently specified in RFC 8446 or earlier, but there is no - * legitimate justification for this to occur in TLS 1.2 or TLS - * 1.3. - */ - for (j = 0; j < i; j++) { - if (groups[i] == groups[j]) { - *alert = SSL_AD_ILLEGAL_PARAMETER; - goto err; - } - } - } - - if (CBS_len(&grouplist) != 0) - goto err; - - s->session->tlsext_supportedgroups = groups; - s->session->tlsext_supportedgroups_length = groups_len; - groups = NULL; - - - done: - ret = 1; - - err: - free(groups); - - return ret; -} - -/* This extension is never used by the server. */ -static int -tlsext_supportedgroups_server_needs(SSL *s, uint16_t msg_type) -{ - return 0; -} - -static int -tlsext_supportedgroups_server_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - return 0; -} - -static int -tlsext_supportedgroups_client_process(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert) -{ - /* - * This extension is only allowed in TLSv1.3 encrypted extensions. - * It is not permitted in a ServerHello in any version of TLS. - */ - if (msg_type != SSL_TLSEXT_MSG_EE) - return 0; - - /* - * RFC 8446, section 4.2.7: TLSv1.3 servers can send this extension but - * clients must not act on it during the handshake. This allows servers - * to advertise their preferences for subsequent handshakes. We ignore - * this complication. - */ - if (!CBS_skip(cbs, CBS_len(cbs))) { - *alert = SSL_AD_INTERNAL_ERROR; - return 0; - } - - return 1; -} - -/* - * Supported Point Formats Extension - RFC 4492 section 5.1.2 - */ -static int -tlsext_ecpf_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - CBB ecpf; - size_t formats_len; - const uint8_t *formats; - - tls1_get_formatlist(s, 0, &formats, &formats_len); - - if (formats_len == 0) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - return 0; - } - - if (!CBB_add_u8_length_prefixed(cbb, &ecpf)) - return 0; - if (!CBB_add_bytes(&ecpf, formats, formats_len)) - return 0; - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -static int -tlsext_ecpf_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - CBS ecpf; - - if (!CBS_get_u8_length_prefixed(cbs, &ecpf)) - return 0; - if (CBS_len(&ecpf) == 0) - return 0; - - /* Must contain uncompressed (0) - RFC 8422, section 5.1.2. */ - if (!CBS_contains_zero_byte(&ecpf)) { - SSLerror(s, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); - *alert = SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - - if (!s->hit) { - if (!CBS_stow(&ecpf, &(s->session->tlsext_ecpointformatlist), - &(s->session->tlsext_ecpointformatlist_length))) { - *alert = SSL_AD_INTERNAL_ERROR; - return 0; - } - } - - return 1; -} - -static int -tlsext_ecpf_client_needs(SSL *s, uint16_t msg_type) -{ - return ssl_has_ecc_ciphers(s); -} - -static int -tlsext_ecpf_client_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - return tlsext_ecpf_build(s, msg_type, cbb); -} - -static int -tlsext_ecpf_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - return tlsext_ecpf_process(s, msg_type, cbs, alert); -} - -static int -tlsext_ecpf_server_needs(SSL *s, uint16_t msg_type) -{ - return ssl_using_ecc_cipher(s); -} - -static int -tlsext_ecpf_server_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - return tlsext_ecpf_build(s, msg_type, cbb); -} - -static int -tlsext_ecpf_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - return tlsext_ecpf_process(s, msg_type, cbs, alert); -} - -/* - * Renegotiation Indication - RFC 5746. - */ -static int -tlsext_ri_client_needs(SSL *s, uint16_t msg_type) -{ - return (s->renegotiate); -} - -static int -tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - CBB reneg; - - if (!CBB_add_u8_length_prefixed(cbb, &reneg)) - return 0; - if (!CBB_add_bytes(&reneg, s->s3->previous_client_finished, - s->s3->previous_client_finished_len)) - return 0; - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -static int -tlsext_ri_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - CBS reneg; - - if (!CBS_get_u8_length_prefixed(cbs, &reneg)) { - SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR); - return 0; - } - - if (!CBS_mem_equal(&reneg, s->s3->previous_client_finished, - s->s3->previous_client_finished_len)) { - SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH); - *alert = SSL_AD_HANDSHAKE_FAILURE; - return 0; - } - - s->s3->renegotiate_seen = 1; - s->s3->send_connection_binding = 1; - - return 1; -} - -static int -tlsext_ri_server_needs(SSL *s, uint16_t msg_type) -{ - return (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION && - s->s3->send_connection_binding); -} - -static int -tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - CBB reneg; - - if (!CBB_add_u8_length_prefixed(cbb, &reneg)) - return 0; - if (!CBB_add_bytes(&reneg, s->s3->previous_client_finished, - s->s3->previous_client_finished_len)) - return 0; - if (!CBB_add_bytes(&reneg, s->s3->previous_server_finished, - s->s3->previous_server_finished_len)) - return 0; - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -static int -tlsext_ri_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - CBS reneg, prev_client, prev_server; - - /* - * Ensure that the previous client and server values are both not - * present, or that they are both present. - */ - if ((s->s3->previous_client_finished_len == 0 && - s->s3->previous_server_finished_len != 0) || - (s->s3->previous_client_finished_len != 0 && - s->s3->previous_server_finished_len == 0)) { - *alert = SSL_AD_INTERNAL_ERROR; - return 0; - } - - if (!CBS_get_u8_length_prefixed(cbs, &reneg)) { - SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR); - return 0; - } - if (!CBS_get_bytes(&reneg, &prev_client, - s->s3->previous_client_finished_len)) { - SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR); - return 0; - } - if (!CBS_get_bytes(&reneg, &prev_server, - s->s3->previous_server_finished_len)) { - SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR); - return 0; - } - if (CBS_len(&reneg) != 0) { - SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR); - return 0; - } - - if (!CBS_mem_equal(&prev_client, s->s3->previous_client_finished, - s->s3->previous_client_finished_len)) { - SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH); - *alert = SSL_AD_HANDSHAKE_FAILURE; - return 0; - } - if (!CBS_mem_equal(&prev_server, s->s3->previous_server_finished, - s->s3->previous_server_finished_len)) { - SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH); - *alert = SSL_AD_HANDSHAKE_FAILURE; - return 0; - } - - s->s3->renegotiate_seen = 1; - s->s3->send_connection_binding = 1; - - return 1; -} - -/* - * Signature Algorithms - RFC 5246 section 7.4.1.4.1. - */ -static int -tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type) -{ - return (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION); -} - -static int -tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - uint16_t tls_version = s->s3->hs.negotiated_tls_version; - CBB sigalgs; - - if (msg_type == SSL_TLSEXT_MSG_CH) - tls_version = s->s3->hs.our_min_tls_version; - - if (!CBB_add_u16_length_prefixed(cbb, &sigalgs)) - return 0; - if (!ssl_sigalgs_build(tls_version, &sigalgs, SSL_get_security_level(s))) - return 0; - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -static int -tlsext_sigalgs_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - CBS sigalgs; - - if (!CBS_get_u16_length_prefixed(cbs, &sigalgs)) - return 0; - if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64) - return 0; - if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs, &s->s3->hs.sigalgs_len)) - return 0; - - return 1; -} - -static int -tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type) -{ - return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION); -} - -static int -tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - CBB sigalgs; - - if (!CBB_add_u16_length_prefixed(cbb, &sigalgs)) - return 0; - if (!ssl_sigalgs_build(s->s3->hs.negotiated_tls_version, &sigalgs, - SSL_get_security_level(s))) - return 0; - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -static int -tlsext_sigalgs_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - CBS sigalgs; - - if (ssl_effective_tls_version(s) < TLS1_3_VERSION) - return 0; - - if (!CBS_get_u16_length_prefixed(cbs, &sigalgs)) - return 0; - if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64) - return 0; - if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs, &s->s3->hs.sigalgs_len)) - return 0; - - return 1; -} - -/* - * Server Name Indication - RFC 6066, section 3. - */ -static int -tlsext_sni_client_needs(SSL *s, uint16_t msg_type) -{ - return (s->tlsext_hostname != NULL); -} - -static int -tlsext_sni_client_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - CBB server_name_list, host_name; - - if (!CBB_add_u16_length_prefixed(cbb, &server_name_list)) - return 0; - if (!CBB_add_u8(&server_name_list, TLSEXT_NAMETYPE_host_name)) - return 0; - if (!CBB_add_u16_length_prefixed(&server_name_list, &host_name)) - return 0; - if (!CBB_add_bytes(&host_name, (const uint8_t *)s->tlsext_hostname, - strlen(s->tlsext_hostname))) - return 0; - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -static int -tlsext_sni_is_ip_literal(CBS *cbs, int *is_ip) -{ - union { - struct in_addr ip4; - struct in6_addr ip6; - } addrbuf; - char *hostname = NULL; - - *is_ip = 0; - - if (!CBS_strdup(cbs, &hostname)) - return 0; - - if (inet_pton(AF_INET, hostname, &addrbuf) == 1 || - inet_pton(AF_INET6, hostname, &addrbuf) == 1) - *is_ip = 1; - - free(hostname); - - return 1; -} - -/* - * Validate that the CBS contains only a hostname consisting of RFC 5890 - * compliant A-labels (see RFC 6066 section 3). Not a complete check - * since we don't parse punycode to verify its validity but limits to - * correct structure and character set. - */ -int -tlsext_sni_is_valid_hostname(CBS *cbs, int *is_ip) -{ - uint8_t prev, c = 0; - int component = 0; - CBS hostname; - - *is_ip = 0; - - CBS_dup(cbs, &hostname); - - if (CBS_len(&hostname) > TLSEXT_MAXLEN_host_name) - return 0; - - /* An IP literal is invalid as a host name (RFC 6066 section 3). */ - if (!tlsext_sni_is_ip_literal(&hostname, is_ip)) - return 0; - if (*is_ip) - return 0; - - while (CBS_len(&hostname) > 0) { - prev = c; - if (!CBS_get_u8(&hostname, &c)) - return 0; - /* Everything has to be ASCII, with no NUL byte. */ - if (!isascii(c) || c == '\0') - return 0; - /* It must be alphanumeric, a '-', or a '.' */ - if (!isalnum(c) && c != '-' && c != '.') - return 0; - /* '-' and '.' must not start a component or be at the end. */ - if (component == 0 || CBS_len(&hostname) == 0) { - if (c == '-' || c == '.') - return 0; - } - if (c == '.') { - /* Components can not end with a dash. */ - if (prev == '-') - return 0; - /* Start new component */ - component = 0; - continue; - } - /* Components must be 63 chars or less. */ - if (++component > 63) - return 0; - } - - return 1; -} - -static int -tlsext_sni_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - CBS server_name_list, host_name; - uint8_t name_type; - int is_ip; - - if (!CBS_get_u16_length_prefixed(cbs, &server_name_list)) - goto err; - - if (!CBS_get_u8(&server_name_list, &name_type)) - goto err; - - /* - * RFC 6066 section 3, only one type (host_name) is specified. - * We do not tolerate unknown types, neither does BoringSSL. - * other implementations appear more tolerant. - */ - if (name_type != TLSEXT_NAMETYPE_host_name) { - *alert = SSL_AD_ILLEGAL_PARAMETER; - goto err; - } - - /* - * RFC 6066 section 3 specifies a host name must be at least 1 byte - * so 0 length is a decode error. - */ - if (!CBS_get_u16_length_prefixed(&server_name_list, &host_name)) - goto err; - if (CBS_len(&host_name) < 1) - goto err; - - if (!tlsext_sni_is_valid_hostname(&host_name, &is_ip)) { - /* - * Various pieces of software have been known to set the SNI - * host name to an IP address, even though that violates the - * RFC. If this is the case, pretend the SNI extension does - * not exist. - */ - if (is_ip) - goto done; - - *alert = SSL_AD_ILLEGAL_PARAMETER; - goto err; - } - - if (s->hit || s->s3->hs.tls13.hrr) { - if (s->session->tlsext_hostname == NULL) { - *alert = SSL_AD_UNRECOGNIZED_NAME; - goto err; - } - if (!CBS_mem_equal(&host_name, s->session->tlsext_hostname, - strlen(s->session->tlsext_hostname))) { - *alert = SSL_AD_UNRECOGNIZED_NAME; - goto err; - } - } else { - if (s->session->tlsext_hostname != NULL) - goto err; - if (!CBS_strdup(&host_name, &s->session->tlsext_hostname)) { - *alert = SSL_AD_INTERNAL_ERROR; - goto err; - } - } - - done: - /* - * RFC 6066 section 3 forbids multiple host names with the same type, - * therefore we allow only one entry. - */ - if (CBS_len(&server_name_list) != 0) { - *alert = SSL_AD_ILLEGAL_PARAMETER; - goto err; - } - - return 1; - - err: - return 0; -} - -static int -tlsext_sni_server_needs(SSL *s, uint16_t msg_type) -{ - if (s->hit) - return 0; - - return (s->session->tlsext_hostname != NULL); -} - -static int -tlsext_sni_server_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - return 1; -} - -static int -tlsext_sni_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - if (s->tlsext_hostname == NULL || CBS_len(cbs) != 0) { - *alert = SSL_AD_UNRECOGNIZED_NAME; - return 0; - } - - if (s->hit) { - if (s->session->tlsext_hostname == NULL) { - *alert = SSL_AD_UNRECOGNIZED_NAME; - return 0; - } - if (strcmp(s->tlsext_hostname, - s->session->tlsext_hostname) != 0) { - *alert = SSL_AD_UNRECOGNIZED_NAME; - return 0; - } - } else { - if (s->session->tlsext_hostname != NULL) - return 0; - if ((s->session->tlsext_hostname = - strdup(s->tlsext_hostname)) == NULL) { - *alert = SSL_AD_INTERNAL_ERROR; - return 0; - } - } - - return 1; -} - -/* - * Certificate Status Request - RFC 6066 section 8. - */ - -static int -tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type) -{ - if (msg_type != SSL_TLSEXT_MSG_CH) - return 0; - - return (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp); -} - -static int -tlsext_ocsp_client_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - CBB respid_list, respid, exts; - unsigned char *ext_data; - size_t ext_len; - int i; - - if (!CBB_add_u8(cbb, TLSEXT_STATUSTYPE_ocsp)) - return 0; - if (!CBB_add_u16_length_prefixed(cbb, &respid_list)) - return 0; - for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) { - unsigned char *respid_data; - OCSP_RESPID *id; - size_t id_len; - - if ((id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, - i)) == NULL) - return 0; - if ((id_len = i2d_OCSP_RESPID(id, NULL)) == -1) - return 0; - if (!CBB_add_u16_length_prefixed(&respid_list, &respid)) - return 0; - if (!CBB_add_space(&respid, &respid_data, id_len)) - return 0; - if ((i2d_OCSP_RESPID(id, &respid_data)) != id_len) - return 0; - } - if (!CBB_add_u16_length_prefixed(cbb, &exts)) - return 0; - if ((ext_len = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, - NULL)) == -1) - return 0; - if (!CBB_add_space(&exts, &ext_data, ext_len)) - return 0; - if ((i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ext_data) != - ext_len)) - return 0; - if (!CBB_flush(cbb)) - return 0; - return 1; -} - -static int -tlsext_ocsp_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - int alert_desc = SSL_AD_DECODE_ERROR; - CBS respid_list, respid, exts; - const unsigned char *p; - uint8_t status_type; - int ret = 0; - - if (msg_type != SSL_TLSEXT_MSG_CH) - goto err; - - if (!CBS_get_u8(cbs, &status_type)) - goto err; - if (status_type != TLSEXT_STATUSTYPE_ocsp) { - /* ignore unknown status types */ - s->tlsext_status_type = -1; - - if (!CBS_skip(cbs, CBS_len(cbs))) { - *alert = SSL_AD_INTERNAL_ERROR; - return 0; - } - return 1; - } - s->tlsext_status_type = status_type; - if (!CBS_get_u16_length_prefixed(cbs, &respid_list)) - goto err; - - /* XXX */ - sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); - s->tlsext_ocsp_ids = NULL; - if (CBS_len(&respid_list) > 0) { - s->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null(); - if (s->tlsext_ocsp_ids == NULL) { - alert_desc = SSL_AD_INTERNAL_ERROR; - goto err; - } - } - - while (CBS_len(&respid_list) > 0) { - OCSP_RESPID *id; - - if (!CBS_get_u16_length_prefixed(&respid_list, &respid)) - goto err; - p = CBS_data(&respid); - if ((id = d2i_OCSP_RESPID(NULL, &p, CBS_len(&respid))) == NULL) - goto err; - if (!sk_OCSP_RESPID_push(s->tlsext_ocsp_ids, id)) { - alert_desc = SSL_AD_INTERNAL_ERROR; - OCSP_RESPID_free(id); - goto err; - } - } - - /* Read in request_extensions */ - if (!CBS_get_u16_length_prefixed(cbs, &exts)) - goto err; - if (CBS_len(&exts) > 0) { - sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, - X509_EXTENSION_free); - p = CBS_data(&exts); - if ((s->tlsext_ocsp_exts = d2i_X509_EXTENSIONS(NULL, - &p, CBS_len(&exts))) == NULL) - goto err; - } - - ret = 1; - err: - if (ret == 0) - *alert = alert_desc; - return ret; -} - -static int -tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type) -{ - if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION && - s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && - s->ctx->tlsext_status_cb != NULL) { - s->tlsext_status_expected = 0; - if (s->ctx->tlsext_status_cb(s, - s->ctx->tlsext_status_arg) == SSL_TLSEXT_ERR_OK && - s->tlsext_ocsp_resp_len > 0) - s->tlsext_status_expected = 1; - } - return s->tlsext_status_expected; -} - -static int -tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - CBB ocsp_response; - - if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION) { - if (!CBB_add_u8(cbb, TLSEXT_STATUSTYPE_ocsp)) - return 0; - if (!CBB_add_u24_length_prefixed(cbb, &ocsp_response)) - return 0; - if (!CBB_add_bytes(&ocsp_response, - s->tlsext_ocsp_resp, - s->tlsext_ocsp_resp_len)) - return 0; - if (!CBB_flush(cbb)) - return 0; - } - return 1; -} - -static int -tlsext_ocsp_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - uint8_t status_type; - CBS response; - - if (ssl_effective_tls_version(s) >= TLS1_3_VERSION) { - if (msg_type == SSL_TLSEXT_MSG_CR) { - /* - * RFC 8446, 4.4.2.1 - the server may request an OCSP - * response with an empty status_request. - */ - if (CBS_len(cbs) == 0) - return 1; - - SSLerror(s, SSL_R_LENGTH_MISMATCH); - return 0; - } - if (!CBS_get_u8(cbs, &status_type)) { - SSLerror(s, SSL_R_LENGTH_MISMATCH); - return 0; - } - if (status_type != TLSEXT_STATUSTYPE_ocsp) { - SSLerror(s, SSL_R_UNSUPPORTED_STATUS_TYPE); - return 0; - } - if (!CBS_get_u24_length_prefixed(cbs, &response)) { - SSLerror(s, SSL_R_LENGTH_MISMATCH); - return 0; - } - if (CBS_len(&response) > 65536) { - SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG); - return 0; - } - if (!CBS_stow(&response, &s->tlsext_ocsp_resp, - &s->tlsext_ocsp_resp_len)) { - *alert = SSL_AD_INTERNAL_ERROR; - return 0; - } - } else { - if (s->tlsext_status_type == -1) { - *alert = SSL_AD_UNSUPPORTED_EXTENSION; - return 0; - } - /* Set flag to expect CertificateStatus message */ - s->tlsext_status_expected = 1; - } - return 1; -} - -/* - * SessionTicket extension - RFC 5077 section 3.2 - */ -static int -tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type) -{ - /* - * Send session ticket extension when enabled and not overridden. - * - * When renegotiating, send an empty session ticket to indicate support. - */ - if ((SSL_get_options(s) & SSL_OP_NO_TICKET) != 0) - return 0; - - if (!ssl_security_tickets(s)) - return 0; - - if (s->new_session) - return 1; - - if (s->tlsext_session_ticket != NULL && - s->tlsext_session_ticket->data == NULL) - return 0; - - return 1; -} - -static int -tlsext_sessionticket_client_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - /* - * Signal that we support session tickets by sending an empty - * extension when renegotiating or no session found. - */ - if (s->new_session || s->session == NULL) - return 1; - - if (s->session->tlsext_tick != NULL) { - /* Attempt to resume with an existing session ticket */ - if (!CBB_add_bytes(cbb, s->session->tlsext_tick, - s->session->tlsext_ticklen)) - return 0; - - } else if (s->tlsext_session_ticket != NULL) { - /* - * Attempt to resume with a custom provided session ticket set - * by SSL_set_session_ticket_ext(). - */ - if (s->tlsext_session_ticket->length > 0) { - size_t ticklen = s->tlsext_session_ticket->length; - - if ((s->session->tlsext_tick = malloc(ticklen)) == NULL) - return 0; - memcpy(s->session->tlsext_tick, - s->tlsext_session_ticket->data, - ticklen); - s->session->tlsext_ticklen = ticklen; - - if (!CBB_add_bytes(cbb, s->session->tlsext_tick, - s->session->tlsext_ticklen)) - return 0; - } - } - - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -static int -tlsext_sessionticket_server_process(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert) -{ - if (s->tls_session_ticket_ext_cb) { - if (!s->tls_session_ticket_ext_cb(s, CBS_data(cbs), - (int)CBS_len(cbs), - s->tls_session_ticket_ext_cb_arg)) { - *alert = SSL_AD_INTERNAL_ERROR; - return 0; - } - } - - /* We need to signal that this was processed fully */ - if (!CBS_skip(cbs, CBS_len(cbs))) { - *alert = SSL_AD_INTERNAL_ERROR; - return 0; - } - - return 1; -} - -static int -tlsext_sessionticket_server_needs(SSL *s, uint16_t msg_type) -{ - return (s->tlsext_ticket_expected && - !(SSL_get_options(s) & SSL_OP_NO_TICKET) && - ssl_security_tickets(s)); -} - -static int -tlsext_sessionticket_server_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - /* Empty ticket */ - return 1; -} - -static int -tlsext_sessionticket_client_process(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert) -{ - if (s->tls_session_ticket_ext_cb) { - if (!s->tls_session_ticket_ext_cb(s, CBS_data(cbs), - (int)CBS_len(cbs), - s->tls_session_ticket_ext_cb_arg)) { - *alert = SSL_AD_INTERNAL_ERROR; - return 0; - } - } - - if ((SSL_get_options(s) & SSL_OP_NO_TICKET) != 0 || CBS_len(cbs) > 0) { - *alert = SSL_AD_UNSUPPORTED_EXTENSION; - return 0; - } - - s->tlsext_ticket_expected = 1; - - return 1; -} - -/* - * DTLS extension for SRTP key establishment - RFC 5764 - */ - -#ifndef OPENSSL_NO_SRTP - -static int -tlsext_srtp_client_needs(SSL *s, uint16_t msg_type) -{ - return SSL_is_dtls(s) && SSL_get_srtp_profiles(s) != NULL; -} - -static int -tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - CBB profiles, mki; - int ct, i; - STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = NULL; - const SRTP_PROTECTION_PROFILE *prof; - - if ((clnt = SSL_get_srtp_profiles(s)) == NULL) { - SSLerror(s, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST); - return 0; - } - - if ((ct = sk_SRTP_PROTECTION_PROFILE_num(clnt)) < 1) { - SSLerror(s, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST); - return 0; - } - - if (!CBB_add_u16_length_prefixed(cbb, &profiles)) - return 0; - - for (i = 0; i < ct; i++) { - if ((prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i)) == NULL) - return 0; - if (!CBB_add_u16(&profiles, prof->id)) - return 0; - } - - if (!CBB_add_u8_length_prefixed(cbb, &mki)) - return 0; - - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -static int -tlsext_srtp_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - const SRTP_PROTECTION_PROFILE *cprof, *sprof; - STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = NULL, *srvr; - int i, j; - int ret; - uint16_t id; - CBS profiles, mki; - - ret = 0; - - if (!CBS_get_u16_length_prefixed(cbs, &profiles)) - goto err; - if (CBS_len(&profiles) == 0 || CBS_len(&profiles) % 2 != 0) - goto err; - - if ((clnt = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) - goto err; - - while (CBS_len(&profiles) > 0) { - if (!CBS_get_u16(&profiles, &id)) - goto err; - - if (!srtp_find_profile_by_num(id, &cprof)) { - if (!sk_SRTP_PROTECTION_PROFILE_push(clnt, cprof)) - goto err; - } - } - - if (!CBS_get_u8_length_prefixed(cbs, &mki) || CBS_len(&mki) != 0) { - SSLerror(s, SSL_R_BAD_SRTP_MKI_VALUE); - goto done; - } - - /* - * Per RFC 5764 section 4.1.1 - * - * Find the server preferred profile using the client's list. - * - * The server MUST send a profile if it sends the use_srtp - * extension. If one is not found, it should fall back to the - * negotiated DTLS cipher suite or return a DTLS alert. - */ - if ((srvr = SSL_get_srtp_profiles(s)) == NULL) - goto err; - for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(srvr); i++) { - if ((sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i)) == NULL) - goto err; - - for (j = 0; j < sk_SRTP_PROTECTION_PROFILE_num(clnt); j++) { - if ((cprof = sk_SRTP_PROTECTION_PROFILE_value(clnt, j)) - == NULL) - goto err; - - if (cprof->id == sprof->id) { - s->srtp_profile = sprof; - ret = 1; - goto done; - } - } - } - - /* If we didn't find anything, fall back to the negotiated */ - ret = 1; - goto done; - - err: - SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); - - done: - sk_SRTP_PROTECTION_PROFILE_free(clnt); - return ret; -} - -static int -tlsext_srtp_server_needs(SSL *s, uint16_t msg_type) -{ - return SSL_is_dtls(s) && SSL_get_selected_srtp_profile(s) != NULL; -} - -static int -tlsext_srtp_server_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - SRTP_PROTECTION_PROFILE *profile; - CBB srtp, mki; - - if (!CBB_add_u16_length_prefixed(cbb, &srtp)) - return 0; - - if ((profile = SSL_get_selected_srtp_profile(s)) == NULL) - return 0; - - if (!CBB_add_u16(&srtp, profile->id)) - return 0; - - if (!CBB_add_u8_length_prefixed(cbb, &mki)) - return 0; - - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -static int -tlsext_srtp_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - STACK_OF(SRTP_PROTECTION_PROFILE) *clnt; - const SRTP_PROTECTION_PROFILE *prof; - int i; - uint16_t id; - CBS profile_ids, mki; - - if (!CBS_get_u16_length_prefixed(cbs, &profile_ids)) { - SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); - return 0; - } - - if (!CBS_get_u16(&profile_ids, &id) || CBS_len(&profile_ids) != 0) { - SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); - return 0; - } - - if (!CBS_get_u8_length_prefixed(cbs, &mki) || CBS_len(&mki) != 0) { - SSLerror(s, SSL_R_BAD_SRTP_MKI_VALUE); - *alert = SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - - if ((clnt = SSL_get_srtp_profiles(s)) == NULL) { - SSLerror(s, SSL_R_NO_SRTP_PROFILES); - return 0; - } - - for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) { - if ((prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i)) - == NULL) { - SSLerror(s, SSL_R_NO_SRTP_PROFILES); - return 0; - } - - if (prof->id == id) { - s->srtp_profile = prof; - return 1; - } - } - - SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); - - return 0; -} - -#endif /* OPENSSL_NO_SRTP */ - -/* - * TLSv1.3 Key Share - RFC 8446 section 4.2.8. - */ -static int -tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type) -{ - return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION); -} - -static int -tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - CBB client_shares, key_exchange; - - if (!CBB_add_u16_length_prefixed(cbb, &client_shares)) - return 0; - - if (!CBB_add_u16(&client_shares, - tls_key_share_group(s->s3->hs.key_share))) - return 0; - if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange)) - return 0; - if (!tls_key_share_public(s->s3->hs.key_share, &key_exchange)) - return 0; - - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -static int -tlsext_keyshare_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - const uint16_t *client_groups = NULL, *server_groups = NULL; - size_t client_groups_len = 0, server_groups_len = 0; - size_t i, j, client_groups_index; - int preferred_group_found = 0; - int decode_error; - uint16_t client_preferred_group = 0; - uint16_t group; - CBS client_shares, key_exchange; - - /* - * RFC 8446 section 4.2.8: - * - * Each KeyShareEntry value MUST correspond to a group offered in the - * "supported_groups" extension and MUST appear in the same order. - * However, the values MAY be a non-contiguous subset of the - * "supported_groups". - */ - - if (!tlsext_extension_seen(s, TLSEXT_TYPE_supported_groups)) { - *alert = SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - if (!tlsext_extension_processed(s, TLSEXT_TYPE_supported_groups)) { - *alert = SSL_AD_INTERNAL_ERROR; - return 0; - } - - if (s->s3->hs.tls13.hrr) { - if (!CBS_get_u16_length_prefixed(cbs, &client_shares)) - return 0; - - /* Unpack client share. */ - if (!CBS_get_u16(&client_shares, &group)) - return 0; - if (!CBS_get_u16_length_prefixed(&client_shares, &key_exchange)) - return 0; - - /* There should only be one share. */ - if (CBS_len(&client_shares) != 0) - return 0; - - if (group != s->s3->hs.tls13.server_group) { - *alert = SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - - if (s->s3->hs.key_share != NULL) { - *alert = SSL_AD_INTERNAL_ERROR; - return 0; - } - - /* Decode and store the selected key share. */ - if ((s->s3->hs.key_share = tls_key_share_new(group)) == NULL) { - *alert = SSL_AD_INTERNAL_ERROR; - return 0; - } - if (!tls_key_share_peer_public(s->s3->hs.key_share, - &key_exchange, &decode_error, NULL)) { - if (!decode_error) - *alert = SSL_AD_INTERNAL_ERROR; - return 0; - } - - return 1; - } - - /* - * XXX similar to tls1_get_supported_group, but client pref - * only - consider deduping later. - */ - /* - * We are now assured of at least one client group. - * Get the client and server group preference orders. - */ - tls1_get_group_list(s, 0, &server_groups, &server_groups_len); - tls1_get_group_list(s, 1, &client_groups, &client_groups_len); - - /* - * Find the group that is most preferred by the client that - * we also support. - */ - for (i = 0; i < client_groups_len && !preferred_group_found; i++) { - if (!ssl_security_supported_group(s, client_groups[i])) - continue; - for (j = 0; j < server_groups_len; j++) { - if (server_groups[j] == client_groups[i]) { - client_preferred_group = client_groups[i]; - preferred_group_found = 1; - break; - } - } - } - - if (!CBS_get_u16_length_prefixed(cbs, &client_shares)) - return 0; - - client_groups_index = 0; - while (CBS_len(&client_shares) > 0) { - int client_sent_group; - - /* Unpack client share. */ - if (!CBS_get_u16(&client_shares, &group)) - return 0; - if (!CBS_get_u16_length_prefixed(&client_shares, &key_exchange)) - return 0; - - /* Ignore this client share if we're using earlier than TLSv1.3 */ - if (s->s3->hs.our_max_tls_version < TLS1_3_VERSION) - continue; - - /* - * Ensure the client share group was sent in supported groups, - * and was sent in the same order as supported groups. The - * supported groups has already been checked for duplicates. - */ - client_sent_group = 0; - while (client_groups_index < client_groups_len) { - if (group == client_groups[client_groups_index++]) { - client_sent_group = 1; - break; - } - } - if (!client_sent_group) { - *alert = SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - - /* Ignore this client share if we have already selected a key share */ - if (s->s3->hs.key_share != NULL) - continue; - - /* - * Ignore this client share if it is not for the most client - * preferred supported group. This avoids a potential downgrade - * situation where the client sends a client share for something - * less preferred, and we choose to to use it instead of - * requesting the more preferred group. - */ - if (!preferred_group_found || group != client_preferred_group) - continue; - - /* Decode and store the selected key share. */ - if ((s->s3->hs.key_share = tls_key_share_new(group)) == NULL) { - *alert = SSL_AD_INTERNAL_ERROR; - return 0; - } - if (!tls_key_share_peer_public(s->s3->hs.key_share, - &key_exchange, &decode_error, NULL)) { - if (!decode_error) - *alert = SSL_AD_INTERNAL_ERROR; - return 0; - } - } - - return 1; -} - -static int -tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type) -{ - return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION && - tlsext_extension_seen(s, TLSEXT_TYPE_key_share)); -} - -static int -tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - CBB key_exchange; - - /* In the case of a HRR, we only send the server selected group. */ - if (s->s3->hs.tls13.hrr) { - if (s->s3->hs.tls13.server_group == 0) - return 0; - return CBB_add_u16(cbb, s->s3->hs.tls13.server_group); - } - - if (s->s3->hs.key_share == NULL) - return 0; - - if (!CBB_add_u16(cbb, tls_key_share_group(s->s3->hs.key_share))) - return 0; - if (!CBB_add_u16_length_prefixed(cbb, &key_exchange)) - return 0; - if (!tls_key_share_public(s->s3->hs.key_share, &key_exchange)) - return 0; - - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -static int -tlsext_keyshare_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - CBS key_exchange; - int decode_error; - uint16_t group; - - /* Unpack server share. */ - if (!CBS_get_u16(cbs, &group)) - return 0; - - if (CBS_len(cbs) == 0) { - /* HRR does not include an actual key share, only the group. */ - if (msg_type != SSL_TLSEXT_MSG_HRR) - return 0; - - s->s3->hs.tls13.server_group = group; - return 1; - } - - if (!CBS_get_u16_length_prefixed(cbs, &key_exchange)) - return 0; - - if (s->s3->hs.key_share == NULL) { - *alert = SSL_AD_INTERNAL_ERROR; - return 0; - } - if (tls_key_share_group(s->s3->hs.key_share) != group) { - *alert = SSL_AD_INTERNAL_ERROR; - return 0; - } - if (!tls_key_share_peer_public(s->s3->hs.key_share, - &key_exchange, &decode_error, NULL)) { - if (!decode_error) - *alert = SSL_AD_INTERNAL_ERROR; - return 0; - } - - return 1; -} - -/* - * Supported Versions - RFC 8446 section 4.2.1. - */ -static int -tlsext_versions_client_needs(SSL *s, uint16_t msg_type) -{ - return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION); -} - -static int -tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - uint16_t max, min; - uint16_t version; - CBB versions; - - max = s->s3->hs.our_max_tls_version; - min = s->s3->hs.our_min_tls_version; - - if (!CBB_add_u8_length_prefixed(cbb, &versions)) - return 0; - - /* XXX - fix, but contiguous for now... */ - for (version = max; version >= min; version--) { - if (!CBB_add_u16(&versions, version)) - return 0; - } - - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -static int -tlsext_versions_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - CBS versions; - uint16_t version; - uint16_t max, min; - uint16_t matched_version = 0; - - max = s->s3->hs.our_max_tls_version; - min = s->s3->hs.our_min_tls_version; - - if (!CBS_get_u8_length_prefixed(cbs, &versions)) - return 0; - - while (CBS_len(&versions) > 0) { - if (!CBS_get_u16(&versions, &version)) - return 0; - /* - * XXX What is below implements client preference, and - * ignores any server preference entirely. - */ - if (matched_version == 0 && version >= min && version <= max) - matched_version = version; - } - - if (matched_version > 0) { - /* XXX - this should be stored for later processing. */ - s->version = matched_version; - return 1; - } - - *alert = SSL_AD_PROTOCOL_VERSION; - return 0; -} - -static int -tlsext_versions_server_needs(SSL *s, uint16_t msg_type) -{ - return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION); -} - -static int -tlsext_versions_server_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - return CBB_add_u16(cbb, TLS1_3_VERSION); -} - -static int -tlsext_versions_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - uint16_t selected_version; - - if (!CBS_get_u16(cbs, &selected_version)) - return 0; - - /* XXX - need to fix for DTLS 1.3 */ - if (selected_version < TLS1_3_VERSION) { - *alert = SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - - /* XXX test between min and max once initialization code goes in */ - s->s3->hs.tls13.server_version = selected_version; - - return 1; -} - - -/* - * Cookie - RFC 8446 section 4.2.2. - */ - -static int -tlsext_cookie_client_needs(SSL *s, uint16_t msg_type) -{ - return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION && - s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL); -} - -static int -tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - CBB cookie; - - if (!CBB_add_u16_length_prefixed(cbb, &cookie)) - return 0; - - if (!CBB_add_bytes(&cookie, s->s3->hs.tls13.cookie, - s->s3->hs.tls13.cookie_len)) - return 0; - - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -static int -tlsext_cookie_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - CBS cookie; - - if (!CBS_get_u16_length_prefixed(cbs, &cookie)) - return 0; - - if (CBS_len(&cookie) != s->s3->hs.tls13.cookie_len) - return 0; - - /* - * Check provided cookie value against what server previously - * sent - client *MUST* send the same cookie with new CR after - * a cookie is sent by the server with an HRR. - */ - if (!CBS_mem_equal(&cookie, s->s3->hs.tls13.cookie, - s->s3->hs.tls13.cookie_len)) { - /* XXX special cookie mismatch alert? */ - *alert = SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - - return 1; -} - -static int -tlsext_cookie_server_needs(SSL *s, uint16_t msg_type) -{ - /* - * Server needs to set cookie value in tls13 handshake - * in order to send one, should only be sent with HRR. - */ - return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION && - s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL); -} - -static int -tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - CBB cookie; - - /* XXX deduplicate with client code */ - - if (!CBB_add_u16_length_prefixed(cbb, &cookie)) - return 0; - - if (!CBB_add_bytes(&cookie, s->s3->hs.tls13.cookie, - s->s3->hs.tls13.cookie_len)) - return 0; - - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -static int -tlsext_cookie_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - CBS cookie; - - /* - * XXX This currently assumes we will not get a second - * HRR from a server with a cookie to process after accepting - * one from the server in the same handshake - */ - if (s->s3->hs.tls13.cookie != NULL || - s->s3->hs.tls13.cookie_len != 0) { - *alert = SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - - if (!CBS_get_u16_length_prefixed(cbs, &cookie)) - return 0; - - if (!CBS_stow(&cookie, &s->s3->hs.tls13.cookie, - &s->s3->hs.tls13.cookie_len)) - return 0; - - return 1; -} - -/* - * Pre-Shared Key Exchange Modes - RFC 8446, 4.2.9. - */ - -static int -tlsext_psk_kex_modes_client_needs(SSL *s, uint16_t msg_type) -{ - return (s->s3->hs.tls13.use_psk_dhe_ke && - s->s3->hs.our_max_tls_version >= TLS1_3_VERSION); -} - -static int -tlsext_psk_kex_modes_client_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - CBB ke_modes; - - if (!CBB_add_u8_length_prefixed(cbb, &ke_modes)) - return 0; - - /* Only indicate support for PSK with DHE key establishment. */ - if (!CBB_add_u8(&ke_modes, TLS13_PSK_DHE_KE)) - return 0; - - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -static int -tlsext_psk_kex_modes_server_process(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert) -{ - CBS ke_modes; - uint8_t ke_mode; - - if (!CBS_get_u8_length_prefixed(cbs, &ke_modes)) - return 0; - - while (CBS_len(&ke_modes) > 0) { - if (!CBS_get_u8(&ke_modes, &ke_mode)) - return 0; - - if (ke_mode == TLS13_PSK_DHE_KE) - s->s3->hs.tls13.use_psk_dhe_ke = 1; - } - - return 1; -} - -static int -tlsext_psk_kex_modes_server_needs(SSL *s, uint16_t msg_type) -{ - /* Servers MUST NOT send this extension. */ - return 0; -} - -static int -tlsext_psk_kex_modes_server_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - return 0; -} - -static int -tlsext_psk_kex_modes_client_process(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert) -{ - return 0; -} - -/* - * Pre-Shared Key Extension - RFC 8446, 4.2.11 - */ - -static int -tlsext_psk_client_needs(SSL *s, uint16_t msg_type) -{ - return 0; -} - -static int -tlsext_psk_client_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - return 0; -} - -static int -tlsext_psk_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - return CBS_skip(cbs, CBS_len(cbs)); -} - -static int -tlsext_psk_server_needs(SSL *s, uint16_t msg_type) -{ - return 0; -} - -static int -tlsext_psk_server_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - return 0; -} - -static int -tlsext_psk_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - return CBS_skip(cbs, CBS_len(cbs)); -} - -/* - * QUIC transport parameters extension - RFC 9001 section 8.2. - */ - -static int -tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type) -{ - return SSL_is_quic(s) && s->quic_transport_params_len > 0; -} - -static int -tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type, - CBB *cbb) -{ - if (!CBB_add_bytes(cbb, s->quic_transport_params, - s->quic_transport_params_len)) - return 0; - - return 1; -} - -static int -tlsext_quic_transport_parameters_client_process(SSL *s, uint16_t msg_type, - CBS *cbs, int *alert) -{ - if (!SSL_is_quic(s)) { - *alert = SSL_AD_UNSUPPORTED_EXTENSION; - return 0; - } - - if (!CBS_stow(cbs, &s->s3->peer_quic_transport_params, - &s->s3->peer_quic_transport_params_len)) - return 0; - if (!CBS_skip(cbs, s->s3->peer_quic_transport_params_len)) - return 0; - - return 1; -} - -static int -tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type) -{ - return SSL_is_quic(s) && s->quic_transport_params_len > 0; -} - -static int -tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type, - CBB *cbb) -{ - if (!CBB_add_bytes(cbb, s->quic_transport_params, - s->quic_transport_params_len)) - return 0; - - return 1; -} - -static int -tlsext_quic_transport_parameters_server_process(SSL *s, uint16_t msg_type, - CBS *cbs, int *alert) -{ - if (!SSL_is_quic(s)) { - *alert = SSL_AD_UNSUPPORTED_EXTENSION; - return 0; - } - - if (!CBS_stow(cbs, &s->s3->peer_quic_transport_params, - &s->s3->peer_quic_transport_params_len)) - return 0; - if (!CBS_skip(cbs, s->s3->peer_quic_transport_params_len)) - return 0; - - return 1; -} - -struct tls_extension_funcs { - int (*needs)(SSL *s, uint16_t msg_type); - int (*build)(SSL *s, uint16_t msg_type, CBB *cbb); - int (*process)(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -}; - -struct tls_extension { - uint16_t type; - uint16_t messages; - struct tls_extension_funcs client; - struct tls_extension_funcs server; -}; - -/* - * TLS extensions (in processing order). - */ -static const struct tls_extension tls_extensions[] = { - { - .type = TLSEXT_TYPE_supported_versions, - .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH | - SSL_TLSEXT_MSG_HRR, - .client = { - .needs = tlsext_versions_client_needs, - .build = tlsext_versions_client_build, - .process = tlsext_versions_client_process, - }, - .server = { - .needs = tlsext_versions_server_needs, - .build = tlsext_versions_server_build, - .process = tlsext_versions_server_process, - }, - }, - { - .type = TLSEXT_TYPE_supported_groups, - .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE, - .client = { - .needs = tlsext_supportedgroups_client_needs, - .build = tlsext_supportedgroups_client_build, - .process = tlsext_supportedgroups_client_process, - }, - .server = { - .needs = tlsext_supportedgroups_server_needs, - .build = tlsext_supportedgroups_server_build, - .process = tlsext_supportedgroups_server_process, - }, - }, - { - .type = TLSEXT_TYPE_key_share, - .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH | - SSL_TLSEXT_MSG_HRR, - .client = { - .needs = tlsext_keyshare_client_needs, - .build = tlsext_keyshare_client_build, - .process = tlsext_keyshare_client_process, - }, - .server = { - .needs = tlsext_keyshare_server_needs, - .build = tlsext_keyshare_server_build, - .process = tlsext_keyshare_server_process, - }, - }, - { - .type = TLSEXT_TYPE_server_name, - .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE, - .client = { - .needs = tlsext_sni_client_needs, - .build = tlsext_sni_client_build, - .process = tlsext_sni_client_process, - }, - .server = { - .needs = tlsext_sni_server_needs, - .build = tlsext_sni_server_build, - .process = tlsext_sni_server_process, - }, - }, - { - .type = TLSEXT_TYPE_renegotiate, - .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH, - .client = { - .needs = tlsext_ri_client_needs, - .build = tlsext_ri_client_build, - .process = tlsext_ri_client_process, - }, - .server = { - .needs = tlsext_ri_server_needs, - .build = tlsext_ri_server_build, - .process = tlsext_ri_server_process, - }, - }, - { - .type = TLSEXT_TYPE_status_request, - .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_CR | - SSL_TLSEXT_MSG_CT, - .client = { - .needs = tlsext_ocsp_client_needs, - .build = tlsext_ocsp_client_build, - .process = tlsext_ocsp_client_process, - }, - .server = { - .needs = tlsext_ocsp_server_needs, - .build = tlsext_ocsp_server_build, - .process = tlsext_ocsp_server_process, - }, - }, - { - .type = TLSEXT_TYPE_ec_point_formats, - .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH, - .client = { - .needs = tlsext_ecpf_client_needs, - .build = tlsext_ecpf_client_build, - .process = tlsext_ecpf_client_process, - }, - .server = { - .needs = tlsext_ecpf_server_needs, - .build = tlsext_ecpf_server_build, - .process = tlsext_ecpf_server_process, - }, - }, - { - .type = TLSEXT_TYPE_session_ticket, - .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH, - .client = { - .needs = tlsext_sessionticket_client_needs, - .build = tlsext_sessionticket_client_build, - .process = tlsext_sessionticket_client_process, - }, - .server = { - .needs = tlsext_sessionticket_server_needs, - .build = tlsext_sessionticket_server_build, - .process = tlsext_sessionticket_server_process, - }, - }, - { - .type = TLSEXT_TYPE_signature_algorithms, - .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_CR, - .client = { - .needs = tlsext_sigalgs_client_needs, - .build = tlsext_sigalgs_client_build, - .process = tlsext_sigalgs_client_process, - }, - .server = { - .needs = tlsext_sigalgs_server_needs, - .build = tlsext_sigalgs_server_build, - .process = tlsext_sigalgs_server_process, - }, - }, - { - .type = TLSEXT_TYPE_alpn, - .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE, - .client = { - .needs = tlsext_alpn_client_needs, - .build = tlsext_alpn_client_build, - .process = tlsext_alpn_client_process, - }, - .server = { - .needs = tlsext_alpn_server_needs, - .build = tlsext_alpn_server_build, - .process = tlsext_alpn_server_process, - }, - }, - { - .type = TLSEXT_TYPE_cookie, - .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_HRR, - .client = { - .needs = tlsext_cookie_client_needs, - .build = tlsext_cookie_client_build, - .process = tlsext_cookie_client_process, - }, - .server = { - .needs = tlsext_cookie_server_needs, - .build = tlsext_cookie_server_build, - .process = tlsext_cookie_server_process, - }, - }, -#ifndef OPENSSL_NO_SRTP - { - .type = TLSEXT_TYPE_use_srtp, - .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH /* XXX */ | - SSL_TLSEXT_MSG_EE, - .client = { - .needs = tlsext_srtp_client_needs, - .build = tlsext_srtp_client_build, - .process = tlsext_srtp_client_process, - }, - .server = { - .needs = tlsext_srtp_server_needs, - .build = tlsext_srtp_server_build, - .process = tlsext_srtp_server_process, - }, - }, -#endif /* OPENSSL_NO_SRTP */ - { - .type = TLSEXT_TYPE_quic_transport_parameters, - .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE, - .client = { - .needs = tlsext_quic_transport_parameters_client_needs, - .build = tlsext_quic_transport_parameters_client_build, - .process = tlsext_quic_transport_parameters_client_process, - }, - .server = { - .needs = tlsext_quic_transport_parameters_server_needs, - .build = tlsext_quic_transport_parameters_server_build, - .process = tlsext_quic_transport_parameters_server_process, - }, - }, - { - .type = TLSEXT_TYPE_psk_key_exchange_modes, - .messages = SSL_TLSEXT_MSG_CH, - .client = { - .needs = tlsext_psk_kex_modes_client_needs, - .build = tlsext_psk_kex_modes_client_build, - .process = tlsext_psk_kex_modes_client_process, - }, - .server = { - .needs = tlsext_psk_kex_modes_server_needs, - .build = tlsext_psk_kex_modes_server_build, - .process = tlsext_psk_kex_modes_server_process, - }, - }, - { - .type = TLSEXT_TYPE_pre_shared_key, - .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH, - .client = { - .needs = tlsext_psk_client_needs, - .build = tlsext_psk_client_build, - .process = tlsext_psk_client_process, - }, - .server = { - .needs = tlsext_psk_server_needs, - .build = tlsext_psk_server_build, - .process = tlsext_psk_server_process, - }, - }, -}; - -#define N_TLS_EXTENSIONS (sizeof(tls_extensions) / sizeof(*tls_extensions)) - -/* Ensure that extensions fit in a uint32_t bitmask. */ -CTASSERT(N_TLS_EXTENSIONS <= (sizeof(uint32_t) * 8)); - -struct tlsext_data { - CBS extensions[N_TLS_EXTENSIONS]; -}; - -static struct tlsext_data * -tlsext_data_new(void) -{ - return calloc(1, sizeof(struct tlsext_data)); -} - -static void -tlsext_data_free(struct tlsext_data *td) -{ - freezero(td, sizeof(*td)); -} - -uint16_t -tls_extension_type(const struct tls_extension *extension) -{ - return extension->type; -} - -const struct tls_extension * -tls_extension_find(uint16_t type, size_t *tls_extensions_idx) -{ - size_t i; - - for (i = 0; i < N_TLS_EXTENSIONS; i++) { - if (tls_extensions[i].type == type) { - if (tls_extensions_idx != NULL) - *tls_extensions_idx = i; - return &tls_extensions[i]; - } - } - - return NULL; -} - -int -tlsext_extension_seen(SSL *s, uint16_t type) -{ - size_t idx; - - if (tls_extension_find(type, &idx) == NULL) - return 0; - return ((s->s3->hs.extensions_seen & (1 << idx)) != 0); -} - -int -tlsext_extension_processed(SSL *s, uint16_t type) -{ - size_t idx; - - if (tls_extension_find(type, &idx) == NULL) - return 0; - return ((s->s3->hs.extensions_processed & (1 << idx)) != 0); -} - -const struct tls_extension_funcs * -tlsext_funcs(const struct tls_extension *tlsext, int is_server) -{ - if (is_server) - return &tlsext->server; - - return &tlsext->client; -} - -int -tlsext_randomize_build_order(SSL *s) -{ - const struct tls_extension *psk_ext; - size_t idx, new_idx; - size_t alpn_idx = 0, sni_idx = 0; - - free(s->tlsext_build_order); - s->tlsext_build_order_len = 0; - - if ((s->tlsext_build_order = calloc(sizeof(*s->tlsext_build_order), - N_TLS_EXTENSIONS)) == NULL) - return 0; - s->tlsext_build_order_len = N_TLS_EXTENSIONS; - - /* RFC 8446, section 4.2 - PSK MUST be the last extension in the CH. */ - if ((psk_ext = tls_extension_find(TLSEXT_TYPE_pre_shared_key, - NULL)) == NULL) - return 0; - s->tlsext_build_order[N_TLS_EXTENSIONS - 1] = psk_ext; - - /* Fisher-Yates shuffle with PSK fixed. */ - for (idx = 0; idx < N_TLS_EXTENSIONS - 1; idx++) { - new_idx = arc4random_uniform(idx + 1); - s->tlsext_build_order[idx] = s->tlsext_build_order[new_idx]; - s->tlsext_build_order[new_idx] = &tls_extensions[idx]; - } - - /* - * XXX - Apache2 special until year 2025: ensure that SNI precedes ALPN - * for clients so that virtual host setups work correctly. - */ - - if (s->server) - return 1; - - for (idx = 0; idx < N_TLS_EXTENSIONS; idx++) { - if (s->tlsext_build_order[idx]->type == TLSEXT_TYPE_alpn) - alpn_idx = idx; - if (s->tlsext_build_order[idx]->type == TLSEXT_TYPE_server_name) - sni_idx = idx; - } - if (alpn_idx < sni_idx) { - const struct tls_extension *tmp; - - tmp = s->tlsext_build_order[alpn_idx]; - s->tlsext_build_order[alpn_idx] = s->tlsext_build_order[sni_idx]; - s->tlsext_build_order[sni_idx] = tmp; - } - - return 1; -} - -int -tlsext_linearize_build_order(SSL *s) -{ - size_t idx; - - free(s->tlsext_build_order); - s->tlsext_build_order_len = 0; - - if ((s->tlsext_build_order = calloc(sizeof(*s->tlsext_build_order), - N_TLS_EXTENSIONS)) == NULL) - return 0; - s->tlsext_build_order_len = N_TLS_EXTENSIONS; - - for (idx = 0; idx < N_TLS_EXTENSIONS; idx++) - s->tlsext_build_order[idx] = &tls_extensions[idx]; - - return 1; -} - -static int -tlsext_build(SSL *s, int is_server, uint16_t msg_type, CBB *cbb) -{ - const struct tls_extension_funcs *ext; - const struct tls_extension *tlsext; - CBB extensions, extension_data; - int extensions_present = 0; - uint16_t tls_version; - size_t i; - - tls_version = ssl_effective_tls_version(s); - - if (!CBB_add_u16_length_prefixed(cbb, &extensions)) - return 0; - - for (i = 0; i < N_TLS_EXTENSIONS; i++) { - tlsext = s->tlsext_build_order[i]; - ext = tlsext_funcs(tlsext, is_server); - - /* RFC 8446 Section 4.2 */ - if (tls_version >= TLS1_3_VERSION && - !(tlsext->messages & msg_type)) - continue; - - if (!ext->needs(s, msg_type)) - continue; - - if (!CBB_add_u16(&extensions, tlsext->type)) - return 0; - if (!CBB_add_u16_length_prefixed(&extensions, &extension_data)) - return 0; - - if (!ext->build(s, msg_type, &extension_data)) - return 0; - - extensions_present = 1; - } - - if (!extensions_present && - (msg_type & (SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH)) != 0) - CBB_discard_child(cbb); - - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -int -tlsext_clienthello_hash_extension(SSL *s, uint16_t type, CBS *cbs) -{ - /* - * RFC 8446 4.1.2. For subsequent CH, early data will be removed, - * cookie may be added, padding may be removed. - */ - struct tls13_ctx *ctx = s->tls13; - - if (type == TLSEXT_TYPE_early_data || type == TLSEXT_TYPE_cookie || - type == TLSEXT_TYPE_padding) - return 1; - if (!tls13_clienthello_hash_update_bytes(ctx, (void *)&type, - sizeof(type))) - return 0; - /* - * key_share data may be changed, and pre_shared_key data may - * be changed. - */ - if (type == TLSEXT_TYPE_pre_shared_key || type == TLSEXT_TYPE_key_share) - return 1; - if (!tls13_clienthello_hash_update(ctx, cbs)) - return 0; - - return 1; -} - -static int -tlsext_parse(SSL *s, struct tlsext_data *td, int is_server, uint16_t msg_type, - CBS *cbs, int *alert) -{ - const struct tls_extension *tlsext; - CBS extensions, extension_data; - uint16_t type; - size_t idx; - uint16_t tls_version; - int alert_desc; - - tls_version = ssl_effective_tls_version(s); - - s->s3->hs.extensions_seen = 0; - - /* An empty extensions block is valid. */ - if (CBS_len(cbs) == 0) - return 1; - - alert_desc = SSL_AD_DECODE_ERROR; - - if (!CBS_get_u16_length_prefixed(cbs, &extensions)) - goto err; - - while (CBS_len(&extensions) > 0) { - if (!CBS_get_u16(&extensions, &type)) - goto err; - if (!CBS_get_u16_length_prefixed(&extensions, &extension_data)) - goto err; - - if (s->tlsext_debug_cb != NULL) - s->tlsext_debug_cb(s, !is_server, type, - (unsigned char *)CBS_data(&extension_data), - CBS_len(&extension_data), - s->tlsext_debug_arg); - - /* Unknown extensions are ignored. */ - if ((tlsext = tls_extension_find(type, &idx)) == NULL) - continue; - - if (tls_version >= TLS1_3_VERSION && is_server && - msg_type == SSL_TLSEXT_MSG_CH) { - if (!tlsext_clienthello_hash_extension(s, type, - &extension_data)) - goto err; - } - - /* RFC 8446 Section 4.2 */ - if (tls_version >= TLS1_3_VERSION && - !(tlsext->messages & msg_type)) { - alert_desc = SSL_AD_ILLEGAL_PARAMETER; - goto err; - } - - /* Check for duplicate known extensions. */ - if ((s->s3->hs.extensions_seen & (1 << idx)) != 0) - goto err; - s->s3->hs.extensions_seen |= (1 << idx); - - CBS_dup(&extension_data, &td->extensions[idx]); - } - - return 1; - - err: - *alert = alert_desc; - - return 0; -} - -static int -tlsext_process(SSL *s, struct tlsext_data *td, int is_server, uint16_t msg_type, - int *alert) -{ - const struct tls_extension_funcs *ext; - const struct tls_extension *tlsext; - int alert_desc; - size_t idx; - - alert_desc = SSL_AD_DECODE_ERROR; - - s->s3->hs.extensions_processed = 0; - - /* Run processing for present TLS extensions, in a defined order. */ - for (idx = 0; idx < N_TLS_EXTENSIONS; idx++) { - tlsext = &tls_extensions[idx]; - if ((s->s3->hs.extensions_seen & (1 << idx)) == 0) - continue; - ext = tlsext_funcs(tlsext, is_server); - if (ext->process == NULL) - continue; - if (!ext->process(s, msg_type, &td->extensions[idx], &alert_desc)) - goto err; - - if (CBS_len(&td->extensions[idx]) != 0) - goto err; - - s->s3->hs.extensions_processed |= (1 << idx); - } - - return 1; - - err: - *alert = alert_desc; - - return 0; -} - -static void -tlsext_server_reset_state(SSL *s) -{ - s->tlsext_status_type = -1; - s->s3->renegotiate_seen = 0; - free(s->s3->alpn_selected); - s->s3->alpn_selected = NULL; - s->s3->alpn_selected_len = 0; - s->srtp_profile = NULL; -} - -int -tlsext_server_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - return tlsext_build(s, 1, msg_type, cbb); -} - -int -tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - struct tlsext_data *td; - int ret = 0; - - if ((td = tlsext_data_new()) == NULL) - goto err; - - /* XXX - this should be done by the caller... */ - if (msg_type == SSL_TLSEXT_MSG_CH) - tlsext_server_reset_state(s); - - if (!tlsext_parse(s, td, 1, msg_type, cbs, alert)) - goto err; - if (!tlsext_process(s, td, 1, msg_type, alert)) - goto err; - - ret = 1; - - err: - tlsext_data_free(td); - - return ret; -} - -static void -tlsext_client_reset_state(SSL *s) -{ - s->s3->renegotiate_seen = 0; - free(s->s3->alpn_selected); - s->s3->alpn_selected = NULL; - s->s3->alpn_selected_len = 0; -} - -int -tlsext_client_build(SSL *s, uint16_t msg_type, CBB *cbb) -{ - return tlsext_build(s, 0, msg_type, cbb); -} - -int -tlsext_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) -{ - struct tlsext_data *td; - int ret = 0; - - if ((td = tlsext_data_new()) == NULL) - goto err; - - /* XXX - this should be done by the caller... */ - if (msg_type == SSL_TLSEXT_MSG_SH) - tlsext_client_reset_state(s); - - if (!tlsext_parse(s, td, 0, msg_type, cbs, alert)) - goto err; - if (!tlsext_process(s, td, 0, msg_type, alert)) - goto err; - - ret = 1; - - err: - tlsext_data_free(td); - - return ret; -} diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h deleted file mode 100644 index 4fd2ec05a0..0000000000 --- a/src/lib/libssl/ssl_tlsext.h +++ /dev/null @@ -1,49 +0,0 @@ -/* $OpenBSD: ssl_tlsext.h,v 1.34 2024/03/26 03:44:11 beck Exp $ */ -/* - * Copyright (c) 2016, 2017 Joel Sing - * Copyright (c) 2017 Doug Hogan - * Copyright (c) 2019 Bob Beck - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef HEADER_SSL_TLSEXT_H -#define HEADER_SSL_TLSEXT_H - -/* TLSv1.3 - RFC 8446 Section 4.2. */ -#define SSL_TLSEXT_MSG_CH 0x0001 /* ClientHello */ -#define SSL_TLSEXT_MSG_SH 0x0002 /* ServerHello */ -#define SSL_TLSEXT_MSG_EE 0x0004 /* EncryptedExtension */ -#define SSL_TLSEXT_MSG_CT 0x0008 /* Certificate */ -#define SSL_TLSEXT_MSG_CR 0x0010 /* CertificateRequest */ -#define SSL_TLSEXT_MSG_NST 0x0020 /* NewSessionTicket */ -#define SSL_TLSEXT_MSG_HRR 0x0040 /* HelloRetryRequest */ - -__BEGIN_HIDDEN_DECLS - -int tlsext_alpn_check_format(CBS *cbs); -int tlsext_sni_is_valid_hostname(CBS *cbs, int *is_ip); - -int tlsext_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); - -int tlsext_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); - -int tlsext_extension_seen(SSL *s, uint16_t); -int tlsext_extension_processed(SSL *s, uint16_t); -int tlsext_randomize_build_order(SSL *s); - -__END_HIDDEN_DECLS - -#endif diff --git a/src/lib/libssl/ssl_transcript.c b/src/lib/libssl/ssl_transcript.c deleted file mode 100644 index 22cd6c3cfa..0000000000 --- a/src/lib/libssl/ssl_transcript.c +++ /dev/null @@ -1,197 +0,0 @@ -/* $OpenBSD: ssl_transcript.c,v 1.9 2022/11/26 16:08:56 tb Exp $ */ -/* - * Copyright (c) 2017 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#include "ssl_local.h" -#include "tls_internal.h" - -int -tls1_transcript_hash_init(SSL *s) -{ - const unsigned char *data; - const EVP_MD *md; - size_t len; - - tls1_transcript_hash_free(s); - - if (!ssl_get_handshake_evp_md(s, &md)) { - SSLerrorx(ERR_R_INTERNAL_ERROR); - goto err; - } - - if ((s->s3->handshake_hash = EVP_MD_CTX_new()) == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!EVP_DigestInit_ex(s->s3->handshake_hash, md, NULL)) { - SSLerror(s, ERR_R_EVP_LIB); - goto err; - } - - if (!tls1_transcript_data(s, &data, &len)) { - SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH); - goto err; - } - if (!tls1_transcript_hash_update(s, data, len)) { - SSLerror(s, ERR_R_EVP_LIB); - goto err; - } - - return 1; - - err: - tls1_transcript_hash_free(s); - - return 0; -} - -int -tls1_transcript_hash_update(SSL *s, const unsigned char *buf, size_t len) -{ - if (s->s3->handshake_hash == NULL) - return 1; - - return EVP_DigestUpdate(s->s3->handshake_hash, buf, len); -} - -int -tls1_transcript_hash_value(SSL *s, unsigned char *out, size_t len, - size_t *outlen) -{ - EVP_MD_CTX *mdctx = NULL; - unsigned int mdlen; - int ret = 0; - - if (s->s3->handshake_hash == NULL) - goto err; - - if (EVP_MD_CTX_size(s->s3->handshake_hash) > len) - goto err; - - if ((mdctx = EVP_MD_CTX_new()) == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!EVP_MD_CTX_copy_ex(mdctx, s->s3->handshake_hash)) { - SSLerror(s, ERR_R_EVP_LIB); - goto err; - } - if (!EVP_DigestFinal_ex(mdctx, out, &mdlen)) { - SSLerror(s, ERR_R_EVP_LIB); - goto err; - } - if (outlen != NULL) - *outlen = mdlen; - - ret = 1; - - err: - EVP_MD_CTX_free(mdctx); - - return (ret); -} - -void -tls1_transcript_hash_free(SSL *s) -{ - EVP_MD_CTX_free(s->s3->handshake_hash); - s->s3->handshake_hash = NULL; -} - -int -tls1_transcript_init(SSL *s) -{ - if (s->s3->handshake_transcript != NULL) - return 0; - - if ((s->s3->handshake_transcript = tls_buffer_new(0)) == NULL) - return 0; - - tls1_transcript_reset(s); - - return 1; -} - -void -tls1_transcript_free(SSL *s) -{ - tls_buffer_free(s->s3->handshake_transcript); - s->s3->handshake_transcript = NULL; -} - -void -tls1_transcript_reset(SSL *s) -{ - tls_buffer_clear(s->s3->handshake_transcript); - - tls1_transcript_unfreeze(s); -} - -int -tls1_transcript_append(SSL *s, const unsigned char *buf, size_t len) -{ - if (s->s3->handshake_transcript == NULL) - return 1; - - if (s->s3->flags & TLS1_FLAGS_FREEZE_TRANSCRIPT) - return 1; - - return tls_buffer_append(s->s3->handshake_transcript, buf, len); -} - -int -tls1_transcript_data(SSL *s, const unsigned char **data, size_t *len) -{ - CBS cbs; - - if (s->s3->handshake_transcript == NULL) - return 0; - - if (!tls_buffer_data(s->s3->handshake_transcript, &cbs)) - return 0; - - /* XXX - change to caller providing a CBS argument. */ - *data = CBS_data(&cbs); - *len = CBS_len(&cbs); - - return 1; -} - -void -tls1_transcript_freeze(SSL *s) -{ - s->s3->flags |= TLS1_FLAGS_FREEZE_TRANSCRIPT; -} - -void -tls1_transcript_unfreeze(SSL *s) -{ - s->s3->flags &= ~TLS1_FLAGS_FREEZE_TRANSCRIPT; -} - -int -tls1_transcript_record(SSL *s, const unsigned char *buf, size_t len) -{ - if (!tls1_transcript_hash_update(s, buf, len)) - return 0; - - if (!tls1_transcript_append(s, buf, len)) - return 0; - - return 1; -} diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c deleted file mode 100644 index 4ed76c95ab..0000000000 --- a/src/lib/libssl/ssl_txt.c +++ /dev/null @@ -1,202 +0,0 @@ -/* $OpenBSD: ssl_txt.c,v 1.39 2024/07/22 14:47:15 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#include - -#include - -#include "ssl_local.h" - -int -SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) -{ - BIO *b; - int ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - SSLerrorx(ERR_R_BUF_LIB); - return 0; - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = SSL_SESSION_print(b, x); - BIO_free(b); - return ret; -} -LSSL_ALIAS(SSL_SESSION_print_fp); - -int -SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) -{ - const SSL_CIPHER *cipher; - size_t i; - int ret = 0; - - if (x == NULL) - goto err; - - if (BIO_puts(bp, "SSL-Session:\n") <= 0) - goto err; - - if (BIO_printf(bp, " Protocol : %s\n", - ssl_version_string(x->ssl_version)) <= 0) - goto err; - - if ((cipher = ssl3_get_cipher_by_value(x->cipher_value)) == NULL) { - if (BIO_printf(bp, " Cipher : %04X\n", - x->cipher_value) <= 0) - goto err; - } else { - const char *cipher_name = "unknown"; - - if (cipher->name != NULL) - cipher_name = cipher->name; - - if (BIO_printf(bp, " Cipher : %s\n", cipher_name) <= 0) - goto err; - } - - if (BIO_puts(bp, " Session-ID: ") <= 0) - goto err; - - for (i = 0; i < x->session_id_length; i++) { - if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0) - goto err; - } - - if (BIO_puts(bp, "\n Session-ID-ctx: ") <= 0) - goto err; - - for (i = 0; i < x->sid_ctx_length; i++) { - if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0) - goto err; - } - - if (BIO_puts(bp, "\n Master-Key: ") <= 0) - goto err; - - for (i = 0; i < x->master_key_length; i++) { - if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) - goto err; - } - - if (x->tlsext_tick_lifetime_hint > 0) { - if (BIO_printf(bp, - "\n TLS session ticket lifetime hint: %u (seconds)", - x->tlsext_tick_lifetime_hint) <= 0) - goto err; - } - - if (x->tlsext_tick != NULL) { - if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) - goto err; - if (BIO_dump_indent(bp, x->tlsext_tick, x->tlsext_ticklen, - 4) <= 0) - goto err; - } - - if (x->time != 0) { - if (BIO_printf(bp, "\n Start Time: %lld", - (long long)x->time) <= 0) - goto err; - } - - if (x->timeout != 0) { - if (BIO_printf(bp, "\n Timeout : %ld (sec)", - x->timeout) <= 0) - goto err; - } - - if (BIO_puts(bp, "\n") <= 0) - goto err; - - if (BIO_printf(bp, " Verify return code: %ld (%s)\n", - x->verify_result, - X509_verify_cert_error_string(x->verify_result)) <= 0) - goto err; - - ret = 1; - err: - return ret; -} -LSSL_ALIAS(SSL_SESSION_print); diff --git a/src/lib/libssl/ssl_versions.c b/src/lib/libssl/ssl_versions.c deleted file mode 100644 index 8273546062..0000000000 --- a/src/lib/libssl/ssl_versions.c +++ /dev/null @@ -1,373 +0,0 @@ -/* $OpenBSD: ssl_versions.c,v 1.27 2023/07/02 17:21:32 beck Exp $ */ -/* - * Copyright (c) 2016, 2017 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "ssl_local.h" - -static uint16_t -ssl_dtls_to_tls_version(uint16_t dtls_ver) -{ - if (dtls_ver == DTLS1_VERSION) - return TLS1_1_VERSION; - if (dtls_ver == DTLS1_2_VERSION) - return TLS1_2_VERSION; - return 0; -} - -static uint16_t -ssl_tls_to_dtls_version(uint16_t tls_ver) -{ - if (tls_ver == TLS1_1_VERSION) - return DTLS1_VERSION; - if (tls_ver == TLS1_2_VERSION) - return DTLS1_2_VERSION; - return 0; -} - -static int -ssl_clamp_tls_version_range(uint16_t *min_ver, uint16_t *max_ver, - uint16_t clamp_min, uint16_t clamp_max) -{ - if (clamp_min > clamp_max || *min_ver > *max_ver) - return 0; - if (clamp_max < *min_ver || clamp_min > *max_ver) - return 0; - - if (*min_ver < clamp_min) - *min_ver = clamp_min; - if (*max_ver > clamp_max) - *max_ver = clamp_max; - - return 1; -} - -int -ssl_version_set_min(const SSL_METHOD *meth, uint16_t proto_ver, - uint16_t max_tls_ver, uint16_t *out_tls_ver, uint16_t *out_proto_ver) -{ - uint16_t min_proto, min_version, max_version; - - if (proto_ver == 0) { - *out_tls_ver = meth->min_tls_version; - *out_proto_ver = 0; - return 1; - } - - min_version = proto_ver; - max_version = max_tls_ver; - - if (meth->dtls) { - if ((min_version = ssl_dtls_to_tls_version(proto_ver)) == 0) - return 0; - } - - if (!ssl_clamp_tls_version_range(&min_version, &max_version, - meth->min_tls_version, meth->max_tls_version)) - return 0; - - min_proto = min_version; - if (meth->dtls) { - if ((min_proto = ssl_tls_to_dtls_version(min_version)) == 0) - return 0; - } - *out_tls_ver = min_version; - *out_proto_ver = min_proto; - - return 1; -} - -int -ssl_version_set_max(const SSL_METHOD *meth, uint16_t proto_ver, - uint16_t min_tls_ver, uint16_t *out_tls_ver, uint16_t *out_proto_ver) -{ - uint16_t max_proto, min_version, max_version; - - if (proto_ver == 0) { - *out_tls_ver = meth->max_tls_version; - *out_proto_ver = 0; - return 1; - } - - min_version = min_tls_ver; - max_version = proto_ver; - - if (meth->dtls) { - if ((max_version = ssl_dtls_to_tls_version(proto_ver)) == 0) - return 0; - } - - if (!ssl_clamp_tls_version_range(&min_version, &max_version, - meth->min_tls_version, meth->max_tls_version)) - return 0; - - max_proto = max_version; - if (meth->dtls) { - if ((max_proto = ssl_tls_to_dtls_version(max_version)) == 0) - return 0; - } - *out_tls_ver = max_version; - *out_proto_ver = max_proto; - - return 1; -} - -int -ssl_enabled_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) -{ - uint16_t min_version, max_version; - unsigned long options; - - /* - * The enabled versions have to be a contiguous range, which means we - * cannot enable and disable single versions at our whim, even though - * this is what the OpenSSL flags allow. The historical way this has - * been handled is by making a flag mean that all higher versions - * are disabled, if any version lower than the flag is enabled. - */ - - min_version = 0; - max_version = TLS1_3_VERSION; - options = s->options; - - if (SSL_is_dtls(s)) { - options = 0; - if (s->options & SSL_OP_NO_DTLSv1) - options |= SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1; - if (s->options & SSL_OP_NO_DTLSv1_2) - options |= SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_2; - } - - if ((options & SSL_OP_NO_TLSv1_2) == 0) - min_version = TLS1_2_VERSION; - else if ((options & SSL_OP_NO_TLSv1_3) == 0) - min_version = TLS1_3_VERSION; - - if ((options & SSL_OP_NO_TLSv1_3) && min_version < TLS1_3_VERSION) - max_version = TLS1_2_VERSION; - if ((options & SSL_OP_NO_TLSv1_2) && min_version < TLS1_2_VERSION) - max_version = 0; - - /* Everything has been disabled... */ - if (min_version == 0 || max_version == 0) - return 0; - - /* Limit to configured version range. */ - if (!ssl_clamp_tls_version_range(&min_version, &max_version, - s->min_tls_version, s->max_tls_version)) - return 0; - - /* QUIC requires a minimum of TLSv1.3. */ - if (SSL_is_quic(s)) { - if (max_version < TLS1_3_VERSION) - return 0; - if (min_version < TLS1_3_VERSION) - min_version = TLS1_3_VERSION; - } - - if (min_ver != NULL) - *min_ver = min_version; - if (max_ver != NULL) - *max_ver = max_version; - - return 1; -} - -int -ssl_supported_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) -{ - uint16_t min_version, max_version; - - if (!ssl_enabled_tls_version_range(s, &min_version, &max_version)) - return 0; - - /* Limit to the versions supported by this method. */ - if (!ssl_clamp_tls_version_range(&min_version, &max_version, - s->method->min_tls_version, s->method->max_tls_version)) - return 0; - - if (min_ver != NULL) - *min_ver = min_version; - if (max_ver != NULL) - *max_ver = max_version; - - return 1; -} - -uint16_t -ssl_tls_version(uint16_t version) -{ - if (version == TLS1_VERSION || version == TLS1_1_VERSION || - version == TLS1_2_VERSION || version == TLS1_3_VERSION) - return version; - - if (version == DTLS1_VERSION) - return TLS1_1_VERSION; - if (version == DTLS1_2_VERSION) - return TLS1_2_VERSION; - - return 0; -} - -uint16_t -ssl_effective_tls_version(SSL *s) -{ - if (s->s3->hs.negotiated_tls_version > 0) - return s->s3->hs.negotiated_tls_version; - - return s->s3->hs.our_max_tls_version; -} - -int -ssl_max_supported_version(SSL *s, uint16_t *max_ver) -{ - uint16_t max_version; - - *max_ver = 0; - - if (!ssl_supported_tls_version_range(s, NULL, &max_version)) - return 0; - - if (SSL_is_dtls(s)) { - if ((max_version = ssl_tls_to_dtls_version(max_version)) == 0) - return 0; - } - - *max_ver = max_version; - - return 1; -} - -int -ssl_max_legacy_version(SSL *s, uint16_t *max_ver) -{ - uint16_t max_version; - - if ((max_version = s->s3->hs.our_max_tls_version) > TLS1_2_VERSION) - max_version = TLS1_2_VERSION; - - if (SSL_is_dtls(s)) { - if ((max_version = ssl_tls_to_dtls_version(max_version)) == 0) - return 0; - } - - *max_ver = max_version; - - return 1; -} - -int -ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver) -{ - uint16_t min_version, max_version, peer_tls_version, shared_version; - - *max_ver = 0; - peer_tls_version = peer_ver; - - if (SSL_is_dtls(s)) { - if ((peer_ver >> 8) != DTLS1_VERSION_MAJOR) - return 0; - - /* - * Convert the peer version to a TLS version - DTLS versions are - * the 1's complement of TLS version numbers (but not the actual - * protocol version numbers, that would be too sensible). Not to - * mention that DTLSv1.0 is really equivalent to DTLSv1.1. - */ - peer_tls_version = ssl_dtls_to_tls_version(peer_ver); - - /* - * This may be a version that we do not know about, if it is - * newer than DTLS1_2_VERSION (yes, less than is correct due - * to the "clever" versioning scheme), use TLS1_2_VERSION. - */ - if (peer_tls_version == 0) { - if (peer_ver < DTLS1_2_VERSION) - peer_tls_version = TLS1_2_VERSION; - } - } - - if (peer_tls_version >= TLS1_3_VERSION) - shared_version = TLS1_3_VERSION; - else if (peer_tls_version >= TLS1_2_VERSION) - shared_version = TLS1_2_VERSION; - else if (peer_tls_version >= TLS1_1_VERSION) - shared_version = TLS1_1_VERSION; - else if (peer_tls_version >= TLS1_VERSION) - shared_version = TLS1_VERSION; - else - return 0; - - if (!ssl_supported_tls_version_range(s, &min_version, &max_version)) - return 0; - - if (shared_version < min_version) - return 0; - - if (shared_version > max_version) - shared_version = max_version; - - if (SSL_is_dtls(s)) { - /* - * The resulting shared version will by definition be something - * that we know about. Switch back from TLS to DTLS. - */ - shared_version = ssl_tls_to_dtls_version(shared_version); - if (shared_version == 0) - return 0; - } - - if (!ssl_security_version(s, shared_version)) - return 0; - - *max_ver = shared_version; - - return 1; -} - -int -ssl_check_version_from_server(SSL *s, uint16_t server_version) -{ - uint16_t min_tls_version, max_tls_version, server_tls_version; - - /* Ensure that the version selected by the server is valid. */ - - server_tls_version = server_version; - if (SSL_is_dtls(s)) { - server_tls_version = ssl_dtls_to_tls_version(server_version); - if (server_tls_version == 0) - return 0; - } - - if (!ssl_supported_tls_version_range(s, &min_tls_version, - &max_tls_version)) - return 0; - - if (server_tls_version < min_tls_version || - server_tls_version > max_tls_version) - return 0; - - return ssl_security_version(s, server_tls_version); -} - -int -ssl_legacy_stack_version(SSL *s, uint16_t version) -{ - if (SSL_is_dtls(s)) - return version == DTLS1_VERSION || version == DTLS1_2_VERSION; - - return version == TLS1_VERSION || version == TLS1_1_VERSION || - version == TLS1_2_VERSION; -} diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c deleted file mode 100644 index 64e1dd5b63..0000000000 --- a/src/lib/libssl/t1_enc.c +++ /dev/null @@ -1,417 +0,0 @@ -/* $OpenBSD: t1_enc.c,v 1.158 2024/07/20 04:04:23 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#include -#include - -#include -#include -#include -#include - -#include "dtls_local.h" -#include "ssl_local.h" - -void -tls1_cleanup_key_block(SSL *s) -{ - tls12_key_block_free(s->s3->hs.tls12.key_block); - s->s3->hs.tls12.key_block = NULL; -} - -/* - * TLS P_hash() data expansion function - see RFC 5246, section 5. - */ -static int -tls1_P_hash(const EVP_MD *md, const unsigned char *secret, size_t secret_len, - const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len, - const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len, - const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len) -{ - unsigned char A1[EVP_MAX_MD_SIZE], hmac[EVP_MAX_MD_SIZE]; - size_t A1_len, hmac_len; - EVP_MD_CTX *ctx = NULL; - EVP_PKEY *mac_key = NULL; - int ret = 0; - int chunk; - size_t i; - - chunk = EVP_MD_size(md); - OPENSSL_assert(chunk >= 0); - - if ((ctx = EVP_MD_CTX_new()) == NULL) - goto err; - - mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, secret, secret_len); - if (mac_key == NULL) - goto err; - if (!EVP_DigestSignInit(ctx, NULL, md, NULL, mac_key)) - goto err; - if (seed1 && !EVP_DigestSignUpdate(ctx, seed1, seed1_len)) - goto err; - if (seed2 && !EVP_DigestSignUpdate(ctx, seed2, seed2_len)) - goto err; - if (seed3 && !EVP_DigestSignUpdate(ctx, seed3, seed3_len)) - goto err; - if (seed4 && !EVP_DigestSignUpdate(ctx, seed4, seed4_len)) - goto err; - if (seed5 && !EVP_DigestSignUpdate(ctx, seed5, seed5_len)) - goto err; - if (!EVP_DigestSignFinal(ctx, A1, &A1_len)) - goto err; - - for (;;) { - if (!EVP_DigestSignInit(ctx, NULL, md, NULL, mac_key)) - goto err; - if (!EVP_DigestSignUpdate(ctx, A1, A1_len)) - goto err; - if (seed1 && !EVP_DigestSignUpdate(ctx, seed1, seed1_len)) - goto err; - if (seed2 && !EVP_DigestSignUpdate(ctx, seed2, seed2_len)) - goto err; - if (seed3 && !EVP_DigestSignUpdate(ctx, seed3, seed3_len)) - goto err; - if (seed4 && !EVP_DigestSignUpdate(ctx, seed4, seed4_len)) - goto err; - if (seed5 && !EVP_DigestSignUpdate(ctx, seed5, seed5_len)) - goto err; - if (!EVP_DigestSignFinal(ctx, hmac, &hmac_len)) - goto err; - - if (hmac_len > out_len) - hmac_len = out_len; - - for (i = 0; i < hmac_len; i++) - out[i] ^= hmac[i]; - - out += hmac_len; - out_len -= hmac_len; - - if (out_len == 0) - break; - - if (!EVP_DigestSignInit(ctx, NULL, md, NULL, mac_key)) - goto err; - if (!EVP_DigestSignUpdate(ctx, A1, A1_len)) - goto err; - if (!EVP_DigestSignFinal(ctx, A1, &A1_len)) - goto err; - } - ret = 1; - - err: - EVP_PKEY_free(mac_key); - EVP_MD_CTX_free(ctx); - - explicit_bzero(A1, sizeof(A1)); - explicit_bzero(hmac, sizeof(hmac)); - - return ret; -} - -int -tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len, - const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len, - const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len, - const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len) -{ - const EVP_MD *md; - size_t half_len; - - memset(out, 0, out_len); - - if (!ssl_get_handshake_evp_md(s, &md)) - return (0); - - if (EVP_MD_type(md) == NID_md5_sha1) { - /* - * Partition secret between MD5 and SHA1, then XOR result. - * If the secret length is odd, a one byte overlap is used. - */ - half_len = secret_len - (secret_len / 2); - if (!tls1_P_hash(EVP_md5(), secret, half_len, seed1, seed1_len, - seed2, seed2_len, seed3, seed3_len, seed4, seed4_len, - seed5, seed5_len, out, out_len)) - return (0); - - secret += secret_len - half_len; - if (!tls1_P_hash(EVP_sha1(), secret, half_len, seed1, seed1_len, - seed2, seed2_len, seed3, seed3_len, seed4, seed4_len, - seed5, seed5_len, out, out_len)) - return (0); - - return (1); - } - - if (!tls1_P_hash(md, secret, secret_len, seed1, seed1_len, - seed2, seed2_len, seed3, seed3_len, seed4, seed4_len, - seed5, seed5_len, out, out_len)) - return (0); - - return (1); -} - -int -tls1_generate_key_block(SSL *s, uint8_t *key_block, size_t key_block_len) -{ - return tls1_PRF(s, - s->session->master_key, s->session->master_key_length, - TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE, - s->s3->server_random, SSL3_RANDOM_SIZE, - s->s3->client_random, SSL3_RANDOM_SIZE, - NULL, 0, NULL, 0, key_block, key_block_len); -} - -static int -tls1_change_cipher_state(SSL *s, int is_write) -{ - CBS mac_key, key, iv; - - /* Use client write keys on client write and server read. */ - if ((!s->server && is_write) || (s->server && !is_write)) { - tls12_key_block_client_write(s->s3->hs.tls12.key_block, - &mac_key, &key, &iv); - } else { - tls12_key_block_server_write(s->s3->hs.tls12.key_block, - &mac_key, &key, &iv); - } - - if (!is_write) { - if (!tls12_record_layer_change_read_cipher_state(s->rl, - &mac_key, &key, &iv)) - goto err; - if (SSL_is_dtls(s)) - dtls1_reset_read_seq_numbers(s); - } else { - if (!tls12_record_layer_change_write_cipher_state(s->rl, - &mac_key, &key, &iv)) - goto err; - } - return (1); - - err: - return (0); -} - -int -tls1_change_read_cipher_state(SSL *s) -{ - return tls1_change_cipher_state(s, 0); -} - -int -tls1_change_write_cipher_state(SSL *s) -{ - return tls1_change_cipher_state(s, 1); -} - -int -tls1_setup_key_block(SSL *s) -{ - struct tls12_key_block *key_block; - int mac_type = NID_undef, mac_secret_size = 0; - const EVP_CIPHER *cipher = NULL; - const EVP_AEAD *aead = NULL; - const EVP_MD *handshake_hash = NULL; - const EVP_MD *mac_hash = NULL; - int ret = 0; - - /* - * XXX - callers should be changed so that they only call this - * function once. - */ - if (s->s3->hs.tls12.key_block != NULL) - return (1); - - if (s->s3->hs.cipher == NULL) - return (0); - - if ((s->s3->hs.cipher->algorithm_mac & SSL_AEAD) != 0) { - if (!ssl_cipher_get_evp_aead(s, &aead)) { - SSLerror(s, SSL_R_CIPHER_OR_HASH_UNAVAILABLE); - return (0); - } - } else { - /* XXX - mac_type and mac_secret_size are now unused. */ - if (!ssl_cipher_get_evp(s, &cipher, &mac_hash, - &mac_type, &mac_secret_size)) { - SSLerror(s, SSL_R_CIPHER_OR_HASH_UNAVAILABLE); - return (0); - } - } - - if (!ssl_get_handshake_evp_md(s, &handshake_hash)) - return (0); - - tls12_record_layer_set_aead(s->rl, aead); - tls12_record_layer_set_cipher_hash(s->rl, cipher, - handshake_hash, mac_hash); - - if ((key_block = tls12_key_block_new()) == NULL) - goto err; - if (!tls12_key_block_generate(key_block, s, aead, cipher, mac_hash)) - goto err; - - s->s3->hs.tls12.key_block = key_block; - key_block = NULL; - - if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) && - s->method->version <= TLS1_VERSION) { - /* - * Enable vulnerability countermeasure for CBC ciphers with - * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) - */ - s->s3->need_empty_fragments = 1; - - if (s->s3->hs.cipher != NULL) { - if (s->s3->hs.cipher->algorithm_enc == SSL_eNULL) - s->s3->need_empty_fragments = 0; - -#ifndef OPENSSL_NO_RC4 - if (s->s3->hs.cipher->algorithm_enc == SSL_RC4) - s->s3->need_empty_fragments = 0; -#endif - } - } - - ret = 1; - - err: - tls12_key_block_free(key_block); - - return (ret); -} diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c deleted file mode 100644 index b200f78098..0000000000 --- a/src/lib/libssl/t1_lib.c +++ /dev/null @@ -1,1119 +0,0 @@ -/* $OpenBSD: t1_lib.c,v 1.204 2025/01/18 14:17:05 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include - -#include -#include -#include -#include - -#include "bytestring.h" -#include "ssl_local.h" -#include "ssl_sigalgs.h" -#include "ssl_tlsext.h" - -static int tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, - SSL_SESSION **psess); - -int -tls1_new(SSL *s) -{ - if (!ssl3_new(s)) - return 0; - s->method->ssl_clear(s); - return 1; -} - -void -tls1_free(SSL *s) -{ - if (s == NULL) - return; - - free(s->tlsext_session_ticket); - ssl3_free(s); -} - -void -tls1_clear(SSL *s) -{ - ssl3_clear(s); - s->version = s->method->version; -} - -struct supported_group { - int nid; - int bits; -}; - -/* - * Supported groups (formerly known as named curves) - * https://www.iana.org/assignments/tls-parameters/#tls-parameters-8 - */ -static const struct supported_group nid_list[] = { - [1] = { - .nid = NID_sect163k1, - .bits = 80, - }, - [2] = { - .nid = NID_sect163r1, - .bits = 80, - }, - [3] = { - .nid = NID_sect163r2, - .bits = 80, - }, - [4] = { - .nid = NID_sect193r1, - .bits = 80, - }, - [5] = { - .nid = NID_sect193r2, - .bits = 80, - }, - [6] = { - .nid = NID_sect233k1, - .bits = 112, - }, - [7] = { - .nid = NID_sect233r1, - .bits = 112, - }, - [8] = { - .nid = NID_sect239k1, - .bits = 112, - }, - [9] = { - .nid = NID_sect283k1, - .bits = 128, - }, - [10] = { - .nid = NID_sect283r1, - .bits = 128, - }, - [11] = { - .nid = NID_sect409k1, - .bits = 192, - }, - [12] = { - .nid = NID_sect409r1, - .bits = 192, - }, - [13] = { - .nid = NID_sect571k1, - .bits = 256, - }, - [14] = { - .nid = NID_sect571r1, - .bits = 256, - }, - [15] = { - .nid = NID_secp160k1, - .bits = 80, - }, - [16] = { - .nid = NID_secp160r1, - .bits = 80, - }, - [17] = { - .nid = NID_secp160r2, - .bits = 80, - }, - [18] = { - .nid = NID_secp192k1, - .bits = 80, - }, - [19] = { - .nid = NID_X9_62_prime192v1, /* aka secp192r1 */ - .bits = 80, - }, - [20] = { - .nid = NID_secp224k1, - .bits = 112, - }, - [21] = { - .nid = NID_secp224r1, - .bits = 112, - }, - [22] = { - .nid = NID_secp256k1, - .bits = 128, - }, - [23] = { - .nid = NID_X9_62_prime256v1, /* aka secp256r1 */ - .bits = 128, - }, - [24] = { - .nid = NID_secp384r1, - .bits = 192, - }, - [25] = { - .nid = NID_secp521r1, - .bits = 256, - }, - [26] = { - .nid = NID_brainpoolP256r1, - .bits = 128, - }, - [27] = { - .nid = NID_brainpoolP384r1, - .bits = 192, - }, - [28] = { - .nid = NID_brainpoolP512r1, - .bits = 256, - }, - [29] = { - .nid = NID_X25519, - .bits = 128, - }, -}; - -#define NID_LIST_LEN (sizeof(nid_list) / sizeof(nid_list[0])) - -#if 0 -static const uint8_t ecformats_list[] = { - TLSEXT_ECPOINTFORMAT_uncompressed, - TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime, - TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 -}; -#endif - -static const uint8_t ecformats_default[] = { - TLSEXT_ECPOINTFORMAT_uncompressed, -}; - -#if 0 -static const uint16_t ecgroups_list[] = { - 29, /* X25519 (29) */ - 14, /* sect571r1 (14) */ - 13, /* sect571k1 (13) */ - 25, /* secp521r1 (25) */ - 28, /* brainpoolP512r1 (28) */ - 11, /* sect409k1 (11) */ - 12, /* sect409r1 (12) */ - 27, /* brainpoolP384r1 (27) */ - 24, /* secp384r1 (24) */ - 9, /* sect283k1 (9) */ - 10, /* sect283r1 (10) */ - 26, /* brainpoolP256r1 (26) */ - 22, /* secp256k1 (22) */ - 23, /* secp256r1 (23) */ - 8, /* sect239k1 (8) */ - 6, /* sect233k1 (6) */ - 7, /* sect233r1 (7) */ - 20, /* secp224k1 (20) */ - 21, /* secp224r1 (21) */ - 4, /* sect193r1 (4) */ - 5, /* sect193r2 (5) */ - 18, /* secp192k1 (18) */ - 19, /* secp192r1 (19) */ - 1, /* sect163k1 (1) */ - 2, /* sect163r1 (2) */ - 3, /* sect163r2 (3) */ - 15, /* secp160k1 (15) */ - 16, /* secp160r1 (16) */ - 17, /* secp160r2 (17) */ -}; -#endif - -static const uint16_t ecgroups_client_default[] = { - 29, /* X25519 (29) */ - 23, /* secp256r1 (23) */ - 24, /* secp384r1 (24) */ - 25, /* secp521r1 (25) */ -}; - -static const uint16_t ecgroups_server_default[] = { - 29, /* X25519 (29) */ - 23, /* secp256r1 (23) */ - 24, /* secp384r1 (24) */ -}; - -int -tls1_ec_group_id2nid(uint16_t group_id, int *out_nid) -{ - int nid; - - if (group_id >= NID_LIST_LEN) - return 0; - - if ((nid = nid_list[group_id].nid) == 0) - return 0; - - *out_nid = nid; - - return 1; -} - -int -tls1_ec_group_id2bits(uint16_t group_id, int *out_bits) -{ - int bits; - - if (group_id >= NID_LIST_LEN) - return 0; - - if ((bits = nid_list[group_id].bits) == 0) - return 0; - - *out_bits = bits; - - return 1; -} - -int -tls1_ec_nid2group_id(int nid, uint16_t *out_group_id) -{ - uint16_t group_id; - - if (nid == 0) - return 0; - - for (group_id = 0; group_id < NID_LIST_LEN; group_id++) { - if (nid_list[group_id].nid == nid) { - *out_group_id = group_id; - return 1; - } - } - - return 0; -} - -/* - * Return the appropriate format list. If client_formats is non-zero, return - * the client/session formats. Otherwise return the custom format list if one - * exists, or the default formats if a custom list has not been specified. - */ -void -tls1_get_formatlist(const SSL *s, int client_formats, const uint8_t **pformats, - size_t *pformatslen) -{ - if (client_formats != 0) { - *pformats = s->session->tlsext_ecpointformatlist; - *pformatslen = s->session->tlsext_ecpointformatlist_length; - return; - } - - *pformats = s->tlsext_ecpointformatlist; - *pformatslen = s->tlsext_ecpointformatlist_length; - if (*pformats == NULL) { - *pformats = ecformats_default; - *pformatslen = sizeof(ecformats_default); - } -} - -/* - * Return the appropriate group list. If client_groups is non-zero, return - * the client/session groups. Otherwise return the custom group list if one - * exists, or the default groups if a custom list has not been specified. - */ -void -tls1_get_group_list(const SSL *s, int client_groups, const uint16_t **pgroups, - size_t *pgroupslen) -{ - if (client_groups != 0) { - *pgroups = s->session->tlsext_supportedgroups; - *pgroupslen = s->session->tlsext_supportedgroups_length; - return; - } - - *pgroups = s->tlsext_supportedgroups; - *pgroupslen = s->tlsext_supportedgroups_length; - if (*pgroups != NULL) - return; - - if (!s->server) { - *pgroups = ecgroups_client_default; - *pgroupslen = sizeof(ecgroups_client_default) / 2; - } else { - *pgroups = ecgroups_server_default; - *pgroupslen = sizeof(ecgroups_server_default) / 2; - } -} - -static int -tls1_get_group_lists(const SSL *ssl, const uint16_t **pref, size_t *preflen, - const uint16_t **supp, size_t *supplen) -{ - unsigned long server_pref; - - /* Cannot do anything on the client side. */ - if (!ssl->server) - return 0; - - server_pref = (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE); - tls1_get_group_list(ssl, (server_pref == 0), pref, preflen); - tls1_get_group_list(ssl, (server_pref != 0), supp, supplen); - - return 1; -} - -static int -tls1_group_id_present(uint16_t group_id, const uint16_t *list, size_t list_len) -{ - size_t i; - - for (i = 0; i < list_len; i++) { - if (group_id == list[i]) - return 1; - } - - return 0; -} - -int -tls1_count_shared_groups(const SSL *ssl, size_t *out_count) -{ - size_t count, preflen, supplen, i; - const uint16_t *pref, *supp; - - if (!tls1_get_group_lists(ssl, &pref, &preflen, &supp, &supplen)) - return 0; - - count = 0; - for (i = 0; i < preflen; i++) { - if (!tls1_group_id_present(pref[i], supp, supplen)) - continue; - - if (!ssl_security_shared_group(ssl, pref[i])) - continue; - - count++; - } - - *out_count = count; - - return 1; -} - -static int -tls1_group_by_index(const SSL *ssl, size_t n, int *out_nid, - int (*ssl_security_fn)(const SSL *, uint16_t)) -{ - size_t count, preflen, supplen, i; - const uint16_t *pref, *supp; - - if (!tls1_get_group_lists(ssl, &pref, &preflen, &supp, &supplen)) - return 0; - - count = 0; - for (i = 0; i < preflen; i++) { - if (!tls1_group_id_present(pref[i], supp, supplen)) - continue; - - if (!ssl_security_fn(ssl, pref[i])) - continue; - - if (count++ == n) - return tls1_ec_group_id2nid(pref[i], out_nid); - } - - return 0; -} - -int -tls1_get_shared_group_by_index(const SSL *ssl, size_t index, int *out_nid) -{ - return tls1_group_by_index(ssl, index, out_nid, - ssl_security_shared_group); -} - -int -tls1_get_supported_group(const SSL *ssl, int *out_nid) -{ - return tls1_group_by_index(ssl, 0, out_nid, - ssl_security_supported_group); -} - -int -tls1_set_groups(uint16_t **out_group_ids, size_t *out_group_ids_len, - const int *groups, size_t ngroups) -{ - uint16_t *group_ids; - size_t i; - - if ((group_ids = calloc(ngroups, sizeof(uint16_t))) == NULL) - return 0; - - for (i = 0; i < ngroups; i++) { - if (!tls1_ec_nid2group_id(groups[i], &group_ids[i])) { - free(group_ids); - return 0; - } - } - - free(*out_group_ids); - *out_group_ids = group_ids; - *out_group_ids_len = ngroups; - - return 1; -} - -int -tls1_set_group_list(uint16_t **out_group_ids, size_t *out_group_ids_len, - const char *groups) -{ - uint16_t *new_group_ids, *group_ids = NULL; - size_t ngroups = 0; - char *gs, *p, *q; - int nid; - - if ((gs = strdup(groups)) == NULL) - return 0; - - q = gs; - while ((p = strsep(&q, ":")) != NULL) { - nid = OBJ_sn2nid(p); - if (nid == NID_undef) - nid = OBJ_ln2nid(p); - if (nid == NID_undef) - nid = EC_curve_nist2nid(p); - if (nid == NID_undef) - goto err; - - if ((new_group_ids = reallocarray(group_ids, ngroups + 1, - sizeof(uint16_t))) == NULL) - goto err; - group_ids = new_group_ids; - - if (!tls1_ec_nid2group_id(nid, &group_ids[ngroups])) - goto err; - - ngroups++; - } - - free(gs); - free(*out_group_ids); - *out_group_ids = group_ids; - *out_group_ids_len = ngroups; - - return 1; - - err: - free(gs); - free(group_ids); - - return 0; -} - -/* Check that a group is one of our preferences. */ -int -tls1_check_group(SSL *s, uint16_t group_id) -{ - const uint16_t *groups; - size_t groupslen, i; - - tls1_get_group_list(s, 0, &groups, &groupslen); - - for (i = 0; i < groupslen; i++) { - if (!ssl_security_supported_group(s, groups[i])) - continue; - if (groups[i] == group_id) - return 1; - } - return 0; -} - -/* For an EC key set TLS ID and required compression based on parameters. */ -static int -tls1_set_ec_id(uint16_t *group_id, uint8_t *comp_id, EC_KEY *ec) -{ - const EC_GROUP *group; - int nid; - - if ((group = EC_KEY_get0_group(ec)) == NULL) - return 0; - - /* Determine group ID. */ - nid = EC_GROUP_get_curve_name(group); - if (!tls1_ec_nid2group_id(nid, group_id)) - return 0; - - /* Specify the compression identifier. */ - if (EC_KEY_get0_public_key(ec) == NULL) - return 0; - *comp_id = TLSEXT_ECPOINTFORMAT_uncompressed; - if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_COMPRESSED) { - *comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; - } - - return 1; -} - -/* Check that an EC key is compatible with extensions. */ -static int -tls1_check_ec_key(SSL *s, const uint16_t group_id, const uint8_t comp_id) -{ - size_t groupslen, formatslen, i; - const uint16_t *groups; - const uint8_t *formats; - - /* - * Check point formats extension if present, otherwise everything - * is supported (see RFC4492). - */ - tls1_get_formatlist(s, 1, &formats, &formatslen); - if (formats != NULL) { - for (i = 0; i < formatslen; i++) { - if (formats[i] == comp_id) - break; - } - if (i == formatslen) - return 0; - } - - /* - * Check group list if present, otherwise everything is supported. - */ - tls1_get_group_list(s, 1, &groups, &groupslen); - if (groups != NULL) { - for (i = 0; i < groupslen; i++) { - if (groups[i] == group_id) - break; - } - if (i == groupslen) - return 0; - } - - return 1; -} - -/* Check EC server key is compatible with client extensions. */ -int -tls1_check_ec_server_key(SSL *s) -{ - SSL_CERT_PKEY *cpk = s->cert->pkeys + SSL_PKEY_ECC; - uint16_t group_id; - uint8_t comp_id; - EC_KEY *eckey; - EVP_PKEY *pkey; - - if (cpk->x509 == NULL || cpk->privatekey == NULL) - return 0; - if ((pkey = X509_get0_pubkey(cpk->x509)) == NULL) - return 0; - if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) - return 0; - if (!tls1_set_ec_id(&group_id, &comp_id, eckey)) - return 0; - - return tls1_check_ec_key(s, group_id, comp_id); -} - -int -ssl_check_clienthello_tlsext_early(SSL *s) -{ - int ret = SSL_TLSEXT_ERR_NOACK; - int al = SSL_AD_UNRECOGNIZED_NAME; - - /* The handling of the ECPointFormats extension is done elsewhere, namely in - * ssl3_choose_cipher in s3_lib.c. - */ - /* The handling of the EllipticCurves extension is done elsewhere, namely in - * ssl3_choose_cipher in s3_lib.c. - */ - - if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) - ret = s->ctx->tlsext_servername_callback(s, &al, - s->ctx->tlsext_servername_arg); - else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) - ret = s->initial_ctx->tlsext_servername_callback(s, &al, - s->initial_ctx->tlsext_servername_arg); - - switch (ret) { - case SSL_TLSEXT_ERR_ALERT_FATAL: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - return -1; - case SSL_TLSEXT_ERR_ALERT_WARNING: - ssl3_send_alert(s, SSL3_AL_WARNING, al); - return 1; - case SSL_TLSEXT_ERR_NOACK: - default: - return 1; - } -} - -int -ssl_check_clienthello_tlsext_late(SSL *s) -{ - int ret = SSL_TLSEXT_ERR_OK; - int al = 0; /* XXX gcc3 */ - - /* If status request then ask callback what to do. - * Note: this must be called after servername callbacks in case - * the certificate has changed, and must be called after the cipher - * has been chosen because this may influence which certificate is sent - */ - if ((s->tlsext_status_type != -1) && - s->ctx && s->ctx->tlsext_status_cb) { - int r; - SSL_CERT_PKEY *certpkey; - certpkey = ssl_get_server_send_pkey(s); - /* If no certificate can't return certificate status */ - if (certpkey == NULL) { - s->tlsext_status_expected = 0; - return 1; - } - /* Set current certificate to one we will use so - * SSL_get_certificate et al can pick it up. - */ - s->cert->key = certpkey; - r = s->ctx->tlsext_status_cb(s, - s->ctx->tlsext_status_arg); - switch (r) { - /* We don't want to send a status request response */ - case SSL_TLSEXT_ERR_NOACK: - s->tlsext_status_expected = 0; - break; - /* status request response should be sent */ - case SSL_TLSEXT_ERR_OK: - if (s->tlsext_ocsp_resp) - s->tlsext_status_expected = 1; - else - s->tlsext_status_expected = 0; - break; - /* something bad happened */ - case SSL_TLSEXT_ERR_ALERT_FATAL: - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_INTERNAL_ERROR; - goto err; - } - } else - s->tlsext_status_expected = 0; - - err: - switch (ret) { - case SSL_TLSEXT_ERR_ALERT_FATAL: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - return -1; - case SSL_TLSEXT_ERR_ALERT_WARNING: - ssl3_send_alert(s, SSL3_AL_WARNING, al); - return 1; - default: - return 1; - } -} - -int -ssl_check_serverhello_tlsext(SSL *s) -{ - int ret = SSL_TLSEXT_ERR_NOACK; - int al = SSL_AD_UNRECOGNIZED_NAME; - - ret = SSL_TLSEXT_ERR_OK; - - if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) - ret = s->ctx->tlsext_servername_callback(s, &al, - s->ctx->tlsext_servername_arg); - else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) - ret = s->initial_ctx->tlsext_servername_callback(s, &al, - s->initial_ctx->tlsext_servername_arg); - - /* If we've requested certificate status and we wont get one - * tell the callback - */ - if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) && - s->ctx && s->ctx->tlsext_status_cb) { - int r; - - free(s->tlsext_ocsp_resp); - s->tlsext_ocsp_resp = NULL; - s->tlsext_ocsp_resp_len = 0; - - r = s->ctx->tlsext_status_cb(s, - s->ctx->tlsext_status_arg); - if (r == 0) { - al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - } - if (r < 0) { - al = SSL_AD_INTERNAL_ERROR; - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - } - } - - switch (ret) { - case SSL_TLSEXT_ERR_ALERT_FATAL: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - return -1; - case SSL_TLSEXT_ERR_ALERT_WARNING: - ssl3_send_alert(s, SSL3_AL_WARNING, al); - return 1; - case SSL_TLSEXT_ERR_NOACK: - default: - return 1; - } -} - -/* Since the server cache lookup is done early on in the processing of the - * ClientHello, and other operations depend on the result, we need to handle - * any TLS session ticket extension at the same time. - * - * ext_block: a CBS for the ClientHello extensions block. - * ret: (output) on return, if a ticket was decrypted, then this is set to - * point to the resulting session. - * - * If s->tls_session_secret_cb is set then we are expecting a pre-shared key - * ciphersuite, in which case we have no use for session tickets and one will - * never be decrypted, nor will s->tlsext_ticket_expected be set to 1. - * - * Returns: - * TLS1_TICKET_FATAL_ERROR: error from parsing or decrypting the ticket. - * TLS1_TICKET_NONE: no ticket was found (or was ignored, based on settings). - * TLS1_TICKET_EMPTY: a zero length extension was found, indicating that the - * client supports session tickets but doesn't currently have one to offer. - * TLS1_TICKET_NOT_DECRYPTED: either s->tls_session_secret_cb was - * set, or a ticket was offered but couldn't be decrypted because of a - * non-fatal error. - * TLS1_TICKET_DECRYPTED: a ticket was successfully decrypted and *ret was set. - * - * Side effects: - * Sets s->tlsext_ticket_expected to 1 if the server will have to issue - * a new session ticket to the client because the client indicated support - * (and s->tls_session_secret_cb is NULL) but the client either doesn't have - * a session ticket or we couldn't use the one it gave us, or if - * s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket. - * Otherwise, s->tlsext_ticket_expected is set to 0. - */ -int -tls1_process_ticket(SSL *s, CBS *ext_block, int *alert, SSL_SESSION **ret) -{ - CBS extensions, ext_data; - uint16_t ext_type = 0; - - s->tlsext_ticket_expected = 0; - *ret = NULL; - - /* - * If tickets disabled behave as if no ticket present to permit stateful - * resumption. - */ - if (SSL_get_options(s) & SSL_OP_NO_TICKET) - return TLS1_TICKET_NONE; - - /* - * An empty extensions block is valid, but obviously does not contain - * a session ticket. - */ - if (CBS_len(ext_block) == 0) - return TLS1_TICKET_NONE; - - if (!CBS_get_u16_length_prefixed(ext_block, &extensions)) { - *alert = SSL_AD_DECODE_ERROR; - return TLS1_TICKET_FATAL_ERROR; - } - - while (CBS_len(&extensions) > 0) { - if (!CBS_get_u16(&extensions, &ext_type) || - !CBS_get_u16_length_prefixed(&extensions, &ext_data)) { - *alert = SSL_AD_DECODE_ERROR; - return TLS1_TICKET_FATAL_ERROR; - } - - if (ext_type == TLSEXT_TYPE_session_ticket) - break; - } - - if (ext_type != TLSEXT_TYPE_session_ticket) - return TLS1_TICKET_NONE; - - if (CBS_len(&ext_data) == 0) { - /* - * The client will accept a ticket but does not currently - * have one. - */ - s->tlsext_ticket_expected = 1; - return TLS1_TICKET_EMPTY; - } - - if (s->tls_session_secret_cb != NULL) { - /* - * Indicate that the ticket could not be decrypted rather than - * generating the session from ticket now, trigger abbreviated - * handshake based on external mechanism to calculate the master - * secret later. - */ - return TLS1_TICKET_NOT_DECRYPTED; - } - - return tls_decrypt_ticket(s, &ext_data, alert, ret); -} - -/* tls_decrypt_ticket attempts to decrypt a session ticket. - * - * ticket: a CBS containing the body of the session ticket extension. - * psess: (output) on return, if a ticket was decrypted, then this is set to - * point to the resulting session. - * - * Returns: - * TLS1_TICKET_FATAL_ERROR: error from parsing or decrypting the ticket. - * TLS1_TICKET_NOT_DECRYPTED: the ticket couldn't be decrypted. - * TLS1_TICKET_DECRYPTED: a ticket was decrypted and *psess was set. - */ -static int -tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess) -{ - CBS ticket_name, ticket_iv, ticket_encdata, ticket_hmac; - SSL_SESSION *sess = NULL; - unsigned char *sdec = NULL; - size_t sdec_len = 0; - const unsigned char *p; - unsigned char hmac[EVP_MAX_MD_SIZE]; - HMAC_CTX *hctx = NULL; - EVP_CIPHER_CTX *cctx = NULL; - SSL_CTX *tctx = s->initial_ctx; - int slen, hlen, iv_len; - int alert_desc = SSL_AD_INTERNAL_ERROR; - int ret = TLS1_TICKET_FATAL_ERROR; - - *psess = NULL; - - if (!CBS_get_bytes(ticket, &ticket_name, 16)) - goto derr; - - /* - * Initialize session ticket encryption and HMAC contexts. - */ - if ((cctx = EVP_CIPHER_CTX_new()) == NULL) - goto err; - if ((hctx = HMAC_CTX_new()) == NULL) - goto err; - - if (tctx->tlsext_ticket_key_cb != NULL) { - int rv; - - /* - * The API guarantees EVP_MAX_IV_LENGTH bytes of space for - * the iv to tlsext_ticket_key_cb(). Since the total space - * required for a session cookie is never less than this, - * this check isn't too strict. The exact check comes later. - */ - if (CBS_len(ticket) < EVP_MAX_IV_LENGTH) - goto derr; - - if ((rv = tctx->tlsext_ticket_key_cb(s, - (unsigned char *)CBS_data(&ticket_name), - (unsigned char *)CBS_data(ticket), cctx, hctx, 0)) < 0) - goto err; - if (rv == 0) - goto derr; - if (rv == 2) { - /* Renew ticket. */ - s->tlsext_ticket_expected = 1; - } - - if ((iv_len = EVP_CIPHER_CTX_iv_length(cctx)) < 0) - goto err; - /* - * Now that the cipher context is initialised, we can extract - * the IV since its length is known. - */ - if (!CBS_get_bytes(ticket, &ticket_iv, iv_len)) - goto derr; - } else { - /* Check that the key name matches. */ - if (!CBS_mem_equal(&ticket_name, - tctx->tlsext_tick_key_name, - sizeof(tctx->tlsext_tick_key_name))) - goto derr; - if ((iv_len = EVP_CIPHER_iv_length(EVP_aes_128_cbc())) < 0) - goto err; - if (!CBS_get_bytes(ticket, &ticket_iv, iv_len)) - goto derr; - if (!EVP_DecryptInit_ex(cctx, EVP_aes_128_cbc(), NULL, - tctx->tlsext_tick_aes_key, CBS_data(&ticket_iv))) - goto err; - if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, - sizeof(tctx->tlsext_tick_hmac_key), EVP_sha256(), - NULL)) - goto err; - } - - /* - * Attempt to process session ticket. - */ - - if ((hlen = HMAC_size(hctx)) < 0) - goto err; - - if (hlen > CBS_len(ticket)) - goto derr; - if (!CBS_get_bytes(ticket, &ticket_encdata, CBS_len(ticket) - hlen)) - goto derr; - if (!CBS_get_bytes(ticket, &ticket_hmac, hlen)) - goto derr; - if (CBS_len(ticket) != 0) { - alert_desc = SSL_AD_DECODE_ERROR; - goto err; - } - - /* Check HMAC of encrypted ticket. */ - if (HMAC_Update(hctx, CBS_data(&ticket_name), - CBS_len(&ticket_name)) <= 0) - goto err; - if (HMAC_Update(hctx, CBS_data(&ticket_iv), - CBS_len(&ticket_iv)) <= 0) - goto err; - if (HMAC_Update(hctx, CBS_data(&ticket_encdata), - CBS_len(&ticket_encdata)) <= 0) - goto err; - if (HMAC_Final(hctx, hmac, &hlen) <= 0) - goto err; - - if (!CBS_mem_equal(&ticket_hmac, hmac, hlen)) - goto derr; - - /* Attempt to decrypt session data. */ - sdec_len = CBS_len(&ticket_encdata); - if ((sdec = calloc(1, sdec_len)) == NULL) - goto err; - if (EVP_DecryptUpdate(cctx, sdec, &slen, CBS_data(&ticket_encdata), - CBS_len(&ticket_encdata)) <= 0) - goto derr; - if (EVP_DecryptFinal_ex(cctx, sdec + slen, &hlen) <= 0) - goto derr; - - slen += hlen; - - /* - * For session parse failures, indicate that we need to send a new - * ticket. - */ - p = sdec; - if ((sess = d2i_SSL_SESSION(NULL, &p, slen)) == NULL) - goto derr; - *psess = sess; - sess = NULL; - - ret = TLS1_TICKET_DECRYPTED; - goto done; - - derr: - ERR_clear_error(); - s->tlsext_ticket_expected = 1; - ret = TLS1_TICKET_NOT_DECRYPTED; - goto done; - - err: - *alert = alert_desc; - ret = TLS1_TICKET_FATAL_ERROR; - goto done; - - done: - freezero(sdec, sdec_len); - EVP_CIPHER_CTX_free(cctx); - HMAC_CTX_free(hctx); - SSL_SESSION_free(sess); - - return ret; -} diff --git a/src/lib/libssl/test/CAss.cnf b/src/lib/libssl/test/CAss.cnf deleted file mode 100644 index 336e82fd52..0000000000 --- a/src/lib/libssl/test/CAss.cnf +++ /dev/null @@ -1,76 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# - -RANDFILE = ./.rnd - -#################################################################### -[ req ] -default_bits = 2048 -default_keyfile = keySS.pem -distinguished_name = req_distinguished_name -encrypt_rsa_key = no -default_md = sha1 - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = AU -countryName_value = AU - -organizationName = Organization Name (eg, company) -organizationName_value = Dodgy Brothers - -commonName = Common Name (eg, YOUR name) -commonName_value = Dodgy CA - -#################################################################### -[ ca ] -default_ca = CA_default # The default ca section - -#################################################################### -[ CA_default ] - -dir = ./demoCA # Where everything is kept -certs = $dir/certs # Where the issued certs are kept -crl_dir = $dir/crl # Where the issued crl are kept -database = $dir/index.txt # database index file. -#unique_subject = no # Set to 'no' to allow creation of - # several certificates with same subject. -new_certs_dir = $dir/newcerts # default place for new certs. - -certificate = $dir/cacert.pem # The CA certificate -serial = $dir/serial # The current serial number -crl = $dir/crl.pem # The current CRL -private_key = $dir/private/cakey.pem# The private key -RANDFILE = $dir/private/.rand # private random number file - -x509_extensions = v3_ca # The extensions to add to the cert - -name_opt = ca_default # Subject Name options -cert_opt = ca_default # Certificate field options - -default_days = 365 # how long to certify for -default_crl_days= 30 # how long before next CRL -default_md = md5 # which md to use. -preserve = no # keep passed DN ordering - -policy = policy_anything - -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - - - -[ v3_ca ] -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always -basicConstraints = CA:true,pathlen:1 -keyUsage = cRLSign, keyCertSign -issuerAltName=issuer:copy diff --git a/src/lib/libssl/test/CAssdh.cnf b/src/lib/libssl/test/CAssdh.cnf deleted file mode 100644 index 4e0a908679..0000000000 --- a/src/lib/libssl/test/CAssdh.cnf +++ /dev/null @@ -1,24 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# -# hacked by iang to do DH certs - CA - -RANDFILE = ./.rnd - -#################################################################### -[ req ] -distinguished_name = req_distinguished_name -encrypt_rsa_key = no - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = CU -countryName_value = CU - -organizationName = Organization Name (eg, company) -organizationName_value = La Junta de la Revolucion - -commonName = Common Name (eg, YOUR name) -commonName_value = Junta - diff --git a/src/lib/libssl/test/CAssdsa.cnf b/src/lib/libssl/test/CAssdsa.cnf deleted file mode 100644 index a6b4d1810c..0000000000 --- a/src/lib/libssl/test/CAssdsa.cnf +++ /dev/null @@ -1,23 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# -# hacked by iang to do DSA certs - CA - -RANDFILE = ./.rnd - -#################################################################### -[ req ] -distinguished_name = req_distinguished_name -encrypt_rsa_key = no - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = ES -countryName_value = ES - -organizationName = Organization Name (eg, company) -organizationName_value = Hermanos Locos - -commonName = Common Name (eg, YOUR name) -commonName_value = Hermanos Locos CA diff --git a/src/lib/libssl/test/CAssrsa.cnf b/src/lib/libssl/test/CAssrsa.cnf deleted file mode 100644 index eb24a6dfc0..0000000000 --- a/src/lib/libssl/test/CAssrsa.cnf +++ /dev/null @@ -1,24 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# -# create RSA certs - CA - -RANDFILE = ./.rnd - -#################################################################### -[ req ] -distinguished_name = req_distinguished_name -encrypt_key = no - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = ES -countryName_value = ES - -organizationName = Organization Name (eg, company) -organizationName_value = Hermanos Locos - -commonName = Common Name (eg, YOUR name) -commonName_value = Hermanos Locos CA - diff --git a/src/lib/libssl/test/CAtsa.cnf b/src/lib/libssl/test/CAtsa.cnf deleted file mode 100644 index b497b50452..0000000000 --- a/src/lib/libssl/test/CAtsa.cnf +++ /dev/null @@ -1,163 +0,0 @@ - -# -# This config is used by the Time Stamp Authority tests. -# - -RANDFILE = ./.rnd - -# Extra OBJECT IDENTIFIER info: -oid_section = new_oids - -TSDNSECT = ts_cert_dn -INDEX = 1 - -[ new_oids ] - -# Policies used by the TSA tests. -tsa_policy1 = 1.2.3.4.1 -tsa_policy2 = 1.2.3.4.5.6 -tsa_policy3 = 1.2.3.4.5.7 - -#---------------------------------------------------------------------- -[ ca ] -default_ca = CA_default # The default ca section - -[ CA_default ] - -dir = ./demoCA -certs = $dir/certs # Where the issued certs are kept -database = $dir/index.txt # database index file. -new_certs_dir = $dir/newcerts # default place for new certs. - -certificate = $dir/cacert.pem # The CA certificate -serial = $dir/serial # The current serial number -private_key = $dir/private/cakey.pem# The private key -RANDFILE = $dir/private/.rand # private random number file - -default_days = 365 # how long to certify for -default_md = sha1 # which md to use. -preserve = no # keep passed DN ordering - -policy = policy_match - -# For the CA policy -[ policy_match ] -countryName = supplied -stateOrProvinceName = supplied -organizationName = supplied -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -#---------------------------------------------------------------------- -[ req ] -default_bits = 1024 -default_md = sha1 -distinguished_name = $ENV::TSDNSECT -encrypt_rsa_key = no -prompt = no -# attributes = req_attributes -x509_extensions = v3_ca # The extensions to add to the self signed cert - -string_mask = nombstr - -[ ts_ca_dn ] -countryName = HU -stateOrProvinceName = Budapest -localityName = Budapest -organizationName = Gov-CA Ltd. -commonName = ca1 - -[ ts_cert_dn ] -countryName = HU -stateOrProvinceName = Budapest -localityName = Buda -organizationName = Hun-TSA Ltd. -commonName = tsa$ENV::INDEX - -[ tsa_cert ] - -# TSA server cert is not a CA cert. -basicConstraints=CA:FALSE - -# The following key usage flags are needed for TSA server certificates. -keyUsage = nonRepudiation, digitalSignature -extendedKeyUsage = critical,timeStamping - -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always - -[ non_tsa_cert ] - -# This is not a CA cert and not a TSA cert, either (timeStamping usage missing) -basicConstraints=CA:FALSE - -# The following key usage flags are needed for TSA server certificates. -keyUsage = nonRepudiation, digitalSignature -# timeStamping is not supported by this certificate -# extendedKeyUsage = critical,timeStamping - -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always - -[ v3_req ] - -# Extensions to add to a certificate request -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature - -[ v3_ca ] - -# Extensions for a typical CA - -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always -basicConstraints = critical,CA:true -keyUsage = cRLSign, keyCertSign - -#---------------------------------------------------------------------- -[ tsa ] - -default_tsa = tsa_config1 # the default TSA section - -[ tsa_config1 ] - -# These are used by the TSA reply generation only. -dir = . # TSA root directory -serial = $dir/tsa_serial # The current serial number (mandatory) -signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate - # (optional) -certs = $dir/tsaca.pem # Certificate chain to include in reply - # (optional) -signer_key = $dir/tsa_key1.pem # The TSA private key (optional) - -default_policy = tsa_policy1 # Policy if request did not specify it - # (optional) -other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) -digests = md5, sha1 # Acceptable message digests (mandatory) -accuracy = secs:1, millisecs:500, microsecs:100 # (optional) -ordering = yes # Is ordering defined for timestamps? - # (optional, default: no) -tsa_name = yes # Must the TSA name be included in the reply? - # (optional, default: no) -ess_cert_id_chain = yes # Must the ESS cert id chain be included? - # (optional, default: no) - -[ tsa_config2 ] - -# This configuration uses a certificate which doesn't have timeStamping usage. -# These are used by the TSA reply generation only. -dir = . # TSA root directory -serial = $dir/tsa_serial # The current serial number (mandatory) -signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate - # (optional) -certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply - # (optional) -signer_key = $dir/tsa_key2.pem # The TSA private key (optional) - -default_policy = tsa_policy1 # Policy if request did not specify it - # (optional) -other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) -digests = md5, sha1 # Acceptable message digests (mandatory) diff --git a/src/lib/libssl/test/P1ss.cnf b/src/lib/libssl/test/P1ss.cnf deleted file mode 100644 index 326cce2ba8..0000000000 --- a/src/lib/libssl/test/P1ss.cnf +++ /dev/null @@ -1,37 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# - -RANDFILE = ./.rnd - -#################################################################### -[ req ] -default_bits = 1024 -default_keyfile = keySS.pem -distinguished_name = req_distinguished_name -encrypt_rsa_key = no -default_md = md2 - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = AU -countryName_value = AU - -organizationName = Organization Name (eg, company) -organizationName_value = Dodgy Brothers - -0.commonName = Common Name (eg, YOUR name) -0.commonName_value = Brother 1 - -1.commonName = Common Name (eg, YOUR name) -1.commonName_value = Brother 2 - -2.commonName = Common Name (eg, YOUR name) -2.commonName_value = Proxy 1 - -[ v3_proxy ] -basicConstraints=CA:FALSE -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always -proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB diff --git a/src/lib/libssl/test/P2ss.cnf b/src/lib/libssl/test/P2ss.cnf deleted file mode 100644 index 8b502321b8..0000000000 --- a/src/lib/libssl/test/P2ss.cnf +++ /dev/null @@ -1,45 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# - -RANDFILE = ./.rnd - -#################################################################### -[ req ] -default_bits = 1024 -default_keyfile = keySS.pem -distinguished_name = req_distinguished_name -encrypt_rsa_key = no -default_md = md2 - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = AU -countryName_value = AU - -organizationName = Organization Name (eg, company) -organizationName_value = Dodgy Brothers - -0.commonName = Common Name (eg, YOUR name) -0.commonName_value = Brother 1 - -1.commonName = Common Name (eg, YOUR name) -1.commonName_value = Brother 2 - -2.commonName = Common Name (eg, YOUR name) -2.commonName_value = Proxy 1 - -3.commonName = Common Name (eg, YOUR name) -3.commonName_value = Proxy 2 - -[ v3_proxy ] -basicConstraints=CA:FALSE -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always -proxyCertInfo=critical,@proxy_ext - -[ proxy_ext ] -language=id-ppl-anyLanguage -pathlen=0 -policy=text:BC diff --git a/src/lib/libssl/test/Sssdsa.cnf b/src/lib/libssl/test/Sssdsa.cnf deleted file mode 100644 index 8e170a28ef..0000000000 --- a/src/lib/libssl/test/Sssdsa.cnf +++ /dev/null @@ -1,27 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# -# hacked by iang to do DSA certs - Server - -RANDFILE = ./.rnd - -#################################################################### -[ req ] -distinguished_name = req_distinguished_name -encrypt_rsa_key = no - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = ES -countryName_value = ES - -organizationName = Organization Name (eg, company) -organizationName_value = Tortilleras S.A. - -0.commonName = Common Name (eg, YOUR name) -0.commonName_value = Torti - -1.commonName = Common Name (eg, YOUR name) -1.commonName_value = Gordita - diff --git a/src/lib/libssl/test/Sssrsa.cnf b/src/lib/libssl/test/Sssrsa.cnf deleted file mode 100644 index 8c79a03fca..0000000000 --- a/src/lib/libssl/test/Sssrsa.cnf +++ /dev/null @@ -1,26 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# -# create RSA certs - Server - -RANDFILE = ./.rnd - -#################################################################### -[ req ] -distinguished_name = req_distinguished_name -encrypt_key = no - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = ES -countryName_value = ES - -organizationName = Organization Name (eg, company) -organizationName_value = Tortilleras S.A. - -0.commonName = Common Name (eg, YOUR name) -0.commonName_value = Torti - -1.commonName = Common Name (eg, YOUR name) -1.commonName_value = Gordita diff --git a/src/lib/libssl/test/Uss.cnf b/src/lib/libssl/test/Uss.cnf deleted file mode 100644 index 58ac0ca54d..0000000000 --- a/src/lib/libssl/test/Uss.cnf +++ /dev/null @@ -1,36 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# - -RANDFILE = ./.rnd - -#################################################################### -[ req ] -default_bits = 2048 -default_keyfile = keySS.pem -distinguished_name = req_distinguished_name -encrypt_rsa_key = no -default_md = sha256 - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = AU -countryName_value = AU - -organizationName = Organization Name (eg, company) -organizationName_value = Dodgy Brothers - -0.commonName = Common Name (eg, YOUR name) -0.commonName_value = Brother 1 - -1.commonName = Common Name (eg, YOUR name) -1.commonName_value = Brother 2 - -[ v3_ee ] -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always -basicConstraints = CA:false -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -issuerAltName=issuer:copy - diff --git a/src/lib/libssl/test/VMSca-response.1 b/src/lib/libssl/test/VMSca-response.1 deleted file mode 100644 index 8b13789179..0000000000 --- a/src/lib/libssl/test/VMSca-response.1 +++ /dev/null @@ -1 +0,0 @@ - diff --git a/src/lib/libssl/test/VMSca-response.2 b/src/lib/libssl/test/VMSca-response.2 deleted file mode 100644 index 9b48ee4cf9..0000000000 --- a/src/lib/libssl/test/VMSca-response.2 +++ /dev/null @@ -1,2 +0,0 @@ -y -y diff --git a/src/lib/libssl/test/bctest b/src/lib/libssl/test/bctest deleted file mode 100644 index bdb3218f7a..0000000000 --- a/src/lib/libssl/test/bctest +++ /dev/null @@ -1,111 +0,0 @@ -#!/bin/sh - -# This script is used by test/Makefile.ssl to check whether a sane 'bc' -# is installed. -# ('make test_bn' should not try to run 'bc' if it does not exist or if -# it is a broken 'bc' version that is known to cause trouble.) -# -# If 'bc' works, we also test if it knows the 'print' command. -# -# In any case, output an appropriate command line for running (or not -# running) bc. - - -IFS=: -try_without_dir=true -# First we try "bc", then "$dir/bc" for each item in $PATH. -for dir in dummy:$PATH; do - if [ "$try_without_dir" = true ]; then - # first iteration - bc=bc - try_without_dir=false - else - # second and later iterations - bc="$dir/bc" - if [ ! -f "$bc" ]; then # '-x' is not available on Ultrix - bc='' - fi - fi - - if [ ! "$bc" = '' ]; then - failure=none - - - # Test for SunOS 5.[78] bc bug - "$bc" >tmp.bctest <<\EOF -obase=16 -ibase=16 -a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\ -CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\ -10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\ -C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\ -3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\ -4FC3CADF855448B24A9D7640BCF473E -b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\ -9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\ -8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\ -3ED0E2017D60A68775B75481449 -(a/b)*b + (a%b) - a -EOF - if [ 0 != "`cat tmp.bctest`" ]; then - failure=SunOStest - fi - - - if [ "$failure" = none ]; then - # Test for SCO bc bug. - "$bc" >tmp.bctest <<\EOF -obase=16 -ibase=16 --FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\ -9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\ -11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\ -1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\ -AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\ -F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\ -B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\ -02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\ -85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\ -A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\ -E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\ -8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\ -04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\ -89C8D71 -AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\ -928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\ -8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\ -37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\ -E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\ -F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\ -9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\ -D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\ -5296964 -EOF - if [ "0 -0" != "`cat tmp.bctest`" ]; then - failure=SCOtest - fi - fi - - - if [ "$failure" = none ]; then - # bc works; now check if it knows the 'print' command. - if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ] - then - echo "$bc" - else - echo "sed 's/print.*//' | $bc" - fi - exit 0 - fi - - echo "$bc does not work properly ('$failure' failed). Looking for another bc ..." >&2 - fi -done - -echo "No working bc found. Consider installing GNU bc." >&2 -if [ "$1" = ignore ]; then - echo "cat >/dev/null" - exit 0 -fi -exit 1 diff --git a/src/lib/libssl/test/cms-examples.pl b/src/lib/libssl/test/cms-examples.pl deleted file mode 100644 index 2e95b48ba4..0000000000 --- a/src/lib/libssl/test/cms-examples.pl +++ /dev/null @@ -1,409 +0,0 @@ -# test/cms-examples.pl -# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -# project. -# -# ==================================================================== -# Copyright (c) 2008 The OpenSSL Project. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. All advertising materials mentioning features or use of this -# software must display the following acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -# -# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -# endorse or promote products derived from this software without -# prior written permission. For written permission, please contact -# licensing@OpenSSL.org. -# -# 5. Products derived from this software may not be called "OpenSSL" -# nor may "OpenSSL" appear in their names without prior written -# permission of the OpenSSL Project. -# -# 6. Redistributions of any form whatsoever must retain the following -# acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -# -# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -# OF THE POSSIBILITY OF SUCH DAMAGE. -# ==================================================================== - -# Perl script to run tests against S/MIME examples in RFC4134 -# Assumes RFC is in current directory and called "rfc4134.txt" - -use MIME::Base64; - -my $badttest = 0; -my $verbose = 1; - -my $cmscmd; -my $exdir = "./"; -my $exfile = "./rfc4134.txt"; - -if (-f "../apps/openssl") - { - $cmscmd = "../util/shlib_wrap.sh ../apps/openssl cms"; - } -elsif (-f "..\\out32dll\\openssl.exe") - { - $cmscmd = "..\\out32dll\\openssl.exe cms"; - } -elsif (-f "..\\out32\\openssl.exe") - { - $cmscmd = "..\\out32\\openssl.exe cms"; - } - -my @test_list = ( - [ "3.1.bin" => "dataout" ], - [ "3.2.bin" => "encode, dataout" ], - [ "4.1.bin" => "encode, verifyder, cont, dss" ], - [ "4.2.bin" => "encode, verifyder, cont, rsa" ], - [ "4.3.bin" => "encode, verifyder, cont_extern, dss" ], - [ "4.4.bin" => "encode, verifyder, cont, dss" ], - [ "4.5.bin" => "verifyder, cont, rsa" ], - [ "4.6.bin" => "encode, verifyder, cont, dss" ], - [ "4.7.bin" => "encode, verifyder, cont, dss" ], - [ "4.8.eml" => "verifymime, dss" ], - [ "4.9.eml" => "verifymime, dss" ], - [ "4.10.bin" => "encode, verifyder, cont, dss" ], - [ "4.11.bin" => "encode, certsout" ], - [ "5.1.bin" => "encode, envelopeder, cont" ], - [ "5.2.bin" => "encode, envelopeder, cont" ], - [ "5.3.eml" => "envelopemime, cont" ], - [ "6.0.bin" => "encode, digest, cont" ], - [ "7.1.bin" => "encode, encrypted, cont" ], - [ "7.2.bin" => "encode, encrypted, cont" ] -); - -# Extract examples from RFC4134 text. -# Base64 decode all examples, certificates and -# private keys are converted to PEM format. - -my ( $filename, $data ); - -my @cleanup = ( "cms.out", "cms.err", "tmp.der", "tmp.txt" ); - -$data = ""; - -open( IN, $exfile ) || die "Can't Open RFC examples file $exfile"; - -while () { - next unless (/^\|/); - s/^\|//; - next if (/^\*/); - if (/^>(.*)$/) { - $filename = $1; - next; - } - if (/^$filename"; - binmode OUT; - print OUT $data; - close OUT; - push @cleanup, $filename; - } - elsif ( $filename =~ /\.cer$/ ) { - write_pem( $filename, "CERTIFICATE", $data ); - } - elsif ( $filename =~ /\.pri$/ ) { - write_pem( $filename, "PRIVATE KEY", $data ); - } - $data = ""; - $filename = ""; - } - else { - $data .= $_; - } - -} - -my $secretkey = - "73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:cb:26:91:7a:da:32"; - -foreach (@test_list) { - my ( $file, $tlist ) = @$_; - print "Example file $file:\n"; - if ( $tlist =~ /encode/ ) { - run_reencode_test( $exdir, $file ); - } - if ( $tlist =~ /certsout/ ) { - run_certsout_test( $exdir, $file ); - } - if ( $tlist =~ /dataout/ ) { - run_dataout_test( $exdir, $file ); - } - if ( $tlist =~ /verify/ ) { - run_verify_test( $exdir, $tlist, $file ); - } - if ( $tlist =~ /digest/ ) { - run_digest_test( $exdir, $tlist, $file ); - } - if ( $tlist =~ /encrypted/ ) { - run_encrypted_test( $exdir, $tlist, $file, $secretkey ); - } - if ( $tlist =~ /envelope/ ) { - run_envelope_test( $exdir, $tlist, $file ); - } - -} - -foreach (@cleanup) { - unlink $_; -} - -if ($badtest) { - print "\n$badtest TESTS FAILED!!\n"; -} -else { - print "\n***All tests successful***\n"; -} - -sub write_pem { - my ( $filename, $str, $data ) = @_; - - $filename =~ s/\.[^.]*$/.pem/; - - push @cleanup, $filename; - - open OUT, ">$filename"; - - print OUT "-----BEGIN $str-----\n"; - print OUT $data; - print OUT "-----END $str-----\n"; - - close OUT; -} - -sub run_reencode_test { - my ( $cmsdir, $tfile ) = @_; - unlink "tmp.der"; - - system( "$cmscmd -cmsout -inform DER -outform DER" - . " -in $cmsdir/$tfile -out tmp.der" ); - - if ($?) { - print "\tReencode command FAILED!!\n"; - $badtest++; - } - elsif ( !cmp_files( "$cmsdir/$tfile", "tmp.der" ) ) { - print "\tReencode FAILED!!\n"; - $badtest++; - } - else { - print "\tReencode passed\n" if $verbose; - } -} - -sub run_certsout_test { - my ( $cmsdir, $tfile ) = @_; - unlink "tmp.der"; - unlink "tmp.pem"; - - system( "$cmscmd -cmsout -inform DER -certsout tmp.pem" - . " -in $cmsdir/$tfile -out tmp.der" ); - - if ($?) { - print "\tCertificate output command FAILED!!\n"; - $badtest++; - } - else { - print "\tCertificate output passed\n" if $verbose; - } -} - -sub run_dataout_test { - my ( $cmsdir, $tfile ) = @_; - unlink "tmp.txt"; - - system( - "$cmscmd -data_out -inform DER" . " -in $cmsdir/$tfile -out tmp.txt" ); - - if ($?) { - print "\tDataout command FAILED!!\n"; - $badtest++; - } - elsif ( !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) { - print "\tDataout compare FAILED!!\n"; - $badtest++; - } - else { - print "\tDataout passed\n" if $verbose; - } -} - -sub run_verify_test { - my ( $cmsdir, $tlist, $tfile ) = @_; - unlink "tmp.txt"; - - $form = "DER" if $tlist =~ /verifyder/; - $form = "SMIME" if $tlist =~ /verifymime/; - $cafile = "$cmsdir/CarlDSSSelf.pem" if $tlist =~ /dss/; - $cafile = "$cmsdir/CarlRSASelf.pem" if $tlist =~ /rsa/; - - $cmd = - "$cmscmd -verify -inform $form" - . " -CAfile $cafile" - . " -in $cmsdir/$tfile -out tmp.txt"; - - $cmd .= " -content $cmsdir/ExContent.bin" if $tlist =~ /cont_extern/; - - system("$cmd 2>cms.err 1>cms.out"); - - if ($?) { - print "\tVerify command FAILED!!\n"; - $badtest++; - } - elsif ( $tlist =~ /cont/ - && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) - { - print "\tVerify content compare FAILED!!\n"; - $badtest++; - } - else { - print "\tVerify passed\n" if $verbose; - } -} - -sub run_envelope_test { - my ( $cmsdir, $tlist, $tfile ) = @_; - unlink "tmp.txt"; - - $form = "DER" if $tlist =~ /envelopeder/; - $form = "SMIME" if $tlist =~ /envelopemime/; - - $cmd = - "$cmscmd -decrypt -inform $form" - . " -recip $cmsdir/BobRSASignByCarl.pem" - . " -inkey $cmsdir/BobPrivRSAEncrypt.pem" - . " -in $cmsdir/$tfile -out tmp.txt"; - - system("$cmd 2>cms.err 1>cms.out"); - - if ($?) { - print "\tDecrypt command FAILED!!\n"; - $badtest++; - } - elsif ( $tlist =~ /cont/ - && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) - { - print "\tDecrypt content compare FAILED!!\n"; - $badtest++; - } - else { - print "\tDecrypt passed\n" if $verbose; - } -} - -sub run_digest_test { - my ( $cmsdir, $tlist, $tfile ) = @_; - unlink "tmp.txt"; - - my $cmd = - "$cmscmd -digest_verify -inform DER" . " -in $cmsdir/$tfile -out tmp.txt"; - - system("$cmd 2>cms.err 1>cms.out"); - - if ($?) { - print "\tDigest verify command FAILED!!\n"; - $badtest++; - } - elsif ( $tlist =~ /cont/ - && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) - { - print "\tDigest verify content compare FAILED!!\n"; - $badtest++; - } - else { - print "\tDigest verify passed\n" if $verbose; - } -} - -sub run_encrypted_test { - my ( $cmsdir, $tlist, $tfile, $key ) = @_; - unlink "tmp.txt"; - - system( "$cmscmd -EncryptedData_decrypt -inform DER" - . " -secretkey $key" - . " -in $cmsdir/$tfile -out tmp.txt" ); - - if ($?) { - print "\tEncrypted Data command FAILED!!\n"; - $badtest++; - } - elsif ( $tlist =~ /cont/ - && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) - { - print "\tEncrypted Data content compare FAILED!!\n"; - $badtest++; - } - else { - print "\tEncryptedData verify passed\n" if $verbose; - } -} - -sub cmp_files { - my ( $f1, $f2 ) = @_; - my ( $fp1, $fp2 ); - - my ( $rd1, $rd2 ); - - if ( !open( $fp1, "<$f1" ) ) { - print STDERR "Can't Open file $f1\n"; - return 0; - } - - if ( !open( $fp2, "<$f2" ) ) { - print STDERR "Can't Open file $f2\n"; - return 0; - } - - binmode $fp1; - binmode $fp2; - - my $ret = 0; - - for ( ; ; ) { - $n1 = sysread $fp1, $rd1, 4096; - $n2 = sysread $fp2, $rd2, 4096; - last if ( $n1 != $n2 ); - last if ( $rd1 ne $rd2 ); - - if ( $n1 == 0 ) { - $ret = 1; - last; - } - - } - - close $fp1; - close $fp2; - - return $ret; - -} - diff --git a/src/lib/libssl/test/cms-test.pl b/src/lib/libssl/test/cms-test.pl deleted file mode 100644 index dfef799be2..0000000000 --- a/src/lib/libssl/test/cms-test.pl +++ /dev/null @@ -1,459 +0,0 @@ -# test/cms-test.pl -# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -# project. -# -# ==================================================================== -# Copyright (c) 2008 The OpenSSL Project. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. All advertising materials mentioning features or use of this -# software must display the following acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -# -# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -# endorse or promote products derived from this software without -# prior written permission. For written permission, please contact -# licensing@OpenSSL.org. -# -# 5. Products derived from this software may not be called "OpenSSL" -# nor may "OpenSSL" appear in their names without prior written -# permission of the OpenSSL Project. -# -# 6. Redistributions of any form whatsoever must retain the following -# acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -# -# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -# OF THE POSSIBILITY OF SUCH DAMAGE. -# ==================================================================== - -# CMS, PKCS7 consistency test script. Run extensive tests on -# OpenSSL PKCS#7 and CMS implementations. - -my $ossl_path; -my $redir = " 2> cms.err > cms.out"; -# Make VMS work -if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) { - $ossl_path = "pipe mcr OSSLX:openssl"; -} -# Make MSYS work -elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { - $ossl_path = "cmd /c ..\\apps\\openssl"; -} -elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { - $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; -} -elsif ( -f "..\\out32dll\\openssl.exe" ) { - $ossl_path = "..\\out32dll\\openssl.exe"; -} -elsif ( -f "..\\out32\\openssl.exe" ) { - $ossl_path = "..\\out32\\openssl.exe"; -} -else { - die "Can't find OpenSSL executable"; -} - -my $pk7cmd = "$ossl_path smime "; -my $cmscmd = "$ossl_path cms "; -my $smdir = "smime-certs"; -my $halt_err = 1; - -my $badcmd = 0; -my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/; - -my @smime_pkcs7_tests = ( - - [ - "signed content DER format, RSA key", - "-sign -in smcont.txt -outform \"DER\" -nodetach" - . " -certfile $smdir/smroot.pem" - . " -signer $smdir/smrsa1.pem -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed detached content DER format, RSA key", - "-sign -in smcont.txt -outform \"DER\"" - . " -signer $smdir/smrsa1.pem -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" - ], - - [ - "signed content test streaming BER format, RSA", - "-sign -in smcont.txt -outform \"DER\" -nodetach" - . " -stream -signer $smdir/smrsa1.pem -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed content DER format, DSA key", - "-sign -in smcont.txt -outform \"DER\" -nodetach" - . " -signer $smdir/smdsa1.pem -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed detached content DER format, DSA key", - "-sign -in smcont.txt -outform \"DER\"" - . " -signer $smdir/smdsa1.pem -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" - ], - - [ - "signed detached content DER format, add RSA signer", - "-resign -inform \"DER\" -in test.cms -outform \"DER\"" - . " -signer $smdir/smrsa1.pem -out test2.cms", - "-verify -in test2.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" - ], - - [ - "signed content test streaming BER format, DSA key", - "-sign -in smcont.txt -outform \"DER\" -nodetach" - . " -stream -signer $smdir/smdsa1.pem -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed content test streaming BER format, 2 DSA and 2 RSA keys", - "-sign -in smcont.txt -outform \"DER\" -nodetach" - . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" - . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" - . " -stream -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ -"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", - "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach" - . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" - . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" - . " -stream -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", - "-sign -in smcont.txt -nodetach" - . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" - . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" - . " -stream -out test.cms", - "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ -"signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", - "-sign -in smcont.txt" - . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" - . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" - . " -stream -out test.cms", - "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "enveloped content test streaming S/MIME format, 3 recipients", - "-encrypt -in smcont.txt" - . " -stream -out test.cms" - . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", - "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" - ], - - [ -"enveloped content test streaming S/MIME format, 3 recipients, 3rd used", - "-encrypt -in smcont.txt" - . " -stream -out test.cms" - . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", - "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt" - ], - - [ -"enveloped content test streaming S/MIME format, 3 recipients, key only used", - "-encrypt -in smcont.txt" - . " -stream -out test.cms" - . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", - "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt" - ], - - [ -"enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", - "-encrypt -in smcont.txt" - . " -aes256 -stream -out test.cms" - . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", - "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" - ], - -); - -my @smime_cms_tests = ( - - [ - "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", - "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid" - . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" - . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" - . " -stream -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed content test streaming PEM format, 2 DSA and 2 RSA keys", - "-sign -in smcont.txt -outform PEM -nodetach" - . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" - . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" - . " -stream -out test.cms", - "-verify -in test.cms -inform PEM " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed content MIME format, RSA key, signed receipt request", - "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach" - . " -receipt_request_to test\@openssl.org -receipt_request_all" - . " -out test.cms", - "-verify -in test.cms " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed receipt MIME format, RSA key", - "-sign_receipt -in test.cms" - . " -signer $smdir/smrsa2.pem" - . " -out test2.cms", - "-verify_receipt test2.cms -in test.cms" - . " \"-CAfile\" $smdir/smroot.pem" - ], - - [ - "enveloped content test streaming S/MIME format, 3 recipients, keyid", - "-encrypt -in smcont.txt" - . " -stream -out test.cms -keyid" - . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", - "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" - ], - - [ - "enveloped content test streaming PEM format, KEK", - "-encrypt -in smcont.txt -outform PEM -aes128" - . " -stream -out test.cms " - . " -secretkey 000102030405060708090A0B0C0D0E0F " - . " -secretkeyid C0FEE0", - "-decrypt -in test.cms -out smtst.txt -inform PEM" - . " -secretkey 000102030405060708090A0B0C0D0E0F " - . " -secretkeyid C0FEE0" - ], - - [ - "enveloped content test streaming PEM format, KEK, key only", - "-encrypt -in smcont.txt -outform PEM -aes128" - . " -stream -out test.cms " - . " -secretkey 000102030405060708090A0B0C0D0E0F " - . " -secretkeyid C0FEE0", - "-decrypt -in test.cms -out smtst.txt -inform PEM" - . " -secretkey 000102030405060708090A0B0C0D0E0F " - ], - - [ - "data content test streaming PEM format", - "-data_create -in smcont.txt -outform PEM -nodetach" - . " -stream -out test.cms", - "-data_out -in test.cms -inform PEM -out smtst.txt" - ], - - [ - "encrypted content test streaming PEM format, 128 bit RC2 key", - "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" - . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F" - . " -stream -out test.cms", - "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " - . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" - ], - - [ - "encrypted content test streaming PEM format, 40 bit RC2 key", - "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" - . " -rc2 -secretkey 0001020304" - . " -stream -out test.cms", - "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " - . " -secretkey 0001020304 -out smtst.txt" - ], - - [ - "encrypted content test streaming PEM format, triple DES key", - "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" - . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" - . " -stream -out test.cms", - "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " - . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" - . " -out smtst.txt" - ], - - [ - "encrypted content test streaming PEM format, 128 bit AES key", - "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" - . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F" - . " -stream -out test.cms", - "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " - . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" - ], - -); - -my @smime_cms_comp_tests = ( - - [ - "compressed content test streaming PEM format", - "-compress -in smcont.txt -outform PEM -nodetach" - . " -stream -out test.cms", - "-uncompress -in test.cms -inform PEM -out smtst.txt" - ] - -); - -print "CMS => PKCS#7 compatibility tests\n"; - -run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd ); - -print "CMS <= PKCS#7 compatibility tests\n"; - -run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd ); - -print "CMS <=> CMS consistency tests\n"; - -run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd ); -run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd ); - -if ( `$ossl_path version -f` =~ /ZLIB/ ) { - run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd ); -} -else { - print "Zlib not supported: compression tests skipped\n"; -} - -print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8); - -if ($badcmd) { - print "$badcmd TESTS FAILED!!\n"; -} -else { - print "ALL TESTS SUCCESSFUL.\n"; -} - -unlink "test.cms"; -unlink "test2.cms"; -unlink "smtst.txt"; -unlink "cms.out"; -unlink "cms.err"; - -sub run_smime_tests { - my ( $rv, $aref, $scmd, $vcmd ) = @_; - - foreach $smtst (@$aref) { - my ( $tnam, $rscmd, $rvcmd ) = @$smtst; - if ($ossl8) - { - # Skip smime resign: 0.9.8 smime doesn't support -resign - next if ($scmd =~ /smime/ && $rscmd =~ /-resign/); - # Disable streaming: option not supported in 0.9.8 - $tnam =~ s/streaming//; - $rscmd =~ s/-stream//; - $rvcmd =~ s/-stream//; - } - system("$scmd$rscmd$redir"); - if ($?) { - print "$tnam: generation error\n"; - $$rv++; - exit 1 if $halt_err; - next; - } - system("$vcmd$rvcmd$redir"); - if ($?) { - print "$tnam: verify error\n"; - $$rv++; - exit 1 if $halt_err; - next; - } - if (!cmp_files("smtst.txt", "smcont.txt")) { - print "$tnam: content verify error\n"; - $$rv++; - exit 1 if $halt_err; - next; - } - print "$tnam: OK\n"; - } -} - -sub cmp_files { - use FileHandle; - my ( $f1, $f2 ) = @_; - my $fp1 = FileHandle->new(); - my $fp2 = FileHandle->new(); - - my ( $rd1, $rd2 ); - - if ( !open( $fp1, "<$f1" ) ) { - print STDERR "Can't Open file $f1\n"; - return 0; - } - - if ( !open( $fp2, "<$f2" ) ) { - print STDERR "Can't Open file $f2\n"; - return 0; - } - - binmode $fp1; - binmode $fp2; - - my $ret = 0; - - for ( ; ; ) { - $n1 = sysread $fp1, $rd1, 4096; - $n2 = sysread $fp2, $rd2, 4096; - last if ( $n1 != $n2 ); - last if ( $rd1 ne $rd2 ); - - if ( $n1 == 0 ) { - $ret = 1; - last; - } - - } - - close $fp1; - close $fp2; - - return $ret; - -} - diff --git a/src/lib/libssl/test/pkcs7-1.pem b/src/lib/libssl/test/pkcs7-1.pem deleted file mode 100644 index c47b27af88..0000000000 --- a/src/lib/libssl/test/pkcs7-1.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN PKCS7----- -MIICUAYJKoZIhvcNAQcCoIICQTCCAj0CAQExDjAMBggqhkiG9w0CAgUAMCgGCSqG -SIb3DQEHAaAbBBlFdmVyeW9uZSBnZXRzIEZyaWRheSBvZmYuoIIBXjCCAVowggEE -AgQUAAApMA0GCSqGSIb3DQEBAgUAMCwxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRF -eGFtcGxlIE9yZ2FuaXphdGlvbjAeFw05MjA5MDkyMjE4MDZaFw05NDA5MDkyMjE4 -MDVaMEIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlv -bjEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwWzANBgkqhkiG9w0BAQEFAANKADBHAkAK -ZnkdxpiBaN56t3QZu3+wwAHGJxAnAHUUKULhmo2MUdBTs+N4Kh3l3Fr06+mUaBcB -FKHf5nzcmpr1XWVWILurAgMBAAEwDQYJKoZIhvcNAQECBQADQQBFGqHhqncgSl/N -9XYGnQL3MsJvNnsNV4puZPOakR9Hld8JlDQFEaDR30ogsmp3TMrvdfxpLlTCoZN8 -BxEmnZsWMYGbMIGYAgEBMDQwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1w -bGUgT3JnYW5pemF0aW9uAgQUAAApMAwGCCqGSIb3DQICBQAwDQYJKoZIhvcNAQEB -BQAEQAX6aoEvx9+L9PJUJQngPoRuEbnGIL4gCe+0QO+8xmkhaZSsBPNBtX0FIC1C -j7Kie1x339mxW/w9VZNTUDQQweHh ------END PKCS7----- diff --git a/src/lib/libssl/test/pkcs7.pem b/src/lib/libssl/test/pkcs7.pem deleted file mode 100644 index d55c60b94e..0000000000 --- a/src/lib/libssl/test/pkcs7.pem +++ /dev/null @@ -1,54 +0,0 @@ - MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg - AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH - EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl - cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw - ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0 - MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh - c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh - bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE - CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl - Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G - CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK - ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0 - l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC - HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg - Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1 - c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj - YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0 - dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx - dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu - LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU - ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln - biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT - IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB - AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t - L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL - HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF - slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7 - ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR - /D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT - aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp - ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1 - OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu - MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz - Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv - qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy - sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb - P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG - A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA - KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7 - Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4 - Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq - hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp - Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk - dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ - KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30 - dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW - I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow - ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W - ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD - ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw - MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK - /9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/ - DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP - b+xSu/jH0gAAMYAAAAAAAAAAAA== diff --git a/src/lib/libssl/test/pkits-test.pl b/src/lib/libssl/test/pkits-test.pl deleted file mode 100644 index f10da008c0..0000000000 --- a/src/lib/libssl/test/pkits-test.pl +++ /dev/null @@ -1,949 +0,0 @@ -# test/pkits-test.pl -# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -# project. -# -# ==================================================================== -# Copyright (c) 2008 The OpenSSL Project. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. All advertising materials mentioning features or use of this -# software must display the following acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -# -# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -# endorse or promote products derived from this software without -# prior written permission. For written permission, please contact -# licensing@OpenSSL.org. -# -# 5. Products derived from this software may not be called "OpenSSL" -# nor may "OpenSSL" appear in their names without prior written -# permission of the OpenSSL Project. -# -# 6. Redistributions of any form whatsoever must retain the following -# acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -# -# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -# OF THE POSSIBILITY OF SUCH DAMAGE. -# ==================================================================== - -# Perl utility to run PKITS tests for RFC3280 compliance. - -my $ossl_path; - -if ( -f "../apps/openssl" ) { - $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; -} -elsif ( -f "..\\out32dll\\openssl.exe" ) { - $ossl_path = "..\\out32dll\\openssl.exe"; -} -elsif ( -f "..\\out32\\openssl.exe" ) { - $ossl_path = "..\\out32\\openssl.exe"; -} -else { - die "Can't find OpenSSL executable"; -} - -my $pkitsdir = "pkits/smime"; -my $pkitsta = "pkits/certs/TrustAnchorRootCertificate.crt"; - -die "Can't find PKITS test data" if !-d $pkitsdir; - -my $nist1 = "2.16.840.1.101.3.2.1.48.1"; -my $nist2 = "2.16.840.1.101.3.2.1.48.2"; -my $nist3 = "2.16.840.1.101.3.2.1.48.3"; -my $nist4 = "2.16.840.1.101.3.2.1.48.4"; -my $nist5 = "2.16.840.1.101.3.2.1.48.5"; -my $nist6 = "2.16.840.1.101.3.2.1.48.6"; - -my $apolicy = "X509v3 Any Policy"; - -# This table contains the chapter headings of the accompanying PKITS -# document. They provide useful informational output and their names -# can be converted into the filename to test. - -my @testlists = ( - [ "4.1", "Signature Verification" ], - [ "4.1.1", "Valid Signatures Test1", 0 ], - [ "4.1.2", "Invalid CA Signature Test2", 7 ], - [ "4.1.3", "Invalid EE Signature Test3", 7 ], - [ "4.1.4", "Valid DSA Signatures Test4", 0 ], - [ "4.1.5", "Valid DSA Parameter Inheritance Test5", 0 ], - [ "4.1.6", "Invalid DSA Signature Test6", 7 ], - [ "4.2", "Validity Periods" ], - [ "4.2.1", "Invalid CA notBefore Date Test1", 9 ], - [ "4.2.2", "Invalid EE notBefore Date Test2", 9 ], - [ "4.2.3", "Valid pre2000 UTC notBefore Date Test3", 0 ], - [ "4.2.4", "Valid GeneralizedTime notBefore Date Test4", 0 ], - [ "4.2.5", "Invalid CA notAfter Date Test5", 10 ], - [ "4.2.6", "Invalid EE notAfter Date Test6", 10 ], - [ "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7", 10 ], - [ "4.2.8", "Valid GeneralizedTime notAfter Date Test8", 0 ], - [ "4.3", "Verifying Name Chaining" ], - [ "4.3.1", "Invalid Name Chaining EE Test1", 20 ], - [ "4.3.2", "Invalid Name Chaining Order Test2", 20 ], - [ "4.3.3", "Valid Name Chaining Whitespace Test3", 0 ], - [ "4.3.4", "Valid Name Chaining Whitespace Test4", 0 ], - [ "4.3.5", "Valid Name Chaining Capitalization Test5", 0 ], - [ "4.3.6", "Valid Name Chaining UIDs Test6", 0 ], - [ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", 0 ], - [ "4.3.8", "Valid RFC3280 Optional Attribute Types Test8", 0 ], - [ "4.3.9", "Valid UTF8String Encoded Names Test9", 0 ], - [ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", 0 ], - [ "4.3.11", "Valid UTF8String Case Insensitive Match Test11", 0 ], - [ "4.4", "Basic Certificate Revocation Tests" ], - [ "4.4.1", "Missing CRL Test1", 3 ], - [ "4.4.2", "Invalid Revoked CA Test2", 23 ], - [ "4.4.3", "Invalid Revoked EE Test3", 23 ], - [ "4.4.4", "Invalid Bad CRL Signature Test4", 8 ], - [ "4.4.5", "Invalid Bad CRL Issuer Name Test5", 3 ], - [ "4.4.6", "Invalid Wrong CRL Test6", 3 ], - [ "4.4.7", "Valid Two CRLs Test7", 0 ], - - # The test document suggests these should return certificate revoked... - # Subsequent discussion has concluded they should not due to unhandled - # critical CRL extensions. - [ "4.4.8", "Invalid Unknown CRL Entry Extension Test8", 36 ], - [ "4.4.9", "Invalid Unknown CRL Extension Test9", 36 ], - - [ "4.4.10", "Invalid Unknown CRL Extension Test10", 36 ], - [ "4.4.11", "Invalid Old CRL nextUpdate Test11", 12 ], - [ "4.4.12", "Invalid pre2000 CRL nextUpdate Test12", 12 ], - [ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13", 0 ], - [ "4.4.14", "Valid Negative Serial Number Test14", 0 ], - [ "4.4.15", "Invalid Negative Serial Number Test15", 23 ], - [ "4.4.16", "Valid Long Serial Number Test16", 0 ], - [ "4.4.17", "Valid Long Serial Number Test17", 0 ], - [ "4.4.18", "Invalid Long Serial Number Test18", 23 ], - [ "4.4.19", "Valid Separate Certificate and CRL Keys Test19", 0 ], - [ "4.4.20", "Invalid Separate Certificate and CRL Keys Test20", 23 ], - - # CRL path is revoked so get a CRL path validation error - [ "4.4.21", "Invalid Separate Certificate and CRL Keys Test21", 54 ], - [ "4.5", "Verifying Paths with Self-Issued Certificates" ], - [ "4.5.1", "Valid Basic Self-Issued Old With New Test1", 0 ], - [ "4.5.2", "Invalid Basic Self-Issued Old With New Test2", 23 ], - [ "4.5.3", "Valid Basic Self-Issued New With Old Test3", 0 ], - [ "4.5.4", "Valid Basic Self-Issued New With Old Test4", 0 ], - [ "4.5.5", "Invalid Basic Self-Issued New With Old Test5", 23 ], - [ "4.5.6", "Valid Basic Self-Issued CRL Signing Key Test6", 0 ], - [ "4.5.7", "Invalid Basic Self-Issued CRL Signing Key Test7", 23 ], - [ "4.5.8", "Invalid Basic Self-Issued CRL Signing Key Test8", 20 ], - [ "4.6", "Verifying Basic Constraints" ], - [ "4.6.1", "Invalid Missing basicConstraints Test1", 24 ], - [ "4.6.2", "Invalid cA False Test2", 24 ], - [ "4.6.3", "Invalid cA False Test3", 24 ], - [ "4.6.4", "Valid basicConstraints Not Critical Test4", 0 ], - [ "4.6.5", "Invalid pathLenConstraint Test5", 25 ], - [ "4.6.6", "Invalid pathLenConstraint Test6", 25 ], - [ "4.6.7", "Valid pathLenConstraint Test7", 0 ], - [ "4.6.8", "Valid pathLenConstraint Test8", 0 ], - [ "4.6.9", "Invalid pathLenConstraint Test9", 25 ], - [ "4.6.10", "Invalid pathLenConstraint Test10", 25 ], - [ "4.6.11", "Invalid pathLenConstraint Test11", 25 ], - [ "4.6.12", "Invalid pathLenConstraint Test12", 25 ], - [ "4.6.13", "Valid pathLenConstraint Test13", 0 ], - [ "4.6.14", "Valid pathLenConstraint Test14", 0 ], - [ "4.6.15", "Valid Self-Issued pathLenConstraint Test15", 0 ], - [ "4.6.16", "Invalid Self-Issued pathLenConstraint Test16", 25 ], - [ "4.6.17", "Valid Self-Issued pathLenConstraint Test17", 0 ], - [ "4.7", "Key Usage" ], - [ "4.7.1", "Invalid keyUsage Critical keyCertSign False Test1", 20 ], - [ "4.7.2", "Invalid keyUsage Not Critical keyCertSign False Test2", 20 ], - [ "4.7.3", "Valid keyUsage Not Critical Test3", 0 ], - [ "4.7.4", "Invalid keyUsage Critical cRLSign False Test4", 35 ], - [ "4.7.5", "Invalid keyUsage Not Critical cRLSign False Test5", 35 ], - - # Certificate policy tests need special handling. They can have several - # sub tests and we need to check the outputs are correct. - - [ "4.8", "Certificate Policies" ], - [ - "4.8.1.1", - "All Certificates Same Policy Test1", - "-policy anyPolicy -explicit_policy", - "True", $nist1, $nist1, 0 - ], - [ - "4.8.1.2", - "All Certificates Same Policy Test1", - "-policy $nist1 -explicit_policy", - "True", $nist1, $nist1, 0 - ], - [ - "4.8.1.3", - "All Certificates Same Policy Test1", - "-policy $nist2 -explicit_policy", - "True", $nist1, "", 43 - ], - [ - "4.8.1.4", - "All Certificates Same Policy Test1", - "-policy $nist1 -policy $nist2 -explicit_policy", - "True", $nist1, $nist1, 0 - ], - [ - "4.8.2.1", - "All Certificates No Policies Test2", - "-policy anyPolicy", - "False", "", "", 0 - ], - [ - "4.8.2.2", - "All Certificates No Policies Test2", - "-policy anyPolicy -explicit_policy", - "True", "", "", 43 - ], - [ - "4.8.3.1", - "Different Policies Test3", - "-policy anyPolicy", - "False", "", "", 0 - ], - [ - "4.8.3.2", - "Different Policies Test3", - "-policy anyPolicy -explicit_policy", - "True", "", "", 43 - ], - [ - "4.8.3.3", - "Different Policies Test3", - "-policy $nist1 -policy $nist2 -explicit_policy", - "True", "", "", 43 - ], - - [ - "4.8.4", - "Different Policies Test4", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ - "4.8.5", - "Different Policies Test5", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ - "4.8.6.1", - "Overlapping Policies Test6", - "-policy anyPolicy", - "True", $nist1, $nist1, 0 - ], - [ - "4.8.6.2", - "Overlapping Policies Test6", - "-policy $nist1", - "True", $nist1, $nist1, 0 - ], - [ - "4.8.6.3", - "Overlapping Policies Test6", - "-policy $nist2", - "True", $nist1, "", 43 - ], - [ - "4.8.7", - "Different Policies Test7", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ - "4.8.8", - "Different Policies Test8", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ - "4.8.9", - "Different Policies Test9", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ - "4.8.10.1", - "All Certificates Same Policies Test10", - "-policy $nist1", - "True", "$nist1:$nist2", "$nist1", 0 - ], - [ - "4.8.10.2", - "All Certificates Same Policies Test10", - "-policy $nist2", - "True", "$nist1:$nist2", "$nist2", 0 - ], - [ - "4.8.10.3", - "All Certificates Same Policies Test10", - "-policy anyPolicy", - "True", "$nist1:$nist2", "$nist1:$nist2", 0 - ], - [ - "4.8.11.1", - "All Certificates AnyPolicy Test11", - "-policy anyPolicy", - "True", "$apolicy", "$apolicy", 0 - ], - [ - "4.8.11.2", - "All Certificates AnyPolicy Test11", - "-policy $nist1", - "True", "$apolicy", "$nist1", 0 - ], - [ - "4.8.12", - "Different Policies Test12", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ - "4.8.13.1", - "All Certificates Same Policies Test13", - "-policy $nist1", - "True", "$nist1:$nist2:$nist3", "$nist1", 0 - ], - [ - "4.8.13.2", - "All Certificates Same Policies Test13", - "-policy $nist2", - "True", "$nist1:$nist2:$nist3", "$nist2", 0 - ], - [ - "4.8.13.3", - "All Certificates Same Policies Test13", - "-policy $nist3", - "True", "$nist1:$nist2:$nist3", "$nist3", 0 - ], - [ - "4.8.14.1", "AnyPolicy Test14", - "-policy $nist1", "True", - "$nist1", "$nist1", - 0 - ], - [ - "4.8.14.2", "AnyPolicy Test14", - "-policy $nist2", "True", - "$nist1", "", - 43 - ], - [ - "4.8.15", - "User Notice Qualifier Test15", - "-policy anyPolicy", - "False", "$nist1", "$nist1", 0 - ], - [ - "4.8.16", - "User Notice Qualifier Test16", - "-policy anyPolicy", - "False", "$nist1", "$nist1", 0 - ], - [ - "4.8.17", - "User Notice Qualifier Test17", - "-policy anyPolicy", - "False", "$nist1", "$nist1", 0 - ], - [ - "4.8.18.1", - "User Notice Qualifier Test18", - "-policy $nist1", - "True", "$nist1:$nist2", "$nist1", 0 - ], - [ - "4.8.18.2", - "User Notice Qualifier Test18", - "-policy $nist2", - "True", "$nist1:$nist2", "$nist2", 0 - ], - [ - "4.8.19", - "User Notice Qualifier Test19", - "-policy anyPolicy", - "False", "$nist1", "$nist1", 0 - ], - [ - "4.8.20", - "CPS Pointer Qualifier Test20", - "-policy anyPolicy -explicit_policy", - "True", "$nist1", "$nist1", 0 - ], - [ "4.9", "Require Explicit Policy" ], - [ - "4.9.1", - "Valid RequireExplicitPolicy Test1", - "-policy anyPolicy", - "False", "", "", 0 - ], - [ - "4.9.2", - "Valid RequireExplicitPolicy Test2", - "-policy anyPolicy", - "False", "", "", 0 - ], - [ - "4.9.3", - "Invalid RequireExplicitPolicy Test3", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ - "4.9.4", - "Valid RequireExplicitPolicy Test4", - "-policy anyPolicy", - "True", "$nist1", "$nist1", 0 - ], - [ - "4.9.5", - "Invalid RequireExplicitPolicy Test5", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ - "4.9.6", - "Valid Self-Issued requireExplicitPolicy Test6", - "-policy anyPolicy", - "False", "", "", 0 - ], - [ - "4.9.7", - "Invalid Self-Issued requireExplicitPolicy Test7", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ - "4.9.8", - "Invalid Self-Issued requireExplicitPolicy Test8", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ "4.10", "Policy Mappings" ], - [ - "4.10.1.1", - "Valid Policy Mapping Test1", - "-policy $nist1", - "True", "$nist1", "$nist1", 0 - ], - [ - "4.10.1.2", - "Valid Policy Mapping Test1", - "-policy $nist2", - "True", "$nist1", "", 43 - ], - [ - "4.10.1.3", - "Valid Policy Mapping Test1", - "-policy anyPolicy -inhibit_map", - "True", "", "", 43 - ], - [ - "4.10.2.1", - "Invalid Policy Mapping Test2", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ - "4.10.2.2", - "Invalid Policy Mapping Test2", - "-policy anyPolicy -inhibit_map", - "True", "", "", 43 - ], - [ - "4.10.3.1", - "Valid Policy Mapping Test3", - "-policy $nist1", - "True", "$nist2", "", 43 - ], - [ - "4.10.3.2", - "Valid Policy Mapping Test3", - "-policy $nist2", - "True", "$nist2", "$nist2", 0 - ], - [ - "4.10.4", - "Invalid Policy Mapping Test4", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ - "4.10.5.1", - "Valid Policy Mapping Test5", - "-policy $nist1", - "True", "$nist1", "$nist1", 0 - ], - [ - "4.10.5.2", - "Valid Policy Mapping Test5", - "-policy $nist6", - "True", "$nist1", "", 43 - ], - [ - "4.10.6.1", - "Valid Policy Mapping Test6", - "-policy $nist1", - "True", "$nist1", "$nist1", 0 - ], - [ - "4.10.6.2", - "Valid Policy Mapping Test6", - "-policy $nist6", - "True", "$nist1", "", 43 - ], - [ "4.10.7", "Invalid Mapping From anyPolicy Test7", 42 ], - [ "4.10.8", "Invalid Mapping To anyPolicy Test8", 42 ], - [ - "4.10.9", - "Valid Policy Mapping Test9", - "-policy anyPolicy", - "True", "$nist1", "$nist1", 0 - ], - [ - "4.10.10", - "Invalid Policy Mapping Test10", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ - "4.10.11", - "Valid Policy Mapping Test11", - "-policy anyPolicy", - "True", "$nist1", "$nist1", 0 - ], - - # TODO: check notice display - [ - "4.10.12.1", - "Valid Policy Mapping Test12", - "-policy $nist1", - "True", "$nist1:$nist2", "$nist1", 0 - ], - - # TODO: check notice display - [ - "4.10.12.2", - "Valid Policy Mapping Test12", - "-policy $nist2", - "True", "$nist1:$nist2", "$nist2", 0 - ], - [ - "4.10.13", - "Valid Policy Mapping Test13", - "-policy anyPolicy", - "True", "$nist1", "$nist1", 0 - ], - - # TODO: check notice display - [ - "4.10.14", - "Valid Policy Mapping Test14", - "-policy anyPolicy", - "True", "$nist1", "$nist1", 0 - ], - [ "4.11", "Inhibit Policy Mapping" ], - [ - "4.11.1", - "Invalid inhibitPolicyMapping Test1", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ - "4.11.2", - "Valid inhibitPolicyMapping Test2", - "-policy anyPolicy", - "True", "$nist1", "$nist1", 0 - ], - [ - "4.11.3", - "Invalid inhibitPolicyMapping Test3", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ - "4.11.4", - "Valid inhibitPolicyMapping Test4", - "-policy anyPolicy", - "True", "$nist2", "$nist2", 0 - ], - [ - "4.11.5", - "Invalid inhibitPolicyMapping Test5", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ - "4.11.6", - "Invalid inhibitPolicyMapping Test6", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ - "4.11.7", - "Valid Self-Issued inhibitPolicyMapping Test7", - "-policy anyPolicy", - "True", "$nist1", "$nist1", 0 - ], - [ - "4.11.8", - "Invalid Self-Issued inhibitPolicyMapping Test8", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ - "4.11.9", - "Invalid Self-Issued inhibitPolicyMapping Test9", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ - "4.11.10", - "Invalid Self-Issued inhibitPolicyMapping Test10", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ - "4.11.11", - "Invalid Self-Issued inhibitPolicyMapping Test11", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ "4.12", "Inhibit Any Policy" ], - [ - "4.12.1", - "Invalid inhibitAnyPolicy Test1", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ - "4.12.2", - "Valid inhibitAnyPolicy Test2", - "-policy anyPolicy", - "True", "$nist1", "$nist1", 0 - ], - [ - "4.12.3.1", - "inhibitAnyPolicy Test3", - "-policy anyPolicy", - "True", "$nist1", "$nist1", 0 - ], - [ - "4.12.3.2", - "inhibitAnyPolicy Test3", - "-policy anyPolicy -inhibit_any", - "True", "", "", 43 - ], - [ - "4.12.4", - "Invalid inhibitAnyPolicy Test4", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ - "4.12.5", - "Invalid inhibitAnyPolicy Test5", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ - "4.12.6", - "Invalid inhibitAnyPolicy Test6", - "-policy anyPolicy", - "True", "", "", 43 - ], - [ "4.12.7", "Valid Self-Issued inhibitAnyPolicy Test7", 0 ], - [ "4.12.8", "Invalid Self-Issued inhibitAnyPolicy Test8", 43 ], - [ "4.12.9", "Valid Self-Issued inhibitAnyPolicy Test9", 0 ], - [ "4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10", 43 ], - [ "4.13", "Name Constraints" ], - [ "4.13.1", "Valid DN nameConstraints Test1", 0 ], - [ "4.13.2", "Invalid DN nameConstraints Test2", 47 ], - [ "4.13.3", "Invalid DN nameConstraints Test3", 47 ], - [ "4.13.4", "Valid DN nameConstraints Test4", 0 ], - [ "4.13.5", "Valid DN nameConstraints Test5", 0 ], - [ "4.13.6", "Valid DN nameConstraints Test6", 0 ], - [ "4.13.7", "Invalid DN nameConstraints Test7", 48 ], - [ "4.13.8", "Invalid DN nameConstraints Test8", 48 ], - [ "4.13.9", "Invalid DN nameConstraints Test9", 48 ], - [ "4.13.10", "Invalid DN nameConstraints Test10", 48 ], - [ "4.13.11", "Valid DN nameConstraints Test11", 0 ], - [ "4.13.12", "Invalid DN nameConstraints Test12", 47 ], - [ "4.13.13", "Invalid DN nameConstraints Test13", 47 ], - [ "4.13.14", "Valid DN nameConstraints Test14", 0 ], - [ "4.13.15", "Invalid DN nameConstraints Test15", 48 ], - [ "4.13.16", "Invalid DN nameConstraints Test16", 48 ], - [ "4.13.17", "Invalid DN nameConstraints Test17", 48 ], - [ "4.13.18", "Valid DN nameConstraints Test18", 0 ], - [ "4.13.19", "Valid Self-Issued DN nameConstraints Test19", 0 ], - [ "4.13.20", "Invalid Self-Issued DN nameConstraints Test20", 47 ], - [ "4.13.21", "Valid RFC822 nameConstraints Test21", 0 ], - [ "4.13.22", "Invalid RFC822 nameConstraints Test22", 47 ], - [ "4.13.23", "Valid RFC822 nameConstraints Test23", 0 ], - [ "4.13.24", "Invalid RFC822 nameConstraints Test24", 47 ], - [ "4.13.25", "Valid RFC822 nameConstraints Test25", 0 ], - [ "4.13.26", "Invalid RFC822 nameConstraints Test26", 48 ], - [ "4.13.27", "Valid DN and RFC822 nameConstraints Test27", 0 ], - [ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28", 47 ], - [ "4.13.29", "Invalid DN and RFC822 nameConstraints Test29", 47 ], - [ "4.13.30", "Valid DNS nameConstraints Test30", 0 ], - [ "4.13.31", "Invalid DNS nameConstraints Test31", 47 ], - [ "4.13.32", "Valid DNS nameConstraints Test32", 0 ], - [ "4.13.33", "Invalid DNS nameConstraints Test33", 48 ], - [ "4.13.34", "Valid URI nameConstraints Test34", 0 ], - [ "4.13.35", "Invalid URI nameConstraints Test35", 47 ], - [ "4.13.36", "Valid URI nameConstraints Test36", 0 ], - [ "4.13.37", "Invalid URI nameConstraints Test37", 48 ], - [ "4.13.38", "Invalid DNS nameConstraints Test38", 47 ], - [ "4.14", "Distribution Points" ], - [ "4.14.1", "Valid distributionPoint Test1", 0 ], - [ "4.14.2", "Invalid distributionPoint Test2", 23 ], - [ "4.14.3", "Invalid distributionPoint Test3", 44 ], - [ "4.14.4", "Valid distributionPoint Test4", 0 ], - [ "4.14.5", "Valid distributionPoint Test5", 0 ], - [ "4.14.6", "Invalid distributionPoint Test6", 23 ], - [ "4.14.7", "Valid distributionPoint Test7", 0 ], - [ "4.14.8", "Invalid distributionPoint Test8", 44 ], - [ "4.14.9", "Invalid distributionPoint Test9", 44 ], - [ "4.14.10", "Valid No issuingDistributionPoint Test10", 0 ], - [ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11", 44 ], - [ "4.14.12", "Invalid onlyContainsCACerts CRL Test12", 44 ], - [ "4.14.13", "Valid onlyContainsCACerts CRL Test13", 0 ], - [ "4.14.14", "Invalid onlyContainsAttributeCerts Test14", 44 ], - [ "4.14.15", "Invalid onlySomeReasons Test15", 23 ], - [ "4.14.16", "Invalid onlySomeReasons Test16", 23 ], - [ "4.14.17", "Invalid onlySomeReasons Test17", 3 ], - [ "4.14.18", "Valid onlySomeReasons Test18", 0 ], - [ "4.14.19", "Valid onlySomeReasons Test19", 0 ], - [ "4.14.20", "Invalid onlySomeReasons Test20", 23 ], - [ "4.14.21", "Invalid onlySomeReasons Test21", 23 ], - [ "4.14.22", "Valid IDP with indirectCRL Test22", 0 ], - [ "4.14.23", "Invalid IDP with indirectCRL Test23", 23 ], - [ "4.14.24", "Valid IDP with indirectCRL Test24", 0 ], - [ "4.14.25", "Valid IDP with indirectCRL Test25", 0 ], - [ "4.14.26", "Invalid IDP with indirectCRL Test26", 44 ], - [ "4.14.27", "Invalid cRLIssuer Test27", 3 ], - [ "4.14.28", "Valid cRLIssuer Test28", 0 ], - [ "4.14.29", "Valid cRLIssuer Test29", 0 ], - - # Although this test is valid it has a circular dependency. As a result - # an attempt is made to recursively check a CRL path and rejected due to - # a CRL path validation error. PKITS notes suggest this test does not - # need to be run due to this issue. - [ "4.14.30", "Valid cRLIssuer Test30", 54 ], - [ "4.14.31", "Invalid cRLIssuer Test31", 23 ], - [ "4.14.32", "Invalid cRLIssuer Test32", 23 ], - [ "4.14.33", "Valid cRLIssuer Test33", 0 ], - [ "4.14.34", "Invalid cRLIssuer Test34", 23 ], - [ "4.14.35", "Invalid cRLIssuer Test35", 44 ], - [ "4.15", "Delta-CRLs" ], - [ "4.15.1", "Invalid deltaCRLIndicator No Base Test1", 3 ], - [ "4.15.2", "Valid delta-CRL Test2", 0 ], - [ "4.15.3", "Invalid delta-CRL Test3", 23 ], - [ "4.15.4", "Invalid delta-CRL Test4", 23 ], - [ "4.15.5", "Valid delta-CRL Test5", 0 ], - [ "4.15.6", "Invalid delta-CRL Test6", 23 ], - [ "4.15.7", "Valid delta-CRL Test7", 0 ], - [ "4.15.8", "Valid delta-CRL Test8", 0 ], - [ "4.15.9", "Invalid delta-CRL Test9", 23 ], - [ "4.15.10", "Invalid delta-CRL Test10", 12 ], - [ "4.16", "Private Certificate Extensions" ], - [ "4.16.1", "Valid Unknown Not Critical Certificate Extension Test1", 0 ], - [ "4.16.2", "Invalid Unknown Critical Certificate Extension Test2", 34 ], -); - - -my $verbose = 1; - -my $numtest = 0; -my $numfail = 0; - -my $ossl = "ossl/apps/openssl"; - -my $ossl_cmd = "$ossl_path cms -verify -verify_retcode "; -$ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict "; - -# Check for expiry of trust anchor -system "$ossl_path x509 -inform DER -in $pkitsta -checkend 0"; -if ($? == 256) - { - print STDERR "WARNING: using older expired data\n"; - $ossl_cmd .= "-attime 1291940972 "; - } - -$ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 "; - -system "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem"; - -die "Can't create trust anchor file" if $?; - -print "Running PKITS tests:\n" if $verbose; - -foreach (@testlists) { - my $argnum = @$_; - if ( $argnum == 2 ) { - my ( $tnum, $title ) = @$_; - print "$tnum $title\n" if $verbose; - } - elsif ( $argnum == 3 ) { - my ( $tnum, $title, $exp_ret ) = @$_; - my $filename = $title; - $exp_ret += 32 if $exp_ret; - $filename =~ tr/ -//d; - $filename = "Signed${filename}.eml"; - if ( !-f "$pkitsdir/$filename" ) { - print "\"$filename\" not found\n"; - } - else { - my $ret; - my $test_fail = 0; - my $errmsg = ""; - my $cmd = $ossl_cmd; - $cmd .= "-in $pkitsdir/$filename -policy anyPolicy"; - my $cmdout = `$cmd`; - $ret = $? >> 8; - if ( $? & 0xff ) { - $errmsg .= "Abnormal OpenSSL termination\n"; - $test_fail = 1; - } - if ( $exp_ret != $ret ) { - $errmsg .= "Return code:$ret, "; - $errmsg .= "expected $exp_ret\n"; - $test_fail = 1; - } - if ($test_fail) { - print "$tnum $title : Failed!\n"; - print "Filename: $pkitsdir/$filename\n"; - print $errmsg; - print "Command output:\n$cmdout\n"; - $numfail++; - } - $numtest++; - } - } - elsif ( $argnum == 7 ) { - my ( $tnum, $title, $exargs, $exp_epol, $exp_aset, $exp_uset, $exp_ret ) - = @$_; - my $filename = $title; - $exp_ret += 32 if $exp_ret; - $filename =~ tr/ -//d; - $filename = "Signed${filename}.eml"; - if ( !-f "$pkitsdir/$filename" ) { - print "\"$filename\" not found\n"; - } - else { - my $ret; - my $cmdout = ""; - my $errmsg = ""; - my $epol = ""; - my $aset = ""; - my $uset = ""; - my $pol = -1; - my $test_fail = 0; - my $cmd = $ossl_cmd; - $cmd .= "-in $pkitsdir/$filename $exargs -policy_print"; - @oparr = `$cmd`; - $ret = $? >> 8; - - if ( $? & 0xff ) { - $errmsg .= "Abnormal OpenSSL termination\n"; - $test_fail = 1; - } - foreach (@oparr) { - my $test_failed = 0; - $cmdout .= $_; - if (/^Require explicit Policy: (.*)$/) { - $epol = $1; - } - if (/^Authority Policies/) { - if (/empty/) { - $aset = ""; - } - else { - $pol = 1; - } - } - $test_fail = 1 if (/leak/i); - if (/^User Policies/) { - if (/empty/) { - $uset = ""; - } - else { - $pol = 2; - } - } - if (/\s+Policy: (.*)$/) { - if ( $pol == 1 ) { - $aset .= ":" if $aset ne ""; - $aset .= $1; - } - elsif ( $pol == 2 ) { - $uset .= ":" if $uset ne ""; - $uset .= $1; - } - } - } - - if ( $epol ne $exp_epol ) { - $errmsg .= "Explicit policy:$epol, "; - $errmsg .= "expected $exp_epol\n"; - $test_fail = 1; - } - if ( $aset ne $exp_aset ) { - $errmsg .= "Authority policy set :$aset, "; - $errmsg .= "expected $exp_aset\n"; - $test_fail = 1; - } - if ( $uset ne $exp_uset ) { - $errmsg .= "User policy set :$uset, "; - $errmsg .= "expected $exp_uset\n"; - $test_fail = 1; - } - - if ( $exp_ret != $ret ) { - print "Return code:$ret, expected $exp_ret\n"; - $test_fail = 1; - } - - if ($test_fail) { - print "$tnum $title : Failed!\n"; - print "Filename: $pkitsdir/$filename\n"; - print "Command output:\n$cmdout\n"; - $numfail++; - } - $numtest++; - } - } -} - -if ($numfail) { - print "$numfail tests failed out of $numtest\n"; -} -else { - print "All Tests Successful.\n"; -} - -unlink "pkitsta.pem"; - diff --git a/src/lib/libssl/test/smcont.txt b/src/lib/libssl/test/smcont.txt deleted file mode 100644 index e837c0b75b..0000000000 --- a/src/lib/libssl/test/smcont.txt +++ /dev/null @@ -1 +0,0 @@ -Some test content for OpenSSL CMS \ No newline at end of file diff --git a/src/lib/libssl/test/smime-certs/smdsa1.pem b/src/lib/libssl/test/smime-certs/smdsa1.pem deleted file mode 100644 index d5677dbfbe..0000000000 --- a/src/lib/libssl/test/smime-certs/smdsa1.pem +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN DSA PRIVATE KEY----- -MIIBuwIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 -OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt -GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J -jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt -wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK -+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z -SJCBQw5zAoGATQlPPF+OeU8nu3rsdXGDiZdJzOkuCce3KQfTABA9C+Dk4CVcvBdd -YRLGpnykumkNTO1sTO+4/Gphsuje1ujK9td4UEhdYqylCe5QjEMrszDlJtelDQF9 -C0yhdjKGTP0kxofLhsGckcuQvcKEKffT2pDDKJIy4vWQO0UyJl1vjLcCFG2uiGGx -9fMUZq1v0ePD4Wo0Xkxo ------END DSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsWMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 -CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ -mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 -jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB -CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV -kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D -xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBN -CU88X455Tye7eux1cYOJl0nM6S4Jx7cpB9MAED0L4OTgJVy8F11hEsamfKS6aQ1M -7WxM77j8amGy6N7W6Mr213hQSF1irKUJ7lCMQyuzMOUm16UNAX0LTKF2MoZM/STG -h8uGwZyRy5C9woQp99PakMMokjLi9ZA7RTImXW+Mt6OBgzCBgDAdBgNVHQ4EFgQU -4Qfbhpi5yqXaXuCLXj427mR25MkwHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput -aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV -c21pbWVkc2ExQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBAFrdUzKK1pWO -kd02S423KUBc4GWWyiGlVoEO7WxVhHLJ8sm67X7OtJOwe0UGt+Nc5qLtyJYSirw8 -phjiTdNpQCTJ8+Kc56tWkJ6H7NAI4vTJtPL5BM/EmeYrVSU9JI9xhqpyKw9IBD+n -hRJ79W9FaiJRvaAOX+TkyTukJrxAWRyv ------END CERTIFICATE----- diff --git a/src/lib/libssl/test/smime-certs/smdsa2.pem b/src/lib/libssl/test/smime-certs/smdsa2.pem deleted file mode 100644 index ef86c115d7..0000000000 --- a/src/lib/libssl/test/smime-certs/smdsa2.pem +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN DSA PRIVATE KEY----- -MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 -OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt -GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J -jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt -wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK -+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z -SJCBQw5zAoGBAIPmO8BtJ+Yac58trrPwq9b/6VW3jQTWzTLWSH84/QQdqQa+Pz3v -It/+hHM0daNF5uls8ICsPL1aLXmRx0pHvIyb0aAzYae4T4Jv/COPDMTdKbA1uitJ -VbkGZrm+LIrs7I9lOkb4T0vI6kL/XdOCXY1469zsqCgJ/O2ibn6mq0nWAhR716o2 -Nf8SimTZYB0/CKje6M5ufA== ------END DSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDpTCCAw6gAwIBAgIJAMtotfHYdEsXMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 -CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ -mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 -jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB -CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV -kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D -xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhQACgYEA -g+Y7wG0n5hpzny2us/Cr1v/pVbeNBNbNMtZIfzj9BB2pBr4/Pe8i3/6EczR1o0Xm -6WzwgKw8vVoteZHHSke8jJvRoDNhp7hPgm/8I48MxN0psDW6K0lVuQZmub4siuzs -j2U6RvhPS8jqQv9d04JdjXjr3OyoKAn87aJufqarSdajgYMwgYAwHQYDVR0OBBYE -FHsAGNfVltSYUq4hC+YVYwsYtA+dMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcXdsab -rWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMCAGA1UdEQQZMBeB -FXNtaW1lZHNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQCx9BtCbaYF -FXjLClkuKXbESaDZA1biPgY25i00FsUzARuhCpqD2v+0tu5c33ZzIhL6xlvBRU5l -6Atw/xpZhae+hdBEtxPJoGekLLrHOau7Md3XwDjV4lFgcEJkWZoaSOOIK+4D5jF0 -jZWtHjnwEzuLYlo7ScHSsbcQfjH0M1TP5A== ------END CERTIFICATE----- diff --git a/src/lib/libssl/test/smime-certs/smdsa3.pem b/src/lib/libssl/test/smime-certs/smdsa3.pem deleted file mode 100644 index eeb848dabc..0000000000 --- a/src/lib/libssl/test/smime-certs/smdsa3.pem +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN DSA PRIVATE KEY----- -MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 -OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt -GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J -jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt -wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK -+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z -SJCBQw5zAoGAYzOpPmh8Je1IDauEXhgaLz14wqYUHHcrj2VWVJ6fRm8GhdQFJSI7 -GUk08pgKZSKic2lNqxuzW7/vFxKQ/nvzfytY16b+2i+BR4Q6yvMzCebE1hHVg0Ju -TwfUMwoFEOhYP6ZwHSUiQl9IBMH9TNJCMwYMxfY+VOrURFsjGTRUgpwCFQCIGt5g -Y+XZd0Sv69CatDIRYWvaIA== ------END DSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsYMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 -CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ -mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 -jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB -CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV -kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D -xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBj -M6k+aHwl7UgNq4ReGBovPXjCphQcdyuPZVZUnp9GbwaF1AUlIjsZSTTymAplIqJz -aU2rG7Nbv+8XEpD+e/N/K1jXpv7aL4FHhDrK8zMJ5sTWEdWDQm5PB9QzCgUQ6Fg/ -pnAdJSJCX0gEwf1M0kIzBgzF9j5U6tREWyMZNFSCnKOBgzCBgDAdBgNVHQ4EFgQU -VhpVXqQ/EzUMdxLvP7o9EhJ8h70wHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput -aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV -c21pbWVkc2EzQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBACM9e75EQa8m -k/AZkH/tROqf3yeqijULl9x8FjFatqoY+29OM6oMGM425IqSkKd2ipz7OxO0SShu -rE0O3edS7DvYBwvhWPviRaYBMyZ4iFJVup+fOzoYK/j/bASxS3BHQBwb2r4rhe25 -OlTyyFEk7DJyW18YFOG97S1P52oQ5f5x ------END CERTIFICATE----- diff --git a/src/lib/libssl/test/smime-certs/smdsap.pem b/src/lib/libssl/test/smime-certs/smdsap.pem deleted file mode 100644 index 249706c8c7..0000000000 --- a/src/lib/libssl/test/smime-certs/smdsap.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN DSA PARAMETERS----- -MIIBHwKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3OjSG -Lh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqtGcoA -gsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2Jjt+d -qk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qtwjqv -Wp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK+FMO -GnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4ZSJCB -Qw5z ------END DSA PARAMETERS----- diff --git a/src/lib/libssl/test/smime-certs/smroot.pem b/src/lib/libssl/test/smime-certs/smroot.pem deleted file mode 100644 index a59eb2684c..0000000000 --- a/src/lib/libssl/test/smime-certs/smroot.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDBV1Z/Q5gPF7lojc8pKUdyz5+Jf2B3vs4he6egekugWnoJduki -9Lnae/JchB/soIX0co3nLc11NuFFlnAWJNMDJr08l5AHAJLYNHevF5l/f9oDQwvZ -speKh1xpIAJNqCTzVeQ/ZLx6/GccIXV/xDuKIiovqJTPgR5WPkYKaw++lQIDAQAB -AoGALXnUj5SflJU4+B2652ydMKUjWl0KnL/VjkyejgGV/j6py8Ybaixz9q8Gv7oY -JDlRqMC1HfZJCFQDQrHy5VJ+CywA/H9WrqKo/Ch9U4tJAZtkig1Cmay/BAYixVu0 -xBeim10aKF6hxHH4Chg9We+OCuzWBWJhqveNjuDedL/i7JUCQQDlejovcwBUCbhJ -U12qKOwlaboolWbl7yF3XdckTJZg7+1UqQHZH5jYZlLZyZxiaC92SNV0SyTLJZnS -Jh5CO+VDAkEA16/pPcuVtMMz/R6SSPpRSIAa1stLs0mFSs3NpR4pdm0n42mu05pO -1tJEt3a1g7zkreQBf53+Dwb+lA841EkjRwJBAIFmt0DifKDnCkBu/jZh9SfzwsH3 -3Zpzik+hXxxdA7+ODCrdUul449vDd5zQD5t+XKU61QNLDGhxv5e9XvrCg7kCQH/a -3ldsVF0oDaxxL+QkxoREtCQ5tLEd1u7F2q6Tl56FDE0pe6Ih6bQ8RtG+g9EI60IN -U7oTrOO5kLWx5E0q4ccCQAZVgoenn9MhRU1agKOCuM6LT2DxReTu4XztJzynej+8 -0J93n3ebanB1MlRpn1XJwhQ7gAC8ImaQKLJK5jdJzFc= ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIICaTCCAdKgAwIBAgIJAP6VN47boiXRMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDdaFw0xNjA1MTExMzUzMDdaMEQx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRU -ZXN0IFMvTUlNRSBSU0EgUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA -wVdWf0OYDxe5aI3PKSlHcs+fiX9gd77OIXunoHpLoFp6CXbpIvS52nvyXIQf7KCF -9HKN5y3NdTbhRZZwFiTTAya9PJeQBwCS2DR3rxeZf3/aA0ML2bKXiodcaSACTagk -81XkP2S8evxnHCF1f8Q7iiIqL6iUz4EeVj5GCmsPvpUCAwEAAaNjMGEwHQYDVR0O -BBYEFBPPS6e7iS6zOFcXdsabrWhb5e0XMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcX -dsabrWhb5e0XMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqG -SIb3DQEBBQUAA4GBAIECprq5viDvnDbkyOaiSr9ubMUmWqvycfAJMdPZRKcOZczS -l+L9R9lF3JSqbt3knOe9u6bGDBOTY2285PdCCuHRVMk2Af1f6El1fqAlRUwNqipp -r68sWFuRqrcRNtk6QQvXfkOhrqQBuDa7te/OVQLa2lGN9Dr2mQsD8ijctatG ------END CERTIFICATE----- diff --git a/src/lib/libssl/test/smime-certs/smrsa1.pem b/src/lib/libssl/test/smime-certs/smrsa1.pem deleted file mode 100644 index 2cf3148e33..0000000000 --- a/src/lib/libssl/test/smime-certs/smrsa1.pem +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQC6A978j4pmPgUtUQqF+bjh6vdhwGOGZSD7xXgFTMjm88twfv+E -ixkq2KXSDjD0ZXoQbdOaSbvGRQrIJpG2NGiKAFdYNrP025kCCdh5wF/aEI7KLEm7 -JlHwXpQsuj4wkMgmkFjL3Ty4Z55aNH+2pPQIa0k+ENJXm2gDuhqgBmduAwIDAQAB -AoGBAJMuYu51aO2THyeHGwt81uOytcCbqGP7eoib62ZOJhxPRGYjpmuqX+R9/V5i -KiwGavm63JYUx0WO9YP+uIZxm1BUATzkgkS74u5LP6ajhkZh6/Bck1oIYYkbVOXl -JVrdENuH6U7nupznsyYgONByo+ykFPVUGmutgiaC7NMVo/MxAkEA6KLejWXdCIEn -xr7hGph9NlvY9xuRIMexRV/WrddcFfCdjI1PciIupgrIkR65M9yr7atm1iU6/aRf -KOr8rLZsSQJBAMyyXN71NsDNx4BP6rtJ/LJMP0BylznWkA7zWfGCbAYn9VhZVlSY -Eu9Gyr7quD1ix7G3kInKVYOEEOpockBLz+sCQQCedyMmKjcQLfpMVYW8uhbAynvW -h36qV5yXZxszO7nMcCTBsxhk5IfmLv5EbCs3+p9avCDGyoGOeUMg+kC33WORAkAg -oUIarH4o5+SoeJTTfCzTA0KF9H5U0vYt2+73h7HOnWoHxl3zqDZEfEVvf50U8/0f -QELDJETTbScBJtsnkq43AkEA38etvoZ2i4FJvvo7R/9gWBHVEcrGzcsCBYrNnIR1 -SZLRwHEGaiOK1wxMsWzqp7PJwL9z/M8A8DyOFBx3GPOniA== ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIICizCCAfSgAwIBAgIJAMtotfHYdEsTMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBSU0EgIzEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB -ALoD3vyPimY+BS1RCoX5uOHq92HAY4ZlIPvFeAVMyObzy3B+/4SLGSrYpdIOMPRl -ehBt05pJu8ZFCsgmkbY0aIoAV1g2s/TbmQIJ2HnAX9oQjsosSbsmUfBelCy6PjCQ -yCaQWMvdPLhnnlo0f7ak9AhrST4Q0lebaAO6GqAGZ24DAgMBAAGjgYMwgYAwHQYD -VR0OBBYEFE2vMvKz5jrC7Lbdg68XwZ95iL/QMB8GA1UdIwQYMBaAFBPPS6e7iS6z -OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud -EQQZMBeBFXNtaW1lcnNhMUBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQAi -O3GOkUl646oLnOimc36i9wxZ1tejsqs8vMjJ0Pym6Uq9FE2JoGzJ6OhB1GOsEVmj -9cQ5UNQcRYL3cqOFtl6f4Dpu/lhzfbaqgmLjv29G1mS0uuTZrixhlyCXjwcbOkNC -I/+wvHHENYIK5+T/79M9LaZ2Qk4F9MNE1VMljdz9Qw== ------END CERTIFICATE----- diff --git a/src/lib/libssl/test/smime-certs/smrsa2.pem b/src/lib/libssl/test/smime-certs/smrsa2.pem deleted file mode 100644 index d41f69c82f..0000000000 --- a/src/lib/libssl/test/smime-certs/smrsa2.pem +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQCwBfryW4Vu5U9wNIDKspJO/N9YF4CcTlrCUyzVlKgb+8urHlSe -59i5verR9IOCCXkemjOzZ/3nALTGqYZlnEvHp0Rjk+KdKXnKBIB+SRPpeu3LcXMT -WPgsThPa0UQxedNKG0g6aG+kLhsDlFBCoxd09jJtSpb9jmroJOq0ZYEHLwIDAQAB -AoGAKa/w4677Je1W5+r3SYoLDnvi5TkDs4D3C6ipKJgBTEdQz+DqB4w/DpZE4551 -+rkFn1LDxcxuHGRVa+tAMhZW97fwq9YUbjVZEyOz79qrX+BMyl/NbHkf1lIKDo3q -dWalzQvop7nbzeLC+VmmviwZfLQUbA61AQl3jm4dswT4XykCQQDloDadEv/28NTx -bvvywvyGuvJkCkEIycm4JrIInvwsd76h/chZ3oymrqzc7hkEtK6kThqlS5y+WXl6 -QzPruTKTAkEAxD2ro/VUoN+scIVaLmn0RBmZ67+9Pdn6pNSfjlK3s0T0EM6/iUWS -M06l6L9wFS3/ceu1tIifsh9BeqOGTa+udQJARIFnybTBaIqw/NZ/lA1YCVn8tpvY -iyaoZ6gjtS65TQrsdKeh/i3HCHNUXxUpoZ3F/H7QtD+6o49ODou+EbVOwQJAVmex -A2gp8wuJKaINqxIL81AybZLnCCzKJ3lXJ5tUNyLNM/lUbGStktm2Q1zHRQwTxV07 -jFn7trn8YrtNjzcjYQJAUKIJRt38A8Jw3HoPT+D0WS2IgxjVL0eYGsZX1lyeammG -6rfnQ3u5uP7mEK2EH2o8mDUpAE0gclWBU9UkKxJsGA== ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIICizCCAfSgAwIBAgIJAMtotfHYdEsUMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBSU0EgIzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB -ALAF+vJbhW7lT3A0gMqykk7831gXgJxOWsJTLNWUqBv7y6seVJ7n2Lm96tH0g4IJ -eR6aM7Nn/ecAtMaphmWcS8enRGOT4p0pecoEgH5JE+l67ctxcxNY+CxOE9rRRDF5 -00obSDpob6QuGwOUUEKjF3T2Mm1Klv2Oaugk6rRlgQcvAgMBAAGjgYMwgYAwHQYD -VR0OBBYEFIL/u+mEvaw7RuKLRuElfVkxSQjYMB8GA1UdIwQYMBaAFBPPS6e7iS6z -OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud -EQQZMBeBFXNtaW1lcnNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQC2 -rXR5bm/9RtOMQPleNpd3y6uUX3oy+0CafK5Yl3PMnItjjnKJ0l1/DbLbDj2twehe -ewaB8CROcBCA3AMLSmGvPKgUCFMGtWam3328M4fBHzon5ka7qDXzM+imkAly/Yx2 -YNdR/aNOug+5sXygHmTSKqiCpQjOIClzXoPVVeEVHw== ------END CERTIFICATE----- diff --git a/src/lib/libssl/test/smime-certs/smrsa3.pem b/src/lib/libssl/test/smime-certs/smrsa3.pem deleted file mode 100644 index c8cbe55151..0000000000 --- a/src/lib/libssl/test/smime-certs/smrsa3.pem +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQC6syTZtZNe1hRScFc4PUVyVLsr7+C1HDIZnOHmwFoLayX6RHwy -ep/TkdwiPHnemVLuwvpSjLMLZkXy/J764kSHJrNeVl3UvmCVCOm40hAtK1+F39pM -h8phkbPPD7i+hwq4/Vs79o46nzwbVKmzgoZBJhZ+codujUSYM3LjJ4aq+wIDAQAB -AoGAE1Zixrnr3bLGwBMqtYSDIOhtyos59whImCaLr17U9MHQWS+mvYO98if1aQZi -iQ/QazJ+wvYXxWJ+dEB+JvYwqrGeuAU6He/rAb4OShG4FPVU2D19gzRnaButWMeT -/1lgXV08hegGBL7RQNaN7b0viFYMcKnSghleMP0/q+Y/oaECQQDkXEwDYJW13X9p -ijS20ykWdY5lLknjkHRhhOYux0rlhOqsyMZjoUmwI2m0qj9yrIysKhrk4MZaM/uC -hy0xp3hdAkEA0Uv/UY0Kwsgc+W6YxeypECtg1qCE6FBib8n4iFy/6VcWqhvE5xrs -OdhKv9/p6aLjLneGd1sU+F8eS9LGyKIbNwJBAJPgbNzXA7uUZriqZb5qeTXxBDfj -RLfXSHYKAKEULxz3+JvRHB9SR4yHMiFrCdExiZrHXUkPgYLSHLGG5a4824UCQD6T -9XvhquUARkGCAuWy0/3Eqoihp/t6BWSdQ9Upviu7YUhtUxsyXo0REZB7F4pGrJx5 -GlhXgFaewgUzuUHFzlMCQCzJMMWslWpoLntnR6sMhBMhBFHSw+Y5CbxBmFrdtSkd -VdtNO1VuDCTxjjW7W3Khj7LX4KZ1ye/5jfAgnnnXisc= ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIICizCCAfSgAwIBAgIJAMtotfHYdEsVMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBSU0EgIzMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB -ALqzJNm1k17WFFJwVzg9RXJUuyvv4LUcMhmc4ebAWgtrJfpEfDJ6n9OR3CI8ed6Z -Uu7C+lKMswtmRfL8nvriRIcms15WXdS+YJUI6bjSEC0rX4Xf2kyHymGRs88PuL6H -Crj9Wzv2jjqfPBtUqbOChkEmFn5yh26NRJgzcuMnhqr7AgMBAAGjgYMwgYAwHQYD -VR0OBBYEFDsSFjNtYZzd0tTHafNS7tneQQj6MB8GA1UdIwQYMBaAFBPPS6e7iS6z -OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud -EQQZMBeBFXNtaW1lcnNhM0BvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQBE -tUDB+1Dqigu4p1xtdq7JRK6S+gfA7RWmhz0j2scb2zhpS12h37JLHsidGeKAzZYq -jUjOrH/j3xcV5AnuJoqImJaN23nzzxtR4qGGX2mrq6EtObzdEGgCUaizsGM+0slJ -PYxcy8KeY/63B1BpYhj2RjGkL6HrvuAaxVORa3acoA== ------END CERTIFICATE----- diff --git a/src/lib/libssl/test/tcrl b/src/lib/libssl/test/tcrl deleted file mode 100644 index 055269eab8..0000000000 --- a/src/lib/libssl/test/tcrl +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/sh - -cmd='../util/shlib_wrap.sh ../apps/openssl crl' - -if [ "$1"x != "x" ]; then - t=$1 -else - t=testcrl.pem -fi - -echo testing crl conversions -cp $t fff.p - -echo "p -> d" -$cmd -in fff.p -inform p -outform d >f.d -if [ $? != 0 ]; then exit 1; fi -#echo "p -> t" -#$cmd -in fff.p -inform p -outform t >f.t -#if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in fff.p -inform p -outform p >f.p -if [ $? != 0 ]; then exit 1; fi - -echo "d -> d" -$cmd -in f.d -inform d -outform d >ff.d1 -if [ $? != 0 ]; then exit 1; fi -#echo "t -> d" -#$cmd -in f.t -inform t -outform d >ff.d2 -#if [ $? != 0 ]; then exit 1; fi -echo "p -> d" -$cmd -in f.p -inform p -outform d >ff.d3 -if [ $? != 0 ]; then exit 1; fi - -#echo "d -> t" -#$cmd -in f.d -inform d -outform t >ff.t1 -#if [ $? != 0 ]; then exit 1; fi -#echo "t -> t" -#$cmd -in f.t -inform t -outform t >ff.t2 -#if [ $? != 0 ]; then exit 1; fi -#echo "p -> t" -#$cmd -in f.p -inform p -outform t >ff.t3 -#if [ $? != 0 ]; then exit 1; fi - -echo "d -> p" -$cmd -in f.d -inform d -outform p >ff.p1 -if [ $? != 0 ]; then exit 1; fi -#echo "t -> p" -#$cmd -in f.t -inform t -outform p >ff.p2 -#if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in f.p -inform p -outform p >ff.p3 -if [ $? != 0 ]; then exit 1; fi - -cmp fff.p f.p -if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -#cmp fff.p ff.p2 -#if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -#cmp f.t ff.t1 -#if [ $? != 0 ]; then exit 1; fi -#cmp f.t ff.t2 -#if [ $? != 0 ]; then exit 1; fi -#cmp f.t ff.t3 -#if [ $? != 0 ]; then exit 1; fi - -cmp f.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -#cmp f.p ff.p2 -#if [ $? != 0 ]; then exit 1; fi -cmp f.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -/bin/rm -f f.* ff.* fff.* -exit 0 diff --git a/src/lib/libssl/test/test.cnf b/src/lib/libssl/test/test.cnf deleted file mode 100644 index 10834442a1..0000000000 --- a/src/lib/libssl/test/test.cnf +++ /dev/null @@ -1,88 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# - -RANDFILE = ./.rnd - -#################################################################### -[ ca ] -default_ca = CA_default # The default ca section - -#################################################################### -[ CA_default ] - -dir = ./demoCA # Where everything is kept -certs = $dir/certs # Where the issued certs are kept -crl_dir = $dir/crl # Where the issued crl are kept -database = $dir/index.txt # database index file. -new_certs_dir = $dir/new_certs # default place for new certs. - -certificate = $dir/CAcert.pem # The CA certificate -serial = $dir/serial # The current serial number -crl = $dir/crl.pem # The current CRL -private_key = $dir/private/CAkey.pem# The private key -RANDFILE = $dir/private/.rand # private random number file - -default_days = 365 # how long to certify for -default_crl_days= 30 # how long before next CRL -default_md = md5 # which md to use. - -# A few difference way of specifying how similar the request should look -# For type CA, the listed attributes must be the same, and the optional -# and supplied fields are just that :-) -policy = policy_match - -# For the CA policy -[ policy_match ] -countryName = match -stateOrProvinceName = match -organizationName = match -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -# For the 'anything' policy -# At this point in time, you must list all acceptable 'object' -# types. -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -#################################################################### -[ req ] -default_bits = 1024 -default_keyfile = testkey.pem -distinguished_name = req_distinguished_name -encrypt_rsa_key = no - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = AU -countryName_value = AU - -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = Queensland -stateOrProvinceName_value = - -localityName = Locality Name (eg, city) -localityName_value = Brisbane - -organizationName = Organization Name (eg, company) -organizationName_default = -organizationName_value = CryptSoft Pty Ltd - -organizationalUnitName = Organizational Unit Name (eg, section) -organizationalUnitName_default = -organizationalUnitName_value = . - -commonName = Common Name (eg, YOUR name) -commonName_value = Eric Young - -emailAddress = Email Address -emailAddress_value = eay@mincom.oz.au diff --git a/src/lib/libssl/test/test_aesni b/src/lib/libssl/test/test_aesni deleted file mode 100644 index e8fb63ee2b..0000000000 --- a/src/lib/libssl/test/test_aesni +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/sh - -PROG=$1 - -if [ -x $PROG ]; then - if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then - : - else - echo "$PROG is not OpenSSL executable" - exit 1 - fi -else - echo "$PROG is not executable" - exit 1; -fi - -if $PROG engine aesni | grep -v no-aesni; then - - HASH=`cat $PROG | $PROG dgst -hex` - - AES_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \ - aes-128-cbc aes-192-cbc aes-256-cbc \ - aes-128-cfb aes-192-cfb aes-256-cfb \ - aes-128-ofb aes-192-ofb aes-256-ofb" - BUFSIZE="16 32 48 64 80 96 128 144 999" - - nerr=0 - - for alg in $AES_ALGS; do - echo $alg - for bufsize in $BUFSIZE; do - TEST=`( cat $PROG | \ - $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \ - $PROG enc -d -k "$HASH" -$alg | \ - $PROG dgst -hex ) 2>/dev/null` - if [ "$TEST" != "$HASH" ]; then - echo "-$alg/$bufsize encrypt test failed" - nerr=`expr $nerr + 1` - fi - done - for bufsize in $BUFSIZE; do - TEST=`( cat $PROG | \ - $PROG enc -e -k "$HASH" -$alg | \ - $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \ - $PROG dgst -hex ) 2>/dev/null` - if [ "$TEST" != "$HASH" ]; then - echo "-$alg/$bufsize decrypt test failed" - nerr=`expr $nerr + 1` - fi - done - TEST=`( cat $PROG | \ - $PROG enc -e -k "$HASH" -$alg -engine aesni | \ - $PROG enc -d -k "$HASH" -$alg -engine aesni | \ - $PROG dgst -hex ) 2>/dev/null` - if [ "$TEST" != "$HASH" ]; then - echo "-$alg en/decrypt test failed" - nerr=`expr $nerr + 1` - fi - done - - if [ $nerr -gt 0 ]; then - echo "AESNI engine test failed." - exit 1; - fi -else - echo "AESNI engine is not available" -fi - -exit 0 diff --git a/src/lib/libssl/test/test_padlock b/src/lib/libssl/test/test_padlock deleted file mode 100755 index 5c0f21043c..0000000000 --- a/src/lib/libssl/test/test_padlock +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/sh - -PROG=$1 - -if [ -x $PROG ]; then - if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then - : - else - echo "$PROG is not OpenSSL executable" - exit 1 - fi -else - echo "$PROG is not executable" - exit 1; -fi - -if $PROG engine padlock | grep -v no-ACE; then - - HASH=`cat $PROG | $PROG dgst -hex` - - ACE_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \ - aes-128-cbc aes-192-cbc aes-256-cbc \ - aes-128-cfb aes-192-cfb aes-256-cfb \ - aes-128-ofb aes-192-ofb aes-256-ofb" - - nerr=0 - - for alg in $ACE_ALGS; do - echo $alg - TEST=`( cat $PROG | \ - $PROG enc -e -k "$HASH" -$alg -bufsize 999 -engine padlock | \ - $PROG enc -d -k "$HASH" -$alg | \ - $PROG dgst -hex ) 2>/dev/null` - if [ "$TEST" != "$HASH" ]; then - echo "-$alg encrypt test failed" - nerr=`expr $nerr + 1` - fi - TEST=`( cat $PROG | \ - $PROG enc -e -k "$HASH" -$alg | \ - $PROG enc -d -k "$HASH" -$alg -bufsize 999 -engine padlock | \ - $PROG dgst -hex ) 2>/dev/null` - if [ "$TEST" != "$HASH" ]; then - echo "-$alg decrypt test failed" - nerr=`expr $nerr + 1` - fi - TEST=`( cat $PROG | \ - $PROG enc -e -k "$HASH" -$alg -engine padlock | \ - $PROG enc -d -k "$HASH" -$alg -engine padlock | \ - $PROG dgst -hex ) 2>/dev/null` - if [ "$TEST" != "$HASH" ]; then - echo "-$alg en/decrypt test failed" - nerr=`expr $nerr + 1` - fi - done - - if [ $nerr -gt 0 ]; then - echo "PadLock ACE test failed." - exit 1; - fi -else - echo "PadLock ACE is not available" -fi - -exit 0 diff --git a/src/lib/libssl/test/testca b/src/lib/libssl/test/testca deleted file mode 100644 index b109cfe271..0000000000 --- a/src/lib/libssl/test/testca +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/sh - -SH="/bin/sh" -if test "$OSTYPE" = msdosdjgpp; then - PATH="../apps\;$PATH" -else - PATH="../apps:$PATH" -fi -export SH PATH - -SSLEAY_CONFIG="-config CAss.cnf" -export SSLEAY_CONFIG - -OPENSSL="`pwd`/../util/opensslwrap.sh" -export OPENSSL - -/bin/rm -fr demoCA -$SH ../apps/CA.sh -newca <$test; - -echo cat -$cmd enc < $test > $test.cipher -$cmd enc < $test.cipher >$test.clear -cmp $test $test.clear -if [ $? != 0 ] -then - exit 1 -else - /bin/rm $test.cipher $test.clear -fi -echo base64 -$cmd enc -a -e < $test > $test.cipher -$cmd enc -a -d < $test.cipher >$test.clear -cmp $test $test.clear -if [ $? != 0 ] -then - exit 1 -else - /bin/rm $test.cipher $test.clear -fi - -for i in `$cmd list-cipher-commands` -do - echo $i - $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher - $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear - cmp $test $test.$i.clear - if [ $? != 0 ] - then - exit 1 - else - /bin/rm $test.$i.cipher $test.$i.clear - fi - - echo $i base64 - $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher - $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear - cmp $test $test.$i.clear - if [ $? != 0 ] - then - exit 1 - else - /bin/rm $test.$i.cipher $test.$i.clear - fi -done -rm -f $test diff --git a/src/lib/libssl/test/testgen b/src/lib/libssl/test/testgen deleted file mode 100644 index 524c0d134c..0000000000 --- a/src/lib/libssl/test/testgen +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh - -T=testcert -KEY=512 -CA=../certs/testca.pem - -/bin/rm -f $T.1 $T.2 $T.key - -if test "$OSTYPE" = msdosdjgpp; then - PATH=../apps\;$PATH; -else - PATH=../apps:$PATH; -fi -export PATH - -echo "generating certificate request" - -echo "string to make the random number generator think it has entropy" >> ./.rnd - -if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then - req_new='-newkey dsa:../apps/dsa512.pem' -else - req_new='-new' - echo "There should be a 2 sequences of .'s and some +'s." - echo "There should not be more that at most 80 per line" -fi - -echo "This could take some time." - -rm -f testkey.pem testreq.pem - -../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem -if [ $? != 0 ]; then -echo problems creating request -exit 1 -fi - -../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout -if [ $? != 0 ]; then -echo signature on req is wrong -exit 1 -fi - -exit 0 diff --git a/src/lib/libssl/test/testp7.pem b/src/lib/libssl/test/testp7.pem deleted file mode 100644 index e5b7866c31..0000000000 --- a/src/lib/libssl/test/testp7.pem +++ /dev/null @@ -1,46 +0,0 @@ ------BEGIN PKCS7----- -MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE -cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw -DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV -BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw -HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50 -ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln -biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E -aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy -aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M -VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq -UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC -AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR -BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0 -ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0 -IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l -bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t -L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t -OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s -IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04 -ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0 -cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ -QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC -MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu -AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr -cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC -AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT -MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD -QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu -dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp -Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3 -DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES -TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE -AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD -2d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU -47ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT -MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD -QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB -AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl -ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE -BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW -ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3 -MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW -sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9 -XfZsaiiIgotQHjEA ------END PKCS7----- diff --git a/src/lib/libssl/test/testreq2.pem b/src/lib/libssl/test/testreq2.pem deleted file mode 100644 index c3cdcffcbc..0000000000 --- a/src/lib/libssl/test/testreq2.pem +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIHaMIGFAgEAMA4xDDAKBgNVBAMTA2NuNDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC -QQCQsnkyUGDY2R3mYoeTprFJKgWuJ3f1jUjlIuW5+wfAUoeMt35c4vcFZ2mIBpEG -DtzkNQN1kr2O9ldm9zYnYhyhAgMBAAGgEjAQBgorBgEEAYI3AgEOMQIwADANBgkq -hkiG9w0BAQQFAANBAAb2szZgVIxg3vK6kYLjGSBISyuzcXJ6IvuPW6M+yzi1Qgoi -gQhazHTJp91T8ItZEzUJGZSZl2e5iXlnffWB+/U= ------END CERTIFICATE REQUEST----- diff --git a/src/lib/libssl/test/testrsa.pem b/src/lib/libssl/test/testrsa.pem deleted file mode 100644 index aad21067a8..0000000000 --- a/src/lib/libssl/test/testrsa.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I -Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R -rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy -oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S -mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz -rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA -mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM= ------END RSA PRIVATE KEY----- diff --git a/src/lib/libssl/test/testsid.pem b/src/lib/libssl/test/testsid.pem deleted file mode 100644 index 7ffd008f66..0000000000 --- a/src/lib/libssl/test/testsid.pem +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN SSL SESSION PARAMETERS----- -MIIB1gIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV -bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw -ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz -YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG -A1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRk -LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G -CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD -TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI -hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L -CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTvpA0EC3Rlc3Rjb250ZXh0 ------END SSL SESSION PARAMETERS----- diff --git a/src/lib/libssl/test/testss b/src/lib/libssl/test/testss deleted file mode 100644 index 1a426857d3..0000000000 --- a/src/lib/libssl/test/testss +++ /dev/null @@ -1,163 +0,0 @@ -#!/bin/sh - -digest='-sha1' -reqcmd="../util/shlib_wrap.sh ../apps/openssl req" -x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest" -verifycmd="../util/shlib_wrap.sh ../apps/openssl verify" -dummycnf="../apps/openssl.cnf" - -CAkey="keyCA.ss" -CAcert="certCA.ss" -CAreq="reqCA.ss" -CAconf="CAss.cnf" -CAreq2="req2CA.ss" # temp - -Uconf="Uss.cnf" -Ukey="keyU.ss" -Ureq="reqU.ss" -Ucert="certU.ss" - -P1conf="P1ss.cnf" -P1key="keyP1.ss" -P1req="reqP1.ss" -P1cert="certP1.ss" -P1intermediate="tmp_intP1.ss" - -P2conf="P2ss.cnf" -P2key="keyP2.ss" -P2req="reqP2.ss" -P2cert="certP2.ss" -P2intermediate="tmp_intP2.ss" - -echo -echo "make a certificate request using 'req'" - -echo "string to make the random number generator think it has entropy" >> ./.rnd - -if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then - req_new='-newkey dsa:../apps/dsa512.pem' -else - req_new='-new' -fi - -$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss -if [ $? != 0 ]; then - echo "error using 'req' to generate a certificate request" - exit 1 -fi -echo -echo "convert the certificate request into a self signed certificate using 'x509'" -$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss -if [ $? != 0 ]; then - echo "error using 'x509' to self sign a certificate request" - exit 1 -fi - -echo -echo "convert a certificate into a certificate request using 'x509'" -$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss -if [ $? != 0 ]; then - echo "error using 'x509' convert a certificate to a certificate request" - exit 1 -fi - -$reqcmd -config $dummycnf -verify -in $CAreq -noout -if [ $? != 0 ]; then - echo first generated request is invalid - exit 1 -fi - -$reqcmd -config $dummycnf -verify -in $CAreq2 -noout -if [ $? != 0 ]; then - echo second generated request is invalid - exit 1 -fi - -$verifycmd -CAfile $CAcert $CAcert -if [ $? != 0 ]; then - echo first generated cert is invalid - exit 1 -fi - -echo -echo "make a user certificate request using 'req'" -$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss -if [ $? != 0 ]; then - echo "error using 'req' to generate a user certificate request" - exit 1 -fi - -echo -echo "sign user certificate request with the just created CA via 'x509'" -$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss -if [ $? != 0 ]; then - echo "error using 'x509' to sign a user certificate request" - exit 1 -fi - -$verifycmd -CAfile $CAcert $Ucert -echo -echo "Certificate details" -$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert - -echo -echo "make a proxy certificate request using 'req'" -$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss -if [ $? != 0 ]; then - echo "error using 'req' to generate a proxy certificate request" - exit 1 -fi - -echo -echo "sign proxy certificate request with the just created user certificate via 'x509'" -$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss -if [ $? != 0 ]; then - echo "error using 'x509' to sign a proxy certificate request" - exit 1 -fi - -cat $Ucert > $P1intermediate -$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert -echo -echo "Certificate details" -$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert - -echo -echo "make another proxy certificate request using 'req'" -$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss -if [ $? != 0 ]; then - echo "error using 'req' to generate another proxy certificate request" - exit 1 -fi - -echo -echo "sign second proxy certificate request with the first proxy certificate via 'x509'" -$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss -if [ $? != 0 ]; then - echo "error using 'x509' to sign a second proxy certificate request" - exit 1 -fi - -cat $Ucert $P1cert > $P2intermediate -$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert -echo -echo "Certificate details" -$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert - -echo -echo The generated CA certificate is $CAcert -echo The generated CA private key is $CAkey - -echo The generated user certificate is $Ucert -echo The generated user private key is $Ukey - -echo The first generated proxy certificate is $P1cert -echo The first generated proxy private key is $P1key - -echo The second generated proxy certificate is $P2cert -echo The second generated proxy private key is $P2key - -/bin/rm err.ss -#/bin/rm $P1intermediate -#/bin/rm $P2intermediate -exit 0 diff --git a/src/lib/libssl/test/testssl b/src/lib/libssl/test/testssl deleted file mode 100644 index 4e8542b556..0000000000 --- a/src/lib/libssl/test/testssl +++ /dev/null @@ -1,178 +0,0 @@ -#!/bin/sh - -if [ "$1" = "" ]; then - key=../apps/server.pem -else - key="$1" -fi -if [ "$2" = "" ]; then - cert=../apps/server.pem -else - cert="$2" -fi -ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert" - -if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then - dsa_cert=YES -else - dsa_cert=NO -fi - -if [ "$3" = "" ]; then - CA="-CApath ../certs" -else - CA="-CAfile $3" -fi - -if [ "$4" = "" ]; then - extra="" -else - extra="$4" -fi - -############################################################################# - -echo test sslv2 -$ssltest -ssl2 $extra || exit 1 - -echo test sslv2 with server authentication -$ssltest -ssl2 -server_auth $CA $extra || exit 1 - -if [ $dsa_cert = NO ]; then - echo test sslv2 with client authentication - $ssltest -ssl2 -client_auth $CA $extra || exit 1 - - echo test sslv2 with both client and server authentication - $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1 -fi - -echo test sslv3 -$ssltest -ssl3 $extra || exit 1 - -echo test sslv3 with server authentication -$ssltest -ssl3 -server_auth $CA $extra || exit 1 - -echo test sslv3 with client authentication -$ssltest -ssl3 -client_auth $CA $extra || exit 1 - -echo test sslv3 with both client and server authentication -$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 -$ssltest $extra || exit 1 - -echo test sslv2/sslv3 with server authentication -$ssltest -server_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 with client authentication -$ssltest -client_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 with both client and server authentication -$ssltest -server_auth -client_auth $CA $extra || exit 1 - -echo test sslv2 via BIO pair -$ssltest -bio_pair -ssl2 $extra || exit 1 - -echo test sslv2 with server authentication via BIO pair -$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1 - -if [ $dsa_cert = NO ]; then - echo test sslv2 with client authentication via BIO pair - $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1 - - echo test sslv2 with both client and server authentication via BIO pair - $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1 -fi - -echo test sslv3 via BIO pair -$ssltest -bio_pair -ssl3 $extra || exit 1 - -echo test sslv3 with server authentication via BIO pair -$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1 - -echo test sslv3 with client authentication via BIO pair -$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1 - -echo test sslv3 with both client and server authentication via BIO pair -$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 via BIO pair -$ssltest $extra || exit 1 - -if [ $dsa_cert = NO ]; then - echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair' - $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1 -fi - -echo test sslv2/sslv3 with 1024bit DHE via BIO pair -$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1 - -echo test sslv2/sslv3 with server authentication -$ssltest -bio_pair -server_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 with client authentication via BIO pair -$ssltest -bio_pair -client_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 with both client and server authentication via BIO pair -$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify -$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 - -echo "Testing ciphersuites" -for protocol in TLSv1.2 SSLv3; do - echo "Testing ciphersuites for $protocol" - for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do - echo "Testing $cipher" - prot="" - if [ $protocol = "SSLv3" ] ; then - prot="-ssl3" - fi - $ssltest -cipher $cipher $prot - if [ $? -ne 0 ] ; then - echo "Failed $cipher" - exit 1 - fi - done -done - -############################################################################# - -if ../util/shlib_wrap.sh ../apps/openssl no-dh; then - echo skipping anonymous DH tests -else - echo test tls1 with 1024bit anonymous DH, multiple handshakes - $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 -fi - -if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then - echo skipping RSA tests -else - echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes' - ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1 - - if ../util/shlib_wrap.sh ../apps/openssl no-dh; then - echo skipping RSA+DHE tests - else - echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes - ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 - fi -fi - -echo test tls1 with PSK -$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1 - -echo test tls1 with PSK via BIO pair -$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1 - -if ../util/shlib_wrap.sh ../apps/openssl no-srp; then - echo skipping SRP tests -else - echo test tls1 with SRP - $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 - - echo test tls1 with SRP via BIO pair - $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 -fi - -exit 0 diff --git a/src/lib/libssl/test/testsslproxy b/src/lib/libssl/test/testsslproxy deleted file mode 100644 index 58bbda8ab7..0000000000 --- a/src/lib/libssl/test/testsslproxy +++ /dev/null @@ -1,10 +0,0 @@ -#! /bin/sh - -echo 'Testing a lot of proxy conditions.' -echo 'Some of them may turn out being invalid, which is fine.' -for auth in A B C BC; do - for cond in A B C 'A|B&!C'; do - sh ./testssl $1 $2 $3 "-proxy -proxy_auth $auth -proxy_cond $cond" - if [ $? = 3 ]; then exit 1; fi - done -done diff --git a/src/lib/libssl/test/testtsa b/src/lib/libssl/test/testtsa deleted file mode 100644 index bb653b5f73..0000000000 --- a/src/lib/libssl/test/testtsa +++ /dev/null @@ -1,238 +0,0 @@ -#!/bin/sh - -# -# A few very basic tests for the 'ts' time stamping authority command. -# - -SH="/bin/sh" -if test "$OSTYPE" = msdosdjgpp; then - PATH="../apps\;$PATH" -else - PATH="../apps:$PATH" -fi -export SH PATH - -OPENSSL_CONF="../CAtsa.cnf" -export OPENSSL_CONF -# Because that's what ../apps/CA.sh really looks at -SSLEAY_CONFIG="-config $OPENSSL_CONF" -export SSLEAY_CONFIG - -OPENSSL="`pwd`/../util/opensslwrap.sh" -export OPENSSL - -error () { - - echo "TSA test failed!" >&2 - exit 1 -} - -setup_dir () { - - rm -rf tsa 2>/dev/null - mkdir tsa - cd ./tsa -} - -clean_up_dir () { - - cd .. - rm -rf tsa -} - -create_ca () { - - echo "Creating a new CA for the TSA tests..." - TSDNSECT=ts_ca_dn - export TSDNSECT - ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \ - -out tsaca.pem -keyout tsacakey.pem - test $? != 0 && error -} - -create_tsa_cert () { - - INDEX=$1 - export INDEX - EXT=$2 - TSDNSECT=ts_cert_dn - export TSDNSECT - - ../../util/shlib_wrap.sh ../../apps/openssl req -new \ - -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem - test $? != 0 && error -echo Using extension $EXT - ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \ - -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \ - -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \ - -extfile $OPENSSL_CONF -extensions $EXT - test $? != 0 && error -} - -print_request () { - - ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text -} - -create_time_stamp_request1 () { - - ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq - test $? != 0 && error -} - -create_time_stamp_request2 () { - - ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \ - -out req2.tsq - test $? != 0 && error -} - -create_time_stamp_request3 () { - - ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq - test $? != 0 && error -} - -print_response () { - - ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text - test $? != 0 && error -} - -create_time_stamp_response () { - - ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2 - test $? != 0 && error -} - -time_stamp_response_token_test () { - - RESPONSE2=$2.copy.tsr - TOKEN_DER=$2.token.der - ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out - test $? != 0 && error - ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2 - test $? != 0 && error - cmp $RESPONSE2 $2 - test $? != 0 && error - ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out - test $? != 0 && error - ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out - test $? != 0 && error - ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out - test $? != 0 && error -} - -verify_time_stamp_response () { - - ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ - -untrusted tsa_cert1.pem - test $? != 0 && error - ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \ - -untrusted tsa_cert1.pem - test $? != 0 && error -} - -verify_time_stamp_token () { - - # create the token from the response first - ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out - test $? != 0 && error - ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \ - -CAfile tsaca.pem -untrusted tsa_cert1.pem - test $? != 0 && error - ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \ - -CAfile tsaca.pem -untrusted tsa_cert1.pem - test $? != 0 && error -} - -verify_time_stamp_response_fail () { - - ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ - -untrusted tsa_cert1.pem - # Checks if the verification failed, as it should have. - test $? = 0 && error - echo Ok -} - -# main functions - -echo "Setting up TSA test directory..." -setup_dir - -echo "Creating CA for TSA tests..." -create_ca - -echo "Creating tsa_cert1.pem TSA server cert..." -create_tsa_cert 1 tsa_cert - -echo "Creating tsa_cert2.pem non-TSA server cert..." -create_tsa_cert 2 non_tsa_cert - -echo "Creating req1.req time stamp request for file testtsa..." -create_time_stamp_request1 - -echo "Printing req1.req..." -print_request req1.tsq - -echo "Generating valid response for req1.req..." -create_time_stamp_response req1.tsq resp1.tsr tsa_config1 - -echo "Printing response..." -print_response resp1.tsr - -echo "Verifying valid response..." -verify_time_stamp_response req1.tsq resp1.tsr ../testtsa - -echo "Verifying valid token..." -verify_time_stamp_token req1.tsq resp1.tsr ../testtsa - -# The tests below are commented out, because invalid signer certificates -# can no longer be specified in the config file. - -# echo "Generating _invalid_ response for req1.req..." -# create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2 - -# echo "Printing response..." -# print_response resp1_bad.tsr - -# echo "Verifying invalid response, it should fail..." -# verify_time_stamp_response_fail req1.tsq resp1_bad.tsr - -echo "Creating req2.req time stamp request for file testtsa..." -create_time_stamp_request2 - -echo "Printing req2.req..." -print_request req2.tsq - -echo "Generating valid response for req2.req..." -create_time_stamp_response req2.tsq resp2.tsr tsa_config1 - -echo "Checking '-token_in' and '-token_out' options with '-reply'..." -time_stamp_response_token_test req2.tsq resp2.tsr - -echo "Printing response..." -print_response resp2.tsr - -echo "Verifying valid response..." -verify_time_stamp_response req2.tsq resp2.tsr ../testtsa - -echo "Verifying response against wrong request, it should fail..." -verify_time_stamp_response_fail req1.tsq resp2.tsr - -echo "Verifying response against wrong request, it should fail..." -verify_time_stamp_response_fail req2.tsq resp1.tsr - -echo "Creating req3.req time stamp request for file CAtsa.cnf..." -create_time_stamp_request3 - -echo "Printing req3.req..." -print_request req3.tsq - -echo "Verifying response against wrong request, it should fail..." -verify_time_stamp_response_fail req3.tsq resp1.tsr - -echo "Cleaning up..." -clean_up_dir - -exit 0 diff --git a/src/lib/libssl/test/testx509.pem b/src/lib/libssl/test/testx509.pem deleted file mode 100644 index 8a85d14964..0000000000 --- a/src/lib/libssl/test/testx509.pem +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV -BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz -MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM -RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF -AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO -/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE -Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ -zl9HYIMxATFyqSiD9jsx ------END CERTIFICATE----- diff --git a/src/lib/libssl/test/times b/src/lib/libssl/test/times deleted file mode 100644 index 6b66eb342e..0000000000 --- a/src/lib/libssl/test/times +++ /dev/null @@ -1,113 +0,0 @@ - -More number for the questions about SSL overheads.... - -The following numbers were generated on a Pentium pro 200, running Linux. -They give an indication of the SSL protocol and encryption overheads. - -The program that generated them is an unreleased version of ssl/ssltest.c -which is the SSLeay ssl protocol testing program. It is a single process that -talks both sides of the SSL protocol via a non-blocking memory buffer -interface. - -How do I read this? The protocol and cipher are reasonable obvious. -The next number is the number of connections being made. The next is the -number of bytes exchanged between the client and server side of the protocol. -This is the number of bytes that the client sends to the server, and then -the server sends back. Because this is all happening in one process, -the data is being encrypted, decrypted, encrypted and then decrypted again. -It is a round trip of that many bytes. Because the one process performs -both the client and server sides of the protocol and it sends this many bytes -each direction, multiply this number by 4 to generate the number -of bytes encrypted/decrypted/MACed. The first time value is how many seconds -elapsed doing a full SSL handshake, the second is the cost of one -full handshake and the rest being session-id reuse. - -SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s -SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s -SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s -SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA -SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s -SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s -SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s - -SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s -SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s -SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA -SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s -SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s -SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s - -SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s -SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s -SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s -SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA -SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s -SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s -SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s - -SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s -SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s -SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s -SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA -SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s -SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s -SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s - -What does this all mean? Well for a server, with no session-id reuse, with -a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key, -a Pentium pro 200 running Linux can handle the SSLv3 protocol overheads of -about 49 connections a second. Reality will be quite different :-). - -Remember the first number is 1000 full ssl handshakes, the second is -1 full and 999 with session-id reuse. The RSA overheads for each exchange -would be one public and one private operation, but the protocol/MAC/cipher -cost would be quite similar in both the client and server. - -eric (adding numbers to speculation) - ---- Appendix --- -- The time measured is user time but these number a very rough. -- Remember this is the cost of both client and server sides of the protocol. -- The TCP/kernel overhead of connection establishment is normally the - killer in SSL. Often delays in the TCP protocol will make session-id - reuse look slower that new sessions, but this would not be the case on - a loaded server. -- The TCP round trip latencies, while slowing individual connections, - would have minimal impact on throughput. -- Instead of sending one 102400 byte buffer, one 8k buffer is sent until -- the required number of bytes are processed. -- The SSLv3 connections were actually SSLv2 compatible SSLv3 headers. -- A 512bit server key was being used except where noted. -- No server key verification was being performed on the client side of the - protocol. This would slow things down very little. -- The library being used is SSLeay 0.8.x. -- The normal measuring system was commands of the form - time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse - This modified version of ssltest should be in the next public release of - SSLeay. - -The general cipher performance number for this platform are - -SSLeay 0.8.2a 04-Sep-1997 -built on Fri Sep 5 17:37:05 EST 1997 -options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) -C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 131.02k 368.41k 500.57k 549.21k 566.09k -mdc2 535.60k 589.10k 595.88k 595.97k 594.54k -md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k -sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k -sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k -rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k -des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k -des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k -idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k -rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k -blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k - sign verify -rsa 512 bits 0.0100s 0.0011s -rsa 1024 bits 0.0451s 0.0012s -rsa 2048 bits 0.2605s 0.0086s -rsa 4096 bits 1.6883s 0.0302s - diff --git a/src/lib/libssl/test/tpkcs7 b/src/lib/libssl/test/tpkcs7 deleted file mode 100644 index 3e435ffbf9..0000000000 --- a/src/lib/libssl/test/tpkcs7 +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh - -cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' - -if [ "$1"x != "x" ]; then - t=$1 -else - t=testp7.pem -fi - -echo testing pkcs7 conversions -cp $t fff.p - -echo "p -> d" -$cmd -in fff.p -inform p -outform d >f.d -if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in fff.p -inform p -outform p >f.p -if [ $? != 0 ]; then exit 1; fi - -echo "d -> d" -$cmd -in f.d -inform d -outform d >ff.d1 -if [ $? != 0 ]; then exit 1; fi -echo "p -> d" -$cmd -in f.p -inform p -outform d >ff.d3 -if [ $? != 0 ]; then exit 1; fi - -echo "d -> p" -$cmd -in f.d -inform d -outform p >ff.p1 -if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in f.p -inform p -outform p >ff.p3 -if [ $? != 0 ]; then exit 1; fi - -cmp fff.p f.p -if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -cmp f.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -cmp f.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -/bin/rm -f f.* ff.* fff.* -exit 0 diff --git a/src/lib/libssl/test/tpkcs7d b/src/lib/libssl/test/tpkcs7d deleted file mode 100644 index 64fc28e88f..0000000000 --- a/src/lib/libssl/test/tpkcs7d +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/sh - -cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' - -if [ "$1"x != "x" ]; then - t=$1 -else - t=pkcs7-1.pem -fi - -echo "testing pkcs7 conversions (2)" -cp $t fff.p - -echo "p -> d" -$cmd -in fff.p -inform p -outform d >f.d -if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in fff.p -inform p -outform p >f.p -if [ $? != 0 ]; then exit 1; fi - -echo "d -> d" -$cmd -in f.d -inform d -outform d >ff.d1 -if [ $? != 0 ]; then exit 1; fi -echo "p -> d" -$cmd -in f.p -inform p -outform d >ff.d3 -if [ $? != 0 ]; then exit 1; fi - -echo "d -> p" -$cmd -in f.d -inform d -outform p >ff.p1 -if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in f.p -inform p -outform p >ff.p3 -if [ $? != 0 ]; then exit 1; fi - -cmp f.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -cmp f.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -/bin/rm -f f.* ff.* fff.* -exit 0 diff --git a/src/lib/libssl/test/treq b/src/lib/libssl/test/treq deleted file mode 100644 index 77f37dcf3a..0000000000 --- a/src/lib/libssl/test/treq +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/sh - -cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf' - -if [ "$1"x != "x" ]; then - t=$1 -else - t=testreq.pem -fi - -if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then - echo "skipping req conversion test for $t" - exit 0 -fi - -echo testing req conversions -cp $t fff.p - -echo "p -> d" -$cmd -in fff.p -inform p -outform d >f.d -if [ $? != 0 ]; then exit 1; fi -#echo "p -> t" -#$cmd -in fff.p -inform p -outform t >f.t -#if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in fff.p -inform p -outform p >f.p -if [ $? != 0 ]; then exit 1; fi - -echo "d -> d" -$cmd -verify -in f.d -inform d -outform d >ff.d1 -if [ $? != 0 ]; then exit 1; fi -#echo "t -> d" -#$cmd -in f.t -inform t -outform d >ff.d2 -#if [ $? != 0 ]; then exit 1; fi -echo "p -> d" -$cmd -verify -in f.p -inform p -outform d >ff.d3 -if [ $? != 0 ]; then exit 1; fi - -#echo "d -> t" -#$cmd -in f.d -inform d -outform t >ff.t1 -#if [ $? != 0 ]; then exit 1; fi -#echo "t -> t" -#$cmd -in f.t -inform t -outform t >ff.t2 -#if [ $? != 0 ]; then exit 1; fi -#echo "p -> t" -#$cmd -in f.p -inform p -outform t >ff.t3 -#if [ $? != 0 ]; then exit 1; fi - -echo "d -> p" -$cmd -in f.d -inform d -outform p >ff.p1 -if [ $? != 0 ]; then exit 1; fi -#echo "t -> p" -#$cmd -in f.t -inform t -outform p >ff.p2 -#if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in f.p -inform p -outform p >ff.p3 -if [ $? != 0 ]; then exit 1; fi - -cmp fff.p f.p -if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -#cmp fff.p ff.p2 -#if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -#cmp f.t ff.t1 -#if [ $? != 0 ]; then exit 1; fi -#cmp f.t ff.t2 -#if [ $? != 0 ]; then exit 1; fi -#cmp f.t ff.t3 -#if [ $? != 0 ]; then exit 1; fi - -cmp f.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -#cmp f.p ff.p2 -#if [ $? != 0 ]; then exit 1; fi -cmp f.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -/bin/rm -f f.* ff.* fff.* -exit 0 diff --git a/src/lib/libssl/test/trsa b/src/lib/libssl/test/trsa deleted file mode 100644 index 249ac1ddcc..0000000000 --- a/src/lib/libssl/test/trsa +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/sh - -if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then - echo skipping rsa conversion test - exit 0 -fi - -cmd='../util/shlib_wrap.sh ../apps/openssl rsa' - -if [ "$1"x != "x" ]; then - t=$1 -else - t=testrsa.pem -fi - -echo testing rsa conversions -cp $t fff.p - -echo "p -> d" -$cmd -in fff.p -inform p -outform d >f.d -if [ $? != 0 ]; then exit 1; fi -#echo "p -> t" -#$cmd -in fff.p -inform p -outform t >f.t -#if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in fff.p -inform p -outform p >f.p -if [ $? != 0 ]; then exit 1; fi - -echo "d -> d" -$cmd -in f.d -inform d -outform d >ff.d1 -if [ $? != 0 ]; then exit 1; fi -#echo "t -> d" -#$cmd -in f.t -inform t -outform d >ff.d2 -#if [ $? != 0 ]; then exit 1; fi -echo "p -> d" -$cmd -in f.p -inform p -outform d >ff.d3 -if [ $? != 0 ]; then exit 1; fi - -#echo "d -> t" -#$cmd -in f.d -inform d -outform t >ff.t1 -#if [ $? != 0 ]; then exit 1; fi -#echo "t -> t" -#$cmd -in f.t -inform t -outform t >ff.t2 -#if [ $? != 0 ]; then exit 1; fi -#echo "p -> t" -#$cmd -in f.p -inform p -outform t >ff.t3 -#if [ $? != 0 ]; then exit 1; fi - -echo "d -> p" -$cmd -in f.d -inform d -outform p >ff.p1 -if [ $? != 0 ]; then exit 1; fi -#echo "t -> p" -#$cmd -in f.t -inform t -outform p >ff.p2 -#if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in f.p -inform p -outform p >ff.p3 -if [ $? != 0 ]; then exit 1; fi - -cmp fff.p f.p -if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -#cmp fff.p ff.p2 -#if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -#cmp f.t ff.t1 -#if [ $? != 0 ]; then exit 1; fi -#cmp f.t ff.t2 -#if [ $? != 0 ]; then exit 1; fi -#cmp f.t ff.t3 -#if [ $? != 0 ]; then exit 1; fi - -cmp f.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -#cmp f.p ff.p2 -#if [ $? != 0 ]; then exit 1; fi -cmp f.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -/bin/rm -f f.* ff.* fff.* -exit 0 diff --git a/src/lib/libssl/test/tsid b/src/lib/libssl/test/tsid deleted file mode 100644 index 6adbd531ce..0000000000 --- a/src/lib/libssl/test/tsid +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/sh - -cmd='../util/shlib_wrap.sh ../apps/openssl sess_id' - -if [ "$1"x != "x" ]; then - t=$1 -else - t=testsid.pem -fi - -echo testing session-id conversions -cp $t fff.p - -echo "p -> d" -$cmd -in fff.p -inform p -outform d >f.d -if [ $? != 0 ]; then exit 1; fi -#echo "p -> t" -#$cmd -in fff.p -inform p -outform t >f.t -#if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in fff.p -inform p -outform p >f.p -if [ $? != 0 ]; then exit 1; fi - -echo "d -> d" -$cmd -in f.d -inform d -outform d >ff.d1 -if [ $? != 0 ]; then exit 1; fi -#echo "t -> d" -#$cmd -in f.t -inform t -outform d >ff.d2 -#if [ $? != 0 ]; then exit 1; fi -echo "p -> d" -$cmd -in f.p -inform p -outform d >ff.d3 -if [ $? != 0 ]; then exit 1; fi - -#echo "d -> t" -#$cmd -in f.d -inform d -outform t >ff.t1 -#if [ $? != 0 ]; then exit 1; fi -#echo "t -> t" -#$cmd -in f.t -inform t -outform t >ff.t2 -#if [ $? != 0 ]; then exit 1; fi -#echo "p -> t" -#$cmd -in f.p -inform p -outform t >ff.t3 -#if [ $? != 0 ]; then exit 1; fi - -echo "d -> p" -$cmd -in f.d -inform d -outform p >ff.p1 -if [ $? != 0 ]; then exit 1; fi -#echo "t -> p" -#$cmd -in f.t -inform t -outform p >ff.p2 -#if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in f.p -inform p -outform p >ff.p3 -if [ $? != 0 ]; then exit 1; fi - -cmp fff.p f.p -if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -#cmp fff.p ff.p2 -#if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -#cmp f.t ff.t1 -#if [ $? != 0 ]; then exit 1; fi -#cmp f.t ff.t2 -#if [ $? != 0 ]; then exit 1; fi -#cmp f.t ff.t3 -#if [ $? != 0 ]; then exit 1; fi - -cmp f.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -#cmp f.p ff.p2 -#if [ $? != 0 ]; then exit 1; fi -cmp f.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -/bin/rm -f f.* ff.* fff.* -exit 0 diff --git a/src/lib/libssl/test/tx509 b/src/lib/libssl/test/tx509 deleted file mode 100644 index 4a15b98d17..0000000000 --- a/src/lib/libssl/test/tx509 +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/sh - -cmd='../util/shlib_wrap.sh ../apps/openssl x509' - -if [ "$1"x != "x" ]; then - t=$1 -else - t=testx509.pem -fi - -echo testing X509 conversions -cp $t fff.p - -echo "p -> d" -$cmd -in fff.p -inform p -outform d >f.d -if [ $? != 0 ]; then exit 1; fi -echo "p -> n" -$cmd -in fff.p -inform p -outform n >f.n -if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in fff.p -inform p -outform p >f.p -if [ $? != 0 ]; then exit 1; fi - -echo "d -> d" -$cmd -in f.d -inform d -outform d >ff.d1 -if [ $? != 0 ]; then exit 1; fi -echo "n -> d" -$cmd -in f.n -inform n -outform d >ff.d2 -if [ $? != 0 ]; then exit 1; fi -echo "p -> d" -$cmd -in f.p -inform p -outform d >ff.d3 -if [ $? != 0 ]; then exit 1; fi - -echo "d -> n" -$cmd -in f.d -inform d -outform n >ff.n1 -if [ $? != 0 ]; then exit 1; fi -echo "n -> n" -$cmd -in f.n -inform n -outform n >ff.n2 -if [ $? != 0 ]; then exit 1; fi -echo "p -> n" -$cmd -in f.p -inform p -outform n >ff.n3 -if [ $? != 0 ]; then exit 1; fi - -echo "d -> p" -$cmd -in f.d -inform d -outform p >ff.p1 -if [ $? != 0 ]; then exit 1; fi -echo "n -> p" -$cmd -in f.n -inform n -outform p >ff.p2 -if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in f.p -inform p -outform p >ff.p3 -if [ $? != 0 ]; then exit 1; fi - -cmp fff.p f.p -if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p2 -if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -cmp f.n ff.n1 -if [ $? != 0 ]; then exit 1; fi -cmp f.n ff.n2 -if [ $? != 0 ]; then exit 1; fi -cmp f.n ff.n3 -if [ $? != 0 ]; then exit 1; fi - -cmp f.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -cmp f.p ff.p2 -if [ $? != 0 ]; then exit 1; fi -cmp f.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -/bin/rm -f f.* ff.* fff.* -exit 0 diff --git a/src/lib/libssl/test/v3-cert1.pem b/src/lib/libssl/test/v3-cert1.pem deleted file mode 100644 index 0da253d5c3..0000000000 --- a/src/lib/libssl/test/v3-cert1.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx -NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz -dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw -ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu -ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2 -ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp -miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C -AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK -Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x -DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR -MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB -AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21 -X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3 -WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO ------END CERTIFICATE----- diff --git a/src/lib/libssl/test/v3-cert2.pem b/src/lib/libssl/test/v3-cert2.pem deleted file mode 100644 index de0723ff8d..0000000000 --- a/src/lib/libssl/test/v3-cert2.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD -YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0 -ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu -dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1 -WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV -BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx -FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA -6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT -G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ -YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm -b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc -F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz -lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap -jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU= ------END CERTIFICATE----- diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h deleted file mode 100644 index d018fced5c..0000000000 --- a/src/lib/libssl/tls1.h +++ /dev/null @@ -1,764 +0,0 @@ -/* $OpenBSD: tls1.h,v 1.60 2024/10/23 01:57:19 jsg Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * ECC cipher suite support in OpenSSL originally written by - * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. - * - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#ifndef HEADER_TLS1_H -#define HEADER_TLS1_H - -#include - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define OPENSSL_TLS_SECURITY_LEVEL 1 - -#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 - -#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) -#define TLS1_3_VERSION 0x0304 -#endif - -#define TLS1_2_VERSION 0x0303 -#define TLS1_2_VERSION_MAJOR 0x03 -#define TLS1_2_VERSION_MINOR 0x03 - -#define TLS1_1_VERSION 0x0302 -#define TLS1_1_VERSION_MAJOR 0x03 -#define TLS1_1_VERSION_MINOR 0x02 - -#define TLS1_VERSION 0x0301 -#define TLS1_VERSION_MAJOR 0x03 -#define TLS1_VERSION_MINOR 0x01 - -#ifndef LIBRESSL_INTERNAL -#define TLS1_AD_DECRYPTION_FAILED 21 -#define TLS1_AD_RECORD_OVERFLOW 22 -#define TLS1_AD_UNKNOWN_CA 48 /* fatal */ -#define TLS1_AD_ACCESS_DENIED 49 /* fatal */ -#define TLS1_AD_DECODE_ERROR 50 /* fatal */ -#define TLS1_AD_DECRYPT_ERROR 51 -#define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */ -#define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ -#define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ -#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ -/* Code 86 from RFC 7507. */ -#define TLS1_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */ -#define TLS1_AD_USER_CANCELLED 90 -#define TLS1_AD_NO_RENEGOTIATION 100 -/* Codes 110-114 from RFC 3546. */ -#define TLS1_AD_UNSUPPORTED_EXTENSION 110 -#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 -#define TLS1_AD_UNRECOGNIZED_NAME 112 -#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 -#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 -/* Code 115 from RFC 4279. */ -#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ -#endif - -/* - * TLS ExtensionType values. - * - * https://www.iana.org/assignments/tls-extensiontype-values/ - */ - -/* ExtensionType values from RFC 3546, RFC 4366 and RFC 6066. */ -#define TLSEXT_TYPE_server_name 0 -#define TLSEXT_TYPE_max_fragment_length 1 -#define TLSEXT_TYPE_client_certificate_url 2 -#define TLSEXT_TYPE_trusted_ca_keys 3 -#define TLSEXT_TYPE_truncated_hmac 4 -#define TLSEXT_TYPE_status_request 5 - -/* ExtensionType values from RFC 4681. */ -#define TLSEXT_TYPE_user_mapping 6 - -/* ExtensionType values from RFC 5878. */ -#define TLSEXT_TYPE_client_authz 7 -#define TLSEXT_TYPE_server_authz 8 - -/* ExtensionType values from RFC 6091. */ -#define TLSEXT_TYPE_cert_type 9 - -/* ExtensionType values from RFC 7919. */ -#define TLSEXT_TYPE_supported_groups 10 - -/* ExtensionType values from RFC 4492. */ -#ifndef LIBRESSL_INTERNAL -#define TLSEXT_TYPE_elliptic_curves TLSEXT_TYPE_supported_groups -#endif -#define TLSEXT_TYPE_ec_point_formats 11 - -/* ExtensionType value from RFC 5054. */ -#define TLSEXT_TYPE_srp 12 - -/* ExtensionType value from RFC 5246/RFC 8446. */ -#define TLSEXT_TYPE_signature_algorithms 13 - -/* ExtensionType value from RFC 5764. */ -#define TLSEXT_TYPE_use_srtp 14 - -/* ExtensionType value from RFC 5620. */ -#define TLSEXT_TYPE_heartbeat 15 - -/* ExtensionType value from RFC 7301. */ -#define TLSEXT_TYPE_application_layer_protocol_negotiation 16 - -/* ExtensionType value from RFC 7685. */ -#define TLSEXT_TYPE_padding 21 - -/* ExtensionType value from RFC 4507. */ -#define TLSEXT_TYPE_session_ticket 35 - -/* ExtensionType values from RFC 8446 section 4.2 */ -#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) -#define TLSEXT_TYPE_pre_shared_key 41 -#define TLSEXT_TYPE_early_data 42 -#define TLSEXT_TYPE_supported_versions 43 -#define TLSEXT_TYPE_cookie 44 -#define TLSEXT_TYPE_psk_key_exchange_modes 45 -#define TLSEXT_TYPE_certificate_authorities 47 -#define TLSEXT_TYPE_oid_filters 48 -#define TLSEXT_TYPE_post_handshake_auth 49 -#define TLSEXT_TYPE_signature_algorithms_cert 50 -#define TLSEXT_TYPE_key_share 51 -#endif - -/* ExtensionType value from RFC 9001 section 8.2 */ -#if defined(LIBRESSL_HAS_QUIC) || defined(LIBRESSL_INTERNAL) -#define TLSEXT_TYPE_quic_transport_parameters 57 -#endif - -/* - * TLS 1.3 extension names from OpenSSL, where they decided to use a different - * name from that given in RFC 8446. - */ -#if defined(LIBRESSL_HAS_TLS1_3) -#define TLSEXT_TYPE_psk TLSEXT_TYPE_pre_shared_key -#define TLSEXT_TYPE_psk_kex_modes TLSEXT_TYPE_psk_key_exchange_modes -#endif - -/* Temporary extension type */ -#define TLSEXT_TYPE_renegotiate 0xff01 - -/* NameType value from RFC 3546. */ -#define TLSEXT_NAMETYPE_host_name 0 -/* status request value from RFC 3546 */ -#define TLSEXT_STATUSTYPE_ocsp 1 - -/* ECPointFormat values from RFC 4492. */ -#define TLSEXT_ECPOINTFORMAT_first 0 -#define TLSEXT_ECPOINTFORMAT_uncompressed 0 -#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 -#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 -#define TLSEXT_ECPOINTFORMAT_last 2 - -#define TLSEXT_MAXLEN_host_name 255 - -const char *SSL_get_servername(const SSL *s, const int type); -int SSL_get_servername_type(const SSL *s); -/* SSL_export_keying_material exports a value derived from the master secret, - * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and - * optional context. (Since a zero length context is allowed, the |use_context| - * flag controls whether a context is included.) - * - * It returns 1 on success and zero otherwise. - */ -int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, const unsigned char *p, size_t plen, - int use_context); - -int SSL_get_signature_type_nid(const SSL *ssl, int *nid); -int SSL_get_peer_signature_type_nid(const SSL *ssl, int *nid); - -#define SSL_set_tlsext_host_name(s,name) \ -SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) - -#define SSL_set_tlsext_debug_callback(ssl, cb) \ -SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) - -#define SSL_set_tlsext_debug_arg(ssl, arg) \ -SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) - -#define SSL_get_tlsext_status_type(ssl) \ -SSL_ctrl(ssl, SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE, 0, NULL) - -#define SSL_set_tlsext_status_type(ssl, type) \ -SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) - -#define SSL_get_tlsext_status_exts(ssl, arg) \ -SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) - -#define SSL_set_tlsext_status_exts(ssl, arg) \ -SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) - -#define SSL_get_tlsext_status_ids(ssl, arg) \ -SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) - -#define SSL_set_tlsext_status_ids(ssl, arg) \ -SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) - -#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ -SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg) - -#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ -SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg) - -#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ -SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) - -#define SSL_TLSEXT_ERR_OK 0 -#define SSL_TLSEXT_ERR_ALERT_WARNING 1 -#define SSL_TLSEXT_ERR_ALERT_FATAL 2 -#define SSL_TLSEXT_ERR_NOACK 3 - -#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ -SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) - -#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys)) -#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys)) - -#define SSL_CTX_get_tlsext_status_cb(ssl, cb) \ -SSL_CTX_callback_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) -#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ -SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) - -#define SSL_CTX_get_tlsext_status_arg(ssl, arg) \ -SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0,(void *)arg) -#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ -SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0,(void *)arg) - -#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ -SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) - -/* PSK ciphersuites from RFC 4279. */ -#define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A -#define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B -#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C -#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D - -/* Additional TLS ciphersuites from expired Internet Draft - * draft-ietf-tls-56-bit-ciphersuites-01.txt - * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see - * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably - * shouldn't. Note that the first two are actually not in the IDs. */ -#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 /* not in ID */ -#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 /* not in ID */ -#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 -#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 -#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 -#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 -#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 - -/* AES ciphersuites from RFC 3268. */ - -#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F -#define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 -#define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 -#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 -#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 -#define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 - -#define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 -#define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 -#define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 -#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 -#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 -#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A - -/* TLS v1.2 ciphersuites */ -#define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B -#define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C -#define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D -#define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E -#define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F -#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 - -/* Camellia ciphersuites from RFC 4132. */ -#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 -#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 -#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 -#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 -#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 -#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 - -/* TLS v1.2 ciphersuites */ -#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067 -#define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068 -#define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069 -#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A -#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B -#define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C -#define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D - -/* Camellia ciphersuites from RFC 4132. */ -#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 -#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 -#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 -#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 -#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 -#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 - -/* SEED ciphersuites from RFC 4162. */ -#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 -#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 -#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 -#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 -#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A -#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B - -/* TLS v1.2 GCM ciphersuites from RFC 5288. */ -#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C -#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D -#define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E -#define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F -#define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0 -#define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1 -#define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2 -#define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3 -#define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4 -#define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5 -#define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 -#define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 - -/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ -#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA -#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB -#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BC -#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BD -#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BE -#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256 0x030000BF - -#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C0 -#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C1 -#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C2 -#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C3 -#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4 -#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5 - -/* TLS 1.3 cipher suites from RFC 8446 appendix B.4. */ -#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) -#define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301 -#define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302 -#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303 -#define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304 -#define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305 -#endif - -/* ECC ciphersuites from RFC 4492. */ -#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 -#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 -#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 -#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 -#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 - -#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 -#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 -#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 -#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 -#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A - -#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B -#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C -#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D -#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E -#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F - -#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 -#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 -#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 -#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 -#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 - -#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 -#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 -#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 -#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 -#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 - -/* SRP ciphersuites from RFC 5054. */ -#define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A -#define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B -#define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C -#define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D -#define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E -#define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F -#define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020 -#define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 -#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 - -/* ECDH HMAC based ciphersuites from RFC 5289. */ -#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 -#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 -#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 -#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026 -#define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027 -#define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028 -#define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 -#define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A - -/* ECDH GCM based ciphersuites from RFC 5289. */ -#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B -#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C -#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D -#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E -#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F -#define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030 -#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 -#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 - -/* ChaCha20-Poly1305 based ciphersuites. */ -#define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305 0x0300CCA8 -#define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305 0x0300CCA9 -#define TLS1_CK_DHE_RSA_CHACHA20_POLY1305 0x0300CCAA - -#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" -#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" -#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" -#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA" -#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA" -#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" -#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" - -/* AES ciphersuites from RFC 3268. */ -#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" -#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" -#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" -#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" -#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" -#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" - -#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" -#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" -#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" -#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" -#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" -#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" - -/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ -#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" -#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" -#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" -#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" -#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" - -#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" -#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" -#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" -#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" -#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" - -#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" -#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" -#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" -#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" -#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" - -#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" -#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" -#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" -#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" -#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" - -#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" -#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" -#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" -#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" -#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" - -/* PSK ciphersuites from RFC 4279. */ -#define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" -#define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" -#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" -#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" - -/* SRP ciphersuite from RFC 5054. */ -#define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" -#define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" -#define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" -#define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA" -#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA" -#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA" -#define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA" -#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" -#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" - -/* Camellia ciphersuites from RFC 4132. */ -#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" -#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" -#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" -#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" -#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" -#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" - -#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" -#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" -#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" -#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" -#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" -#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" - -/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ -#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256 "CAMELLIA128-SHA256" -#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DH-DSS-CAMELLIA128-SHA256" -#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DH-RSA-CAMELLIA128-SHA256" -#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DHE-DSS-CAMELLIA128-SHA256" -#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DHE-RSA-CAMELLIA128-SHA256" -#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256 "ADH-CAMELLIA128-SHA256" - -#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256 "CAMELLIA256-SHA256" -#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DH-DSS-CAMELLIA256-SHA256" -#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DH-RSA-CAMELLIA256-SHA256" -#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DHE-DSS-CAMELLIA256-SHA256" -#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256" -#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256" - -/* SEED ciphersuites from RFC 4162. */ -#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" -#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" -#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" -#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" -#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" -#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" - -/* TLS v1.2 ciphersuites. */ -#define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" -#define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" -#define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" -#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256" -#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256" -#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256" -#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256" -#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256" -#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256" -#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256" -#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256" -#define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" -#define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" - -/* TLS v1.2 GCM ciphersuites from RFC 5288. */ -#define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" -#define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" -#define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" -#define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384" -#define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256" -#define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384" -#define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256" -#define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384" -#define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256" -#define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384" -#define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" -#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" - -/* ECDH HMAC based ciphersuites from RFC 5289. */ -#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" -#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" -#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256" -#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384" -#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256" -#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384" -#define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" -#define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" - -/* ECDH GCM based ciphersuites from RFC 5289. */ -#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" -#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" -#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" -#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384" -#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256" -#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384" -#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" -#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" - -/* ChaCha20-Poly1305 based ciphersuites. */ -#define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305" -#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" -#define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" - -/* TLS 1.3 cipher suites from RFC 8446 appendix B.4. */ -#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) -#define TLS1_3_TXT_AES_128_GCM_SHA256 "AEAD-AES128-GCM-SHA256" -#define TLS1_3_TXT_AES_256_GCM_SHA384 "AEAD-AES256-GCM-SHA384" -#define TLS1_3_TXT_CHACHA20_POLY1305_SHA256 "AEAD-CHACHA20-POLY1305-SHA256" -#define TLS1_3_TXT_AES_128_CCM_SHA256 "AEAD-AES128-CCM-SHA256" -#define TLS1_3_TXT_AES_128_CCM_8_SHA256 "AEAD-AES128-CCM-8-SHA256" - -#define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" -#define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" -#define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" -#define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256" -#define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" -#endif - -#define TLS1_FINISH_MAC_LENGTH 12 - -#define TLS_MD_MAX_CONST_SIZE 20 -#define TLS_MD_CLIENT_FINISH_CONST "client finished" -#define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 -#define TLS_MD_SERVER_FINISH_CONST "server finished" -#define TLS_MD_SERVER_FINISH_CONST_SIZE 15 -#define TLS_MD_KEY_EXPANSION_CONST "key expansion" -#define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 -#define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" -#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 -#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" -#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 -#define TLS_MD_IV_BLOCK_CONST "IV block" -#define TLS_MD_IV_BLOCK_CONST_SIZE 8 -#define TLS_MD_MASTER_SECRET_CONST "master secret" -#define TLS_MD_MASTER_SECRET_CONST_SIZE 13 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/src/lib/libssl/tls12_internal.h b/src/lib/libssl/tls12_internal.h deleted file mode 100644 index d416b2e3f1..0000000000 --- a/src/lib/libssl/tls12_internal.h +++ /dev/null @@ -1,29 +0,0 @@ -/* $OpenBSD: tls12_internal.h,v 1.1 2022/11/07 11:58:45 jsing Exp $ */ -/* - * Copyright (c) 2022 Joel Sing - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef HEADER_TLS12_INTERNAL_H -#define HEADER_TLS12_INTERNAL_H - -__BEGIN_HIDDEN_DECLS - -int tls12_exporter(SSL *s, const uint8_t *label, size_t label_len, - const uint8_t *context_value, size_t context_value_len, int use_context, - uint8_t *out, size_t out_len); - -__END_HIDDEN_DECLS - -#endif diff --git a/src/lib/libssl/tls12_key_schedule.c b/src/lib/libssl/tls12_key_schedule.c deleted file mode 100644 index 1ac003329e..0000000000 --- a/src/lib/libssl/tls12_key_schedule.c +++ /dev/null @@ -1,291 +0,0 @@ -/* $OpenBSD: tls12_key_schedule.c,v 1.4 2024/02/03 15:58:34 beck Exp $ */ -/* - * Copyright (c) 2021 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#include - -#include "bytestring.h" -#include "ssl_local.h" -#include "tls12_internal.h" - -struct tls12_key_block { - CBS client_write_mac_key; - CBS server_write_mac_key; - CBS client_write_key; - CBS server_write_key; - CBS client_write_iv; - CBS server_write_iv; - - uint8_t *key_block; - size_t key_block_len; -}; - -struct tls12_key_block * -tls12_key_block_new(void) -{ - return calloc(1, sizeof(struct tls12_key_block)); -} - -static void -tls12_key_block_clear(struct tls12_key_block *kb) -{ - CBS_init(&kb->client_write_mac_key, NULL, 0); - CBS_init(&kb->server_write_mac_key, NULL, 0); - CBS_init(&kb->client_write_key, NULL, 0); - CBS_init(&kb->server_write_key, NULL, 0); - CBS_init(&kb->client_write_iv, NULL, 0); - CBS_init(&kb->server_write_iv, NULL, 0); - - freezero(kb->key_block, kb->key_block_len); - kb->key_block = NULL; - kb->key_block_len = 0; -} - -void -tls12_key_block_free(struct tls12_key_block *kb) -{ - if (kb == NULL) - return; - - tls12_key_block_clear(kb); - - freezero(kb, sizeof(struct tls12_key_block)); -} - -void -tls12_key_block_client_write(struct tls12_key_block *kb, CBS *mac_key, - CBS *key, CBS *iv) -{ - CBS_dup(&kb->client_write_mac_key, mac_key); - CBS_dup(&kb->client_write_key, key); - CBS_dup(&kb->client_write_iv, iv); -} - -void -tls12_key_block_server_write(struct tls12_key_block *kb, CBS *mac_key, - CBS *key, CBS *iv) -{ - CBS_dup(&kb->server_write_mac_key, mac_key); - CBS_dup(&kb->server_write_key, key); - CBS_dup(&kb->server_write_iv, iv); -} - -int -tls12_key_block_generate(struct tls12_key_block *kb, SSL *s, - const EVP_AEAD *aead, const EVP_CIPHER *cipher, const EVP_MD *mac_hash) -{ - size_t mac_key_len = 0, key_len = 0, iv_len = 0; - uint8_t *key_block = NULL; - size_t key_block_len = 0; - CBS cbs; - - /* - * Generate a TLSv1.2 key block and partition into individual secrets, - * as per RFC 5246 section 6.3. - */ - - tls12_key_block_clear(kb); - - /* Must have AEAD or cipher/MAC pair. */ - if (aead == NULL && (cipher == NULL || mac_hash == NULL)) - goto err; - - if (aead != NULL) { - key_len = EVP_AEAD_key_length(aead); - - /* AEAD fixed nonce length. */ - if (aead == EVP_aead_aes_128_gcm() || - aead == EVP_aead_aes_256_gcm()) - iv_len = 4; - else if (aead == EVP_aead_chacha20_poly1305()) - iv_len = 12; - else - goto err; - } else if (cipher != NULL && mac_hash != NULL) { - /* - * A negative integer return value will be detected via the - * EVP_MAX_* checks against the size_t variables below. - */ - mac_key_len = EVP_MD_size(mac_hash); - key_len = EVP_CIPHER_key_length(cipher); - iv_len = EVP_CIPHER_iv_length(cipher); - } - - if (mac_key_len > EVP_MAX_MD_SIZE) - goto err; - if (key_len > EVP_MAX_KEY_LENGTH) - goto err; - if (iv_len > EVP_MAX_IV_LENGTH) - goto err; - - key_block_len = 2 * mac_key_len + 2 * key_len + 2 * iv_len; - if ((key_block = calloc(1, key_block_len)) == NULL) - goto err; - - if (!tls1_generate_key_block(s, key_block, key_block_len)) - goto err; - - kb->key_block = key_block; - kb->key_block_len = key_block_len; - key_block = NULL; - key_block_len = 0; - - /* Partition key block into individual secrets. */ - CBS_init(&cbs, kb->key_block, kb->key_block_len); - if (!CBS_get_bytes(&cbs, &kb->client_write_mac_key, mac_key_len)) - goto err; - if (!CBS_get_bytes(&cbs, &kb->server_write_mac_key, mac_key_len)) - goto err; - if (!CBS_get_bytes(&cbs, &kb->client_write_key, key_len)) - goto err; - if (!CBS_get_bytes(&cbs, &kb->server_write_key, key_len)) - goto err; - if (!CBS_get_bytes(&cbs, &kb->client_write_iv, iv_len)) - goto err; - if (!CBS_get_bytes(&cbs, &kb->server_write_iv, iv_len)) - goto err; - if (CBS_len(&cbs) != 0) - goto err; - - return 1; - - err: - tls12_key_block_clear(kb); - freezero(key_block, key_block_len); - - return 0; -} - -struct tls12_reserved_label { - const char *label; - size_t label_len; -}; - -/* - * RFC 5705 section 6. - */ -static const struct tls12_reserved_label tls12_reserved_labels[] = { - { - .label = TLS_MD_CLIENT_FINISH_CONST, - .label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE, - }, - { - .label = TLS_MD_SERVER_FINISH_CONST, - .label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, - }, - { - .label = TLS_MD_MASTER_SECRET_CONST, - .label_len = TLS_MD_MASTER_SECRET_CONST_SIZE, - }, - { - .label = TLS_MD_KEY_EXPANSION_CONST, - .label_len = TLS_MD_KEY_EXPANSION_CONST_SIZE, - }, - { - .label = NULL, - .label_len = 0, - }, -}; - -int -tls12_exporter(SSL *s, const uint8_t *label, size_t label_len, - const uint8_t *context_value, size_t context_value_len, int use_context, - uint8_t *out, size_t out_len) -{ - uint8_t *data = NULL; - size_t data_len = 0; - CBB cbb, context; - CBS seed; - size_t i; - int ret = 0; - - /* - * RFC 5705 - Key Material Exporters for TLS. - */ - - memset(&cbb, 0, sizeof(cbb)); - - if (!SSL_is_init_finished(s)) { - SSLerror(s, SSL_R_BAD_STATE); - goto err; - } - - if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION) - goto err; - - /* - * Due to exceptional design choices, we need to build a concatenation - * of the label and the seed value, before checking for reserved - * labels. This prevents a reserved label from being split across the - * label and the seed (that includes the client random), which are - * concatenated by the PRF. - */ - if (!CBB_init(&cbb, 0)) - goto err; - if (!CBB_add_bytes(&cbb, label, label_len)) - goto err; - if (!CBB_add_bytes(&cbb, s->s3->client_random, SSL3_RANDOM_SIZE)) - goto err; - if (!CBB_add_bytes(&cbb, s->s3->server_random, SSL3_RANDOM_SIZE)) - goto err; - if (use_context) { - if (!CBB_add_u16_length_prefixed(&cbb, &context)) - goto err; - if (context_value_len > 0) { - if (!CBB_add_bytes(&context, context_value, - context_value_len)) - goto err; - } - } - if (!CBB_finish(&cbb, &data, &data_len)) - goto err; - - /* - * Ensure that the block (label + seed) does not start with a reserved - * label - in an ideal world we would ensure that the label has an - * explicitly permitted prefix instead, but of course this also got - * messed up by the standards. - */ - for (i = 0; tls12_reserved_labels[i].label != NULL; i++) { - /* XXX - consider adding/using CBS_has_prefix(). */ - if (tls12_reserved_labels[i].label_len > data_len) - goto err; - if (memcmp(data, tls12_reserved_labels[i].label, - tls12_reserved_labels[i].label_len) == 0) { - SSLerror(s, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL); - goto err; - } - } - - CBS_init(&seed, data, data_len); - if (!CBS_skip(&seed, label_len)) - goto err; - - if (!tls1_PRF(s, s->session->master_key, s->session->master_key_length, - label, label_len, CBS_data(&seed), CBS_len(&seed), NULL, 0, NULL, 0, - NULL, 0, out, out_len)) - goto err; - - ret = 1; - - err: - freezero(data, data_len); - CBB_cleanup(&cbb); - - return ret; -} diff --git a/src/lib/libssl/tls12_lib.c b/src/lib/libssl/tls12_lib.c deleted file mode 100644 index 96b3abcd2a..0000000000 --- a/src/lib/libssl/tls12_lib.c +++ /dev/null @@ -1,118 +0,0 @@ -/* $OpenBSD: tls12_lib.c,v 1.6 2022/11/26 16:08:56 tb Exp $ */ -/* - * Copyright (c) 2021 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "ssl_local.h" - -static int -tls12_finished_verify_data(SSL *s, const char *finished_label, - size_t finished_label_len, uint8_t *verify_data, size_t verify_data_len, - size_t *out_len) -{ - uint8_t transcript_hash[EVP_MAX_MD_SIZE]; - size_t transcript_hash_len; - - *out_len = 0; - - if (s->session->master_key_length == 0) - return 0; - - if (verify_data_len < TLS1_FINISH_MAC_LENGTH) - return 0; - - if (!tls1_transcript_hash_value(s, transcript_hash, - sizeof(transcript_hash), &transcript_hash_len)) - return 0; - - if (!tls1_PRF(s, s->session->master_key, s->session->master_key_length, - finished_label, finished_label_len, transcript_hash, - transcript_hash_len, NULL, 0, NULL, 0, NULL, 0, verify_data, - TLS1_FINISH_MAC_LENGTH)) - return 0; - - *out_len = TLS1_FINISH_MAC_LENGTH; - - return 1; -} - -static int -tls12_client_finished_verify_data(SSL *s, uint8_t *verify_data, - size_t verify_data_len, size_t *out_len) -{ - return tls12_finished_verify_data(s, TLS_MD_CLIENT_FINISH_CONST, - TLS_MD_CLIENT_FINISH_CONST_SIZE, verify_data, verify_data_len, - out_len); -} - -static int -tls12_server_finished_verify_data(SSL *s, uint8_t *verify_data, - size_t verify_data_len, size_t *out_len) -{ - return tls12_finished_verify_data(s, TLS_MD_SERVER_FINISH_CONST, - TLS_MD_SERVER_FINISH_CONST_SIZE, verify_data, verify_data_len, - out_len); -} - -int -tls12_derive_finished(SSL *s) -{ - if (!s->server) { - return tls12_client_finished_verify_data(s, - s->s3->hs.finished, sizeof(s->s3->hs.finished), - &s->s3->hs.finished_len); - } else { - return tls12_server_finished_verify_data(s, - s->s3->hs.finished, sizeof(s->s3->hs.finished), - &s->s3->hs.finished_len); - } -} - -int -tls12_derive_peer_finished(SSL *s) -{ - if (s->server) { - return tls12_client_finished_verify_data(s, - s->s3->hs.peer_finished, sizeof(s->s3->hs.peer_finished), - &s->s3->hs.peer_finished_len); - } else { - return tls12_server_finished_verify_data(s, - s->s3->hs.peer_finished, sizeof(s->s3->hs.peer_finished), - &s->s3->hs.peer_finished_len); - } -} - -int -tls12_derive_master_secret(SSL *s, uint8_t *premaster_secret, - size_t premaster_secret_len) -{ - s->session->master_key_length = 0; - - if (premaster_secret_len == 0) - return 0; - - CTASSERT(sizeof(s->session->master_key) == SSL_MAX_MASTER_KEY_LENGTH); - - if (!tls1_PRF(s, premaster_secret, premaster_secret_len, - TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE, - s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0, - s->s3->server_random, SSL3_RANDOM_SIZE, NULL, 0, - s->session->master_key, sizeof(s->session->master_key))) - return 0; - - s->session->master_key_length = SSL_MAX_MASTER_KEY_LENGTH; - - return 1; -} diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c deleted file mode 100644 index 9786d7d0bd..0000000000 --- a/src/lib/libssl/tls12_record_layer.c +++ /dev/null @@ -1,1309 +0,0 @@ -/* $OpenBSD: tls12_record_layer.c,v 1.42 2024/02/03 15:58:34 beck Exp $ */ -/* - * Copyright (c) 2020 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include - -#include - -#include "ssl_local.h" - -#define TLS12_RECORD_SEQ_NUM_LEN 8 -#define TLS12_AEAD_FIXED_NONCE_MAX_LEN 12 - -struct tls12_record_protection { - uint16_t epoch; - uint8_t seq_num[TLS12_RECORD_SEQ_NUM_LEN]; - - EVP_AEAD_CTX *aead_ctx; - - uint8_t *aead_nonce; - size_t aead_nonce_len; - - uint8_t *aead_fixed_nonce; - size_t aead_fixed_nonce_len; - - size_t aead_variable_nonce_len; - size_t aead_tag_len; - - int aead_xor_nonces; - int aead_variable_nonce_in_record; - - EVP_CIPHER_CTX *cipher_ctx; - EVP_MD_CTX *hash_ctx; - - int stream_mac; - - uint8_t *mac_key; - size_t mac_key_len; -}; - -static struct tls12_record_protection * -tls12_record_protection_new(void) -{ - return calloc(1, sizeof(struct tls12_record_protection)); -} - -static void -tls12_record_protection_clear(struct tls12_record_protection *rp) -{ - EVP_AEAD_CTX_free(rp->aead_ctx); - - freezero(rp->aead_nonce, rp->aead_nonce_len); - freezero(rp->aead_fixed_nonce, rp->aead_fixed_nonce_len); - - EVP_CIPHER_CTX_free(rp->cipher_ctx); - EVP_MD_CTX_free(rp->hash_ctx); - - freezero(rp->mac_key, rp->mac_key_len); - - memset(rp, 0, sizeof(*rp)); -} - -static void -tls12_record_protection_free(struct tls12_record_protection *rp) -{ - if (rp == NULL) - return; - - tls12_record_protection_clear(rp); - - freezero(rp, sizeof(struct tls12_record_protection)); -} - -static int -tls12_record_protection_engaged(struct tls12_record_protection *rp) -{ - return rp->aead_ctx != NULL || rp->cipher_ctx != NULL; -} - -static int -tls12_record_protection_unused(struct tls12_record_protection *rp) -{ - return rp->aead_ctx == NULL && rp->cipher_ctx == NULL && - rp->hash_ctx == NULL && rp->mac_key == NULL; -} - -static int -tls12_record_protection_eiv_len(struct tls12_record_protection *rp, - size_t *out_eiv_len) -{ - int eiv_len; - - *out_eiv_len = 0; - - if (rp->cipher_ctx == NULL) - return 0; - - eiv_len = 0; - if (EVP_CIPHER_CTX_mode(rp->cipher_ctx) == EVP_CIPH_CBC_MODE) - eiv_len = EVP_CIPHER_CTX_iv_length(rp->cipher_ctx); - if (eiv_len < 0 || eiv_len > EVP_MAX_IV_LENGTH) - return 0; - - *out_eiv_len = eiv_len; - - return 1; -} - -static int -tls12_record_protection_block_size(struct tls12_record_protection *rp, - size_t *out_block_size) -{ - int block_size; - - *out_block_size = 0; - - if (rp->cipher_ctx == NULL) - return 0; - - block_size = EVP_CIPHER_CTX_block_size(rp->cipher_ctx); - if (block_size < 0 || block_size > EVP_MAX_BLOCK_LENGTH) - return 0; - - *out_block_size = block_size; - - return 1; -} - -static int -tls12_record_protection_mac_len(struct tls12_record_protection *rp, - size_t *out_mac_len) -{ - int mac_len; - - *out_mac_len = 0; - - if (rp->hash_ctx == NULL) - return 0; - - mac_len = EVP_MD_CTX_size(rp->hash_ctx); - if (mac_len <= 0 || mac_len > EVP_MAX_MD_SIZE) - return 0; - - *out_mac_len = mac_len; - - return 1; -} - -struct tls12_record_layer { - uint16_t version; - uint16_t initial_epoch; - int dtls; - - uint8_t alert_desc; - - const EVP_AEAD *aead; - const EVP_CIPHER *cipher; - const EVP_MD *handshake_hash; - const EVP_MD *mac_hash; - - /* Pointers to active record protection (memory is not owned). */ - struct tls12_record_protection *read; - struct tls12_record_protection *write; - - struct tls12_record_protection *read_current; - struct tls12_record_protection *write_current; - struct tls12_record_protection *write_previous; -}; - -struct tls12_record_layer * -tls12_record_layer_new(void) -{ - struct tls12_record_layer *rl; - - if ((rl = calloc(1, sizeof(struct tls12_record_layer))) == NULL) - goto err; - if ((rl->read_current = tls12_record_protection_new()) == NULL) - goto err; - if ((rl->write_current = tls12_record_protection_new()) == NULL) - goto err; - - rl->read = rl->read_current; - rl->write = rl->write_current; - - return rl; - - err: - tls12_record_layer_free(rl); - - return NULL; -} - -void -tls12_record_layer_free(struct tls12_record_layer *rl) -{ - if (rl == NULL) - return; - - tls12_record_protection_free(rl->read_current); - tls12_record_protection_free(rl->write_current); - tls12_record_protection_free(rl->write_previous); - - freezero(rl, sizeof(struct tls12_record_layer)); -} - -void -tls12_record_layer_alert(struct tls12_record_layer *rl, uint8_t *alert_desc) -{ - *alert_desc = rl->alert_desc; -} - -int -tls12_record_layer_write_overhead(struct tls12_record_layer *rl, - size_t *overhead) -{ - size_t block_size, eiv_len, mac_len; - - *overhead = 0; - - if (rl->write->aead_ctx != NULL) { - *overhead = rl->write->aead_tag_len; - } else if (rl->write->cipher_ctx != NULL) { - eiv_len = 0; - if (rl->version != TLS1_VERSION) { - if (!tls12_record_protection_eiv_len(rl->write, &eiv_len)) - return 0; - } - if (!tls12_record_protection_block_size(rl->write, &block_size)) - return 0; - if (!tls12_record_protection_mac_len(rl->write, &mac_len)) - return 0; - - *overhead = eiv_len + block_size + mac_len; - } - - return 1; -} - -int -tls12_record_layer_read_protected(struct tls12_record_layer *rl) -{ - return tls12_record_protection_engaged(rl->read); -} - -int -tls12_record_layer_write_protected(struct tls12_record_layer *rl) -{ - return tls12_record_protection_engaged(rl->write); -} - -void -tls12_record_layer_set_aead(struct tls12_record_layer *rl, const EVP_AEAD *aead) -{ - rl->aead = aead; -} - -void -tls12_record_layer_set_cipher_hash(struct tls12_record_layer *rl, - const EVP_CIPHER *cipher, const EVP_MD *handshake_hash, - const EVP_MD *mac_hash) -{ - rl->cipher = cipher; - rl->handshake_hash = handshake_hash; - rl->mac_hash = mac_hash; -} - -void -tls12_record_layer_set_version(struct tls12_record_layer *rl, uint16_t version) -{ - rl->version = version; - rl->dtls = ((version >> 8) == DTLS1_VERSION_MAJOR); -} - -void -tls12_record_layer_set_initial_epoch(struct tls12_record_layer *rl, - uint16_t epoch) -{ - rl->initial_epoch = epoch; -} - -uint16_t -tls12_record_layer_read_epoch(struct tls12_record_layer *rl) -{ - return rl->read->epoch; -} - -uint16_t -tls12_record_layer_write_epoch(struct tls12_record_layer *rl) -{ - return rl->write->epoch; -} - -int -tls12_record_layer_use_write_epoch(struct tls12_record_layer *rl, uint16_t epoch) -{ - if (rl->write->epoch == epoch) - return 1; - - if (rl->write_current->epoch == epoch) { - rl->write = rl->write_current; - return 1; - } - - if (rl->write_previous != NULL && rl->write_previous->epoch == epoch) { - rl->write = rl->write_previous; - return 1; - } - - return 0; -} - -void -tls12_record_layer_write_epoch_done(struct tls12_record_layer *rl, uint16_t epoch) -{ - if (rl->write_previous == NULL || rl->write_previous->epoch != epoch) - return; - - rl->write = rl->write_current; - - tls12_record_protection_free(rl->write_previous); - rl->write_previous = NULL; -} - -void -tls12_record_layer_clear_read_state(struct tls12_record_layer *rl) -{ - tls12_record_protection_clear(rl->read); - rl->read->epoch = rl->initial_epoch; -} - -void -tls12_record_layer_clear_write_state(struct tls12_record_layer *rl) -{ - tls12_record_protection_clear(rl->write); - rl->write->epoch = rl->initial_epoch; - - tls12_record_protection_free(rl->write_previous); - rl->write_previous = NULL; -} - -void -tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl) -{ - memcpy(rl->write->seq_num, rl->read->seq_num, - sizeof(rl->write->seq_num)); -} - -static const uint8_t tls12_max_seq_num[TLS12_RECORD_SEQ_NUM_LEN] = { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -}; - -int -tls12_record_layer_inc_seq_num(struct tls12_record_layer *rl, uint8_t *seq_num) -{ - CBS max_seq_num; - int i; - - /* - * RFC 5246 section 6.1 and RFC 6347 section 4.1 - both TLS and DTLS - * sequence numbers must not wrap. Note that for DTLS the first two - * bytes are used as an "epoch" and not part of the sequence number. - */ - CBS_init(&max_seq_num, seq_num, TLS12_RECORD_SEQ_NUM_LEN); - if (rl->dtls) { - if (!CBS_skip(&max_seq_num, 2)) - return 0; - } - if (CBS_mem_equal(&max_seq_num, tls12_max_seq_num, - CBS_len(&max_seq_num))) - return 0; - - for (i = TLS12_RECORD_SEQ_NUM_LEN - 1; i >= 0; i--) { - if (++seq_num[i] != 0) - break; - } - - return 1; -} - -static int -tls12_record_layer_set_mac_key(struct tls12_record_protection *rp, - const uint8_t *mac_key, size_t mac_key_len) -{ - freezero(rp->mac_key, rp->mac_key_len); - rp->mac_key = NULL; - rp->mac_key_len = 0; - - if (mac_key == NULL || mac_key_len == 0) - return 1; - - if ((rp->mac_key = calloc(1, mac_key_len)) == NULL) - return 0; - - memcpy(rp->mac_key, mac_key, mac_key_len); - rp->mac_key_len = mac_key_len; - - return 1; -} - -static int -tls12_record_layer_ccs_aead(struct tls12_record_layer *rl, - struct tls12_record_protection *rp, int is_write, CBS *mac_key, CBS *key, - CBS *iv) -{ - if (!tls12_record_protection_unused(rp)) - return 0; - - if ((rp->aead_ctx = EVP_AEAD_CTX_new()) == NULL) - return 0; - - /* AES GCM cipher suites use variable nonce in record. */ - if (rl->aead == EVP_aead_aes_128_gcm() || - rl->aead == EVP_aead_aes_256_gcm()) - rp->aead_variable_nonce_in_record = 1; - - /* ChaCha20 Poly1305 XORs the fixed and variable nonces. */ - if (rl->aead == EVP_aead_chacha20_poly1305()) - rp->aead_xor_nonces = 1; - - if (!CBS_stow(iv, &rp->aead_fixed_nonce, &rp->aead_fixed_nonce_len)) - return 0; - - rp->aead_nonce = calloc(1, EVP_AEAD_nonce_length(rl->aead)); - if (rp->aead_nonce == NULL) - return 0; - - rp->aead_nonce_len = EVP_AEAD_nonce_length(rl->aead); - rp->aead_tag_len = EVP_AEAD_max_overhead(rl->aead); - rp->aead_variable_nonce_len = TLS12_RECORD_SEQ_NUM_LEN; - - if (rp->aead_xor_nonces) { - /* Fixed nonce length must match, variable must not exceed. */ - if (rp->aead_fixed_nonce_len != rp->aead_nonce_len) - return 0; - if (rp->aead_variable_nonce_len > rp->aead_nonce_len) - return 0; - } else { - /* Concatenated nonce length must equal AEAD nonce length. */ - if (rp->aead_fixed_nonce_len + - rp->aead_variable_nonce_len != rp->aead_nonce_len) - return 0; - } - - if (!EVP_AEAD_CTX_init(rp->aead_ctx, rl->aead, CBS_data(key), - CBS_len(key), EVP_AEAD_DEFAULT_TAG_LENGTH, NULL)) - return 0; - - return 1; -} - -static int -tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl, - struct tls12_record_protection *rp, int is_write, CBS *mac_key, CBS *key, - CBS *iv) -{ - EVP_PKEY *mac_pkey = NULL; - int mac_type; - int ret = 0; - - if (!tls12_record_protection_unused(rp)) - goto err; - - mac_type = EVP_PKEY_HMAC; - rp->stream_mac = 0; - - if (CBS_len(iv) > INT_MAX || CBS_len(key) > INT_MAX) - goto err; - if (EVP_CIPHER_iv_length(rl->cipher) != CBS_len(iv)) - goto err; - if (EVP_CIPHER_key_length(rl->cipher) != CBS_len(key)) - goto err; - if (CBS_len(mac_key) > INT_MAX) - goto err; - if (EVP_MD_size(rl->mac_hash) != CBS_len(mac_key)) - goto err; - if ((rp->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL) - goto err; - if ((rp->hash_ctx = EVP_MD_CTX_new()) == NULL) - goto err; - - if (!tls12_record_layer_set_mac_key(rp, CBS_data(mac_key), - CBS_len(mac_key))) - goto err; - - if ((mac_pkey = EVP_PKEY_new_mac_key(mac_type, NULL, CBS_data(mac_key), - CBS_len(mac_key))) == NULL) - goto err; - - if (!EVP_CipherInit_ex(rp->cipher_ctx, rl->cipher, NULL, CBS_data(key), - CBS_data(iv), is_write)) - goto err; - - if (EVP_DigestSignInit(rp->hash_ctx, NULL, rl->mac_hash, NULL, - mac_pkey) <= 0) - goto err; - - ret = 1; - - err: - EVP_PKEY_free(mac_pkey); - - return ret; -} - -static int -tls12_record_layer_change_cipher_state(struct tls12_record_layer *rl, - struct tls12_record_protection *rp, int is_write, CBS *mac_key, CBS *key, - CBS *iv) -{ - if (rl->aead != NULL) - return tls12_record_layer_ccs_aead(rl, rp, is_write, mac_key, - key, iv); - - return tls12_record_layer_ccs_cipher(rl, rp, is_write, mac_key, - key, iv); -} - -int -tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl, - CBS *mac_key, CBS *key, CBS *iv) -{ - struct tls12_record_protection *read_new = NULL; - int ret = 0; - - if ((read_new = tls12_record_protection_new()) == NULL) - goto err; - - /* Read sequence number gets reset to zero. */ - - /* DTLS epoch is incremented and is permitted to wrap. */ - if (rl->dtls) - read_new->epoch = rl->read_current->epoch + 1; - - if (!tls12_record_layer_change_cipher_state(rl, read_new, 0, - mac_key, key, iv)) - goto err; - - tls12_record_protection_free(rl->read_current); - rl->read = rl->read_current = read_new; - read_new = NULL; - - ret = 1; - - err: - tls12_record_protection_free(read_new); - - return ret; -} - -int -tls12_record_layer_change_write_cipher_state(struct tls12_record_layer *rl, - CBS *mac_key, CBS *key, CBS *iv) -{ - struct tls12_record_protection *write_new; - int ret = 0; - - if ((write_new = tls12_record_protection_new()) == NULL) - goto err; - - /* Write sequence number gets reset to zero. */ - - /* DTLS epoch is incremented and is permitted to wrap. */ - if (rl->dtls) - write_new->epoch = rl->write_current->epoch + 1; - - if (!tls12_record_layer_change_cipher_state(rl, write_new, 1, - mac_key, key, iv)) - goto err; - - if (rl->dtls) { - tls12_record_protection_free(rl->write_previous); - rl->write_previous = rl->write_current; - rl->write_current = NULL; - } - tls12_record_protection_free(rl->write_current); - rl->write = rl->write_current = write_new; - write_new = NULL; - - ret = 1; - - err: - tls12_record_protection_free(write_new); - - return ret; -} - -static int -tls12_record_layer_build_seq_num(struct tls12_record_layer *rl, CBB *cbb, - uint16_t epoch, uint8_t *seq_num, size_t seq_num_len) -{ - CBS seq; - - CBS_init(&seq, seq_num, seq_num_len); - - if (rl->dtls) { - if (!CBB_add_u16(cbb, epoch)) - return 0; - if (!CBS_skip(&seq, 2)) - return 0; - } - - return CBB_add_bytes(cbb, CBS_data(&seq), CBS_len(&seq)); -} - -static int -tls12_record_layer_pseudo_header(struct tls12_record_layer *rl, - uint8_t content_type, uint16_t record_len, CBS *seq_num, uint8_t **out, - size_t *out_len) -{ - CBB cbb; - - *out = NULL; - *out_len = 0; - - /* Build the pseudo-header used for MAC/AEAD. */ - if (!CBB_init(&cbb, 13)) - goto err; - - if (!CBB_add_bytes(&cbb, CBS_data(seq_num), CBS_len(seq_num))) - goto err; - if (!CBB_add_u8(&cbb, content_type)) - goto err; - if (!CBB_add_u16(&cbb, rl->version)) - goto err; - if (!CBB_add_u16(&cbb, record_len)) - goto err; - - if (!CBB_finish(&cbb, out, out_len)) - goto err; - - return 1; - - err: - CBB_cleanup(&cbb); - - return 0; -} - -static int -tls12_record_layer_mac(struct tls12_record_layer *rl, CBB *cbb, - EVP_MD_CTX *hash_ctx, int stream_mac, CBS *seq_num, uint8_t content_type, - const uint8_t *content, size_t content_len, size_t *out_len) -{ - EVP_MD_CTX *mac_ctx = NULL; - uint8_t *header = NULL; - size_t header_len = 0; - size_t mac_len; - uint8_t *mac; - int ret = 0; - - if ((mac_ctx = EVP_MD_CTX_new()) == NULL) - goto err; - if (!EVP_MD_CTX_copy(mac_ctx, hash_ctx)) - goto err; - - if (!tls12_record_layer_pseudo_header(rl, content_type, content_len, - seq_num, &header, &header_len)) - goto err; - - if (EVP_DigestSignUpdate(mac_ctx, header, header_len) <= 0) - goto err; - if (EVP_DigestSignUpdate(mac_ctx, content, content_len) <= 0) - goto err; - if (EVP_DigestSignFinal(mac_ctx, NULL, &mac_len) <= 0) - goto err; - if (!CBB_add_space(cbb, &mac, mac_len)) - goto err; - if (EVP_DigestSignFinal(mac_ctx, mac, &mac_len) <= 0) - goto err; - if (mac_len == 0) - goto err; - - if (stream_mac) { - if (!EVP_MD_CTX_copy(hash_ctx, mac_ctx)) - goto err; - } - - *out_len = mac_len; - ret = 1; - - err: - EVP_MD_CTX_free(mac_ctx); - freezero(header, header_len); - - return ret; -} - -static int -tls12_record_layer_read_mac_cbc(struct tls12_record_layer *rl, CBB *cbb, - uint8_t content_type, CBS *seq_num, const uint8_t *content, - size_t content_len, size_t mac_len, size_t padding_len) -{ - uint8_t *header = NULL; - size_t header_len = 0; - uint8_t *mac = NULL; - size_t out_mac_len = 0; - int ret = 0; - - /* - * Must be constant time to avoid leaking details about CBC padding. - */ - - if (!ssl3_cbc_record_digest_supported(rl->read->hash_ctx)) - goto err; - - if (!tls12_record_layer_pseudo_header(rl, content_type, content_len, - seq_num, &header, &header_len)) - goto err; - - if (!CBB_add_space(cbb, &mac, mac_len)) - goto err; - if (!ssl3_cbc_digest_record(rl->read->hash_ctx, mac, &out_mac_len, header, - content, content_len + mac_len, content_len + mac_len + padding_len, - rl->read->mac_key, rl->read->mac_key_len)) - goto err; - if (mac_len != out_mac_len) - goto err; - - ret = 1; - - err: - freezero(header, header_len); - - return ret; -} - -static int -tls12_record_layer_read_mac(struct tls12_record_layer *rl, CBB *cbb, - uint8_t content_type, CBS *seq_num, const uint8_t *content, - size_t content_len) -{ - EVP_CIPHER_CTX *enc = rl->read->cipher_ctx; - size_t out_len; - - if (EVP_CIPHER_CTX_mode(enc) == EVP_CIPH_CBC_MODE) - return 0; - - return tls12_record_layer_mac(rl, cbb, rl->read->hash_ctx, - rl->read->stream_mac, seq_num, content_type, content, content_len, - &out_len); -} - -static int -tls12_record_layer_write_mac(struct tls12_record_layer *rl, CBB *cbb, - uint8_t content_type, CBS *seq_num, const uint8_t *content, - size_t content_len, size_t *out_len) -{ - return tls12_record_layer_mac(rl, cbb, rl->write->hash_ctx, - rl->write->stream_mac, seq_num, content_type, content, content_len, - out_len); -} - -static int -tls12_record_layer_aead_concat_nonce(struct tls12_record_layer *rl, - struct tls12_record_protection *rp, CBS *seq_num) -{ - CBB cbb; - - if (rp->aead_variable_nonce_len > CBS_len(seq_num)) - return 0; - - /* Fixed nonce and variable nonce (sequence number) are concatenated. */ - if (!CBB_init_fixed(&cbb, rp->aead_nonce, rp->aead_nonce_len)) - goto err; - if (!CBB_add_bytes(&cbb, rp->aead_fixed_nonce, - rp->aead_fixed_nonce_len)) - goto err; - if (!CBB_add_bytes(&cbb, CBS_data(seq_num), - rp->aead_variable_nonce_len)) - goto err; - if (!CBB_finish(&cbb, NULL, NULL)) - goto err; - - return 1; - - err: - CBB_cleanup(&cbb); - - return 0; -} - -static int -tls12_record_layer_aead_xored_nonce(struct tls12_record_layer *rl, - struct tls12_record_protection *rp, CBS *seq_num) -{ - uint8_t *pad; - CBB cbb; - int i; - - if (rp->aead_variable_nonce_len > CBS_len(seq_num)) - return 0; - if (rp->aead_fixed_nonce_len < rp->aead_variable_nonce_len) - return 0; - if (rp->aead_fixed_nonce_len != rp->aead_nonce_len) - return 0; - - /* - * Variable nonce (sequence number) is right padded, before the fixed - * nonce is XOR'd in. - */ - if (!CBB_init_fixed(&cbb, rp->aead_nonce, rp->aead_nonce_len)) - goto err; - if (!CBB_add_space(&cbb, &pad, - rp->aead_fixed_nonce_len - rp->aead_variable_nonce_len)) - goto err; - if (!CBB_add_bytes(&cbb, CBS_data(seq_num), - rp->aead_variable_nonce_len)) - goto err; - if (!CBB_finish(&cbb, NULL, NULL)) - goto err; - - for (i = 0; i < rp->aead_fixed_nonce_len; i++) - rp->aead_nonce[i] ^= rp->aead_fixed_nonce[i]; - - return 1; - - err: - CBB_cleanup(&cbb); - - return 0; -} - -static int -tls12_record_layer_open_record_plaintext(struct tls12_record_layer *rl, - uint8_t content_type, CBS *fragment, struct tls_content *out) -{ - if (tls12_record_protection_engaged(rl->read)) - return 0; - - return tls_content_dup_data(out, content_type, CBS_data(fragment), - CBS_len(fragment)); -} - -static int -tls12_record_layer_open_record_protected_aead(struct tls12_record_layer *rl, - uint8_t content_type, CBS *seq_num, CBS *fragment, struct tls_content *out) -{ - struct tls12_record_protection *rp = rl->read; - uint8_t *header = NULL; - size_t header_len = 0; - uint8_t *content = NULL; - size_t content_len = 0; - size_t out_len = 0; - CBS var_nonce; - int ret = 0; - - if (rp->aead_xor_nonces) { - if (!tls12_record_layer_aead_xored_nonce(rl, rp, seq_num)) - goto err; - } else if (rp->aead_variable_nonce_in_record) { - if (!CBS_get_bytes(fragment, &var_nonce, - rp->aead_variable_nonce_len)) - goto err; - if (!tls12_record_layer_aead_concat_nonce(rl, rp, &var_nonce)) - goto err; - } else { - if (!tls12_record_layer_aead_concat_nonce(rl, rp, seq_num)) - goto err; - } - - /* XXX EVP_AEAD_max_tag_len vs EVP_AEAD_CTX_tag_len. */ - if (CBS_len(fragment) < rp->aead_tag_len) { - rl->alert_desc = SSL_AD_BAD_RECORD_MAC; - goto err; - } - if (CBS_len(fragment) > SSL3_RT_MAX_ENCRYPTED_LENGTH) { - rl->alert_desc = SSL_AD_RECORD_OVERFLOW; - goto err; - } - - content_len = CBS_len(fragment) - rp->aead_tag_len; - if ((content = calloc(1, CBS_len(fragment))) == NULL) { - content_len = 0; - goto err; - } - - if (!tls12_record_layer_pseudo_header(rl, content_type, content_len, - seq_num, &header, &header_len)) - goto err; - - if (!EVP_AEAD_CTX_open(rp->aead_ctx, content, &out_len, content_len, - rp->aead_nonce, rp->aead_nonce_len, CBS_data(fragment), - CBS_len(fragment), header, header_len)) { - rl->alert_desc = SSL_AD_BAD_RECORD_MAC; - goto err; - } - - if (out_len > SSL3_RT_MAX_PLAIN_LENGTH) { - rl->alert_desc = SSL_AD_RECORD_OVERFLOW; - goto err; - } - - if (out_len != content_len) - goto err; - - tls_content_set_data(out, content_type, content, content_len); - content = NULL; - content_len = 0; - - ret = 1; - - err: - freezero(header, header_len); - freezero(content, content_len); - - return ret; -} - -static int -tls12_record_layer_open_record_protected_cipher(struct tls12_record_layer *rl, - uint8_t content_type, CBS *seq_num, CBS *fragment, struct tls_content *out) -{ - EVP_CIPHER_CTX *enc = rl->read->cipher_ctx; - SSL3_RECORD_INTERNAL rrec; - size_t block_size, eiv_len; - uint8_t *mac = NULL; - size_t mac_len = 0; - uint8_t *out_mac = NULL; - size_t out_mac_len = 0; - uint8_t *content = NULL; - size_t content_len = 0; - size_t min_len; - CBB cbb_mac; - int ret = 0; - - memset(&cbb_mac, 0, sizeof(cbb_mac)); - memset(&rrec, 0, sizeof(rrec)); - - if (!tls12_record_protection_block_size(rl->read, &block_size)) - goto err; - - /* Determine explicit IV length. */ - eiv_len = 0; - if (rl->version != TLS1_VERSION) { - if (!tls12_record_protection_eiv_len(rl->read, &eiv_len)) - goto err; - } - - mac_len = 0; - if (rl->read->hash_ctx != NULL) { - if (!tls12_record_protection_mac_len(rl->read, &mac_len)) - goto err; - } - - /* CBC has at least one padding byte. */ - min_len = eiv_len + mac_len; - if (EVP_CIPHER_CTX_mode(enc) == EVP_CIPH_CBC_MODE) - min_len += 1; - - if (CBS_len(fragment) < min_len) { - rl->alert_desc = SSL_AD_BAD_RECORD_MAC; - goto err; - } - if (CBS_len(fragment) > SSL3_RT_MAX_ENCRYPTED_LENGTH) { - rl->alert_desc = SSL_AD_RECORD_OVERFLOW; - goto err; - } - if (CBS_len(fragment) % block_size != 0) { - rl->alert_desc = SSL_AD_BAD_RECORD_MAC; - goto err; - } - - if ((content = calloc(1, CBS_len(fragment))) == NULL) - goto err; - content_len = CBS_len(fragment); - - if (!EVP_Cipher(enc, content, CBS_data(fragment), CBS_len(fragment))) - goto err; - - rrec.data = content; - rrec.input = content; - rrec.length = content_len; - - /* - * We now have to remove padding, extract MAC, calculate MAC - * and compare MAC in constant time. - */ - if (block_size > 1) - ssl3_cbc_remove_padding(&rrec, eiv_len, mac_len); - - if ((mac = calloc(1, mac_len)) == NULL) - goto err; - - if (!CBB_init(&cbb_mac, EVP_MAX_MD_SIZE)) - goto err; - if (EVP_CIPHER_CTX_mode(enc) == EVP_CIPH_CBC_MODE) { - ssl3_cbc_copy_mac(mac, &rrec, mac_len, rrec.length + - rrec.padding_length); - rrec.length -= mac_len; - if (!tls12_record_layer_read_mac_cbc(rl, &cbb_mac, content_type, - seq_num, rrec.input, rrec.length, mac_len, - rrec.padding_length)) - goto err; - } else { - rrec.length -= mac_len; - memcpy(mac, rrec.data + rrec.length, mac_len); - if (!tls12_record_layer_read_mac(rl, &cbb_mac, content_type, - seq_num, rrec.input, rrec.length)) - goto err; - } - if (!CBB_finish(&cbb_mac, &out_mac, &out_mac_len)) - goto err; - if (mac_len != out_mac_len) - goto err; - - if (timingsafe_memcmp(mac, out_mac, mac_len) != 0) { - rl->alert_desc = SSL_AD_BAD_RECORD_MAC; - goto err; - } - - if (rrec.length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_len) { - rl->alert_desc = SSL_AD_BAD_RECORD_MAC; - goto err; - } - if (rrec.length > SSL3_RT_MAX_PLAIN_LENGTH) { - rl->alert_desc = SSL_AD_RECORD_OVERFLOW; - goto err; - } - - tls_content_set_data(out, content_type, content, content_len); - content = NULL; - content_len = 0; - - /* Actual content is after EIV, minus padding and MAC. */ - if (!tls_content_set_bounds(out, eiv_len, rrec.length)) - goto err; - - ret = 1; - - err: - CBB_cleanup(&cbb_mac); - freezero(mac, mac_len); - freezero(out_mac, out_mac_len); - freezero(content, content_len); - - return ret; -} - -int -tls12_record_layer_open_record(struct tls12_record_layer *rl, uint8_t *buf, - size_t buf_len, struct tls_content *out) -{ - CBS cbs, fragment, seq_num; - uint16_t version; - uint8_t content_type; - - CBS_init(&cbs, buf, buf_len); - CBS_init(&seq_num, rl->read->seq_num, sizeof(rl->read->seq_num)); - - if (!CBS_get_u8(&cbs, &content_type)) - return 0; - if (!CBS_get_u16(&cbs, &version)) - return 0; - if (rl->dtls) { - /* - * The DTLS sequence number is split into a 16 bit epoch and - * 48 bit sequence number, however for the purposes of record - * processing it is treated the same as a TLS 64 bit sequence - * number. DTLS also uses explicit read sequence numbers, which - * we need to extract from the DTLS record header. - */ - if (!CBS_get_bytes(&cbs, &seq_num, SSL3_SEQUENCE_SIZE)) - return 0; - if (!CBS_write_bytes(&seq_num, rl->read->seq_num, - sizeof(rl->read->seq_num), NULL)) - return 0; - } - if (!CBS_get_u16_length_prefixed(&cbs, &fragment)) - return 0; - - if (rl->read->aead_ctx != NULL) { - if (!tls12_record_layer_open_record_protected_aead(rl, - content_type, &seq_num, &fragment, out)) - return 0; - } else if (rl->read->cipher_ctx != NULL) { - if (!tls12_record_layer_open_record_protected_cipher(rl, - content_type, &seq_num, &fragment, out)) - return 0; - } else { - if (!tls12_record_layer_open_record_plaintext(rl, - content_type, &fragment, out)) - return 0; - } - - if (!rl->dtls) { - if (!tls12_record_layer_inc_seq_num(rl, rl->read->seq_num)) - return 0; - } - - return 1; -} - -static int -tls12_record_layer_seal_record_plaintext(struct tls12_record_layer *rl, - uint8_t content_type, const uint8_t *content, size_t content_len, CBB *out) -{ - if (tls12_record_protection_engaged(rl->write)) - return 0; - - return CBB_add_bytes(out, content, content_len); -} - -static int -tls12_record_layer_seal_record_protected_aead(struct tls12_record_layer *rl, - uint8_t content_type, CBS *seq_num, const uint8_t *content, - size_t content_len, CBB *out) -{ - struct tls12_record_protection *rp = rl->write; - uint8_t *header = NULL; - size_t header_len = 0; - size_t enc_record_len, out_len; - uint8_t *enc_data; - int ret = 0; - - if (rp->aead_xor_nonces) { - if (!tls12_record_layer_aead_xored_nonce(rl, rp, seq_num)) - goto err; - } else { - if (!tls12_record_layer_aead_concat_nonce(rl, rp, seq_num)) - goto err; - } - - if (rp->aead_variable_nonce_in_record) { - if (rp->aead_variable_nonce_len > CBS_len(seq_num)) - goto err; - if (!CBB_add_bytes(out, CBS_data(seq_num), - rp->aead_variable_nonce_len)) - goto err; - } - - if (!tls12_record_layer_pseudo_header(rl, content_type, content_len, - seq_num, &header, &header_len)) - goto err; - - /* XXX EVP_AEAD_max_tag_len vs EVP_AEAD_CTX_tag_len. */ - enc_record_len = content_len + rp->aead_tag_len; - if (enc_record_len > SSL3_RT_MAX_ENCRYPTED_LENGTH) - goto err; - if (!CBB_add_space(out, &enc_data, enc_record_len)) - goto err; - - if (!EVP_AEAD_CTX_seal(rp->aead_ctx, enc_data, &out_len, enc_record_len, - rp->aead_nonce, rp->aead_nonce_len, content, content_len, header, - header_len)) - goto err; - - if (out_len != enc_record_len) - goto err; - - ret = 1; - - err: - freezero(header, header_len); - - return ret; -} - -static int -tls12_record_layer_seal_record_protected_cipher(struct tls12_record_layer *rl, - uint8_t content_type, CBS *seq_num, const uint8_t *content, - size_t content_len, CBB *out) -{ - EVP_CIPHER_CTX *enc = rl->write->cipher_ctx; - size_t block_size, eiv_len, mac_len, pad_len; - uint8_t *enc_data, *eiv, *pad, pad_val; - uint8_t *plain = NULL; - size_t plain_len = 0; - int ret = 0; - CBB cbb; - - if (!CBB_init(&cbb, SSL3_RT_MAX_PLAIN_LENGTH)) - goto err; - - /* Add explicit IV if necessary. */ - eiv_len = 0; - if (rl->version != TLS1_VERSION) { - if (!tls12_record_protection_eiv_len(rl->write, &eiv_len)) - goto err; - } - if (eiv_len > 0) { - if (!CBB_add_space(&cbb, &eiv, eiv_len)) - goto err; - arc4random_buf(eiv, eiv_len); - } - - if (!CBB_add_bytes(&cbb, content, content_len)) - goto err; - - mac_len = 0; - if (rl->write->hash_ctx != NULL) { - if (!tls12_record_layer_write_mac(rl, &cbb, content_type, - seq_num, content, content_len, &mac_len)) - goto err; - } - - plain_len = eiv_len + content_len + mac_len; - - /* Add padding to block size, if necessary. */ - if (!tls12_record_protection_block_size(rl->write, &block_size)) - goto err; - if (block_size > 1) { - pad_len = block_size - (plain_len % block_size); - pad_val = pad_len - 1; - - if (pad_len > 255) - goto err; - if (!CBB_add_space(&cbb, &pad, pad_len)) - goto err; - memset(pad, pad_val, pad_len); - } - - if (!CBB_finish(&cbb, &plain, &plain_len)) - goto err; - - if (plain_len % block_size != 0) - goto err; - if (plain_len > SSL3_RT_MAX_ENCRYPTED_LENGTH) - goto err; - - if (!CBB_add_space(out, &enc_data, plain_len)) - goto err; - if (!EVP_Cipher(enc, enc_data, plain, plain_len)) - goto err; - - ret = 1; - - err: - CBB_cleanup(&cbb); - freezero(plain, plain_len); - - return ret; -} - -int -tls12_record_layer_seal_record(struct tls12_record_layer *rl, - uint8_t content_type, const uint8_t *content, size_t content_len, CBB *cbb) -{ - uint8_t *seq_num_data = NULL; - size_t seq_num_len = 0; - CBB fragment, seq_num_cbb; - CBS seq_num; - int ret = 0; - - /* - * Construct the effective sequence number - this is used in both - * the DTLS header and for MAC calculations. - */ - if (!CBB_init(&seq_num_cbb, SSL3_SEQUENCE_SIZE)) - goto err; - if (!tls12_record_layer_build_seq_num(rl, &seq_num_cbb, rl->write->epoch, - rl->write->seq_num, sizeof(rl->write->seq_num))) - goto err; - if (!CBB_finish(&seq_num_cbb, &seq_num_data, &seq_num_len)) - goto err; - CBS_init(&seq_num, seq_num_data, seq_num_len); - - if (!CBB_add_u8(cbb, content_type)) - goto err; - if (!CBB_add_u16(cbb, rl->version)) - goto err; - if (rl->dtls) { - if (!CBB_add_bytes(cbb, CBS_data(&seq_num), CBS_len(&seq_num))) - goto err; - } - if (!CBB_add_u16_length_prefixed(cbb, &fragment)) - goto err; - - if (rl->write->aead_ctx != NULL) { - if (!tls12_record_layer_seal_record_protected_aead(rl, - content_type, &seq_num, content, content_len, &fragment)) - goto err; - } else if (rl->write->cipher_ctx != NULL) { - if (!tls12_record_layer_seal_record_protected_cipher(rl, - content_type, &seq_num, content, content_len, &fragment)) - goto err; - } else { - if (!tls12_record_layer_seal_record_plaintext(rl, - content_type, content, content_len, &fragment)) - goto err; - } - - if (!CBB_flush(cbb)) - goto err; - - if (!tls12_record_layer_inc_seq_num(rl, rl->write->seq_num)) - goto err; - - ret = 1; - - err: - CBB_cleanup(&seq_num_cbb); - free(seq_num_data); - - return ret; -} diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c deleted file mode 100644 index 901b38f860..0000000000 --- a/src/lib/libssl/tls13_client.c +++ /dev/null @@ -1,1060 +0,0 @@ -/* $OpenBSD: tls13_client.c,v 1.104 2024/07/22 14:47:15 jsing Exp $ */ -/* - * Copyright (c) 2018, 2019 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#include "bytestring.h" -#include "ssl_local.h" -#include "ssl_sigalgs.h" -#include "ssl_tlsext.h" -#include "tls13_handshake.h" -#include "tls13_internal.h" - -int -tls13_client_init(struct tls13_ctx *ctx) -{ - const uint16_t *groups; - size_t groups_len; - SSL *s = ctx->ssl; - - if (!ssl_supported_tls_version_range(s, &ctx->hs->our_min_tls_version, - &ctx->hs->our_max_tls_version)) { - SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); - return 0; - } - s->version = ctx->hs->our_max_tls_version; - - tls13_record_layer_set_retry_after_phh(ctx->rl, - (s->mode & SSL_MODE_AUTO_RETRY) != 0); - - if (!ssl_get_new_session(s, 0)) /* XXX */ - return 0; - - if (!tls1_transcript_init(s)) - return 0; - - /* Generate a key share using our preferred group. */ - tls1_get_group_list(s, 0, &groups, &groups_len); - if (groups_len < 1) - return 0; - if ((ctx->hs->key_share = tls_key_share_new(groups[0])) == NULL) - return 0; - if (!tls_key_share_generate(ctx->hs->key_share)) - return 0; - - arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); - - /* - * The legacy session identifier should either be set to an - * unpredictable 32-byte value or zero length... a non-zero length - * legacy session identifier triggers compatibility mode (see RFC 8446 - * Appendix D.4). In the pre-TLSv1.3 case a zero length value is used. - */ - if (ctx->middlebox_compat && - ctx->hs->our_max_tls_version >= TLS1_3_VERSION) { - arc4random_buf(ctx->hs->tls13.legacy_session_id, - sizeof(ctx->hs->tls13.legacy_session_id)); - ctx->hs->tls13.legacy_session_id_len = - sizeof(ctx->hs->tls13.legacy_session_id); - } - - return 1; -} - -int -tls13_client_connect(struct tls13_ctx *ctx) -{ - if (ctx->mode != TLS13_HS_CLIENT) - return TLS13_IO_FAILURE; - - return tls13_handshake_perform(ctx); -} - -static int -tls13_client_hello_build(struct tls13_ctx *ctx, CBB *cbb) -{ - CBB cipher_suites, compression_methods, session_id; - uint16_t client_version; - SSL *s = ctx->ssl; - - /* Legacy client version is capped at TLS 1.2. */ - if (!ssl_max_legacy_version(s, &client_version)) - goto err; - - if (!CBB_add_u16(cbb, client_version)) - goto err; - if (!CBB_add_bytes(cbb, s->s3->client_random, SSL3_RANDOM_SIZE)) - goto err; - - if (!CBB_add_u8_length_prefixed(cbb, &session_id)) - goto err; - if (!CBB_add_bytes(&session_id, ctx->hs->tls13.legacy_session_id, - ctx->hs->tls13.legacy_session_id_len)) - goto err; - - if (!CBB_add_u16_length_prefixed(cbb, &cipher_suites)) - goto err; - if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &cipher_suites)) { - SSLerror(s, SSL_R_NO_CIPHERS_AVAILABLE); - goto err; - } - - if (!CBB_add_u8_length_prefixed(cbb, &compression_methods)) - goto err; - if (!CBB_add_u8(&compression_methods, 0)) - goto err; - - if (!tlsext_client_build(s, SSL_TLSEXT_MSG_CH, cbb)) - goto err; - - if (!CBB_flush(cbb)) - goto err; - - return 1; - - err: - return 0; -} - -int -tls13_client_hello_send(struct tls13_ctx *ctx, CBB *cbb) -{ - if (ctx->hs->our_min_tls_version < TLS1_2_VERSION) - tls13_record_layer_set_legacy_version(ctx->rl, TLS1_VERSION); - - /* We may receive a pre-TLSv1.3 alert in response to the client hello. */ - tls13_record_layer_allow_legacy_alerts(ctx->rl, 1); - - if (!tls13_client_hello_build(ctx, cbb)) - return 0; - - return 1; -} - -int -tls13_client_hello_sent(struct tls13_ctx *ctx) -{ - tls1_transcript_freeze(ctx->ssl); - - if (ctx->middlebox_compat) { - tls13_record_layer_allow_ccs(ctx->rl, 1); - ctx->send_dummy_ccs = 1; - } - - return 1; -} - -static int -tls13_server_hello_is_legacy(CBS *cbs) -{ - CBS extensions_block, extensions, extension_data; - uint16_t selected_version = 0; - uint16_t type; - - CBS_dup(cbs, &extensions_block); - - if (!CBS_get_u16_length_prefixed(&extensions_block, &extensions)) - return 1; - - while (CBS_len(&extensions) > 0) { - if (!CBS_get_u16(&extensions, &type)) - return 1; - if (!CBS_get_u16_length_prefixed(&extensions, &extension_data)) - return 1; - - if (type != TLSEXT_TYPE_supported_versions) - continue; - if (!CBS_get_u16(&extension_data, &selected_version)) - return 1; - if (CBS_len(&extension_data) != 0) - return 1; - } - - return (selected_version < TLS1_3_VERSION); -} - -static int -tls13_server_hello_is_retry(CBS *cbs) -{ - CBS server_hello, server_random; - uint16_t legacy_version; - - CBS_dup(cbs, &server_hello); - - if (!CBS_get_u16(&server_hello, &legacy_version)) - return 0; - if (!CBS_get_bytes(&server_hello, &server_random, SSL3_RANDOM_SIZE)) - return 0; - - /* See if this is a HelloRetryRequest. */ - return CBS_mem_equal(&server_random, tls13_hello_retry_request_hash, - sizeof(tls13_hello_retry_request_hash)); -} - -static int -tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) -{ - CBS server_random, session_id; - uint16_t tlsext_msg_type = SSL_TLSEXT_MSG_SH; - uint16_t cipher_suite, legacy_version; - uint8_t compression_method; - const SSL_CIPHER *cipher; - int alert_desc; - SSL *s = ctx->ssl; - - if (!CBS_get_u16(cbs, &legacy_version)) - goto err; - if (!CBS_get_bytes(cbs, &server_random, SSL3_RANDOM_SIZE)) - goto err; - if (!CBS_get_u8_length_prefixed(cbs, &session_id)) - goto err; - if (!CBS_get_u16(cbs, &cipher_suite)) - goto err; - if (!CBS_get_u8(cbs, &compression_method)) - goto err; - - if (tls13_server_hello_is_legacy(cbs)) { - if (ctx->hs->our_max_tls_version >= TLS1_3_VERSION) { - /* - * RFC 8446 section 4.1.3: we must not downgrade if - * the server random value contains the TLS 1.2 or 1.1 - * magical value. - */ - if (!CBS_skip(&server_random, CBS_len(&server_random) - - sizeof(tls13_downgrade_12))) - goto err; - if (CBS_mem_equal(&server_random, tls13_downgrade_12, - sizeof(tls13_downgrade_12)) || - CBS_mem_equal(&server_random, tls13_downgrade_11, - sizeof(tls13_downgrade_11))) { - ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; - goto err; - } - } - - if (!CBS_skip(cbs, CBS_len(cbs))) - goto err; - - ctx->hs->tls13.use_legacy = 1; - return 1; - } - - /* From here on in we know we are doing TLSv1.3. */ - tls13_record_layer_set_legacy_version(ctx->rl, TLS1_2_VERSION); - tls13_record_layer_allow_legacy_alerts(ctx->rl, 0); - - /* See if this is a HelloRetryRequest. */ - /* XXX - see if we can avoid doing this twice. */ - if (CBS_mem_equal(&server_random, tls13_hello_retry_request_hash, - sizeof(tls13_hello_retry_request_hash))) { - tlsext_msg_type = SSL_TLSEXT_MSG_HRR; - ctx->hs->tls13.hrr = 1; - } - - if (!tlsext_client_parse(s, tlsext_msg_type, cbs, &alert_desc)) { - ctx->alert = alert_desc; - goto err; - } - - /* - * The supported versions extension indicated 0x0304 or greater. - * Ensure that it was 0x0304 and that legacy version is set to 0x0303 - * (RFC 8446 section 4.2.1). - */ - if (ctx->hs->tls13.server_version != TLS1_3_VERSION || - legacy_version != TLS1_2_VERSION) { - ctx->alert = TLS13_ALERT_PROTOCOL_VERSION; - goto err; - } - ctx->hs->negotiated_tls_version = ctx->hs->tls13.server_version; - ctx->hs->peer_legacy_version = legacy_version; - - /* The session_id must match. */ - if (!CBS_mem_equal(&session_id, ctx->hs->tls13.legacy_session_id, - ctx->hs->tls13.legacy_session_id_len)) { - ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; - goto err; - } - - /* - * Ensure that the cipher suite is one that we offered in the client - * hello and that it is a TLSv1.3 cipher suite. - */ - cipher = ssl3_get_cipher_by_value(cipher_suite); - if (cipher == NULL || !ssl_cipher_in_list(SSL_get_ciphers(s), cipher)) { - ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; - goto err; - } - if (cipher->algorithm_ssl != SSL_TLSV1_3) { - ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; - goto err; - } - if (!(ctx->handshake_stage.hs_type & WITHOUT_HRR) && !ctx->hs->tls13.hrr) { - /* - * A ServerHello following a HelloRetryRequest MUST use the same - * cipher suite (RFC 8446 section 4.1.4). - */ - if (ctx->hs->cipher != cipher) { - ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; - goto err; - } - } - ctx->hs->cipher = cipher; - - if (compression_method != 0) { - ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; - goto err; - } - - return 1; - - err: - if (ctx->alert == 0) - ctx->alert = TLS13_ALERT_DECODE_ERROR; - - return 0; -} - -static int -tls13_client_engage_record_protection(struct tls13_ctx *ctx) -{ - struct tls13_secrets *secrets; - struct tls13_secret context; - unsigned char buf[EVP_MAX_MD_SIZE]; - uint8_t *shared_key = NULL; - size_t shared_key_len = 0; - size_t hash_len; - SSL *s = ctx->ssl; - int ret = 0; - - /* Derive the shared key and engage record protection. */ - - if (!tls_key_share_derive(ctx->hs->key_share, &shared_key, - &shared_key_len)) - goto err; - - s->session->cipher_value = ctx->hs->cipher->value; - s->session->ssl_version = ctx->hs->tls13.server_version; - - if ((ctx->aead = tls13_cipher_aead(ctx->hs->cipher)) == NULL) - goto err; - if ((ctx->hash = tls13_cipher_hash(ctx->hs->cipher)) == NULL) - goto err; - - if ((secrets = tls13_secrets_create(ctx->hash, 0)) == NULL) - goto err; - ctx->hs->tls13.secrets = secrets; - - /* XXX - pass in hash. */ - if (!tls1_transcript_hash_init(s)) - goto err; - tls1_transcript_free(s); - if (!tls1_transcript_hash_value(s, buf, sizeof(buf), &hash_len)) - goto err; - context.data = buf; - context.len = hash_len; - - /* Early secrets. */ - if (!tls13_derive_early_secrets(secrets, secrets->zeros.data, - secrets->zeros.len, &context)) - goto err; - - /* Handshake secrets. */ - if (!tls13_derive_handshake_secrets(ctx->hs->tls13.secrets, shared_key, - shared_key_len, &context)) - goto err; - - tls13_record_layer_set_aead(ctx->rl, ctx->aead); - tls13_record_layer_set_hash(ctx->rl, ctx->hash); - - if (!tls13_record_layer_set_read_traffic_key(ctx->rl, - &secrets->server_handshake_traffic, ssl_encryption_handshake)) - goto err; - if (!tls13_record_layer_set_write_traffic_key(ctx->rl, - &secrets->client_handshake_traffic, ssl_encryption_handshake)) - goto err; - - ret = 1; - - err: - freezero(shared_key, shared_key_len); - - return ret; -} - -int -tls13_server_hello_retry_request_recv(struct tls13_ctx *ctx, CBS *cbs) -{ - /* - * The state machine has no way of knowing if we're going to receive a - * HelloRetryRequest or a ServerHello. As such, we have to handle - * this case here and hand off to the appropriate function. - */ - if (!tls13_server_hello_is_retry(cbs)) { - ctx->handshake_stage.hs_type |= WITHOUT_HRR; - return tls13_server_hello_recv(ctx, cbs); - } - - if (!tls13_server_hello_process(ctx, cbs)) - return 0; - - /* - * This may have been a TLSv1.2 or earlier ServerHello that just - * happened to have matching server random... - */ - if (ctx->hs->tls13.use_legacy) - return tls13_use_legacy_client(ctx); - - if (!ctx->hs->tls13.hrr) - return 0; - - if (!tls13_synthetic_handshake_message(ctx)) - return 0; - if (!tls13_handshake_msg_record(ctx)) - return 0; - - ctx->hs->tls13.hrr = 0; - - return 1; -} - -int -tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb) -{ - /* - * Ensure that the server supported group is one that we listed in our - * supported groups and is not the same as the key share we previously - * offered. - */ - if (!tls1_check_group(ctx->ssl, ctx->hs->tls13.server_group)) - return 0; /* XXX alert */ - if (ctx->hs->tls13.server_group == tls_key_share_group(ctx->hs->key_share)) - return 0; /* XXX alert */ - - /* Switch to new key share. */ - tls_key_share_free(ctx->hs->key_share); - if ((ctx->hs->key_share = - tls_key_share_new(ctx->hs->tls13.server_group)) == NULL) - return 0; - if (!tls_key_share_generate(ctx->hs->key_share)) - return 0; - - if (!tls13_client_hello_build(ctx, cbb)) - return 0; - - return 1; -} - -int -tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs) -{ - SSL *s = ctx->ssl; - - /* - * We may have received a legacy (pre-TLSv1.3) ServerHello or a TLSv1.3 - * ServerHello. HelloRetryRequests have already been handled. - */ - if (!tls13_server_hello_process(ctx, cbs)) - return 0; - - if (ctx->handshake_stage.hs_type & WITHOUT_HRR) { - tls1_transcript_unfreeze(s); - if (!tls13_handshake_msg_record(ctx)) - return 0; - } - - if (ctx->hs->tls13.use_legacy) { - if (!(ctx->handshake_stage.hs_type & WITHOUT_HRR)) - return 0; - return tls13_use_legacy_client(ctx); - } - - if (ctx->hs->tls13.hrr) { - /* The server has sent two HelloRetryRequests. */ - ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; - return 0; - } - - if (!tls13_client_engage_record_protection(ctx)) - return 0; - - ctx->handshake_stage.hs_type |= NEGOTIATED; - - return 1; -} - -int -tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs) -{ - int alert_desc; - - if (!tlsext_client_parse(ctx->ssl, SSL_TLSEXT_MSG_EE, cbs, &alert_desc)) { - ctx->alert = alert_desc; - return 0; - } - - return 1; -} - -int -tls13_server_certificate_request_recv(struct tls13_ctx *ctx, CBS *cbs) -{ - CBS cert_request_context; - int alert_desc; - - /* - * Thanks to poor state design in the RFC, this function can be called - * when we actually have a certificate message instead of a certificate - * request... in that case we call the certificate handler after - * switching state, to avoid advancing state. - */ - if (tls13_handshake_msg_type(ctx->hs_msg) == TLS13_MT_CERTIFICATE) { - ctx->handshake_stage.hs_type |= WITHOUT_CR; - return tls13_server_certificate_recv(ctx, cbs); - } - - if (!CBS_get_u8_length_prefixed(cbs, &cert_request_context)) - goto err; - if (CBS_len(&cert_request_context) != 0) - goto err; - - if (!tlsext_client_parse(ctx->ssl, SSL_TLSEXT_MSG_CR, cbs, &alert_desc)) { - ctx->alert = alert_desc; - goto err; - } - - return 1; - - err: - if (ctx->alert == 0) - ctx->alert = TLS13_ALERT_DECODE_ERROR; - - return 0; -} - -int -tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs) -{ - CBS cert_request_context, cert_list, cert_data; - struct stack_st_X509 *certs = NULL; - SSL *s = ctx->ssl; - X509 *cert = NULL; - const uint8_t *p; - int alert_desc; - int ret = 0; - - if ((certs = sk_X509_new_null()) == NULL) - goto err; - - if (!CBS_get_u8_length_prefixed(cbs, &cert_request_context)) - goto err; - if (CBS_len(&cert_request_context) != 0) - goto err; - if (!CBS_get_u24_length_prefixed(cbs, &cert_list)) - goto err; - - while (CBS_len(&cert_list) > 0) { - if (!CBS_get_u24_length_prefixed(&cert_list, &cert_data)) - goto err; - - if (!tlsext_client_parse(ctx->ssl, SSL_TLSEXT_MSG_CT, - &cert_list, &alert_desc)) { - ctx->alert = alert_desc; - goto err; - } - - p = CBS_data(&cert_data); - if ((cert = d2i_X509(NULL, &p, CBS_len(&cert_data))) == NULL) - goto err; - if (p != CBS_data(&cert_data) + CBS_len(&cert_data)) - goto err; - - if (!sk_X509_push(certs, cert)) - goto err; - - cert = NULL; - } - - /* A server must always provide a non-empty certificate list. */ - if (sk_X509_num(certs) < 1) { - ctx->alert = TLS13_ALERT_DECODE_ERROR; - tls13_set_errorx(ctx, TLS13_ERR_NO_PEER_CERTIFICATE, 0, - "peer failed to provide a certificate", NULL); - goto err; - } - - /* - * At this stage we still have no proof of possession. As such, it would - * be preferable to keep the chain and verify once we have successfully - * processed the CertificateVerify message. - */ - if (ssl_verify_cert_chain(s, certs) <= 0 && - s->verify_mode != SSL_VERIFY_NONE) { - ctx->alert = ssl_verify_alarm_type(s->verify_result); - tls13_set_errorx(ctx, TLS13_ERR_VERIFY_FAILED, 0, - "failed to verify peer certificate", NULL); - goto err; - } - s->session->verify_result = s->verify_result; - ERR_clear_error(); - - if (!tls_process_peer_certs(s, certs)) - goto err; - - if (ctx->ocsp_status_recv_cb != NULL && - !ctx->ocsp_status_recv_cb(ctx)) - goto err; - - ret = 1; - - err: - sk_X509_pop_free(certs, X509_free); - X509_free(cert); - - return ret; -} - -int -tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs) -{ - const struct ssl_sigalg *sigalg; - uint16_t signature_scheme; - uint8_t *sig_content = NULL; - size_t sig_content_len; - EVP_MD_CTX *mdctx = NULL; - EVP_PKEY_CTX *pctx; - EVP_PKEY *pkey; - X509 *cert; - CBS signature; - CBB cbb; - int ret = 0; - - memset(&cbb, 0, sizeof(cbb)); - - if (!CBS_get_u16(cbs, &signature_scheme)) - goto err; - if (!CBS_get_u16_length_prefixed(cbs, &signature)) - goto err; - - if (!CBB_init(&cbb, 0)) - goto err; - if (!CBB_add_bytes(&cbb, tls13_cert_verify_pad, - sizeof(tls13_cert_verify_pad))) - goto err; - if (!CBB_add_bytes(&cbb, tls13_cert_server_verify_context, - strlen(tls13_cert_server_verify_context))) - goto err; - if (!CBB_add_u8(&cbb, 0)) - goto err; - if (!CBB_add_bytes(&cbb, ctx->hs->tls13.transcript_hash, - ctx->hs->tls13.transcript_hash_len)) - goto err; - if (!CBB_finish(&cbb, &sig_content, &sig_content_len)) - goto err; - - if ((cert = ctx->ssl->session->peer_cert) == NULL) - goto err; - if ((pkey = X509_get0_pubkey(cert)) == NULL) - goto err; - if ((sigalg = ssl_sigalg_for_peer(ctx->ssl, pkey, - signature_scheme)) == NULL) - goto err; - ctx->hs->peer_sigalg = sigalg; - - if (CBS_len(&signature) > EVP_PKEY_size(pkey)) - goto err; - - if ((mdctx = EVP_MD_CTX_new()) == NULL) - goto err; - if (!EVP_DigestVerifyInit(mdctx, &pctx, sigalg->md(), NULL, pkey)) - goto err; - if (sigalg->flags & SIGALG_FLAG_RSA_PSS) { - if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING)) - goto err; - if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) - goto err; - } - if (EVP_DigestVerify(mdctx, CBS_data(&signature), CBS_len(&signature), - sig_content, sig_content_len) <= 0) { - ctx->alert = TLS13_ALERT_DECRYPT_ERROR; - goto err; - } - - ret = 1; - - err: - if (!ret && ctx->alert == 0) - ctx->alert = TLS13_ALERT_DECODE_ERROR; - CBB_cleanup(&cbb); - EVP_MD_CTX_free(mdctx); - free(sig_content); - - return ret; -} - -int -tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs) -{ - struct tls13_secrets *secrets = ctx->hs->tls13.secrets; - struct tls13_secret context = { .data = "", .len = 0 }; - struct tls13_secret finished_key; - uint8_t transcript_hash[EVP_MAX_MD_SIZE]; - size_t transcript_hash_len; - uint8_t *verify_data = NULL; - size_t verify_data_len; - uint8_t key[EVP_MAX_MD_SIZE]; - HMAC_CTX *hmac_ctx = NULL; - unsigned int hlen; - int ret = 0; - - /* - * Verify server finished. - */ - finished_key.data = key; - finished_key.len = EVP_MD_size(ctx->hash); - - if (!tls13_hkdf_expand_label(&finished_key, ctx->hash, - &secrets->server_handshake_traffic, "finished", - &context)) - goto err; - - if ((hmac_ctx = HMAC_CTX_new()) == NULL) - goto err; - if (!HMAC_Init_ex(hmac_ctx, finished_key.data, finished_key.len, - ctx->hash, NULL)) - goto err; - if (!HMAC_Update(hmac_ctx, ctx->hs->tls13.transcript_hash, - ctx->hs->tls13.transcript_hash_len)) - goto err; - verify_data_len = HMAC_size(hmac_ctx); - if ((verify_data = calloc(1, verify_data_len)) == NULL) - goto err; - if (!HMAC_Final(hmac_ctx, verify_data, &hlen)) - goto err; - if (hlen != verify_data_len) - goto err; - - if (!CBS_mem_equal(cbs, verify_data, verify_data_len)) { - ctx->alert = TLS13_ALERT_DECRYPT_ERROR; - goto err; - } - - if (!CBS_write_bytes(cbs, ctx->hs->peer_finished, - sizeof(ctx->hs->peer_finished), - &ctx->hs->peer_finished_len)) - goto err; - - if (!CBS_skip(cbs, verify_data_len)) - goto err; - - /* - * Derive application traffic keys. - */ - if (!tls1_transcript_hash_value(ctx->ssl, transcript_hash, - sizeof(transcript_hash), &transcript_hash_len)) - goto err; - - context.data = transcript_hash; - context.len = transcript_hash_len; - - if (!tls13_derive_application_secrets(secrets, &context)) - goto err; - - /* - * Any records following the server finished message must be encrypted - * using the server application traffic keys. - */ - if (!tls13_record_layer_set_read_traffic_key(ctx->rl, - &secrets->server_application_traffic, ssl_encryption_application)) - goto err; - - tls13_record_layer_allow_ccs(ctx->rl, 0); - - ret = 1; - - err: - HMAC_CTX_free(hmac_ctx); - free(verify_data); - - return ret; -} - -static int -tls13_client_check_certificate(struct tls13_ctx *ctx, SSL_CERT_PKEY *cpk, - int *ok, const struct ssl_sigalg **out_sigalg) -{ - const struct ssl_sigalg *sigalg; - SSL *s = ctx->ssl; - - *ok = 0; - *out_sigalg = NULL; - - if (cpk->x509 == NULL || cpk->privatekey == NULL) - goto done; - - if ((sigalg = ssl_sigalg_select(s, cpk->privatekey)) == NULL) - goto done; - - *ok = 1; - *out_sigalg = sigalg; - - done: - return 1; -} - -static int -tls13_client_select_certificate(struct tls13_ctx *ctx, SSL_CERT_PKEY **out_cpk, - const struct ssl_sigalg **out_sigalg) -{ - SSL *s = ctx->ssl; - const struct ssl_sigalg *sigalg; - SSL_CERT_PKEY *cpk; - int cert_ok; - - *out_cpk = NULL; - *out_sigalg = NULL; - - /* - * XXX - RFC 8446, 4.4.2.3: the server can communicate preferences - * with the certificate_authorities (4.2.4) and oid_filters (4.2.5) - * extensions. We should honor the former and must apply the latter. - */ - - cpk = &s->cert->pkeys[SSL_PKEY_ECC]; - if (!tls13_client_check_certificate(ctx, cpk, &cert_ok, &sigalg)) - return 0; - if (cert_ok) - goto done; - - cpk = &s->cert->pkeys[SSL_PKEY_RSA]; - if (!tls13_client_check_certificate(ctx, cpk, &cert_ok, &sigalg)) - return 0; - if (cert_ok) - goto done; - - cpk = NULL; - sigalg = NULL; - - done: - *out_cpk = cpk; - *out_sigalg = sigalg; - - return 1; -} - -int -tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb) -{ - SSL *s = ctx->ssl; - CBB cert_request_context, cert_list; - const struct ssl_sigalg *sigalg; - STACK_OF(X509) *chain; - SSL_CERT_PKEY *cpk; - X509 *cert; - int i, ret = 0; - - if (!tls13_client_select_certificate(ctx, &cpk, &sigalg)) - goto err; - - ctx->hs->tls13.cpk = cpk; - ctx->hs->our_sigalg = sigalg; - - if (!CBB_add_u8_length_prefixed(cbb, &cert_request_context)) - goto err; - if (!CBB_add_u24_length_prefixed(cbb, &cert_list)) - goto err; - - /* No certificate selected. */ - if (cpk == NULL) - goto done; - - if ((chain = cpk->chain) == NULL) - chain = s->ctx->extra_certs; - - if (!tls13_cert_add(ctx, &cert_list, cpk->x509, tlsext_client_build)) - goto err; - - for (i = 0; i < sk_X509_num(chain); i++) { - cert = sk_X509_value(chain, i); - if (!tls13_cert_add(ctx, &cert_list, cert, tlsext_client_build)) - goto err; - } - - ctx->handshake_stage.hs_type |= WITH_CCV; - done: - if (!CBB_flush(cbb)) - goto err; - - ret = 1; - - err: - return ret; -} - -int -tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) -{ - const struct ssl_sigalg *sigalg; - uint8_t *sig = NULL, *sig_content = NULL; - size_t sig_len, sig_content_len; - EVP_MD_CTX *mdctx = NULL; - EVP_PKEY_CTX *pctx; - EVP_PKEY *pkey; - const SSL_CERT_PKEY *cpk; - CBB sig_cbb; - int ret = 0; - - memset(&sig_cbb, 0, sizeof(sig_cbb)); - - if ((cpk = ctx->hs->tls13.cpk) == NULL) - goto err; - if ((sigalg = ctx->hs->our_sigalg) == NULL) - goto err; - pkey = cpk->privatekey; - - if (!CBB_init(&sig_cbb, 0)) - goto err; - if (!CBB_add_bytes(&sig_cbb, tls13_cert_verify_pad, - sizeof(tls13_cert_verify_pad))) - goto err; - if (!CBB_add_bytes(&sig_cbb, tls13_cert_client_verify_context, - strlen(tls13_cert_client_verify_context))) - goto err; - if (!CBB_add_u8(&sig_cbb, 0)) - goto err; - if (!CBB_add_bytes(&sig_cbb, ctx->hs->tls13.transcript_hash, - ctx->hs->tls13.transcript_hash_len)) - goto err; - if (!CBB_finish(&sig_cbb, &sig_content, &sig_content_len)) - goto err; - - if ((mdctx = EVP_MD_CTX_new()) == NULL) - goto err; - if (!EVP_DigestSignInit(mdctx, &pctx, sigalg->md(), NULL, pkey)) - goto err; - if (sigalg->flags & SIGALG_FLAG_RSA_PSS) { - if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING)) - goto err; - if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) - goto err; - } - if (!EVP_DigestSign(mdctx, NULL, &sig_len, sig_content, sig_content_len)) - goto err; - if ((sig = calloc(1, sig_len)) == NULL) - goto err; - if (!EVP_DigestSign(mdctx, sig, &sig_len, sig_content, sig_content_len)) - goto err; - - if (!CBB_add_u16(cbb, sigalg->value)) - goto err; - if (!CBB_add_u16_length_prefixed(cbb, &sig_cbb)) - goto err; - if (!CBB_add_bytes(&sig_cbb, sig, sig_len)) - goto err; - - if (!CBB_flush(cbb)) - goto err; - - ret = 1; - - err: - if (!ret && ctx->alert == 0) - ctx->alert = TLS13_ALERT_INTERNAL_ERROR; - - CBB_cleanup(&sig_cbb); - EVP_MD_CTX_free(mdctx); - free(sig_content); - free(sig); - - return ret; -} - -int -tls13_client_end_of_early_data_send(struct tls13_ctx *ctx, CBB *cbb) -{ - return 0; -} - -int -tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb) -{ - struct tls13_secrets *secrets = ctx->hs->tls13.secrets; - struct tls13_secret context = { .data = "", .len = 0 }; - struct tls13_secret finished_key = { .data = NULL, .len = 0 }; - uint8_t transcript_hash[EVP_MAX_MD_SIZE]; - size_t transcript_hash_len; - uint8_t *verify_data; - size_t verify_data_len; - unsigned int hlen; - HMAC_CTX *hmac_ctx = NULL; - CBS cbs; - int ret = 0; - - if (!tls13_secret_init(&finished_key, EVP_MD_size(ctx->hash))) - goto err; - - if (!tls13_hkdf_expand_label(&finished_key, ctx->hash, - &secrets->client_handshake_traffic, "finished", - &context)) - goto err; - - if (!tls1_transcript_hash_value(ctx->ssl, transcript_hash, - sizeof(transcript_hash), &transcript_hash_len)) - goto err; - - if ((hmac_ctx = HMAC_CTX_new()) == NULL) - goto err; - if (!HMAC_Init_ex(hmac_ctx, finished_key.data, finished_key.len, - ctx->hash, NULL)) - goto err; - if (!HMAC_Update(hmac_ctx, transcript_hash, transcript_hash_len)) - goto err; - - verify_data_len = HMAC_size(hmac_ctx); - if (!CBB_add_space(cbb, &verify_data, verify_data_len)) - goto err; - if (!HMAC_Final(hmac_ctx, verify_data, &hlen)) - goto err; - if (hlen != verify_data_len) - goto err; - - CBS_init(&cbs, verify_data, verify_data_len); - if (!CBS_write_bytes(&cbs, ctx->hs->finished, - sizeof(ctx->hs->finished), &ctx->hs->finished_len)) - goto err; - - ret = 1; - - err: - tls13_secret_cleanup(&finished_key); - HMAC_CTX_free(hmac_ctx); - - return ret; -} - -int -tls13_client_finished_sent(struct tls13_ctx *ctx) -{ - struct tls13_secrets *secrets = ctx->hs->tls13.secrets; - - /* - * Any records following the client finished message must be encrypted - * using the client application traffic keys. - */ - return tls13_record_layer_set_write_traffic_key(ctx->rl, - &secrets->client_application_traffic, ssl_encryption_application); -} diff --git a/src/lib/libssl/tls13_error.c b/src/lib/libssl/tls13_error.c deleted file mode 100644 index 295b6c4fab..0000000000 --- a/src/lib/libssl/tls13_error.c +++ /dev/null @@ -1,99 +0,0 @@ -/* $OpenBSD: tls13_error.c,v 1.1 2020/01/20 13:10:37 jsing Exp $ */ -/* - * Copyright (c) 2014,2019 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#include "tls13_internal.h" - -void -tls13_error_clear(struct tls13_error *error) -{ - error->code = 0; - error->subcode = 0; - error->errnum = 0; - error->file = NULL; - error->line = 0; - free(error->msg); - error->msg = NULL; -} - -static int -tls13_error_vset(struct tls13_error *error, int code, int subcode, int errnum, - const char *file, int line, const char *fmt, va_list ap) -{ - char *errmsg = NULL; - int rv = -1; - - tls13_error_clear(error); - - error->code = code; - error->subcode = subcode; - error->errnum = errnum; - error->file = file; - error->line = line; - - if (vasprintf(&errmsg, fmt, ap) == -1) { - errmsg = NULL; - goto err; - } - - if (errnum == -1) { - error->msg = errmsg; - return 0; - } - - if (asprintf(&error->msg, "%s: %s", errmsg, strerror(errnum)) == -1) { - error->msg = NULL; - goto err; - } - rv = 0; - - err: - free(errmsg); - - return rv; -} - -int -tls13_error_set(struct tls13_error *error, int code, int subcode, - const char *file, int line, const char *fmt, ...) -{ - va_list ap; - int errnum, rv; - - errnum = errno; - - va_start(ap, fmt); - rv = tls13_error_vset(error, code, subcode, errnum, file, line, fmt, ap); - va_end(ap); - - return (rv); -} - -int -tls13_error_setx(struct tls13_error *error, int code, int subcode, - const char *file, int line, const char *fmt, ...) -{ - va_list ap; - int rv; - - va_start(ap, fmt); - rv = tls13_error_vset(error, code, subcode, -1, file, line, fmt, ap); - va_end(ap); - - return (rv); -} diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c deleted file mode 100644 index 0dc2333708..0000000000 --- a/src/lib/libssl/tls13_handshake.c +++ /dev/null @@ -1,723 +0,0 @@ -/* $OpenBSD: tls13_handshake.c,v 1.73 2024/02/03 19:57:14 tb Exp $ */ -/* - * Copyright (c) 2018-2021 Theo Buehler - * Copyright (c) 2019 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#include "ssl_local.h" -#include "tls13_handshake.h" -#include "tls13_internal.h" - -/* Based on RFC 8446 and inspired by s2n's TLS 1.2 state machine. */ - -struct tls13_handshake_action { - uint8_t handshake_type; - uint8_t sender; - uint8_t handshake_complete; - uint8_t send_preserve_transcript_hash; - uint8_t recv_preserve_transcript_hash; - - int (*send)(struct tls13_ctx *ctx, CBB *cbb); - int (*sent)(struct tls13_ctx *ctx); - int (*recv)(struct tls13_ctx *ctx, CBS *cbs); -}; - -static enum tls13_message_type - tls13_handshake_active_state(struct tls13_ctx *ctx); - -static const struct tls13_handshake_action * - tls13_handshake_active_action(struct tls13_ctx *ctx); -static int tls13_handshake_advance_state_machine(struct tls13_ctx *ctx); - -static int tls13_handshake_send_action(struct tls13_ctx *ctx, - const struct tls13_handshake_action *action); -static int tls13_handshake_recv_action(struct tls13_ctx *ctx, - const struct tls13_handshake_action *action); - -static int tls13_handshake_set_legacy_state(struct tls13_ctx *ctx); -static int tls13_handshake_legacy_info_callback(struct tls13_ctx *ctx); - -static const struct tls13_handshake_action state_machine[] = { - [CLIENT_HELLO] = { - .handshake_type = TLS13_MT_CLIENT_HELLO, - .sender = TLS13_HS_CLIENT, - .send = tls13_client_hello_send, - .sent = tls13_client_hello_sent, - .recv = tls13_client_hello_recv, - }, - [CLIENT_HELLO_RETRY] = { - .handshake_type = TLS13_MT_CLIENT_HELLO, - .sender = TLS13_HS_CLIENT, - .send = tls13_client_hello_retry_send, - .recv = tls13_client_hello_retry_recv, - }, - [CLIENT_END_OF_EARLY_DATA] = { - .handshake_type = TLS13_MT_END_OF_EARLY_DATA, - .sender = TLS13_HS_CLIENT, - .send = tls13_client_end_of_early_data_send, - .recv = tls13_client_end_of_early_data_recv, - }, - [CLIENT_CERTIFICATE] = { - .handshake_type = TLS13_MT_CERTIFICATE, - .sender = TLS13_HS_CLIENT, - .send_preserve_transcript_hash = 1, - .send = tls13_client_certificate_send, - .recv = tls13_client_certificate_recv, - }, - [CLIENT_CERTIFICATE_VERIFY] = { - .handshake_type = TLS13_MT_CERTIFICATE_VERIFY, - .sender = TLS13_HS_CLIENT, - .recv_preserve_transcript_hash = 1, - .send = tls13_client_certificate_verify_send, - .recv = tls13_client_certificate_verify_recv, - }, - [CLIENT_FINISHED] = { - .handshake_type = TLS13_MT_FINISHED, - .sender = TLS13_HS_CLIENT, - .recv_preserve_transcript_hash = 1, - .send = tls13_client_finished_send, - .sent = tls13_client_finished_sent, - .recv = tls13_client_finished_recv, - }, - [SERVER_HELLO] = { - .handshake_type = TLS13_MT_SERVER_HELLO, - .sender = TLS13_HS_SERVER, - .send = tls13_server_hello_send, - .sent = tls13_server_hello_sent, - .recv = tls13_server_hello_recv, - }, - [SERVER_HELLO_RETRY_REQUEST] = { - .handshake_type = TLS13_MT_SERVER_HELLO, - .sender = TLS13_HS_SERVER, - .send = tls13_server_hello_retry_request_send, - .recv = tls13_server_hello_retry_request_recv, - .sent = tls13_server_hello_retry_request_sent, - }, - [SERVER_ENCRYPTED_EXTENSIONS] = { - .handshake_type = TLS13_MT_ENCRYPTED_EXTENSIONS, - .sender = TLS13_HS_SERVER, - .send = tls13_server_encrypted_extensions_send, - .recv = tls13_server_encrypted_extensions_recv, - }, - [SERVER_CERTIFICATE] = { - .handshake_type = TLS13_MT_CERTIFICATE, - .sender = TLS13_HS_SERVER, - .send_preserve_transcript_hash = 1, - .send = tls13_server_certificate_send, - .recv = tls13_server_certificate_recv, - }, - [SERVER_CERTIFICATE_REQUEST] = { - .handshake_type = TLS13_MT_CERTIFICATE_REQUEST, - .sender = TLS13_HS_SERVER, - .send = tls13_server_certificate_request_send, - .recv = tls13_server_certificate_request_recv, - }, - [SERVER_CERTIFICATE_VERIFY] = { - .handshake_type = TLS13_MT_CERTIFICATE_VERIFY, - .sender = TLS13_HS_SERVER, - .recv_preserve_transcript_hash = 1, - .send = tls13_server_certificate_verify_send, - .recv = tls13_server_certificate_verify_recv, - }, - [SERVER_FINISHED] = { - .handshake_type = TLS13_MT_FINISHED, - .sender = TLS13_HS_SERVER, - .recv_preserve_transcript_hash = 1, - .send_preserve_transcript_hash = 1, - .send = tls13_server_finished_send, - .sent = tls13_server_finished_sent, - .recv = tls13_server_finished_recv, - }, - [APPLICATION_DATA] = { - .handshake_complete = 1, - }, -}; - -const enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = { - [INITIAL] = { - CLIENT_HELLO, - SERVER_HELLO_RETRY_REQUEST, - CLIENT_HELLO_RETRY, - SERVER_HELLO, - }, - [NEGOTIATED] = { - CLIENT_HELLO, - SERVER_HELLO_RETRY_REQUEST, - CLIENT_HELLO_RETRY, - SERVER_HELLO, - SERVER_ENCRYPTED_EXTENSIONS, - SERVER_CERTIFICATE_REQUEST, - SERVER_CERTIFICATE, - SERVER_CERTIFICATE_VERIFY, - SERVER_FINISHED, - CLIENT_CERTIFICATE, - CLIENT_FINISHED, - APPLICATION_DATA, - }, - [NEGOTIATED | WITHOUT_HRR] = { - CLIENT_HELLO, - SERVER_HELLO, - SERVER_ENCRYPTED_EXTENSIONS, - SERVER_CERTIFICATE_REQUEST, - SERVER_CERTIFICATE, - SERVER_CERTIFICATE_VERIFY, - SERVER_FINISHED, - CLIENT_CERTIFICATE, - CLIENT_FINISHED, - APPLICATION_DATA, - }, - [NEGOTIATED | WITHOUT_CR] = { - CLIENT_HELLO, - SERVER_HELLO_RETRY_REQUEST, - CLIENT_HELLO_RETRY, - SERVER_HELLO, - SERVER_ENCRYPTED_EXTENSIONS, - SERVER_CERTIFICATE, - SERVER_CERTIFICATE_VERIFY, - SERVER_FINISHED, - CLIENT_FINISHED, - APPLICATION_DATA, - }, - [NEGOTIATED | WITHOUT_HRR | WITHOUT_CR] = { - CLIENT_HELLO, - SERVER_HELLO, - SERVER_ENCRYPTED_EXTENSIONS, - SERVER_CERTIFICATE, - SERVER_CERTIFICATE_VERIFY, - SERVER_FINISHED, - CLIENT_FINISHED, - APPLICATION_DATA, - }, - [NEGOTIATED | WITH_PSK] = { - CLIENT_HELLO, - SERVER_HELLO_RETRY_REQUEST, - CLIENT_HELLO_RETRY, - SERVER_HELLO, - SERVER_ENCRYPTED_EXTENSIONS, - SERVER_FINISHED, - CLIENT_FINISHED, - APPLICATION_DATA, - }, - [NEGOTIATED | WITHOUT_HRR | WITH_PSK] = { - CLIENT_HELLO, - SERVER_HELLO, - SERVER_ENCRYPTED_EXTENSIONS, - SERVER_FINISHED, - CLIENT_FINISHED, - APPLICATION_DATA, - }, - [NEGOTIATED | WITH_CCV] = { - CLIENT_HELLO, - SERVER_HELLO_RETRY_REQUEST, - CLIENT_HELLO_RETRY, - SERVER_HELLO, - SERVER_ENCRYPTED_EXTENSIONS, - SERVER_CERTIFICATE_REQUEST, - SERVER_CERTIFICATE, - SERVER_CERTIFICATE_VERIFY, - SERVER_FINISHED, - CLIENT_CERTIFICATE, - CLIENT_CERTIFICATE_VERIFY, - CLIENT_FINISHED, - APPLICATION_DATA, - }, - [NEGOTIATED | WITHOUT_HRR | WITH_CCV] = { - CLIENT_HELLO, - SERVER_HELLO, - SERVER_ENCRYPTED_EXTENSIONS, - SERVER_CERTIFICATE_REQUEST, - SERVER_CERTIFICATE, - SERVER_CERTIFICATE_VERIFY, - SERVER_FINISHED, - CLIENT_CERTIFICATE, - CLIENT_CERTIFICATE_VERIFY, - CLIENT_FINISHED, - APPLICATION_DATA, - }, -}; - -const size_t handshake_count = sizeof(handshakes) / sizeof(handshakes[0]); - -#ifndef TLS13_DEBUG -#define DEBUGF(...) -#else -#define DEBUGF(...) fprintf(stderr, __VA_ARGS__) - -static const char * -tls13_handshake_mode_name(uint8_t mode) -{ - switch (mode) { - case TLS13_HS_CLIENT: - return "Client"; - case TLS13_HS_SERVER: - return "Server"; - } - return "Unknown"; -} - -static const char * -tls13_handshake_message_name(uint8_t msg_type) -{ - switch (msg_type) { - case TLS13_MT_CLIENT_HELLO: - return "ClientHello"; - case TLS13_MT_SERVER_HELLO: - return "ServerHello"; - case TLS13_MT_NEW_SESSION_TICKET: - return "NewSessionTicket"; - case TLS13_MT_END_OF_EARLY_DATA: - return "EndOfEarlyData"; - case TLS13_MT_ENCRYPTED_EXTENSIONS: - return "EncryptedExtensions"; - case TLS13_MT_CERTIFICATE: - return "Certificate"; - case TLS13_MT_CERTIFICATE_REQUEST: - return "CertificateRequest"; - case TLS13_MT_CERTIFICATE_VERIFY: - return "CertificateVerify"; - case TLS13_MT_FINISHED: - return "Finished"; - } - return "Unknown"; -} -#endif - -static enum tls13_message_type -tls13_handshake_active_state(struct tls13_ctx *ctx) -{ - struct tls13_handshake_stage hs = ctx->handshake_stage; - - if (hs.hs_type >= handshake_count) - return INVALID; - if (hs.message_number >= TLS13_NUM_MESSAGE_TYPES) - return INVALID; - - return handshakes[hs.hs_type][hs.message_number]; -} - -static const struct tls13_handshake_action * -tls13_handshake_active_action(struct tls13_ctx *ctx) -{ - enum tls13_message_type mt = tls13_handshake_active_state(ctx); - - if (mt == INVALID) - return NULL; - - return &state_machine[mt]; -} - -static int -tls13_handshake_advance_state_machine(struct tls13_ctx *ctx) -{ - if (++ctx->handshake_stage.message_number >= TLS13_NUM_MESSAGE_TYPES) - return 0; - - return 1; -} - -static int -tls13_handshake_end_of_flight(struct tls13_ctx *ctx, - const struct tls13_handshake_action *previous) -{ - const struct tls13_handshake_action *current; - - if ((current = tls13_handshake_active_action(ctx)) == NULL) - return 1; - - return current->sender != previous->sender; -} - -int -tls13_handshake_msg_record(struct tls13_ctx *ctx) -{ - CBS cbs; - - tls13_handshake_msg_data(ctx->hs_msg, &cbs); - return tls1_transcript_record(ctx->ssl, CBS_data(&cbs), CBS_len(&cbs)); -} - -int -tls13_handshake_perform(struct tls13_ctx *ctx) -{ - const struct tls13_handshake_action *action; - int sending; - int ret; - - if (!ctx->handshake_started) { - /* - * Set legacy state to connect/accept and call info callback - * to signal that the handshake started. - */ - if (!tls13_handshake_set_legacy_state(ctx)) - return TLS13_IO_FAILURE; - if (!tls13_handshake_legacy_info_callback(ctx)) - return TLS13_IO_FAILURE; - - ctx->handshake_started = 1; - - /* Set legacy state for initial ClientHello read or write. */ - if (!tls13_handshake_set_legacy_state(ctx)) - return TLS13_IO_FAILURE; - } - - for (;;) { - if ((action = tls13_handshake_active_action(ctx)) == NULL) - return TLS13_IO_FAILURE; - - if (ctx->need_flush) { - if ((ret = tls13_record_layer_flush(ctx->rl)) != - TLS13_IO_SUCCESS) - return ret; - ctx->need_flush = 0; - } - - if (action->handshake_complete) { - ctx->handshake_completed = 1; - tls13_record_layer_handshake_completed(ctx->rl); - - if (!tls13_handshake_set_legacy_state(ctx)) - return TLS13_IO_FAILURE; - if (!tls13_handshake_legacy_info_callback(ctx)) - return TLS13_IO_FAILURE; - - return TLS13_IO_SUCCESS; - } - - sending = action->sender == ctx->mode; - - DEBUGF("%s %s %s\n", tls13_handshake_mode_name(ctx->mode), - sending ? "sending" : "receiving", - tls13_handshake_message_name(action->handshake_type)); - - if (ctx->alert != 0) - return tls13_send_alert(ctx->rl, ctx->alert); - - if (sending) - ret = tls13_handshake_send_action(ctx, action); - else - ret = tls13_handshake_recv_action(ctx, action); - - if (ctx->alert != 0) - return tls13_send_alert(ctx->rl, ctx->alert); - - if (ret <= 0) { - DEBUGF("%s %s returned %d\n", - tls13_handshake_mode_name(ctx->mode), - (action->sender == ctx->mode) ? "send" : "recv", - ret); - return ret; - } - - if (!tls13_handshake_legacy_info_callback(ctx)) - return TLS13_IO_FAILURE; - - if (!tls13_handshake_advance_state_machine(ctx)) - return TLS13_IO_FAILURE; - - if (sending) - ctx->need_flush = tls13_handshake_end_of_flight(ctx, - action); - - if (!tls13_handshake_set_legacy_state(ctx)) - return TLS13_IO_FAILURE; - } -} - -static int -tls13_handshake_send_action(struct tls13_ctx *ctx, - const struct tls13_handshake_action *action) -{ - ssize_t ret; - CBB cbb; - - if (ctx->send_dummy_ccs) { - if ((ret = tls13_send_dummy_ccs(ctx->rl)) != TLS13_IO_SUCCESS) - return ret; - ctx->send_dummy_ccs = 0; - if (ctx->send_dummy_ccs_after) { - ctx->send_dummy_ccs_after = 0; - return TLS13_IO_SUCCESS; - } - } - - /* If we have no handshake message, we need to build one. */ - if (ctx->hs_msg == NULL) { - if ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL) - return TLS13_IO_FAILURE; - if (!tls13_handshake_msg_start(ctx->hs_msg, &cbb, - action->handshake_type)) - return TLS13_IO_FAILURE; - if (!action->send(ctx, &cbb)) - return TLS13_IO_FAILURE; - if (!tls13_handshake_msg_finish(ctx->hs_msg)) - return TLS13_IO_FAILURE; - } - - if ((ret = tls13_handshake_msg_send(ctx->hs_msg, ctx->rl)) <= 0) - return ret; - - if (!tls13_handshake_msg_record(ctx)) - return TLS13_IO_FAILURE; - - if (action->send_preserve_transcript_hash) { - if (!tls1_transcript_hash_value(ctx->ssl, - ctx->hs->tls13.transcript_hash, - sizeof(ctx->hs->tls13.transcript_hash), - &ctx->hs->tls13.transcript_hash_len)) - return TLS13_IO_FAILURE; - } - - if (ctx->handshake_message_sent_cb != NULL) - ctx->handshake_message_sent_cb(ctx); - - tls13_handshake_msg_free(ctx->hs_msg); - ctx->hs_msg = NULL; - - if (action->sent != NULL && !action->sent(ctx)) - return TLS13_IO_FAILURE; - - if (ctx->send_dummy_ccs_after) { - ctx->send_dummy_ccs = 1; - if ((ret = tls13_send_dummy_ccs(ctx->rl)) != TLS13_IO_SUCCESS) - return ret; - ctx->send_dummy_ccs = 0; - ctx->send_dummy_ccs_after = 0; - } - - return TLS13_IO_SUCCESS; -} - -static int -tls13_handshake_recv_action(struct tls13_ctx *ctx, - const struct tls13_handshake_action *action) -{ - uint8_t msg_type; - ssize_t ret; - CBS cbs; - - if (ctx->hs_msg == NULL) { - if ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL) - return TLS13_IO_FAILURE; - } - - if ((ret = tls13_handshake_msg_recv(ctx->hs_msg, ctx->rl)) <= 0) - return ret; - - if (action->recv_preserve_transcript_hash) { - if (!tls1_transcript_hash_value(ctx->ssl, - ctx->hs->tls13.transcript_hash, - sizeof(ctx->hs->tls13.transcript_hash), - &ctx->hs->tls13.transcript_hash_len)) - return TLS13_IO_FAILURE; - } - - if (!tls13_handshake_msg_record(ctx)) - return TLS13_IO_FAILURE; - - if (ctx->handshake_message_recv_cb != NULL) - ctx->handshake_message_recv_cb(ctx); - - /* - * In TLSv1.3 there is no way to know if you're going to receive a - * certificate request message or not, hence we have to special case it - * here. The receive handler also knows how to deal with this situation. - */ - msg_type = tls13_handshake_msg_type(ctx->hs_msg); - if (msg_type != action->handshake_type && - (msg_type != TLS13_MT_CERTIFICATE || - action->handshake_type != TLS13_MT_CERTIFICATE_REQUEST)) - return tls13_send_alert(ctx->rl, TLS13_ALERT_UNEXPECTED_MESSAGE); - - if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs)) - return TLS13_IO_FAILURE; - - ret = TLS13_IO_FAILURE; - if (!action->recv(ctx, &cbs)) - goto err; - - if (CBS_len(&cbs) != 0) { - tls13_set_errorx(ctx, TLS13_ERR_TRAILING_DATA, 0, - "trailing data in handshake message", NULL); - ctx->alert = TLS13_ALERT_DECODE_ERROR; - goto err; - } - - ret = TLS13_IO_SUCCESS; - if (ctx->ssl->method->version < TLS1_3_VERSION) - ret = TLS13_IO_USE_LEGACY; - - err: - tls13_handshake_msg_free(ctx->hs_msg); - ctx->hs_msg = NULL; - - return ret; -} - -struct tls13_handshake_legacy_state { - int recv; - int send; -}; - -static const struct tls13_handshake_legacy_state legacy_states[] = { - [CLIENT_HELLO] = { - .recv = SSL3_ST_SR_CLNT_HELLO_A, - .send = SSL3_ST_CW_CLNT_HELLO_A, - }, - [SERVER_HELLO_RETRY_REQUEST] = { - .recv = SSL3_ST_CR_SRVR_HELLO_A, - .send = SSL3_ST_SW_SRVR_HELLO_A, - }, - [CLIENT_HELLO_RETRY] = { - .recv = SSL3_ST_SR_CLNT_HELLO_A, - .send = SSL3_ST_CW_CLNT_HELLO_A, - }, - [SERVER_HELLO] = { - .recv = SSL3_ST_CR_SRVR_HELLO_A, - .send = SSL3_ST_SW_SRVR_HELLO_A, - }, - [SERVER_ENCRYPTED_EXTENSIONS] = { - .send = 0, - .recv = 0, - }, - [SERVER_CERTIFICATE_REQUEST] = { - .recv = SSL3_ST_CR_CERT_REQ_A, - .send = SSL3_ST_SW_CERT_REQ_A, - }, - [SERVER_CERTIFICATE] = { - .recv = SSL3_ST_CR_CERT_A, - .send = SSL3_ST_SW_CERT_A, - }, - [SERVER_CERTIFICATE_VERIFY] = { - .send = 0, - .recv = 0, - }, - [SERVER_FINISHED] = { - .recv = SSL3_ST_CR_FINISHED_A, - .send = SSL3_ST_SW_FINISHED_A, - }, - [CLIENT_END_OF_EARLY_DATA] = { - .send = 0, - .recv = 0, - }, - [CLIENT_CERTIFICATE] = { - .recv = SSL3_ST_SR_CERT_VRFY_A, - .send = SSL3_ST_CW_CERT_VRFY_B, - }, - [CLIENT_CERTIFICATE_VERIFY] = { - .send = 0, - .recv = 0, - }, - [CLIENT_FINISHED] = { - .recv = SSL3_ST_SR_FINISHED_A, - .send = SSL3_ST_CW_FINISHED_A, - }, - [APPLICATION_DATA] = { - .recv = 0, - .send = 0, - }, -}; - -CTASSERT(sizeof(state_machine) / sizeof(state_machine[0]) == - sizeof(legacy_states) / sizeof(legacy_states[0])); - -static int -tls13_handshake_legacy_state(struct tls13_ctx *ctx, int *out_state) -{ - const struct tls13_handshake_action *action; - enum tls13_message_type mt; - - *out_state = 0; - - if (!ctx->handshake_started) { - if (ctx->mode == TLS13_HS_CLIENT) - *out_state = SSL_ST_CONNECT; - else - *out_state = SSL_ST_ACCEPT; - - return 1; - } - - if (ctx->handshake_completed) { - *out_state = SSL_ST_OK; - return 1; - } - - if ((mt = tls13_handshake_active_state(ctx)) == INVALID) - return 0; - - if ((action = tls13_handshake_active_action(ctx)) == NULL) - return 0; - - if (action->sender == ctx->mode) - *out_state = legacy_states[mt].send; - else - *out_state = legacy_states[mt].recv; - - return 1; -} - -static int -tls13_handshake_info_position(struct tls13_ctx *ctx) -{ - if (!ctx->handshake_started) - return TLS13_INFO_HANDSHAKE_STARTED; - - if (ctx->handshake_completed) - return TLS13_INFO_HANDSHAKE_COMPLETED; - - if (ctx->mode == TLS13_HS_CLIENT) - return TLS13_INFO_CONNECT_LOOP; - else - return TLS13_INFO_ACCEPT_LOOP; -} - -static int -tls13_handshake_legacy_info_callback(struct tls13_ctx *ctx) -{ - int state, where; - - if (!tls13_handshake_legacy_state(ctx, &state)) - return 0; - - /* Do nothing if there's no corresponding legacy state. */ - if (state == 0) - return 1; - - if (ctx->info_cb != NULL) { - where = tls13_handshake_info_position(ctx); - ctx->info_cb(ctx, where, 1); - } - - return 1; -} - -static int -tls13_handshake_set_legacy_state(struct tls13_ctx *ctx) -{ - int state; - - if (!tls13_handshake_legacy_state(ctx, &state)) - return 0; - - /* Do nothing if there's no corresponding legacy state. */ - if (state == 0) - return 1; - - ctx->hs->state = state; - - return 1; -} diff --git a/src/lib/libssl/tls13_handshake.h b/src/lib/libssl/tls13_handshake.h deleted file mode 100644 index 8a08b9fd5b..0000000000 --- a/src/lib/libssl/tls13_handshake.h +++ /dev/null @@ -1,54 +0,0 @@ -/* $OpenBSD: tls13_handshake.h,v 1.5 2020/04/22 17:05:07 jsing Exp $ */ -/* - * Copyright (c) 2019 Theo Buehler - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef HEADER_TLS13_HANDSHAKE_H -#define HEADER_TLS13_HANDSHAKE_H - -#include /* for NULL */ - -__BEGIN_HIDDEN_DECLS - -#define INITIAL 0x00 -#define NEGOTIATED 0x01 -#define WITHOUT_HRR 0x02 -#define WITHOUT_CR 0x04 -#define WITH_PSK 0x08 -#define WITH_CCV 0x10 -#define WITH_0RTT 0x20 - -enum tls13_message_type { - INVALID, - CLIENT_HELLO, - SERVER_HELLO_RETRY_REQUEST, - CLIENT_HELLO_RETRY, - SERVER_HELLO, - SERVER_ENCRYPTED_EXTENSIONS, - SERVER_CERTIFICATE_REQUEST, - SERVER_CERTIFICATE, - SERVER_CERTIFICATE_VERIFY, - SERVER_FINISHED, - CLIENT_END_OF_EARLY_DATA, - CLIENT_CERTIFICATE, - CLIENT_CERTIFICATE_VERIFY, - CLIENT_FINISHED, - APPLICATION_DATA, - TLS13_NUM_MESSAGE_TYPES, -}; - -__END_HIDDEN_DECLS - -#endif /* !HEADER_TLS13_HANDSHAKE_H */ diff --git a/src/lib/libssl/tls13_handshake_msg.c b/src/lib/libssl/tls13_handshake_msg.c deleted file mode 100644 index c7f4d7b7ec..0000000000 --- a/src/lib/libssl/tls13_handshake_msg.c +++ /dev/null @@ -1,188 +0,0 @@ -/* $OpenBSD: tls13_handshake_msg.c,v 1.7 2024/02/04 20:50:23 tb Exp $ */ -/* - * Copyright (c) 2018, 2019 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "bytestring.h" -#include "tls13_internal.h" - -#define TLS13_HANDSHAKE_MSG_HEADER_LEN 4 -#define TLS13_HANDSHAKE_MSG_INITIAL_LEN 256 -#define TLS13_HANDSHAKE_MSG_MAX_LEN (256 * 1024) - -struct tls13_handshake_msg { - uint8_t msg_type; - uint32_t msg_len; - uint8_t *data; - size_t data_len; - - struct tls_buffer *buf; - CBS cbs; - CBB cbb; -}; - -struct tls13_handshake_msg * -tls13_handshake_msg_new(void) -{ - struct tls13_handshake_msg *msg = NULL; - - if ((msg = calloc(1, sizeof(struct tls13_handshake_msg))) == NULL) - goto err; - if ((msg->buf = tls_buffer_new(0)) == NULL) - goto err; - - return msg; - - err: - tls13_handshake_msg_free(msg); - - return NULL; -} - -void -tls13_handshake_msg_free(struct tls13_handshake_msg *msg) -{ - if (msg == NULL) - return; - - tls_buffer_free(msg->buf); - - CBB_cleanup(&msg->cbb); - - freezero(msg->data, msg->data_len); - freezero(msg, sizeof(struct tls13_handshake_msg)); -} - -void -tls13_handshake_msg_data(struct tls13_handshake_msg *msg, CBS *cbs) -{ - CBS_init(cbs, msg->data, msg->data_len); -} - -uint8_t -tls13_handshake_msg_type(struct tls13_handshake_msg *msg) -{ - return msg->msg_type; -} - -int -tls13_handshake_msg_content(struct tls13_handshake_msg *msg, CBS *cbs) -{ - tls13_handshake_msg_data(msg, cbs); - - return CBS_skip(cbs, TLS13_HANDSHAKE_MSG_HEADER_LEN); -} - -int -tls13_handshake_msg_start(struct tls13_handshake_msg *msg, CBB *body, - uint8_t msg_type) -{ - if (!CBB_init(&msg->cbb, TLS13_HANDSHAKE_MSG_INITIAL_LEN)) - return 0; - if (!CBB_add_u8(&msg->cbb, msg_type)) - return 0; - if (!CBB_add_u24_length_prefixed(&msg->cbb, body)) - return 0; - - return 1; -} - -int -tls13_handshake_msg_finish(struct tls13_handshake_msg *msg) -{ - if (!CBB_finish(&msg->cbb, &msg->data, &msg->data_len)) - return 0; - - CBS_init(&msg->cbs, msg->data, msg->data_len); - - return 1; -} - -static ssize_t -tls13_handshake_msg_read_cb(void *buf, size_t n, void *cb_arg) -{ - struct tls13_record_layer *rl = cb_arg; - - return tls13_read_handshake_data(rl, buf, n); -} - -int -tls13_handshake_msg_recv(struct tls13_handshake_msg *msg, - struct tls13_record_layer *rl) -{ - uint8_t msg_type; - uint32_t msg_len; - CBS cbs; - int ret; - - if (msg->data != NULL) - return TLS13_IO_FAILURE; - - if (msg->msg_type == 0) { - if ((ret = tls_buffer_extend(msg->buf, - TLS13_HANDSHAKE_MSG_HEADER_LEN, - tls13_handshake_msg_read_cb, rl)) <= 0) - return ret; - - if (!tls_buffer_data(msg->buf, &cbs)) - return TLS13_IO_FAILURE; - - if (!CBS_get_u8(&cbs, &msg_type)) - return TLS13_IO_FAILURE; - if (!CBS_get_u24(&cbs, &msg_len)) - return TLS13_IO_FAILURE; - - /* XXX - do we want to make this variable on message type? */ - if (msg_len > TLS13_HANDSHAKE_MSG_MAX_LEN) - return TLS13_IO_FAILURE; - - msg->msg_type = msg_type; - msg->msg_len = msg_len; - } - - if ((ret = tls_buffer_extend(msg->buf, - TLS13_HANDSHAKE_MSG_HEADER_LEN + msg->msg_len, - tls13_handshake_msg_read_cb, rl)) <= 0) - return ret; - - if (!tls_buffer_finish(msg->buf, &msg->data, &msg->data_len)) - return TLS13_IO_FAILURE; - - return TLS13_IO_SUCCESS; -} - -int -tls13_handshake_msg_send(struct tls13_handshake_msg *msg, - struct tls13_record_layer *rl) -{ - ssize_t ret; - - if (msg->data == NULL) - return TLS13_IO_FAILURE; - - if (CBS_len(&msg->cbs) == 0) - return TLS13_IO_FAILURE; - - while (CBS_len(&msg->cbs) > 0) { - if ((ret = tls13_write_handshake_data(rl, CBS_data(&msg->cbs), - CBS_len(&msg->cbs))) <= 0) - return ret; - - if (!CBS_skip(&msg->cbs, ret)) - return TLS13_IO_FAILURE; - } - - return TLS13_IO_SUCCESS; -} diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h deleted file mode 100644 index 7a7f8abc63..0000000000 --- a/src/lib/libssl/tls13_internal.h +++ /dev/null @@ -1,447 +0,0 @@ -/* $OpenBSD: tls13_internal.h,v 1.105 2025/03/09 15:12:18 tb Exp $ */ -/* - * Copyright (c) 2018 Bob Beck - * Copyright (c) 2018 Theo Buehler - * Copyright (c) 2018, 2019 Joel Sing - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef HEADER_TLS13_INTERNAL_H -#define HEADER_TLS13_INTERNAL_H - -#include -#include - -#include "bytestring.h" -#include "tls_internal.h" - -__BEGIN_HIDDEN_DECLS - -#define TLS13_HS_CLIENT 1 -#define TLS13_HS_SERVER 2 - -#define TLS13_IO_SUCCESS 1 -#define TLS13_IO_EOF 0 -#define TLS13_IO_FAILURE -1 -#define TLS13_IO_ALERT -2 -#define TLS13_IO_WANT_POLLIN -3 -#define TLS13_IO_WANT_POLLOUT -4 -#define TLS13_IO_WANT_RETRY -5 /* Retry the previous call immediately. */ -#define TLS13_IO_USE_LEGACY -6 -#define TLS13_IO_RECORD_VERSION -7 -#define TLS13_IO_RECORD_OVERFLOW -8 - -#define TLS13_ERR_VERIFY_FAILED 16 -#define TLS13_ERR_HRR_FAILED 17 -#define TLS13_ERR_TRAILING_DATA 18 -#define TLS13_ERR_NO_SHARED_CIPHER 19 -#define TLS13_ERR_NO_CERTIFICATE 20 -#define TLS13_ERR_NO_PEER_CERTIFICATE 21 - -#define TLS13_ALERT_LEVEL_WARNING 1 -#define TLS13_ALERT_LEVEL_FATAL 2 - -#define TLS13_ALERT_CLOSE_NOTIFY 0 -#define TLS13_ALERT_UNEXPECTED_MESSAGE 10 -#define TLS13_ALERT_BAD_RECORD_MAC 20 -#define TLS13_ALERT_RECORD_OVERFLOW 22 -#define TLS13_ALERT_HANDSHAKE_FAILURE 40 -#define TLS13_ALERT_BAD_CERTIFICATE 42 -#define TLS13_ALERT_UNSUPPORTED_CERTIFICATE 43 -#define TLS13_ALERT_CERTIFICATE_REVOKED 44 -#define TLS13_ALERT_CERTIFICATE_EXPIRED 45 -#define TLS13_ALERT_CERTIFICATE_UNKNOWN 46 -#define TLS13_ALERT_ILLEGAL_PARAMETER 47 -#define TLS13_ALERT_UNKNOWN_CA 48 -#define TLS13_ALERT_ACCESS_DENIED 49 -#define TLS13_ALERT_DECODE_ERROR 50 -#define TLS13_ALERT_DECRYPT_ERROR 51 -#define TLS13_ALERT_PROTOCOL_VERSION 70 -#define TLS13_ALERT_INSUFFICIENT_SECURITY 71 -#define TLS13_ALERT_INTERNAL_ERROR 80 -#define TLS13_ALERT_INAPPROPRIATE_FALLBACK 86 -#define TLS13_ALERT_USER_CANCELED 90 -#define TLS13_ALERT_MISSING_EXTENSION 109 -#define TLS13_ALERT_UNSUPPORTED_EXTENSION 110 -#define TLS13_ALERT_UNRECOGNIZED_NAME 112 -#define TLS13_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE 113 -#define TLS13_ALERT_UNKNOWN_PSK_IDENTITY 115 -#define TLS13_ALERT_CERTIFICATE_REQUIRED 116 -#define TLS13_ALERT_NO_APPLICATION_PROTOCOL 120 - -#define TLS13_INFO_HANDSHAKE_STARTED SSL_CB_HANDSHAKE_START -#define TLS13_INFO_HANDSHAKE_COMPLETED SSL_CB_HANDSHAKE_DONE -#define TLS13_INFO_ACCEPT_LOOP SSL_CB_ACCEPT_LOOP -#define TLS13_INFO_CONNECT_LOOP SSL_CB_CONNECT_LOOP -#define TLS13_INFO_ACCEPT_EXIT SSL_CB_ACCEPT_EXIT -#define TLS13_INFO_CONNECT_EXIT SSL_CB_CONNECT_EXIT - -typedef void (*tls13_alert_cb)(uint8_t _alert_level, uint8_t _alert_desc, - void *_cb_arg); -typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg); -typedef void (*tls13_phh_sent_cb)(void *_cb_arg); -typedef void (*tls13_handshake_message_cb)(void *_cb_arg); -typedef void (*tls13_info_cb)(void *_cb_arg, int _state, int _ret); -typedef int (*tls13_ocsp_status_cb)(void *_cb_arg); - -/* - * PSK support. - */ - -/* - * Known PskKeyExchangeMode values. - * https://www.iana.org/assignments/tls-parameters/#tls-pskkeyexchangemode - */ -#define TLS13_PSK_KE 0 -#define TLS13_PSK_DHE_KE 1 - -/* - * Secrets. - */ -struct tls13_secret { - uint8_t *data; - size_t len; -}; - -/* RFC 8446 Section 7.1 Page 92 */ -struct tls13_secrets { - const EVP_MD *digest; - int resumption; - int init_done; - int early_done; - int handshake_done; - int schedule_done; - int insecure; /* Set by tests */ - struct tls13_secret zeros; - struct tls13_secret empty_hash; - struct tls13_secret extracted_early; - struct tls13_secret binder_key; - struct tls13_secret client_early_traffic; - struct tls13_secret early_exporter_master; - struct tls13_secret derived_early; - struct tls13_secret extracted_handshake; - struct tls13_secret client_handshake_traffic; - struct tls13_secret server_handshake_traffic; - struct tls13_secret derived_handshake; - struct tls13_secret extracted_master; - struct tls13_secret client_application_traffic; - struct tls13_secret server_application_traffic; - struct tls13_secret exporter_master; - struct tls13_secret resumption_master; -}; - -int tls13_secret_init(struct tls13_secret *secret, size_t len); -void tls13_secret_cleanup(struct tls13_secret *secret); -struct tls13_secrets *tls13_secrets_create(const EVP_MD *digest, - int resumption); -void tls13_secrets_destroy(struct tls13_secrets *secrets); - -int tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest, - const struct tls13_secret *secret, const char *label, - const struct tls13_secret *context); -int tls13_hkdf_expand_label_with_length(struct tls13_secret *out, - const EVP_MD *digest, const struct tls13_secret *secret, - const uint8_t *label, size_t label_len, const struct tls13_secret *context); - -int tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest, - const struct tls13_secret *secret, const char *label, - const struct tls13_secret *context); -int tls13_derive_secret_with_label_length(struct tls13_secret *out, - const EVP_MD *digest, const struct tls13_secret *secret, - const uint8_t *label, size_t label_len, const struct tls13_secret *context); - -int tls13_derive_early_secrets(struct tls13_secrets *secrets, uint8_t *psk, - size_t psk_len, const struct tls13_secret *context); -int tls13_derive_handshake_secrets(struct tls13_secrets *secrets, - const uint8_t *ecdhe, size_t ecdhe_len, const struct tls13_secret *context); -int tls13_derive_application_secrets(struct tls13_secrets *secrets, - const struct tls13_secret *context); -int tls13_update_client_traffic_secret(struct tls13_secrets *secrets); -int tls13_update_server_traffic_secret(struct tls13_secrets *secrets); - -/* - * Record Layer. - */ -struct tls13_record_layer; - -struct tls13_record_layer_callbacks { - /* Wire callbacks. */ - tls_read_cb wire_read; - tls_write_cb wire_write; - tls_flush_cb wire_flush; - - /* Interceptors. */ - tls_handshake_read_cb handshake_read; - tls_handshake_write_cb handshake_write; - tls_traffic_key_cb set_read_traffic_key; - tls_traffic_key_cb set_write_traffic_key; - tls_alert_send_cb alert_send; - - /* Notification callbacks. */ - tls13_alert_cb alert_recv; - tls13_alert_cb alert_sent; - tls13_phh_recv_cb phh_recv; - tls13_phh_sent_cb phh_sent; -}; - -struct tls13_record_layer *tls13_record_layer_new( - const struct tls13_record_layer_callbacks *callbacks, void *cb_arg); -void tls13_record_layer_free(struct tls13_record_layer *rl); -void tls13_record_layer_set_callbacks(struct tls13_record_layer *rl, - const struct tls13_record_layer_callbacks *callbacks, void *cb_arg); -void tls13_record_layer_allow_ccs(struct tls13_record_layer *rl, int allow); -void tls13_record_layer_allow_legacy_alerts(struct tls13_record_layer *rl, int allow); -void tls13_record_layer_rcontent(struct tls13_record_layer *rl, CBS *cbs); -void tls13_record_layer_set_aead(struct tls13_record_layer *rl, - const EVP_AEAD *aead); -void tls13_record_layer_set_hash(struct tls13_record_layer *rl, - const EVP_MD *hash); -void tls13_record_layer_set_legacy_version(struct tls13_record_layer *rl, - uint16_t version); -void tls13_record_layer_set_retry_after_phh(struct tls13_record_layer *rl, int retry); -void tls13_record_layer_alert_sent(struct tls13_record_layer *rl, - uint8_t alert_level, uint8_t alert_desc); -void tls13_record_layer_handshake_completed(struct tls13_record_layer *rl); -int tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl, - struct tls13_secret *read_key, enum ssl_encryption_level_t read_level); -int tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl, - struct tls13_secret *write_key, enum ssl_encryption_level_t write_level); -ssize_t tls13_record_layer_send_pending(struct tls13_record_layer *rl); -ssize_t tls13_record_layer_phh(struct tls13_record_layer *rl, CBS *cbs); -ssize_t tls13_record_layer_flush(struct tls13_record_layer *rl); - -ssize_t tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n); -ssize_t tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf, - size_t n); -ssize_t tls13_pending_application_data(struct tls13_record_layer *rl); -ssize_t tls13_peek_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n); -ssize_t tls13_read_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n); -ssize_t tls13_write_application_data(struct tls13_record_layer *rl, const uint8_t *buf, - size_t n); - -ssize_t tls13_send_alert(struct tls13_record_layer *rl, uint8_t alert_desc); -ssize_t tls13_send_dummy_ccs(struct tls13_record_layer *rl); - -/* - * Handshake Messages. - */ -struct tls13_handshake_msg; - -struct tls13_handshake_msg *tls13_handshake_msg_new(void); -void tls13_handshake_msg_free(struct tls13_handshake_msg *msg); -void tls13_handshake_msg_data(struct tls13_handshake_msg *msg, CBS *cbs); -uint8_t tls13_handshake_msg_type(struct tls13_handshake_msg *msg); -int tls13_handshake_msg_content(struct tls13_handshake_msg *msg, CBS *cbs); -int tls13_handshake_msg_start(struct tls13_handshake_msg *msg, CBB *body, - uint8_t msg_type); -int tls13_handshake_msg_finish(struct tls13_handshake_msg *msg); -int tls13_handshake_msg_recv(struct tls13_handshake_msg *msg, - struct tls13_record_layer *rl); -int tls13_handshake_msg_send(struct tls13_handshake_msg *msg, - struct tls13_record_layer *rl); - -struct tls13_handshake_stage { - uint8_t hs_type; - uint8_t message_number; -}; - -struct ssl_handshake_tls13_st; - -struct tls13_error { - int code; - int subcode; - int errnum; - const char *file; - int line; - char *msg; -}; - -struct tls13_ctx { - struct tls13_error error; - - SSL *ssl; - struct ssl_handshake_st *hs; - uint8_t mode; - struct tls13_handshake_stage handshake_stage; - int handshake_started; - int handshake_completed; - int need_flush; - int middlebox_compat; - int send_dummy_ccs; - int send_dummy_ccs_after; - - int close_notify_sent; - int close_notify_recv; - - const EVP_AEAD *aead; - const EVP_MD *hash; - - struct tls13_record_layer *rl; - struct tls13_handshake_msg *hs_msg; - uint8_t key_update_request; - uint8_t alert; - int phh_count; - time_t phh_last_seen; - - tls13_alert_cb alert_sent_cb; - tls13_alert_cb alert_recv_cb; - tls13_handshake_message_cb handshake_message_sent_cb; - tls13_handshake_message_cb handshake_message_recv_cb; - tls13_info_cb info_cb; - tls13_ocsp_status_cb ocsp_status_recv_cb; -}; -#ifndef TLS13_PHH_LIMIT_TIME -#define TLS13_PHH_LIMIT_TIME 3600 -#endif -#ifndef TLS13_PHH_LIMIT -#define TLS13_PHH_LIMIT 100 -#endif - -struct tls13_ctx *tls13_ctx_new(int mode, SSL *ssl); -void tls13_ctx_free(struct tls13_ctx *ctx); - -const EVP_AEAD *tls13_cipher_aead(const SSL_CIPHER *cipher); -const EVP_MD *tls13_cipher_hash(const SSL_CIPHER *cipher); - -void tls13_alert_received_cb(uint8_t alert_level, uint8_t alert_desc, void *arg); -void tls13_alert_sent_cb(uint8_t alert_level, uint8_t alert_desc, void *arg); -ssize_t tls13_phh_received_cb(void *cb_arg); -void tls13_phh_done_cb(void *cb_arg); - -int tls13_quic_init(struct tls13_ctx *ctx); - -/* - * Legacy interfaces. - */ -int tls13_use_legacy_client(struct tls13_ctx *ctx); -int tls13_use_legacy_server(struct tls13_ctx *ctx); -int tls13_legacy_accept(SSL *ssl); -int tls13_legacy_connect(SSL *ssl); -ssize_t tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg); -ssize_t tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg); -ssize_t tls13_legacy_wire_flush_cb(void *arg); -int tls13_legacy_pending(const SSL *ssl); -int tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, - int peek); -int tls13_legacy_write_bytes(SSL *ssl, int type, const void *buf, int len); -int tls13_legacy_shutdown(SSL *ssl); -int tls13_legacy_servername_process(struct tls13_ctx *ctx, uint8_t *alert); - -/* - * Message Types - RFC 8446, Section B.3. - * - * Values listed as "_RESERVED" were used in previous versions of TLS and are - * listed here for completeness. TLS 1.3 implementations MUST NOT send them but - * might receive them from older TLS implementations. - */ -#define TLS13_MT_HELLO_REQUEST_RESERVED 0 -#define TLS13_MT_CLIENT_HELLO 1 -#define TLS13_MT_SERVER_HELLO 2 -#define TLS13_MT_HELLO_VERIFY_REQUEST_RESERVED 3 -#define TLS13_MT_NEW_SESSION_TICKET 4 -#define TLS13_MT_END_OF_EARLY_DATA 5 -#define TLS13_MT_HELLO_RETRY_REQUEST_RESERVED 6 -#define TLS13_MT_ENCRYPTED_EXTENSIONS 8 -#define TLS13_MT_CERTIFICATE 11 -#define TLS13_MT_SERVER_KEY_EXCHANGE_RESERVED 12 -#define TLS13_MT_CERTIFICATE_REQUEST 13 -#define TLS13_MT_SERVER_HELLO_DONE_RESERVED 14 -#define TLS13_MT_CERTIFICATE_VERIFY 15 -#define TLS13_MT_CLIENT_KEY_EXCHANGE_RESERVED 16 -#define TLS13_MT_FINISHED 20 -#define TLS13_MT_CERTIFICATE_URL_RESERVED 21 -#define TLS13_MT_CERTIFICATE_STATUS_RESERVED 22 -#define TLS13_MT_SUPPLEMENTAL_DATA_RESERVED 23 -#define TLS13_MT_KEY_UPDATE 24 -#define TLS13_MT_MESSAGE_HASH 254 - -int tls13_handshake_msg_record(struct tls13_ctx *ctx); -int tls13_handshake_perform(struct tls13_ctx *ctx); - -int tls13_client_init(struct tls13_ctx *ctx); -int tls13_server_init(struct tls13_ctx *ctx); -int tls13_client_connect(struct tls13_ctx *ctx); -int tls13_server_accept(struct tls13_ctx *ctx); - -int tls13_client_hello_send(struct tls13_ctx *ctx, CBB *cbb); -int tls13_client_hello_sent(struct tls13_ctx *ctx); -int tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb); -int tls13_client_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_client_end_of_early_data_send(struct tls13_ctx *ctx, CBB *cbb); -int tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb); -int tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb); -int tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb); -int tls13_client_finished_sent(struct tls13_ctx *ctx); -int tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb); -int tls13_server_hello_sent(struct tls13_ctx *ctx); -int tls13_server_hello_retry_request_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb); -int tls13_server_hello_retry_request_sent(struct tls13_ctx *ctx); -int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx, CBB *cbb); -int tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb); -int tls13_server_certificate_request_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_server_certificate_request_send(struct tls13_ctx *ctx, CBB *cbb); -int tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb); -int tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb); -int tls13_server_finished_sent(struct tls13_ctx *ctx); - -void tls13_error_clear(struct tls13_error *error); -int tls13_cert_add(struct tls13_ctx *ctx, CBB *cbb, X509 *cert, - int(*build_extensions)(SSL *s, uint16_t msg_type, CBB *cbb)); - -int tls13_synthetic_handshake_message(struct tls13_ctx *ctx); -int tls13_clienthello_hash_init(struct tls13_ctx *ctx); -void tls13_clienthello_hash_clear(struct ssl_handshake_tls13_st *hs); -int tls13_clienthello_hash_update_bytes(struct tls13_ctx *ctx, void *data, - size_t len); -int tls13_clienthello_hash_update(struct tls13_ctx *ctx, CBS *cbs); -int tls13_clienthello_hash_finalize(struct tls13_ctx *ctx); -int tls13_clienthello_hash_validate(struct tls13_ctx *ctx); - -int tls13_error_set(struct tls13_error *error, int code, int subcode, - const char *file, int line, const char *fmt, ...); -int tls13_error_setx(struct tls13_error *error, int code, int subcode, - const char *file, int line, const char *fmt, ...); - -#define tls13_set_error(ctx, code, subcode, fmt, ...) \ - tls13_error_set(&(ctx)->error, (code), (subcode), OPENSSL_FILE, OPENSSL_LINE, \ - (fmt), __VA_ARGS__) -#define tls13_set_errorx(ctx, code, subcode, fmt, ...) \ - tls13_error_setx(&(ctx)->error, (code), (subcode), OPENSSL_FILE, OPENSSL_LINE, \ - (fmt), __VA_ARGS__) - -int tls13_exporter(struct tls13_ctx *ctx, const uint8_t *label, size_t label_len, - const uint8_t *context_value, size_t context_value_len, uint8_t *out, - size_t out_len); - -extern const uint8_t tls13_downgrade_12[8]; -extern const uint8_t tls13_downgrade_11[8]; -extern const uint8_t tls13_hello_retry_request_hash[32]; -extern const uint8_t tls13_cert_verify_pad[64]; -extern const uint8_t tls13_cert_client_verify_context[]; -extern const uint8_t tls13_cert_server_verify_context[]; - -__END_HIDDEN_DECLS - -#endif diff --git a/src/lib/libssl/tls13_key_schedule.c b/src/lib/libssl/tls13_key_schedule.c deleted file mode 100644 index 05bcf0f006..0000000000 --- a/src/lib/libssl/tls13_key_schedule.c +++ /dev/null @@ -1,458 +0,0 @@ -/* $OpenBSD: tls13_key_schedule.c,v 1.18 2022/11/26 16:08:56 tb Exp $ */ -/* - * Copyright (c) 2018, Bob Beck - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include - -#include - -#include "bytestring.h" -#include "ssl_local.h" -#include "tls13_internal.h" - -int -tls13_secret_init(struct tls13_secret *secret, size_t len) -{ - if (secret->data != NULL) - return 0; - - if ((secret->data = calloc(1, len)) == NULL) - return 0; - secret->len = len; - - return 1; -} - -void -tls13_secret_cleanup(struct tls13_secret *secret) -{ - freezero(secret->data, secret->len); - secret->data = NULL; - secret->len = 0; -} - -/* - * Allocate a set of secrets for a key schedule using - * a size of hash_length from RFC 8446 section 7.1. - */ -struct tls13_secrets * -tls13_secrets_create(const EVP_MD *digest, int resumption) -{ - struct tls13_secrets *secrets = NULL; - EVP_MD_CTX *mdctx = NULL; - unsigned int mdlen; - size_t hash_length; - - hash_length = EVP_MD_size(digest); - - if ((secrets = calloc(1, sizeof(struct tls13_secrets))) == NULL) - goto err; - - if (!tls13_secret_init(&secrets->zeros, hash_length)) - goto err; - if (!tls13_secret_init(&secrets->empty_hash, hash_length)) - goto err; - - if (!tls13_secret_init(&secrets->extracted_early, hash_length)) - goto err; - if (!tls13_secret_init(&secrets->binder_key, hash_length)) - goto err; - if (!tls13_secret_init(&secrets->client_early_traffic, hash_length)) - goto err; - if (!tls13_secret_init(&secrets->early_exporter_master, hash_length)) - goto err; - if (!tls13_secret_init(&secrets->derived_early, hash_length)) - goto err; - if (!tls13_secret_init(&secrets->extracted_handshake, hash_length)) - goto err; - if (!tls13_secret_init(&secrets->client_handshake_traffic, hash_length)) - goto err; - if (!tls13_secret_init(&secrets->server_handshake_traffic, hash_length)) - goto err; - if (!tls13_secret_init(&secrets->derived_handshake, hash_length)) - goto err; - if (!tls13_secret_init(&secrets->extracted_master, hash_length)) - goto err; - if (!tls13_secret_init(&secrets->client_application_traffic, hash_length)) - goto err; - if (!tls13_secret_init(&secrets->server_application_traffic, hash_length)) - goto err; - if (!tls13_secret_init(&secrets->exporter_master, hash_length)) - goto err; - if (!tls13_secret_init(&secrets->resumption_master, hash_length)) - goto err; - - /* - * Calculate the hash of a zero-length string - this is needed during - * the "derived" step for key extraction. - */ - if ((mdctx = EVP_MD_CTX_new()) == NULL) - goto err; - if (!EVP_DigestInit_ex(mdctx, digest, NULL)) - goto err; - if (!EVP_DigestUpdate(mdctx, secrets->zeros.data, 0)) - goto err; - if (!EVP_DigestFinal_ex(mdctx, secrets->empty_hash.data, &mdlen)) - goto err; - EVP_MD_CTX_free(mdctx); - mdctx = NULL; - - if (secrets->empty_hash.len != mdlen) - goto err; - - secrets->digest = digest; - secrets->resumption = resumption; - secrets->init_done = 1; - - return secrets; - - err: - tls13_secrets_destroy(secrets); - EVP_MD_CTX_free(mdctx); - - return NULL; -} - -void -tls13_secrets_destroy(struct tls13_secrets *secrets) -{ - if (secrets == NULL) - return; - - /* you can never be too sure :) */ - tls13_secret_cleanup(&secrets->zeros); - tls13_secret_cleanup(&secrets->empty_hash); - - tls13_secret_cleanup(&secrets->extracted_early); - tls13_secret_cleanup(&secrets->binder_key); - tls13_secret_cleanup(&secrets->client_early_traffic); - tls13_secret_cleanup(&secrets->early_exporter_master); - tls13_secret_cleanup(&secrets->derived_early); - tls13_secret_cleanup(&secrets->extracted_handshake); - tls13_secret_cleanup(&secrets->client_handshake_traffic); - tls13_secret_cleanup(&secrets->server_handshake_traffic); - tls13_secret_cleanup(&secrets->derived_handshake); - tls13_secret_cleanup(&secrets->extracted_master); - tls13_secret_cleanup(&secrets->client_application_traffic); - tls13_secret_cleanup(&secrets->server_application_traffic); - tls13_secret_cleanup(&secrets->exporter_master); - tls13_secret_cleanup(&secrets->resumption_master); - - freezero(secrets, sizeof(struct tls13_secrets)); -} - -int -tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest, - const struct tls13_secret *secret, const char *label, - const struct tls13_secret *context) -{ - return tls13_hkdf_expand_label_with_length(out, digest, secret, label, - strlen(label), context); -} - -int -tls13_hkdf_expand_label_with_length(struct tls13_secret *out, - const EVP_MD *digest, const struct tls13_secret *secret, - const uint8_t *label, size_t label_len, const struct tls13_secret *context) -{ - const char tls13_plabel[] = "tls13 "; - uint8_t *hkdf_label = NULL; - size_t hkdf_label_len; - CBB cbb, child; - int ret; - - if (!CBB_init(&cbb, 256)) - goto err; - - if (out->data == NULL || out->len == 0) - goto err; - - if (!CBB_add_u16(&cbb, out->len)) - goto err; - if (!CBB_add_u8_length_prefixed(&cbb, &child)) - goto err; - if (!CBB_add_bytes(&child, tls13_plabel, strlen(tls13_plabel))) - goto err; - if (!CBB_add_bytes(&child, label, label_len)) - goto err; - if (!CBB_add_u8_length_prefixed(&cbb, &child)) - goto err; - if (!CBB_add_bytes(&child, context->data, context->len)) - goto err; - if (!CBB_finish(&cbb, &hkdf_label, &hkdf_label_len)) - goto err; - - ret = HKDF_expand(out->data, out->len, digest, secret->data, - secret->len, hkdf_label, hkdf_label_len); - - free(hkdf_label); - return(ret); - err: - CBB_cleanup(&cbb); - return(0); -} - -int -tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest, - const struct tls13_secret *secret, const char *label, - const struct tls13_secret *context) -{ - return tls13_hkdf_expand_label(out, digest, secret, label, context); -} - -int -tls13_derive_secret_with_label_length(struct tls13_secret *out, - const EVP_MD *digest, const struct tls13_secret *secret, const uint8_t *label, - size_t label_len, const struct tls13_secret *context) -{ - return tls13_hkdf_expand_label_with_length(out, digest, secret, label, - label_len, context); -} - -int -tls13_derive_early_secrets(struct tls13_secrets *secrets, - uint8_t *psk, size_t psk_len, const struct tls13_secret *context) -{ - if (!secrets->init_done || secrets->early_done) - return 0; - - if (!HKDF_extract(secrets->extracted_early.data, - &secrets->extracted_early.len, secrets->digest, psk, psk_len, - secrets->zeros.data, secrets->zeros.len)) - return 0; - - if (secrets->extracted_early.len != secrets->zeros.len) - return 0; - - if (!tls13_derive_secret(&secrets->binder_key, secrets->digest, - &secrets->extracted_early, - secrets->resumption ? "res binder" : "ext binder", - &secrets->empty_hash)) - return 0; - if (!tls13_derive_secret(&secrets->client_early_traffic, - secrets->digest, &secrets->extracted_early, "c e traffic", - context)) - return 0; - if (!tls13_derive_secret(&secrets->early_exporter_master, - secrets->digest, &secrets->extracted_early, "e exp master", - context)) - return 0; - if (!tls13_derive_secret(&secrets->derived_early, - secrets->digest, &secrets->extracted_early, "derived", - &secrets->empty_hash)) - return 0; - - /* RFC 8446 recommends */ - if (!secrets->insecure) - explicit_bzero(secrets->extracted_early.data, - secrets->extracted_early.len); - secrets->early_done = 1; - return 1; -} - -int -tls13_derive_handshake_secrets(struct tls13_secrets *secrets, - const uint8_t *ecdhe, size_t ecdhe_len, - const struct tls13_secret *context) -{ - if (!secrets->init_done || !secrets->early_done || - secrets->handshake_done) - return 0; - - if (!HKDF_extract(secrets->extracted_handshake.data, - &secrets->extracted_handshake.len, secrets->digest, - ecdhe, ecdhe_len, secrets->derived_early.data, - secrets->derived_early.len)) - return 0; - - if (secrets->extracted_handshake.len != secrets->zeros.len) - return 0; - - /* XXX */ - if (!secrets->insecure) - explicit_bzero(secrets->derived_early.data, - secrets->derived_early.len); - - if (!tls13_derive_secret(&secrets->client_handshake_traffic, - secrets->digest, &secrets->extracted_handshake, "c hs traffic", - context)) - return 0; - if (!tls13_derive_secret(&secrets->server_handshake_traffic, - secrets->digest, &secrets->extracted_handshake, "s hs traffic", - context)) - return 0; - if (!tls13_derive_secret(&secrets->derived_handshake, - secrets->digest, &secrets->extracted_handshake, "derived", - &secrets->empty_hash)) - return 0; - - /* RFC 8446 recommends */ - if (!secrets->insecure) - explicit_bzero(secrets->extracted_handshake.data, - secrets->extracted_handshake.len); - - secrets->handshake_done = 1; - - return 1; -} - -int -tls13_derive_application_secrets(struct tls13_secrets *secrets, - const struct tls13_secret *context) -{ - if (!secrets->init_done || !secrets->early_done || - !secrets->handshake_done || secrets->schedule_done) - return 0; - - if (!HKDF_extract(secrets->extracted_master.data, - &secrets->extracted_master.len, secrets->digest, - secrets->zeros.data, secrets->zeros.len, - secrets->derived_handshake.data, secrets->derived_handshake.len)) - return 0; - - if (secrets->extracted_master.len != secrets->zeros.len) - return 0; - - /* XXX */ - if (!secrets->insecure) - explicit_bzero(secrets->derived_handshake.data, - secrets->derived_handshake.len); - - if (!tls13_derive_secret(&secrets->client_application_traffic, - secrets->digest, &secrets->extracted_master, "c ap traffic", - context)) - return 0; - if (!tls13_derive_secret(&secrets->server_application_traffic, - secrets->digest, &secrets->extracted_master, "s ap traffic", - context)) - return 0; - if (!tls13_derive_secret(&secrets->exporter_master, - secrets->digest, &secrets->extracted_master, "exp master", - context)) - return 0; - if (!tls13_derive_secret(&secrets->resumption_master, - secrets->digest, &secrets->extracted_master, "res master", - context)) - return 0; - - /* RFC 8446 recommends */ - if (!secrets->insecure) - explicit_bzero(secrets->extracted_master.data, - secrets->extracted_master.len); - - secrets->schedule_done = 1; - - return 1; -} - -int -tls13_update_client_traffic_secret(struct tls13_secrets *secrets) -{ - struct tls13_secret context = { .data = "", .len = 0 }; - - if (!secrets->init_done || !secrets->early_done || - !secrets->handshake_done || !secrets->schedule_done) - return 0; - - return tls13_hkdf_expand_label(&secrets->client_application_traffic, - secrets->digest, &secrets->client_application_traffic, - "traffic upd", &context); -} - -int -tls13_update_server_traffic_secret(struct tls13_secrets *secrets) -{ - struct tls13_secret context = { .data = "", .len = 0 }; - - if (!secrets->init_done || !secrets->early_done || - !secrets->handshake_done || !secrets->schedule_done) - return 0; - - return tls13_hkdf_expand_label(&secrets->server_application_traffic, - secrets->digest, &secrets->server_application_traffic, - "traffic upd", &context); -} - -int -tls13_exporter(struct tls13_ctx *ctx, const uint8_t *label, size_t label_len, - const uint8_t *context_value, size_t context_value_len, uint8_t *out, - size_t out_len) -{ - struct tls13_secret context, export_out, export_secret; - struct tls13_secrets *secrets = ctx->hs->tls13.secrets; - EVP_MD_CTX *md_ctx = NULL; - unsigned int md_out_len; - int md_len; - int ret = 0; - - /* - * RFC 8446 Section 7.5. - */ - - memset(&context, 0, sizeof(context)); - memset(&export_secret, 0, sizeof(export_secret)); - - export_out.data = out; - export_out.len = out_len; - - if (!ctx->handshake_completed) - return 0; - - md_len = EVP_MD_size(secrets->digest); - if (md_len <= 0 || md_len > EVP_MAX_MD_SIZE) - goto err; - - if (!tls13_secret_init(&export_secret, md_len)) - goto err; - if (!tls13_secret_init(&context, md_len)) - goto err; - - /* In TLSv1.3 no context is equivalent to an empty context. */ - if (context_value == NULL) { - context_value = ""; - context_value_len = 0; - } - - if ((md_ctx = EVP_MD_CTX_new()) == NULL) - goto err; - if (!EVP_DigestInit_ex(md_ctx, secrets->digest, NULL)) - goto err; - if (!EVP_DigestUpdate(md_ctx, context_value, context_value_len)) - goto err; - if (!EVP_DigestFinal_ex(md_ctx, context.data, &md_out_len)) - goto err; - if (md_len != md_out_len) - goto err; - - if (!tls13_derive_secret_with_label_length(&export_secret, - secrets->digest, &secrets->exporter_master, label, label_len, - &secrets->empty_hash)) - goto err; - - if (!tls13_hkdf_expand_label(&export_out, secrets->digest, - &export_secret, "exporter", &context)) - goto err; - - ret = 1; - - err: - EVP_MD_CTX_free(md_ctx); - tls13_secret_cleanup(&context); - tls13_secret_cleanup(&export_secret); - - return ret; -} diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c deleted file mode 100644 index 6c33eccc61..0000000000 --- a/src/lib/libssl/tls13_legacy.c +++ /dev/null @@ -1,563 +0,0 @@ -/* $OpenBSD: tls13_legacy.c,v 1.44 2024/01/30 14:50:50 jsing Exp $ */ -/* - * Copyright (c) 2018, 2019 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#include "ssl_local.h" -#include "tls13_internal.h" - -static ssize_t -tls13_legacy_wire_read(SSL *ssl, uint8_t *buf, size_t len) -{ - int n; - - if (ssl->rbio == NULL) { - SSLerror(ssl, SSL_R_BIO_NOT_SET); - return TLS13_IO_FAILURE; - } - - ssl->rwstate = SSL_READING; - errno = 0; - - if ((n = BIO_read(ssl->rbio, buf, len)) <= 0) { - if (BIO_should_read(ssl->rbio)) - return TLS13_IO_WANT_POLLIN; - if (n == 0) - return TLS13_IO_EOF; - - if (ERR_peek_error() == 0 && errno != 0) - SYSerror(errno); - - return TLS13_IO_FAILURE; - } - - if (n == len) - ssl->rwstate = SSL_NOTHING; - - return n; -} - -ssize_t -tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg) -{ - struct tls13_ctx *ctx = arg; - - return tls13_legacy_wire_read(ctx->ssl, buf, n); -} - -static ssize_t -tls13_legacy_wire_write(SSL *ssl, const uint8_t *buf, size_t len) -{ - int n; - - if (ssl->wbio == NULL) { - SSLerror(ssl, SSL_R_BIO_NOT_SET); - return TLS13_IO_FAILURE; - } - - ssl->rwstate = SSL_WRITING; - errno = 0; - - if ((n = BIO_write(ssl->wbio, buf, len)) <= 0) { - if (BIO_should_write(ssl->wbio)) - return TLS13_IO_WANT_POLLOUT; - - if (ERR_peek_error() == 0 && errno != 0) - SYSerror(errno); - - return TLS13_IO_FAILURE; - } - - if (n == len) - ssl->rwstate = SSL_NOTHING; - - return n; -} - -ssize_t -tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg) -{ - struct tls13_ctx *ctx = arg; - - return tls13_legacy_wire_write(ctx->ssl, buf, n); -} - -static ssize_t -tls13_legacy_wire_flush(SSL *ssl) -{ - if (BIO_flush(ssl->wbio) <= 0) { - if (BIO_should_write(ssl->wbio)) - return TLS13_IO_WANT_POLLOUT; - - if (ERR_peek_error() == 0 && errno != 0) - SYSerror(errno); - - return TLS13_IO_FAILURE; - } - - return TLS13_IO_SUCCESS; -} - -ssize_t -tls13_legacy_wire_flush_cb(void *arg) -{ - struct tls13_ctx *ctx = arg; - - return tls13_legacy_wire_flush(ctx->ssl); -} - -static void -tls13_legacy_error(SSL *ssl) -{ - struct tls13_ctx *ctx = ssl->tls13; - int reason = SSL_R_UNKNOWN; - - /* If we received a fatal alert we already put an error on the stack. */ - if (ssl->s3->fatal_alert != 0) - return; - - switch (ctx->error.code) { - case TLS13_ERR_VERIFY_FAILED: - reason = SSL_R_CERTIFICATE_VERIFY_FAILED; - break; - case TLS13_ERR_HRR_FAILED: - reason = SSL_R_NO_CIPHERS_AVAILABLE; - break; - case TLS13_ERR_TRAILING_DATA: - reason = SSL_R_EXTRA_DATA_IN_MESSAGE; - break; - case TLS13_ERR_NO_SHARED_CIPHER: - reason = SSL_R_NO_SHARED_CIPHER; - break; - case TLS13_ERR_NO_CERTIFICATE: - reason = SSL_R_MISSING_RSA_CERTIFICATE; /* XXX */ - break; - case TLS13_ERR_NO_PEER_CERTIFICATE: - reason = SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE; - break; - } - - /* Something (probably libcrypto) already pushed an error on the stack. */ - if (reason == SSL_R_UNKNOWN && ERR_peek_error() != 0) - return; - - ERR_put_error(ERR_LIB_SSL, (0xfff), reason, ctx->error.file, - ctx->error.line); -} - -static int -tls13_legacy_return_code(SSL *ssl, ssize_t ret) -{ - if (ret > INT_MAX) { - SSLerror(ssl, ERR_R_INTERNAL_ERROR); - return -1; - } - - /* A successful read, write or other operation. */ - if (ret > 0) - return ret; - - ssl->rwstate = SSL_NOTHING; - - switch (ret) { - case TLS13_IO_EOF: - return 0; - - case TLS13_IO_FAILURE: - tls13_legacy_error(ssl); - return -1; - - case TLS13_IO_ALERT: - tls13_legacy_error(ssl); - return -1; - - case TLS13_IO_WANT_POLLIN: - BIO_set_retry_read(ssl->rbio); - ssl->rwstate = SSL_READING; - return -1; - - case TLS13_IO_WANT_POLLOUT: - BIO_set_retry_write(ssl->wbio); - ssl->rwstate = SSL_WRITING; - return -1; - - case TLS13_IO_WANT_RETRY: - SSLerror(ssl, ERR_R_INTERNAL_ERROR); - return -1; - } - - SSLerror(ssl, ERR_R_INTERNAL_ERROR); - return -1; -} - -int -tls13_legacy_pending(const SSL *ssl) -{ - struct tls13_ctx *ctx = ssl->tls13; - ssize_t ret; - - if (ctx == NULL) - return 0; - - ret = tls13_pending_application_data(ctx->rl); - if (ret < 0 || ret > INT_MAX) - return 0; - - return ret; -} - -int -tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, int peek) -{ - struct tls13_ctx *ctx = ssl->tls13; - ssize_t ret; - - if (ctx == NULL || !ctx->handshake_completed) { - if ((ret = ssl->handshake_func(ssl)) <= 0) - return ret; - if (len == 0) - return 0; - return tls13_legacy_return_code(ssl, TLS13_IO_WANT_POLLIN); - } - - tls13_record_layer_set_retry_after_phh(ctx->rl, - (ctx->ssl->mode & SSL_MODE_AUTO_RETRY) != 0); - - if (type != SSL3_RT_APPLICATION_DATA) { - SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; - } - if (len < 0) { - SSLerror(ssl, SSL_R_BAD_LENGTH); - return -1; - } - - if (peek) - ret = tls13_peek_application_data(ctx->rl, buf, len); - else - ret = tls13_read_application_data(ctx->rl, buf, len); - - return tls13_legacy_return_code(ssl, ret); -} - -int -tls13_legacy_write_bytes(SSL *ssl, int type, const void *vbuf, int len) -{ - struct tls13_ctx *ctx = ssl->tls13; - const uint8_t *buf = vbuf; - size_t n, sent; - ssize_t ret; - - if (ctx == NULL || !ctx->handshake_completed) { - if ((ret = ssl->handshake_func(ssl)) <= 0) - return ret; - if (len == 0) - return 0; - return tls13_legacy_return_code(ssl, TLS13_IO_WANT_POLLOUT); - } - - if (type != SSL3_RT_APPLICATION_DATA) { - SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; - } - if (len < 0) { - SSLerror(ssl, SSL_R_BAD_LENGTH); - return -1; - } - - /* - * The TLSv1.3 record layer write behaviour is the same as - * SSL_MODE_ENABLE_PARTIAL_WRITE. - */ - if (ssl->mode & SSL_MODE_ENABLE_PARTIAL_WRITE) { - ret = tls13_write_application_data(ctx->rl, buf, len); - return tls13_legacy_return_code(ssl, ret); - } - - /* - * In the non-SSL_MODE_ENABLE_PARTIAL_WRITE case we have to loop until - * we have written out all of the requested data. - */ - sent = ssl->s3->wnum; - if (len < sent) { - SSLerror(ssl, SSL_R_BAD_LENGTH); - return -1; - } - n = len - sent; - for (;;) { - if (n == 0) { - ssl->s3->wnum = 0; - return sent; - } - if ((ret = tls13_write_application_data(ctx->rl, - &buf[sent], n)) <= 0) { - ssl->s3->wnum = sent; - return tls13_legacy_return_code(ssl, ret); - } - sent += ret; - n -= ret; - } -} - -static int -tls13_use_legacy_stack(struct tls13_ctx *ctx) -{ - SSL *s = ctx->ssl; - CBB cbb, fragment; - CBS cbs; - - memset(&cbb, 0, sizeof(cbb)); - - if (!ssl3_setup_init_buffer(s)) - goto err; - if (!ssl3_setup_buffers(s)) - goto err; - if (!ssl_init_wbio_buffer(s, 1)) - goto err; - - /* Stash any unprocessed data from the last record. */ - tls13_record_layer_rcontent(ctx->rl, &cbs); - if (CBS_len(&cbs) > 0) { - if (!CBB_init_fixed(&cbb, s->s3->rbuf.buf, - s->s3->rbuf.len)) - goto err; - if (!CBB_add_u8(&cbb, SSL3_RT_HANDSHAKE)) - goto err; - if (!CBB_add_u16(&cbb, TLS1_2_VERSION)) - goto err; - if (!CBB_add_u16_length_prefixed(&cbb, &fragment)) - goto err; - if (!CBB_add_bytes(&fragment, CBS_data(&cbs), CBS_len(&cbs))) - goto err; - if (!CBB_finish(&cbb, NULL, NULL)) - goto err; - - s->s3->rbuf.offset = SSL3_RT_HEADER_LENGTH; - s->s3->rbuf.left = CBS_len(&cbs); - s->s3->rrec.type = SSL3_RT_HANDSHAKE; - s->s3->rrec.length = CBS_len(&cbs); - s->rstate = SSL_ST_READ_BODY; - s->packet = s->s3->rbuf.buf; - s->packet_length = SSL3_RT_HEADER_LENGTH; - s->mac_packet = 1; - } - - /* Stash the current handshake message. */ - tls13_handshake_msg_data(ctx->hs_msg, &cbs); - if (!BUF_MEM_grow_clean(s->init_buf, CBS_len(&cbs))) - goto err; - if (!CBS_write_bytes(&cbs, s->init_buf->data, - s->init_buf->length, NULL)) - goto err; - - s->s3->hs.tls12.reuse_message = 1; - s->s3->hs.tls12.message_type = tls13_handshake_msg_type(ctx->hs_msg); - s->s3->hs.tls12.message_size = CBS_len(&cbs) - SSL3_HM_HEADER_LENGTH; - - /* - * Only switch the method after initialization is complete - * as we start part way into the legacy state machine. - */ - s->method = tls_legacy_method(); - - return 1; - - err: - CBB_cleanup(&cbb); - - return 0; -} - -int -tls13_use_legacy_client(struct tls13_ctx *ctx) -{ - SSL *s = ctx->ssl; - - if (!tls13_use_legacy_stack(ctx)) - return 0; - - s->handshake_func = s->method->ssl_connect; - s->version = s->method->max_tls_version; - - return 1; -} - -int -tls13_use_legacy_server(struct tls13_ctx *ctx) -{ - SSL *s = ctx->ssl; - - if (!tls13_use_legacy_stack(ctx)) - return 0; - - s->handshake_func = s->method->ssl_accept; - s->version = s->method->max_tls_version; - s->server = 1; - - return 1; -} - -int -tls13_legacy_accept(SSL *ssl) -{ - struct tls13_ctx *ctx = ssl->tls13; - int ret; - - if (ctx == NULL) { - if ((ctx = tls13_ctx_new(TLS13_HS_SERVER, ssl)) == NULL) { - SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */ - return -1; - } - if (!tls13_server_init(ctx)) { - if (ERR_peek_error() == 0) - SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */ - return -1; - } - } - - ERR_clear_error(); - - ret = tls13_server_accept(ctx); - if (ret == TLS13_IO_USE_LEGACY) - return ssl->method->ssl_accept(ssl); - - ret = tls13_legacy_return_code(ssl, ret); - - if (ctx->info_cb != NULL) - ctx->info_cb(ctx, TLS13_INFO_ACCEPT_EXIT, ret); - - return ret; -} - -int -tls13_legacy_connect(SSL *ssl) -{ - struct tls13_ctx *ctx = ssl->tls13; - int ret; - - if (ctx == NULL) { - if ((ctx = tls13_ctx_new(TLS13_HS_CLIENT, ssl)) == NULL) { - SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */ - return -1; - } - if (!tls13_client_init(ctx)) { - if (ERR_peek_error() == 0) - SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */ - return -1; - } - } - - ERR_clear_error(); - - ret = tls13_client_connect(ctx); - if (ret == TLS13_IO_USE_LEGACY) - return ssl->method->ssl_connect(ssl); - - ret = tls13_legacy_return_code(ssl, ret); - - if (ctx->info_cb != NULL) - ctx->info_cb(ctx, TLS13_INFO_CONNECT_EXIT, ret); - - return ret; -} - -int -tls13_legacy_shutdown(SSL *ssl) -{ - struct tls13_ctx *ctx = ssl->tls13; - uint8_t buf[512]; /* XXX */ - ssize_t ret; - - /* - * We need to return 0 at the point that we have completed sending a - * close-notify. We return 1 when we have sent and received close-notify - * alerts. All other cases, including EOF, return -1 and set internal - * state appropriately. Note that all of this insanity can also be - * externally controlled by manipulating the shutdown flags. - */ - if (ctx == NULL || ssl->quiet_shutdown) { - ssl->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN; - return 1; - } - - if ((ssl->shutdown & SSL_SENT_SHUTDOWN) == 0) { - ssl->shutdown |= SSL_SENT_SHUTDOWN; - ret = tls13_send_alert(ctx->rl, TLS13_ALERT_CLOSE_NOTIFY); - if (ret == TLS13_IO_EOF) - return -1; - if (ret != TLS13_IO_SUCCESS) - return tls13_legacy_return_code(ssl, ret); - goto done; - } - - ret = tls13_record_layer_send_pending(ctx->rl); - if (ret == TLS13_IO_EOF) - return -1; - if (ret != TLS13_IO_SUCCESS) - return tls13_legacy_return_code(ssl, ret); - - if ((ssl->shutdown & SSL_RECEIVED_SHUTDOWN) == 0) { - /* - * If there is no application data pending, attempt to read more - * data in order to receive a close-notify. This should trigger - * a record to be read from the wire, which may be application - * handshake or alert data. Only one attempt is made with no - * error handling, in order to match previous semantics. - */ - if (tls13_pending_application_data(ctx->rl) == 0) { - (void)tls13_read_application_data(ctx->rl, buf, sizeof(buf)); - if (!ctx->close_notify_recv) - return -1; - } - } - - done: - if (ssl->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) - return 1; - - return 0; -} - -int -tls13_legacy_servername_process(struct tls13_ctx *ctx, uint8_t *alert) -{ - int legacy_alert = SSL_AD_UNRECOGNIZED_NAME; - int ret = SSL_TLSEXT_ERR_NOACK; - SSL_CTX *ssl_ctx = ctx->ssl->ctx; - SSL *s = ctx->ssl; - - if (ssl_ctx->tlsext_servername_callback == NULL) - ssl_ctx = s->initial_ctx; - if (ssl_ctx->tlsext_servername_callback == NULL) - return 1; - - ret = ssl_ctx->tlsext_servername_callback(s, &legacy_alert, - ssl_ctx->tlsext_servername_arg); - - /* - * Ignore SSL_TLSEXT_ERR_ALERT_WARNING returns to match OpenSSL's - * behavior: the only warning alerts in TLSv1.3 are close_notify and - * user_canceled, neither of which should be returned by the callback. - */ - if (ret == SSL_TLSEXT_ERR_ALERT_FATAL) { - if (legacy_alert >= 0 && legacy_alert <= 255) - *alert = legacy_alert; - return 0; - } - - return 1; -} diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c deleted file mode 100644 index 331a3ad1a7..0000000000 --- a/src/lib/libssl/tls13_lib.c +++ /dev/null @@ -1,737 +0,0 @@ -/* $OpenBSD: tls13_lib.c,v 1.77 2024/01/27 14:23:51 jsing Exp $ */ -/* - * Copyright (c) 2018, 2019 Joel Sing - * Copyright (c) 2019 Bob Beck - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#include - -#include "ssl_local.h" -#include "ssl_tlsext.h" -#include "tls13_internal.h" - -/* - * RFC 8446, section 4.6.1. Servers must not indicate a lifetime longer than - * 7 days and clients must not cache tickets for longer than 7 days. - */ - -#define TLS13_MAX_TICKET_LIFETIME (7 * 24 * 3600) - -/* - * Downgrade sentinels - RFC 8446 section 4.1.3, magic values which must be set - * by the server in server random if it is willing to downgrade but supports - * TLSv1.3 - */ -const uint8_t tls13_downgrade_12[8] = { - 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01, -}; -const uint8_t tls13_downgrade_11[8] = { - 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00, -}; - -/* - * HelloRetryRequest hash - RFC 8446 section 4.1.3. - */ -const uint8_t tls13_hello_retry_request_hash[32] = { - 0xcf, 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, - 0xbe, 0x1d, 0x8c, 0x02, 0x1e, 0x65, 0xb8, 0x91, - 0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb, 0x8c, 0x5e, - 0x07, 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c, -}; - -/* - * Certificate Verify padding - RFC 8446 section 4.4.3. - */ -const uint8_t tls13_cert_verify_pad[64] = { - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, -}; - -const uint8_t tls13_cert_client_verify_context[] = - "TLS 1.3, client CertificateVerify"; -const uint8_t tls13_cert_server_verify_context[] = - "TLS 1.3, server CertificateVerify"; - -const EVP_AEAD * -tls13_cipher_aead(const SSL_CIPHER *cipher) -{ - if (cipher == NULL) - return NULL; - if (cipher->algorithm_ssl != SSL_TLSV1_3) - return NULL; - - switch (cipher->algorithm_enc) { - case SSL_AES128GCM: - return EVP_aead_aes_128_gcm(); - case SSL_AES256GCM: - return EVP_aead_aes_256_gcm(); - case SSL_CHACHA20POLY1305: - return EVP_aead_chacha20_poly1305(); - } - - return NULL; -} - -const EVP_MD * -tls13_cipher_hash(const SSL_CIPHER *cipher) -{ - if (cipher == NULL) - return NULL; - if (cipher->algorithm_ssl != SSL_TLSV1_3) - return NULL; - - switch (cipher->algorithm2) { - case SSL_HANDSHAKE_MAC_SHA256: - return EVP_sha256(); - case SSL_HANDSHAKE_MAC_SHA384: - return EVP_sha384(); - } - - return NULL; -} - -static void -tls13_legacy_alert_cb(int sent, uint8_t alert_level, uint8_t alert_desc, - void *arg) -{ - uint8_t alert[] = {alert_level, alert_desc}; - struct tls13_ctx *ctx = arg; - SSL *s = ctx->ssl; - CBS cbs; - - if (s->msg_callback == NULL) - return; - - CBS_init(&cbs, alert, sizeof(alert)); - ssl_msg_callback_cbs(s, sent, SSL3_RT_ALERT, &cbs); -} - -static void -tls13_legacy_alert_recv_cb(uint8_t alert_level, uint8_t alert_desc, void *arg) -{ - tls13_legacy_alert_cb(0, alert_level, alert_desc, arg); -} - -static void -tls13_legacy_alert_sent_cb(uint8_t alert_level, uint8_t alert_desc, void *arg) -{ - tls13_legacy_alert_cb(1, alert_level, alert_desc, arg); -} - -void -tls13_alert_received_cb(uint8_t alert_level, uint8_t alert_desc, void *arg) -{ - struct tls13_ctx *ctx = arg; - - if (ctx->alert_recv_cb != NULL) - ctx->alert_recv_cb(alert_level, alert_desc, arg); - - if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) { - ctx->close_notify_recv = 1; - ctx->ssl->shutdown |= SSL_RECEIVED_SHUTDOWN; - ctx->ssl->s3->warn_alert = alert_desc; - return; - } - - if (alert_desc == TLS13_ALERT_USER_CANCELED) { - /* - * We treat this as advisory, since a close_notify alert - * SHOULD follow this alert (RFC 8446 section 6.1). - */ - return; - } - - /* All other alerts are treated as fatal in TLSv1.3. */ - ctx->ssl->s3->fatal_alert = alert_desc; - - SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc); - ERR_asprintf_error_data("SSL alert number %d", alert_desc); - - SSL_CTX_remove_session(ctx->ssl->ctx, ctx->ssl->session); -} - -void -tls13_alert_sent_cb(uint8_t alert_level, uint8_t alert_desc, void *arg) -{ - struct tls13_ctx *ctx = arg; - - if (ctx->alert_sent_cb != NULL) - ctx->alert_sent_cb(alert_level, alert_desc, arg); - - if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) { - ctx->close_notify_sent = 1; - return; - } - - if (alert_desc == TLS13_ALERT_USER_CANCELED) { - return; - } - - /* All other alerts are treated as fatal in TLSv1.3. */ - if (ctx->error.code == 0) - SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc); -} - -static void -tls13_legacy_handshake_message_recv_cb(void *arg) -{ - struct tls13_ctx *ctx = arg; - SSL *s = ctx->ssl; - CBS cbs; - - if (s->msg_callback == NULL) - return; - - tls13_handshake_msg_data(ctx->hs_msg, &cbs); - ssl_msg_callback_cbs(s, 0, SSL3_RT_HANDSHAKE, &cbs); -} - -static void -tls13_legacy_handshake_message_sent_cb(void *arg) -{ - struct tls13_ctx *ctx = arg; - SSL *s = ctx->ssl; - CBS cbs; - - if (s->msg_callback == NULL) - return; - - tls13_handshake_msg_data(ctx->hs_msg, &cbs); - ssl_msg_callback_cbs(s, 1, SSL3_RT_HANDSHAKE, &cbs); -} - -static void -tls13_legacy_info_cb(void *arg, int state, int ret) -{ - struct tls13_ctx *ctx = arg; - SSL *s = ctx->ssl; - - ssl_info_callback(s, state, ret); -} - -static int -tls13_legacy_ocsp_status_recv_cb(void *arg) -{ - struct tls13_ctx *ctx = arg; - SSL *s = ctx->ssl; - int ret; - - if (s->ctx->tlsext_status_cb == NULL) - return 1; - - ret = s->ctx->tlsext_status_cb(s, - s->ctx->tlsext_status_arg); - if (ret < 0) { - ctx->alert = TLS13_ALERT_INTERNAL_ERROR; - SSLerror(s, ERR_R_MALLOC_FAILURE); - return 0; - } - if (ret == 0) { - ctx->alert = TLS13_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE; - SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE); - return 0; - } - - return 1; -} - -static int -tls13_phh_update_read_traffic_secret(struct tls13_ctx *ctx) -{ - struct tls13_secrets *secrets = ctx->hs->tls13.secrets; - struct tls13_secret *secret; - - if (ctx->mode == TLS13_HS_CLIENT) { - secret = &secrets->server_application_traffic; - if (!tls13_update_server_traffic_secret(secrets)) - return 0; - } else { - secret = &secrets->client_application_traffic; - if (!tls13_update_client_traffic_secret(secrets)) - return 0; - } - - return tls13_record_layer_set_read_traffic_key(ctx->rl, - secret, ssl_encryption_application); -} - -static int -tls13_phh_update_write_traffic_secret(struct tls13_ctx *ctx) -{ - struct tls13_secrets *secrets = ctx->hs->tls13.secrets; - struct tls13_secret *secret; - - if (ctx->mode == TLS13_HS_CLIENT) { - secret = &secrets->client_application_traffic; - if (!tls13_update_client_traffic_secret(secrets)) - return 0; - } else { - secret = &secrets->server_application_traffic; - if (!tls13_update_server_traffic_secret(secrets)) - return 0; - } - - return tls13_record_layer_set_write_traffic_key(ctx->rl, - secret, ssl_encryption_application); -} - -/* - * XXX arbitrarily chosen limit of 100 post handshake handshake - * messages in an hour - to avoid a hostile peer from constantly - * requesting certificates or key renegotiaitons, etc. - */ -static int -tls13_phh_limit_check(struct tls13_ctx *ctx) -{ - time_t now = time(NULL); - - if (ctx->phh_last_seen > now - TLS13_PHH_LIMIT_TIME) { - if (ctx->phh_count > TLS13_PHH_LIMIT) - return 0; - } else - ctx->phh_count = 0; - ctx->phh_count++; - ctx->phh_last_seen = now; - return 1; -} - -static ssize_t -tls13_key_update_recv(struct tls13_ctx *ctx, CBS *cbs) -{ - struct tls13_handshake_msg *hs_msg = NULL; - CBB cbb_hs; - CBS cbs_hs; - uint8_t alert = TLS13_ALERT_INTERNAL_ERROR; - uint8_t key_update_request; - ssize_t ret; - - if (!CBS_get_u8(cbs, &key_update_request)) { - alert = TLS13_ALERT_DECODE_ERROR; - goto err; - } - if (CBS_len(cbs) != 0) { - alert = TLS13_ALERT_DECODE_ERROR; - goto err; - } - if (key_update_request > 1) { - alert = TLS13_ALERT_ILLEGAL_PARAMETER; - goto err; - } - - if (!tls13_phh_update_read_traffic_secret(ctx)) - goto err; - - if (key_update_request == 0) - return TLS13_IO_SUCCESS; - - /* Our peer requested that we update our write traffic keys. */ - if ((hs_msg = tls13_handshake_msg_new()) == NULL) - goto err; - if (!tls13_handshake_msg_start(hs_msg, &cbb_hs, TLS13_MT_KEY_UPDATE)) - goto err; - if (!CBB_add_u8(&cbb_hs, 0)) - goto err; - if (!tls13_handshake_msg_finish(hs_msg)) - goto err; - - ctx->key_update_request = 1; - tls13_handshake_msg_data(hs_msg, &cbs_hs); - ret = tls13_record_layer_phh(ctx->rl, &cbs_hs); - - tls13_handshake_msg_free(hs_msg); - hs_msg = NULL; - - return ret; - - err: - tls13_handshake_msg_free(hs_msg); - - return tls13_send_alert(ctx->rl, alert); -} - -/* RFC 8446 section 4.6.1 */ -static ssize_t -tls13_new_session_ticket_recv(struct tls13_ctx *ctx, CBS *cbs) -{ - struct tls13_secrets *secrets = ctx->hs->tls13.secrets; - struct tls13_secret nonce; - uint32_t ticket_lifetime, ticket_age_add; - CBS ticket_nonce, ticket; - SSL_SESSION *sess = NULL; - int alert, session_id_length; - ssize_t ret = 0; - - memset(&nonce, 0, sizeof(nonce)); - - if (ctx->mode != TLS13_HS_CLIENT) { - alert = TLS13_ALERT_UNEXPECTED_MESSAGE; - goto err; - } - - alert = TLS13_ALERT_DECODE_ERROR; - - if (!CBS_get_u32(cbs, &ticket_lifetime)) - goto err; - if (!CBS_get_u32(cbs, &ticket_age_add)) - goto err; - if (!CBS_get_u8_length_prefixed(cbs, &ticket_nonce)) - goto err; - if (!CBS_get_u16_length_prefixed(cbs, &ticket)) - goto err; - /* Extensions can only contain early_data, which we currently ignore. */ - if (!tlsext_client_parse(ctx->ssl, SSL_TLSEXT_MSG_NST, cbs, &alert)) - goto err; - - if (CBS_len(cbs) != 0) - goto err; - - /* Zero indicates that the ticket should be discarded immediately. */ - if (ticket_lifetime == 0) { - ret = TLS13_IO_SUCCESS; - goto done; - } - - /* Servers MUST NOT use any value larger than 7 days. */ - if (ticket_lifetime > TLS13_MAX_TICKET_LIFETIME) { - alert = TLS13_ALERT_ILLEGAL_PARAMETER; - goto err; - } - - alert = TLS13_ALERT_INTERNAL_ERROR; - - /* - * Create new session instead of modifying the current session. - * The current session could already be in the session cache. - */ - if ((sess = ssl_session_dup(ctx->ssl->session, 0)) == NULL) - goto err; - - sess->time = time(NULL); - - sess->tlsext_tick_lifetime_hint = ticket_lifetime; - sess->tlsext_tick_age_add = ticket_age_add; - - if (!CBS_stow(&ticket, &sess->tlsext_tick, &sess->tlsext_ticklen)) - goto err; - - /* XXX - ensure this doesn't overflow session_id if hash is changed. */ - if (!EVP_Digest(CBS_data(&ticket), CBS_len(&ticket), - sess->session_id, &session_id_length, EVP_sha256(), NULL)) - goto err; - sess->session_id_length = session_id_length; - - if (!CBS_stow(&ticket_nonce, &nonce.data, &nonce.len)) - goto err; - - if (!tls13_secret_init(&sess->resumption_master_secret, 256)) - goto err; - - if (!tls13_derive_secret(&sess->resumption_master_secret, - secrets->digest, &secrets->resumption_master, "resumption", - &nonce)) - goto err; - - SSL_SESSION_free(ctx->ssl->session); - ctx->ssl->session = sess; - sess = NULL; - - ssl_update_cache(ctx->ssl, SSL_SESS_CACHE_CLIENT); - - ret = TLS13_IO_SUCCESS; - goto done; - - err: - ret = tls13_send_alert(ctx->rl, alert); - - done: - tls13_secret_cleanup(&nonce); - SSL_SESSION_free(sess); - - return ret; -} - -ssize_t -tls13_phh_received_cb(void *cb_arg) -{ - ssize_t ret = TLS13_IO_FAILURE; - struct tls13_ctx *ctx = cb_arg; - CBS cbs; - - if (!tls13_phh_limit_check(ctx)) - return tls13_send_alert(ctx->rl, TLS13_ALERT_UNEXPECTED_MESSAGE); - - if ((ctx->hs_msg == NULL) && - ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL)) - return TLS13_IO_FAILURE; - - if ((ret = tls13_handshake_msg_recv(ctx->hs_msg, ctx->rl)) != - TLS13_IO_SUCCESS) - return ret; - - if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs)) - return TLS13_IO_FAILURE; - - switch(tls13_handshake_msg_type(ctx->hs_msg)) { - case TLS13_MT_KEY_UPDATE: - ret = tls13_key_update_recv(ctx, &cbs); - break; - case TLS13_MT_NEW_SESSION_TICKET: - ret = tls13_new_session_ticket_recv(ctx, &cbs); - break; - case TLS13_MT_CERTIFICATE_REQUEST: - /* XXX add support if we choose to advertise this */ - /* FALLTHROUGH */ - default: - ret = TLS13_IO_FAILURE; /* XXX send alert */ - break; - } - - tls13_handshake_msg_free(ctx->hs_msg); - ctx->hs_msg = NULL; - return ret; -} - -void -tls13_phh_done_cb(void *cb_arg) -{ - struct tls13_ctx *ctx = cb_arg; - - if (ctx->key_update_request) { - tls13_phh_update_write_traffic_secret(ctx); - ctx->key_update_request = 0; - } -} - -static const struct tls13_record_layer_callbacks tls13_rl_callbacks = { - .wire_read = tls13_legacy_wire_read_cb, - .wire_write = tls13_legacy_wire_write_cb, - .wire_flush = tls13_legacy_wire_flush_cb, - - .alert_recv = tls13_alert_received_cb, - .alert_sent = tls13_alert_sent_cb, - .phh_recv = tls13_phh_received_cb, - .phh_sent = tls13_phh_done_cb, -}; - -struct tls13_ctx * -tls13_ctx_new(int mode, SSL *ssl) -{ - struct tls13_ctx *ctx = NULL; - - if ((ctx = calloc(sizeof(struct tls13_ctx), 1)) == NULL) - goto err; - - ctx->hs = &ssl->s3->hs; - ctx->mode = mode; - ctx->ssl = ssl; - - if ((ctx->rl = tls13_record_layer_new(&tls13_rl_callbacks, ctx)) == NULL) - goto err; - - ctx->alert_sent_cb = tls13_legacy_alert_sent_cb; - ctx->alert_recv_cb = tls13_legacy_alert_recv_cb; - ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb; - ctx->handshake_message_recv_cb = tls13_legacy_handshake_message_recv_cb; - ctx->info_cb = tls13_legacy_info_cb; - ctx->ocsp_status_recv_cb = tls13_legacy_ocsp_status_recv_cb; - - ctx->middlebox_compat = 1; - - ssl->tls13 = ctx; - - if (SSL_is_quic(ssl)) { - if (!tls13_quic_init(ctx)) - goto err; - } - - return ctx; - - err: - tls13_ctx_free(ctx); - - return NULL; -} - -void -tls13_ctx_free(struct tls13_ctx *ctx) -{ - if (ctx == NULL) - return; - - tls13_error_clear(&ctx->error); - tls13_record_layer_free(ctx->rl); - tls13_handshake_msg_free(ctx->hs_msg); - - freezero(ctx, sizeof(struct tls13_ctx)); -} - -int -tls13_cert_add(struct tls13_ctx *ctx, CBB *cbb, X509 *cert, - int (*build_extensions)(SSL *s, uint16_t msg_type, CBB *cbb)) -{ - CBB cert_data, cert_exts; - uint8_t *data; - int cert_len; - - if ((cert_len = i2d_X509(cert, NULL)) < 0) - return 0; - - if (!CBB_add_u24_length_prefixed(cbb, &cert_data)) - return 0; - if (!CBB_add_space(&cert_data, &data, cert_len)) - return 0; - if (i2d_X509(cert, &data) != cert_len) - return 0; - if (build_extensions != NULL) { - if (!build_extensions(ctx->ssl, SSL_TLSEXT_MSG_CT, cbb)) - return 0; - } else { - if (!CBB_add_u16_length_prefixed(cbb, &cert_exts)) - return 0; - } - if (!CBB_flush(cbb)) - return 0; - - return 1; -} - -int -tls13_synthetic_handshake_message(struct tls13_ctx *ctx) -{ - struct tls13_handshake_msg *hm = NULL; - unsigned char buf[EVP_MAX_MD_SIZE]; - size_t hash_len; - CBB cbb; - CBS cbs; - SSL *s = ctx->ssl; - int ret = 0; - - /* - * Replace ClientHello with synthetic handshake message - see - * RFC 8446 section 4.4.1. - */ - if (!tls1_transcript_hash_init(s)) - goto err; - if (!tls1_transcript_hash_value(s, buf, sizeof(buf), &hash_len)) - goto err; - - if ((hm = tls13_handshake_msg_new()) == NULL) - goto err; - if (!tls13_handshake_msg_start(hm, &cbb, TLS13_MT_MESSAGE_HASH)) - goto err; - if (!CBB_add_bytes(&cbb, buf, hash_len)) - goto err; - if (!tls13_handshake_msg_finish(hm)) - goto err; - - tls13_handshake_msg_data(hm, &cbs); - - tls1_transcript_reset(ctx->ssl); - if (!tls1_transcript_record(ctx->ssl, CBS_data(&cbs), CBS_len(&cbs))) - goto err; - - ret = 1; - - err: - tls13_handshake_msg_free(hm); - - return ret; -} - -int -tls13_clienthello_hash_init(struct tls13_ctx *ctx) -{ - if (ctx->hs->tls13.clienthello_md_ctx != NULL) - return 0; - if ((ctx->hs->tls13.clienthello_md_ctx = EVP_MD_CTX_new()) == NULL) - return 0; - if (!EVP_DigestInit_ex(ctx->hs->tls13.clienthello_md_ctx, - EVP_sha256(), NULL)) - return 0; - - if ((ctx->hs->tls13.clienthello_hash == NULL) && - (ctx->hs->tls13.clienthello_hash = calloc(1, EVP_MAX_MD_SIZE)) == - NULL) - return 0; - - return 1; -} - -void -tls13_clienthello_hash_clear(struct ssl_handshake_tls13_st *hs) /* XXX */ -{ - EVP_MD_CTX_free(hs->clienthello_md_ctx); - hs->clienthello_md_ctx = NULL; - freezero(hs->clienthello_hash, EVP_MAX_MD_SIZE); - hs->clienthello_hash = NULL; -} - -int -tls13_clienthello_hash_update_bytes(struct tls13_ctx *ctx, void *data, - size_t len) -{ - return EVP_DigestUpdate(ctx->hs->tls13.clienthello_md_ctx, data, len); -} - -int -tls13_clienthello_hash_update(struct tls13_ctx *ctx, CBS *cbs) -{ - return tls13_clienthello_hash_update_bytes(ctx, (void *)CBS_data(cbs), - CBS_len(cbs)); -} - -int -tls13_clienthello_hash_finalize(struct tls13_ctx *ctx) -{ - if (!EVP_DigestFinal_ex(ctx->hs->tls13.clienthello_md_ctx, - ctx->hs->tls13.clienthello_hash, - &ctx->hs->tls13.clienthello_hash_len)) - return 0; - EVP_MD_CTX_free(ctx->hs->tls13.clienthello_md_ctx); - ctx->hs->tls13.clienthello_md_ctx = NULL; - return 1; -} - -int -tls13_clienthello_hash_validate(struct tls13_ctx *ctx) -{ - unsigned char new_ch_hash[EVP_MAX_MD_SIZE]; - unsigned int new_ch_hash_len; - - if (ctx->hs->tls13.clienthello_hash == NULL) - return 0; - - if (!EVP_DigestFinal_ex(ctx->hs->tls13.clienthello_md_ctx, - new_ch_hash, &new_ch_hash_len)) - return 0; - EVP_MD_CTX_free(ctx->hs->tls13.clienthello_md_ctx); - ctx->hs->tls13.clienthello_md_ctx = NULL; - - if (ctx->hs->tls13.clienthello_hash_len != new_ch_hash_len) - return 0; - if (memcmp(ctx->hs->tls13.clienthello_hash, new_ch_hash, - new_ch_hash_len) != 0) - return 0; - - return 1; -} diff --git a/src/lib/libssl/tls13_quic.c b/src/lib/libssl/tls13_quic.c deleted file mode 100644 index 656af6fe6b..0000000000 --- a/src/lib/libssl/tls13_quic.c +++ /dev/null @@ -1,191 +0,0 @@ -/* $OpenBSD: tls13_quic.c,v 1.8 2024/09/09 03:55:55 tb Exp $ */ -/* - * Copyright (c) 2022 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "ssl_local.h" -#include "tls13_internal.h" - -static ssize_t -tls13_quic_wire_read_cb(void *buf, size_t n, void *arg) -{ - struct tls13_ctx *ctx = arg; - SSL *ssl = ctx->ssl; - - SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR); - return TLS13_IO_FAILURE; -} - -static ssize_t -tls13_quic_wire_write_cb(const void *buf, size_t n, void *arg) -{ - struct tls13_ctx *ctx = arg; - SSL *ssl = ctx->ssl; - - SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR); - return TLS13_IO_FAILURE; -} - -static ssize_t -tls13_quic_wire_flush_cb(void *arg) -{ - struct tls13_ctx *ctx = arg; - SSL *ssl = ctx->ssl; - - if (!ssl->quic_method->flush_flight(ssl)) { - SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR); - return TLS13_IO_FAILURE; - } - - return TLS13_IO_SUCCESS; -} - -static ssize_t -tls13_quic_handshake_read_cb(void *buf, size_t n, void *arg) -{ - struct tls13_ctx *ctx = arg; - - if (ctx->hs->tls13.quic_read_buffer == NULL) - return TLS13_IO_WANT_POLLIN; - - return tls_buffer_read(ctx->hs->tls13.quic_read_buffer, buf, n); -} - -static ssize_t -tls13_quic_handshake_write_cb(const void *buf, size_t n, void *arg) -{ - struct tls13_ctx *ctx = arg; - SSL *ssl = ctx->ssl; - - if (!ssl->quic_method->add_handshake_data(ssl, - ctx->hs->tls13.quic_write_level, buf, n)) { - SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR); - return TLS13_IO_FAILURE; - } - - return n; -} - -static int -tls13_quic_set_read_traffic_key(struct tls13_secret *read_key, - enum ssl_encryption_level_t read_level, void *arg) -{ - struct tls13_ctx *ctx = arg; - SSL *ssl = ctx->ssl; - - ctx->hs->tls13.quic_read_level = read_level; - - /* Handle both the new (BoringSSL) and old (quictls) APIs. */ - - if (ssl->quic_method->set_read_secret != NULL) - return ssl->quic_method->set_read_secret(ssl, - ctx->hs->tls13.quic_read_level, ctx->hs->cipher, - read_key->data, read_key->len); - - if (ssl->quic_method->set_encryption_secrets != NULL) - return ssl->quic_method->set_encryption_secrets(ssl, - ctx->hs->tls13.quic_read_level, read_key->data, NULL, - read_key->len); - - return 0; -} - -static int -tls13_quic_set_write_traffic_key(struct tls13_secret *write_key, - enum ssl_encryption_level_t write_level, void *arg) -{ - struct tls13_ctx *ctx = arg; - SSL *ssl = ctx->ssl; - - ctx->hs->tls13.quic_write_level = write_level; - - /* Handle both the new (BoringSSL) and old (quictls) APIs. */ - - if (ssl->quic_method->set_write_secret != NULL) - return ssl->quic_method->set_write_secret(ssl, - ctx->hs->tls13.quic_write_level, ctx->hs->cipher, - write_key->data, write_key->len); - - if (ssl->quic_method->set_encryption_secrets != NULL) - return ssl->quic_method->set_encryption_secrets(ssl, - ctx->hs->tls13.quic_write_level, NULL, write_key->data, - write_key->len); - - return 0; -} - -static int -tls13_quic_alert_send_cb(int alert_desc, void *arg) -{ - struct tls13_ctx *ctx = arg; - SSL *ssl = ctx->ssl; - uint8_t alert_level = TLS13_ALERT_LEVEL_FATAL; - int ret = TLS13_IO_ALERT; - - if (!ssl->quic_method->send_alert(ssl, ctx->hs->tls13.quic_write_level, - alert_desc)) { - SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR); - return TLS13_IO_FAILURE; - } - - if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY || - alert_desc == TLS13_ALERT_USER_CANCELED) { - alert_level = TLS13_ALERT_LEVEL_WARNING; - ret = TLS13_IO_SUCCESS; - } - - tls13_record_layer_alert_sent(ctx->rl, alert_level, alert_desc); - - return ret; -} - -static const struct tls13_record_layer_callbacks quic_rl_callbacks = { - .wire_read = tls13_quic_wire_read_cb, - .wire_write = tls13_quic_wire_write_cb, - .wire_flush = tls13_quic_wire_flush_cb, - - .handshake_read = tls13_quic_handshake_read_cb, - .handshake_write = tls13_quic_handshake_write_cb, - .set_read_traffic_key = tls13_quic_set_read_traffic_key, - .set_write_traffic_key = tls13_quic_set_write_traffic_key, - .alert_send = tls13_quic_alert_send_cb, - - .alert_recv = tls13_alert_received_cb, - .alert_sent = tls13_alert_sent_cb, - .phh_recv = tls13_phh_received_cb, - .phh_sent = tls13_phh_done_cb, -}; - -int -tls13_quic_init(struct tls13_ctx *ctx) -{ - BIO *bio; - - tls13_record_layer_set_callbacks(ctx->rl, &quic_rl_callbacks, ctx); - - ctx->middlebox_compat = 0; - - /* - * QUIC does not use BIOs, however we currently expect a BIO to exist - * for status handling. - */ - if ((bio = BIO_new(BIO_s_null())) == NULL) - return 0; - - SSL_set_bio(ctx->ssl, bio, bio); - bio = NULL; - - return 1; -} diff --git a/src/lib/libssl/tls13_record.c b/src/lib/libssl/tls13_record.c deleted file mode 100644 index dbc835c546..0000000000 --- a/src/lib/libssl/tls13_record.c +++ /dev/null @@ -1,186 +0,0 @@ -/* $OpenBSD: tls13_record.c,v 1.10 2022/07/22 19:33:53 jsing Exp $ */ -/* - * Copyright (c) 2018, 2019 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "tls13_internal.h" -#include "tls13_record.h" - -struct tls13_record { - uint16_t version; - uint8_t content_type; - size_t rec_len; - uint8_t *data; - size_t data_len; - CBS cbs; - - struct tls_buffer *buf; -}; - -struct tls13_record * -tls13_record_new(void) -{ - struct tls13_record *rec = NULL; - - if ((rec = calloc(1, sizeof(struct tls13_record))) == NULL) - goto err; - if ((rec->buf = tls_buffer_new(TLS13_RECORD_MAX_LEN)) == NULL) - goto err; - - return rec; - - err: - tls13_record_free(rec); - - return NULL; -} - -void -tls13_record_free(struct tls13_record *rec) -{ - if (rec == NULL) - return; - - tls_buffer_free(rec->buf); - - freezero(rec->data, rec->data_len); - freezero(rec, sizeof(struct tls13_record)); -} - -uint16_t -tls13_record_version(struct tls13_record *rec) -{ - return rec->version; -} - -uint8_t -tls13_record_content_type(struct tls13_record *rec) -{ - return rec->content_type; -} - -int -tls13_record_header(struct tls13_record *rec, CBS *cbs) -{ - if (rec->data_len < TLS13_RECORD_HEADER_LEN) - return 0; - - CBS_init(cbs, rec->data, TLS13_RECORD_HEADER_LEN); - - return 1; -} - -int -tls13_record_content(struct tls13_record *rec, CBS *cbs) -{ - CBS content; - - tls13_record_data(rec, &content); - - if (!CBS_skip(&content, TLS13_RECORD_HEADER_LEN)) - return 0; - - CBS_dup(&content, cbs); - - return 1; -} - -void -tls13_record_data(struct tls13_record *rec, CBS *cbs) -{ - CBS_init(cbs, rec->data, rec->data_len); -} - -int -tls13_record_set_data(struct tls13_record *rec, uint8_t *data, size_t data_len) -{ - if (data_len > TLS13_RECORD_MAX_LEN) - return 0; - - freezero(rec->data, rec->data_len); - rec->data = data; - rec->data_len = data_len; - CBS_init(&rec->cbs, rec->data, rec->data_len); - - return 1; -} - -ssize_t -tls13_record_recv(struct tls13_record *rec, tls_read_cb wire_read, - void *wire_arg) -{ - uint16_t rec_len, rec_version; - uint8_t content_type; - ssize_t ret; - CBS cbs; - - if (rec->data != NULL) - return TLS13_IO_FAILURE; - - if (rec->content_type == 0) { - if ((ret = tls_buffer_extend(rec->buf, - TLS13_RECORD_HEADER_LEN, wire_read, wire_arg)) <= 0) - return ret; - - if (!tls_buffer_data(rec->buf, &cbs)) - return TLS13_IO_FAILURE; - - if (!CBS_get_u8(&cbs, &content_type)) - return TLS13_IO_FAILURE; - if (!CBS_get_u16(&cbs, &rec_version)) - return TLS13_IO_FAILURE; - if (!CBS_get_u16(&cbs, &rec_len)) - return TLS13_IO_FAILURE; - - if ((rec_version >> 8) != SSL3_VERSION_MAJOR) - return TLS13_IO_RECORD_VERSION; - if (rec_len > TLS13_RECORD_MAX_CIPHERTEXT_LEN) - return TLS13_IO_RECORD_OVERFLOW; - - rec->content_type = content_type; - rec->version = rec_version; - rec->rec_len = rec_len; - } - - if ((ret = tls_buffer_extend(rec->buf, - TLS13_RECORD_HEADER_LEN + rec->rec_len, wire_read, wire_arg)) <= 0) - return ret; - - if (!tls_buffer_finish(rec->buf, &rec->data, &rec->data_len)) - return TLS13_IO_FAILURE; - - return rec->data_len; -} - -ssize_t -tls13_record_send(struct tls13_record *rec, tls_write_cb wire_write, - void *wire_arg) -{ - ssize_t ret; - - if (rec->data == NULL) - return TLS13_IO_FAILURE; - - while (CBS_len(&rec->cbs) > 0) { - if ((ret = wire_write(CBS_data(&rec->cbs), - CBS_len(&rec->cbs), wire_arg)) <= 0) - return ret; - - if (!CBS_skip(&rec->cbs, ret)) - return TLS13_IO_FAILURE; - } - - return rec->data_len; -} diff --git a/src/lib/libssl/tls13_record.h b/src/lib/libssl/tls13_record.h deleted file mode 100644 index 18e4fa1aba..0000000000 --- a/src/lib/libssl/tls13_record.h +++ /dev/null @@ -1,66 +0,0 @@ -/* $OpenBSD: tls13_record.h,v 1.5 2021/10/23 13:12:14 jsing Exp $ */ -/* - * Copyright (c) 2019 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef HEADER_TLS13_RECORD_H -#define HEADER_TLS13_RECORD_H - -#include "bytestring.h" - -__BEGIN_HIDDEN_DECLS - -/* - * TLSv1.3 Record Protocol - RFC 8446 section 5. - * - * The maximum plaintext is 2^14, however for inner plaintext an additional - * byte is allowed for the content type. A maximum AEAD overhead of 255-bytes - * is permitted, along with a 5-byte header, giving a maximum size of - * 5 + 2^14 + 1 + 255 = 16,645-bytes. - */ -#define TLS13_RECORD_HEADER_LEN 5 -#define TLS13_RECORD_MAX_AEAD_OVERHEAD 255 -#define TLS13_RECORD_MAX_PLAINTEXT_LEN 16384 -#define TLS13_RECORD_MAX_INNER_PLAINTEXT_LEN \ - (TLS13_RECORD_MAX_PLAINTEXT_LEN + 1) -#define TLS13_RECORD_MAX_CIPHERTEXT_LEN \ - (TLS13_RECORD_MAX_INNER_PLAINTEXT_LEN + TLS13_RECORD_MAX_AEAD_OVERHEAD) -#define TLS13_RECORD_MAX_LEN \ - (TLS13_RECORD_HEADER_LEN + TLS13_RECORD_MAX_CIPHERTEXT_LEN) - -/* - * TLSv1.3 Per-Record Nonces and Sequence Numbers - RFC 8446 section 5.3. - */ -#define TLS13_RECORD_SEQ_NUM_LEN 8 - -struct tls13_record; - -struct tls13_record *tls13_record_new(void); -void tls13_record_free(struct tls13_record *_rec); -uint16_t tls13_record_version(struct tls13_record *_rec); -uint8_t tls13_record_content_type(struct tls13_record *_rec); -int tls13_record_header(struct tls13_record *_rec, CBS *_cbs); -int tls13_record_content(struct tls13_record *_rec, CBS *_cbs); -void tls13_record_data(struct tls13_record *_rec, CBS *_cbs); -int tls13_record_set_data(struct tls13_record *_rec, uint8_t *_data, - size_t _data_len); -ssize_t tls13_record_recv(struct tls13_record *_rec, tls_read_cb _wire_read, - void *_wire_arg); -ssize_t tls13_record_send(struct tls13_record *_rec, tls_write_cb _wire_write, - void *_wire_arg); - -__END_HIDDEN_DECLS - -#endif diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c deleted file mode 100644 index f5604adbeb..0000000000 --- a/src/lib/libssl/tls13_record_layer.c +++ /dev/null @@ -1,1229 +0,0 @@ -/* $OpenBSD: tls13_record_layer.c,v 1.74 2024/09/09 03:32:29 tb Exp $ */ -/* - * Copyright (c) 2018, 2019 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "tls13_internal.h" -#include "tls13_record.h" -#include "tls_content.h" - -static ssize_t tls13_record_layer_write_chunk(struct tls13_record_layer *rl, - uint8_t content_type, const uint8_t *buf, size_t n); -static ssize_t tls13_record_layer_write_record(struct tls13_record_layer *rl, - uint8_t content_type, const uint8_t *content, size_t content_len); - -struct tls13_record_protection { - EVP_AEAD_CTX *aead_ctx; - struct tls13_secret iv; - struct tls13_secret nonce; - uint8_t seq_num[TLS13_RECORD_SEQ_NUM_LEN]; -}; - -struct tls13_record_protection * -tls13_record_protection_new(void) -{ - return calloc(1, sizeof(struct tls13_record_protection)); -} - -void -tls13_record_protection_clear(struct tls13_record_protection *rp) -{ - EVP_AEAD_CTX_free(rp->aead_ctx); - - tls13_secret_cleanup(&rp->iv); - tls13_secret_cleanup(&rp->nonce); - - memset(rp, 0, sizeof(*rp)); -} - -void -tls13_record_protection_free(struct tls13_record_protection *rp) -{ - if (rp == NULL) - return; - - tls13_record_protection_clear(rp); - - freezero(rp, sizeof(struct tls13_record_protection)); -} - -struct tls13_record_layer { - uint16_t legacy_version; - - int ccs_allowed; - int ccs_seen; - int ccs_sent; - int handshake_completed; - int legacy_alerts_allowed; - int phh; - int phh_retry; - - /* - * Read and/or write channels are closed due to an alert being - * sent or received. In the case of an error alert both channels - * are closed, whereas in the case of a close notify only one - * channel is closed. - */ - int read_closed; - int write_closed; - - struct tls13_record *rrec; - - struct tls13_record *wrec; - uint8_t wrec_content_type; - size_t wrec_appdata_len; - size_t wrec_content_len; - - /* Alert to be sent on return from current read handler. */ - uint8_t alert; - - /* Pending alert messages. */ - uint8_t *alert_data; - size_t alert_len; - uint8_t alert_level; - uint8_t alert_desc; - - /* Pending post-handshake handshake messages (RFC 8446, section 4.6). */ - CBS phh_cbs; - uint8_t *phh_data; - size_t phh_len; - - /* Content from opened records. */ - struct tls_content *rcontent; - - /* Record protection. */ - const EVP_MD *hash; - const EVP_AEAD *aead; - struct tls13_record_protection *read; - struct tls13_record_protection *write; - - /* Callbacks. */ - struct tls13_record_layer_callbacks cb; - void *cb_arg; -}; - -static void -tls13_record_layer_rrec_free(struct tls13_record_layer *rl) -{ - tls13_record_free(rl->rrec); - rl->rrec = NULL; -} - -static void -tls13_record_layer_wrec_free(struct tls13_record_layer *rl) -{ - tls13_record_free(rl->wrec); - rl->wrec = NULL; -} - -struct tls13_record_layer * -tls13_record_layer_new(const struct tls13_record_layer_callbacks *callbacks, - void *cb_arg) -{ - struct tls13_record_layer *rl; - - if ((rl = calloc(1, sizeof(struct tls13_record_layer))) == NULL) - goto err; - - if ((rl->rcontent = tls_content_new()) == NULL) - goto err; - - if ((rl->read = tls13_record_protection_new()) == NULL) - goto err; - if ((rl->write = tls13_record_protection_new()) == NULL) - goto err; - - rl->legacy_version = TLS1_2_VERSION; - - tls13_record_layer_set_callbacks(rl, callbacks, cb_arg); - - return rl; - - err: - tls13_record_layer_free(rl); - - return NULL; -} - -void -tls13_record_layer_free(struct tls13_record_layer *rl) -{ - if (rl == NULL) - return; - - tls13_record_layer_rrec_free(rl); - tls13_record_layer_wrec_free(rl); - - freezero(rl->alert_data, rl->alert_len); - freezero(rl->phh_data, rl->phh_len); - - tls_content_free(rl->rcontent); - - tls13_record_protection_free(rl->read); - tls13_record_protection_free(rl->write); - - freezero(rl, sizeof(struct tls13_record_layer)); -} - -void -tls13_record_layer_set_callbacks(struct tls13_record_layer *rl, - const struct tls13_record_layer_callbacks *callbacks, void *cb_arg) -{ - rl->cb = *callbacks; - rl->cb_arg = cb_arg; -} - -void -tls13_record_layer_rcontent(struct tls13_record_layer *rl, CBS *cbs) -{ - CBS_dup(tls_content_cbs(rl->rcontent), cbs); -} - -static const uint8_t tls13_max_seq_num[TLS13_RECORD_SEQ_NUM_LEN] = { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -}; - -int -tls13_record_layer_inc_seq_num(uint8_t *seq_num) -{ - int i; - - /* RFC 8446 section 5.3 - sequence numbers must not wrap. */ - if (memcmp(seq_num, tls13_max_seq_num, TLS13_RECORD_SEQ_NUM_LEN) == 0) - return 0; - - for (i = TLS13_RECORD_SEQ_NUM_LEN - 1; i >= 0; i--) { - if (++seq_num[i] != 0) - break; - } - - return 1; -} - -static int -tls13_record_layer_update_nonce(struct tls13_secret *nonce, - struct tls13_secret *iv, uint8_t *seq_num) -{ - ssize_t i, j; - - if (nonce->len != iv->len) - return 0; - - /* - * RFC 8446 section 5.3 - sequence number is zero padded and XOR'd - * with the IV to produce a per-record nonce. The IV will also be - * at least 8-bytes in length. - */ - for (i = nonce->len - 1, j = TLS13_RECORD_SEQ_NUM_LEN - 1; i >= 0; i--, j--) - nonce->data[i] = iv->data[i] ^ (j >= 0 ? seq_num[j] : 0); - - return 1; -} - -void -tls13_record_layer_allow_ccs(struct tls13_record_layer *rl, int allow) -{ - rl->ccs_allowed = allow; -} - -void -tls13_record_layer_allow_legacy_alerts(struct tls13_record_layer *rl, int allow) -{ - rl->legacy_alerts_allowed = allow; -} - -void -tls13_record_layer_set_aead(struct tls13_record_layer *rl, - const EVP_AEAD *aead) -{ - rl->aead = aead; -} - -void -tls13_record_layer_set_hash(struct tls13_record_layer *rl, - const EVP_MD *hash) -{ - rl->hash = hash; -} - -void -tls13_record_layer_set_legacy_version(struct tls13_record_layer *rl, - uint16_t version) -{ - rl->legacy_version = version; -} - -void -tls13_record_layer_handshake_completed(struct tls13_record_layer *rl) -{ - rl->handshake_completed = 1; -} - -void -tls13_record_layer_set_retry_after_phh(struct tls13_record_layer *rl, int retry) -{ - rl->phh_retry = retry; -} - -static ssize_t -tls13_record_layer_process_alert(struct tls13_record_layer *rl) -{ - uint8_t alert_level, alert_desc; - ssize_t ret = TLS13_IO_FAILURE; - - /* - * RFC 8446 - sections 5.1 and 6. - * - * A TLSv1.3 alert record can only contain a single alert - this means - * that processing the alert must consume all of the record. The alert - * will result in one of three things - continuation (user_cancelled), - * read channel closure (close_notify) or termination (all others). - */ - if (tls_content_type(rl->rcontent) != SSL3_RT_ALERT) - return TLS13_IO_FAILURE; - - if (!CBS_get_u8(tls_content_cbs(rl->rcontent), &alert_level)) - return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR); - if (!CBS_get_u8(tls_content_cbs(rl->rcontent), &alert_desc)) - return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR); - - if (tls_content_remaining(rl->rcontent) != 0) - return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR); - - tls_content_clear(rl->rcontent); - - /* - * Alert level is ignored for closure alerts (RFC 8446 section 6.1), - * however for error alerts (RFC 8446 section 6.2), the alert level - * must be specified as fatal. - */ - if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) { - rl->read_closed = 1; - ret = TLS13_IO_EOF; - } else if (alert_desc == TLS13_ALERT_USER_CANCELED) { - /* Ignored at the record layer. */ - ret = TLS13_IO_WANT_RETRY; - } else if (alert_level == TLS13_ALERT_LEVEL_FATAL) { - rl->read_closed = 1; - rl->write_closed = 1; - ret = TLS13_IO_ALERT; - } else if (rl->legacy_alerts_allowed && - alert_level == TLS13_ALERT_LEVEL_WARNING) { - /* Ignored and not passed to the callback. */ - return TLS13_IO_WANT_RETRY; - } else { - return tls13_send_alert(rl, TLS13_ALERT_ILLEGAL_PARAMETER); - } - - rl->cb.alert_recv(alert_level, alert_desc, rl->cb_arg); - - return ret; -} - -void -tls13_record_layer_alert_sent(struct tls13_record_layer *rl, - uint8_t alert_level, uint8_t alert_desc) -{ - rl->cb.alert_sent(alert_level, alert_desc, rl->cb_arg); -} - -static ssize_t -tls13_record_layer_send_alert(struct tls13_record_layer *rl) -{ - ssize_t ret; - - /* This has to fit into a single record, per RFC 8446 section 5.1. */ - if ((ret = tls13_record_layer_write_record(rl, SSL3_RT_ALERT, - rl->alert_data, rl->alert_len)) != rl->alert_len) { - if (ret == TLS13_IO_EOF) - ret = TLS13_IO_ALERT; - return ret; - } - - freezero(rl->alert_data, rl->alert_len); - rl->alert_data = NULL; - rl->alert_len = 0; - - if (rl->alert_desc == TLS13_ALERT_CLOSE_NOTIFY) { - rl->write_closed = 1; - ret = TLS13_IO_SUCCESS; - } else if (rl->alert_desc == TLS13_ALERT_USER_CANCELED) { - /* Ignored at the record layer. */ - ret = TLS13_IO_SUCCESS; - } else { - rl->read_closed = 1; - rl->write_closed = 1; - ret = TLS13_IO_ALERT; - } - - tls13_record_layer_alert_sent(rl, rl->alert_level, rl->alert_desc); - - return ret; -} - -static ssize_t -tls13_record_layer_send_phh(struct tls13_record_layer *rl) -{ - ssize_t ret; - - /* Push out pending post-handshake handshake messages. */ - if ((ret = tls13_record_layer_write_chunk(rl, SSL3_RT_HANDSHAKE, - CBS_data(&rl->phh_cbs), CBS_len(&rl->phh_cbs))) <= 0) - return ret; - if (!CBS_skip(&rl->phh_cbs, ret)) - return TLS13_IO_FAILURE; - if (CBS_len(&rl->phh_cbs) != 0) - return TLS13_IO_WANT_RETRY; - - freezero(rl->phh_data, rl->phh_len); - rl->phh_data = NULL; - rl->phh_len = 0; - - CBS_init(&rl->phh_cbs, rl->phh_data, rl->phh_len); - - rl->cb.phh_sent(rl->cb_arg); - - return TLS13_IO_SUCCESS; -} - -ssize_t -tls13_record_layer_send_pending(struct tls13_record_layer *rl) -{ - /* - * If an alert is pending, then it needs to be sent. However, - * if we're already part of the way through sending post-handshake - * handshake messages, then we need to finish that first... - */ - - if (rl->phh_data != NULL && CBS_len(&rl->phh_cbs) != rl->phh_len) - return tls13_record_layer_send_phh(rl); - - if (rl->alert_data != NULL) - return tls13_record_layer_send_alert(rl); - - if (rl->phh_data != NULL) - return tls13_record_layer_send_phh(rl); - - return TLS13_IO_SUCCESS; -} - -static ssize_t -tls13_record_layer_enqueue_alert(struct tls13_record_layer *rl, - uint8_t alert_level, uint8_t alert_desc) -{ - CBB cbb; - - if (rl->alert_data != NULL) - return TLS13_IO_FAILURE; - - if (!CBB_init(&cbb, 0)) - goto err; - - if (!CBB_add_u8(&cbb, alert_level)) - goto err; - if (!CBB_add_u8(&cbb, alert_desc)) - goto err; - if (!CBB_finish(&cbb, &rl->alert_data, &rl->alert_len)) - goto err; - - rl->alert_level = alert_level; - rl->alert_desc = alert_desc; - - return tls13_record_layer_send_pending(rl); - - err: - CBB_cleanup(&cbb); - - return TLS13_IO_FAILURE; -} - -ssize_t -tls13_record_layer_phh(struct tls13_record_layer *rl, CBS *cbs) -{ - if (rl->phh_data != NULL) - return TLS13_IO_FAILURE; - - if (!CBS_stow(cbs, &rl->phh_data, &rl->phh_len)) - return TLS13_IO_FAILURE; - - CBS_init(&rl->phh_cbs, rl->phh_data, rl->phh_len); - - return tls13_record_layer_send_pending(rl); -} - -static int -tls13_record_layer_set_traffic_key(const EVP_AEAD *aead, const EVP_MD *hash, - struct tls13_record_protection *rp, struct tls13_secret *traffic_key) -{ - struct tls13_secret context = { .data = "", .len = 0 }; - struct tls13_secret key = { .data = NULL, .len = 0 }; - int ret = 0; - - tls13_record_protection_clear(rp); - - if ((rp->aead_ctx = EVP_AEAD_CTX_new()) == NULL) - return 0; - - if (!tls13_secret_init(&rp->iv, EVP_AEAD_nonce_length(aead))) - goto err; - if (!tls13_secret_init(&rp->nonce, EVP_AEAD_nonce_length(aead))) - goto err; - if (!tls13_secret_init(&key, EVP_AEAD_key_length(aead))) - goto err; - - if (!tls13_hkdf_expand_label(&rp->iv, hash, traffic_key, "iv", &context)) - goto err; - if (!tls13_hkdf_expand_label(&key, hash, traffic_key, "key", &context)) - goto err; - - if (!EVP_AEAD_CTX_init(rp->aead_ctx, aead, key.data, key.len, - EVP_AEAD_DEFAULT_TAG_LENGTH, NULL)) - goto err; - - ret = 1; - - err: - tls13_secret_cleanup(&key); - - return ret; -} - -int -tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl, - struct tls13_secret *read_key, enum ssl_encryption_level_t read_level) -{ - if (rl->cb.set_read_traffic_key != NULL) - return rl->cb.set_read_traffic_key(read_key, read_level, - rl->cb_arg); - - return tls13_record_layer_set_traffic_key(rl->aead, rl->hash, - rl->read, read_key); -} - -int -tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl, - struct tls13_secret *write_key, enum ssl_encryption_level_t write_level) -{ - if (rl->cb.set_write_traffic_key != NULL) - return rl->cb.set_write_traffic_key(write_key, write_level, - rl->cb_arg); - - return tls13_record_layer_set_traffic_key(rl->aead, rl->hash, - rl->write, write_key); -} - -static int -tls13_record_layer_open_record_plaintext(struct tls13_record_layer *rl) -{ - CBS cbs; - - if (rl->aead != NULL) - return 0; - - /* - * We're still operating in plaintext mode, so just copy the - * content from the record to the plaintext buffer. - */ - if (!tls13_record_content(rl->rrec, &cbs)) - return 0; - - if (CBS_len(&cbs) > TLS13_RECORD_MAX_PLAINTEXT_LEN) { - rl->alert = TLS13_ALERT_RECORD_OVERFLOW; - return 0; - } - - if (!tls_content_dup_data(rl->rcontent, - tls13_record_content_type(rl->rrec), CBS_data(&cbs), CBS_len(&cbs))) - return 0; - - return 1; -} - -static int -tls13_record_layer_open_record_protected(struct tls13_record_layer *rl) -{ - CBS header, enc_record, inner; - uint8_t *content = NULL; - size_t content_len = 0; - uint8_t content_type; - size_t out_len; - - if (rl->aead == NULL) - goto err; - - if (!tls13_record_header(rl->rrec, &header)) - goto err; - if (!tls13_record_content(rl->rrec, &enc_record)) - goto err; - - /* XXX - minus tag len? */ - if ((content = calloc(1, CBS_len(&enc_record))) == NULL) - goto err; - content_len = CBS_len(&enc_record); - - if (!tls13_record_layer_update_nonce(&rl->read->nonce, &rl->read->iv, - rl->read->seq_num)) - goto err; - - if (!EVP_AEAD_CTX_open(rl->read->aead_ctx, - content, &out_len, content_len, - rl->read->nonce.data, rl->read->nonce.len, - CBS_data(&enc_record), CBS_len(&enc_record), - CBS_data(&header), CBS_len(&header))) - goto err; - - if (out_len > TLS13_RECORD_MAX_INNER_PLAINTEXT_LEN) { - rl->alert = TLS13_ALERT_RECORD_OVERFLOW; - goto err; - } - - if (!tls13_record_layer_inc_seq_num(rl->read->seq_num)) - goto err; - - /* - * The real content type is hidden at the end of the record content and - * it may be followed by padding that consists of one or more zeroes. - * Time to hunt for that elusive content type! - */ - CBS_init(&inner, content, out_len); - content_type = 0; - while (CBS_get_last_u8(&inner, &content_type)) { - if (content_type != 0) - break; - } - if (content_type == 0) { - /* Unexpected message per RFC 8446 section 5.4. */ - rl->alert = TLS13_ALERT_UNEXPECTED_MESSAGE; - goto err; - } - if (CBS_len(&inner) > TLS13_RECORD_MAX_PLAINTEXT_LEN) { - rl->alert = TLS13_ALERT_RECORD_OVERFLOW; - goto err; - } - - tls_content_set_data(rl->rcontent, content_type, CBS_data(&inner), - CBS_len(&inner)); - - return 1; - - err: - freezero(content, content_len); - - return 0; -} - -static int -tls13_record_layer_open_record(struct tls13_record_layer *rl) -{ - if (rl->handshake_completed && rl->aead == NULL) - return 0; - - if (rl->aead == NULL) - return tls13_record_layer_open_record_plaintext(rl); - - return tls13_record_layer_open_record_protected(rl); -} - -static int -tls13_record_layer_seal_record_plaintext(struct tls13_record_layer *rl, - uint8_t content_type, const uint8_t *content, size_t content_len) -{ - uint8_t *data = NULL; - size_t data_len = 0; - CBB cbb, body; - - /* - * Allow dummy CCS messages to be sent in plaintext even when - * record protection has been engaged, as long as the handshake - * has not yet completed. - */ - if (rl->handshake_completed) - return 0; - if (rl->aead != NULL && content_type != SSL3_RT_CHANGE_CIPHER_SPEC) - return 0; - - /* - * We're still operating in plaintext mode, so just copy the - * content into the record. - */ - if (!CBB_init(&cbb, TLS13_RECORD_HEADER_LEN + content_len)) - goto err; - - if (!CBB_add_u8(&cbb, content_type)) - goto err; - if (!CBB_add_u16(&cbb, rl->legacy_version)) - goto err; - if (!CBB_add_u16_length_prefixed(&cbb, &body)) - goto err; - if (!CBB_add_bytes(&body, content, content_len)) - goto err; - - if (!CBB_finish(&cbb, &data, &data_len)) - goto err; - - if (!tls13_record_set_data(rl->wrec, data, data_len)) - goto err; - - rl->wrec_content_len = content_len; - rl->wrec_content_type = content_type; - - return 1; - - err: - CBB_cleanup(&cbb); - freezero(data, data_len); - - return 0; -} - -static int -tls13_record_layer_seal_record_protected(struct tls13_record_layer *rl, - uint8_t content_type, const uint8_t *content, size_t content_len) -{ - uint8_t *data = NULL, *header = NULL, *inner = NULL; - size_t data_len = 0, header_len = 0, inner_len = 0; - uint8_t *enc_record; - size_t enc_record_len; - ssize_t ret = 0; - size_t out_len; - CBB cbb; - - if (rl->aead == NULL) - return 0; - - memset(&cbb, 0, sizeof(cbb)); - - /* Build inner plaintext. */ - if (!CBB_init(&cbb, content_len + 1)) - goto err; - if (!CBB_add_bytes(&cbb, content, content_len)) - goto err; - if (!CBB_add_u8(&cbb, content_type)) - goto err; - /* XXX - padding? */ - if (!CBB_finish(&cbb, &inner, &inner_len)) - goto err; - - if (inner_len > TLS13_RECORD_MAX_INNER_PLAINTEXT_LEN) - goto err; - - /* XXX EVP_AEAD_max_tag_len vs EVP_AEAD_CTX_tag_len. */ - enc_record_len = inner_len + EVP_AEAD_max_tag_len(rl->aead); - if (enc_record_len > TLS13_RECORD_MAX_CIPHERTEXT_LEN) - goto err; - - /* Build the record header. */ - if (!CBB_init(&cbb, TLS13_RECORD_HEADER_LEN)) - goto err; - if (!CBB_add_u8(&cbb, SSL3_RT_APPLICATION_DATA)) - goto err; - if (!CBB_add_u16(&cbb, TLS1_2_VERSION)) - goto err; - if (!CBB_add_u16(&cbb, enc_record_len)) - goto err; - if (!CBB_finish(&cbb, &header, &header_len)) - goto err; - - /* Build the actual record. */ - if (!CBB_init(&cbb, TLS13_RECORD_HEADER_LEN + enc_record_len)) - goto err; - if (!CBB_add_bytes(&cbb, header, header_len)) - goto err; - if (!CBB_add_space(&cbb, &enc_record, enc_record_len)) - goto err; - if (!CBB_finish(&cbb, &data, &data_len)) - goto err; - - if (!tls13_record_layer_update_nonce(&rl->write->nonce, - &rl->write->iv, rl->write->seq_num)) - goto err; - - /* - * XXX - consider a EVP_AEAD_CTX_seal_iov() that takes an iovec... - * this would avoid a copy since the inner would be passed as two - * separate pieces. - */ - if (!EVP_AEAD_CTX_seal(rl->write->aead_ctx, - enc_record, &out_len, enc_record_len, - rl->write->nonce.data, rl->write->nonce.len, - inner, inner_len, header, header_len)) - goto err; - - if (out_len != enc_record_len) - goto err; - - if (!tls13_record_layer_inc_seq_num(rl->write->seq_num)) - goto err; - - if (!tls13_record_set_data(rl->wrec, data, data_len)) - goto err; - - rl->wrec_content_len = content_len; - rl->wrec_content_type = content_type; - - data = NULL; - data_len = 0; - - ret = 1; - - err: - CBB_cleanup(&cbb); - - freezero(data, data_len); - freezero(header, header_len); - freezero(inner, inner_len); - - return ret; -} - -static int -tls13_record_layer_seal_record(struct tls13_record_layer *rl, - uint8_t content_type, const uint8_t *content, size_t content_len) -{ - if (rl->handshake_completed && rl->aead == NULL) - return 0; - - tls13_record_layer_wrec_free(rl); - - if ((rl->wrec = tls13_record_new()) == NULL) - return 0; - - if (rl->aead == NULL || content_type == SSL3_RT_CHANGE_CIPHER_SPEC) - return tls13_record_layer_seal_record_plaintext(rl, - content_type, content, content_len); - - return tls13_record_layer_seal_record_protected(rl, content_type, - content, content_len); -} - -static ssize_t -tls13_record_layer_read_record(struct tls13_record_layer *rl) -{ - uint8_t content_type, ccs; - ssize_t ret; - CBS cbs; - - if (rl->rrec == NULL) { - if ((rl->rrec = tls13_record_new()) == NULL) - goto err; - } - - if ((ret = tls13_record_recv(rl->rrec, rl->cb.wire_read, rl->cb_arg)) <= 0) { - switch (ret) { - case TLS13_IO_RECORD_VERSION: - return tls13_send_alert(rl, TLS13_ALERT_PROTOCOL_VERSION); - case TLS13_IO_RECORD_OVERFLOW: - return tls13_send_alert(rl, TLS13_ALERT_RECORD_OVERFLOW); - } - return ret; - } - - content_type = tls13_record_content_type(rl->rrec); - - /* - * In response to a client hello we may receive an alert in a - * record with a legacy version. Otherwise enforce that the - * legacy record version is 0x0303 per RFC 8446, section 5.1. - */ - if (rl->legacy_version == TLS1_2_VERSION && - tls13_record_version(rl->rrec) != TLS1_2_VERSION && - (content_type != SSL3_RT_ALERT || !rl->legacy_alerts_allowed)) - return tls13_send_alert(rl, TLS13_ALERT_PROTOCOL_VERSION); - - /* - * Bag of hacks ahead... after the first ClientHello message has been - * sent or received and before the peer's Finished message has been - * received, we may receive an unencrypted ChangeCipherSpec record - * (see RFC 8446 section 5 and appendix D.4). This record must be - * ignored. - */ - if (content_type == SSL3_RT_CHANGE_CIPHER_SPEC) { - if (!rl->ccs_allowed || rl->ccs_seen >= 2) - return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE); - if (!tls13_record_content(rl->rrec, &cbs)) - return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR); - if (!CBS_get_u8(&cbs, &ccs)) - return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR); - if (ccs != 1) - return tls13_send_alert(rl, TLS13_ALERT_ILLEGAL_PARAMETER); - if (CBS_len(&cbs) != 0) - return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR); - rl->ccs_seen++; - tls13_record_layer_rrec_free(rl); - return TLS13_IO_WANT_RETRY; - } - - /* - * Once record protection is engaged, we should only receive - * protected application data messages (aside from the - * dummy ChangeCipherSpec messages, handled above). - */ - if (rl->aead != NULL && content_type != SSL3_RT_APPLICATION_DATA) - return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE); - - if (!tls13_record_layer_open_record(rl)) - goto err; - - tls13_record_layer_rrec_free(rl); - - /* - * On receiving a handshake or alert record with empty inner plaintext, - * we must terminate the connection with an unexpected_message alert. - * See RFC 8446 section 5.4. - */ - if (tls_content_remaining(rl->rcontent) == 0 && - (tls_content_type(rl->rcontent) == SSL3_RT_ALERT || - tls_content_type(rl->rcontent) == SSL3_RT_HANDSHAKE)) - return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE); - - switch (tls_content_type(rl->rcontent)) { - case SSL3_RT_ALERT: - return tls13_record_layer_process_alert(rl); - - case SSL3_RT_HANDSHAKE: - break; - - case SSL3_RT_APPLICATION_DATA: - if (!rl->handshake_completed) - return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE); - break; - - default: - return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE); - } - - return TLS13_IO_SUCCESS; - - err: - return TLS13_IO_FAILURE; -} - -static ssize_t -tls13_record_layer_pending(struct tls13_record_layer *rl, uint8_t content_type) -{ - if (tls_content_type(rl->rcontent) != content_type) - return 0; - - return tls_content_remaining(rl->rcontent); -} - -static ssize_t -tls13_record_layer_recv_phh(struct tls13_record_layer *rl) -{ - ssize_t ret = TLS13_IO_FAILURE; - - rl->phh = 1; - - /* - * The post handshake handshake receive callback is allowed to return: - * - * TLS13_IO_WANT_POLLIN need more handshake data. - * TLS13_IO_WANT_POLLOUT got whole handshake message, response enqueued. - * TLS13_IO_SUCCESS got the whole handshake, nothing more to do. - * TLS13_IO_FAILURE something broke. - */ - if (rl->cb.phh_recv != NULL) - ret = rl->cb.phh_recv(rl->cb_arg); - - tls_content_clear(rl->rcontent); - - /* Leave post handshake handshake mode unless we need more data. */ - if (ret != TLS13_IO_WANT_POLLIN) - rl->phh = 0; - - if (ret == TLS13_IO_SUCCESS) { - if (rl->phh_retry) - return TLS13_IO_WANT_RETRY; - - return TLS13_IO_WANT_POLLIN; - } - - return ret; -} - -static ssize_t -tls13_record_layer_read_internal(struct tls13_record_layer *rl, - uint8_t content_type, uint8_t *buf, size_t n, int peek) -{ - ssize_t ret; - - if ((ret = tls13_record_layer_send_pending(rl)) != TLS13_IO_SUCCESS) - return ret; - - if (rl->read_closed) - return TLS13_IO_EOF; - - /* If necessary, pull up the next record. */ - if (tls_content_remaining(rl->rcontent) == 0) { - if ((ret = tls13_record_layer_read_record(rl)) <= 0) - return ret; - - /* - * We may have read a valid 0-byte application data record, - * in which case we need to read the next record. - */ - if (tls_content_remaining(rl->rcontent) == 0) - return TLS13_IO_WANT_POLLIN; - } - - /* - * If we are in post handshake handshake mode, we must not see - * any record type that isn't a handshake until we are done. - */ - if (rl->phh && tls_content_type(rl->rcontent) != SSL3_RT_HANDSHAKE) - return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE); - - /* - * Handshake content can appear as post-handshake messages (yup, - * the RFC reused the same content type...), which means we can - * be trying to read application data and need to handle a - * post-handshake handshake message instead... - */ - if (tls_content_type(rl->rcontent) != content_type) { - if (tls_content_type(rl->rcontent) == SSL3_RT_HANDSHAKE) { - if (rl->handshake_completed) - return tls13_record_layer_recv_phh(rl); - } - return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE); - } - - if (peek) - return tls_content_peek(rl->rcontent, buf, n); - - return tls_content_read(rl->rcontent, buf, n); -} - -static ssize_t -tls13_record_layer_peek(struct tls13_record_layer *rl, uint8_t content_type, - uint8_t *buf, size_t n) -{ - ssize_t ret; - - do { - ret = tls13_record_layer_read_internal(rl, content_type, buf, n, 1); - } while (ret == TLS13_IO_WANT_RETRY); - - if (rl->alert != 0) - return tls13_send_alert(rl, rl->alert); - - return ret; -} - -static ssize_t -tls13_record_layer_read(struct tls13_record_layer *rl, uint8_t content_type, - uint8_t *buf, size_t n) -{ - ssize_t ret; - - do { - ret = tls13_record_layer_read_internal(rl, content_type, buf, n, 0); - } while (ret == TLS13_IO_WANT_RETRY); - - if (rl->alert != 0) - return tls13_send_alert(rl, rl->alert); - - return ret; -} - -static ssize_t -tls13_record_layer_write_record(struct tls13_record_layer *rl, - uint8_t content_type, const uint8_t *content, size_t content_len) -{ - ssize_t ret; - - if (rl->write_closed) - return TLS13_IO_EOF; - - /* - * If we pushed out application data while handling other messages, - * we need to return content length on the next call. - */ - if (content_type == SSL3_RT_APPLICATION_DATA && - rl->wrec_appdata_len != 0) { - ret = rl->wrec_appdata_len; - rl->wrec_appdata_len = 0; - return ret; - } - - /* See if there is an existing record and attempt to push it out... */ - if (rl->wrec != NULL) { - if ((ret = tls13_record_send(rl->wrec, rl->cb.wire_write, - rl->cb_arg)) <= 0) - return ret; - tls13_record_layer_wrec_free(rl); - - if (rl->wrec_content_type == content_type) { - ret = rl->wrec_content_len; - rl->wrec_content_len = 0; - rl->wrec_content_type = 0; - return ret; - } - - /* - * The only partial record type should be application data. - * All other cases are handled to completion. - */ - if (rl->wrec_content_type != SSL3_RT_APPLICATION_DATA) - return TLS13_IO_FAILURE; - rl->wrec_appdata_len = rl->wrec_content_len; - } - - if (content_len > TLS13_RECORD_MAX_PLAINTEXT_LEN) - goto err; - - if (!tls13_record_layer_seal_record(rl, content_type, content, content_len)) - goto err; - - if ((ret = tls13_record_send(rl->wrec, rl->cb.wire_write, rl->cb_arg)) <= 0) - return ret; - - tls13_record_layer_wrec_free(rl); - - return content_len; - - err: - return TLS13_IO_FAILURE; -} - -static ssize_t -tls13_record_layer_write_chunk(struct tls13_record_layer *rl, - uint8_t content_type, const uint8_t *buf, size_t n) -{ - if (n > TLS13_RECORD_MAX_PLAINTEXT_LEN) - n = TLS13_RECORD_MAX_PLAINTEXT_LEN; - - return tls13_record_layer_write_record(rl, content_type, buf, n); -} - -static ssize_t -tls13_record_layer_write(struct tls13_record_layer *rl, uint8_t content_type, - const uint8_t *buf, size_t n) -{ - ssize_t ret; - - do { - ret = tls13_record_layer_send_pending(rl); - } while (ret == TLS13_IO_WANT_RETRY); - if (ret != TLS13_IO_SUCCESS) - return ret; - - do { - ret = tls13_record_layer_write_chunk(rl, content_type, buf, n); - } while (ret == TLS13_IO_WANT_RETRY); - - return ret; -} - -ssize_t -tls13_record_layer_flush(struct tls13_record_layer *rl) -{ - return rl->cb.wire_flush(rl->cb_arg); -} - -static const uint8_t tls13_dummy_ccs[] = { 0x01 }; - -ssize_t -tls13_send_dummy_ccs(struct tls13_record_layer *rl) -{ - ssize_t ret; - - if (rl->ccs_sent) - return TLS13_IO_FAILURE; - - if ((ret = tls13_record_layer_write(rl, SSL3_RT_CHANGE_CIPHER_SPEC, - tls13_dummy_ccs, sizeof(tls13_dummy_ccs))) <= 0) - return ret; - - rl->ccs_sent = 1; - - return TLS13_IO_SUCCESS; -} - -ssize_t -tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n) -{ - if (rl->cb.handshake_read != NULL) - return rl->cb.handshake_read(buf, n, rl->cb_arg); - - return tls13_record_layer_read(rl, SSL3_RT_HANDSHAKE, buf, n); -} - -ssize_t -tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf, - size_t n) -{ - if (rl->cb.handshake_write != NULL) - return rl->cb.handshake_write(buf, n, rl->cb_arg); - - return tls13_record_layer_write(rl, SSL3_RT_HANDSHAKE, buf, n); -} - -ssize_t -tls13_pending_application_data(struct tls13_record_layer *rl) -{ - if (!rl->handshake_completed) - return 0; - - return tls13_record_layer_pending(rl, SSL3_RT_APPLICATION_DATA); -} - -ssize_t -tls13_peek_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n) -{ - if (!rl->handshake_completed) - return TLS13_IO_FAILURE; - - return tls13_record_layer_peek(rl, SSL3_RT_APPLICATION_DATA, buf, n); -} - -ssize_t -tls13_read_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n) -{ - if (!rl->handshake_completed) - return TLS13_IO_FAILURE; - - return tls13_record_layer_read(rl, SSL3_RT_APPLICATION_DATA, buf, n); -} - -ssize_t -tls13_write_application_data(struct tls13_record_layer *rl, const uint8_t *buf, - size_t n) -{ - if (!rl->handshake_completed) - return TLS13_IO_FAILURE; - - return tls13_record_layer_write(rl, SSL3_RT_APPLICATION_DATA, buf, n); -} - -ssize_t -tls13_send_alert(struct tls13_record_layer *rl, uint8_t alert_desc) -{ - uint8_t alert_level = TLS13_ALERT_LEVEL_FATAL; - ssize_t ret; - - if (rl->cb.alert_send != NULL) - return rl->cb.alert_send(alert_desc, rl->cb_arg); - - if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY || - alert_desc == TLS13_ALERT_USER_CANCELED) - alert_level = TLS13_ALERT_LEVEL_WARNING; - - do { - ret = tls13_record_layer_enqueue_alert(rl, alert_level, - alert_desc); - } while (ret == TLS13_IO_WANT_RETRY); - - return ret; -} diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c deleted file mode 100644 index 63b7d92093..0000000000 --- a/src/lib/libssl/tls13_server.c +++ /dev/null @@ -1,1095 +0,0 @@ -/* $OpenBSD: tls13_server.c,v 1.109 2024/07/22 14:47:15 jsing Exp $ */ -/* - * Copyright (c) 2019, 2020 Joel Sing - * Copyright (c) 2020 Bob Beck - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#include "ssl_local.h" -#include "ssl_sigalgs.h" -#include "ssl_tlsext.h" -#include "tls13_handshake.h" -#include "tls13_internal.h" - -int -tls13_server_init(struct tls13_ctx *ctx) -{ - SSL *s = ctx->ssl; - - if (!ssl_supported_tls_version_range(s, &ctx->hs->our_min_tls_version, - &ctx->hs->our_max_tls_version)) { - SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); - return 0; - } - s->version = ctx->hs->our_max_tls_version; - - tls13_record_layer_set_retry_after_phh(ctx->rl, - (s->mode & SSL_MODE_AUTO_RETRY) != 0); - - if (!ssl_get_new_session(s, 0)) /* XXX */ - return 0; - - tls13_record_layer_set_legacy_version(ctx->rl, TLS1_VERSION); - - if (!tls1_transcript_init(s)) - return 0; - - arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); - - return 1; -} - -int -tls13_server_accept(struct tls13_ctx *ctx) -{ - if (ctx->mode != TLS13_HS_SERVER) - return TLS13_IO_FAILURE; - - return tls13_handshake_perform(ctx); -} - -static int -tls13_client_hello_is_legacy(CBS *cbs) -{ - CBS extensions_block, extensions, extension_data, versions; - uint16_t version, max_version = 0; - uint16_t type; - - CBS_dup(cbs, &extensions_block); - - if (!CBS_get_u16_length_prefixed(&extensions_block, &extensions)) - return 1; - - while (CBS_len(&extensions) > 0) { - if (!CBS_get_u16(&extensions, &type)) - return 1; - if (!CBS_get_u16_length_prefixed(&extensions, &extension_data)) - return 1; - - if (type != TLSEXT_TYPE_supported_versions) - continue; - if (!CBS_get_u8_length_prefixed(&extension_data, &versions)) - return 1; - while (CBS_len(&versions) > 0) { - if (!CBS_get_u16(&versions, &version)) - return 1; - if (version >= max_version) - max_version = version; - } - if (CBS_len(&extension_data) != 0) - return 1; - } - - return (max_version < TLS1_3_VERSION); -} - -int -tls13_client_hello_required_extensions(struct tls13_ctx *ctx) -{ - SSL *s = ctx->ssl; - - /* - * RFC 8446, section 9.2. If the ClientHello has supported_versions - * containing TLSv1.3, presence or absence of some extensions requires - * presence or absence of others. - */ - - /* - * RFC 8446 section 4.2.9 - if we received a pre_shared_key, then we - * also need psk_key_exchange_modes. Otherwise, section 9.2 specifies - * that we need both signature_algorithms and supported_groups. - */ - if (tlsext_extension_seen(s, TLSEXT_TYPE_pre_shared_key)) { - if (!tlsext_extension_seen(s, - TLSEXT_TYPE_psk_key_exchange_modes)) - return 0; - } else { - if (!tlsext_extension_seen(s, TLSEXT_TYPE_signature_algorithms)) - return 0; - if (!tlsext_extension_seen(s, TLSEXT_TYPE_supported_groups)) - return 0; - } - - /* - * supported_groups and key_share must either both be present or - * both be absent. - */ - if (tlsext_extension_seen(s, TLSEXT_TYPE_supported_groups) != - tlsext_extension_seen(s, TLSEXT_TYPE_key_share)) - return 0; - - /* - * XXX - Require server_name from client? If so, we SHOULD enforce - * this here - RFC 8446, 9.2. - */ - - return 1; -} - -static const uint8_t tls13_compression_null_only[] = { 0 }; - -static int -tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) -{ - CBS cipher_suites, client_random, compression_methods, session_id; - STACK_OF(SSL_CIPHER) *ciphers = NULL; - const SSL_CIPHER *cipher; - uint16_t legacy_version; - int alert_desc; - SSL *s = ctx->ssl; - int ret = 0; - - if (!CBS_get_u16(cbs, &legacy_version)) - goto err; - if (!CBS_get_bytes(cbs, &client_random, SSL3_RANDOM_SIZE)) - goto err; - if (!CBS_get_u8_length_prefixed(cbs, &session_id)) - goto err; - if (!CBS_get_u16_length_prefixed(cbs, &cipher_suites)) - goto err; - if (!CBS_get_u8_length_prefixed(cbs, &compression_methods)) - goto err; - - if (tls13_client_hello_is_legacy(cbs) || s->version < TLS1_3_VERSION) { - if (!CBS_skip(cbs, CBS_len(cbs))) - goto err; - return tls13_use_legacy_server(ctx); - } - ctx->hs->negotiated_tls_version = TLS1_3_VERSION; - ctx->hs->peer_legacy_version = legacy_version; - - /* Ensure we send subsequent alerts with the correct record version. */ - tls13_record_layer_set_legacy_version(ctx->rl, TLS1_2_VERSION); - - /* - * Ensure that the client has not requested middlebox compatibility mode - * if it is prohibited from doing so. - */ - if (!ctx->middlebox_compat && CBS_len(&session_id) != 0) { - ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; - goto err; - } - - /* Add decoded values to the current ClientHello hash */ - if (!tls13_clienthello_hash_init(ctx)) { - ctx->alert = TLS13_ALERT_INTERNAL_ERROR; - goto err; - } - if (!tls13_clienthello_hash_update_bytes(ctx, (void *)&legacy_version, - sizeof(legacy_version))) { - ctx->alert = TLS13_ALERT_INTERNAL_ERROR; - goto err; - } - if (!tls13_clienthello_hash_update(ctx, &client_random)) { - ctx->alert = TLS13_ALERT_INTERNAL_ERROR; - goto err; - } - if (!tls13_clienthello_hash_update(ctx, &session_id)) { - ctx->alert = TLS13_ALERT_INTERNAL_ERROR; - goto err; - } - if (!tls13_clienthello_hash_update(ctx, &cipher_suites)) { - ctx->alert = TLS13_ALERT_INTERNAL_ERROR; - goto err; - } - if (!tls13_clienthello_hash_update(ctx, &compression_methods)) { - ctx->alert = TLS13_ALERT_INTERNAL_ERROR; - goto err; - } - - if (!tlsext_server_parse(s, SSL_TLSEXT_MSG_CH, cbs, &alert_desc)) { - ctx->alert = alert_desc; - goto err; - } - - /* Finalize first ClientHello hash, or validate against it */ - if (!ctx->hs->tls13.hrr) { - if (!tls13_clienthello_hash_finalize(ctx)) { - ctx->alert = TLS13_ALERT_INTERNAL_ERROR; - goto err; - } - } else { - if (!tls13_clienthello_hash_validate(ctx)) { - ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; - goto err; - } - tls13_clienthello_hash_clear(&ctx->hs->tls13); - } - - if (!tls13_client_hello_required_extensions(ctx)) { - ctx->alert = TLS13_ALERT_MISSING_EXTENSION; - goto err; - } - - /* - * If we got this far we have a supported versions extension that offers - * TLS 1.3 or later. This requires the legacy version be set to 0x0303. - */ - if (legacy_version != TLS1_2_VERSION) { - ctx->alert = TLS13_ALERT_PROTOCOL_VERSION; - goto err; - } - - /* - * The legacy session identifier must either be zero length or a 32 byte - * value (in which case the client is requesting middlebox compatibility - * mode), as per RFC 8446 section 4.1.2. If it is valid, store the value - * so that we can echo it back to the client. - */ - if (CBS_len(&session_id) != 0 && - CBS_len(&session_id) != sizeof(ctx->hs->tls13.legacy_session_id)) { - ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; - goto err; - } - if (!CBS_write_bytes(&session_id, ctx->hs->tls13.legacy_session_id, - sizeof(ctx->hs->tls13.legacy_session_id), - &ctx->hs->tls13.legacy_session_id_len)) { - ctx->alert = TLS13_ALERT_INTERNAL_ERROR; - goto err; - } - - /* Parse cipher suites list and select preferred cipher. */ - if ((ciphers = ssl_bytes_to_cipher_list(s, &cipher_suites)) == NULL) { - ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; - goto err; - } - cipher = ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s)); - if (cipher == NULL) { - tls13_set_errorx(ctx, TLS13_ERR_NO_SHARED_CIPHER, 0, - "no shared cipher found", NULL); - ctx->alert = TLS13_ALERT_HANDSHAKE_FAILURE; - goto err; - } - ctx->hs->cipher = cipher; - - sk_SSL_CIPHER_free(s->s3->hs.client_ciphers); - s->s3->hs.client_ciphers = ciphers; - ciphers = NULL; - - /* Ensure only the NULL compression method is advertised. */ - if (!CBS_mem_equal(&compression_methods, tls13_compression_null_only, - sizeof(tls13_compression_null_only))) { - ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; - goto err; - } - - ret = 1; - - err: - sk_SSL_CIPHER_free(ciphers); - - return ret; -} - -int -tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs) -{ - SSL *s = ctx->ssl; - - if (!tls13_client_hello_process(ctx, cbs)) - goto err; - - /* See if we switched back to the legacy client method. */ - if (s->method->version < TLS1_3_VERSION) - return 1; - - /* - * If a matching key share was provided, we do not need to send a - * HelloRetryRequest. - */ - /* - * XXX - ideally NEGOTIATED would only be added after record protection - * has been enabled. This would probably mean using either an - * INITIAL | WITHOUT_HRR state, or another intermediate state. - */ - if (ctx->hs->key_share != NULL) - ctx->handshake_stage.hs_type |= NEGOTIATED | WITHOUT_HRR; - - tls13_record_layer_allow_ccs(ctx->rl, 1); - - return 1; - - err: - return 0; -} - -static int -tls13_server_hello_build(struct tls13_ctx *ctx, CBB *cbb, int hrr) -{ - uint16_t tlsext_msg_type = SSL_TLSEXT_MSG_SH; - const uint8_t *server_random; - CBB session_id; - SSL *s = ctx->ssl; - uint16_t cipher; - - cipher = SSL_CIPHER_get_value(ctx->hs->cipher); - server_random = s->s3->server_random; - - if (hrr) { - server_random = tls13_hello_retry_request_hash; - tlsext_msg_type = SSL_TLSEXT_MSG_HRR; - } - - if (!CBB_add_u16(cbb, TLS1_2_VERSION)) - goto err; - if (!CBB_add_bytes(cbb, server_random, SSL3_RANDOM_SIZE)) - goto err; - if (!CBB_add_u8_length_prefixed(cbb, &session_id)) - goto err; - if (!CBB_add_bytes(&session_id, ctx->hs->tls13.legacy_session_id, - ctx->hs->tls13.legacy_session_id_len)) - goto err; - if (!CBB_add_u16(cbb, cipher)) - goto err; - if (!CBB_add_u8(cbb, 0)) - goto err; - if (!tlsext_server_build(s, tlsext_msg_type, cbb)) - goto err; - - if (!CBB_flush(cbb)) - goto err; - - return 1; - err: - return 0; -} - -static int -tls13_server_engage_record_protection(struct tls13_ctx *ctx) -{ - struct tls13_secrets *secrets; - struct tls13_secret context; - unsigned char buf[EVP_MAX_MD_SIZE]; - uint8_t *shared_key = NULL; - size_t shared_key_len = 0; - size_t hash_len; - SSL *s = ctx->ssl; - int ret = 0; - - if (!tls_key_share_derive(ctx->hs->key_share, &shared_key, - &shared_key_len)) - goto err; - - s->session->cipher_value = ctx->hs->cipher->value; - - if ((ctx->aead = tls13_cipher_aead(ctx->hs->cipher)) == NULL) - goto err; - if ((ctx->hash = tls13_cipher_hash(ctx->hs->cipher)) == NULL) - goto err; - - if ((secrets = tls13_secrets_create(ctx->hash, 0)) == NULL) - goto err; - ctx->hs->tls13.secrets = secrets; - - /* XXX - pass in hash. */ - if (!tls1_transcript_hash_init(s)) - goto err; - tls1_transcript_free(s); - if (!tls1_transcript_hash_value(s, buf, sizeof(buf), &hash_len)) - goto err; - context.data = buf; - context.len = hash_len; - - /* Early secrets. */ - if (!tls13_derive_early_secrets(secrets, secrets->zeros.data, - secrets->zeros.len, &context)) - goto err; - - /* Handshake secrets. */ - if (!tls13_derive_handshake_secrets(ctx->hs->tls13.secrets, shared_key, - shared_key_len, &context)) - goto err; - - tls13_record_layer_set_aead(ctx->rl, ctx->aead); - tls13_record_layer_set_hash(ctx->rl, ctx->hash); - - if (!tls13_record_layer_set_read_traffic_key(ctx->rl, - &secrets->client_handshake_traffic, ssl_encryption_handshake)) - goto err; - if (!tls13_record_layer_set_write_traffic_key(ctx->rl, - &secrets->server_handshake_traffic, ssl_encryption_handshake)) - goto err; - - ctx->handshake_stage.hs_type |= NEGOTIATED; - if (!(SSL_get_verify_mode(s) & SSL_VERIFY_PEER)) - ctx->handshake_stage.hs_type |= WITHOUT_CR; - - ret = 1; - - err: - freezero(shared_key, shared_key_len); - return ret; -} - -int -tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb) -{ - int nid; - - ctx->hs->tls13.hrr = 1; - - if (!tls13_synthetic_handshake_message(ctx)) - return 0; - - if (ctx->hs->key_share != NULL) - return 0; - if (!tls1_get_supported_group(ctx->ssl, &nid)) - return 0; - if (!tls1_ec_nid2group_id(nid, &ctx->hs->tls13.server_group)) - return 0; - - if (!tls13_server_hello_build(ctx, cbb, 1)) - return 0; - - return 1; -} - -int -tls13_server_hello_retry_request_sent(struct tls13_ctx *ctx) -{ - /* - * If the client has requested middlebox compatibility mode, - * we MUST send a dummy CCS following our first handshake message. - * See RFC 8446 Appendix D.4. - */ - if (ctx->hs->tls13.legacy_session_id_len > 0) - ctx->send_dummy_ccs_after = 1; - - return 1; -} - -int -tls13_client_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs) -{ - SSL *s = ctx->ssl; - - if (!tls13_client_hello_process(ctx, cbs)) - return 0; - - /* XXX - need further checks. */ - if (s->method->version < TLS1_3_VERSION) - return 0; - - ctx->hs->tls13.hrr = 0; - - return 1; -} - -static int -tls13_servername_process(struct tls13_ctx *ctx) -{ - uint8_t alert = TLS13_ALERT_INTERNAL_ERROR; - - if (!tls13_legacy_servername_process(ctx, &alert)) { - ctx->alert = alert; - return 0; - } - - return 1; -} - -int -tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb) -{ - if (ctx->hs->key_share == NULL) - return 0; - if (!tls_key_share_generate(ctx->hs->key_share)) - return 0; - if (!tls13_servername_process(ctx)) - return 0; - - ctx->hs->tls13.server_group = 0; - - if (!tls13_server_hello_build(ctx, cbb, 0)) - return 0; - - return 1; -} - -int -tls13_server_hello_sent(struct tls13_ctx *ctx) -{ - /* - * If the client has requested middlebox compatibility mode, - * we MUST send a dummy CCS following our first handshake message. - * See RFC 8446 Appendix D.4. - */ - if ((ctx->handshake_stage.hs_type & WITHOUT_HRR) && - ctx->hs->tls13.legacy_session_id_len > 0) - ctx->send_dummy_ccs_after = 1; - - return tls13_server_engage_record_protection(ctx); -} - -int -tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx, CBB *cbb) -{ - if (!tlsext_server_build(ctx->ssl, SSL_TLSEXT_MSG_EE, cbb)) - goto err; - - return 1; - err: - return 0; -} - -int -tls13_server_certificate_request_send(struct tls13_ctx *ctx, CBB *cbb) -{ - CBB certificate_request_context; - - if (!CBB_add_u8_length_prefixed(cbb, &certificate_request_context)) - goto err; - if (!tlsext_server_build(ctx->ssl, SSL_TLSEXT_MSG_CR, cbb)) - goto err; - - if (!CBB_flush(cbb)) - goto err; - - return 1; - err: - return 0; -} - -static int -tls13_server_check_certificate(struct tls13_ctx *ctx, SSL_CERT_PKEY *cpk, - int *ok, const struct ssl_sigalg **out_sigalg) -{ - const struct ssl_sigalg *sigalg; - SSL *s = ctx->ssl; - - *ok = 0; - *out_sigalg = NULL; - - if (cpk->x509 == NULL || cpk->privatekey == NULL) - goto done; - - /* - * The digitalSignature bit MUST be set if the Key Usage extension is - * present as per RFC 8446 section 4.4.2.2. - */ - if (!(X509_get_key_usage(cpk->x509) & X509v3_KU_DIGITAL_SIGNATURE)) - goto done; - - if ((sigalg = ssl_sigalg_select(s, cpk->privatekey)) == NULL) - goto done; - - *ok = 1; - *out_sigalg = sigalg; - - done: - return 1; -} - -static int -tls13_server_select_certificate(struct tls13_ctx *ctx, SSL_CERT_PKEY **out_cpk, - const struct ssl_sigalg **out_sigalg) -{ - SSL *s = ctx->ssl; - const struct ssl_sigalg *sigalg; - SSL_CERT_PKEY *cpk; - int cert_ok; - - *out_cpk = NULL; - *out_sigalg = NULL; - - cpk = &s->cert->pkeys[SSL_PKEY_ECC]; - if (!tls13_server_check_certificate(ctx, cpk, &cert_ok, &sigalg)) - return 0; - if (cert_ok) - goto done; - - cpk = &s->cert->pkeys[SSL_PKEY_RSA]; - if (!tls13_server_check_certificate(ctx, cpk, &cert_ok, &sigalg)) - return 0; - if (cert_ok) - goto done; - - cpk = NULL; - sigalg = NULL; - - done: - *out_cpk = cpk; - *out_sigalg = sigalg; - - return 1; -} - -int -tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb) -{ - SSL *s = ctx->ssl; - CBB cert_request_context, cert_list; - const struct ssl_sigalg *sigalg; - X509_STORE_CTX *xsc = NULL; - STACK_OF(X509) *chain; - SSL_CERT_PKEY *cpk; - X509 *cert; - int i, ret = 0; - - if (!tls13_server_select_certificate(ctx, &cpk, &sigalg)) - goto err; - - if (cpk == NULL) { - /* A server must always provide a certificate. */ - ctx->alert = TLS13_ALERT_HANDSHAKE_FAILURE; - tls13_set_errorx(ctx, TLS13_ERR_NO_CERTIFICATE, 0, - "no server certificate", NULL); - goto err; - } - - ctx->hs->tls13.cpk = cpk; - ctx->hs->our_sigalg = sigalg; - - if ((chain = cpk->chain) == NULL) - chain = s->ctx->extra_certs; - - if (chain == NULL && !(s->mode & SSL_MODE_NO_AUTO_CHAIN)) { - if ((xsc = X509_STORE_CTX_new()) == NULL) - goto err; - if (!X509_STORE_CTX_init(xsc, s->ctx->cert_store, cpk->x509, NULL)) - goto err; - X509_VERIFY_PARAM_set_flags(X509_STORE_CTX_get0_param(xsc), - X509_V_FLAG_LEGACY_VERIFY); - X509_verify_cert(xsc); - ERR_clear_error(); - chain = X509_STORE_CTX_get0_chain(xsc); - } - - if (!CBB_add_u8_length_prefixed(cbb, &cert_request_context)) - goto err; - if (!CBB_add_u24_length_prefixed(cbb, &cert_list)) - goto err; - - if (!tls13_cert_add(ctx, &cert_list, cpk->x509, tlsext_server_build)) - goto err; - - for (i = 0; i < sk_X509_num(chain); i++) { - cert = sk_X509_value(chain, i); - - /* - * In the case of auto chain, the leaf certificate will be at - * the top of the chain - skip over it as we've already added - * it earlier. - */ - if (i == 0 && cert == cpk->x509) - continue; - - /* - * XXX we don't send extensions with chain certs to avoid sending - * a leaf ocsp staple with the chain certs. This needs to get - * fixed. - */ - if (!tls13_cert_add(ctx, &cert_list, cert, NULL)) - goto err; - } - - if (!CBB_flush(cbb)) - goto err; - - ret = 1; - - err: - X509_STORE_CTX_free(xsc); - - return ret; -} - -int -tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) -{ - const struct ssl_sigalg *sigalg; - uint8_t *sig = NULL, *sig_content = NULL; - size_t sig_len, sig_content_len; - EVP_MD_CTX *mdctx = NULL; - EVP_PKEY_CTX *pctx; - EVP_PKEY *pkey; - const SSL_CERT_PKEY *cpk; - CBB sig_cbb; - int ret = 0; - - memset(&sig_cbb, 0, sizeof(sig_cbb)); - - if ((cpk = ctx->hs->tls13.cpk) == NULL) - goto err; - if ((sigalg = ctx->hs->our_sigalg) == NULL) - goto err; - pkey = cpk->privatekey; - - if (!CBB_init(&sig_cbb, 0)) - goto err; - if (!CBB_add_bytes(&sig_cbb, tls13_cert_verify_pad, - sizeof(tls13_cert_verify_pad))) - goto err; - if (!CBB_add_bytes(&sig_cbb, tls13_cert_server_verify_context, - strlen(tls13_cert_server_verify_context))) - goto err; - if (!CBB_add_u8(&sig_cbb, 0)) - goto err; - if (!CBB_add_bytes(&sig_cbb, ctx->hs->tls13.transcript_hash, - ctx->hs->tls13.transcript_hash_len)) - goto err; - if (!CBB_finish(&sig_cbb, &sig_content, &sig_content_len)) - goto err; - - if ((mdctx = EVP_MD_CTX_new()) == NULL) - goto err; - if (!EVP_DigestSignInit(mdctx, &pctx, sigalg->md(), NULL, pkey)) - goto err; - if (sigalg->flags & SIGALG_FLAG_RSA_PSS) { - if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING)) - goto err; - if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) - goto err; - } - if (!EVP_DigestSign(mdctx, NULL, &sig_len, sig_content, sig_content_len)) - goto err; - if ((sig = calloc(1, sig_len)) == NULL) - goto err; - if (!EVP_DigestSign(mdctx, sig, &sig_len, sig_content, sig_content_len)) - goto err; - - if (!CBB_add_u16(cbb, sigalg->value)) - goto err; - if (!CBB_add_u16_length_prefixed(cbb, &sig_cbb)) - goto err; - if (!CBB_add_bytes(&sig_cbb, sig, sig_len)) - goto err; - - if (!CBB_flush(cbb)) - goto err; - - ret = 1; - - err: - if (!ret && ctx->alert == 0) - ctx->alert = TLS13_ALERT_INTERNAL_ERROR; - - CBB_cleanup(&sig_cbb); - EVP_MD_CTX_free(mdctx); - free(sig_content); - free(sig); - - return ret; -} - -int -tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb) -{ - struct tls13_secrets *secrets = ctx->hs->tls13.secrets; - struct tls13_secret context = { .data = "", .len = 0 }; - struct tls13_secret finished_key = { .data = NULL, .len = 0 } ; - uint8_t transcript_hash[EVP_MAX_MD_SIZE]; - size_t transcript_hash_len; - uint8_t *verify_data; - size_t verify_data_len; - unsigned int hlen; - HMAC_CTX *hmac_ctx = NULL; - CBS cbs; - int ret = 0; - - if (!tls13_secret_init(&finished_key, EVP_MD_size(ctx->hash))) - goto err; - - if (!tls13_hkdf_expand_label(&finished_key, ctx->hash, - &secrets->server_handshake_traffic, "finished", - &context)) - goto err; - - if (!tls1_transcript_hash_value(ctx->ssl, transcript_hash, - sizeof(transcript_hash), &transcript_hash_len)) - goto err; - - if ((hmac_ctx = HMAC_CTX_new()) == NULL) - goto err; - if (!HMAC_Init_ex(hmac_ctx, finished_key.data, finished_key.len, - ctx->hash, NULL)) - goto err; - if (!HMAC_Update(hmac_ctx, transcript_hash, transcript_hash_len)) - goto err; - - verify_data_len = HMAC_size(hmac_ctx); - if (!CBB_add_space(cbb, &verify_data, verify_data_len)) - goto err; - if (!HMAC_Final(hmac_ctx, verify_data, &hlen)) - goto err; - if (hlen != verify_data_len) - goto err; - - CBS_init(&cbs, verify_data, verify_data_len); - if (!CBS_write_bytes(&cbs, ctx->hs->finished, - sizeof(ctx->hs->finished), &ctx->hs->finished_len)) - goto err; - - ret = 1; - - err: - tls13_secret_cleanup(&finished_key); - HMAC_CTX_free(hmac_ctx); - - return ret; -} - -int -tls13_server_finished_sent(struct tls13_ctx *ctx) -{ - struct tls13_secrets *secrets = ctx->hs->tls13.secrets; - struct tls13_secret context = { .data = "", .len = 0 }; - - /* - * Derive application traffic keys. - */ - context.data = ctx->hs->tls13.transcript_hash; - context.len = ctx->hs->tls13.transcript_hash_len; - - if (!tls13_derive_application_secrets(secrets, &context)) - return 0; - - /* - * Any records following the server finished message must be encrypted - * using the server application traffic keys. - */ - return tls13_record_layer_set_write_traffic_key(ctx->rl, - &secrets->server_application_traffic, ssl_encryption_application); -} - -int -tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs) -{ - CBS cert_request_context, cert_list, cert_data, cert_exts; - struct stack_st_X509 *certs = NULL; - SSL *s = ctx->ssl; - X509 *cert = NULL; - const uint8_t *p; - int ret = 0; - - if (!CBS_get_u8_length_prefixed(cbs, &cert_request_context)) - goto err; - if (CBS_len(&cert_request_context) != 0) - goto err; - if (!CBS_get_u24_length_prefixed(cbs, &cert_list)) - goto err; - if (CBS_len(&cert_list) == 0) { - if (!(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) - return 1; - ctx->alert = TLS13_ALERT_CERTIFICATE_REQUIRED; - tls13_set_errorx(ctx, TLS13_ERR_NO_PEER_CERTIFICATE, 0, - "peer did not provide a certificate", NULL); - goto err; - } - - if ((certs = sk_X509_new_null()) == NULL) - goto err; - while (CBS_len(&cert_list) > 0) { - if (!CBS_get_u24_length_prefixed(&cert_list, &cert_data)) - goto err; - if (!CBS_get_u16_length_prefixed(&cert_list, &cert_exts)) - goto err; - - p = CBS_data(&cert_data); - if ((cert = d2i_X509(NULL, &p, CBS_len(&cert_data))) == NULL) - goto err; - if (p != CBS_data(&cert_data) + CBS_len(&cert_data)) - goto err; - - if (!sk_X509_push(certs, cert)) - goto err; - - cert = NULL; - } - - /* - * At this stage we still have no proof of possession. As such, it would - * be preferable to keep the chain and verify once we have successfully - * processed the CertificateVerify message. - */ - if (ssl_verify_cert_chain(s, certs) <= 0) { - ctx->alert = ssl_verify_alarm_type(s->verify_result); - tls13_set_errorx(ctx, TLS13_ERR_VERIFY_FAILED, 0, - "failed to verify peer certificate", NULL); - goto err; - } - s->session->verify_result = s->verify_result; - ERR_clear_error(); - - if (!tls_process_peer_certs(s, certs)) - goto err; - - ctx->handshake_stage.hs_type |= WITH_CCV; - ret = 1; - - err: - sk_X509_pop_free(certs, X509_free); - X509_free(cert); - - return ret; -} - -int -tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs) -{ - const struct ssl_sigalg *sigalg; - uint16_t signature_scheme; - uint8_t *sig_content = NULL; - size_t sig_content_len; - EVP_MD_CTX *mdctx = NULL; - EVP_PKEY_CTX *pctx; - EVP_PKEY *pkey; - X509 *cert; - CBS signature; - CBB cbb; - int ret = 0; - - memset(&cbb, 0, sizeof(cbb)); - - if (!CBS_get_u16(cbs, &signature_scheme)) - goto err; - if (!CBS_get_u16_length_prefixed(cbs, &signature)) - goto err; - - if (!CBB_init(&cbb, 0)) - goto err; - if (!CBB_add_bytes(&cbb, tls13_cert_verify_pad, - sizeof(tls13_cert_verify_pad))) - goto err; - if (!CBB_add_bytes(&cbb, tls13_cert_client_verify_context, - strlen(tls13_cert_client_verify_context))) - goto err; - if (!CBB_add_u8(&cbb, 0)) - goto err; - if (!CBB_add_bytes(&cbb, ctx->hs->tls13.transcript_hash, - ctx->hs->tls13.transcript_hash_len)) - goto err; - if (!CBB_finish(&cbb, &sig_content, &sig_content_len)) - goto err; - - if ((cert = ctx->ssl->session->peer_cert) == NULL) - goto err; - if ((pkey = X509_get0_pubkey(cert)) == NULL) - goto err; - if ((sigalg = ssl_sigalg_for_peer(ctx->ssl, pkey, - signature_scheme)) == NULL) - goto err; - ctx->hs->peer_sigalg = sigalg; - - if (CBS_len(&signature) > EVP_PKEY_size(pkey)) - goto err; - - if ((mdctx = EVP_MD_CTX_new()) == NULL) - goto err; - if (!EVP_DigestVerifyInit(mdctx, &pctx, sigalg->md(), NULL, pkey)) - goto err; - if (sigalg->flags & SIGALG_FLAG_RSA_PSS) { - if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING)) - goto err; - if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) - goto err; - } - if (EVP_DigestVerify(mdctx, CBS_data(&signature), CBS_len(&signature), - sig_content, sig_content_len) <= 0) { - ctx->alert = TLS13_ALERT_DECRYPT_ERROR; - goto err; - } - - ret = 1; - - err: - if (!ret && ctx->alert == 0) - ctx->alert = TLS13_ALERT_DECODE_ERROR; - - CBB_cleanup(&cbb); - EVP_MD_CTX_free(mdctx); - free(sig_content); - - return ret; -} - -int -tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx, CBS *cbs) -{ - return 0; -} - -int -tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs) -{ - struct tls13_secrets *secrets = ctx->hs->tls13.secrets; - struct tls13_secret context = { .data = "", .len = 0 }; - struct tls13_secret finished_key; - uint8_t *verify_data = NULL; - size_t verify_data_len; - uint8_t key[EVP_MAX_MD_SIZE]; - HMAC_CTX *hmac_ctx = NULL; - unsigned int hlen; - int ret = 0; - - /* - * Verify client finished. - */ - finished_key.data = key; - finished_key.len = EVP_MD_size(ctx->hash); - - if (!tls13_hkdf_expand_label(&finished_key, ctx->hash, - &secrets->client_handshake_traffic, "finished", - &context)) - goto err; - - if ((hmac_ctx = HMAC_CTX_new()) == NULL) - goto err; - if (!HMAC_Init_ex(hmac_ctx, finished_key.data, finished_key.len, - ctx->hash, NULL)) - goto err; - if (!HMAC_Update(hmac_ctx, ctx->hs->tls13.transcript_hash, - ctx->hs->tls13.transcript_hash_len)) - goto err; - verify_data_len = HMAC_size(hmac_ctx); - if ((verify_data = calloc(1, verify_data_len)) == NULL) - goto err; - if (!HMAC_Final(hmac_ctx, verify_data, &hlen)) - goto err; - if (hlen != verify_data_len) - goto err; - - if (!CBS_mem_equal(cbs, verify_data, verify_data_len)) { - ctx->alert = TLS13_ALERT_DECRYPT_ERROR; - goto err; - } - - if (!CBS_write_bytes(cbs, ctx->hs->peer_finished, - sizeof(ctx->hs->peer_finished), - &ctx->hs->peer_finished_len)) - goto err; - - if (!CBS_skip(cbs, verify_data_len)) - goto err; - - /* - * Any records following the client finished message must be encrypted - * using the client application traffic keys. - */ - if (!tls13_record_layer_set_read_traffic_key(ctx->rl, - &secrets->client_application_traffic, ssl_encryption_application)) - goto err; - - tls13_record_layer_allow_ccs(ctx->rl, 0); - - ret = 1; - - err: - HMAC_CTX_free(hmac_ctx); - free(verify_data); - - return ret; -} diff --git a/src/lib/libssl/tls_buffer.c b/src/lib/libssl/tls_buffer.c deleted file mode 100644 index 517d66d685..0000000000 --- a/src/lib/libssl/tls_buffer.c +++ /dev/null @@ -1,257 +0,0 @@ -/* $OpenBSD: tls_buffer.c,v 1.4 2022/11/10 18:06:37 jsing Exp $ */ -/* - * Copyright (c) 2018, 2019, 2022 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include - -#include "bytestring.h" -#include "tls_internal.h" - -#define TLS_BUFFER_CAPACITY_LIMIT (1024 * 1024) - -struct tls_buffer { - size_t capacity; - size_t capacity_limit; - uint8_t *data; - size_t len; - size_t offset; -}; - -static int tls_buffer_resize(struct tls_buffer *buf, size_t capacity); - -struct tls_buffer * -tls_buffer_new(size_t init_size) -{ - struct tls_buffer *buf = NULL; - - if ((buf = calloc(1, sizeof(struct tls_buffer))) == NULL) - goto err; - - buf->capacity_limit = TLS_BUFFER_CAPACITY_LIMIT; - - if (!tls_buffer_resize(buf, init_size)) - goto err; - - return buf; - - err: - tls_buffer_free(buf); - - return NULL; -} - -void -tls_buffer_clear(struct tls_buffer *buf) -{ - freezero(buf->data, buf->capacity); - - buf->data = NULL; - buf->capacity = 0; - buf->len = 0; - buf->offset = 0; -} - -void -tls_buffer_free(struct tls_buffer *buf) -{ - if (buf == NULL) - return; - - tls_buffer_clear(buf); - - freezero(buf, sizeof(struct tls_buffer)); -} - -static int -tls_buffer_grow(struct tls_buffer *buf, size_t capacity) -{ - if (buf->capacity >= capacity) - return 1; - - return tls_buffer_resize(buf, capacity); -} - -static int -tls_buffer_resize(struct tls_buffer *buf, size_t capacity) -{ - uint8_t *data; - - /* - * XXX - Consider maintaining a minimum size and growing more - * intelligently (rather than exactly). - */ - if (buf->capacity == capacity) - return 1; - - if (capacity > buf->capacity_limit) - return 0; - - if ((data = recallocarray(buf->data, buf->capacity, capacity, 1)) == NULL) - return 0; - - buf->data = data; - buf->capacity = capacity; - - /* Ensure that len and offset are valid if capacity decreased. */ - if (buf->len > buf->capacity) - buf->len = buf->capacity; - if (buf->offset > buf->len) - buf->offset = buf->len; - - return 1; -} - -void -tls_buffer_set_capacity_limit(struct tls_buffer *buf, size_t limit) -{ - /* - * XXX - do we want to force a resize if this limit is less than current - * capacity... and what do we do with existing data? Force a clear? - */ - buf->capacity_limit = limit; -} - -ssize_t -tls_buffer_extend(struct tls_buffer *buf, size_t len, - tls_read_cb read_cb, void *cb_arg) -{ - ssize_t ret; - - if (len == buf->len) - return buf->len; - - if (len < buf->len) - return TLS_IO_FAILURE; - - if (!tls_buffer_resize(buf, len)) - return TLS_IO_FAILURE; - - for (;;) { - if ((ret = read_cb(&buf->data[buf->len], - buf->capacity - buf->len, cb_arg)) <= 0) - return ret; - - if (ret > buf->capacity - buf->len) - return TLS_IO_FAILURE; - - buf->len += ret; - - if (buf->len == buf->capacity) - return buf->len; - } -} - -size_t -tls_buffer_remaining(struct tls_buffer *buf) -{ - if (buf->offset > buf->len) - return 0; - - return buf->len - buf->offset; -} - -ssize_t -tls_buffer_read(struct tls_buffer *buf, uint8_t *rbuf, size_t n) -{ - if (buf->offset > buf->len) - return TLS_IO_FAILURE; - - if (buf->offset == buf->len) - return TLS_IO_WANT_POLLIN; - - if (n > buf->len - buf->offset) - n = buf->len - buf->offset; - - memcpy(rbuf, &buf->data[buf->offset], n); - - buf->offset += n; - - return n; -} - -ssize_t -tls_buffer_write(struct tls_buffer *buf, const uint8_t *wbuf, size_t n) -{ - if (buf->offset > buf->len) - return TLS_IO_FAILURE; - - /* - * To avoid continually growing the buffer, pull data up to the - * start of the buffer. If all data has been read then we can simply - * reset, otherwise wait until we're going to save at least 4KB of - * memory to reduce overhead. - */ - if (buf->offset == buf->len) { - buf->len = 0; - buf->offset = 0; - } - if (buf->offset >= 4096) { - memmove(buf->data, &buf->data[buf->offset], - buf->len - buf->offset); - buf->len -= buf->offset; - buf->offset = 0; - } - - if (buf->len > SIZE_MAX - n) - return TLS_IO_FAILURE; - if (!tls_buffer_grow(buf, buf->len + n)) - return TLS_IO_FAILURE; - - memcpy(&buf->data[buf->len], wbuf, n); - - buf->len += n; - - return n; -} - -int -tls_buffer_append(struct tls_buffer *buf, const uint8_t *wbuf, size_t n) -{ - return tls_buffer_write(buf, wbuf, n) == n; -} - -int -tls_buffer_data(struct tls_buffer *buf, CBS *out_cbs) -{ - CBS cbs; - - CBS_init(&cbs, buf->data, buf->len); - - if (!CBS_skip(&cbs, buf->offset)) - return 0; - - CBS_dup(&cbs, out_cbs); - - return 1; -} - -int -tls_buffer_finish(struct tls_buffer *buf, uint8_t **out, size_t *out_len) -{ - if (out == NULL || out_len == NULL) - return 0; - - *out = buf->data; - *out_len = buf->len; - - buf->data = NULL; - buf->capacity = 0; - buf->len = 0; - buf->offset = 0; - - return 1; -} diff --git a/src/lib/libssl/tls_content.c b/src/lib/libssl/tls_content.c deleted file mode 100644 index 726de0fdc4..0000000000 --- a/src/lib/libssl/tls_content.c +++ /dev/null @@ -1,164 +0,0 @@ -/* $OpenBSD: tls_content.c,v 1.2 2022/11/11 17:15:27 jsing Exp $ */ -/* - * Copyright (c) 2020 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include - -#include "tls_content.h" - -/* Content from a TLS record. */ -struct tls_content { - uint8_t type; - uint16_t epoch; - - const uint8_t *data; - size_t data_len; - CBS cbs; -}; - -struct tls_content * -tls_content_new(void) -{ - return calloc(1, sizeof(struct tls_content)); -} - -void -tls_content_clear(struct tls_content *content) -{ - freezero((void *)content->data, content->data_len); - memset(content, 0, sizeof(*content)); -} - -void -tls_content_free(struct tls_content *content) -{ - if (content == NULL) - return; - - tls_content_clear(content); - - freezero(content, sizeof(struct tls_content)); -} - -CBS * -tls_content_cbs(struct tls_content *content) -{ - return &content->cbs; -} - -int -tls_content_equal(struct tls_content *content, const uint8_t *buf, size_t n) -{ - return CBS_mem_equal(&content->cbs, buf, n); -} - -size_t -tls_content_remaining(struct tls_content *content) -{ - return CBS_len(&content->cbs); -} - -uint8_t -tls_content_type(struct tls_content *content) -{ - return content->type; -} - -int -tls_content_dup_data(struct tls_content *content, uint8_t type, - const uint8_t *data, size_t data_len) -{ - uint8_t *dup; - - if ((dup = calloc(1, data_len)) == NULL) - return 0; - memcpy(dup, data, data_len); - - tls_content_set_data(content, type, dup, data_len); - - return 1; -} - -uint16_t -tls_content_epoch(struct tls_content *content) -{ - return content->epoch; -} - -void -tls_content_set_epoch(struct tls_content *content, uint16_t epoch) -{ - content->epoch = epoch; -} - -void -tls_content_set_data(struct tls_content *content, uint8_t type, - const uint8_t *data, size_t data_len) -{ - tls_content_clear(content); - - content->type = type; - content->data = data; - content->data_len = data_len; - - CBS_init(&content->cbs, content->data, content->data_len); -} - -int -tls_content_set_bounds(struct tls_content *content, size_t offset, size_t len) -{ - size_t content_len; - - content_len = offset + len; - if (content_len < len) - return 0; - if (content_len > content->data_len) - return 0; - - CBS_init(&content->cbs, content->data, content_len); - return CBS_skip(&content->cbs, offset); -} - -static ssize_t -tls_content_read_internal(struct tls_content *content, uint8_t *buf, size_t n, - int peek) -{ - if (n > CBS_len(&content->cbs)) - n = CBS_len(&content->cbs); - - /* XXX - CBS_memcpy? CBS_copy_bytes? */ - memcpy(buf, CBS_data(&content->cbs), n); - - if (!peek) { - if (!CBS_skip(&content->cbs, n)) - return -1; - } - - return n; -} - -ssize_t -tls_content_peek(struct tls_content *content, uint8_t *buf, size_t n) -{ - return tls_content_read_internal(content, buf, n, 1); -} - -ssize_t -tls_content_read(struct tls_content *content, uint8_t *buf, size_t n) -{ - return tls_content_read_internal(content, buf, n, 0); -} diff --git a/src/lib/libssl/tls_content.h b/src/lib/libssl/tls_content.h deleted file mode 100644 index b807248f60..0000000000 --- a/src/lib/libssl/tls_content.h +++ /dev/null @@ -1,50 +0,0 @@ -/* $OpenBSD: tls_content.h,v 1.2 2022/11/11 17:15:27 jsing Exp $ */ -/* - * Copyright (c) 2020 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef HEADER_TLS_CONTENT_H -#define HEADER_TLS_CONTENT_H - -#include "bytestring.h" - -__BEGIN_HIDDEN_DECLS - -struct tls_content; - -struct tls_content *tls_content_new(void); -void tls_content_clear(struct tls_content *content); -void tls_content_free(struct tls_content *content); - -CBS *tls_content_cbs(struct tls_content *content); -int tls_content_equal(struct tls_content *content, const uint8_t *buf, size_t n); -size_t tls_content_remaining(struct tls_content *content); -uint8_t tls_content_type(struct tls_content *content); -uint16_t tls_content_epoch(struct tls_content *content); - -int tls_content_dup_data(struct tls_content *content, uint8_t type, - const uint8_t *data, size_t data_len); -void tls_content_set_data(struct tls_content *content, uint8_t type, - const uint8_t *data, size_t data_len); -int tls_content_set_bounds(struct tls_content *content, size_t offset, - size_t len); -void tls_content_set_epoch(struct tls_content *content, uint16_t epoch); - -ssize_t tls_content_peek(struct tls_content *content, uint8_t *buf, size_t n); -ssize_t tls_content_read(struct tls_content *content, uint8_t *buf, size_t n); - -__END_HIDDEN_DECLS - -#endif diff --git a/src/lib/libssl/tls_internal.h b/src/lib/libssl/tls_internal.h deleted file mode 100644 index 84edde8474..0000000000 --- a/src/lib/libssl/tls_internal.h +++ /dev/null @@ -1,101 +0,0 @@ -/* $OpenBSD: tls_internal.h,v 1.10 2022/11/10 18:06:37 jsing Exp $ */ -/* - * Copyright (c) 2018, 2019, 2021 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef HEADER_TLS_INTERNAL_H -#define HEADER_TLS_INTERNAL_H - -#include -#include - -#include "bytestring.h" - -__BEGIN_HIDDEN_DECLS - -#define TLS_IO_SUCCESS 1 -#define TLS_IO_EOF 0 -#define TLS_IO_FAILURE -1 -#define TLS_IO_ALERT -2 -#define TLS_IO_WANT_POLLIN -3 -#define TLS_IO_WANT_POLLOUT -4 -#define TLS_IO_WANT_RETRY -5 /* Retry the previous call immediately. */ - -enum ssl_encryption_level_t; - -struct tls13_secret; - -/* - * Callbacks. - */ -typedef ssize_t (*tls_read_cb)(void *_buf, size_t _buflen, void *_cb_arg); -typedef ssize_t (*tls_write_cb)(const void *_buf, size_t _buflen, - void *_cb_arg); -typedef ssize_t (*tls_flush_cb)(void *_cb_arg); - -typedef ssize_t (*tls_handshake_read_cb)(void *_buf, size_t _buflen, - void *_cb_arg); -typedef ssize_t (*tls_handshake_write_cb)(const void *_buf, size_t _buflen, - void *_cb_arg); -typedef int (*tls_traffic_key_cb)(struct tls13_secret *key, - enum ssl_encryption_level_t level, void *_cb_arg); -typedef int (*tls_alert_send_cb)(int _alert_desc, void *_cb_arg); - -/* - * Buffers. - */ -struct tls_buffer; - -struct tls_buffer *tls_buffer_new(size_t init_size); -void tls_buffer_clear(struct tls_buffer *buf); -void tls_buffer_free(struct tls_buffer *buf); -void tls_buffer_set_capacity_limit(struct tls_buffer *buf, size_t limit); -ssize_t tls_buffer_extend(struct tls_buffer *buf, size_t len, - tls_read_cb read_cb, void *cb_arg); -size_t tls_buffer_remaining(struct tls_buffer *buf); -ssize_t tls_buffer_read(struct tls_buffer *buf, uint8_t *rbuf, size_t n); -ssize_t tls_buffer_write(struct tls_buffer *buf, const uint8_t *wbuf, size_t n); -int tls_buffer_append(struct tls_buffer *buf, const uint8_t *wbuf, size_t n); -int tls_buffer_data(struct tls_buffer *buf, CBS *cbs); -int tls_buffer_finish(struct tls_buffer *buf, uint8_t **out, size_t *out_len); - -/* - * Key shares. - */ -struct tls_key_share; - -struct tls_key_share *tls_key_share_new(uint16_t group_id); -struct tls_key_share *tls_key_share_new_nid(int nid); -void tls_key_share_free(struct tls_key_share *ks); - -uint16_t tls_key_share_group(struct tls_key_share *ks); -int tls_key_share_nid(struct tls_key_share *ks); -void tls_key_share_set_key_bits(struct tls_key_share *ks, size_t key_bits); -int tls_key_share_set_dh_params(struct tls_key_share *ks, DH *dh_params); -int tls_key_share_peer_pkey(struct tls_key_share *ks, EVP_PKEY *pkey); -int tls_key_share_generate(struct tls_key_share *ks); -int tls_key_share_params(struct tls_key_share *ks, CBB *cbb); -int tls_key_share_public(struct tls_key_share *ks, CBB *cbb); -int tls_key_share_peer_params(struct tls_key_share *ks, CBS *cbs, - int *decode_error, int *invalid_params); -int tls_key_share_peer_public(struct tls_key_share *ks, CBS *cbs, - int *decode_error, int *invalid_key); -int tls_key_share_derive(struct tls_key_share *ks, uint8_t **shared_key, - size_t *shared_key_len); -int tls_key_share_peer_security(const SSL *ssl, struct tls_key_share *ks); - -__END_HIDDEN_DECLS - -#endif diff --git a/src/lib/libssl/tls_key_share.c b/src/lib/libssl/tls_key_share.c deleted file mode 100644 index cf7b1da262..0000000000 --- a/src/lib/libssl/tls_key_share.c +++ /dev/null @@ -1,484 +0,0 @@ -/* $OpenBSD: tls_key_share.c,v 1.8 2022/11/26 16:08:56 tb Exp $ */ -/* - * Copyright (c) 2020, 2021 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#include -#include -#include -#include - -#include "bytestring.h" -#include "ssl_local.h" -#include "tls_internal.h" - -struct tls_key_share { - int nid; - uint16_t group_id; - size_t key_bits; - - DH *dhe; - DH *dhe_peer; - - EC_KEY *ecdhe; - EC_KEY *ecdhe_peer; - - uint8_t *x25519_public; - uint8_t *x25519_private; - uint8_t *x25519_peer_public; -}; - -static struct tls_key_share * -tls_key_share_new_internal(int nid, uint16_t group_id) -{ - struct tls_key_share *ks; - - if ((ks = calloc(1, sizeof(struct tls_key_share))) == NULL) - return NULL; - - ks->group_id = group_id; - ks->nid = nid; - - return ks; -} - -struct tls_key_share * -tls_key_share_new(uint16_t group_id) -{ - int nid; - - if (!tls1_ec_group_id2nid(group_id, &nid)) - return NULL; - - return tls_key_share_new_internal(nid, group_id); -} - -struct tls_key_share * -tls_key_share_new_nid(int nid) -{ - uint16_t group_id = 0; - - if (nid != NID_dhKeyAgreement) { - if (!tls1_ec_nid2group_id(nid, &group_id)) - return NULL; - } - - return tls_key_share_new_internal(nid, group_id); -} - -void -tls_key_share_free(struct tls_key_share *ks) -{ - if (ks == NULL) - return; - - DH_free(ks->dhe); - DH_free(ks->dhe_peer); - - EC_KEY_free(ks->ecdhe); - EC_KEY_free(ks->ecdhe_peer); - - freezero(ks->x25519_public, X25519_KEY_LENGTH); - freezero(ks->x25519_private, X25519_KEY_LENGTH); - freezero(ks->x25519_peer_public, X25519_KEY_LENGTH); - - freezero(ks, sizeof(*ks)); -} - -uint16_t -tls_key_share_group(struct tls_key_share *ks) -{ - return ks->group_id; -} - -int -tls_key_share_nid(struct tls_key_share *ks) -{ - return ks->nid; -} - -void -tls_key_share_set_key_bits(struct tls_key_share *ks, size_t key_bits) -{ - ks->key_bits = key_bits; -} - -int -tls_key_share_set_dh_params(struct tls_key_share *ks, DH *dh_params) -{ - if (ks->nid != NID_dhKeyAgreement) - return 0; - if (ks->dhe != NULL || ks->dhe_peer != NULL) - return 0; - - if ((ks->dhe = DHparams_dup(dh_params)) == NULL) - return 0; - if ((ks->dhe_peer = DHparams_dup(dh_params)) == NULL) - return 0; - - return 1; -} - -int -tls_key_share_peer_pkey(struct tls_key_share *ks, EVP_PKEY *pkey) -{ - if (ks->nid == NID_dhKeyAgreement && ks->dhe_peer != NULL) - return EVP_PKEY_set1_DH(pkey, ks->dhe_peer); - - if (ks->nid == NID_X25519 && ks->x25519_peer_public != NULL) - return ssl_kex_dummy_ecdhe_x25519(pkey); - - if (ks->ecdhe_peer != NULL) - return EVP_PKEY_set1_EC_KEY(pkey, ks->ecdhe_peer); - - return 0; -} - -static int -tls_key_share_generate_dhe(struct tls_key_share *ks) -{ - /* - * If auto params are not being used then we must already have DH - * parameters set. - */ - if (ks->key_bits == 0) { - if (ks->dhe == NULL) - return 0; - - return ssl_kex_generate_dhe(ks->dhe, ks->dhe); - } - - if (ks->dhe != NULL || ks->dhe_peer != NULL) - return 0; - - if ((ks->dhe = DH_new()) == NULL) - return 0; - if (!ssl_kex_generate_dhe_params_auto(ks->dhe, ks->key_bits)) - return 0; - if ((ks->dhe_peer = DHparams_dup(ks->dhe)) == NULL) - return 0; - - return 1; -} - -static int -tls_key_share_generate_ecdhe_ecp(struct tls_key_share *ks) -{ - EC_KEY *ecdhe = NULL; - int ret = 0; - - if (ks->ecdhe != NULL) - goto err; - - if ((ecdhe = EC_KEY_new()) == NULL) - goto err; - if (!ssl_kex_generate_ecdhe_ecp(ecdhe, ks->nid)) - goto err; - - ks->ecdhe = ecdhe; - ecdhe = NULL; - - ret = 1; - - err: - EC_KEY_free(ecdhe); - - return ret; -} - -static int -tls_key_share_generate_x25519(struct tls_key_share *ks) -{ - uint8_t *public = NULL, *private = NULL; - int ret = 0; - - if (ks->x25519_public != NULL || ks->x25519_private != NULL) - goto err; - - if ((public = calloc(1, X25519_KEY_LENGTH)) == NULL) - goto err; - if ((private = calloc(1, X25519_KEY_LENGTH)) == NULL) - goto err; - - X25519_keypair(public, private); - - ks->x25519_public = public; - ks->x25519_private = private; - public = NULL; - private = NULL; - - ret = 1; - - err: - freezero(public, X25519_KEY_LENGTH); - freezero(private, X25519_KEY_LENGTH); - - return ret; -} - -int -tls_key_share_generate(struct tls_key_share *ks) -{ - if (ks->nid == NID_dhKeyAgreement) - return tls_key_share_generate_dhe(ks); - - if (ks->nid == NID_X25519) - return tls_key_share_generate_x25519(ks); - - return tls_key_share_generate_ecdhe_ecp(ks); -} - -static int -tls_key_share_params_dhe(struct tls_key_share *ks, CBB *cbb) -{ - if (ks->dhe == NULL) - return 0; - - return ssl_kex_params_dhe(ks->dhe, cbb); -} - -int -tls_key_share_params(struct tls_key_share *ks, CBB *cbb) -{ - if (ks->nid == NID_dhKeyAgreement) - return tls_key_share_params_dhe(ks, cbb); - - return 0; -} - -static int -tls_key_share_public_dhe(struct tls_key_share *ks, CBB *cbb) -{ - if (ks->dhe == NULL) - return 0; - - return ssl_kex_public_dhe(ks->dhe, cbb); -} - -static int -tls_key_share_public_ecdhe_ecp(struct tls_key_share *ks, CBB *cbb) -{ - if (ks->ecdhe == NULL) - return 0; - - return ssl_kex_public_ecdhe_ecp(ks->ecdhe, cbb); -} - -static int -tls_key_share_public_x25519(struct tls_key_share *ks, CBB *cbb) -{ - if (ks->x25519_public == NULL) - return 0; - - return CBB_add_bytes(cbb, ks->x25519_public, X25519_KEY_LENGTH); -} - -int -tls_key_share_public(struct tls_key_share *ks, CBB *cbb) -{ - if (ks->nid == NID_dhKeyAgreement) - return tls_key_share_public_dhe(ks, cbb); - - if (ks->nid == NID_X25519) - return tls_key_share_public_x25519(ks, cbb); - - return tls_key_share_public_ecdhe_ecp(ks, cbb); -} - -static int -tls_key_share_peer_params_dhe(struct tls_key_share *ks, CBS *cbs, - int *decode_error, int *invalid_params) -{ - if (ks->dhe != NULL || ks->dhe_peer != NULL) - return 0; - - if ((ks->dhe_peer = DH_new()) == NULL) - return 0; - if (!ssl_kex_peer_params_dhe(ks->dhe_peer, cbs, decode_error, - invalid_params)) - return 0; - if ((ks->dhe = DHparams_dup(ks->dhe_peer)) == NULL) - return 0; - - return 1; -} - -int -tls_key_share_peer_params(struct tls_key_share *ks, CBS *cbs, - int *decode_error, int *invalid_params) -{ - if (ks->nid != NID_dhKeyAgreement) - return 0; - - return tls_key_share_peer_params_dhe(ks, cbs, decode_error, - invalid_params); -} - -static int -tls_key_share_peer_public_dhe(struct tls_key_share *ks, CBS *cbs, - int *decode_error, int *invalid_key) -{ - if (ks->dhe_peer == NULL) - return 0; - - return ssl_kex_peer_public_dhe(ks->dhe_peer, cbs, decode_error, - invalid_key); -} - -static int -tls_key_share_peer_public_ecdhe_ecp(struct tls_key_share *ks, CBS *cbs) -{ - EC_KEY *ecdhe = NULL; - int ret = 0; - - if (ks->ecdhe_peer != NULL) - goto err; - - if ((ecdhe = EC_KEY_new()) == NULL) - goto err; - if (!ssl_kex_peer_public_ecdhe_ecp(ecdhe, ks->nid, cbs)) - goto err; - - ks->ecdhe_peer = ecdhe; - ecdhe = NULL; - - ret = 1; - - err: - EC_KEY_free(ecdhe); - - return ret; -} - -static int -tls_key_share_peer_public_x25519(struct tls_key_share *ks, CBS *cbs, - int *decode_error) -{ - size_t out_len; - - *decode_error = 0; - - if (ks->x25519_peer_public != NULL) - return 0; - - if (CBS_len(cbs) != X25519_KEY_LENGTH) { - *decode_error = 1; - return 0; - } - - return CBS_stow(cbs, &ks->x25519_peer_public, &out_len); -} - -int -tls_key_share_peer_public(struct tls_key_share *ks, CBS *cbs, int *decode_error, - int *invalid_key) -{ - *decode_error = 0; - - if (invalid_key != NULL) - *invalid_key = 0; - - if (ks->nid == NID_dhKeyAgreement) - return tls_key_share_peer_public_dhe(ks, cbs, decode_error, - invalid_key); - - if (ks->nid == NID_X25519) - return tls_key_share_peer_public_x25519(ks, cbs, decode_error); - - return tls_key_share_peer_public_ecdhe_ecp(ks, cbs); -} - -static int -tls_key_share_derive_dhe(struct tls_key_share *ks, - uint8_t **shared_key, size_t *shared_key_len) -{ - if (ks->dhe == NULL || ks->dhe_peer == NULL) - return 0; - - return ssl_kex_derive_dhe(ks->dhe, ks->dhe_peer, shared_key, - shared_key_len); -} - -static int -tls_key_share_derive_ecdhe_ecp(struct tls_key_share *ks, - uint8_t **shared_key, size_t *shared_key_len) -{ - if (ks->ecdhe == NULL || ks->ecdhe_peer == NULL) - return 0; - - return ssl_kex_derive_ecdhe_ecp(ks->ecdhe, ks->ecdhe_peer, - shared_key, shared_key_len); -} - -static int -tls_key_share_derive_x25519(struct tls_key_share *ks, - uint8_t **shared_key, size_t *shared_key_len) -{ - uint8_t *sk = NULL; - int ret = 0; - - if (ks->x25519_private == NULL || ks->x25519_peer_public == NULL) - goto err; - - if ((sk = calloc(1, X25519_KEY_LENGTH)) == NULL) - goto err; - if (!X25519(sk, ks->x25519_private, ks->x25519_peer_public)) - goto err; - - *shared_key = sk; - *shared_key_len = X25519_KEY_LENGTH; - sk = NULL; - - ret = 1; - - err: - freezero(sk, X25519_KEY_LENGTH); - - return ret; -} - -int -tls_key_share_derive(struct tls_key_share *ks, uint8_t **shared_key, - size_t *shared_key_len) -{ - if (*shared_key != NULL) - return 0; - - *shared_key_len = 0; - - if (ks->nid == NID_dhKeyAgreement) - return tls_key_share_derive_dhe(ks, shared_key, - shared_key_len); - - if (ks->nid == NID_X25519) - return tls_key_share_derive_x25519(ks, shared_key, - shared_key_len); - - return tls_key_share_derive_ecdhe_ecp(ks, shared_key, - shared_key_len); -} - -int -tls_key_share_peer_security(const SSL *ssl, struct tls_key_share *ks) -{ - switch (ks->nid) { - case NID_dhKeyAgreement: - return ssl_security_dh(ssl, ks->dhe_peer); - default: - return 0; - } -} diff --git a/src/lib/libssl/tls_lib.c b/src/lib/libssl/tls_lib.c deleted file mode 100644 index db734c34e4..0000000000 --- a/src/lib/libssl/tls_lib.c +++ /dev/null @@ -1,68 +0,0 @@ -/* $OpenBSD: tls_lib.c,v 1.3 2022/11/26 16:08:56 tb Exp $ */ -/* - * Copyright (c) 2019, 2021 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "ssl_local.h" - -int -tls_process_peer_certs(SSL *s, STACK_OF(X509) *peer_certs) -{ - STACK_OF(X509) *peer_certs_no_leaf; - X509 *peer_cert = NULL; - EVP_PKEY *pkey; - int cert_type; - int ret = 0; - - if (sk_X509_num(peer_certs) < 1) - goto err; - peer_cert = sk_X509_value(peer_certs, 0); - X509_up_ref(peer_cert); - - if ((pkey = X509_get0_pubkey(peer_cert)) == NULL) { - SSLerror(s, SSL_R_NO_PUBLICKEY); - goto err; - } - if (EVP_PKEY_missing_parameters(pkey)) { - SSLerror(s, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); - goto err; - } - if ((cert_type = ssl_cert_type(pkey)) < 0) { - SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE); - goto err; - } - - s->session->peer_cert_type = cert_type; - - X509_free(s->session->peer_cert); - s->session->peer_cert = peer_cert; - peer_cert = NULL; - - sk_X509_pop_free(s->s3->hs.peer_certs, X509_free); - if ((s->s3->hs.peer_certs = X509_chain_up_ref(peer_certs)) == NULL) - goto err; - - if ((peer_certs_no_leaf = X509_chain_up_ref(peer_certs)) == NULL) - goto err; - X509_free(sk_X509_shift(peer_certs_no_leaf)); - sk_X509_pop_free(s->s3->hs.peer_certs_no_leaf, X509_free); - s->s3->hs.peer_certs_no_leaf = peer_certs_no_leaf; - - ret = 1; - err: - X509_free(peer_cert); - - return ret; -} -- cgit v1.2.3-55-g6feb