diff options
Diffstat (limited to 'main/openssl/ssl')
59 files changed, 0 insertions, 58420 deletions
diff --git a/main/openssl b/main/openssl new file mode 160000 +Subproject 4d377a9ce111930d8a8f06dc0e94a892a7f6c51 diff --git a/main/openssl/ssl/bio_ssl.c b/main/openssl/ssl/bio_ssl.c deleted file mode 100644 index 06a13de4..00000000 --- a/main/openssl/ssl/bio_ssl.c +++ /dev/null @@ -1,613 +0,0 @@ -/* ssl/bio_ssl.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <errno.h> -#include <openssl/crypto.h> -#include <openssl/bio.h> -#include <openssl/err.h> -#include <openssl/ssl.h> - -static int ssl_write(BIO *h, const char *buf, int num); -static int ssl_read(BIO *h, char *buf, int size); -static int ssl_puts(BIO *h, const char *str); -static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int ssl_new(BIO *h); -static int ssl_free(BIO *data); -static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); -typedef struct bio_ssl_st - { - SSL *ssl; /* The ssl handle :-) */ - /* re-negotiate every time the total number of bytes is this size */ - int num_renegotiates; - unsigned long renegotiate_count; - unsigned long byte_count; - unsigned long renegotiate_timeout; - unsigned long last_time; - } BIO_SSL; - -static BIO_METHOD methods_sslp= - { - BIO_TYPE_SSL,"ssl", - ssl_write, - ssl_read, - ssl_puts, - NULL, /* ssl_gets, */ - ssl_ctrl, - ssl_new, - ssl_free, - ssl_callback_ctrl, - }; - -BIO_METHOD *BIO_f_ssl(void) - { - return(&methods_sslp); - } - -static int ssl_new(BIO *bi) - { - BIO_SSL *bs; - - bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL)); - if (bs == NULL) - { - BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE); - return(0); - } - memset(bs,0,sizeof(BIO_SSL)); - bi->init=0; - bi->ptr=(char *)bs; - bi->flags=0; - return(1); - } - -static int ssl_free(BIO *a) - { - BIO_SSL *bs; - - if (a == NULL) return(0); - bs=(BIO_SSL *)a->ptr; - if (bs->ssl != NULL) SSL_shutdown(bs->ssl); - if (a->shutdown) - { - if (a->init && (bs->ssl != NULL)) - SSL_free(bs->ssl); - a->init=0; - a->flags=0; - } - if (a->ptr != NULL) - OPENSSL_free(a->ptr); - return(1); - } - -static int ssl_read(BIO *b, char *out, int outl) - { - int ret=1; - BIO_SSL *sb; - SSL *ssl; - int retry_reason=0; - int r=0; - - if (out == NULL) return(0); - sb=(BIO_SSL *)b->ptr; - ssl=sb->ssl; - - BIO_clear_retry_flags(b); - -#if 0 - if (!SSL_is_init_finished(ssl)) - { -/* ret=SSL_do_handshake(ssl); */ - if (ret > 0) - { - - outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); - ret= -1; - goto end; - } - } -#endif -/* if (ret > 0) */ - ret=SSL_read(ssl,out,outl); - - switch (SSL_get_error(ssl,ret)) - { - case SSL_ERROR_NONE: - if (ret <= 0) break; - if (sb->renegotiate_count > 0) - { - sb->byte_count+=ret; - if (sb->byte_count > sb->renegotiate_count) - { - sb->byte_count=0; - sb->num_renegotiates++; - SSL_renegotiate(ssl); - r=1; - } - } - if ((sb->renegotiate_timeout > 0) && (!r)) - { - unsigned long tm; - - tm=(unsigned long)time(NULL); - if (tm > sb->last_time+sb->renegotiate_timeout) - { - sb->last_time=tm; - sb->num_renegotiates++; - SSL_renegotiate(ssl); - } - } - - break; - case SSL_ERROR_WANT_READ: - BIO_set_retry_read(b); - break; - case SSL_ERROR_WANT_WRITE: - BIO_set_retry_write(b); - break; - case SSL_ERROR_WANT_X509_LOOKUP: - BIO_set_retry_special(b); - retry_reason=BIO_RR_SSL_X509_LOOKUP; - break; - case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP: - BIO_set_retry_special(b); - retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP; - break; - case SSL_ERROR_WANT_ACCEPT: - BIO_set_retry_special(b); - retry_reason=BIO_RR_ACCEPT; - break; - case SSL_ERROR_WANT_CONNECT: - BIO_set_retry_special(b); - retry_reason=BIO_RR_CONNECT; - break; - case SSL_ERROR_SYSCALL: - case SSL_ERROR_SSL: - case SSL_ERROR_ZERO_RETURN: - default: - break; - } - - b->retry_reason=retry_reason; - return(ret); - } - -static int ssl_write(BIO *b, const char *out, int outl) - { - int ret,r=0; - int retry_reason=0; - SSL *ssl; - BIO_SSL *bs; - - if (out == NULL) return(0); - bs=(BIO_SSL *)b->ptr; - ssl=bs->ssl; - - BIO_clear_retry_flags(b); - -/* ret=SSL_do_handshake(ssl); - if (ret > 0) */ - ret=SSL_write(ssl,out,outl); - - switch (SSL_get_error(ssl,ret)) - { - case SSL_ERROR_NONE: - if (ret <= 0) break; - if (bs->renegotiate_count > 0) - { - bs->byte_count+=ret; - if (bs->byte_count > bs->renegotiate_count) - { - bs->byte_count=0; - bs->num_renegotiates++; - SSL_renegotiate(ssl); - r=1; - } - } - if ((bs->renegotiate_timeout > 0) && (!r)) - { - unsigned long tm; - - tm=(unsigned long)time(NULL); - if (tm > bs->last_time+bs->renegotiate_timeout) - { - bs->last_time=tm; - bs->num_renegotiates++; - SSL_renegotiate(ssl); - } - } - break; - case SSL_ERROR_WANT_WRITE: - BIO_set_retry_write(b); - break; - case SSL_ERROR_WANT_READ: - BIO_set_retry_read(b); - break; - case SSL_ERROR_WANT_X509_LOOKUP: - BIO_set_retry_special(b); - retry_reason=BIO_RR_SSL_X509_LOOKUP; - break; - case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP: - BIO_set_retry_special(b); - retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP; - break; - case SSL_ERROR_WANT_CONNECT: - BIO_set_retry_special(b); - retry_reason=BIO_RR_CONNECT; - case SSL_ERROR_SYSCALL: - case SSL_ERROR_SSL: - default: - break; - } - - b->retry_reason=retry_reason; - return(ret); - } - -static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) - { - SSL **sslp,*ssl; - BIO_SSL *bs; - BIO *dbio,*bio; - long ret=1; - - bs=(BIO_SSL *)b->ptr; - ssl=bs->ssl; - if ((ssl == NULL) && (cmd != BIO_C_SET_SSL)) - return(0); - switch (cmd) - { - case BIO_CTRL_RESET: - SSL_shutdown(ssl); - - if (ssl->handshake_func == ssl->method->ssl_connect) - SSL_set_connect_state(ssl); - else if (ssl->handshake_func == ssl->method->ssl_accept) - SSL_set_accept_state(ssl); - - SSL_clear(ssl); - - if (b->next_bio != NULL) - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - else if (ssl->rbio != NULL) - ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); - else - ret=1; - break; - case BIO_CTRL_INFO: - ret=0; - break; - case BIO_C_SSL_MODE: - if (num) /* client mode */ - SSL_set_connect_state(ssl); - else - SSL_set_accept_state(ssl); - break; - case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT: - ret=bs->renegotiate_timeout; - if (num < 60) num=5; - bs->renegotiate_timeout=(unsigned long)num; - bs->last_time=(unsigned long)time(NULL); - break; - case BIO_C_SET_SSL_RENEGOTIATE_BYTES: - ret=bs->renegotiate_count; - if ((long)num >=512) - bs->renegotiate_count=(unsigned long)num; - break; - case BIO_C_GET_SSL_NUM_RENEGOTIATES: - ret=bs->num_renegotiates; - break; - case BIO_C_SET_SSL: - if (ssl != NULL) - { - ssl_free(b); - if (!ssl_new(b)) - return 0; - } - b->shutdown=(int)num; - ssl=(SSL *)ptr; - ((BIO_SSL *)b->ptr)->ssl=ssl; - bio=SSL_get_rbio(ssl); - if (bio != NULL) - { - if (b->next_bio != NULL) - BIO_push(bio,b->next_bio); - b->next_bio=bio; - CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO); - } - b->init=1; - break; - case BIO_C_GET_SSL: - if (ptr != NULL) - { - sslp=(SSL **)ptr; - *sslp=ssl; - } - else - ret=0; - break; - case BIO_CTRL_GET_CLOSE: - ret=b->shutdown; - break; - case BIO_CTRL_SET_CLOSE: - b->shutdown=(int)num; - break; - case BIO_CTRL_WPENDING: - ret=BIO_ctrl(ssl->wbio,cmd,num,ptr); - break; - case BIO_CTRL_PENDING: - ret=SSL_pending(ssl); - if (ret == 0) - ret=BIO_pending(ssl->rbio); - break; - case BIO_CTRL_FLUSH: - BIO_clear_retry_flags(b); - ret=BIO_ctrl(ssl->wbio,cmd,num,ptr); - BIO_copy_next_retry(b); - break; - case BIO_CTRL_PUSH: - if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) - { - SSL_set_bio(ssl,b->next_bio,b->next_bio); - CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO); - } - break; - case BIO_CTRL_POP: - /* Only detach if we are the BIO explicitly being popped */ - if (b == ptr) - { - /* Shouldn't happen in practice because the - * rbio and wbio are the same when pushed. - */ - if (ssl->rbio != ssl->wbio) - BIO_free_all(ssl->wbio); - if (b->next_bio != NULL) - CRYPTO_add(&b->next_bio->references,-1,CRYPTO_LOCK_BIO); - ssl->wbio=NULL; - ssl->rbio=NULL; - } - break; - case BIO_C_DO_STATE_MACHINE: - BIO_clear_retry_flags(b); - - b->retry_reason=0; - ret=(int)SSL_do_handshake(ssl); - - switch (SSL_get_error(ssl,(int)ret)) - { - case SSL_ERROR_WANT_READ: - BIO_set_flags(b, - BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); - break; - case SSL_ERROR_WANT_WRITE: - BIO_set_flags(b, - BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY); - break; - case SSL_ERROR_WANT_CONNECT: - BIO_set_flags(b, - BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY); - b->retry_reason=b->next_bio->retry_reason; - break; - default: - break; - } - break; - case BIO_CTRL_DUP: - dbio=(BIO *)ptr; - if (((BIO_SSL *)dbio->ptr)->ssl != NULL) - SSL_free(((BIO_SSL *)dbio->ptr)->ssl); - ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl); - ((BIO_SSL *)dbio->ptr)->renegotiate_count= - ((BIO_SSL *)b->ptr)->renegotiate_count; - ((BIO_SSL *)dbio->ptr)->byte_count= - ((BIO_SSL *)b->ptr)->byte_count; - ((BIO_SSL *)dbio->ptr)->renegotiate_timeout= - ((BIO_SSL *)b->ptr)->renegotiate_timeout; - ((BIO_SSL *)dbio->ptr)->last_time= - ((BIO_SSL *)b->ptr)->last_time; - ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL); - break; - case BIO_C_GET_FD: - ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); - break; - case BIO_CTRL_SET_CALLBACK: - { -#if 0 /* FIXME: Should this be used? -- Richard Levitte */ - SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - ret = -1; -#else - ret=0; -#endif - } - break; - case BIO_CTRL_GET_CALLBACK: - { - void (**fptr)(const SSL *xssl,int type,int val); - - fptr=(void (**)(const SSL *xssl,int type,int val))ptr; - *fptr=SSL_get_info_callback(ssl); - } - break; - default: - ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); - break; - } - return(ret); - } - -static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) - { - SSL *ssl; - BIO_SSL *bs; - long ret=1; - - bs=(BIO_SSL *)b->ptr; - ssl=bs->ssl; - switch (cmd) - { - case BIO_CTRL_SET_CALLBACK: - { - /* FIXME: setting this via a completely different prototype - seems like a crap idea */ - SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp); - } - break; - default: - ret=BIO_callback_ctrl(ssl->rbio,cmd,fp); - break; - } - return(ret); - } - -static int ssl_puts(BIO *bp, const char *str) - { - int n,ret; - - n=strlen(str); - ret=BIO_write(bp,str,n); - return(ret); - } - -BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx) - { -#ifndef OPENSSL_NO_SOCK - BIO *ret=NULL,*buf=NULL,*ssl=NULL; - - if ((buf=BIO_new(BIO_f_buffer())) == NULL) - return(NULL); - if ((ssl=BIO_new_ssl_connect(ctx)) == NULL) - goto err; - if ((ret=BIO_push(buf,ssl)) == NULL) - goto err; - return(ret); -err: - if (buf != NULL) BIO_free(buf); - if (ssl != NULL) BIO_free(ssl); -#endif - return(NULL); - } - -BIO *BIO_new_ssl_connect(SSL_CTX *ctx) - { -#ifndef OPENSSL_NO_SOCK - BIO *ret=NULL,*con=NULL,*ssl=NULL; - - if ((con=BIO_new(BIO_s_connect())) == NULL) - return(NULL); - if ((ssl=BIO_new_ssl(ctx,1)) == NULL) - goto err; - if ((ret=BIO_push(ssl,con)) == NULL) - goto err; - return(ret); -err: - if (con != NULL) BIO_free(con); -#endif - return(NULL); - } - -BIO *BIO_new_ssl(SSL_CTX *ctx, int client) - { - BIO *ret; - SSL *ssl; - - if ((ret=BIO_new(BIO_f_ssl())) == NULL) - return(NULL); - if ((ssl=SSL_new(ctx)) == NULL) - { - BIO_free(ret); - return(NULL); - } - if (client) - SSL_set_connect_state(ssl); - else - SSL_set_accept_state(ssl); - - BIO_set_ssl(ret,ssl,BIO_CLOSE); - return(ret); - } - -int BIO_ssl_copy_session_id(BIO *t, BIO *f) - { - t=BIO_find_type(t,BIO_TYPE_SSL); - f=BIO_find_type(f,BIO_TYPE_SSL); - if ((t == NULL) || (f == NULL)) - return(0); - if ( (((BIO_SSL *)t->ptr)->ssl == NULL) || - (((BIO_SSL *)f->ptr)->ssl == NULL)) - return(0); - SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl); - return(1); - } - -void BIO_ssl_shutdown(BIO *b) - { - SSL *s; - - while (b != NULL) - { - if (b->method->type == BIO_TYPE_SSL) - { - s=((BIO_SSL *)b->ptr)->ssl; - SSL_shutdown(s); - break; - } - b=b->next_bio; - } - } diff --git a/main/openssl/ssl/d1_both.c b/main/openssl/ssl/d1_both.c deleted file mode 100644 index 1b9d64bf..00000000 --- a/main/openssl/ssl/d1_both.c +++ /dev/null @@ -1,1662 +0,0 @@ -/* ssl/d1_both.c */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <limits.h> -#include <string.h> -#include <stdio.h> -#include "ssl_locl.h" -#include <openssl/buffer.h> -#include <openssl/rand.h> -#include <openssl/objects.h> -#include <openssl/evp.h> -#include <openssl/x509.h> - -#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8) - -#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \ - if ((end) - (start) <= 8) { \ - long ii; \ - for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \ - } else { \ - long ii; \ - bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \ - for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \ - bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \ - } } - -#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \ - long ii; \ - OPENSSL_assert((msg_len) > 0); \ - is_complete = 1; \ - if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \ - if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \ - if (bitmask[ii] != 0xff) { is_complete = 0; break; } } - -#if 0 -#define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \ - long ii; \ - printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \ - printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \ - printf("\n"); } -#endif - -static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80}; -static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f}; - -/* XDTLS: figure out the right values */ -static const unsigned int g_probable_mtu[] = {1500, 512, 256}; - -static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, - unsigned long frag_len); -static unsigned char *dtls1_write_message_header(SSL *s, - unsigned char *p); -static void dtls1_set_message_header_int(SSL *s, unsigned char mt, - unsigned long len, unsigned short seq_num, unsigned long frag_off, - unsigned long frag_len); -static long dtls1_get_message_fragment(SSL *s, int st1, int stn, - long max, int *ok); - -static hm_fragment * -dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) - { - hm_fragment *frag = NULL; - unsigned char *buf = NULL; - unsigned char *bitmask = NULL; - - frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment)); - if ( frag == NULL) - return NULL; - - if (frag_len) - { - buf = (unsigned char *)OPENSSL_malloc(frag_len); - if ( buf == NULL) - { - OPENSSL_free(frag); - return NULL; - } - } - - /* zero length fragment gets zero frag->fragment */ - frag->fragment = buf; - - /* Initialize reassembly bitmask if necessary */ - if (reassembly) - { - bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len)); - if (bitmask == NULL) - { - if (buf != NULL) OPENSSL_free(buf); - OPENSSL_free(frag); - return NULL; - } - memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len)); - } - - frag->reassembly = bitmask; - - return frag; - } - -void dtls1_hm_fragment_free(hm_fragment *frag) - { - - if (frag->msg_header.is_ccs) - { - EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx); - EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash); - } - if (frag->fragment) OPENSSL_free(frag->fragment); - if (frag->reassembly) OPENSSL_free(frag->reassembly); - OPENSSL_free(frag); - } - -static int dtls1_query_mtu(SSL *s) -{ - if(s->d1->link_mtu) - { - s->d1->mtu = s->d1->link_mtu-BIO_dgram_get_mtu_overhead(SSL_get_wbio(s)); - s->d1->link_mtu = 0; - } - - /* AHA! Figure out the MTU, and stick to the right size */ - if (s->d1->mtu < dtls1_min_mtu(s)) - { - if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) - { - s->d1->mtu = - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); - - /* I've seen the kernel return bogus numbers when it doesn't know - * (initial write), so just make sure we have a reasonable number */ - if (s->d1->mtu < dtls1_min_mtu(s)) - { - /* Set to min mtu */ - s->d1->mtu = dtls1_min_mtu(s); - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, - s->d1->mtu, NULL); - } - } - else - return 0; - } - return 1; -} - -/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ -int dtls1_do_write(SSL *s, int type) - { - int ret; - unsigned int curr_mtu; - int retry = 1; - unsigned int len, frag_off, mac_size, blocksize, used_len; - - if(!dtls1_query_mtu(s)) - return -1; - - OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu(s)); /* should have something reasonable now */ - - if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE) - OPENSSL_assert(s->init_num == - (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); - - if (s->write_hash) - mac_size = EVP_MD_CTX_size(s->write_hash); - else - mac_size = 0; - - if (s->enc_write_ctx && - (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE)) - blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher); - else - blocksize = 0; - - frag_off = 0; - /* s->init_num shouldn't ever be < 0...but just in case */ - while(s->init_num > 0) - { - used_len = BIO_wpending(SSL_get_wbio(s)) + DTLS1_RT_HEADER_LENGTH - + mac_size + blocksize; - if(s->d1->mtu > used_len) - curr_mtu = s->d1->mtu - used_len; - else - curr_mtu = 0; - - if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH) - { - /* grr.. we could get an error if MTU picked was wrong */ - ret = BIO_flush(SSL_get_wbio(s)); - if ( ret <= 0) - return ret; - used_len = DTLS1_RT_HEADER_LENGTH + mac_size + blocksize; - if(s->d1->mtu > used_len + DTLS1_HM_HEADER_LENGTH) - { - curr_mtu = s->d1->mtu - used_len; - } - else - { - /* Shouldn't happen */ - return -1; - } - } - - /* We just checked that s->init_num > 0 so this cast should be safe */ - if (((unsigned int)s->init_num) > curr_mtu) - len = curr_mtu; - else - len = s->init_num; - - /* Shouldn't ever happen */ - if(len > INT_MAX) - len = INT_MAX; - - /* XDTLS: this function is too long. split out the CCS part */ - if ( type == SSL3_RT_HANDSHAKE) - { - if ( s->init_off != 0) - { - OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH); - s->init_off -= DTLS1_HM_HEADER_LENGTH; - s->init_num += DTLS1_HM_HEADER_LENGTH; - - /* We just checked that s->init_num > 0 so this cast should be safe */ - if (((unsigned int)s->init_num) > curr_mtu) - len = curr_mtu; - else - len = s->init_num; - } - - /* Shouldn't ever happen */ - if(len > INT_MAX) - len = INT_MAX; - - if ( len < DTLS1_HM_HEADER_LENGTH ) - { - /* - * len is so small that we really can't do anything sensible - * so fail - */ - return -1; - } - dtls1_fix_message_header(s, frag_off, - len - DTLS1_HM_HEADER_LENGTH); - - dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]); - } - - ret=dtls1_write_bytes(s,type,&s->init_buf->data[s->init_off], - len); - if (ret < 0) - { - /* might need to update MTU here, but we don't know - * which previous packet caused the failure -- so can't - * really retransmit anything. continue as if everything - * is fine and wait for an alert to handle the - * retransmit - */ - if ( retry && BIO_ctrl(SSL_get_wbio(s), - BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 ) - { - if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) - { - if(!dtls1_query_mtu(s)) - return -1; - /* Have one more go */ - retry = 0; - } - else - return -1; - } - else - { - return(-1); - } - } - else - { - - /* bad if this assert fails, only part of the handshake - * message got sent. but why would this happen? */ - OPENSSL_assert(len == (unsigned int)ret); - - if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting) - { - /* should not be done for 'Hello Request's, but in that case - * we'll ignore the result anyway */ - unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off]; - const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; - int xlen; - - if (frag_off == 0 && s->version != DTLS1_BAD_VER) - { - /* reconstruct message header is if it - * is being sent in single fragment */ - *p++ = msg_hdr->type; - l2n3(msg_hdr->msg_len,p); - s2n (msg_hdr->seq,p); - l2n3(0,p); - l2n3(msg_hdr->msg_len,p); - p -= DTLS1_HM_HEADER_LENGTH; - xlen = ret; - } - else - { - p += DTLS1_HM_HEADER_LENGTH; - xlen = ret - DTLS1_HM_HEADER_LENGTH; - } - - ssl3_finish_mac(s, p, xlen); - } - - if (ret == s->init_num) - { - if (s->msg_callback) - s->msg_callback(1, s->version, type, s->init_buf->data, - (size_t)(s->init_off + s->init_num), s, - s->msg_callback_arg); - - s->init_off = 0; /* done writing this message */ - s->init_num = 0; - - return(1); - } - s->init_off+=ret; - s->init_num-=ret; - frag_off += (ret -= DTLS1_HM_HEADER_LENGTH); - } - } - return(0); - } - - -/* Obtain handshake message of message type 'mt' (any if mt == -1), - * maximum acceptable body length 'max'. - * Read an entire handshake message. Handshake messages arrive in - * fragments. - */ -long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) - { - int i, al; - struct hm_header_st *msg_hdr; - unsigned char *p; - unsigned long msg_len; - - /* s3->tmp is used to store messages that are unexpected, caused - * by the absence of an optional handshake message */ - if (s->s3->tmp.reuse_message) - { - s->s3->tmp.reuse_message=0; - if ((mt >= 0) && (s->s3->tmp.message_type != mt)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); - goto f_err; - } - *ok=1; - s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; - s->init_num = (int)s->s3->tmp.message_size; - return s->init_num; - } - - msg_hdr = &s->d1->r_msg_hdr; - memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); - -again: - i = dtls1_get_message_fragment(s, st1, stn, max, ok); - if ( i == DTLS1_HM_BAD_FRAGMENT || - i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ - goto again; - else if ( i <= 0 && !*ok) - return i; - - p = (unsigned char *)s->init_buf->data; - msg_len = msg_hdr->msg_len; - - /* reconstruct message header */ - *(p++) = msg_hdr->type; - l2n3(msg_len,p); - s2n (msg_hdr->seq,p); - l2n3(0,p); - l2n3(msg_len,p); - if (s->version != DTLS1_BAD_VER) { - p -= DTLS1_HM_HEADER_LENGTH; - msg_len += DTLS1_HM_HEADER_LENGTH; - } - - ssl3_finish_mac(s, p, msg_len); - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - p, msg_len, - s, s->msg_callback_arg); - - memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); - - /* Don't change sequence numbers while listening */ - if (!s->d1->listen) - s->d1->handshake_read_seq++; - - s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; - return s->init_num; - -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - *ok = 0; - return -1; - } - - -static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max) - { - size_t frag_off,frag_len,msg_len; - - msg_len = msg_hdr->msg_len; - frag_off = msg_hdr->frag_off; - frag_len = msg_hdr->frag_len; - - /* sanity checking */ - if ( (frag_off+frag_len) > msg_len) - { - SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); - return SSL_AD_ILLEGAL_PARAMETER; - } - - if ( (frag_off+frag_len) > (unsigned long)max) - { - SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); - return SSL_AD_ILLEGAL_PARAMETER; - } - - if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ - { - /* msg_len is limited to 2^24, but is effectively checked - * against max above */ - if (!BUF_MEM_grow_clean(s->init_buf,msg_len+DTLS1_HM_HEADER_LENGTH)) - { - SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB); - return SSL_AD_INTERNAL_ERROR; - } - - s->s3->tmp.message_size = msg_len; - s->d1->r_msg_hdr.msg_len = msg_len; - s->s3->tmp.message_type = msg_hdr->type; - s->d1->r_msg_hdr.type = msg_hdr->type; - s->d1->r_msg_hdr.seq = msg_hdr->seq; - } - else if (msg_len != s->d1->r_msg_hdr.msg_len) - { - /* They must be playing with us! BTW, failure to enforce - * upper limit would open possibility for buffer overrun. */ - SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); - return SSL_AD_ILLEGAL_PARAMETER; - } - - return 0; /* no error */ - } - - -static int -dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) - { - /* (0) check whether the desired fragment is available - * if so: - * (1) copy over the fragment to s->init_buf->data[] - * (2) update s->init_num - */ - pitem *item; - hm_fragment *frag; - int al; - - *ok = 0; - item = pqueue_peek(s->d1->buffered_messages); - if ( item == NULL) - return 0; - - frag = (hm_fragment *)item->data; - - /* Don't return if reassembly still in progress */ - if (frag->reassembly != NULL) - return 0; - - if ( s->d1->handshake_read_seq == frag->msg_header.seq) - { - unsigned long frag_len = frag->msg_header.frag_len; - pqueue_pop(s->d1->buffered_messages); - - al=dtls1_preprocess_fragment(s,&frag->msg_header,max); - - if (al==0) /* no alert */ - { - unsigned char *p = (unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH; - memcpy(&p[frag->msg_header.frag_off], - frag->fragment,frag->msg_header.frag_len); - } - - dtls1_hm_fragment_free(frag); - pitem_free(item); - - if (al==0) - { - *ok = 1; - return frag_len; - } - - ssl3_send_alert(s,SSL3_AL_FATAL,al); - s->init_num = 0; - *ok = 0; - return -1; - } - else - return 0; - } - -/* dtls1_max_handshake_message_len returns the maximum number of bytes - * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but may - * be greater if the maximum certificate list size requires it. */ -static unsigned long dtls1_max_handshake_message_len(const SSL *s) - { - unsigned long max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; - if (max_len < (unsigned long)s->max_cert_list) - return s->max_cert_list; - return max_len; - } - -static int -dtls1_reassemble_fragment(SSL *s, const struct hm_header_st* msg_hdr, int *ok) - { - hm_fragment *frag = NULL; - pitem *item = NULL; - int i = -1, is_complete; - unsigned char seq64be[8]; - unsigned long frag_len = msg_hdr->frag_len; - - if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len || - msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) - goto err; - - if (frag_len == 0) - return DTLS1_HM_FRAGMENT_RETRY; - - /* Try to find item in queue */ - memset(seq64be,0,sizeof(seq64be)); - seq64be[6] = (unsigned char) (msg_hdr->seq>>8); - seq64be[7] = (unsigned char) msg_hdr->seq; - item = pqueue_find(s->d1->buffered_messages, seq64be); - - if (item == NULL) - { - frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); - if ( frag == NULL) - goto err; - memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); - frag->msg_header.frag_len = frag->msg_header.msg_len; - frag->msg_header.frag_off = 0; - } - else - { - frag = (hm_fragment*) item->data; - if (frag->msg_header.msg_len != msg_hdr->msg_len) - { - item = NULL; - frag = NULL; - goto err; - } - } - - - /* If message is already reassembled, this must be a - * retransmit and can be dropped. In this case item != NULL and so frag - * does not need to be freed. - */ - if (frag->reassembly == NULL) - { - unsigned char devnull [256]; - - while (frag_len) - { - i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, - devnull, - frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0); - if (i<=0) goto err; - frag_len -= i; - } - return DTLS1_HM_FRAGMENT_RETRY; - } - - /* read the body of the fragment (header has already been read */ - i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, - frag->fragment + msg_hdr->frag_off,frag_len,0); - if ((unsigned long)i!=frag_len) - i=-1; - if (i<=0) - goto err; - - RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off, - (long)(msg_hdr->frag_off + frag_len)); - - RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len, - is_complete); - - if (is_complete) - { - OPENSSL_free(frag->reassembly); - frag->reassembly = NULL; - } - - if (item == NULL) - { - item = pitem_new(seq64be, frag); - if (item == NULL) - { - i = -1; - goto err; - } - - item = pqueue_insert(s->d1->buffered_messages, item); - /* pqueue_insert fails iff a duplicate item is inserted. - * However, |item| cannot be a duplicate. If it were, - * |pqueue_find|, above, would have returned it and control - * would never have reached this branch. */ - OPENSSL_assert(item != NULL); - } - - return DTLS1_HM_FRAGMENT_RETRY; - -err: - if (frag != NULL && item == NULL) dtls1_hm_fragment_free(frag); - *ok = 0; - return i; - } - - -static int -dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st* msg_hdr, int *ok) -{ - int i=-1; - hm_fragment *frag = NULL; - pitem *item = NULL; - unsigned char seq64be[8]; - unsigned long frag_len = msg_hdr->frag_len; - - if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) - goto err; - - /* Try to find item in queue, to prevent duplicate entries */ - memset(seq64be,0,sizeof(seq64be)); - seq64be[6] = (unsigned char) (msg_hdr->seq>>8); - seq64be[7] = (unsigned char) msg_hdr->seq; - item = pqueue_find(s->d1->buffered_messages, seq64be); - - /* If we already have an entry and this one is a fragment, - * don't discard it and rather try to reassemble it. - */ - if (item != NULL && frag_len != msg_hdr->msg_len) - item = NULL; - - /* Discard the message if sequence number was already there, is - * too far in the future, already in the queue or if we received - * a FINISHED before the SERVER_HELLO, which then must be a stale - * retransmit. - */ - if (msg_hdr->seq <= s->d1->handshake_read_seq || - msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || - (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) - { - unsigned char devnull [256]; - - while (frag_len) - { - i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, - devnull, - frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0); - if (i<=0) goto err; - frag_len -= i; - } - } - else - { - if (frag_len != msg_hdr->msg_len) - return dtls1_reassemble_fragment(s, msg_hdr, ok); - - if (frag_len > dtls1_max_handshake_message_len(s)) - goto err; - - frag = dtls1_hm_fragment_new(frag_len, 0); - if ( frag == NULL) - goto err; - - memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); - - if (frag_len) - { - /* read the body of the fragment (header has already been read */ - i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, - frag->fragment,frag_len,0); - if ((unsigned long)i!=frag_len) - i = -1; - if (i<=0) - goto err; - } - - item = pitem_new(seq64be, frag); - if ( item == NULL) - goto err; - - item = pqueue_insert(s->d1->buffered_messages, item); - /* pqueue_insert fails iff a duplicate item is inserted. - * However, |item| cannot be a duplicate. If it were, - * |pqueue_find|, above, would have returned it. Then, either - * |frag_len| != |msg_hdr->msg_len| in which case |item| is set - * to NULL and it will have been processed with - * |dtls1_reassemble_fragment|, above, or the record will have - * been discarded. */ - OPENSSL_assert(item != NULL); - } - - return DTLS1_HM_FRAGMENT_RETRY; - -err: - if (frag != NULL && item == NULL) dtls1_hm_fragment_free(frag); - *ok = 0; - return i; - } - - -static long -dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) - { - unsigned char wire[DTLS1_HM_HEADER_LENGTH]; - unsigned long len, frag_off, frag_len; - int i,al; - struct hm_header_st msg_hdr; - - redo: - /* see if we have the required fragment already */ - if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) - { - if (*ok) s->init_num = frag_len; - return frag_len; - } - - /* read handshake message header */ - i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire, - DTLS1_HM_HEADER_LENGTH, 0); - if (i <= 0) /* nbio, or an error */ - { - s->rwstate=SSL_READING; - *ok = 0; - return i; - } - /* Handshake fails if message header is incomplete */ - if (i != DTLS1_HM_HEADER_LENGTH) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE); - goto f_err; - } - - /* parse the message fragment header */ - dtls1_get_message_header(wire, &msg_hdr); - - /* - * if this is a future (or stale) message it gets buffered - * (or dropped)--no further processing at this time - * While listening, we accept seq 1 (ClientHello with cookie) - * although we're still expecting seq 0 (ClientHello) - */ - if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1)) - return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); - - len = msg_hdr.msg_len; - frag_off = msg_hdr.frag_off; - frag_len = msg_hdr.frag_len; - - if (frag_len && frag_len < len) - return dtls1_reassemble_fragment(s, &msg_hdr, ok); - - if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && - wire[0] == SSL3_MT_HELLO_REQUEST) - { - /* The server may always send 'Hello Request' messages -- - * we are doing a handshake anyway now, so ignore them - * if their format is correct. Does not count for - * 'Finished' MAC. */ - if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) - { - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - wire, DTLS1_HM_HEADER_LENGTH, s, - s->msg_callback_arg); - - s->init_num = 0; - goto redo; - } - else /* Incorrectly formated Hello request */ - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE); - goto f_err; - } - } - - if ((al=dtls1_preprocess_fragment(s,&msg_hdr,max))) - goto f_err; - - /* XDTLS: ressurect this when restart is in place */ - s->state=stn; - - if ( frag_len > 0) - { - unsigned char *p=(unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH; - - i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, - &p[frag_off],frag_len,0); - /* XDTLS: fix this--message fragments cannot span multiple packets */ - if (i <= 0) - { - s->rwstate=SSL_READING; - *ok = 0; - return i; - } - } - else - i = 0; - - /* XDTLS: an incorrectly formatted fragment should cause the - * handshake to fail */ - if (i != (int)frag_len) - { - al=SSL3_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL3_AD_ILLEGAL_PARAMETER); - goto f_err; - } - - *ok = 1; - - /* Note that s->init_num is *not* used as current offset in - * s->init_buf->data, but as a counter summing up fragments' - * lengths: as soon as they sum up to handshake packet - * length, we assume we have got all the fragments. */ - s->init_num = frag_len; - return frag_len; - -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - s->init_num = 0; - - *ok=0; - return(-1); - } - -int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen) - { - unsigned char *p,*d; - int i; - unsigned long l; - - if (s->state == a) - { - d=(unsigned char *)s->init_buf->data; - p= &(d[DTLS1_HM_HEADER_LENGTH]); - - i=s->method->ssl3_enc->final_finish_mac(s, - sender,slen,s->s3->tmp.finish_md); - s->s3->tmp.finish_md_len = i; - memcpy(p, s->s3->tmp.finish_md, i); - p+=i; - l=i; - - /* Copy the finished so we can use it for - * renegotiation checks - */ - if(s->type == SSL_ST_CONNECT) - { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_client_finished, - s->s3->tmp.finish_md, i); - s->s3->previous_client_finished_len=i; - } - else - { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_server_finished, - s->s3->tmp.finish_md, i); - s->s3->previous_server_finished_len=i; - } - -#ifdef OPENSSL_SYS_WIN16 - /* MSVC 1.5 does not clear the top bytes of the word unless - * I do this. - */ - l&=0xffff; -#endif - - d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l); - s->init_num=(int)l+DTLS1_HM_HEADER_LENGTH; - s->init_off=0; - - /* buffer the message to handle re-xmits */ - dtls1_buffer_message(s, 0); - - s->state=b; - } - - /* SSL3_ST_SEND_xxxxxx_HELLO_B */ - return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); - } - -/* for these 2 messages, we need to - * ssl->enc_read_ctx re-init - * ssl->s3->read_sequence zero - * ssl->s3->read_mac_secret re-init - * ssl->session->read_sym_enc assign - * ssl->session->read_compression assign - * ssl->session->read_hash assign - */ -int dtls1_send_change_cipher_spec(SSL *s, int a, int b) - { - unsigned char *p; - - if (s->state == a) - { - p=(unsigned char *)s->init_buf->data; - *p++=SSL3_MT_CCS; - s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; - s->init_num=DTLS1_CCS_HEADER_LENGTH; - - if (s->version == DTLS1_BAD_VER) { - s->d1->next_handshake_write_seq++; - s2n(s->d1->handshake_write_seq,p); - s->init_num+=2; - } - - s->init_off=0; - - dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, - s->d1->handshake_write_seq, 0, 0); - - /* buffer the message to handle re-xmits */ - dtls1_buffer_message(s, 1); - - s->state=b; - } - - /* SSL3_ST_CW_CHANGE_B */ - return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); - } - -static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) - { - int n; - unsigned char *p; - - n=i2d_X509(x,NULL); - if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3))) - { - SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF,ERR_R_BUF_LIB); - return 0; - } - p=(unsigned char *)&(buf->data[*l]); - l2n3(n,p); - i2d_X509(x,&p); - *l+=n+3; - - return 1; - } -unsigned long dtls1_output_cert_chain(SSL *s, X509 *x) - { - unsigned char *p; - int i; - unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH; - BUF_MEM *buf; - - /* TLSv1 sends a chain with nothing in it, instead of an alert */ - buf=s->init_buf; - if (!BUF_MEM_grow_clean(buf,10)) - { - SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); - return(0); - } - if (x != NULL) - { - X509_STORE_CTX xs_ctx; - - if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL)) - { - SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); - return(0); - } - - X509_verify_cert(&xs_ctx); - /* Don't leave errors in the queue */ - ERR_clear_error(); - for (i=0; i < sk_X509_num(xs_ctx.chain); i++) - { - x = sk_X509_value(xs_ctx.chain, i); - - if (!dtls1_add_cert_to_buf(buf, &l, x)) - { - X509_STORE_CTX_cleanup(&xs_ctx); - return 0; - } - } - X509_STORE_CTX_cleanup(&xs_ctx); - } - /* Thawte special :-) */ - for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) - { - x=sk_X509_value(s->ctx->extra_certs,i); - if (!dtls1_add_cert_to_buf(buf, &l, x)) - return 0; - } - - l-= (3 + DTLS1_HM_HEADER_LENGTH); - - p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]); - l2n3(l,p); - l+=3; - p=(unsigned char *)&(buf->data[0]); - p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l); - - l+=DTLS1_HM_HEADER_LENGTH; - return(l); - } - -int dtls1_read_failed(SSL *s, int code) - { - if ( code > 0) - { - fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__); - return 1; - } - - if (!dtls1_is_timer_expired(s)) - { - /* not a timeout, none of our business, - let higher layers handle this. in fact it's probably an error */ - return code; - } - -#ifndef OPENSSL_NO_HEARTBEATS - if (!SSL_in_init(s) && !s->tlsext_hb_pending) /* done, no need to send a retransmit */ -#else - if (!SSL_in_init(s)) /* done, no need to send a retransmit */ -#endif - { - BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ); - return code; - } - -#if 0 /* for now, each alert contains only one record number */ - item = pqueue_peek(state->rcvd_records); - if ( item ) - { - /* send an alert immediately for all the missing records */ - } - else -#endif - -#if 0 /* no more alert sending, just retransmit the last set of messages */ - if ( state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT) - ssl3_send_alert(s,SSL3_AL_WARNING, - DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); -#endif - - return dtls1_handle_timeout(s); - } - -int -dtls1_get_queue_priority(unsigned short seq, int is_ccs) - { - /* The index of the retransmission queue actually is the message sequence number, - * since the queue only contains messages of a single handshake. However, the - * ChangeCipherSpec has no message sequence number and so using only the sequence - * will result in the CCS and Finished having the same index. To prevent this, - * the sequence number is multiplied by 2. In case of a CCS 1 is subtracted. - * This does not only differ CSS and Finished, it also maintains the order of the - * index (important for priority queues) and fits in the unsigned short variable. - */ - return seq * 2 - is_ccs; - } - -int -dtls1_retransmit_buffered_messages(SSL *s) - { - pqueue sent = s->d1->sent_messages; - piterator iter; - pitem *item; - hm_fragment *frag; - int found = 0; - - iter = pqueue_iterator(sent); - - for ( item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) - { - frag = (hm_fragment *)item->data; - if ( dtls1_retransmit_message(s, - (unsigned short)dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs), - 0, &found) <= 0 && found) - { - fprintf(stderr, "dtls1_retransmit_message() failed\n"); - return -1; - } - } - - return 1; - } - -int -dtls1_buffer_message(SSL *s, int is_ccs) - { - pitem *item; - hm_fragment *frag; - unsigned char seq64be[8]; - - /* this function is called immediately after a message has - * been serialized */ - OPENSSL_assert(s->init_off == 0); - - frag = dtls1_hm_fragment_new(s->init_num, 0); - if (!frag) - return 0; - - memcpy(frag->fragment, s->init_buf->data, s->init_num); - - if ( is_ccs) - { - OPENSSL_assert(s->d1->w_msg_hdr.msg_len + - ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned int)s->init_num); - } - else - { - OPENSSL_assert(s->d1->w_msg_hdr.msg_len + - DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num); - } - - frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; - frag->msg_header.seq = s->d1->w_msg_hdr.seq; - frag->msg_header.type = s->d1->w_msg_hdr.type; - frag->msg_header.frag_off = 0; - frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len; - frag->msg_header.is_ccs = is_ccs; - - /* save current state*/ - frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx; - frag->msg_header.saved_retransmit_state.write_hash = s->write_hash; - frag->msg_header.saved_retransmit_state.compress = s->compress; - frag->msg_header.saved_retransmit_state.session = s->session; - frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch; - - memset(seq64be,0,sizeof(seq64be)); - seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq, - frag->msg_header.is_ccs)>>8); - seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq, - frag->msg_header.is_ccs)); - - item = pitem_new(seq64be, frag); - if ( item == NULL) - { - dtls1_hm_fragment_free(frag); - return 0; - } - -#if 0 - fprintf( stderr, "buffered messge: \ttype = %xx\n", msg_buf->type); - fprintf( stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len); - fprintf( stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num); -#endif - - pqueue_insert(s->d1->sent_messages, item); - return 1; - } - -int -dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, - int *found) - { - int ret; - /* XDTLS: for now assuming that read/writes are blocking */ - pitem *item; - hm_fragment *frag ; - unsigned long header_length; - unsigned char seq64be[8]; - struct dtls1_retransmit_state saved_state; - unsigned char save_write_sequence[8]; - - /* - OPENSSL_assert(s->init_num == 0); - OPENSSL_assert(s->init_off == 0); - */ - - /* XDTLS: the requested message ought to be found, otherwise error */ - memset(seq64be,0,sizeof(seq64be)); - seq64be[6] = (unsigned char)(seq>>8); - seq64be[7] = (unsigned char)seq; - - item = pqueue_find(s->d1->sent_messages, seq64be); - if ( item == NULL) - { - fprintf(stderr, "retransmit: message %d non-existant\n", seq); - *found = 0; - return 0; - } - - *found = 1; - frag = (hm_fragment *)item->data; - - if ( frag->msg_header.is_ccs) - header_length = DTLS1_CCS_HEADER_LENGTH; - else - header_length = DTLS1_HM_HEADER_LENGTH; - - memcpy(s->init_buf->data, frag->fragment, - frag->msg_header.msg_len + header_length); - s->init_num = frag->msg_header.msg_len + header_length; - - dtls1_set_message_header_int(s, frag->msg_header.type, - frag->msg_header.msg_len, frag->msg_header.seq, 0, - frag->msg_header.frag_len); - - /* save current state */ - saved_state.enc_write_ctx = s->enc_write_ctx; - saved_state.write_hash = s->write_hash; - saved_state.compress = s->compress; - saved_state.session = s->session; - saved_state.epoch = s->d1->w_epoch; - saved_state.epoch = s->d1->w_epoch; - - s->d1->retransmitting = 1; - - /* restore state in which the message was originally sent */ - s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx; - s->write_hash = frag->msg_header.saved_retransmit_state.write_hash; - s->compress = frag->msg_header.saved_retransmit_state.compress; - s->session = frag->msg_header.saved_retransmit_state.session; - s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch; - - if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) - { - memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); - memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence)); - } - - ret = dtls1_do_write(s, frag->msg_header.is_ccs ? - SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); - - /* restore current state */ - s->enc_write_ctx = saved_state.enc_write_ctx; - s->write_hash = saved_state.write_hash; - s->compress = saved_state.compress; - s->session = saved_state.session; - s->d1->w_epoch = saved_state.epoch; - - if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) - { - memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); - memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence)); - } - - s->d1->retransmitting = 0; - - (void)BIO_flush(SSL_get_wbio(s)); - return ret; - } - -/* call this function when the buffered messages are no longer needed */ -void -dtls1_clear_record_buffer(SSL *s) - { - pitem *item; - - for(item = pqueue_pop(s->d1->sent_messages); - item != NULL; item = pqueue_pop(s->d1->sent_messages)) - { - dtls1_hm_fragment_free((hm_fragment *)item->data); - pitem_free(item); - } - } - - -unsigned char * -dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, - unsigned long len, unsigned long frag_off, unsigned long frag_len) - { - /* Don't change sequence numbers while listening */ - if (frag_off == 0 && !s->d1->listen) - { - s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; - s->d1->next_handshake_write_seq++; - } - - dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, - frag_off, frag_len); - - return p += DTLS1_HM_HEADER_LENGTH; - } - - -/* don't actually do the writing, wait till the MTU has been retrieved */ -static void -dtls1_set_message_header_int(SSL *s, unsigned char mt, - unsigned long len, unsigned short seq_num, unsigned long frag_off, - unsigned long frag_len) - { - struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; - - msg_hdr->type = mt; - msg_hdr->msg_len = len; - msg_hdr->seq = seq_num; - msg_hdr->frag_off = frag_off; - msg_hdr->frag_len = frag_len; - } - -static void -dtls1_fix_message_header(SSL *s, unsigned long frag_off, - unsigned long frag_len) - { - struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; - - msg_hdr->frag_off = frag_off; - msg_hdr->frag_len = frag_len; - } - -static unsigned char * -dtls1_write_message_header(SSL *s, unsigned char *p) - { - struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; - - *p++ = msg_hdr->type; - l2n3(msg_hdr->msg_len, p); - - s2n(msg_hdr->seq, p); - l2n3(msg_hdr->frag_off, p); - l2n3(msg_hdr->frag_len, p); - - return p; - } - -unsigned int -dtls1_link_min_mtu(void) - { - return (g_probable_mtu[(sizeof(g_probable_mtu) / - sizeof(g_probable_mtu[0])) - 1]); - } - -unsigned int -dtls1_min_mtu(SSL *s) - { - return dtls1_link_min_mtu()-BIO_dgram_get_mtu_overhead(SSL_get_wbio(s)); - } - - -void -dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) - { - memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); - msg_hdr->type = *(data++); - n2l3(data, msg_hdr->msg_len); - - n2s(data, msg_hdr->seq); - n2l3(data, msg_hdr->frag_off); - n2l3(data, msg_hdr->frag_len); - } - -void -dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr) - { - memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st)); - - ccs_hdr->type = *(data++); - } - -int dtls1_shutdown(SSL *s) - { - int ret; -#ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && - !(s->shutdown & SSL_SENT_SHUTDOWN)) - { - ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); - if (ret < 0) return -1; - - if (ret == 0) - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL); - } -#endif - ret = ssl3_shutdown(s); -#ifndef OPENSSL_NO_SCTP - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL); -#endif - return ret; - } - -#ifndef OPENSSL_NO_HEARTBEATS -int -dtls1_process_heartbeat(SSL *s) - { - unsigned char *p = &s->s3->rrec.data[0], *pl; - unsigned short hbtype; - unsigned int payload; - unsigned int padding = 16; /* Use minimum padding */ - - if (s->msg_callback) - s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, - &s->s3->rrec.data[0], s->s3->rrec.length, - s, s->msg_callback_arg); - - /* Read type and payload length first */ - if (1 + 2 + 16 > s->s3->rrec.length) - return 0; /* silently discard */ - if (s->s3->rrec.length > SSL3_RT_MAX_PLAIN_LENGTH) - return 0; /* silently discard per RFC 6520 sec. 4 */ - - hbtype = *p++; - n2s(p, payload); - if (1 + 2 + payload + 16 > s->s3->rrec.length) - return 0; /* silently discard per RFC 6520 sec. 4 */ - pl = p; - - if (hbtype == TLS1_HB_REQUEST) - { - unsigned char *buffer, *bp; - unsigned int write_length = 1 /* heartbeat type */ + - 2 /* heartbeat length */ + - payload + padding; - int r; - - if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) - return 0; - - /* Allocate memory for the response, size is 1 byte - * message type, plus 2 bytes payload length, plus - * payload, plus padding - */ - buffer = OPENSSL_malloc(write_length); - bp = buffer; - - /* Enter response type, length and copy payload */ - *bp++ = TLS1_HB_RESPONSE; - s2n(payload, bp); - memcpy(bp, pl, payload); - bp += payload; - /* Random padding */ - RAND_pseudo_bytes(bp, padding); - - r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); - - if (r >= 0 && s->msg_callback) - s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, - buffer, write_length, - s, s->msg_callback_arg); - - OPENSSL_free(buffer); - - if (r < 0) - return r; - } - else if (hbtype == TLS1_HB_RESPONSE) - { - unsigned int seq; - - /* We only send sequence numbers (2 bytes unsigned int), - * and 16 random bytes, so we just try to read the - * sequence number */ - n2s(pl, seq); - - if (payload == 18 && seq == s->tlsext_hb_seq) - { - dtls1_stop_timer(s); - s->tlsext_hb_seq++; - s->tlsext_hb_pending = 0; - } - } - - return 0; - } - -int -dtls1_heartbeat(SSL *s) - { - unsigned char *buf, *p; - int ret; - unsigned int payload = 18; /* Sequence number + random bytes */ - unsigned int padding = 16; /* Use minimum padding */ - - /* Only send if peer supports and accepts HB requests... */ - if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) || - s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) - { - SSLerr(SSL_F_DTLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT); - return -1; - } - - /* ...and there is none in flight yet... */ - if (s->tlsext_hb_pending) - { - SSLerr(SSL_F_DTLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PENDING); - return -1; - } - - /* ...and no handshake in progress. */ - if (SSL_in_init(s) || s->in_handshake) - { - SSLerr(SSL_F_DTLS1_HEARTBEAT,SSL_R_UNEXPECTED_MESSAGE); - return -1; - } - - /* Check if padding is too long, payload and padding - * must not exceed 2^14 - 3 = 16381 bytes in total. - */ - OPENSSL_assert(payload + padding <= 16381); - - /* Create HeartBeat message, we just use a sequence number - * as payload to distuingish different messages and add - * some random stuff. - * - Message Type, 1 byte - * - Payload Length, 2 bytes (unsigned int) - * - Payload, the sequence number (2 bytes uint) - * - Payload, random bytes (16 bytes uint) - * - Padding - */ - buf = OPENSSL_malloc(1 + 2 + payload + padding); - p = buf; - /* Message Type */ - *p++ = TLS1_HB_REQUEST; - /* Payload length (18 bytes here) */ - s2n(payload, p); - /* Sequence number */ - s2n(s->tlsext_hb_seq, p); - /* 16 random bytes */ - RAND_pseudo_bytes(p, 16); - p += 16; - /* Random padding */ - RAND_pseudo_bytes(p, padding); - - ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding); - if (ret >= 0) - { - if (s->msg_callback) - s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, - buf, 3 + payload + padding, - s, s->msg_callback_arg); - - dtls1_start_timer(s); - s->tlsext_hb_pending = 1; - } - - OPENSSL_free(buf); - - return ret; - } -#endif diff --git a/main/openssl/ssl/d1_clnt.c b/main/openssl/ssl/d1_clnt.c deleted file mode 100644 index e5ae2bd8..00000000 --- a/main/openssl/ssl/d1_clnt.c +++ /dev/null @@ -1,1731 +0,0 @@ -/* ssl/d1_clnt.c */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "ssl_locl.h" -#ifndef OPENSSL_NO_KRB5 -#include "kssl_lcl.h" -#endif -#include <openssl/buffer.h> -#include <openssl/rand.h> -#include <openssl/objects.h> -#include <openssl/evp.h> -#include <openssl/md5.h> -#include <openssl/bn.h> -#ifndef OPENSSL_NO_DH -#include <openssl/dh.h> -#endif - -static const SSL_METHOD *dtls1_get_client_method(int ver); -static int dtls1_get_hello_verify(SSL *s); - -static const SSL_METHOD *dtls1_get_client_method(int ver) - { - if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER) - return(DTLSv1_client_method()); - else - return(NULL); - } - -IMPLEMENT_dtls1_meth_func(DTLSv1_client_method, - ssl_undefined_function, - dtls1_connect, - dtls1_get_client_method) - -int dtls1_connect(SSL *s) - { - BUF_MEM *buf=NULL; - unsigned long Time=(unsigned long)time(NULL); - void (*cb)(const SSL *ssl,int type,int val)=NULL; - int ret= -1; - int new_state,state,skip=0; -#ifndef OPENSSL_NO_SCTP - unsigned char sctpauthkey[64]; - char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; -#endif - - RAND_add(&Time,sizeof(Time),0); - ERR_clear_error(); - clear_sys_error(); - - if (s->info_callback != NULL) - cb=s->info_callback; - else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; - - s->in_handshake++; - if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); - -#ifndef OPENSSL_NO_SCTP - /* Notify SCTP BIO socket to enter handshake - * mode and prevent stream identifier other - * than 0. Will be ignored if no SCTP is used. - */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL); -#endif - -#ifndef OPENSSL_NO_HEARTBEATS - /* If we're awaiting a HeartbeatResponse, pretend we - * already got and don't await it anymore, because - * Heartbeats don't make sense during handshakes anyway. - */ - if (s->tlsext_hb_pending) - { - dtls1_stop_timer(s); - s->tlsext_hb_pending = 0; - s->tlsext_hb_seq++; - } -#endif - - for (;;) - { - state=s->state; - - switch(s->state) - { - case SSL_ST_RENEGOTIATE: - s->renegotiate=1; - s->state=SSL_ST_CONNECT; - s->ctx->stats.sess_connect_renegotiate++; - /* break */ - case SSL_ST_BEFORE: - case SSL_ST_CONNECT: - case SSL_ST_BEFORE|SSL_ST_CONNECT: - case SSL_ST_OK|SSL_ST_CONNECT: - - s->server=0; - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); - - if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) && - (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) - { - SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); - ret = -1; - goto end; - } - - /* s->version=SSL3_VERSION; */ - s->type=SSL_ST_CONNECT; - - if (s->init_buf == NULL) - { - if ((buf=BUF_MEM_new()) == NULL) - { - ret= -1; - goto end; - } - if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) - { - ret= -1; - goto end; - } - s->init_buf=buf; - buf=NULL; - } - - if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } - - /* setup buffing BIO */ - if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; } - - /* don't push the buffering BIO quite yet */ - - s->state=SSL3_ST_CW_CLNT_HELLO_A; - s->ctx->stats.sess_connect++; - s->init_num=0; - /* mark client_random uninitialized */ - memset(s->s3->client_random,0,sizeof(s->s3->client_random)); - s->d1->send_cookie = 0; - s->hit = 0; - s->d1->change_cipher_spec_ok = 0; - /* Should have been reset by ssl3_get_finished, too. */ - s->s3->change_cipher_spec = 0; - break; - -#ifndef OPENSSL_NO_SCTP - case DTLS1_SCTP_ST_CR_READ_SOCK: - - if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) - { - s->s3->in_read_app_data=2; - s->rwstate=SSL_READING; - BIO_clear_retry_flags(SSL_get_rbio(s)); - BIO_set_retry_read(SSL_get_rbio(s)); - ret = -1; - goto end; - } - - s->state=s->s3->tmp.next_state; - break; - - case DTLS1_SCTP_ST_CW_WRITE_SOCK: - /* read app data until dry event */ - - ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); - if (ret < 0) goto end; - - if (ret == 0) - { - s->s3->in_read_app_data=2; - s->rwstate=SSL_READING; - BIO_clear_retry_flags(SSL_get_rbio(s)); - BIO_set_retry_read(SSL_get_rbio(s)); - ret = -1; - goto end; - } - - s->state=s->d1->next_state; - break; -#endif - - case SSL3_ST_CW_CLNT_HELLO_A: - case SSL3_ST_CW_CLNT_HELLO_B: - - s->shutdown=0; - - /* every DTLS ClientHello resets Finished MAC */ - ssl3_init_finished_mac(s); - - dtls1_start_timer(s); - ret=dtls1_client_hello(s); - if (ret <= 0) goto end; - - if ( s->d1->send_cookie) - { - s->state=SSL3_ST_CW_FLUSH; - s->s3->tmp.next_state=SSL3_ST_CR_SRVR_HELLO_A; - } - else - s->state=SSL3_ST_CR_SRVR_HELLO_A; - - s->init_num=0; - -#ifndef OPENSSL_NO_SCTP - /* Disable buffering for SCTP */ - if (!BIO_dgram_is_sctp(SSL_get_wbio(s))) - { -#endif - /* turn on buffering for the next lot of output */ - if (s->bbio != s->wbio) - s->wbio=BIO_push(s->bbio,s->wbio); -#ifndef OPENSSL_NO_SCTP - } -#endif - - break; - - case SSL3_ST_CR_SRVR_HELLO_A: - case SSL3_ST_CR_SRVR_HELLO_B: - ret=ssl3_get_server_hello(s); - if (ret <= 0) goto end; - else - { - if (s->hit) - { -#ifndef OPENSSL_NO_SCTP - /* Add new shared key for SCTP-Auth, - * will be ignored if no SCTP used. - */ - snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), - DTLS1_SCTP_AUTH_LABEL); - - SSL_export_keying_material(s, sctpauthkey, - sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0); - - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, - sizeof(sctpauthkey), sctpauthkey); -#endif - - s->state=SSL3_ST_CR_FINISHED_A; - } - else - s->state=DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; - } - s->init_num=0; - break; - - case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: - case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: - - ret = dtls1_get_hello_verify(s); - if ( ret <= 0) - goto end; - dtls1_stop_timer(s); - if ( s->d1->send_cookie) /* start again, with a cookie */ - s->state=SSL3_ST_CW_CLNT_HELLO_A; - else - s->state = SSL3_ST_CR_CERT_A; - s->init_num = 0; - break; - - case SSL3_ST_CR_CERT_A: - case SSL3_ST_CR_CERT_B: - /* Check if it is anon DH or PSK */ - if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && - !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) - { - ret=ssl3_get_server_certificate(s); - if (ret <= 0) goto end; -#ifndef OPENSSL_NO_TLSEXT - if (s->tlsext_status_expected) - s->state=SSL3_ST_CR_CERT_STATUS_A; - else - s->state=SSL3_ST_CR_KEY_EXCH_A; - } - else - { - skip = 1; - s->state=SSL3_ST_CR_KEY_EXCH_A; - } -#else - } - else - skip=1; - - s->state=SSL3_ST_CR_KEY_EXCH_A; -#endif - s->init_num=0; - break; - - case SSL3_ST_CR_KEY_EXCH_A: - case SSL3_ST_CR_KEY_EXCH_B: - ret=ssl3_get_key_exchange(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_CR_CERT_REQ_A; - s->init_num=0; - - /* at this point we check that we have the - * required stuff from the server */ - if (!ssl3_check_cert_and_algorithm(s)) - { - ret= -1; - goto end; - } - break; - - case SSL3_ST_CR_CERT_REQ_A: - case SSL3_ST_CR_CERT_REQ_B: - ret=ssl3_get_certificate_request(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_CR_SRVR_DONE_A; - s->init_num=0; - break; - - case SSL3_ST_CR_SRVR_DONE_A: - case SSL3_ST_CR_SRVR_DONE_B: - ret=ssl3_get_server_done(s); - if (ret <= 0) goto end; - dtls1_stop_timer(s); - if (s->s3->tmp.cert_req) - s->s3->tmp.next_state=SSL3_ST_CW_CERT_A; - else - s->s3->tmp.next_state=SSL3_ST_CW_KEY_EXCH_A; - s->init_num=0; - -#ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && - state == SSL_ST_RENEGOTIATE) - s->state=DTLS1_SCTP_ST_CR_READ_SOCK; - else -#endif - s->state=s->s3->tmp.next_state; - break; - - case SSL3_ST_CW_CERT_A: - case SSL3_ST_CW_CERT_B: - case SSL3_ST_CW_CERT_C: - case SSL3_ST_CW_CERT_D: - dtls1_start_timer(s); - ret=dtls1_send_client_certificate(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_CW_KEY_EXCH_A; - s->init_num=0; - break; - - case SSL3_ST_CW_KEY_EXCH_A: - case SSL3_ST_CW_KEY_EXCH_B: - dtls1_start_timer(s); - ret=dtls1_send_client_key_exchange(s); - if (ret <= 0) goto end; - -#ifndef OPENSSL_NO_SCTP - /* Add new shared key for SCTP-Auth, - * will be ignored if no SCTP used. - */ - snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), - DTLS1_SCTP_AUTH_LABEL); - - SSL_export_keying_material(s, sctpauthkey, - sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0); - - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, - sizeof(sctpauthkey), sctpauthkey); -#endif - - /* EAY EAY EAY need to check for DH fix cert - * sent back */ - /* For TLS, cert_req is set to 2, so a cert chain - * of nothing is sent, but no verify packet is sent */ - if (s->s3->tmp.cert_req == 1) - { - s->state=SSL3_ST_CW_CERT_VRFY_A; - } - else - { -#ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s))) - { - s->d1->next_state=SSL3_ST_CW_CHANGE_A; - s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK; - } - else -#endif - s->state=SSL3_ST_CW_CHANGE_A; - } - - s->init_num=0; - break; - - case SSL3_ST_CW_CERT_VRFY_A: - case SSL3_ST_CW_CERT_VRFY_B: - dtls1_start_timer(s); - ret=dtls1_send_client_verify(s); - if (ret <= 0) goto end; -#ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s))) - { - s->d1->next_state=SSL3_ST_CW_CHANGE_A; - s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK; - } - else -#endif - s->state=SSL3_ST_CW_CHANGE_A; - s->init_num=0; - break; - - case SSL3_ST_CW_CHANGE_A: - case SSL3_ST_CW_CHANGE_B: - if (!s->hit) - dtls1_start_timer(s); - ret=dtls1_send_change_cipher_spec(s, - SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); - if (ret <= 0) goto end; - - s->state=SSL3_ST_CW_FINISHED_A; - s->init_num=0; - - s->session->cipher=s->s3->tmp.new_cipher; -#ifdef OPENSSL_NO_COMP - s->session->compress_meth=0; -#else - if (s->s3->tmp.new_compression == NULL) - s->session->compress_meth=0; - else - s->session->compress_meth= - s->s3->tmp.new_compression->id; -#endif - if (!s->method->ssl3_enc->setup_key_block(s)) - { - ret= -1; - goto end; - } - - if (!s->method->ssl3_enc->change_cipher_state(s, - SSL3_CHANGE_CIPHER_CLIENT_WRITE)) - { - ret= -1; - goto end; - } - -#ifndef OPENSSL_NO_SCTP - if (s->hit) - { - /* Change to new shared key of SCTP-Auth, - * will be ignored if no SCTP used. - */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); - } -#endif - - dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); - break; - - case SSL3_ST_CW_FINISHED_A: - case SSL3_ST_CW_FINISHED_B: - if (!s->hit) - dtls1_start_timer(s); - ret=dtls1_send_finished(s, - SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, - s->method->ssl3_enc->client_finished_label, - s->method->ssl3_enc->client_finished_label_len); - if (ret <= 0) goto end; - s->state=SSL3_ST_CW_FLUSH; - - /* clear flags */ - s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; - if (s->hit) - { - s->s3->tmp.next_state=SSL_ST_OK; -#ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s))) - { - s->d1->next_state = s->s3->tmp.next_state; - s->s3->tmp.next_state=DTLS1_SCTP_ST_CW_WRITE_SOCK; - } -#endif - if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) - { - s->state=SSL_ST_OK; -#ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s))) - { - s->d1->next_state = SSL_ST_OK; - s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK; - } -#endif - s->s3->flags|=SSL3_FLAGS_POP_BUFFER; - s->s3->delay_buf_pop_ret=0; - } - } - else - { -#ifndef OPENSSL_NO_SCTP - /* Change to new shared key of SCTP-Auth, - * will be ignored if no SCTP used. - */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); -#endif - -#ifndef OPENSSL_NO_TLSEXT - /* Allow NewSessionTicket if ticket expected */ - if (s->tlsext_ticket_expected) - s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A; - else -#endif - - s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; - } - s->init_num=0; - break; - -#ifndef OPENSSL_NO_TLSEXT - case SSL3_ST_CR_SESSION_TICKET_A: - case SSL3_ST_CR_SESSION_TICKET_B: - ret=ssl3_get_new_session_ticket(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_CR_FINISHED_A; - s->init_num=0; - break; - - case SSL3_ST_CR_CERT_STATUS_A: - case SSL3_ST_CR_CERT_STATUS_B: - ret=ssl3_get_cert_status(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_CR_KEY_EXCH_A; - s->init_num=0; - break; -#endif - - case SSL3_ST_CR_FINISHED_A: - case SSL3_ST_CR_FINISHED_B: - s->d1->change_cipher_spec_ok = 1; - ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, - SSL3_ST_CR_FINISHED_B); - if (ret <= 0) goto end; - dtls1_stop_timer(s); - - if (s->hit) - s->state=SSL3_ST_CW_CHANGE_A; - else - s->state=SSL_ST_OK; - -#ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && - state == SSL_ST_RENEGOTIATE) - { - s->d1->next_state=s->state; - s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK; - } -#endif - - s->init_num=0; - break; - - case SSL3_ST_CW_FLUSH: - s->rwstate=SSL_WRITING; - if (BIO_flush(s->wbio) <= 0) - { - /* If the write error was fatal, stop trying */ - if (!BIO_should_retry(s->wbio)) - { - s->rwstate=SSL_NOTHING; - s->state=s->s3->tmp.next_state; - } - - ret= -1; - goto end; - } - s->rwstate=SSL_NOTHING; - s->state=s->s3->tmp.next_state; - break; - - case SSL_ST_OK: - /* clean a few things up */ - ssl3_cleanup_key_block(s); - -#if 0 - if (s->init_buf != NULL) - { - BUF_MEM_free(s->init_buf); - s->init_buf=NULL; - } -#endif - - /* If we are not 'joining' the last two packets, - * remove the buffering now */ - if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) - ssl_free_wbio_buffer(s); - /* else do it later in ssl3_write */ - - s->init_num=0; - s->renegotiate=0; - s->new_session=0; - - ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); - if (s->hit) s->ctx->stats.sess_hit++; - - ret=1; - /* s->server=0; */ - s->handshake_func=dtls1_connect; - s->ctx->stats.sess_connect_good++; - - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); - - /* done with handshaking */ - s->d1->handshake_read_seq = 0; - s->d1->next_handshake_write_seq = 0; - goto end; - /* break; */ - - default: - SSLerr(SSL_F_DTLS1_CONNECT,SSL_R_UNKNOWN_STATE); - ret= -1; - goto end; - /* break; */ - } - - /* did we do anything */ - if (!s->s3->tmp.reuse_message && !skip) - { - if (s->debug) - { - if ((ret=BIO_flush(s->wbio)) <= 0) - goto end; - } - - if ((cb != NULL) && (s->state != state)) - { - new_state=s->state; - s->state=state; - cb(s,SSL_CB_CONNECT_LOOP,1); - s->state=new_state; - } - } - skip=0; - } -end: - s->in_handshake--; - -#ifndef OPENSSL_NO_SCTP - /* Notify SCTP BIO socket to leave handshake - * mode and allow stream identifier other - * than 0. Will be ignored if no SCTP is used. - */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL); -#endif - - if (buf != NULL) - BUF_MEM_free(buf); - if (cb != NULL) - cb(s,SSL_CB_CONNECT_EXIT,ret); - return(ret); - } - -int dtls1_client_hello(SSL *s) - { - unsigned char *buf; - unsigned char *p,*d; - unsigned int i,j; - unsigned long l; - SSL_COMP *comp; - - buf=(unsigned char *)s->init_buf->data; - if (s->state == SSL3_ST_CW_CLNT_HELLO_A) - { - SSL_SESSION *sess = s->session; - if ((s->session == NULL) || - (s->session->ssl_version != s->version) || -#ifdef OPENSSL_NO_TLSEXT - !sess->session_id_length || -#else - (!sess->session_id_length && !sess->tlsext_tick) || -#endif - (s->session->not_resumable)) - { - if (!s->session_creation_enabled) - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED); - goto err; - } - if (!ssl_get_new_session(s,0)) - goto err; - } - /* else use the pre-loaded session */ - - p=s->s3->client_random; - - /* if client_random is initialized, reuse it, we are - * required to use same upon reply to HelloVerify */ - for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) - ; - if (i==sizeof(s->s3->client_random)) - ssl_fill_hello_random(s, 0, p, - sizeof(s->s3->client_random)); - - /* Do the message type and length last */ - d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); - - *(p++)=s->version>>8; - *(p++)=s->version&0xff; - s->client_version=s->version; - - /* Random stuff */ - memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); - p+=SSL3_RANDOM_SIZE; - - /* Session ID */ - if (s->new_session) - i=0; - else - i=s->session->session_id_length; - *(p++)=i; - if (i != 0) - { - if (i > sizeof s->session->session_id) - { - SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - goto err; - } - memcpy(p,s->session->session_id,i); - p+=i; - } - - /* cookie stuff */ - if ( s->d1->cookie_len > sizeof(s->d1->cookie)) - { - SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - goto err; - } - *(p++) = s->d1->cookie_len; - memcpy(p, s->d1->cookie, s->d1->cookie_len); - p += s->d1->cookie_len; - - /* Ciphers supported */ - i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0); - if (i == 0) - { - SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); - goto err; - } - s2n(i,p); - p+=i; - - /* COMPRESSION */ - if (s->ctx->comp_methods == NULL) - j=0; - else - j=sk_SSL_COMP_num(s->ctx->comp_methods); - *(p++)=1+j; - for (i=0; i<j; i++) - { - comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); - *(p++)=comp->id; - } - *(p++)=0; /* Add the NULL method */ - -#ifndef OPENSSL_NO_TLSEXT - /* TLS extensions*/ - if (ssl_prepare_clienthello_tlsext(s) <= 0) - { - SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); - goto err; - } - if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) - { - SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); - goto err; - } -#endif - - l=(p-d); - d=buf; - - d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l); - - s->state=SSL3_ST_CW_CLNT_HELLO_B; - /* number of bytes to write */ - s->init_num=p-buf; - s->init_off=0; - - /* buffer the message to handle re-xmits */ - dtls1_buffer_message(s, 0); - } - - /* SSL3_ST_CW_CLNT_HELLO_B */ - return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); -err: - return(-1); - } - -static int dtls1_get_hello_verify(SSL *s) - { - int n, al, ok = 0; - unsigned char *data; - unsigned int cookie_len; - - n=s->method->ssl_get_message(s, - DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, - DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, - -1, - s->max_cert_list, - &ok); - - if (!ok) return((int)n); - - if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) - { - s->d1->send_cookie = 0; - s->s3->tmp.reuse_message=1; - return(1); - } - - data = (unsigned char *)s->init_msg; - - if ((data[0] != (s->version>>8)) || (data[1] != (s->version&0xff))) - { - SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY,SSL_R_WRONG_SSL_VERSION); - s->version=(s->version&0xff00)|data[1]; - al = SSL_AD_PROTOCOL_VERSION; - goto f_err; - } - data+=2; - - cookie_len = *(data++); - if ( cookie_len > sizeof(s->d1->cookie)) - { - al=SSL_AD_ILLEGAL_PARAMETER; - goto f_err; - } - - memcpy(s->d1->cookie, data, cookie_len); - s->d1->cookie_len = cookie_len; - - s->d1->send_cookie = 1; - return 1; - -f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - return -1; - } - -int dtls1_send_client_key_exchange(SSL *s) - { - unsigned char *p,*d; - int n; - unsigned long alg_k; -#ifndef OPENSSL_NO_RSA - unsigned char *q; - EVP_PKEY *pkey=NULL; -#endif -#ifndef OPENSSL_NO_KRB5 - KSSL_ERR kssl_err; -#endif /* OPENSSL_NO_KRB5 */ -#ifndef OPENSSL_NO_ECDH - EC_KEY *clnt_ecdh = NULL; - const EC_POINT *srvr_ecpoint = NULL; - EVP_PKEY *srvr_pub_pkey = NULL; - unsigned char *encodedPoint = NULL; - int encoded_pt_len = 0; - BN_CTX * bn_ctx = NULL; -#endif - - if (s->state == SSL3_ST_CW_KEY_EXCH_A) - { - d=(unsigned char *)s->init_buf->data; - p= &(d[DTLS1_HM_HEADER_LENGTH]); - - alg_k=s->s3->tmp.new_cipher->algorithm_mkey; - - /* Fool emacs indentation */ - if (0) {} -#ifndef OPENSSL_NO_RSA - else if (alg_k & SSL_kRSA) - { - RSA *rsa; - unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; - - if (s->session->sess_cert == NULL) - { - /* We should always have a server certificate with SSL_kRSA. */ - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); - goto err; - } - - if (s->session->sess_cert->peer_rsa_tmp != NULL) - rsa=s->session->sess_cert->peer_rsa_tmp; - else - { - pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); - if ((pkey == NULL) || - (pkey->type != EVP_PKEY_RSA) || - (pkey->pkey.rsa == NULL)) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); - goto err; - } - rsa=pkey->pkey.rsa; - EVP_PKEY_free(pkey); - } - - tmp_buf[0]=s->client_version>>8; - tmp_buf[1]=s->client_version&0xff; - if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0) - goto err; - - s->session->master_key_length=sizeof tmp_buf; - - q=p; - /* Fix buf for TLS and [incidentally] DTLS */ - if (s->version > SSL3_VERSION) - p+=2; - n=RSA_public_encrypt(sizeof tmp_buf, - tmp_buf,p,rsa,RSA_PKCS1_PADDING); -#ifdef PKCS1_CHECK - if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++; - if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70; -#endif - if (n <= 0) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT); - goto err; - } - - /* Fix buf for TLS and [incidentally] DTLS */ - if (s->version > SSL3_VERSION) - { - s2n(n,q); - n+=2; - } - - s->session->master_key_length= - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, - tmp_buf,sizeof tmp_buf); - OPENSSL_cleanse(tmp_buf,sizeof tmp_buf); - } -#endif -#ifndef OPENSSL_NO_KRB5 - else if (alg_k & SSL_kKRB5) - { - krb5_error_code krb5rc; - KSSL_CTX *kssl_ctx = s->kssl_ctx; - /* krb5_data krb5_ap_req; */ - krb5_data *enc_ticket; - krb5_data authenticator, *authp = NULL; - EVP_CIPHER_CTX ciph_ctx; - const EVP_CIPHER *enc = NULL; - unsigned char iv[EVP_MAX_IV_LENGTH]; - unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; - unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH - + EVP_MAX_IV_LENGTH]; - int padl, outl = sizeof(epms); - - EVP_CIPHER_CTX_init(&ciph_ctx); - -#ifdef KSSL_DEBUG - printf("ssl3_send_client_key_exchange(%lx & %lx)\n", - alg_k, SSL_kKRB5); -#endif /* KSSL_DEBUG */ - - authp = NULL; -#ifdef KRB5SENDAUTH - if (KRB5SENDAUTH) authp = &authenticator; -#endif /* KRB5SENDAUTH */ - - krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, - &kssl_err); - enc = kssl_map_enc(kssl_ctx->enctype); - if (enc == NULL) - goto err; -#ifdef KSSL_DEBUG - { - printf("kssl_cget_tkt rtn %d\n", krb5rc); - if (krb5rc && kssl_err.text) - printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); - } -#endif /* KSSL_DEBUG */ - - if (krb5rc) - { - ssl3_send_alert(s,SSL3_AL_FATAL, - SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, - kssl_err.reason); - goto err; - } - - /* 20010406 VRS - Earlier versions used KRB5 AP_REQ - ** in place of RFC 2712 KerberosWrapper, as in: - ** - ** Send ticket (copy to *p, set n = length) - ** n = krb5_ap_req.length; - ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); - ** if (krb5_ap_req.data) - ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); - ** - ** Now using real RFC 2712 KerberosWrapper - ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>) - ** Note: 2712 "opaque" types are here replaced - ** with a 2-byte length followed by the value. - ** Example: - ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms - ** Where "xx xx" = length bytes. Shown here with - ** optional authenticator omitted. - */ - - /* KerberosWrapper.Ticket */ - s2n(enc_ticket->length,p); - memcpy(p, enc_ticket->data, enc_ticket->length); - p+= enc_ticket->length; - n = enc_ticket->length + 2; - - /* KerberosWrapper.Authenticator */ - if (authp && authp->length) - { - s2n(authp->length,p); - memcpy(p, authp->data, authp->length); - p+= authp->length; - n+= authp->length + 2; - - free(authp->data); - authp->data = NULL; - authp->length = 0; - } - else - { - s2n(0,p);/* null authenticator length */ - n+=2; - } - - if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0) - goto err; - - /* 20010420 VRS. Tried it this way; failed. - ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); - ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx, - ** kssl_ctx->length); - ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); - */ - - memset(iv, 0, sizeof iv); /* per RFC 1510 */ - EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, - kssl_ctx->key,iv); - EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf, - sizeof tmp_buf); - EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); - outl += padl; - if (outl > (int)sizeof epms) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); - goto err; - } - EVP_CIPHER_CTX_cleanup(&ciph_ctx); - - /* KerberosWrapper.EncryptedPreMasterSecret */ - s2n(outl,p); - memcpy(p, epms, outl); - p+=outl; - n+=outl + 2; - - s->session->master_key_length= - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, - tmp_buf, sizeof tmp_buf); - - OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); - OPENSSL_cleanse(epms, outl); - } -#endif -#ifndef OPENSSL_NO_DH - else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) - { - DH *dh_srvr,*dh_clnt; - - if (s->session->sess_cert == NULL) - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); - goto err; - } - - if (s->session->sess_cert->peer_dh_tmp != NULL) - dh_srvr=s->session->sess_cert->peer_dh_tmp; - else - { - /* we get them from the cert */ - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); - goto err; - } - - /* generate a new random key */ - if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); - goto err; - } - if (!DH_generate_key(dh_clnt)) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); - goto err; - } - - /* use the 'p' output buffer for the DH key, but - * make sure to clear it out afterwards */ - - n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt); - - if (n <= 0) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); - goto err; - } - - /* generate master key from the result */ - s->session->master_key_length= - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key,p,n); - /* clean up */ - memset(p,0,n); - - /* send off the data */ - n=BN_num_bytes(dh_clnt->pub_key); - s2n(n,p); - BN_bn2bin(dh_clnt->pub_key,p); - n+=2; - - DH_free(dh_clnt); - - /* perhaps clean things up a bit EAY EAY EAY EAY*/ - } -#endif -#ifndef OPENSSL_NO_ECDH - else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) - { - const EC_GROUP *srvr_group = NULL; - EC_KEY *tkey; - int ecdh_clnt_cert = 0; - int field_size = 0; - - if (s->session->sess_cert == NULL) - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); - goto err; - } - - /* Did we send out the client's - * ECDH share for use in premaster - * computation as part of client certificate? - * If so, set ecdh_clnt_cert to 1. - */ - if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) - { - /* XXX: For now, we do not support client - * authentication using ECDH certificates. - * To add such support, one needs to add - * code that checks for appropriate - * conditions and sets ecdh_clnt_cert to 1. - * For example, the cert have an ECC - * key on the same curve as the server's - * and the key should be authorized for - * key agreement. - * - * One also needs to add code in ssl3_connect - * to skip sending the certificate verify - * message. - * - * if ((s->cert->key->privatekey != NULL) && - * (s->cert->key->privatekey->type == - * EVP_PKEY_EC) && ...) - * ecdh_clnt_cert = 1; - */ - } - - if (s->session->sess_cert->peer_ecdh_tmp != NULL) - { - tkey = s->session->sess_cert->peer_ecdh_tmp; - } - else - { - /* Get the Server Public Key from Cert */ - srvr_pub_pkey = X509_get_pubkey(s->session-> \ - sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); - if ((srvr_pub_pkey == NULL) || - (srvr_pub_pkey->type != EVP_PKEY_EC) || - (srvr_pub_pkey->pkey.ec == NULL)) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto err; - } - - tkey = srvr_pub_pkey->pkey.ec; - } - - srvr_group = EC_KEY_get0_group(tkey); - srvr_ecpoint = EC_KEY_get0_public_key(tkey); - - if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto err; - } - - if ((clnt_ecdh=EC_KEY_new()) == NULL) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB); - goto err; - } - if (ecdh_clnt_cert) - { - /* Reuse key info from our certificate - * We only need our private key to perform - * the ECDH computation. - */ - const BIGNUM *priv_key; - tkey = s->cert->key->privatekey->pkey.ec; - priv_key = EC_KEY_get0_private_key(tkey); - if (priv_key == NULL) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); - goto err; - } - if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB); - goto err; - } - } - else - { - /* Generate a new ECDH key pair */ - if (!(EC_KEY_generate_key(clnt_ecdh))) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); - goto err; - } - } - - /* use the 'p' output buffer for the ECDH key, but - * make sure to clear it out afterwards - */ - - field_size = EC_GROUP_get_degree(srvr_group); - if (field_size <= 0) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_ECDH_LIB); - goto err; - } - n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL); - if (n <= 0) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_ECDH_LIB); - goto err; - } - - /* generate master key from the result */ - s->session->master_key_length = s->method->ssl3_enc \ - -> generate_master_secret(s, - s->session->master_key, - p, n); - - memset(p, 0, n); /* clean up */ - - if (ecdh_clnt_cert) - { - /* Send empty client key exch message */ - n = 0; - } - else - { - /* First check the size of encoding and - * allocate memory accordingly. - */ - encoded_pt_len = - EC_POINT_point2oct(srvr_group, - EC_KEY_get0_public_key(clnt_ecdh), - POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, NULL); - - encodedPoint = (unsigned char *) - OPENSSL_malloc(encoded_pt_len * - sizeof(unsigned char)); - bn_ctx = BN_CTX_new(); - if ((encodedPoint == NULL) || - (bn_ctx == NULL)) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); - goto err; - } - - /* Encode the public key */ - n = EC_POINT_point2oct(srvr_group, - EC_KEY_get0_public_key(clnt_ecdh), - POINT_CONVERSION_UNCOMPRESSED, - encodedPoint, encoded_pt_len, bn_ctx); - - *p = n; /* length of encoded point */ - /* Encoded point will be copied here */ - p += 1; - /* copy the point */ - memcpy((unsigned char *)p, encodedPoint, n); - /* increment n to account for length field */ - n += 1; - } - - /* Free allocated memory */ - BN_CTX_free(bn_ctx); - if (encodedPoint != NULL) OPENSSL_free(encodedPoint); - if (clnt_ecdh != NULL) - EC_KEY_free(clnt_ecdh); - EVP_PKEY_free(srvr_pub_pkey); - } -#endif /* !OPENSSL_NO_ECDH */ - -#ifndef OPENSSL_NO_PSK - else if (alg_k & SSL_kPSK) - { - char identity[PSK_MAX_IDENTITY_LEN]; - unsigned char *t = NULL; - unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4]; - unsigned int pre_ms_len = 0, psk_len = 0; - int psk_err = 1; - - n = 0; - if (s->psk_client_callback == NULL) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, - SSL_R_PSK_NO_CLIENT_CB); - goto err; - } - - psk_len = s->psk_client_callback(s, s->session->psk_identity_hint, - identity, PSK_MAX_IDENTITY_LEN, - psk_or_pre_ms, sizeof(psk_or_pre_ms)); - if (psk_len > PSK_MAX_PSK_LEN) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto psk_err; - } - else if (psk_len == 0) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, - SSL_R_PSK_IDENTITY_NOT_FOUND); - goto psk_err; - } - - /* create PSK pre_master_secret */ - pre_ms_len = 2+psk_len+2+psk_len; - t = psk_or_pre_ms; - memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len); - s2n(psk_len, t); - memset(t, 0, psk_len); - t+=psk_len; - s2n(psk_len, t); - - if (s->session->psk_identity != NULL) - OPENSSL_free(s->session->psk_identity); - s->session->psk_identity = BUF_strdup(identity); - if (s->session->psk_identity == NULL) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); - goto psk_err; - } - - s->session->master_key_length = - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, - psk_or_pre_ms, pre_ms_len); - n = strlen(identity); - s2n(n, p); - memcpy(p, identity, n); - n+=2; - psk_err = 0; - psk_err: - OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); - OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); - if (psk_err != 0) - { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - goto err; - } - } -#endif - else - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); - goto err; - } - - d = dtls1_set_message_header(s, d, - SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n); - /* - *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE; - l2n3(n,d); - l2n(s->d1->handshake_write_seq,d); - s->d1->handshake_write_seq++; - */ - - s->state=SSL3_ST_CW_KEY_EXCH_B; - /* number of bytes to write */ - s->init_num=n+DTLS1_HM_HEADER_LENGTH; - s->init_off=0; - - /* buffer the message to handle re-xmits */ - dtls1_buffer_message(s, 0); - } - - /* SSL3_ST_CW_KEY_EXCH_B */ - return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); -err: -#ifndef OPENSSL_NO_ECDH - BN_CTX_free(bn_ctx); - if (encodedPoint != NULL) OPENSSL_free(encodedPoint); - if (clnt_ecdh != NULL) - EC_KEY_free(clnt_ecdh); - EVP_PKEY_free(srvr_pub_pkey); -#endif - return(-1); - } - -int dtls1_send_client_verify(SSL *s) - { - unsigned char *p,*d; - unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; - EVP_PKEY *pkey; -#ifndef OPENSSL_NO_RSA - unsigned u=0; -#endif - unsigned long n; -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) - int j; -#endif - - if (s->state == SSL3_ST_CW_CERT_VRFY_A) - { - d=(unsigned char *)s->init_buf->data; - p= &(d[DTLS1_HM_HEADER_LENGTH]); - pkey=s->cert->key->privatekey; - - s->method->ssl3_enc->cert_verify_mac(s, - NID_sha1, - &(data[MD5_DIGEST_LENGTH])); - -#ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA) - { - s->method->ssl3_enc->cert_verify_mac(s, - NID_md5, - &(data[0])); - if (RSA_sign(NID_md5_sha1, data, - MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, - &(p[2]), &u, pkey->pkey.rsa) <= 0 ) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB); - goto err; - } - s2n(u,p); - n=u+2; - } - else -#endif -#ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - { - if (!DSA_sign(pkey->save_type, - &(data[MD5_DIGEST_LENGTH]), - SHA_DIGEST_LENGTH,&(p[2]), - (unsigned int *)&j,pkey->pkey.dsa)) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB); - goto err; - } - s2n(j,p); - n=j+2; - } - else -#endif -#ifndef OPENSSL_NO_ECDSA - if (pkey->type == EVP_PKEY_EC) - { - if (!ECDSA_sign(pkey->save_type, - &(data[MD5_DIGEST_LENGTH]), - SHA_DIGEST_LENGTH,&(p[2]), - (unsigned int *)&j,pkey->pkey.ec)) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, - ERR_R_ECDSA_LIB); - goto err; - } - s2n(j,p); - n=j+2; - } - else -#endif - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); - goto err; - } - - d = dtls1_set_message_header(s, d, - SSL3_MT_CERTIFICATE_VERIFY, n, 0, n) ; - - s->init_num=(int)n+DTLS1_HM_HEADER_LENGTH; - s->init_off=0; - - /* buffer the message to handle re-xmits */ - dtls1_buffer_message(s, 0); - - s->state = SSL3_ST_CW_CERT_VRFY_B; - } - - /* s->state = SSL3_ST_CW_CERT_VRFY_B */ - return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); -err: - return(-1); - } - -int dtls1_send_client_certificate(SSL *s) - { - X509 *x509=NULL; - EVP_PKEY *pkey=NULL; - int i; - unsigned long l; - - if (s->state == SSL3_ST_CW_CERT_A) - { - if ((s->cert == NULL) || - (s->cert->key->x509 == NULL) || - (s->cert->key->privatekey == NULL)) - s->state=SSL3_ST_CW_CERT_B; - else - s->state=SSL3_ST_CW_CERT_C; - } - - /* We need to get a client cert */ - if (s->state == SSL3_ST_CW_CERT_B) - { - /* If we get an error, we need to - * ssl->rwstate=SSL_X509_LOOKUP; return(-1); - * We then get retied later */ - i=0; - i = ssl_do_client_cert_cb(s, &x509, &pkey); - if (i < 0) - { - s->rwstate=SSL_X509_LOOKUP; - return(-1); - } - s->rwstate=SSL_NOTHING; - if ((i == 1) && (pkey != NULL) && (x509 != NULL)) - { - s->state=SSL3_ST_CW_CERT_B; - if ( !SSL_use_certificate(s,x509) || - !SSL_use_PrivateKey(s,pkey)) - i=0; - } - else if (i == 1) - { - i=0; - SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); - } - - if (x509 != NULL) X509_free(x509); - if (pkey != NULL) EVP_PKEY_free(pkey); - if (i == 0) - { - if (s->version == SSL3_VERSION) - { - s->s3->tmp.cert_req=0; - ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE); - return(1); - } - else - { - s->s3->tmp.cert_req=2; - } - } - - /* Ok, we have a cert */ - s->state=SSL3_ST_CW_CERT_C; - } - - if (s->state == SSL3_ST_CW_CERT_C) - { - s->state=SSL3_ST_CW_CERT_D; - l=dtls1_output_cert_chain(s, - (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509); - if (!l) - { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR); - return 0; - } - s->init_num=(int)l; - s->init_off=0; - - /* set header called by dtls1_output_cert_chain() */ - - /* buffer the message to handle re-xmits */ - dtls1_buffer_message(s, 0); - } - /* SSL3_ST_CW_CERT_D */ - return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); - } diff --git a/main/openssl/ssl/d1_enc.c b/main/openssl/ssl/d1_enc.c deleted file mode 100644 index 3da2b4c8..00000000 --- a/main/openssl/ssl/d1_enc.c +++ /dev/null @@ -1,261 +0,0 @@ -/* ssl/d1_enc.c */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "ssl_locl.h" -#ifndef OPENSSL_NO_COMP -#include <openssl/comp.h> -#endif -#include <openssl/evp.h> -#include <openssl/hmac.h> -#include <openssl/md5.h> -#include <openssl/rand.h> -#ifdef KSSL_DEBUG -#include <openssl/des.h> -#endif - -/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. - * - * Returns: - * 0: (in non-constant time) if the record is publically invalid (i.e. too - * short etc). - * 1: if the record's padding is valid / the encryption was successful. - * -1: if the record's padding/AEAD-authenticator is invalid or, if sending, - * an internal error occured. */ -int dtls1_enc(SSL *s, int send) - { - SSL3_RECORD *rec; - EVP_CIPHER_CTX *ds; - unsigned long l; - int bs,i,j,k,mac_size=0; - const EVP_CIPHER *enc; - - if (send) - { - if (EVP_MD_CTX_md(s->write_hash)) - { - mac_size=EVP_MD_CTX_size(s->write_hash); - if (mac_size < 0) - return -1; - } - ds=s->enc_write_ctx; - rec= &(s->s3->wrec); - if (s->enc_write_ctx == NULL) - enc=NULL; - else - { - enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); - if ( rec->data != rec->input) - /* we can't write into the input stream */ - fprintf(stderr, "%s:%d: rec->data != rec->input\n", - __FILE__, __LINE__); - else if ( EVP_CIPHER_block_size(ds->cipher) > 1) - { - if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0) - return -1; - } - } - } - else - { - if (EVP_MD_CTX_md(s->read_hash)) - { - mac_size=EVP_MD_CTX_size(s->read_hash); - OPENSSL_assert(mac_size >= 0); - } - ds=s->enc_read_ctx; - rec= &(s->s3->rrec); - if (s->enc_read_ctx == NULL) - enc=NULL; - else - enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); - } - -#ifdef KSSL_DEBUG - printf("dtls1_enc(%d)\n", send); -#endif /* KSSL_DEBUG */ - - if ((s->session == NULL) || (ds == NULL) || - (enc == NULL)) - { - memmove(rec->data,rec->input,rec->length); - rec->input=rec->data; - } - else - { - l=rec->length; - bs=EVP_CIPHER_block_size(ds->cipher); - - if ((bs != 1) && send) - { - i=bs-((int)l%bs); - - /* Add weird padding of upto 256 bytes */ - - /* we need to add 'i' padding bytes of value j */ - j=i-1; - if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) - { - if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) - j++; - } - for (k=(int)l; k<(int)(l+i); k++) - rec->input[k]=j; - l+=i; - rec->length+=i; - } - -#ifdef KSSL_DEBUG - { - unsigned long ui; - printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", - ds,rec->data,rec->input,l); - printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", - ds->buf_len, ds->cipher->key_len, - DES_KEY_SZ, DES_SCHEDULE_SZ, - ds->cipher->iv_len); - printf("\t\tIV: "); - for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); - printf("\n"); - printf("\trec->input="); - for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]); - printf("\n"); - } -#endif /* KSSL_DEBUG */ - - if (!send) - { - if (l == 0 || l%bs != 0) - return 0; - } - - if(EVP_Cipher(ds,rec->data,rec->input,l) < 1) - return -1; - -#ifdef KSSL_DEBUG - { - unsigned long i; - printf("\trec->data="); - for (i=0; i<l; i++) - printf(" %02x", rec->data[i]); printf("\n"); - } -#endif /* KSSL_DEBUG */ - - if ((bs != 1) && !send) - return tls1_cbc_remove_padding(s, rec, bs, mac_size); - } - return(1); - } - diff --git a/main/openssl/ssl/d1_lib.c b/main/openssl/ssl/d1_lib.c deleted file mode 100644 index 14337b31..00000000 --- a/main/openssl/ssl/d1_lib.c +++ /dev/null @@ -1,520 +0,0 @@ -/* ssl/d1_lib.c */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <stdio.h> -#define USE_SOCKETS -#include <openssl/objects.h> -#include "ssl_locl.h" - -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) -#include <sys/timeb.h> -#endif - -static void get_current_time(struct timeval *t); -const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT; -int dtls1_listen(SSL *s, struct sockaddr *client); - -SSL3_ENC_METHOD DTLSv1_enc_data={ - dtls1_enc, - tls1_mac, - tls1_setup_key_block, - tls1_generate_master_secret, - tls1_change_cipher_state, - tls1_final_finish_mac, - TLS1_FINISH_MAC_LENGTH, - tls1_cert_verify_mac, - TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, - TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, - tls1_alert_code, - tls1_export_keying_material, - }; - -long dtls1_default_timeout(void) - { - /* 2 hours, the 24 hours mentioned in the DTLSv1 spec - * is way too long for http, the cache would over fill */ - return(60*60*2); - } - -int dtls1_new(SSL *s) - { - DTLS1_STATE *d1; - - if (!ssl3_new(s)) return(0); - if ((d1=OPENSSL_malloc(sizeof *d1)) == NULL) return (0); - memset(d1,0, sizeof *d1); - - /* d1->handshake_epoch=0; */ - - d1->unprocessed_rcds.q=pqueue_new(); - d1->processed_rcds.q=pqueue_new(); - d1->buffered_messages = pqueue_new(); - d1->sent_messages=pqueue_new(); - d1->buffered_app_data.q=pqueue_new(); - - if ( s->server) - { - d1->cookie_len = sizeof(s->d1->cookie); - } - - d1->link_mtu = 0; - d1->mtu = 0; - - if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q - || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q) - { - if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q); - if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q); - if ( d1->buffered_messages) pqueue_free(d1->buffered_messages); - if ( d1->sent_messages) pqueue_free(d1->sent_messages); - if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q); - OPENSSL_free(d1); - return (0); - } - - s->d1=d1; - s->method->ssl_clear(s); - return(1); - } - -static void dtls1_clear_queues(SSL *s) - { - pitem *item = NULL; - hm_fragment *frag = NULL; - DTLS1_RECORD_DATA *rdata; - - while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) - { - rdata = (DTLS1_RECORD_DATA *) item->data; - if (rdata->rbuf.buf) - { - OPENSSL_free(rdata->rbuf.buf); - } - OPENSSL_free(item->data); - pitem_free(item); - } - - while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) - { - rdata = (DTLS1_RECORD_DATA *) item->data; - if (rdata->rbuf.buf) - { - OPENSSL_free(rdata->rbuf.buf); - } - OPENSSL_free(item->data); - pitem_free(item); - } - - while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL) - { - frag = (hm_fragment *)item->data; - dtls1_hm_fragment_free(frag); - pitem_free(item); - } - - while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL) - { - frag = (hm_fragment *)item->data; - dtls1_hm_fragment_free(frag); - pitem_free(item); - } - - while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) - { - rdata = (DTLS1_RECORD_DATA *) item->data; - if (rdata->rbuf.buf) - { - OPENSSL_free(rdata->rbuf.buf); - } - OPENSSL_free(item->data); - pitem_free(item); - } - } - -void dtls1_free(SSL *s) - { - ssl3_free(s); - - dtls1_clear_queues(s); - - pqueue_free(s->d1->unprocessed_rcds.q); - pqueue_free(s->d1->processed_rcds.q); - pqueue_free(s->d1->buffered_messages); - pqueue_free(s->d1->sent_messages); - pqueue_free(s->d1->buffered_app_data.q); - - OPENSSL_free(s->d1); - s->d1 = NULL; - } - -void dtls1_clear(SSL *s) - { - pqueue unprocessed_rcds; - pqueue processed_rcds; - pqueue buffered_messages; - pqueue sent_messages; - pqueue buffered_app_data; - unsigned int mtu; - unsigned int link_mtu; - - if (s->d1) - { - unprocessed_rcds = s->d1->unprocessed_rcds.q; - processed_rcds = s->d1->processed_rcds.q; - buffered_messages = s->d1->buffered_messages; - sent_messages = s->d1->sent_messages; - buffered_app_data = s->d1->buffered_app_data.q; - mtu = s->d1->mtu; - link_mtu = s->d1->link_mtu; - - dtls1_clear_queues(s); - - memset(s->d1, 0, sizeof(*(s->d1))); - - if (s->server) - { - s->d1->cookie_len = sizeof(s->d1->cookie); - } - - if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) - { - s->d1->mtu = mtu; - s->d1->link_mtu = link_mtu; - } - - s->d1->unprocessed_rcds.q = unprocessed_rcds; - s->d1->processed_rcds.q = processed_rcds; - s->d1->buffered_messages = buffered_messages; - s->d1->sent_messages = sent_messages; - s->d1->buffered_app_data.q = buffered_app_data; - } - - ssl3_clear(s); - if (s->options & SSL_OP_CISCO_ANYCONNECT) - s->version=DTLS1_BAD_VER; - else - s->version=DTLS1_VERSION; - } - -long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) - { - int ret=0; - - switch (cmd) - { - case DTLS_CTRL_GET_TIMEOUT: - if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) - { - ret = 1; - } - break; - case DTLS_CTRL_HANDLE_TIMEOUT: - ret = dtls1_handle_timeout(s); - break; - case DTLS_CTRL_LISTEN: - ret = dtls1_listen(s, parg); - break; - case SSL_CTRL_CHECK_PROTO_VERSION: - /* For library-internal use; checks that the current protocol - * is the highest enabled version (according to s->ctx->method, - * as version negotiation may have changed s->method). */ -#if DTLS_MAX_VERSION != DTLS1_VERSION -# error Code needs update for DTLS_method() support beyond DTLS1_VERSION. -#endif - /* Just one protocol version is supported so far; - * fail closed if the version is not as expected. */ - return s->version == DTLS_MAX_VERSION; - case DTLS_CTRL_SET_LINK_MTU: - if (larg < (long)dtls1_link_min_mtu()) - return 0; - s->d1->link_mtu = larg; - return 1; - case DTLS_CTRL_GET_LINK_MIN_MTU: - return (long)dtls1_link_min_mtu(); - case SSL_CTRL_SET_MTU: - /* - * We may not have a BIO set yet so can't call dtls1_min_mtu() - * We'll have to make do with dtls1_link_min_mtu() and max overhead - */ - if (larg < (long)dtls1_link_min_mtu() - DTLS1_MAX_MTU_OVERHEAD) - return 0; - s->d1->mtu = larg; - return larg; - default: - ret = ssl3_ctrl(s, cmd, larg, parg); - break; - } - return(ret); - } - -/* - * As it's impossible to use stream ciphers in "datagram" mode, this - * simple filter is designed to disengage them in DTLS. Unfortunately - * there is no universal way to identify stream SSL_CIPHER, so we have - * to explicitly list their SSL_* codes. Currently RC4 is the only one - * available, but if new ones emerge, they will have to be added... - */ -const SSL_CIPHER *dtls1_get_cipher(unsigned int u) - { - const SSL_CIPHER *ciph = ssl3_get_cipher(u); - - if (ciph != NULL) - { - if (ciph->algorithm_enc == SSL_RC4) - return NULL; - } - - return ciph; - } - -void dtls1_start_timer(SSL *s) - { -#ifndef OPENSSL_NO_SCTP - /* Disable timer for SCTP */ - if (BIO_dgram_is_sctp(SSL_get_wbio(s))) - { - memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); - return; - } -#endif - - /* If timer is not set, initialize duration with 1 second */ - if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) - { - s->d1->timeout_duration = 1; - } - - /* Set timeout to current time */ - get_current_time(&(s->d1->next_timeout)); - - /* Add duration to current time */ - s->d1->next_timeout.tv_sec += s->d1->timeout_duration; - BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); - } - -struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft) - { - struct timeval timenow; - - /* If no timeout is set, just return NULL */ - if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) - { - return NULL; - } - - /* Get current time */ - get_current_time(&timenow); - - /* If timer already expired, set remaining time to 0 */ - if (s->d1->next_timeout.tv_sec < timenow.tv_sec || - (s->d1->next_timeout.tv_sec == timenow.tv_sec && - s->d1->next_timeout.tv_usec <= timenow.tv_usec)) - { - memset(timeleft, 0, sizeof(struct timeval)); - return timeleft; - } - - /* Calculate time left until timer expires */ - memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval)); - timeleft->tv_sec -= timenow.tv_sec; - timeleft->tv_usec -= timenow.tv_usec; - if (timeleft->tv_usec < 0) - { - timeleft->tv_sec--; - timeleft->tv_usec += 1000000; - } - - /* If remaining time is less than 15 ms, set it to 0 - * to prevent issues because of small devergences with - * socket timeouts. - */ - if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) - { - memset(timeleft, 0, sizeof(struct timeval)); - } - - - return timeleft; - } - -int dtls1_is_timer_expired(SSL *s) - { - struct timeval timeleft; - - /* Get time left until timeout, return false if no timer running */ - if (dtls1_get_timeout(s, &timeleft) == NULL) - { - return 0; - } - - /* Return false if timer is not expired yet */ - if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) - { - return 0; - } - - /* Timer expired, so return true */ - return 1; - } - -void dtls1_double_timeout(SSL *s) - { - s->d1->timeout_duration *= 2; - if (s->d1->timeout_duration > 60) - s->d1->timeout_duration = 60; - dtls1_start_timer(s); - } - -void dtls1_stop_timer(SSL *s) - { - /* Reset everything */ - memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); - memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); - s->d1->timeout_duration = 1; - BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); - /* Clear retransmission buffer */ - dtls1_clear_record_buffer(s); - } - -int dtls1_check_timeout_num(SSL *s) - { - unsigned int mtu; - - s->d1->timeout.num_alerts++; - - /* Reduce MTU after 2 unsuccessful retransmissions */ - if (s->d1->timeout.num_alerts > 2 - && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) - { - mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); - if(mtu < s->d1->mtu) - s->d1->mtu = mtu; - } - - if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) - { - /* fail the connection, enough alerts have been sent */ - SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM,SSL_R_READ_TIMEOUT_EXPIRED); - return -1; - } - - return 0; - } - -int dtls1_handle_timeout(SSL *s) - { - /* if no timer is expired, don't do anything */ - if (!dtls1_is_timer_expired(s)) - { - return 0; - } - - dtls1_double_timeout(s); - - if (dtls1_check_timeout_num(s) < 0) - return -1; - - s->d1->timeout.read_timeouts++; - if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) - { - s->d1->timeout.read_timeouts = 1; - } - -#ifndef OPENSSL_NO_HEARTBEATS - if (s->tlsext_hb_pending) - { - s->tlsext_hb_pending = 0; - return dtls1_heartbeat(s); - } -#endif - - dtls1_start_timer(s); - return dtls1_retransmit_buffered_messages(s); - } - -static void get_current_time(struct timeval *t) -{ -#ifdef OPENSSL_SYS_WIN32 - struct _timeb tb; - _ftime(&tb); - t->tv_sec = (long)tb.time; - t->tv_usec = (long)tb.millitm * 1000; -#elif defined(OPENSSL_SYS_VMS) - struct timeb tb; - ftime(&tb); - t->tv_sec = (long)tb.time; - t->tv_usec = (long)tb.millitm * 1000; -#else - gettimeofday(t, NULL); -#endif -} - -int dtls1_listen(SSL *s, struct sockaddr *client) - { - int ret; - - SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); - s->d1->listen = 1; - - ret = SSL_accept(s); - if (ret <= 0) return ret; - - (void) BIO_dgram_get_peer(SSL_get_rbio(s), client); - return 1; - } diff --git a/main/openssl/ssl/d1_meth.c b/main/openssl/ssl/d1_meth.c deleted file mode 100644 index 5c4004bf..00000000 --- a/main/openssl/ssl/d1_meth.c +++ /dev/null @@ -1,77 +0,0 @@ -/* ssl/d1_meth.h */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <stdio.h> -#include <openssl/objects.h> -#include "ssl_locl.h" - -static const SSL_METHOD *dtls1_get_method(int ver); -static const SSL_METHOD *dtls1_get_method(int ver) - { - if (ver == DTLS1_VERSION) - return(DTLSv1_method()); - else - return(NULL); - } - -IMPLEMENT_dtls1_meth_func(DTLSv1_method, - dtls1_accept, - dtls1_connect, - dtls1_get_method) - diff --git a/main/openssl/ssl/d1_pkt.c b/main/openssl/ssl/d1_pkt.c deleted file mode 100644 index 4e5b68e5..00000000 --- a/main/openssl/ssl/d1_pkt.c +++ /dev/null @@ -1,1876 +0,0 @@ -/* ssl/d1_pkt.c */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include <errno.h> -#define USE_SOCKETS -#include "ssl_locl.h" -#include <openssl/evp.h> -#include <openssl/buffer.h> -#include <openssl/pqueue.h> -#include <openssl/rand.h> - -/* mod 128 saturating subtract of two 64-bit values in big-endian order */ -static int satsub64be(const unsigned char *v1,const unsigned char *v2) -{ int ret,sat,brw,i; - - if (sizeof(long) == 8) do - { const union { long one; char little; } is_endian = {1}; - long l; - - if (is_endian.little) break; - /* not reached on little-endians */ - /* following test is redundant, because input is - * always aligned, but I take no chances... */ - if (((size_t)v1|(size_t)v2)&0x7) break; - - l = *((long *)v1); - l -= *((long *)v2); - if (l>128) return 128; - else if (l<-128) return -128; - else return (int)l; - } while (0); - - ret = (int)v1[7]-(int)v2[7]; - sat = 0; - brw = ret>>8; /* brw is either 0 or -1 */ - if (ret & 0x80) - { for (i=6;i>=0;i--) - { brw += (int)v1[i]-(int)v2[i]; - sat |= ~brw; - brw >>= 8; - } - } - else - { for (i=6;i>=0;i--) - { brw += (int)v1[i]-(int)v2[i]; - sat |= brw; - brw >>= 8; - } - } - brw <<= 8; /* brw is either 0 or -256 */ - - if (sat&0xff) return brw | 0x80; - else return brw + (ret&0xFF); -} - -static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, - int len, int peek); -static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap); -static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); -static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, - unsigned int *is_next_epoch); -#if 0 -static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, - unsigned short *priority, unsigned long *offset); -#endif -static int dtls1_buffer_record(SSL *s, record_pqueue *q, - unsigned char *priority); -static int dtls1_process_record(SSL *s); -static int do_dtls1_write(SSL *s, int type, const unsigned char *buf, - unsigned int len); - -/* copy buffered record into SSL structure */ -static int -dtls1_copy_record(SSL *s, pitem *item) - { - DTLS1_RECORD_DATA *rdata; - - rdata = (DTLS1_RECORD_DATA *)item->data; - - if (s->s3->rbuf.buf != NULL) - OPENSSL_free(s->s3->rbuf.buf); - - s->packet = rdata->packet; - s->packet_length = rdata->packet_length; - memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); - memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); - - /* Set proper sequence number for mac calculation */ - memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6); - - return(1); - } - - -static int -dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) - { - DTLS1_RECORD_DATA *rdata; - pitem *item; - - /* Limit the size of the queue to prevent DOS attacks */ - if (pqueue_size(queue->q) >= 100) - return 0; - - rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); - item = pitem_new(priority, rdata); - if (rdata == NULL || item == NULL) - { - if (rdata != NULL) OPENSSL_free(rdata); - if (item != NULL) pitem_free(item); - - SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); - return(0); - } - - rdata->packet = s->packet; - rdata->packet_length = s->packet_length; - memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER)); - memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD)); - - item->data = rdata; - -#ifndef OPENSSL_NO_SCTP - /* Store bio_dgram_sctp_rcvinfo struct */ - if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && - (s->state == SSL3_ST_SR_FINISHED_A || s->state == SSL3_ST_CR_FINISHED_A)) { - BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo); - } -#endif - - s->packet = NULL; - s->packet_length = 0; - memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER)); - memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD)); - - if (!ssl3_setup_buffers(s)) - { - SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); - if (rdata->rbuf.buf != NULL) - OPENSSL_free(rdata->rbuf.buf); - OPENSSL_free(rdata); - pitem_free(item); - return(-1); - } - - /* insert should not fail, since duplicates are dropped */ - if (pqueue_insert(queue->q, item) == NULL) - { - SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); - if (rdata->rbuf.buf != NULL) - OPENSSL_free(rdata->rbuf.buf); - OPENSSL_free(rdata); - pitem_free(item); - return(-1); - } - - return(1); - } - - -static int -dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue) - { - pitem *item; - - item = pqueue_pop(queue->q); - if (item) - { - dtls1_copy_record(s, item); - - OPENSSL_free(item->data); - pitem_free(item); - - return(1); - } - - return(0); - } - - -/* retrieve a buffered record that belongs to the new epoch, i.e., not processed - * yet */ -#define dtls1_get_unprocessed_record(s) \ - dtls1_retrieve_buffered_record((s), \ - &((s)->d1->unprocessed_rcds)) - -/* retrieve a buffered record that belongs to the current epoch, ie, processed */ -#define dtls1_get_processed_record(s) \ - dtls1_retrieve_buffered_record((s), \ - &((s)->d1->processed_rcds)) - -static int -dtls1_process_buffered_records(SSL *s) - { - pitem *item; - - item = pqueue_peek(s->d1->unprocessed_rcds.q); - if (item) - { - /* Check if epoch is current. */ - if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) - return(1); /* Nothing to do. */ - - /* Process all the records. */ - while (pqueue_peek(s->d1->unprocessed_rcds.q)) - { - dtls1_get_unprocessed_record(s); - if ( ! dtls1_process_record(s)) - return(0); - if(dtls1_buffer_record(s, &(s->d1->processed_rcds), - s->s3->rrec.seq_num)<0) - return -1; - } - } - - /* sync epoch numbers once all the unprocessed records - * have been processed */ - s->d1->processed_rcds.epoch = s->d1->r_epoch; - s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1; - - return(1); - } - - -#if 0 - -static int -dtls1_get_buffered_record(SSL *s) - { - pitem *item; - PQ_64BIT priority = - (((PQ_64BIT)s->d1->handshake_read_seq) << 32) | - ((PQ_64BIT)s->d1->r_msg_hdr.frag_off); - - if ( ! SSL_in_init(s)) /* if we're not (re)negotiating, - nothing buffered */ - return 0; - - - item = pqueue_peek(s->d1->rcvd_records); - if (item && item->priority == priority) - { - /* Check if we've received the record of interest. It must be - * a handshake record, since data records as passed up without - * buffering */ - DTLS1_RECORD_DATA *rdata; - item = pqueue_pop(s->d1->rcvd_records); - rdata = (DTLS1_RECORD_DATA *)item->data; - - if (s->s3->rbuf.buf != NULL) - OPENSSL_free(s->s3->rbuf.buf); - - s->packet = rdata->packet; - s->packet_length = rdata->packet_length; - memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); - memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); - - OPENSSL_free(item->data); - pitem_free(item); - - /* s->d1->next_expected_seq_num++; */ - return(1); - } - - return 0; - } - -#endif - -static int -dtls1_process_record(SSL *s) -{ - int i,al; - int enc_err; - SSL_SESSION *sess; - SSL3_RECORD *rr; - unsigned int mac_size, orig_len; - unsigned char md[EVP_MAX_MD_SIZE]; - - rr= &(s->s3->rrec); - sess = s->session; - - /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, - * and we have that many bytes in s->packet - */ - rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]); - - /* ok, we can now read from 's->packet' data into 'rr' - * rr->input points at rr->length bytes, which - * need to be copied into rr->data by either - * the decryption or by the decompression - * When the data is 'copied' into the rr->data buffer, - * rr->input will be pointed at the new buffer */ - - /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] - * rr->length bytes of encrypted compressed stuff. */ - - /* check is not needed I believe */ - if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) - { - al=SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); - goto f_err; - } - - /* decrypt in place in 'rr->input' */ - rr->data=rr->input; - - enc_err = s->method->ssl3_enc->enc(s,0); - /* enc_err is: - * 0: (in non-constant time) if the record is publically invalid. - * 1: if the padding is valid - * -1: if the padding is invalid */ - if (enc_err == 0) - { - /* For DTLS we simply ignore bad packets. */ - rr->length = 0; - s->packet_length = 0; - goto err; - } - -#ifdef TLS_DEBUG -printf("dec %d\n",rr->length); -{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } -printf("\n"); -#endif - - /* r->length is now the compressed data plus mac */ - if ((sess != NULL) && - (s->enc_read_ctx != NULL) && - (EVP_MD_CTX_md(s->read_hash) != NULL)) - { - /* s->read_hash != NULL => mac_size != -1 */ - unsigned char *mac = NULL; - unsigned char mac_tmp[EVP_MAX_MD_SIZE]; - mac_size=EVP_MD_CTX_size(s->read_hash); - OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); - - /* kludge: *_cbc_remove_padding passes padding length in rr->type */ - orig_len = rr->length+((unsigned int)rr->type>>8); - - /* orig_len is the length of the record before any padding was - * removed. This is public information, as is the MAC in use, - * therefore we can safely process the record in a different - * amount of time if it's too short to possibly contain a MAC. - */ - if (orig_len < mac_size || - /* CBC records must have a padding length byte too. */ - (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && - orig_len < mac_size+1)) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); - goto f_err; - } - - if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) - { - /* We update the length so that the TLS header bytes - * can be constructed correctly but we need to extract - * the MAC in constant time from within the record, - * without leaking the contents of the padding bytes. - * */ - mac = mac_tmp; - ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len); - rr->length -= mac_size; - } - else - { - /* In this case there's no padding, so |orig_len| - * equals |rec->length| and we checked that there's - * enough bytes for |mac_size| above. */ - rr->length -= mac_size; - mac = &rr->data[rr->length]; - } - - i=s->method->ssl3_enc->mac(s,md,0 /* not send */); - if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) - enc_err = -1; - if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size) - enc_err = -1; - } - - if (enc_err < 0) - { - /* decryption failed, silently discard message */ - rr->length = 0; - s->packet_length = 0; - goto err; - } - - /* r->length is now just compressed */ - if (s->expand != NULL) - { - if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) - { - al=SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); - goto f_err; - } - if (!ssl3_do_uncompress(s)) - { - al=SSL_AD_DECOMPRESSION_FAILURE; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_BAD_DECOMPRESSION); - goto f_err; - } - } - - if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) - { - al=SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DATA_LENGTH_TOO_LONG); - goto f_err; - } - - rr->off=0; - /* So at this point the following is true - * ssl->s3->rrec.type is the type of record - * ssl->s3->rrec.length == number of bytes in record - * ssl->s3->rrec.off == offset to first valid byte - * ssl->s3->rrec.data == where to take bytes from, increment - * after use :-). - */ - - /* we have pulled in a full packet so zero things */ - s->packet_length=0; - return(1); - -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); -err: - return(0); -} - - -/* Call this to get a new input record. - * It will return <= 0 if more data is needed, normally due to an error - * or non-blocking IO. - * When it finishes, one packet has been decoded and can be found in - * ssl->s3->rrec.type - is the type of record - * ssl->s3->rrec.data, - data - * ssl->s3->rrec.length, - number of bytes - */ -/* used only by dtls1_read_bytes */ -int dtls1_get_record(SSL *s) - { - int ssl_major,ssl_minor; - int i,n; - SSL3_RECORD *rr; - unsigned char *p = NULL; - unsigned short version; - DTLS1_BITMAP *bitmap; - unsigned int is_next_epoch; - - rr= &(s->s3->rrec); - - /* The epoch may have changed. If so, process all the - * pending records. This is a non-blocking operation. */ - if(dtls1_process_buffered_records(s)<0) - return -1; - - /* if we're renegotiating, then there may be buffered records */ - if (dtls1_get_processed_record(s)) - return 1; - - /* get something from the wire */ -again: - /* check if we have the header */ - if ( (s->rstate != SSL_ST_READ_BODY) || - (s->packet_length < DTLS1_RT_HEADER_LENGTH)) - { - n=ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); - /* read timeout is handled by dtls1_read_bytes */ - if (n <= 0) return(n); /* error or non-blocking */ - - /* this packet contained a partial record, dump it */ - if (s->packet_length != DTLS1_RT_HEADER_LENGTH) - { - s->packet_length = 0; - goto again; - } - - s->rstate=SSL_ST_READ_BODY; - - p=s->packet; - - /* Pull apart the header into the DTLS1_RECORD */ - rr->type= *(p++); - ssl_major= *(p++); - ssl_minor= *(p++); - version=(ssl_major<<8)|ssl_minor; - - /* sequence number is 64 bits, with top 2 bytes = epoch */ - n2s(p,rr->epoch); - - memcpy(&(s->s3->read_sequence[2]), p, 6); - p+=6; - - n2s(p,rr->length); - - /* Lets check version */ - if (!s->first_packet) - { - if (version != s->version) - { - /* unexpected version, silently discard */ - rr->length = 0; - s->packet_length = 0; - goto again; - } - } - - if ((version & 0xff00) != (s->version & 0xff00)) - { - /* wrong version, silently discard record */ - rr->length = 0; - s->packet_length = 0; - goto again; - } - - if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) - { - /* record too long, silently discard it */ - rr->length = 0; - s->packet_length = 0; - goto again; - } - - /* now s->rstate == SSL_ST_READ_BODY */ - } - - /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ - - if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH) - { - /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */ - i=rr->length; - n=ssl3_read_n(s,i,i,1); - /* this packet contained a partial record, dump it */ - if ( n != i) - { - rr->length = 0; - s->packet_length = 0; - goto again; - } - - /* now n == rr->length, - * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */ - } - s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */ - - /* match epochs. NULL means the packet is dropped on the floor */ - bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); - if ( bitmap == NULL) - { - rr->length = 0; - s->packet_length = 0; /* dump this record */ - goto again; /* get another record */ - } - -#ifndef OPENSSL_NO_SCTP - /* Only do replay check if no SCTP bio */ - if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) - { -#endif - /* Check whether this is a repeat, or aged record. - * Don't check if we're listening and this message is - * a ClientHello. They can look as if they're replayed, - * since they arrive from different connections and - * would be dropped unnecessarily. - */ - if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && - s->packet_length > DTLS1_RT_HEADER_LENGTH && - s->packet[DTLS1_RT_HEADER_LENGTH] == SSL3_MT_CLIENT_HELLO) && - !dtls1_record_replay_check(s, bitmap)) - { - rr->length = 0; - s->packet_length=0; /* dump this record */ - goto again; /* get another record */ - } -#ifndef OPENSSL_NO_SCTP - } -#endif - - /* just read a 0 length packet */ - if (rr->length == 0) goto again; - - /* If this record is from the next epoch (either HM or ALERT), - * and a handshake is currently in progress, buffer it since it - * cannot be processed at this time. However, do not buffer - * anything while listening. - */ - if (is_next_epoch) - { - if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) - { - if(dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num)<0) - return -1; - dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */ - } - rr->length = 0; - s->packet_length = 0; - goto again; - } - - if (!dtls1_process_record(s)) - { - rr->length = 0; - s->packet_length = 0; /* dump this record */ - goto again; /* get another record */ - } - dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */ - - return(1); - - } - -/* Return up to 'len' payload bytes received in 'type' records. - * 'type' is one of the following: - * - * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) - * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us) - * - 0 (during a shutdown, no data has to be returned) - * - * If we don't have stored data to work from, read a SSL/TLS record first - * (possibly multiple records if we still don't have anything to return). - * - * This function must handle any surprises the peer may have for us, such as - * Alert records (e.g. close_notify), ChangeCipherSpec records (not really - * a surprise, but handled as if it were), or renegotiation requests. - * Also if record payloads contain fragments too small to process, we store - * them until there is enough for the respective protocol (the record protocol - * may use arbitrary fragmentation and even interleaving): - * Change cipher spec protocol - * just 1 byte needed, no need for keeping anything stored - * Alert protocol - * 2 bytes needed (AlertLevel, AlertDescription) - * Handshake protocol - * 4 bytes needed (HandshakeType, uint24 length) -- we just have - * to detect unexpected Client Hello and Hello Request messages - * here, anything else is handled by higher layers - * Application data protocol - * none of our business - */ -int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) - { - int al,i,j,ret; - unsigned int n; - SSL3_RECORD *rr; - void (*cb)(const SSL *ssl,int type2,int val)=NULL; - - if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ - if (!ssl3_setup_buffers(s)) - return(-1); - - /* XXX: check what the second '&& type' is about */ - if ((type && (type != SSL3_RT_APPLICATION_DATA) && - (type != SSL3_RT_HANDSHAKE) && type) || - (peek && (type != SSL3_RT_APPLICATION_DATA))) - { - SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); - return -1; - } - - /* check whether there's a handshake message (client hello?) waiting */ - if ( (ret = have_handshake_fragment(s, type, buf, len, peek))) - return ret; - - /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ - -#ifndef OPENSSL_NO_SCTP - /* Continue handshake if it had to be interrupted to read - * app data with SCTP. - */ - if ((!s->in_handshake && SSL_in_init(s)) || - (BIO_dgram_is_sctp(SSL_get_rbio(s)) && - (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK) && - s->s3->in_read_app_data != 2)) -#else - if (!s->in_handshake && SSL_in_init(s)) -#endif - { - /* type == SSL3_RT_APPLICATION_DATA */ - i=s->handshake_func(s); - if (i < 0) return(i); - if (i == 0) - { - SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); - } - } - -start: - s->rwstate=SSL_NOTHING; - - /* s->s3->rrec.type - is the type of record - * s->s3->rrec.data, - data - * s->s3->rrec.off, - offset into 'data' for next read - * s->s3->rrec.length, - number of bytes. */ - rr = &(s->s3->rrec); - - /* We are not handshaking and have no data yet, - * so process data buffered during the last handshake - * in advance, if any. - */ - if (s->state == SSL_ST_OK && rr->length == 0) - { - pitem *item; - item = pqueue_pop(s->d1->buffered_app_data.q); - if (item) - { -#ifndef OPENSSL_NO_SCTP - /* Restore bio_dgram_sctp_rcvinfo struct */ - if (BIO_dgram_is_sctp(SSL_get_rbio(s))) - { - DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *) item->data; - BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo); - } -#endif - - dtls1_copy_record(s, item); - - OPENSSL_free(item->data); - pitem_free(item); - } - } - - /* Check for timeout */ - if (dtls1_handle_timeout(s) > 0) - goto start; - - /* get new packet if necessary */ - if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) - { - ret=dtls1_get_record(s); - if (ret <= 0) - { - ret = dtls1_read_failed(s, ret); - /* anything other than a timeout is an error */ - if (ret <= 0) - return(ret); - else - goto start; - } - } - - if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) - { - rr->length = 0; - goto start; - } - - /* we now have a packet which can be read and processed */ - - if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, - * reset by ssl3_get_finished */ - && (rr->type != SSL3_RT_HANDSHAKE)) - { - /* We now have application data between CCS and Finished. - * Most likely the packets were reordered on their way, so - * buffer the application data for later processing rather - * than dropping the connection. - */ - if(dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num)<0) - { - SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); - return -1; - } - rr->length = 0; - goto start; - } - - /* If the other end has shut down, throw anything we read away - * (even in 'peek' mode) */ - if (s->shutdown & SSL_RECEIVED_SHUTDOWN) - { - rr->length=0; - s->rwstate=SSL_NOTHING; - return(0); - } - - - if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ - { - /* make sure that we are not getting application data when we - * are doing a handshake for the first time */ - if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && - (s->enc_read_ctx == NULL)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE); - goto f_err; - } - - if (len <= 0) return(len); - - if ((unsigned int)len > rr->length) - n = rr->length; - else - n = (unsigned int)len; - - memcpy(buf,&(rr->data[rr->off]),n); - if (!peek) - { - rr->length-=n; - rr->off+=n; - if (rr->length == 0) - { - s->rstate=SSL_ST_READ_HEADER; - rr->off=0; - } - } - -#ifndef OPENSSL_NO_SCTP - /* We were about to renegotiate but had to read - * belated application data first, so retry. - */ - if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && - rr->type == SSL3_RT_APPLICATION_DATA && - (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)) - { - s->rwstate=SSL_READING; - BIO_clear_retry_flags(SSL_get_rbio(s)); - BIO_set_retry_read(SSL_get_rbio(s)); - } - - /* We might had to delay a close_notify alert because - * of reordered app data. If there was an alert and there - * is no message to read anymore, finally set shutdown. - */ - if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && - s->d1->shutdown_received && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) - { - s->shutdown |= SSL_RECEIVED_SHUTDOWN; - return(0); - } -#endif - return(n); - } - - - /* If we get here, then type != rr->type; if we have a handshake - * message, then it was unexpected (Hello Request or Client Hello). */ - - /* In case of record types for which we have 'fragment' storage, - * fill that so that we can process the data at a fixed place. - */ - { - unsigned int k, dest_maxlen = 0; - unsigned char *dest = NULL; - unsigned int *dest_len = NULL; - - if (rr->type == SSL3_RT_HANDSHAKE) - { - dest_maxlen = sizeof s->d1->handshake_fragment; - dest = s->d1->handshake_fragment; - dest_len = &s->d1->handshake_fragment_len; - } - else if (rr->type == SSL3_RT_ALERT) - { - dest_maxlen = sizeof(s->d1->alert_fragment); - dest = s->d1->alert_fragment; - dest_len = &s->d1->alert_fragment_len; - } -#ifndef OPENSSL_NO_HEARTBEATS - else if (rr->type == TLS1_RT_HEARTBEAT) - { - dtls1_process_heartbeat(s); - - /* Exit and notify application to read again */ - rr->length = 0; - s->rwstate=SSL_READING; - BIO_clear_retry_flags(SSL_get_rbio(s)); - BIO_set_retry_read(SSL_get_rbio(s)); - return(-1); - } -#endif - /* else it's a CCS message, or application data or wrong */ - else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) - { - /* Application data while renegotiating - * is allowed. Try again reading. - */ - if (rr->type == SSL3_RT_APPLICATION_DATA) - { - BIO *bio; - s->s3->in_read_app_data=2; - bio=SSL_get_rbio(s); - s->rwstate=SSL_READING; - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return(-1); - } - - /* Not certain if this is the right error handling */ - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD); - goto f_err; - } - - if (dest_maxlen > 0) - { - /* XDTLS: In a pathalogical case, the Client Hello - * may be fragmented--don't always expect dest_maxlen bytes */ - if ( rr->length < dest_maxlen) - { -#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE - /* - * for normal alerts rr->length is 2, while - * dest_maxlen is 7 if we were to handle this - * non-existing alert... - */ - FIX ME -#endif - s->rstate=SSL_ST_READ_HEADER; - rr->length = 0; - goto start; - } - - /* now move 'n' bytes: */ - for ( k = 0; k < dest_maxlen; k++) - { - dest[k] = rr->data[rr->off++]; - rr->length--; - } - *dest_len = dest_maxlen; - } - } - - /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; - * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. - * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ - - /* If we are a client, check for an incoming 'Hello Request': */ - if ((!s->server) && - (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && - (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && - (s->session != NULL) && (s->session->cipher != NULL)) - { - s->d1->handshake_fragment_len = 0; - - if ((s->d1->handshake_fragment[1] != 0) || - (s->d1->handshake_fragment[2] != 0) || - (s->d1->handshake_fragment[3] != 0)) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_HELLO_REQUEST); - goto err; - } - - /* no need to check sequence number on HELLO REQUEST messages */ - - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - s->d1->handshake_fragment, 4, s, s->msg_callback_arg); - - if (SSL_is_init_finished(s) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && - !s->s3->renegotiate) - { - s->d1->handshake_read_seq++; - s->new_session = 1; - ssl3_renegotiate(s); - if (ssl3_renegotiate_check(s)) - { - i=s->handshake_func(s); - if (i < 0) return(i); - if (i == 0) - { - SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); - } - - if (!(s->mode & SSL_MODE_AUTO_RETRY)) - { - if (s->s3->rbuf.left == 0) /* no read-ahead left? */ - { - BIO *bio; - /* In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world */ - s->rwstate=SSL_READING; - bio=SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return(-1); - } - } - } - } - /* we either finished a handshake or ignored the request, - * now try again to obtain the (application) data we were asked for */ - goto start; - } - - if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) - { - int alert_level = s->d1->alert_fragment[0]; - int alert_descr = s->d1->alert_fragment[1]; - - s->d1->alert_fragment_len = 0; - - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_ALERT, - s->d1->alert_fragment, 2, s, s->msg_callback_arg); - - if (s->info_callback != NULL) - cb=s->info_callback; - else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; - - if (cb != NULL) - { - j = (alert_level << 8) | alert_descr; - cb(s, SSL_CB_READ_ALERT, j); - } - - if (alert_level == 1) /* warning */ - { - s->s3->warn_alert = alert_descr; - if (alert_descr == SSL_AD_CLOSE_NOTIFY) - { -#ifndef OPENSSL_NO_SCTP - /* With SCTP and streams the socket may deliver app data - * after a close_notify alert. We have to check this - * first so that nothing gets discarded. - */ - if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && - BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) - { - s->d1->shutdown_received = 1; - s->rwstate=SSL_READING; - BIO_clear_retry_flags(SSL_get_rbio(s)); - BIO_set_retry_read(SSL_get_rbio(s)); - return -1; - } -#endif - s->shutdown |= SSL_RECEIVED_SHUTDOWN; - return(0); - } -#if 0 - /* XXX: this is a possible improvement in the future */ - /* now check if it's a missing record */ - if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) - { - unsigned short seq; - unsigned int frag_off; - unsigned char *p = &(s->d1->alert_fragment[2]); - - n2s(p, seq); - n2l3(p, frag_off); - - dtls1_retransmit_message(s, - dtls1_get_queue_priority(frag->msg_header.seq, 0), - frag_off, &found); - if ( ! found && SSL_in_init(s)) - { - /* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */ - /* requested a message not yet sent, - send an alert ourselves */ - ssl3_send_alert(s,SSL3_AL_WARNING, - DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); - } - } -#endif - } - else if (alert_level == 2) /* fatal */ - { - char tmp[16]; - - s->rwstate=SSL_NOTHING; - s->s3->fatal_alert = alert_descr; - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); - BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr); - ERR_add_error_data(2,"SSL alert number ",tmp); - s->shutdown|=SSL_RECEIVED_SHUTDOWN; - SSL_CTX_remove_session(s->ctx,s->session); - return(0); - } - else - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE); - goto f_err; - } - - goto start; - } - - if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */ - { - s->rwstate=SSL_NOTHING; - rr->length=0; - return(0); - } - - if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) - { - struct ccs_header_st ccs_hdr; - unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH; - - dtls1_get_ccs_header(rr->data, &ccs_hdr); - - if (s->version == DTLS1_BAD_VER) - ccs_hdr_len = 3; - - /* 'Change Cipher Spec' is just a single byte, so we know - * exactly what the record payload has to look like */ - /* XDTLS: check that epoch is consistent */ - if ( (rr->length != ccs_hdr_len) || - (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) - { - i=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); - goto err; - } - - rr->length=0; - - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, - rr->data, 1, s, s->msg_callback_arg); - - /* We can't process a CCS now, because previous handshake - * messages are still missing, so just drop it. - */ - if (!s->d1->change_cipher_spec_ok) - { - goto start; - } - - s->d1->change_cipher_spec_ok = 0; - - s->s3->change_cipher_spec=1; - if (!ssl3_do_change_cipher_spec(s)) - goto err; - - /* do this whenever CCS is processed */ - dtls1_reset_seq_numbers(s, SSL3_CC_READ); - - if (s->version == DTLS1_BAD_VER) - s->d1->handshake_read_seq++; - -#ifndef OPENSSL_NO_SCTP - /* Remember that a CCS has been received, - * so that an old key of SCTP-Auth can be - * deleted when a CCS is sent. Will be ignored - * if no SCTP is used - */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL); -#endif - - goto start; - } - - /* Unexpected handshake message (Client Hello, or protocol violation) */ - if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && - !s->in_handshake) - { - struct hm_header_st msg_hdr; - - /* this may just be a stale retransmit */ - dtls1_get_message_header(rr->data, &msg_hdr); - if( rr->epoch != s->d1->r_epoch) - { - rr->length = 0; - goto start; - } - - /* If we are server, we may have a repeated FINISHED of the - * client here, then retransmit our CCS and FINISHED. - */ - if (msg_hdr.type == SSL3_MT_FINISHED) - { - if (dtls1_check_timeout_num(s) < 0) - return -1; - - dtls1_retransmit_buffered_messages(s); - rr->length = 0; - goto start; - } - - if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) - { -#if 0 /* worked only because C operator preferences are not as expected (and - * because this is not really needed for clients except for detecting - * protocol violations): */ - s->state=SSL_ST_BEFORE|(s->server) - ?SSL_ST_ACCEPT - :SSL_ST_CONNECT; -#else - s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; -#endif - s->renegotiate=1; - s->new_session=1; - } - i=s->handshake_func(s); - if (i < 0) return(i); - if (i == 0) - { - SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); - } - - if (!(s->mode & SSL_MODE_AUTO_RETRY)) - { - if (s->s3->rbuf.left == 0) /* no read-ahead left? */ - { - BIO *bio; - /* In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world */ - s->rwstate=SSL_READING; - bio=SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return(-1); - } - } - goto start; - } - - switch (rr->type) - { - default: -#ifndef OPENSSL_NO_TLS - /* TLS just ignores unknown message types */ - if (s->version == TLS1_VERSION) - { - rr->length = 0; - goto start; - } -#endif - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD); - goto f_err; - case SSL3_RT_CHANGE_CIPHER_SPEC: - case SSL3_RT_ALERT: - case SSL3_RT_HANDSHAKE: - /* we already handled all of these, with the possible exception - * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that - * should not happen when type != rr->type */ - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_READ_BYTES,ERR_R_INTERNAL_ERROR); - goto f_err; - case SSL3_RT_APPLICATION_DATA: - /* At this point, we were expecting handshake data, - * but have application data. If the library was - * running inside ssl3_read() (i.e. in_read_app_data - * is set) and it makes sense to read application data - * at this point (session renegotiation not yet started), - * we will indulge it. - */ - if (s->s3->in_read_app_data && - (s->s3->total_renegotiations != 0) && - (( - (s->state & SSL_ST_CONNECT) && - (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && - (s->state <= SSL3_ST_CR_SRVR_HELLO_A) - ) || ( - (s->state & SSL_ST_ACCEPT) && - (s->state <= SSL3_ST_SW_HELLO_REQ_A) && - (s->state >= SSL3_ST_SR_CLNT_HELLO_A) - ) - )) - { - s->s3->in_read_app_data=2; - return(-1); - } - else - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD); - goto f_err; - } - } - /* not reached */ - -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); -err: - return(-1); - } - -int -dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) - { - int i; - -#ifndef OPENSSL_NO_SCTP - /* Check if we have to continue an interrupted handshake - * for reading belated app data with SCTP. - */ - if ((SSL_in_init(s) && !s->in_handshake) || - (BIO_dgram_is_sctp(SSL_get_wbio(s)) && - (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK))) -#else - if (SSL_in_init(s) && !s->in_handshake) -#endif - { - i=s->handshake_func(s); - if (i < 0) return(i); - if (i == 0) - { - SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); - return -1; - } - } - - if (len > SSL3_RT_MAX_PLAIN_LENGTH) - { - SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_DTLS_MESSAGE_TOO_BIG); - return -1; - } - - i = dtls1_write_bytes(s, type, buf_, len); - return i; - } - - - /* this only happens when a client hello is received and a handshake - * is started. */ -static int -have_handshake_fragment(SSL *s, int type, unsigned char *buf, - int len, int peek) - { - - if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0)) - /* (partially) satisfy request from storage */ - { - unsigned char *src = s->d1->handshake_fragment; - unsigned char *dst = buf; - unsigned int k,n; - - /* peek == 0 */ - n = 0; - while ((len > 0) && (s->d1->handshake_fragment_len > 0)) - { - *dst++ = *src++; - len--; s->d1->handshake_fragment_len--; - n++; - } - /* move any remaining fragment bytes: */ - for (k = 0; k < s->d1->handshake_fragment_len; k++) - s->d1->handshake_fragment[k] = *src++; - return n; - } - - return 0; - } - - - - -/* Call this to write data in records of type 'type' - * It will return <= 0 if not all data has been sent or non-blocking IO. - */ -int dtls1_write_bytes(SSL *s, int type, const void *buf, int len) - { - int i; - - OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH); - s->rwstate=SSL_NOTHING; - i=do_dtls1_write(s, type, buf, len); - return i; - } - -static int do_dtls1_write(SSL *s, int type, const unsigned char *buf, - unsigned int len) - { - unsigned char *p,*pseq; - int i,mac_size,clear=0; - int prefix_len = 0; - SSL3_RECORD *wr; - SSL3_BUFFER *wb; - SSL_SESSION *sess; - int bs; - - /* first check if there is a SSL3_BUFFER still being written - * out. This will happen with non blocking IO */ - if (s->s3->wbuf.left != 0) - { - OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */ - return(ssl3_write_pending(s,type,buf,len)); - } - - /* If we have an alert to send, lets send it */ - if (s->s3->alert_dispatch) - { - i=s->method->ssl_dispatch_alert(s); - if (i <= 0) - return(i); - /* if it went, fall through and send more stuff */ - } - - if (len == 0) - return 0; - - wr= &(s->s3->wrec); - wb= &(s->s3->wbuf); - sess=s->session; - - if ( (sess == NULL) || - (s->enc_write_ctx == NULL) || - (EVP_MD_CTX_md(s->write_hash) == NULL)) - clear=1; - - if (clear) - mac_size=0; - else - { - mac_size=EVP_MD_CTX_size(s->write_hash); - if (mac_size < 0) - goto err; - } - - p = wb->buf + prefix_len; - - /* write the header */ - - *(p++)=type&0xff; - wr->type=type; - - *(p++)=(s->version>>8); - *(p++)=s->version&0xff; - - /* field where we are to write out packet epoch, seq num and len */ - pseq=p; - p+=10; - - /* lets setup the record stuff. */ - - /* Make space for the explicit IV in case of CBC. - * (this is a bit of a boundary violation, but what the heck). - */ - if ( s->enc_write_ctx && - (EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE)) - bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher); - else - bs = 0; - - wr->data=p + bs; /* make room for IV in case of CBC */ - wr->length=(int)len; - wr->input=(unsigned char *)buf; - - /* we now 'read' from wr->input, wr->length bytes into - * wr->data */ - - /* first we compress */ - if (s->compress != NULL) - { - if (!ssl3_do_compress(s)) - { - SSLerr(SSL_F_DO_DTLS1_WRITE,SSL_R_COMPRESSION_FAILURE); - goto err; - } - } - else - { - memcpy(wr->data,wr->input,wr->length); - wr->input=wr->data; - } - - /* we should still have the output to wr->data and the input - * from wr->input. Length should be wr->length. - * wr->data still points in the wb->buf */ - - if (mac_size != 0) - { - if(s->method->ssl3_enc->mac(s,&(p[wr->length + bs]),1) < 0) - goto err; - wr->length+=mac_size; - } - - /* this is true regardless of mac size */ - wr->input=p; - wr->data=p; - - - /* ssl3_enc can only have an error on read */ - if (bs) /* bs != 0 in case of CBC */ - { - RAND_pseudo_bytes(p,bs); - /* master IV and last CBC residue stand for - * the rest of randomness */ - wr->length += bs; - } - - if(s->method->ssl3_enc->enc(s,1) < 1) goto err; - - /* record length after mac and block padding */ -/* if (type == SSL3_RT_APPLICATION_DATA || - (type == SSL3_RT_ALERT && ! SSL_in_init(s))) */ - - /* there's only one epoch between handshake and app data */ - - s2n(s->d1->w_epoch, pseq); - - /* XDTLS: ?? */ -/* else - s2n(s->d1->handshake_epoch, pseq); */ - - memcpy(pseq, &(s->s3->write_sequence[2]), 6); - pseq+=6; - s2n(wr->length,pseq); - - /* we should now have - * wr->data pointing to the encrypted data, which is - * wr->length long */ - wr->type=type; /* not needed but helps for debugging */ - wr->length+=DTLS1_RT_HEADER_LENGTH; - -#if 0 /* this is now done at the message layer */ - /* buffer the record, making it easy to handle retransmits */ - if ( type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC) - dtls1_buffer_record(s, wr->data, wr->length, - *((PQ_64BIT *)&(s->s3->write_sequence[0]))); -#endif - - ssl3_record_sequence_update(&(s->s3->write_sequence[0])); - - /* now let's set up wb */ - wb->left = prefix_len + wr->length; - wb->offset = 0; - - /* memorize arguments so that ssl3_write_pending can detect bad write retries later */ - s->s3->wpend_tot=len; - s->s3->wpend_buf=buf; - s->s3->wpend_type=type; - s->s3->wpend_ret=len; - - /* we now just need to write the buffer */ - return ssl3_write_pending(s,type,buf,len); -err: - return -1; - } - - - -static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap) - { - int cmp; - unsigned int shift; - const unsigned char *seq = s->s3->read_sequence; - - cmp = satsub64be(seq,bitmap->max_seq_num); - if (cmp > 0) - { - memcpy (s->s3->rrec.seq_num,seq,8); - return 1; /* this record in new */ - } - shift = -cmp; - if (shift >= sizeof(bitmap->map)*8) - return 0; /* stale, outside the window */ - else if (bitmap->map & (1UL<<shift)) - return 0; /* record previously received */ - - memcpy (s->s3->rrec.seq_num,seq,8); - return 1; - } - - -static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap) - { - int cmp; - unsigned int shift; - const unsigned char *seq = s->s3->read_sequence; - - cmp = satsub64be(seq,bitmap->max_seq_num); - if (cmp > 0) - { - shift = cmp; - if (shift < sizeof(bitmap->map)*8) - bitmap->map <<= shift, bitmap->map |= 1UL; - else - bitmap->map = 1UL; - memcpy(bitmap->max_seq_num,seq,8); - } - else { - shift = -cmp; - if (shift < sizeof(bitmap->map)*8) - bitmap->map |= 1UL<<shift; - } - } - - -int dtls1_dispatch_alert(SSL *s) - { - int i,j; - void (*cb)(const SSL *ssl,int type,int val)=NULL; - unsigned char buf[DTLS1_AL_HEADER_LENGTH]; - unsigned char *ptr = &buf[0]; - - s->s3->alert_dispatch=0; - - memset(buf, 0x00, sizeof(buf)); - *ptr++ = s->s3->send_alert[0]; - *ptr++ = s->s3->send_alert[1]; - -#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE - if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) - { - s2n(s->d1->handshake_read_seq, ptr); -#if 0 - if ( s->d1->r_msg_hdr.frag_off == 0) /* waiting for a new msg */ - - else - s2n(s->d1->r_msg_hdr.seq, ptr); /* partial msg read */ -#endif - -#if 0 - fprintf(stderr, "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",s->d1->handshake_read_seq,s->d1->r_msg_hdr.seq); -#endif - l2n3(s->d1->r_msg_hdr.frag_off, ptr); - } -#endif - - i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf)); - if (i <= 0) - { - s->s3->alert_dispatch=1; - /* fprintf( stderr, "not done with alert\n" ); */ - } - else - { - if (s->s3->send_alert[0] == SSL3_AL_FATAL -#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE - || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE -#endif - ) - (void)BIO_flush(s->wbio); - - if (s->msg_callback) - s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, - 2, s, s->msg_callback_arg); - - if (s->info_callback != NULL) - cb=s->info_callback; - else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; - - if (cb != NULL) - { - j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; - cb(s,SSL_CB_WRITE_ALERT,j); - } - } - return(i); - } - - -static DTLS1_BITMAP * -dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch) - { - - *is_next_epoch = 0; - - /* In current epoch, accept HM, CCS, DATA, & ALERT */ - if (rr->epoch == s->d1->r_epoch) - return &s->d1->bitmap; - - /* Only HM and ALERT messages can be from the next epoch */ - else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) && - (rr->type == SSL3_RT_HANDSHAKE || - rr->type == SSL3_RT_ALERT)) - { - *is_next_epoch = 1; - return &s->d1->next_bitmap; - } - - return NULL; - } - -#if 0 -static int -dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, unsigned short *priority, - unsigned long *offset) - { - - /* alerts are passed up immediately */ - if ( rr->type == SSL3_RT_APPLICATION_DATA || - rr->type == SSL3_RT_ALERT) - return 0; - - /* Only need to buffer if a handshake is underway. - * (this implies that Hello Request and Client Hello are passed up - * immediately) */ - if ( SSL_in_init(s)) - { - unsigned char *data = rr->data; - /* need to extract the HM/CCS sequence number here */ - if ( rr->type == SSL3_RT_HANDSHAKE || - rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) - { - unsigned short seq_num; - struct hm_header_st msg_hdr; - struct ccs_header_st ccs_hdr; - - if ( rr->type == SSL3_RT_HANDSHAKE) - { - dtls1_get_message_header(data, &msg_hdr); - seq_num = msg_hdr.seq; - *offset = msg_hdr.frag_off; - } - else - { - dtls1_get_ccs_header(data, &ccs_hdr); - seq_num = ccs_hdr.seq; - *offset = 0; - } - - /* this is either a record we're waiting for, or a - * retransmit of something we happened to previously - * receive (higher layers will drop the repeat silently */ - if ( seq_num < s->d1->handshake_read_seq) - return 0; - if (rr->type == SSL3_RT_HANDSHAKE && - seq_num == s->d1->handshake_read_seq && - msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off) - return 0; - else if ( seq_num == s->d1->handshake_read_seq && - (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC || - msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off)) - return 0; - else - { - *priority = seq_num; - return 1; - } - } - else /* unknown record type */ - return 0; - } - - return 0; - } -#endif - -void -dtls1_reset_seq_numbers(SSL *s, int rw) - { - unsigned char *seq; - unsigned int seq_bytes = sizeof(s->s3->read_sequence); - - if ( rw & SSL3_CC_READ) - { - seq = s->s3->read_sequence; - s->d1->r_epoch++; - memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP)); - memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP)); - } - else - { - seq = s->s3->write_sequence; - memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence)); - s->d1->w_epoch++; - } - - memset(seq, 0x00, seq_bytes); - } diff --git a/main/openssl/ssl/d1_srtp.c b/main/openssl/ssl/d1_srtp.c deleted file mode 100644 index 535539ba..00000000 --- a/main/openssl/ssl/d1_srtp.c +++ /dev/null @@ -1,463 +0,0 @@ -/* ssl/t1_lib.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* - DTLS code by Eric Rescorla <ekr@rtfm.com> - - Copyright (C) 2006, Network Resonance, Inc. - Copyright (C) 2011, RTFM, Inc. -*/ - -#include <stdio.h> -#include <openssl/objects.h> -#include "ssl_locl.h" - -#ifndef OPENSSL_NO_SRTP - -#include "srtp.h" - - -static SRTP_PROTECTION_PROFILE srtp_known_profiles[]= - { - { - "SRTP_AES128_CM_SHA1_80", - SRTP_AES128_CM_SHA1_80, - }, - { - "SRTP_AES128_CM_SHA1_32", - SRTP_AES128_CM_SHA1_32, - }, -#if 0 - { - "SRTP_NULL_SHA1_80", - SRTP_NULL_SHA1_80, - }, - { - "SRTP_NULL_SHA1_32", - SRTP_NULL_SHA1_32, - }, -#endif - {0} - }; - -static int find_profile_by_name(char *profile_name, - SRTP_PROTECTION_PROFILE **pptr,unsigned len) - { - SRTP_PROTECTION_PROFILE *p; - - p=srtp_known_profiles; - while(p->name) - { - if((len == strlen(p->name)) && !strncmp(p->name,profile_name, - len)) - { - *pptr=p; - return 0; - } - - p++; - } - - return 1; - } - -static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTECTION_PROFILE) **out) - { - STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; - - char *col; - char *ptr=(char *)profiles_string; - - SRTP_PROTECTION_PROFILE *p; - - if(!(profiles=sk_SRTP_PROTECTION_PROFILE_new_null())) - { - SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); - return 1; - } - - do - { - col=strchr(ptr,':'); - - if(!find_profile_by_name(ptr,&p, - col ? col-ptr : (int)strlen(ptr))) - { - if (sk_SRTP_PROTECTION_PROFILE_find(profiles,p) >= 0) - { - SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); - sk_SRTP_PROTECTION_PROFILE_free(profiles); - return 1; - } - - sk_SRTP_PROTECTION_PROFILE_push(profiles,p); - } - else - { - SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); - sk_SRTP_PROTECTION_PROFILE_free(profiles); - return 1; - } - - if(col) ptr=col+1; - } while (col); - - *out=profiles; - - return 0; - } - -int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx,const char *profiles) - { - return ssl_ctx_make_profiles(profiles,&ctx->srtp_profiles); - } - -int SSL_set_tlsext_use_srtp(SSL *s,const char *profiles) - { - return ssl_ctx_make_profiles(profiles,&s->srtp_profiles); - } - - -STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s) - { - if(s != NULL) - { - if(s->srtp_profiles != NULL) - { - return s->srtp_profiles; - } - else if((s->ctx != NULL) && - (s->ctx->srtp_profiles != NULL)) - { - return s->ctx->srtp_profiles; - } - } - - return NULL; - } - -SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s) - { - return s->srtp_profile; - } - -/* Note: this function returns 0 length if there are no - profiles specified */ -int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) - { - int ct=0; - int i; - STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0; - SRTP_PROTECTION_PROFILE *prof; - - clnt=SSL_get_srtp_profiles(s); - ct=sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */ - - if(p) - { - if(ct==0) - { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST); - return 1; - } - - if((2 + ct*2 + 1) > maxlen) - { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); - return 1; - } - - /* Add the length */ - s2n(ct * 2, p); - for(i=0;i<ct;i++) - { - prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i); - s2n(prof->id,p); - } - - /* Add an empty use_mki value */ - *p++ = 0; - } - - *len=2 + ct*2 + 1; - - return 0; - } - - -int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al) - { - SRTP_PROTECTION_PROFILE *sprof; - STACK_OF(SRTP_PROTECTION_PROFILE) *srvr; - int ct; - int mki_len; - int i, srtp_pref; - unsigned int id; - - /* Length value + the MKI length */ - if(len < 3) - { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); - *al=SSL_AD_DECODE_ERROR; - return 1; - } - - /* Pull off the length of the cipher suite list */ - n2s(d, ct); - len -= 2; - - /* Check that it is even */ - if(ct%2) - { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); - *al=SSL_AD_DECODE_ERROR; - return 1; - } - - /* Check that lengths are consistent */ - if(len < (ct + 1)) - { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); - *al=SSL_AD_DECODE_ERROR; - return 1; - } - - srvr=SSL_get_srtp_profiles(s); - s->srtp_profile = NULL; - /* Search all profiles for a match initially */ - srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr); - - while(ct) - { - n2s(d,id); - ct-=2; - len-=2; - - /* - * Only look for match in profiles of higher preference than - * current match. - * If no profiles have been have been configured then this - * does nothing. - */ - for (i = 0; i < srtp_pref; i++) - { - sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i); - if (sprof->id == id) - { - s->srtp_profile = sprof; - srtp_pref = i; - break; - } - } - } - - /* Now extract the MKI value as a sanity check, but discard it for now */ - mki_len = *d; - d++; len--; - - if (mki_len != len) - { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_MKI_VALUE); - *al=SSL_AD_DECODE_ERROR; - return 1; - } - - return 0; - } - -int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) - { - if(p) - { - if(maxlen < 5) - { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); - return 1; - } - - if(s->srtp_profile==0) - { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_USE_SRTP_NOT_NEGOTIATED); - return 1; - } - s2n(2, p); - s2n(s->srtp_profile->id,p); - *p++ = 0; - } - *len=5; - - return 0; - } - - -int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al) - { - unsigned id; - int i; - int ct; - - STACK_OF(SRTP_PROTECTION_PROFILE) *clnt; - SRTP_PROTECTION_PROFILE *prof; - - if(len!=5) - { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); - *al=SSL_AD_DECODE_ERROR; - return 1; - } - - n2s(d, ct); - if(ct!=2) - { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); - *al=SSL_AD_DECODE_ERROR; - return 1; - } - - n2s(d,id); - if (*d) /* Must be no MKI, since we never offer one */ - { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_MKI_VALUE); - *al=SSL_AD_ILLEGAL_PARAMETER; - return 1; - } - - clnt=SSL_get_srtp_profiles(s); - - /* Throw an error if the server gave us an unsolicited extension */ - if (clnt == NULL) - { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_NO_SRTP_PROFILES); - *al=SSL_AD_DECODE_ERROR; - return 1; - } - - /* Check to see if the server gave us something we support - (and presumably offered) - */ - for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(clnt);i++) - { - prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i); - - if(prof->id == id) - { - s->srtp_profile=prof; - *al=0; - return 0; - } - } - - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); - *al=SSL_AD_DECODE_ERROR; - return 1; - } - - -#endif diff --git a/main/openssl/ssl/d1_srvr.c b/main/openssl/ssl/d1_srvr.c deleted file mode 100644 index a7751350..00000000 --- a/main/openssl/ssl/d1_srvr.c +++ /dev/null @@ -1,1746 +0,0 @@ -/* ssl/d1_srvr.c */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "ssl_locl.h" -#include <openssl/buffer.h> -#include <openssl/rand.h> -#include <openssl/objects.h> -#include <openssl/evp.h> -#include <openssl/x509.h> -#include <openssl/md5.h> -#include <openssl/bn.h> -#ifndef OPENSSL_NO_DH -#include <openssl/dh.h> -#endif - -static const SSL_METHOD *dtls1_get_server_method(int ver); -static int dtls1_send_hello_verify_request(SSL *s); - -static const SSL_METHOD *dtls1_get_server_method(int ver) - { - if (ver == DTLS1_VERSION) - return(DTLSv1_server_method()); - else - return(NULL); - } - -IMPLEMENT_dtls1_meth_func(DTLSv1_server_method, - dtls1_accept, - ssl_undefined_function, - dtls1_get_server_method) - -int dtls1_accept(SSL *s) - { - BUF_MEM *buf; - unsigned long Time=(unsigned long)time(NULL); - void (*cb)(const SSL *ssl,int type,int val)=NULL; - unsigned long alg_k; - int ret= -1; - int new_state,state,skip=0; - int listen; -#ifndef OPENSSL_NO_SCTP - unsigned char sctpauthkey[64]; - char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; -#endif - - RAND_add(&Time,sizeof(Time),0); - ERR_clear_error(); - clear_sys_error(); - - if (s->info_callback != NULL) - cb=s->info_callback; - else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; - - listen = s->d1->listen; - - /* init things to blank */ - s->in_handshake++; - if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); - - s->d1->listen = listen; -#ifndef OPENSSL_NO_SCTP - /* Notify SCTP BIO socket to enter handshake - * mode and prevent stream identifier other - * than 0. Will be ignored if no SCTP is used. - */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL); -#endif - - if (s->cert == NULL) - { - SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET); - return(-1); - } - -#ifndef OPENSSL_NO_HEARTBEATS - /* If we're awaiting a HeartbeatResponse, pretend we - * already got and don't await it anymore, because - * Heartbeats don't make sense during handshakes anyway. - */ - if (s->tlsext_hb_pending) - { - dtls1_stop_timer(s); - s->tlsext_hb_pending = 0; - s->tlsext_hb_seq++; - } -#endif - - for (;;) - { - state=s->state; - - switch (s->state) - { - case SSL_ST_RENEGOTIATE: - s->renegotiate=1; - /* s->state=SSL_ST_ACCEPT; */ - - case SSL_ST_BEFORE: - case SSL_ST_ACCEPT: - case SSL_ST_BEFORE|SSL_ST_ACCEPT: - case SSL_ST_OK|SSL_ST_ACCEPT: - - s->server=1; - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); - - if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) - { - SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR); - return -1; - } - s->type=SSL_ST_ACCEPT; - - if (s->init_buf == NULL) - { - if ((buf=BUF_MEM_new()) == NULL) - { - ret= -1; - goto end; - } - if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) - { - BUF_MEM_free(buf); - ret= -1; - goto end; - } - s->init_buf=buf; - } - - if (!ssl3_setup_buffers(s)) - { - ret= -1; - goto end; - } - - s->init_num=0; - s->d1->change_cipher_spec_ok = 0; - /* Should have been reset by ssl3_get_finished, too. */ - s->s3->change_cipher_spec = 0; - - if (s->state != SSL_ST_RENEGOTIATE) - { - /* Ok, we now need to push on a buffering BIO so that - * the output is sent in a way that TCP likes :-) - * ...but not with SCTP :-) - */ -#ifndef OPENSSL_NO_SCTP - if (!BIO_dgram_is_sctp(SSL_get_wbio(s))) -#endif - if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; } - - ssl3_init_finished_mac(s); - s->state=SSL3_ST_SR_CLNT_HELLO_A; - s->ctx->stats.sess_accept++; - } - else - { - /* s->state == SSL_ST_RENEGOTIATE, - * we will just send a HelloRequest */ - s->ctx->stats.sess_accept_renegotiate++; - s->state=SSL3_ST_SW_HELLO_REQ_A; - } - - break; - - case SSL3_ST_SW_HELLO_REQ_A: - case SSL3_ST_SW_HELLO_REQ_B: - - s->shutdown=0; - dtls1_clear_record_buffer(s); - dtls1_start_timer(s); - ret=dtls1_send_hello_request(s); - if (ret <= 0) goto end; - s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; - s->state=SSL3_ST_SW_FLUSH; - s->init_num=0; - - ssl3_init_finished_mac(s); - break; - - case SSL3_ST_SW_HELLO_REQ_C: - s->state=SSL_ST_OK; - break; - - case SSL3_ST_SR_CLNT_HELLO_A: - case SSL3_ST_SR_CLNT_HELLO_B: - case SSL3_ST_SR_CLNT_HELLO_C: - - s->shutdown=0; - ret=ssl3_get_client_hello(s); - if (ret <= 0) goto end; - dtls1_stop_timer(s); - - if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) - s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; - else - s->state = SSL3_ST_SW_SRVR_HELLO_A; - - s->init_num=0; - - /* Reflect ClientHello sequence to remain stateless while listening */ - if (listen) - { - memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence)); - } - - /* If we're just listening, stop here */ - if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) - { - ret = 2; - s->d1->listen = 0; - /* Set expected sequence numbers - * to continue the handshake. - */ - s->d1->handshake_read_seq = 2; - s->d1->handshake_write_seq = 1; - s->d1->next_handshake_write_seq = 1; - goto end; - } - - break; - - case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: - case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: - - ret = dtls1_send_hello_verify_request(s); - if ( ret <= 0) goto end; - s->state=SSL3_ST_SW_FLUSH; - s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; - - /* HelloVerifyRequest resets Finished MAC */ - if (s->version != DTLS1_BAD_VER) - ssl3_init_finished_mac(s); - break; - -#ifndef OPENSSL_NO_SCTP - case DTLS1_SCTP_ST_SR_READ_SOCK: - - if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) - { - s->s3->in_read_app_data=2; - s->rwstate=SSL_READING; - BIO_clear_retry_flags(SSL_get_rbio(s)); - BIO_set_retry_read(SSL_get_rbio(s)); - ret = -1; - goto end; - } - - s->state=SSL3_ST_SR_FINISHED_A; - break; - - case DTLS1_SCTP_ST_SW_WRITE_SOCK: - ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); - if (ret < 0) goto end; - - if (ret == 0) - { - if (s->d1->next_state != SSL_ST_OK) - { - s->s3->in_read_app_data=2; - s->rwstate=SSL_READING; - BIO_clear_retry_flags(SSL_get_rbio(s)); - BIO_set_retry_read(SSL_get_rbio(s)); - ret = -1; - goto end; - } - } - - s->state=s->d1->next_state; - break; -#endif - - case SSL3_ST_SW_SRVR_HELLO_A: - case SSL3_ST_SW_SRVR_HELLO_B: - s->renegotiate = 2; - dtls1_start_timer(s); - ret=dtls1_send_server_hello(s); - if (ret <= 0) goto end; - - if (s->hit) - { -#ifndef OPENSSL_NO_SCTP - /* Add new shared key for SCTP-Auth, - * will be ignored if no SCTP used. - */ - snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), - DTLS1_SCTP_AUTH_LABEL); - - SSL_export_keying_material(s, sctpauthkey, - sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0); - - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, - sizeof(sctpauthkey), sctpauthkey); -#endif -#ifndef OPENSSL_NO_TLSEXT - if (s->tlsext_ticket_expected) - s->state=SSL3_ST_SW_SESSION_TICKET_A; - else - s->state=SSL3_ST_SW_CHANGE_A; -#else - s->state=SSL3_ST_SW_CHANGE_A; -#endif - } - else - s->state=SSL3_ST_SW_CERT_A; - s->init_num=0; - break; - - case SSL3_ST_SW_CERT_A: - case SSL3_ST_SW_CERT_B: - /* Check if it is anon DH or normal PSK */ - if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) - && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) - { - dtls1_start_timer(s); - ret=dtls1_send_server_certificate(s); - if (ret <= 0) goto end; -#ifndef OPENSSL_NO_TLSEXT - if (s->tlsext_status_expected) - s->state=SSL3_ST_SW_CERT_STATUS_A; - else - s->state=SSL3_ST_SW_KEY_EXCH_A; - } - else - { - skip = 1; - s->state=SSL3_ST_SW_KEY_EXCH_A; - } -#else - } - else - skip=1; - - s->state=SSL3_ST_SW_KEY_EXCH_A; -#endif - s->init_num=0; - break; - - case SSL3_ST_SW_KEY_EXCH_A: - case SSL3_ST_SW_KEY_EXCH_B: - alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - - /* - * clear this, it may get reset by - * send_server_key_exchange - */ - s->s3->tmp.use_rsa_tmp=0; - - /* only send if a DH key exchange or - * RSA but we have a sign only certificate */ - if (0 - /* PSK: send ServerKeyExchange if PSK identity - * hint if provided */ -#ifndef OPENSSL_NO_PSK - || ((alg_k & SSL_kPSK) && s->session->psk_identity_hint) -#endif - || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) - || (alg_k & SSL_kEECDH) - || ((alg_k & SSL_kRSA) - && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL - || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) - && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher) - ) - ) - ) - ) - { - dtls1_start_timer(s); - ret=dtls1_send_server_key_exchange(s); - if (ret <= 0) goto end; - } - else - skip=1; - - s->state=SSL3_ST_SW_CERT_REQ_A; - s->init_num=0; - break; - - case SSL3_ST_SW_CERT_REQ_A: - case SSL3_ST_SW_CERT_REQ_B: - if (/* don't request cert unless asked for it: */ - !(s->verify_mode & SSL_VERIFY_PEER) || - /* if SSL_VERIFY_CLIENT_ONCE is set, - * don't request cert during re-negotiation: */ - ((s->session->peer != NULL) && - (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || - /* never request cert in anonymous ciphersuites - * (see section "Certificate request" in SSL 3 drafts - * and in RFC 2246): */ - ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && - /* ... except when the application insists on verification - * (against the specs, but s3_clnt.c accepts this for SSL 3) */ - !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || - /* never request cert in Kerberos ciphersuites */ - (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) - /* With normal PSK Certificates and - * Certificate Requests are omitted */ - || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) - { - /* no cert request */ - skip=1; - s->s3->tmp.cert_request=0; - s->state=SSL3_ST_SW_SRVR_DONE_A; -#ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s))) - { - s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A; - s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK; - } -#endif - } - else - { - s->s3->tmp.cert_request=1; - dtls1_start_timer(s); - ret=dtls1_send_certificate_request(s); - if (ret <= 0) goto end; -#ifndef NETSCAPE_HANG_BUG - s->state=SSL3_ST_SW_SRVR_DONE_A; -#ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s))) - { - s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A; - s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK; - } -#endif -#else - s->state=SSL3_ST_SW_FLUSH; - s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; -#ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s))) - { - s->d1->next_state = s->s3->tmp.next_state; - s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK; - } -#endif -#endif - s->init_num=0; - } - break; - - case SSL3_ST_SW_SRVR_DONE_A: - case SSL3_ST_SW_SRVR_DONE_B: - dtls1_start_timer(s); - ret=dtls1_send_server_done(s); - if (ret <= 0) goto end; - s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; - s->state=SSL3_ST_SW_FLUSH; - s->init_num=0; - break; - - case SSL3_ST_SW_FLUSH: - s->rwstate=SSL_WRITING; - if (BIO_flush(s->wbio) <= 0) - { - /* If the write error was fatal, stop trying */ - if (!BIO_should_retry(s->wbio)) - { - s->rwstate=SSL_NOTHING; - s->state=s->s3->tmp.next_state; - } - - ret= -1; - goto end; - } - s->rwstate=SSL_NOTHING; - s->state=s->s3->tmp.next_state; - break; - - case SSL3_ST_SR_CERT_A: - case SSL3_ST_SR_CERT_B: - /* Check for second client hello (MS SGC) */ - ret = ssl3_check_client_hello(s); - if (ret <= 0) - goto end; - if (ret == 2) - { - dtls1_stop_timer(s); - s->state = SSL3_ST_SR_CLNT_HELLO_C; - } - else { - if (s->s3->tmp.cert_request) - { - ret=ssl3_get_client_certificate(s); - if (ret <= 0) goto end; - } - s->init_num=0; - s->state=SSL3_ST_SR_KEY_EXCH_A; - } - break; - - case SSL3_ST_SR_KEY_EXCH_A: - case SSL3_ST_SR_KEY_EXCH_B: - ret=ssl3_get_client_key_exchange(s); - if (ret <= 0) goto end; -#ifndef OPENSSL_NO_SCTP - /* Add new shared key for SCTP-Auth, - * will be ignored if no SCTP used. - */ - snprintf((char *) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), - DTLS1_SCTP_AUTH_LABEL); - - SSL_export_keying_material(s, sctpauthkey, - sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0); - - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, - sizeof(sctpauthkey), sctpauthkey); -#endif - - s->state=SSL3_ST_SR_CERT_VRFY_A; - s->init_num=0; - - if (ret == 2) - { - /* For the ECDH ciphersuites when - * the client sends its ECDH pub key in - * a certificate, the CertificateVerify - * message is not sent. - */ - s->state=SSL3_ST_SR_FINISHED_A; - s->init_num = 0; - } - else - { - s->state=SSL3_ST_SR_CERT_VRFY_A; - s->init_num=0; - - /* We need to get hashes here so if there is - * a client cert, it can be verified */ - s->method->ssl3_enc->cert_verify_mac(s, - NID_md5, - &(s->s3->tmp.cert_verify_md[0])); - s->method->ssl3_enc->cert_verify_mac(s, - NID_sha1, - &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); - } - break; - - case SSL3_ST_SR_CERT_VRFY_A: - case SSL3_ST_SR_CERT_VRFY_B: - /* - * This *should* be the first time we enable CCS, but be - * extra careful about surrounding code changes. We need - * to set this here because we don't know if we're - * expecting a CertificateVerify or not. - */ - if (!s->s3->change_cipher_spec) - s->d1->change_cipher_spec_ok = 1; - /* we should decide if we expected this one */ - ret=ssl3_get_cert_verify(s); - if (ret <= 0) goto end; -#ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && - state == SSL_ST_RENEGOTIATE) - s->state=DTLS1_SCTP_ST_SR_READ_SOCK; - else -#endif - s->state=SSL3_ST_SR_FINISHED_A; - s->init_num=0; - break; - - case SSL3_ST_SR_FINISHED_A: - case SSL3_ST_SR_FINISHED_B: - /* - * Enable CCS for resumed handshakes. - * In a full handshake, we end up here through - * SSL3_ST_SR_CERT_VRFY_B, so change_cipher_spec_ok was - * already set. Receiving a CCS clears the flag, so make - * sure not to re-enable it to ban duplicates. - * s->s3->change_cipher_spec is set when a CCS is - * processed in d1_pkt.c, and remains set until - * the client's Finished message is read. - */ - if (!s->s3->change_cipher_spec) - s->d1->change_cipher_spec_ok = 1; - ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, - SSL3_ST_SR_FINISHED_B); - if (ret <= 0) goto end; - dtls1_stop_timer(s); - if (s->hit) - s->state=SSL_ST_OK; -#ifndef OPENSSL_NO_TLSEXT - else if (s->tlsext_ticket_expected) - s->state=SSL3_ST_SW_SESSION_TICKET_A; -#endif - else - s->state=SSL3_ST_SW_CHANGE_A; - s->init_num=0; - break; - -#ifndef OPENSSL_NO_TLSEXT - case SSL3_ST_SW_SESSION_TICKET_A: - case SSL3_ST_SW_SESSION_TICKET_B: - ret=dtls1_send_newsession_ticket(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_SW_CHANGE_A; - s->init_num=0; - break; - - case SSL3_ST_SW_CERT_STATUS_A: - case SSL3_ST_SW_CERT_STATUS_B: - ret=ssl3_send_cert_status(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_SW_KEY_EXCH_A; - s->init_num=0; - break; - -#endif - - case SSL3_ST_SW_CHANGE_A: - case SSL3_ST_SW_CHANGE_B: - - s->session->cipher=s->s3->tmp.new_cipher; - if (!s->method->ssl3_enc->setup_key_block(s)) - { ret= -1; goto end; } - - ret=dtls1_send_change_cipher_spec(s, - SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B); - - if (ret <= 0) goto end; - -#ifndef OPENSSL_NO_SCTP - if (!s->hit) - { - /* Change to new shared key of SCTP-Auth, - * will be ignored if no SCTP used. - */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); - } -#endif - - s->state=SSL3_ST_SW_FINISHED_A; - s->init_num=0; - - if (!s->method->ssl3_enc->change_cipher_state(s, - SSL3_CHANGE_CIPHER_SERVER_WRITE)) - { - ret= -1; - goto end; - } - - dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); - break; - - case SSL3_ST_SW_FINISHED_A: - case SSL3_ST_SW_FINISHED_B: - ret=dtls1_send_finished(s, - SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B, - s->method->ssl3_enc->server_finished_label, - s->method->ssl3_enc->server_finished_label_len); - if (ret <= 0) goto end; - s->state=SSL3_ST_SW_FLUSH; - if (s->hit) - { - s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; - -#ifndef OPENSSL_NO_SCTP - /* Change to new shared key of SCTP-Auth, - * will be ignored if no SCTP used. - */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); -#endif - } - else - { - s->s3->tmp.next_state=SSL_ST_OK; -#ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s))) - { - s->d1->next_state = s->s3->tmp.next_state; - s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK; - } -#endif - } - s->init_num=0; - break; - - case SSL_ST_OK: - /* clean a few things up */ - ssl3_cleanup_key_block(s); - -#if 0 - BUF_MEM_free(s->init_buf); - s->init_buf=NULL; -#endif - - /* remove buffering on output */ - ssl_free_wbio_buffer(s); - - s->init_num=0; - - if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */ - { - s->renegotiate=0; - s->new_session=0; - - ssl_update_cache(s,SSL_SESS_CACHE_SERVER); - - s->ctx->stats.sess_accept_good++; - /* s->server=1; */ - s->handshake_func=dtls1_accept; - - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); - } - - ret = 1; - - /* done handshaking, next message is client hello */ - s->d1->handshake_read_seq = 0; - /* next message is server hello */ - s->d1->handshake_write_seq = 0; - s->d1->next_handshake_write_seq = 0; - goto end; - /* break; */ - - default: - SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_UNKNOWN_STATE); - ret= -1; - goto end; - /* break; */ - } - - if (!s->s3->tmp.reuse_message && !skip) - { - if (s->debug) - { - if ((ret=BIO_flush(s->wbio)) <= 0) - goto end; - } - - - if ((cb != NULL) && (s->state != state)) - { - new_state=s->state; - s->state=state; - cb(s,SSL_CB_ACCEPT_LOOP,1); - s->state=new_state; - } - } - skip=0; - } -end: - /* BIO_flush(s->wbio); */ - - s->in_handshake--; -#ifndef OPENSSL_NO_SCTP - /* Notify SCTP BIO socket to leave handshake - * mode and prevent stream identifier other - * than 0. Will be ignored if no SCTP is used. - */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL); -#endif - - if (cb != NULL) - cb(s,SSL_CB_ACCEPT_EXIT,ret); - return(ret); - } - -int dtls1_send_hello_request(SSL *s) - { - unsigned char *p; - - if (s->state == SSL3_ST_SW_HELLO_REQ_A) - { - p=(unsigned char *)s->init_buf->data; - p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0); - - s->state=SSL3_ST_SW_HELLO_REQ_B; - /* number of bytes to write */ - s->init_num=DTLS1_HM_HEADER_LENGTH; - s->init_off=0; - - /* no need to buffer this message, since there are no retransmit - * requests for it */ - } - - /* SSL3_ST_SW_HELLO_REQ_B */ - return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); - } - -int dtls1_send_hello_verify_request(SSL *s) - { - unsigned int msg_len; - unsigned char *msg, *buf, *p; - - if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) - { - buf = (unsigned char *)s->init_buf->data; - - msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]); - *(p++) = s->version >> 8; - *(p++) = s->version & 0xFF; - - if (s->ctx->app_gen_cookie_cb == NULL || - s->ctx->app_gen_cookie_cb(s, s->d1->cookie, - &(s->d1->cookie_len)) == 0) - { - SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR); - return 0; - } - - *(p++) = (unsigned char) s->d1->cookie_len; - memcpy(p, s->d1->cookie, s->d1->cookie_len); - p += s->d1->cookie_len; - msg_len = p - msg; - - dtls1_set_message_header(s, buf, - DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len); - - s->state=DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; - /* number of bytes to write */ - s->init_num=p-buf; - s->init_off=0; - } - - /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ - return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); - } - -int dtls1_send_server_hello(SSL *s) - { - unsigned char *buf; - unsigned char *p,*d; - int i; - unsigned int sl; - unsigned long l; - - if (s->state == SSL3_ST_SW_SRVR_HELLO_A) - { - buf=(unsigned char *)s->init_buf->data; - p=s->s3->server_random; - ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE); - /* Do the message type and length last */ - d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); - - *(p++)=s->version>>8; - *(p++)=s->version&0xff; - - /* Random stuff */ - memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); - p+=SSL3_RANDOM_SIZE; - - /* now in theory we have 3 options to sending back the - * session id. If it is a re-use, we send back the - * old session-id, if it is a new session, we send - * back the new session-id or we send back a 0 length - * session-id if we want it to be single use. - * Currently I will not implement the '0' length session-id - * 12-Jan-98 - I'll now support the '0' length stuff. - */ - if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)) - s->session->session_id_length=0; - - sl=s->session->session_id_length; - if (sl > sizeof s->session->session_id) - { - SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); - return -1; - } - *(p++)=sl; - memcpy(p,s->session->session_id,sl); - p+=sl; - - /* put the cipher */ - if (s->s3->tmp.new_cipher == NULL) - return -1; - i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p); - p+=i; - - /* put the compression method */ -#ifdef OPENSSL_NO_COMP - *(p++)=0; -#else - if (s->s3->tmp.new_compression == NULL) - *(p++)=0; - else - *(p++)=s->s3->tmp.new_compression->id; -#endif - -#ifndef OPENSSL_NO_TLSEXT - if (ssl_prepare_serverhello_tlsext(s) <= 0) - { - SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT); - return -1; - } - if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) - { - SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR); - return -1; - } -#endif - - /* do the header */ - l=(p-d); - d=buf; - - d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l); - - s->state=SSL3_ST_SW_SRVR_HELLO_B; - /* number of bytes to write */ - s->init_num=p-buf; - s->init_off=0; - - /* buffer the message to handle re-xmits */ - dtls1_buffer_message(s, 0); - } - - /* SSL3_ST_SW_SRVR_HELLO_B */ - return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); - } - -int dtls1_send_server_done(SSL *s) - { - unsigned char *p; - - if (s->state == SSL3_ST_SW_SRVR_DONE_A) - { - p=(unsigned char *)s->init_buf->data; - - /* do the header */ - p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0); - - s->state=SSL3_ST_SW_SRVR_DONE_B; - /* number of bytes to write */ - s->init_num=DTLS1_HM_HEADER_LENGTH; - s->init_off=0; - - /* buffer the message to handle re-xmits */ - dtls1_buffer_message(s, 0); - } - - /* SSL3_ST_SW_SRVR_DONE_B */ - return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); - } - -int dtls1_send_server_key_exchange(SSL *s) - { -#ifndef OPENSSL_NO_RSA - unsigned char *q; - int j,num; - RSA *rsa; - unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; - unsigned int u; -#endif -#ifndef OPENSSL_NO_DH - DH *dh=NULL,*dhp; -#endif -#ifndef OPENSSL_NO_ECDH - EC_KEY *ecdh=NULL, *ecdhp; - unsigned char *encodedPoint = NULL; - int encodedlen = 0; - int curve_id = 0; - BN_CTX *bn_ctx = NULL; -#endif - EVP_PKEY *pkey; - unsigned char *p,*d; - int al,i; - unsigned long type; - int n; - CERT *cert; - BIGNUM *r[4]; - int nr[4],kn; - BUF_MEM *buf; - EVP_MD_CTX md_ctx; - - EVP_MD_CTX_init(&md_ctx); - if (s->state == SSL3_ST_SW_KEY_EXCH_A) - { - type=s->s3->tmp.new_cipher->algorithm_mkey; - cert=s->cert; - - buf=s->init_buf; - - r[0]=r[1]=r[2]=r[3]=NULL; - n=0; -#ifndef OPENSSL_NO_RSA - if (type & SSL_kRSA) - { - rsa=cert->rsa_tmp; - if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) - { - rsa=s->cert->rsa_tmp_cb(s, - SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), - SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); - if(rsa == NULL) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY); - goto f_err; - } - RSA_up_ref(rsa); - cert->rsa_tmp=rsa; - } - if (rsa == NULL) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY); - goto f_err; - } - r[0]=rsa->n; - r[1]=rsa->e; - s->s3->tmp.use_rsa_tmp=1; - } - else -#endif -#ifndef OPENSSL_NO_DH - if (type & SSL_kEDH) - { - dhp=cert->dh_tmp; - if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) - dhp=s->cert->dh_tmp_cb(s, - SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), - SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); - if (dhp == NULL) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY); - goto f_err; - } - - if (s->s3->tmp.dh != NULL) - { - DH_free(dh); - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); - goto err; - } - - if ((dh=DHparams_dup(dhp)) == NULL) - { - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB); - goto err; - } - - s->s3->tmp.dh=dh; - if ((dhp->pub_key == NULL || - dhp->priv_key == NULL || - (s->options & SSL_OP_SINGLE_DH_USE))) - { - if(!DH_generate_key(dh)) - { - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, - ERR_R_DH_LIB); - goto err; - } - } - else - { - dh->pub_key=BN_dup(dhp->pub_key); - dh->priv_key=BN_dup(dhp->priv_key); - if ((dh->pub_key == NULL) || - (dh->priv_key == NULL)) - { - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB); - goto err; - } - } - r[0]=dh->p; - r[1]=dh->g; - r[2]=dh->pub_key; - } - else -#endif -#ifndef OPENSSL_NO_ECDH - if (type & SSL_kEECDH) - { - const EC_GROUP *group; - - ecdhp=cert->ecdh_tmp; - if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) - { - ecdhp=s->cert->ecdh_tmp_cb(s, - SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), - SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); - } - if (ecdhp == NULL) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY); - goto f_err; - } - - if (s->s3->tmp.ecdh != NULL) - { - EC_KEY_free(s->s3->tmp.ecdh); - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); - goto err; - } - - /* Duplicate the ECDH structure. */ - if (ecdhp == NULL) - { - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); - goto err; - } - if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) - { - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); - goto err; - } - - s->s3->tmp.ecdh=ecdh; - if ((EC_KEY_get0_public_key(ecdh) == NULL) || - (EC_KEY_get0_private_key(ecdh) == NULL) || - (s->options & SSL_OP_SINGLE_ECDH_USE)) - { - if(!EC_KEY_generate_key(ecdh)) - { - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); - goto err; - } - } - - if (((group = EC_KEY_get0_group(ecdh)) == NULL) || - (EC_KEY_get0_public_key(ecdh) == NULL) || - (EC_KEY_get0_private_key(ecdh) == NULL)) - { - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); - goto err; - } - - if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && - (EC_GROUP_get_degree(group) > 163)) - { - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER); - goto err; - } - - /* XXX: For now, we only support ephemeral ECDH - * keys over named (not generic) curves. For - * supported named curves, curve_id is non-zero. - */ - if ((curve_id = - tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group))) - == 0) - { - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); - goto err; - } - - /* Encode the public key. - * First check the size of encoding and - * allocate memory accordingly. - */ - encodedlen = EC_POINT_point2oct(group, - EC_KEY_get0_public_key(ecdh), - POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, NULL); - - encodedPoint = (unsigned char *) - OPENSSL_malloc(encodedlen*sizeof(unsigned char)); - bn_ctx = BN_CTX_new(); - if ((encodedPoint == NULL) || (bn_ctx == NULL)) - { - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); - goto err; - } - - - encodedlen = EC_POINT_point2oct(group, - EC_KEY_get0_public_key(ecdh), - POINT_CONVERSION_UNCOMPRESSED, - encodedPoint, encodedlen, bn_ctx); - - if (encodedlen == 0) - { - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); - goto err; - } - - BN_CTX_free(bn_ctx); bn_ctx=NULL; - - /* XXX: For now, we only support named (not - * generic) curves in ECDH ephemeral key exchanges. - * In this situation, we need four additional bytes - * to encode the entire ServerECDHParams - * structure. - */ - n = 4 + encodedlen; - - /* We'll generate the serverKeyExchange message - * explicitly so we can set these to NULLs - */ - r[0]=NULL; - r[1]=NULL; - r[2]=NULL; - r[3]=NULL; - } - else -#endif /* !OPENSSL_NO_ECDH */ -#ifndef OPENSSL_NO_PSK - if (type & SSL_kPSK) - { - /* reserve size for record length and PSK identity hint*/ - n+=2+strlen(s->session->psk_identity_hint); - } - else -#endif /* !OPENSSL_NO_PSK */ - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); - goto f_err; - } - for (i=0; r[i] != NULL; i++) - { - nr[i]=BN_num_bytes(r[i]); - n+=2+nr[i]; - } - - if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) - && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) - { - if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher, NULL)) - == NULL) - { - al=SSL_AD_DECODE_ERROR; - goto f_err; - } - kn=EVP_PKEY_size(pkey); - } - else - { - pkey=NULL; - kn=0; - } - - if (!BUF_MEM_grow_clean(buf,n+DTLS1_HM_HEADER_LENGTH+kn)) - { - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF); - goto err; - } - d=(unsigned char *)s->init_buf->data; - p= &(d[DTLS1_HM_HEADER_LENGTH]); - - for (i=0; r[i] != NULL; i++) - { - s2n(nr[i],p); - BN_bn2bin(r[i],p); - p+=nr[i]; - } - -#ifndef OPENSSL_NO_ECDH - if (type & SSL_kEECDH) - { - /* XXX: For now, we only support named (not generic) curves. - * In this situation, the serverKeyExchange message has: - * [1 byte CurveType], [2 byte CurveName] - * [1 byte length of encoded point], followed by - * the actual encoded point itself - */ - *p = NAMED_CURVE_TYPE; - p += 1; - *p = 0; - p += 1; - *p = curve_id; - p += 1; - *p = encodedlen; - p += 1; - memcpy((unsigned char*)p, - (unsigned char *)encodedPoint, - encodedlen); - OPENSSL_free(encodedPoint); - encodedPoint = NULL; - p += encodedlen; - } -#endif - -#ifndef OPENSSL_NO_PSK - if (type & SSL_kPSK) - { - /* copy PSK identity hint */ - s2n(strlen(s->session->psk_identity_hint), p); - strncpy((char *)p, s->session->psk_identity_hint, strlen(s->session->psk_identity_hint)); - p+=strlen(s->session->psk_identity_hint); - } -#endif - - /* not anonymous */ - if (pkey != NULL) - { - /* n is the length of the params, they start at - * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space - * at the end. */ -#ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA) - { - q=md_buf; - j=0; - for (num=2; num > 0; num--) - { - EVP_DigestInit_ex(&md_ctx,(num == 2) - ?s->ctx->md5:s->ctx->sha1, NULL); - EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n); - EVP_DigestFinal_ex(&md_ctx,q, - (unsigned int *)&i); - q+=i; - j+=i; - } - if (RSA_sign(NID_md5_sha1, md_buf, j, - &(p[2]), &u, pkey->pkey.rsa) <= 0) - { - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA); - goto err; - } - s2n(u,p); - n+=u+2; - } - else -#endif -#if !defined(OPENSSL_NO_DSA) - if (pkey->type == EVP_PKEY_DSA) - { - /* lets do DSS */ - EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL); - EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); - EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); - EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n); - if (!EVP_SignFinal(&md_ctx,&(p[2]), - (unsigned int *)&i,pkey)) - { - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA); - goto err; - } - s2n(i,p); - n+=i+2; - } - else -#endif -#if !defined(OPENSSL_NO_ECDSA) - if (pkey->type == EVP_PKEY_EC) - { - /* let's do ECDSA */ - EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL); - EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); - EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); - EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n); - if (!EVP_SignFinal(&md_ctx,&(p[2]), - (unsigned int *)&i,pkey)) - { - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA); - goto err; - } - s2n(i,p); - n+=i+2; - } - else -#endif - { - /* Is this error check actually needed? */ - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE); - goto f_err; - } - } - - d = dtls1_set_message_header(s, d, - SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n); - - /* we should now have things packed up, so lets send - * it off */ - s->init_num=n+DTLS1_HM_HEADER_LENGTH; - s->init_off=0; - - /* buffer the message to handle re-xmits */ - dtls1_buffer_message(s, 0); - } - - s->state = SSL3_ST_SW_KEY_EXCH_B; - EVP_MD_CTX_cleanup(&md_ctx); - return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); -err: -#ifndef OPENSSL_NO_ECDH - if (encodedPoint != NULL) OPENSSL_free(encodedPoint); - BN_CTX_free(bn_ctx); -#endif - EVP_MD_CTX_cleanup(&md_ctx); - return(-1); - } - -int dtls1_send_certificate_request(SSL *s) - { - unsigned char *p,*d; - int i,j,nl,off,n; - STACK_OF(X509_NAME) *sk=NULL; - X509_NAME *name; - BUF_MEM *buf; - unsigned int msg_len; - - if (s->state == SSL3_ST_SW_CERT_REQ_A) - { - buf=s->init_buf; - - d=p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]); - - /* get the list of acceptable cert types */ - p++; - n=ssl3_get_req_cert_type(s,p); - d[0]=n; - p+=n; - n++; - - off=n; - p+=2; - n+=2; - - sk=SSL_get_client_CA_list(s); - nl=0; - if (sk != NULL) - { - for (i=0; i<sk_X509_NAME_num(sk); i++) - { - name=sk_X509_NAME_value(sk,i); - j=i2d_X509_NAME(name,NULL); - if (!BUF_MEM_grow_clean(buf,DTLS1_HM_HEADER_LENGTH+n+j+2)) - { - SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB); - goto err; - } - p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+n]); - if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) - { - s2n(j,p); - i2d_X509_NAME(name,&p); - n+=2+j; - nl+=2+j; - } - else - { - d=p; - i2d_X509_NAME(name,&p); - j-=2; s2n(j,d); j+=2; - n+=j; - nl+=j; - } - } - } - /* else no CA names */ - p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+off]); - s2n(nl,p); - - d=(unsigned char *)buf->data; - *(d++)=SSL3_MT_CERTIFICATE_REQUEST; - l2n3(n,d); - s2n(s->d1->handshake_write_seq,d); - s->d1->handshake_write_seq++; - - /* we should now have things packed up, so lets send - * it off */ - - s->init_num=n+DTLS1_HM_HEADER_LENGTH; - s->init_off=0; -#ifdef NETSCAPE_HANG_BUG -/* XXX: what to do about this? */ - p=(unsigned char *)s->init_buf->data + s->init_num; - - /* do the header */ - *(p++)=SSL3_MT_SERVER_DONE; - *(p++)=0; - *(p++)=0; - *(p++)=0; - s->init_num += 4; -#endif - - /* XDTLS: set message header ? */ - msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH; - dtls1_set_message_header(s, (void *)s->init_buf->data, - SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len); - - /* buffer the message to handle re-xmits */ - dtls1_buffer_message(s, 0); - - s->state = SSL3_ST_SW_CERT_REQ_B; - } - - /* SSL3_ST_SW_CERT_REQ_B */ - return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); -err: - return(-1); - } - -int dtls1_send_server_certificate(SSL *s) - { - unsigned long l; - X509 *x; - - if (s->state == SSL3_ST_SW_CERT_A) - { - x=ssl_get_server_send_cert(s); - if (x == NULL) - { - /* VRS: allow null cert if auth == KRB5 */ - if ((s->s3->tmp.new_cipher->algorithm_mkey != SSL_kKRB5) || - (s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5)) - { - SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR); - return(0); - } - } - - l=dtls1_output_cert_chain(s,x); - if (!l) - { - SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR); - return(0); - } - s->state=SSL3_ST_SW_CERT_B; - s->init_num=(int)l; - s->init_off=0; - - /* buffer the message to handle re-xmits */ - dtls1_buffer_message(s, 0); - } - - /* SSL3_ST_SW_CERT_B */ - return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); - } - -#ifndef OPENSSL_NO_TLSEXT -int dtls1_send_newsession_ticket(SSL *s) - { - if (s->state == SSL3_ST_SW_SESSION_TICKET_A) - { - unsigned char *p, *senc, *macstart; - int len, slen; - unsigned int hlen, msg_len; - EVP_CIPHER_CTX ctx; - HMAC_CTX hctx; - SSL_CTX *tctx = s->initial_ctx; - unsigned char iv[EVP_MAX_IV_LENGTH]; - unsigned char key_name[16]; - - /* get session encoding length */ - slen = i2d_SSL_SESSION(s->session, NULL); - /* Some length values are 16 bits, so forget it if session is - * too long - */ - if (slen > 0xFF00) - return -1; - /* Grow buffer if need be: the length calculation is as - * follows 12 (DTLS handshake message header) + - * 4 (ticket lifetime hint) + 2 (ticket length) + - * 16 (key name) + max_iv_len (iv length) + - * session_length + max_enc_block_size (max encrypted session - * length) + max_md_size (HMAC). - */ - if (!BUF_MEM_grow(s->init_buf, - DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH + - EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen)) - return -1; - senc = OPENSSL_malloc(slen); - if (!senc) - return -1; - p = senc; - i2d_SSL_SESSION(s->session, &p); - - p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]); - EVP_CIPHER_CTX_init(&ctx); - HMAC_CTX_init(&hctx); - /* Initialize HMAC and cipher contexts. If callback present - * it does all the work otherwise use generated values - * from parent ctx. - */ - if (tctx->tlsext_ticket_key_cb) - { - if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, - &hctx, 1) < 0) - { - OPENSSL_free(senc); - return -1; - } - } - else - { - RAND_pseudo_bytes(iv, 16); - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, - tctx->tlsext_tick_aes_key, iv); - HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, - tlsext_tick_md(), NULL); - memcpy(key_name, tctx->tlsext_tick_key_name, 16); - } - l2n(s->session->tlsext_tick_lifetime_hint, p); - /* Skip ticket length for now */ - p += 2; - /* Output key name */ - macstart = p; - memcpy(p, key_name, 16); - p += 16; - /* output IV */ - memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx)); - p += EVP_CIPHER_CTX_iv_length(&ctx); - /* Encrypt session data */ - EVP_EncryptUpdate(&ctx, p, &len, senc, slen); - p += len; - EVP_EncryptFinal(&ctx, p, &len); - p += len; - EVP_CIPHER_CTX_cleanup(&ctx); - - HMAC_Update(&hctx, macstart, p - macstart); - HMAC_Final(&hctx, p, &hlen); - HMAC_CTX_cleanup(&hctx); - - p += hlen; - /* Now write out lengths: p points to end of data written */ - /* Total length */ - len = p - (unsigned char *)(s->init_buf->data); - /* Ticket length */ - p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4; - s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p); - - /* number of bytes to write */ - s->init_num= len; - s->state=SSL3_ST_SW_SESSION_TICKET_B; - s->init_off=0; - OPENSSL_free(senc); - - /* XDTLS: set message header ? */ - msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH; - dtls1_set_message_header(s, (void *)s->init_buf->data, - SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len); - - /* buffer the message to handle re-xmits */ - dtls1_buffer_message(s, 0); - } - - /* SSL3_ST_SW_SESSION_TICKET_B */ - return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); - } -#endif diff --git a/main/openssl/ssl/dtls1.h b/main/openssl/ssl/dtls1.h deleted file mode 100644 index 33857526..00000000 --- a/main/openssl/ssl/dtls1.h +++ /dev/null @@ -1,296 +0,0 @@ -/* ssl/dtls1.h */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_DTLS1_H -#define HEADER_DTLS1_H - -#include <openssl/buffer.h> -#include <openssl/pqueue.h> -#ifdef OPENSSL_SYS_VMS -#include <resource.h> -#include <sys/timeb.h> -#endif -#ifdef OPENSSL_SYS_WIN32 -/* Needed for struct timeval */ -#include <winsock.h> -#elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) -#include <sys/timeval.h> -#else -#if defined(OPENSSL_SYS_VXWORKS) -#include <sys/times.h> -#else -#include <sys/time.h> -#endif -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -#define DTLS1_VERSION 0xFEFF -#define DTLS_MAX_VERSION DTLS1_VERSION - -#define DTLS1_BAD_VER 0x0100 - -#if 0 -/* this alert description is not specified anywhere... */ -#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 -#endif - -/* lengths of messages */ -#define DTLS1_COOKIE_LENGTH 256 - -#define DTLS1_RT_HEADER_LENGTH 13 - -#define DTLS1_HM_HEADER_LENGTH 12 - -#define DTLS1_HM_BAD_FRAGMENT -2 -#define DTLS1_HM_FRAGMENT_RETRY -3 - -#define DTLS1_CCS_HEADER_LENGTH 1 - -#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE -#define DTLS1_AL_HEADER_LENGTH 7 -#else -#define DTLS1_AL_HEADER_LENGTH 2 -#endif - -#ifndef OPENSSL_NO_SSL_INTERN - -#ifndef OPENSSL_NO_SCTP -#define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP" -#endif - -/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */ -#define DTLS1_MAX_MTU_OVERHEAD 48 - -typedef struct dtls1_bitmap_st - { - unsigned long map; /* track 32 packets on 32-bit systems - and 64 - on 64-bit systems */ - unsigned char max_seq_num[8]; /* max record number seen so far, - 64-bit value in big-endian - encoding */ - } DTLS1_BITMAP; - -struct dtls1_retransmit_state - { - EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ - EVP_MD_CTX *write_hash; /* used for mac generation */ -#ifndef OPENSSL_NO_COMP - COMP_CTX *compress; /* compression */ -#else - char *compress; -#endif - SSL_SESSION *session; - unsigned short epoch; - }; - -struct hm_header_st - { - unsigned char type; - unsigned long msg_len; - unsigned short seq; - unsigned long frag_off; - unsigned long frag_len; - unsigned int is_ccs; - struct dtls1_retransmit_state saved_retransmit_state; - }; - -struct ccs_header_st - { - unsigned char type; - unsigned short seq; - }; - -struct dtls1_timeout_st - { - /* Number of read timeouts so far */ - unsigned int read_timeouts; - - /* Number of write timeouts so far */ - unsigned int write_timeouts; - - /* Number of alerts received so far */ - unsigned int num_alerts; - }; - -typedef struct record_pqueue_st - { - unsigned short epoch; - pqueue q; - } record_pqueue; - -typedef struct hm_fragment_st - { - struct hm_header_st msg_header; - unsigned char *fragment; - unsigned char *reassembly; - } hm_fragment; - -typedef struct dtls1_state_st - { - unsigned int send_cookie; - unsigned char cookie[DTLS1_COOKIE_LENGTH]; - unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; - unsigned int cookie_len; - - /* - * The current data and handshake epoch. This is initially - * undefined, and starts at zero once the initial handshake is - * completed - */ - unsigned short r_epoch; - unsigned short w_epoch; - - /* records being received in the current epoch */ - DTLS1_BITMAP bitmap; - - /* renegotiation starts a new set of sequence numbers */ - DTLS1_BITMAP next_bitmap; - - /* handshake message numbers */ - unsigned short handshake_write_seq; - unsigned short next_handshake_write_seq; - - unsigned short handshake_read_seq; - - /* save last sequence number for retransmissions */ - unsigned char last_write_sequence[8]; - - /* Received handshake records (processed and unprocessed) */ - record_pqueue unprocessed_rcds; - record_pqueue processed_rcds; - - /* Buffered handshake messages */ - pqueue buffered_messages; - - /* Buffered (sent) handshake records */ - pqueue sent_messages; - - /* Buffered application records. - * Only for records between CCS and Finished - * to prevent either protocol violation or - * unnecessary message loss. - */ - record_pqueue buffered_app_data; - - /* Is set when listening for new connections with dtls1_listen() */ - unsigned int listen; - - unsigned int link_mtu; /* max on-the-wire DTLS packet size */ - unsigned int mtu; /* max DTLS packet size */ - - struct hm_header_st w_msg_hdr; - struct hm_header_st r_msg_hdr; - - struct dtls1_timeout_st timeout; - - /* Indicates when the last handshake msg or heartbeat sent will timeout */ - struct timeval next_timeout; - - /* Timeout duration */ - unsigned short timeout_duration; - - /* storage for Alert/Handshake protocol data received but not - * yet processed by ssl3_read_bytes: */ - unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; - unsigned int alert_fragment_len; - unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; - unsigned int handshake_fragment_len; - - unsigned int retransmitting; - /* - * Set when the handshake is ready to process peer's ChangeCipherSpec message. - * Cleared after the message has been processed. - */ - unsigned int change_cipher_spec_ok; - -#ifndef OPENSSL_NO_SCTP - /* used when SSL_ST_XX_FLUSH is entered */ - int next_state; - - int shutdown_received; -#endif - - } DTLS1_STATE; - -typedef struct dtls1_record_data_st - { - unsigned char *packet; - unsigned int packet_length; - SSL3_BUFFER rbuf; - SSL3_RECORD rrec; -#ifndef OPENSSL_NO_SCTP - struct bio_dgram_sctp_rcvinfo recordinfo; -#endif - } DTLS1_RECORD_DATA; - -#endif - -/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ -#define DTLS1_TMO_READ_COUNT 2 -#define DTLS1_TMO_WRITE_COUNT 2 - -#define DTLS1_TMO_ALERT_COUNT 12 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/main/openssl/ssl/kssl.c b/main/openssl/ssl/kssl.c deleted file mode 100644 index 950a0c56..00000000 --- a/main/openssl/ssl/kssl.c +++ /dev/null @@ -1,2221 +0,0 @@ -/* ssl/kssl.c -*- mode: C; c-file-style: "eay" -*- */ -/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000. - */ -/* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - - -/* ssl/kssl.c -- Routines to support (& debug) Kerberos5 auth for openssl -** -** 19990701 VRS Started. -** 200011?? Jeffrey Altman, Richard Levitte -** Generalized for Heimdal, Newer MIT, & Win32. -** Integrated into main OpenSSL 0.9.7 snapshots. -** 20010413 Simon Wilkinson, VRS -** Real RFC2712 KerberosWrapper replaces AP_REQ. -*/ - -#include <openssl/opensslconf.h> - -#include <string.h> - -#define KRB5_PRIVATE 1 - -#include <openssl/ssl.h> -#include <openssl/evp.h> -#include <openssl/objects.h> -#include <openssl/krb5_asn.h> -#include "kssl_lcl.h" - -#ifndef OPENSSL_NO_KRB5 - -#ifndef ENOMEM -#define ENOMEM KRB5KRB_ERR_GENERIC -#endif - -/* - * When OpenSSL is built on Windows, we do not want to require that - * the Kerberos DLLs be available in order for the OpenSSL DLLs to - * work. Therefore, all Kerberos routines are loaded at run time - * and we do not link to a .LIB file. - */ - -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) -/* - * The purpose of the following pre-processor statements is to provide - * compatibility with different releases of MIT Kerberos for Windows. - * All versions up to 1.2 used macros. But macros do not allow for - * a binary compatible interface for DLLs. Therefore, all macros are - * being replaced by function calls. The following code will allow - * an OpenSSL DLL built on Windows to work whether or not the macro - * or function form of the routines are utilized. - */ -#ifdef krb5_cc_get_principal -#define NO_DEF_KRB5_CCACHE -#undef krb5_cc_get_principal -#endif -#define krb5_cc_get_principal kssl_krb5_cc_get_principal - -#define krb5_free_data_contents kssl_krb5_free_data_contents -#define krb5_free_context kssl_krb5_free_context -#define krb5_auth_con_free kssl_krb5_auth_con_free -#define krb5_free_principal kssl_krb5_free_principal -#define krb5_mk_req_extended kssl_krb5_mk_req_extended -#define krb5_get_credentials kssl_krb5_get_credentials -#define krb5_cc_default kssl_krb5_cc_default -#define krb5_sname_to_principal kssl_krb5_sname_to_principal -#define krb5_init_context kssl_krb5_init_context -#define krb5_free_ticket kssl_krb5_free_ticket -#define krb5_rd_req kssl_krb5_rd_req -#define krb5_kt_default kssl_krb5_kt_default -#define krb5_kt_resolve kssl_krb5_kt_resolve -/* macros in mit 1.2.2 and earlier; functions in mit 1.2.3 and greater */ -#ifndef krb5_kt_close -#define krb5_kt_close kssl_krb5_kt_close -#endif /* krb5_kt_close */ -#ifndef krb5_kt_get_entry -#define krb5_kt_get_entry kssl_krb5_kt_get_entry -#endif /* krb5_kt_get_entry */ -#define krb5_auth_con_init kssl_krb5_auth_con_init - -#define krb5_principal_compare kssl_krb5_principal_compare -#define krb5_decrypt_tkt_part kssl_krb5_decrypt_tkt_part -#define krb5_timeofday kssl_krb5_timeofday -#define krb5_rc_default kssl_krb5_rc_default - -#ifdef krb5_rc_initialize -#undef krb5_rc_initialize -#endif -#define krb5_rc_initialize kssl_krb5_rc_initialize - -#ifdef krb5_rc_get_lifespan -#undef krb5_rc_get_lifespan -#endif -#define krb5_rc_get_lifespan kssl_krb5_rc_get_lifespan - -#ifdef krb5_rc_destroy -#undef krb5_rc_destroy -#endif -#define krb5_rc_destroy kssl_krb5_rc_destroy - -#define valid_cksumtype kssl_valid_cksumtype -#define krb5_checksum_size kssl_krb5_checksum_size -#define krb5_kt_free_entry kssl_krb5_kt_free_entry -#define krb5_auth_con_setrcache kssl_krb5_auth_con_setrcache -#define krb5_auth_con_getrcache kssl_krb5_auth_con_getrcache -#define krb5_get_server_rcache kssl_krb5_get_server_rcache - -/* Prototypes for built in stubs */ -void kssl_krb5_free_data_contents(krb5_context, krb5_data *); -void kssl_krb5_free_principal(krb5_context, krb5_principal ); -krb5_error_code kssl_krb5_kt_resolve(krb5_context, - krb5_const char *, - krb5_keytab *); -krb5_error_code kssl_krb5_kt_default(krb5_context, - krb5_keytab *); -krb5_error_code kssl_krb5_free_ticket(krb5_context, krb5_ticket *); -krb5_error_code kssl_krb5_rd_req(krb5_context, krb5_auth_context *, - krb5_const krb5_data *, - krb5_const_principal, krb5_keytab, - krb5_flags *,krb5_ticket **); - -krb5_boolean kssl_krb5_principal_compare(krb5_context, krb5_const_principal, - krb5_const_principal); -krb5_error_code kssl_krb5_mk_req_extended(krb5_context, - krb5_auth_context *, - krb5_const krb5_flags, - krb5_data *, - krb5_creds *, - krb5_data * ); -krb5_error_code kssl_krb5_init_context(krb5_context *); -void kssl_krb5_free_context(krb5_context); -krb5_error_code kssl_krb5_cc_default(krb5_context,krb5_ccache *); -krb5_error_code kssl_krb5_sname_to_principal(krb5_context, - krb5_const char *, - krb5_const char *, - krb5_int32, - krb5_principal *); -krb5_error_code kssl_krb5_get_credentials(krb5_context, - krb5_const krb5_flags, - krb5_ccache, - krb5_creds *, - krb5_creds * *); -krb5_error_code kssl_krb5_auth_con_init(krb5_context, - krb5_auth_context *); -krb5_error_code kssl_krb5_cc_get_principal(krb5_context context, - krb5_ccache cache, - krb5_principal *principal); -krb5_error_code kssl_krb5_auth_con_free(krb5_context,krb5_auth_context); -size_t kssl_krb5_checksum_size(krb5_context context,krb5_cksumtype ctype); -krb5_boolean kssl_valid_cksumtype(krb5_cksumtype ctype); -krb5_error_code krb5_kt_free_entry(krb5_context,krb5_keytab_entry FAR * ); -krb5_error_code kssl_krb5_auth_con_setrcache(krb5_context, - krb5_auth_context, - krb5_rcache); -krb5_error_code kssl_krb5_get_server_rcache(krb5_context, - krb5_const krb5_data *, - krb5_rcache *); -krb5_error_code kssl_krb5_auth_con_getrcache(krb5_context, - krb5_auth_context, - krb5_rcache *); - -/* Function pointers (almost all Kerberos functions are _stdcall) */ -static void (_stdcall *p_krb5_free_data_contents)(krb5_context, krb5_data *) - =NULL; -static void (_stdcall *p_krb5_free_principal)(krb5_context, krb5_principal ) - =NULL; -static krb5_error_code(_stdcall *p_krb5_kt_resolve) - (krb5_context, krb5_const char *, krb5_keytab *)=NULL; -static krb5_error_code (_stdcall *p_krb5_kt_default)(krb5_context, - krb5_keytab *)=NULL; -static krb5_error_code (_stdcall *p_krb5_free_ticket)(krb5_context, - krb5_ticket *)=NULL; -static krb5_error_code (_stdcall *p_krb5_rd_req)(krb5_context, - krb5_auth_context *, - krb5_const krb5_data *, - krb5_const_principal, - krb5_keytab, krb5_flags *, - krb5_ticket **)=NULL; -static krb5_error_code (_stdcall *p_krb5_mk_req_extended) - (krb5_context, krb5_auth_context *, - krb5_const krb5_flags, krb5_data *, krb5_creds *, - krb5_data * )=NULL; -static krb5_error_code (_stdcall *p_krb5_init_context)(krb5_context *)=NULL; -static void (_stdcall *p_krb5_free_context)(krb5_context)=NULL; -static krb5_error_code (_stdcall *p_krb5_cc_default)(krb5_context, - krb5_ccache *)=NULL; -static krb5_error_code (_stdcall *p_krb5_sname_to_principal) - (krb5_context, krb5_const char *, krb5_const char *, - krb5_int32, krb5_principal *)=NULL; -static krb5_error_code (_stdcall *p_krb5_get_credentials) - (krb5_context, krb5_const krb5_flags, krb5_ccache, - krb5_creds *, krb5_creds **)=NULL; -static krb5_error_code (_stdcall *p_krb5_auth_con_init) - (krb5_context, krb5_auth_context *)=NULL; -static krb5_error_code (_stdcall *p_krb5_cc_get_principal) - (krb5_context context, krb5_ccache cache, - krb5_principal *principal)=NULL; -static krb5_error_code (_stdcall *p_krb5_auth_con_free) - (krb5_context, krb5_auth_context)=NULL; -static krb5_error_code (_stdcall *p_krb5_decrypt_tkt_part) - (krb5_context, krb5_const krb5_keyblock *, - krb5_ticket *)=NULL; -static krb5_error_code (_stdcall *p_krb5_timeofday) - (krb5_context context, krb5_int32 *timeret)=NULL; -static krb5_error_code (_stdcall *p_krb5_rc_default) - (krb5_context context, krb5_rcache *rc)=NULL; -static krb5_error_code (_stdcall *p_krb5_rc_initialize) - (krb5_context context, krb5_rcache rc, - krb5_deltat lifespan)=NULL; -static krb5_error_code (_stdcall *p_krb5_rc_get_lifespan) - (krb5_context context, krb5_rcache rc, - krb5_deltat *lifespan)=NULL; -static krb5_error_code (_stdcall *p_krb5_rc_destroy) - (krb5_context context, krb5_rcache rc)=NULL; -static krb5_boolean (_stdcall *p_krb5_principal_compare) - (krb5_context, krb5_const_principal, krb5_const_principal)=NULL; -static size_t (_stdcall *p_krb5_checksum_size)(krb5_context context,krb5_cksumtype ctype)=NULL; -static krb5_boolean (_stdcall *p_valid_cksumtype)(krb5_cksumtype ctype)=NULL; -static krb5_error_code (_stdcall *p_krb5_kt_free_entry) - (krb5_context,krb5_keytab_entry * )=NULL; -static krb5_error_code (_stdcall * p_krb5_auth_con_setrcache)(krb5_context, - krb5_auth_context, - krb5_rcache)=NULL; -static krb5_error_code (_stdcall * p_krb5_get_server_rcache)(krb5_context, - krb5_const krb5_data *, - krb5_rcache *)=NULL; -static krb5_error_code (* p_krb5_auth_con_getrcache)(krb5_context, - krb5_auth_context, - krb5_rcache *)=NULL; -static krb5_error_code (_stdcall * p_krb5_kt_close)(krb5_context context, - krb5_keytab keytab)=NULL; -static krb5_error_code (_stdcall * p_krb5_kt_get_entry)(krb5_context context, - krb5_keytab keytab, - krb5_const_principal principal, krb5_kvno vno, - krb5_enctype enctype, krb5_keytab_entry *entry)=NULL; -static int krb5_loaded = 0; /* only attempt to initialize func ptrs once */ - -/* Function to Load the Kerberos 5 DLL and initialize function pointers */ -void -load_krb5_dll(void) - { - HANDLE hKRB5_32; - - krb5_loaded++; - hKRB5_32 = LoadLibrary(TEXT("KRB5_32")); - if (!hKRB5_32) - return; - - (FARPROC) p_krb5_free_data_contents = - GetProcAddress( hKRB5_32, "krb5_free_data_contents" ); - (FARPROC) p_krb5_free_context = - GetProcAddress( hKRB5_32, "krb5_free_context" ); - (FARPROC) p_krb5_auth_con_free = - GetProcAddress( hKRB5_32, "krb5_auth_con_free" ); - (FARPROC) p_krb5_free_principal = - GetProcAddress( hKRB5_32, "krb5_free_principal" ); - (FARPROC) p_krb5_mk_req_extended = - GetProcAddress( hKRB5_32, "krb5_mk_req_extended" ); - (FARPROC) p_krb5_get_credentials = - GetProcAddress( hKRB5_32, "krb5_get_credentials" ); - (FARPROC) p_krb5_cc_get_principal = - GetProcAddress( hKRB5_32, "krb5_cc_get_principal" ); - (FARPROC) p_krb5_cc_default = - GetProcAddress( hKRB5_32, "krb5_cc_default" ); - (FARPROC) p_krb5_sname_to_principal = - GetProcAddress( hKRB5_32, "krb5_sname_to_principal" ); - (FARPROC) p_krb5_init_context = - GetProcAddress( hKRB5_32, "krb5_init_context" ); - (FARPROC) p_krb5_free_ticket = - GetProcAddress( hKRB5_32, "krb5_free_ticket" ); - (FARPROC) p_krb5_rd_req = - GetProcAddress( hKRB5_32, "krb5_rd_req" ); - (FARPROC) p_krb5_principal_compare = - GetProcAddress( hKRB5_32, "krb5_principal_compare" ); - (FARPROC) p_krb5_decrypt_tkt_part = - GetProcAddress( hKRB5_32, "krb5_decrypt_tkt_part" ); - (FARPROC) p_krb5_timeofday = - GetProcAddress( hKRB5_32, "krb5_timeofday" ); - (FARPROC) p_krb5_rc_default = - GetProcAddress( hKRB5_32, "krb5_rc_default" ); - (FARPROC) p_krb5_rc_initialize = - GetProcAddress( hKRB5_32, "krb5_rc_initialize" ); - (FARPROC) p_krb5_rc_get_lifespan = - GetProcAddress( hKRB5_32, "krb5_rc_get_lifespan" ); - (FARPROC) p_krb5_rc_destroy = - GetProcAddress( hKRB5_32, "krb5_rc_destroy" ); - (FARPROC) p_krb5_kt_default = - GetProcAddress( hKRB5_32, "krb5_kt_default" ); - (FARPROC) p_krb5_kt_resolve = - GetProcAddress( hKRB5_32, "krb5_kt_resolve" ); - (FARPROC) p_krb5_auth_con_init = - GetProcAddress( hKRB5_32, "krb5_auth_con_init" ); - (FARPROC) p_valid_cksumtype = - GetProcAddress( hKRB5_32, "valid_cksumtype" ); - (FARPROC) p_krb5_checksum_size = - GetProcAddress( hKRB5_32, "krb5_checksum_size" ); - (FARPROC) p_krb5_kt_free_entry = - GetProcAddress( hKRB5_32, "krb5_kt_free_entry" ); - (FARPROC) p_krb5_auth_con_setrcache = - GetProcAddress( hKRB5_32, "krb5_auth_con_setrcache" ); - (FARPROC) p_krb5_get_server_rcache = - GetProcAddress( hKRB5_32, "krb5_get_server_rcache" ); - (FARPROC) p_krb5_auth_con_getrcache = - GetProcAddress( hKRB5_32, "krb5_auth_con_getrcache" ); - (FARPROC) p_krb5_kt_close = - GetProcAddress( hKRB5_32, "krb5_kt_close" ); - (FARPROC) p_krb5_kt_get_entry = - GetProcAddress( hKRB5_32, "krb5_kt_get_entry" ); - } - -/* Stubs for each function to be dynamicly loaded */ -void -kssl_krb5_free_data_contents(krb5_context CO, krb5_data * data) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_free_data_contents ) - p_krb5_free_data_contents(CO,data); - } - -krb5_error_code -kssl_krb5_mk_req_extended (krb5_context CO, - krb5_auth_context * pACO, - krb5_const krb5_flags F, - krb5_data * pD1, - krb5_creds * pC, - krb5_data * pD2) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_mk_req_extended ) - return(p_krb5_mk_req_extended(CO,pACO,F,pD1,pC,pD2)); - else - return KRB5KRB_ERR_GENERIC; - } -krb5_error_code -kssl_krb5_auth_con_init(krb5_context CO, - krb5_auth_context * pACO) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_auth_con_init ) - return(p_krb5_auth_con_init(CO,pACO)); - else - return KRB5KRB_ERR_GENERIC; - } -krb5_error_code -kssl_krb5_auth_con_free (krb5_context CO, - krb5_auth_context ACO) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_auth_con_free ) - return(p_krb5_auth_con_free(CO,ACO)); - else - return KRB5KRB_ERR_GENERIC; - } -krb5_error_code -kssl_krb5_get_credentials(krb5_context CO, - krb5_const krb5_flags F, - krb5_ccache CC, - krb5_creds * pCR, - krb5_creds ** ppCR) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_get_credentials ) - return(p_krb5_get_credentials(CO,F,CC,pCR,ppCR)); - else - return KRB5KRB_ERR_GENERIC; - } -krb5_error_code -kssl_krb5_sname_to_principal(krb5_context CO, - krb5_const char * pC1, - krb5_const char * pC2, - krb5_int32 I, - krb5_principal * pPR) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_sname_to_principal ) - return(p_krb5_sname_to_principal(CO,pC1,pC2,I,pPR)); - else - return KRB5KRB_ERR_GENERIC; - } - -krb5_error_code -kssl_krb5_cc_default(krb5_context CO, - krb5_ccache * pCC) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_cc_default ) - return(p_krb5_cc_default(CO,pCC)); - else - return KRB5KRB_ERR_GENERIC; - } - -krb5_error_code -kssl_krb5_init_context(krb5_context * pCO) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_init_context ) - return(p_krb5_init_context(pCO)); - else - return KRB5KRB_ERR_GENERIC; - } - -void -kssl_krb5_free_context(krb5_context CO) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_free_context ) - p_krb5_free_context(CO); - } - -void -kssl_krb5_free_principal(krb5_context c, krb5_principal p) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_free_principal ) - p_krb5_free_principal(c,p); - } - -krb5_error_code -kssl_krb5_kt_resolve(krb5_context con, - krb5_const char * sz, - krb5_keytab * kt) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_kt_resolve ) - return(p_krb5_kt_resolve(con,sz,kt)); - else - return KRB5KRB_ERR_GENERIC; - } - -krb5_error_code -kssl_krb5_kt_default(krb5_context con, - krb5_keytab * kt) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_kt_default ) - return(p_krb5_kt_default(con,kt)); - else - return KRB5KRB_ERR_GENERIC; - } - -krb5_error_code -kssl_krb5_free_ticket(krb5_context con, - krb5_ticket * kt) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_free_ticket ) - return(p_krb5_free_ticket(con,kt)); - else - return KRB5KRB_ERR_GENERIC; - } - -krb5_error_code -kssl_krb5_rd_req(krb5_context con, krb5_auth_context * pacon, - krb5_const krb5_data * data, - krb5_const_principal princ, krb5_keytab keytab, - krb5_flags * flags, krb5_ticket ** pptkt) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_rd_req ) - return(p_krb5_rd_req(con,pacon,data,princ,keytab,flags,pptkt)); - else - return KRB5KRB_ERR_GENERIC; - } - -krb5_boolean -krb5_principal_compare(krb5_context con, krb5_const_principal princ1, - krb5_const_principal princ2) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_principal_compare ) - return(p_krb5_principal_compare(con,princ1,princ2)); - else - return KRB5KRB_ERR_GENERIC; - } - -krb5_error_code -krb5_decrypt_tkt_part(krb5_context con, krb5_const krb5_keyblock *keys, - krb5_ticket *ticket) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_decrypt_tkt_part ) - return(p_krb5_decrypt_tkt_part(con,keys,ticket)); - else - return KRB5KRB_ERR_GENERIC; - } - -krb5_error_code -krb5_timeofday(krb5_context con, krb5_int32 *timeret) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_timeofday ) - return(p_krb5_timeofday(con,timeret)); - else - return KRB5KRB_ERR_GENERIC; - } - -krb5_error_code -krb5_rc_default(krb5_context con, krb5_rcache *rc) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_rc_default ) - return(p_krb5_rc_default(con,rc)); - else - return KRB5KRB_ERR_GENERIC; - } - -krb5_error_code -krb5_rc_initialize(krb5_context con, krb5_rcache rc, krb5_deltat lifespan) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_rc_initialize ) - return(p_krb5_rc_initialize(con, rc, lifespan)); - else - return KRB5KRB_ERR_GENERIC; - } - -krb5_error_code -krb5_rc_get_lifespan(krb5_context con, krb5_rcache rc, krb5_deltat *lifespanp) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_rc_get_lifespan ) - return(p_krb5_rc_get_lifespan(con, rc, lifespanp)); - else - return KRB5KRB_ERR_GENERIC; - } - -krb5_error_code -krb5_rc_destroy(krb5_context con, krb5_rcache rc) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_rc_destroy ) - return(p_krb5_rc_destroy(con, rc)); - else - return KRB5KRB_ERR_GENERIC; - } - -size_t -krb5_checksum_size(krb5_context context,krb5_cksumtype ctype) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_checksum_size ) - return(p_krb5_checksum_size(context, ctype)); - else - return KRB5KRB_ERR_GENERIC; - } - -krb5_boolean -valid_cksumtype(krb5_cksumtype ctype) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_valid_cksumtype ) - return(p_valid_cksumtype(ctype)); - else - return KRB5KRB_ERR_GENERIC; - } - -krb5_error_code -krb5_kt_free_entry(krb5_context con,krb5_keytab_entry * entry) - { - if (!krb5_loaded) - load_krb5_dll(); - - if ( p_krb5_kt_free_entry ) - return(p_krb5_kt_free_entry(con,entry)); - else - return KRB5KRB_ERR_GENERIC; - } - -/* Structure definitions */ -#ifndef NO_DEF_KRB5_CCACHE -#ifndef krb5_x -#define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1)) -#define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0)) -#endif - -typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */ - -typedef struct _krb5_ccache - { - krb5_magic magic; - struct _krb5_cc_ops FAR *ops; - krb5_pointer data; - } *krb5_ccache; - -typedef struct _krb5_cc_ops - { - krb5_magic magic; - char *prefix; - char * (KRB5_CALLCONV *get_name) - (krb5_context, krb5_ccache); - krb5_error_code (KRB5_CALLCONV *resolve) - (krb5_context, krb5_ccache *, const char *); - krb5_error_code (KRB5_CALLCONV *gen_new) - (krb5_context, krb5_ccache *); - krb5_error_code (KRB5_CALLCONV *init) - (krb5_context, krb5_ccache, krb5_principal); - krb5_error_code (KRB5_CALLCONV *destroy) - (krb5_context, krb5_ccache); - krb5_error_code (KRB5_CALLCONV *close) - (krb5_context, krb5_ccache); - krb5_error_code (KRB5_CALLCONV *store) - (krb5_context, krb5_ccache, krb5_creds *); - krb5_error_code (KRB5_CALLCONV *retrieve) - (krb5_context, krb5_ccache, - krb5_flags, krb5_creds *, krb5_creds *); - krb5_error_code (KRB5_CALLCONV *get_princ) - (krb5_context, krb5_ccache, krb5_principal *); - krb5_error_code (KRB5_CALLCONV *get_first) - (krb5_context, krb5_ccache, krb5_cc_cursor *); - krb5_error_code (KRB5_CALLCONV *get_next) - (krb5_context, krb5_ccache, - krb5_cc_cursor *, krb5_creds *); - krb5_error_code (KRB5_CALLCONV *end_get) - (krb5_context, krb5_ccache, krb5_cc_cursor *); - krb5_error_code (KRB5_CALLCONV *remove_cred) - (krb5_context, krb5_ccache, - krb5_flags, krb5_creds *); - krb5_error_code (KRB5_CALLCONV *set_flags) - (krb5_context, krb5_ccache, krb5_flags); - } krb5_cc_ops; -#endif /* NO_DEF_KRB5_CCACHE */ - -krb5_error_code -kssl_krb5_cc_get_principal - (krb5_context context, krb5_ccache cache, - krb5_principal *principal) - { - if ( p_krb5_cc_get_principal ) - return(p_krb5_cc_get_principal(context,cache,principal)); - else - return(krb5_x - ((cache)->ops->get_princ,(context, cache, principal))); - } - -krb5_error_code -kssl_krb5_auth_con_setrcache(krb5_context con, krb5_auth_context acon, - krb5_rcache rcache) - { - if ( p_krb5_auth_con_setrcache ) - return(p_krb5_auth_con_setrcache(con,acon,rcache)); - else - return KRB5KRB_ERR_GENERIC; - } - -krb5_error_code -kssl_krb5_get_server_rcache(krb5_context con, krb5_const krb5_data * data, - krb5_rcache * rcache) - { - if ( p_krb5_get_server_rcache ) - return(p_krb5_get_server_rcache(con,data,rcache)); - else - return KRB5KRB_ERR_GENERIC; - } - -krb5_error_code -kssl_krb5_auth_con_getrcache(krb5_context con, krb5_auth_context acon, - krb5_rcache * prcache) - { - if ( p_krb5_auth_con_getrcache ) - return(p_krb5_auth_con_getrcache(con,acon, prcache)); - else - return KRB5KRB_ERR_GENERIC; - } - -krb5_error_code -kssl_krb5_kt_close(krb5_context context, krb5_keytab keytab) - { - if ( p_krb5_kt_close ) - return(p_krb5_kt_close(context,keytab)); - else - return KRB5KRB_ERR_GENERIC; - } - -krb5_error_code -kssl_krb5_kt_get_entry(krb5_context context, krb5_keytab keytab, - krb5_const_principal principal, krb5_kvno vno, - krb5_enctype enctype, krb5_keytab_entry *entry) - { - if ( p_krb5_kt_get_entry ) - return(p_krb5_kt_get_entry(context,keytab,principal,vno,enctype,entry)); - else - return KRB5KRB_ERR_GENERIC; - } -#endif /* OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32 */ - - -/* memory allocation functions for non-temporary storage - * (e.g. stuff that gets saved into the kssl context) */ -static void* kssl_calloc(size_t nmemb, size_t size) -{ - void* p; - - p=OPENSSL_malloc(nmemb*size); - if (p){ - memset(p, 0, nmemb*size); - } - return p; -} - -#define kssl_malloc(size) OPENSSL_malloc((size)) -#define kssl_realloc(ptr, size) OPENSSL_realloc(ptr, size) -#define kssl_free(ptr) OPENSSL_free((ptr)) - - -char -*kstring(char *string) - { - static char *null = "[NULL]"; - - return ((string == NULL)? null: string); - } - -/* Given KRB5 enctype (basically DES or 3DES), -** return closest match openssl EVP_ encryption algorithm. -** Return NULL for unknown or problematic (krb5_dk_encrypt) enctypes. -** Assume ENCTYPE_*_RAW (krb5_raw_encrypt) are OK. -*/ -const EVP_CIPHER * -kssl_map_enc(krb5_enctype enctype) - { - switch (enctype) - { - case ENCTYPE_DES_HMAC_SHA1: /* EVP_des_cbc(); */ - case ENCTYPE_DES_CBC_CRC: - case ENCTYPE_DES_CBC_MD4: - case ENCTYPE_DES_CBC_MD5: - case ENCTYPE_DES_CBC_RAW: - return EVP_des_cbc(); - break; - case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */ - case ENCTYPE_DES3_CBC_SHA: - case ENCTYPE_DES3_CBC_RAW: - return EVP_des_ede3_cbc(); - break; - default: return NULL; - break; - } - } - - -/* Return true:1 if p "looks like" the start of the real authenticator -** described in kssl_skip_confound() below. The ASN.1 pattern is -** "62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and -** xx and yy are possibly multi-byte length fields. -*/ -static int kssl_test_confound(unsigned char *p) - { - int len = 2; - int xx = 0, yy = 0; - - if (*p++ != 0x62) return 0; - if (*p > 0x82) return 0; - switch(*p) { - case 0x82: p++; xx = (*p++ << 8); xx += *p++; break; - case 0x81: p++; xx = *p++; break; - case 0x80: return 0; - default: xx = *p++; break; - } - if (*p++ != 0x30) return 0; - if (*p > 0x82) return 0; - switch(*p) { - case 0x82: p++; len+=2; yy = (*p++ << 8); yy += *p++; break; - case 0x81: p++; len++; yy = *p++; break; - case 0x80: return 0; - default: yy = *p++; break; - } - - return (xx - len == yy)? 1: 0; - } - -/* Allocate, fill, and return cksumlens array of checksum lengths. -** This array holds just the unique elements from the krb5_cksumarray[]. -** array[n] == 0 signals end of data. -** -** The krb5_cksumarray[] was an internal variable that has since been -** replaced by a more general method for storing the data. It should -** not be used. Instead we use real API calls and make a guess for -** what the highest assigned CKSUMTYPE_ constant is. As of 1.2.2 -** it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3). So we will use 0x0010. -*/ -static size_t *populate_cksumlens(void) - { - int i, j, n; - static size_t *cklens = NULL; - -#ifdef KRB5_MIT_OLD11 - n = krb5_max_cksum; -#else - n = 0x0010; -#endif /* KRB5_MIT_OLD11 */ - -#ifdef KRB5CHECKAUTH - if (!cklens && !(cklens = (size_t *) calloc(sizeof(int),n+1))) return NULL; - - for (i=0; i < n; i++) { - if (!valid_cksumtype(i)) continue; /* array has holes */ - for (j=0; j < n; j++) { - if (cklens[j] == 0) { - cklens[j] = krb5_checksum_size(NULL,i); - break; /* krb5 elem was new: add */ - } - if (cklens[j] == krb5_checksum_size(NULL,i)) { - break; /* ignore duplicate elements */ - } - } - } -#endif /* KRB5CHECKAUTH */ - - return cklens; - } - -/* Return pointer to start of real authenticator within authenticator, or -** return NULL on error. -** Decrypted authenticator looks like this: -** [0 or 8 byte confounder] [4-24 byte checksum] [real authent'r] -** This hackery wouldn't be necessary if MIT KRB5 1.0.6 had the -** krb5_auth_con_getcksumtype() function advertised in its krb5.h. -*/ -unsigned char *kssl_skip_confound(krb5_enctype etype, unsigned char *a) - { - int i, conlen; - size_t cklen; - static size_t *cksumlens = NULL; - unsigned char *test_auth; - - conlen = (etype)? 8: 0; - - if (!cksumlens && !(cksumlens = populate_cksumlens())) return NULL; - for (i=0; (cklen = cksumlens[i]) != 0; i++) - { - test_auth = a + conlen + cklen; - if (kssl_test_confound(test_auth)) return test_auth; - } - - return NULL; - } - - -/* Set kssl_err error info when reason text is a simple string -** kssl_err = struct { int reason; char text[KSSL_ERR_MAX+1]; } -*/ -void -kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text) - { - if (kssl_err == NULL) return; - - kssl_err->reason = reason; - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, "%s", text); - return; - } - - -/* Display contents of krb5_data struct, for debugging -*/ -void -print_krb5_data(char *label, krb5_data *kdata) - { - int i; - - fprintf(stderr,"%s[%d] ", label, kdata->length); - for (i=0; i < (int)kdata->length; i++) - { - if (0 && isprint((int) kdata->data[i])) - fprintf(stderr, "%c ", kdata->data[i]); - else - fprintf(stderr, "%02x ", (unsigned char) kdata->data[i]); - } - fprintf(stderr,"\n"); - } - - -/* Display contents of krb5_authdata struct, for debugging -*/ -void -print_krb5_authdata(char *label, krb5_authdata **adata) - { - if (adata == NULL) - { - fprintf(stderr,"%s, authdata==0\n", label); - return; - } - fprintf(stderr,"%s [%p]\n", label, (void *)adata); -#if 0 - { - int i; - fprintf(stderr,"%s[at%d:%d] ", label, adata->ad_type, adata->length); - for (i=0; i < adata->length; i++) - { - fprintf(stderr,(isprint(adata->contents[i]))? "%c ": "%02x", - adata->contents[i]); - } - fprintf(stderr,"\n"); - } -#endif - } - - -/* Display contents of krb5_keyblock struct, for debugging -*/ -void -print_krb5_keyblock(char *label, krb5_keyblock *keyblk) - { - int i; - - if (keyblk == NULL) - { - fprintf(stderr,"%s, keyblk==0\n", label); - return; - } -#ifdef KRB5_HEIMDAL - fprintf(stderr,"%s\n\t[et%d:%d]: ", label, keyblk->keytype, - keyblk->keyvalue->length); - for (i=0; i < (int)keyblk->keyvalue->length; i++) - { - fprintf(stderr,"%02x",(unsigned char *)(keyblk->keyvalue->contents)[i]); - } - fprintf(stderr,"\n"); -#else - fprintf(stderr,"%s\n\t[et%d:%d]: ", label, keyblk->enctype, keyblk->length); - for (i=0; i < (int)keyblk->length; i++) - { - fprintf(stderr,"%02x",keyblk->contents[i]); - } - fprintf(stderr,"\n"); -#endif - } - - -/* Display contents of krb5_principal_data struct, for debugging -** (krb5_principal is typedef'd == krb5_principal_data *) -*/ -static void -print_krb5_princ(char *label, krb5_principal_data *princ) - { - int i, ui, uj; - - fprintf(stderr,"%s principal Realm: ", label); - if (princ == NULL) return; - for (ui=0; ui < (int)princ->realm.length; ui++) putchar(princ->realm.data[ui]); - fprintf(stderr," (nametype %d) has %d strings:\n", princ->type,princ->length); - for (i=0; i < (int)princ->length; i++) - { - fprintf(stderr,"\t%d [%d]: ", i, princ->data[i].length); - for (uj=0; uj < (int)princ->data[i].length; uj++) { - putchar(princ->data[i].data[uj]); - } - fprintf(stderr,"\n"); - } - return; - } - - -/* Given krb5 service (typically "kssl") and hostname in kssl_ctx, -** Return encrypted Kerberos ticket for service @ hostname. -** If authenp is non-NULL, also return encrypted authenticator, -** whose data should be freed by caller. -** (Originally was: Create Kerberos AP_REQ message for SSL Client.) -** -** 19990628 VRS Started; Returns Kerberos AP_REQ message. -** 20010409 VRS Modified for RFC2712; Returns enc tkt. -** 20010606 VRS May also return optional authenticator. -*/ -krb5_error_code -kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, - /* OUT */ krb5_data **enc_ticketp, - /* UPDATE */ krb5_data *authenp, - /* OUT */ KSSL_ERR *kssl_err) - { - krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; - krb5_context krb5context = NULL; - krb5_auth_context krb5auth_context = NULL; - krb5_ccache krb5ccdef = NULL; - krb5_creds krb5creds, *krb5credsp = NULL; - krb5_data krb5_app_req; - - kssl_err_set(kssl_err, 0, ""); - memset((char *)&krb5creds, 0, sizeof(krb5creds)); - - if (!kssl_ctx) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "No kssl_ctx defined.\n"); - goto err; - } - else if (!kssl_ctx->service_host) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "kssl_ctx service_host undefined.\n"); - goto err; - } - - if ((krb5rc = krb5_init_context(&krb5context)) != 0) - { - BIO_snprintf(kssl_err->text,KSSL_ERR_MAX, - "krb5_init_context() fails: %d\n", krb5rc); - kssl_err->reason = SSL_R_KRB5_C_INIT; - goto err; - } - - if ((krb5rc = krb5_sname_to_principal(krb5context, - kssl_ctx->service_host, - (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC, - KRB5_NT_SRV_HST, &krb5creds.server)) != 0) - { - BIO_snprintf(kssl_err->text,KSSL_ERR_MAX, - "krb5_sname_to_principal() fails for %s/%s\n", - kssl_ctx->service_host, - (kssl_ctx->service_name)? kssl_ctx->service_name: - KRB5SVC); - kssl_err->reason = SSL_R_KRB5_C_INIT; - goto err; - } - - if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0) - { - kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC, - "krb5_cc_default fails.\n"); - goto err; - } - - if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef, - &krb5creds.client)) != 0) - { - kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC, - "krb5_cc_get_principal() fails.\n"); - goto err; - } - - if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef, - &krb5creds, &krb5credsp)) != 0) - { - kssl_err_set(kssl_err, SSL_R_KRB5_C_GET_CRED, - "krb5_get_credentials() fails.\n"); - goto err; - } - - *enc_ticketp = &krb5credsp->ticket; -#ifdef KRB5_HEIMDAL - kssl_ctx->enctype = krb5credsp->session.keytype; -#else - kssl_ctx->enctype = krb5credsp->keyblock.enctype; -#endif - - krb5rc = KRB5KRB_ERR_GENERIC; - /* caller should free data of krb5_app_req */ - /* 20010406 VRS deleted for real KerberosWrapper - ** 20010605 VRS reinstated to offer Authenticator to KerberosWrapper - */ - krb5_app_req.length = 0; - if (authenp) - { - krb5_data krb5in_data; - const unsigned char *p; - long arlen; - KRB5_APREQBODY *ap_req; - - authenp->length = 0; - krb5in_data.data = NULL; - krb5in_data.length = 0; - if ((krb5rc = krb5_mk_req_extended(krb5context, - &krb5auth_context, 0, &krb5in_data, krb5credsp, - &krb5_app_req)) != 0) - { - kssl_err_set(kssl_err, SSL_R_KRB5_C_MK_REQ, - "krb5_mk_req_extended() fails.\n"); - goto err; - } - - arlen = krb5_app_req.length; - p = (unsigned char *)krb5_app_req.data; - ap_req = (KRB5_APREQBODY *) d2i_KRB5_APREQ(NULL, &p, arlen); - if (ap_req) - { - authenp->length = i2d_KRB5_ENCDATA( - ap_req->authenticator, NULL); - if (authenp->length && - (authenp->data = malloc(authenp->length))) - { - unsigned char *adp = (unsigned char *)authenp->data; - authenp->length = i2d_KRB5_ENCDATA( - ap_req->authenticator, &adp); - } - } - - if (ap_req) KRB5_APREQ_free((KRB5_APREQ *) ap_req); - if (krb5_app_req.length) - kssl_krb5_free_data_contents(krb5context,&krb5_app_req); - } -#ifdef KRB5_HEIMDAL - if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->session)) - { - kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT, - "kssl_ctx_setkey() fails.\n"); - } -#else - if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->keyblock)) - { - kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT, - "kssl_ctx_setkey() fails.\n"); - } -#endif - else krb5rc = 0; - - err: -#ifdef KSSL_DEBUG - kssl_ctx_show(kssl_ctx); -#endif /* KSSL_DEBUG */ - - if (krb5creds.client) krb5_free_principal(krb5context, - krb5creds.client); - if (krb5creds.server) krb5_free_principal(krb5context, - krb5creds.server); - if (krb5auth_context) krb5_auth_con_free(krb5context, - krb5auth_context); - if (krb5context) krb5_free_context(krb5context); - return (krb5rc); - } - - -/* Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket. -** Return Kerberos error code and kssl_err struct on error. -** Allocates krb5_ticket and krb5_principal; caller should free these. -** -** 20010410 VRS Implemented krb5_decode_ticket() as -** old_krb5_decode_ticket(). Missing from MIT1.0.6. -** 20010615 VRS Re-cast as openssl/asn1 d2i_*() functions. -** Re-used some of the old krb5_decode_ticket() -** code here. This tkt should alloc/free just -** like the real thing. -*/ -static krb5_error_code -kssl_TKT2tkt( /* IN */ krb5_context krb5context, - /* IN */ KRB5_TKTBODY *asn1ticket, - /* OUT */ krb5_ticket **krb5ticket, - /* OUT */ KSSL_ERR *kssl_err ) - { - krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; - krb5_ticket *new5ticket = NULL; - ASN1_GENERALSTRING *gstr_svc, *gstr_host; - - *krb5ticket = NULL; - - if (asn1ticket == NULL || asn1ticket->realm == NULL || - asn1ticket->sname == NULL || - sk_ASN1_GENERALSTRING_num(asn1ticket->sname->namestring) < 2) - { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "Null field in asn1ticket.\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - return KRB5KRB_ERR_GENERIC; - } - - if ((new5ticket = (krb5_ticket *) calloc(1, sizeof(krb5_ticket)))==NULL) - { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "Unable to allocate new krb5_ticket.\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - return ENOMEM; /* or KRB5KRB_ERR_GENERIC; */ - } - - gstr_svc = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 0); - gstr_host = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 1); - - if ((krb5rc = kssl_build_principal_2(krb5context, - &new5ticket->server, - asn1ticket->realm->length, (char *)asn1ticket->realm->data, - gstr_svc->length, (char *)gstr_svc->data, - gstr_host->length, (char *)gstr_host->data)) != 0) - { - free(new5ticket); - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "Error building ticket server principal.\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - return krb5rc; /* or KRB5KRB_ERR_GENERIC; */ - } - - krb5_princ_type(krb5context, new5ticket->server) = - asn1ticket->sname->nametype->data[0]; - new5ticket->enc_part.enctype = asn1ticket->encdata->etype->data[0]; - new5ticket->enc_part.kvno = asn1ticket->encdata->kvno->data[0]; - new5ticket->enc_part.ciphertext.length = - asn1ticket->encdata->cipher->length; - if ((new5ticket->enc_part.ciphertext.data = - calloc(1, asn1ticket->encdata->cipher->length)) == NULL) - { - free(new5ticket); - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "Error allocating cipher in krb5ticket.\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - return KRB5KRB_ERR_GENERIC; - } - else - { - memcpy(new5ticket->enc_part.ciphertext.data, - asn1ticket->encdata->cipher->data, - asn1ticket->encdata->cipher->length); - } - - *krb5ticket = new5ticket; - return 0; - } - - -/* Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"), -** and krb5 AP_REQ message & message length, -** Return Kerberos session key and client principle -** to SSL Server in KSSL_CTX *kssl_ctx. -** -** 19990702 VRS Started. -*/ -krb5_error_code -kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, - /* IN */ krb5_data *indata, - /* OUT */ krb5_ticket_times *ttimes, - /* OUT */ KSSL_ERR *kssl_err ) - { - krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; - static krb5_context krb5context = NULL; - static krb5_auth_context krb5auth_context = NULL; - krb5_ticket *krb5ticket = NULL; - KRB5_TKTBODY *asn1ticket = NULL; - const unsigned char *p; - krb5_keytab krb5keytab = NULL; - krb5_keytab_entry kt_entry; - krb5_principal krb5server; - krb5_rcache rcache = NULL; - - kssl_err_set(kssl_err, 0, ""); - - if (!kssl_ctx) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "No kssl_ctx defined.\n"); - goto err; - } - -#ifdef KSSL_DEBUG - fprintf(stderr,"in kssl_sget_tkt(%s)\n", kstring(kssl_ctx->service_name)); -#endif /* KSSL_DEBUG */ - - if (!krb5context && (krb5rc = krb5_init_context(&krb5context))) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_init_context() fails.\n"); - goto err; - } - if (krb5auth_context && - (krb5rc = krb5_auth_con_free(krb5context, krb5auth_context))) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_auth_con_free() fails.\n"); - goto err; - } - else krb5auth_context = NULL; - if (!krb5auth_context && - (krb5rc = krb5_auth_con_init(krb5context, &krb5auth_context))) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_auth_con_init() fails.\n"); - goto err; - } - - - if ((krb5rc = krb5_auth_con_getrcache(krb5context, krb5auth_context, - &rcache))) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_auth_con_getrcache() fails.\n"); - goto err; - } - - if ((krb5rc = krb5_sname_to_principal(krb5context, NULL, - (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC, - KRB5_NT_SRV_HST, &krb5server)) != 0) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_sname_to_principal() fails.\n"); - goto err; - } - - if (rcache == NULL) - { - if ((krb5rc = krb5_get_server_rcache(krb5context, - krb5_princ_component(krb5context, krb5server, 0), - &rcache))) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_get_server_rcache() fails.\n"); - goto err; - } - } - - if ((krb5rc = krb5_auth_con_setrcache(krb5context, krb5auth_context, rcache))) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_auth_con_setrcache() fails.\n"); - goto err; - } - - - /* kssl_ctx->keytab_file == NULL ==> use Kerberos default - */ - if (kssl_ctx->keytab_file) - { - krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file, - &krb5keytab); - if (krb5rc) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_kt_resolve() fails.\n"); - goto err; - } - } - else - { - krb5rc = krb5_kt_default(krb5context,&krb5keytab); - if (krb5rc) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_kt_default() fails.\n"); - goto err; - } - } - - /* Actual Kerberos5 krb5_recvauth() has initial conversation here - ** o check KRB5_SENDAUTH_BADAUTHVERS - ** unless KRB5_RECVAUTH_SKIP_VERSION - ** o check KRB5_SENDAUTH_BADAPPLVERS - ** o send "0" msg if all OK - */ - - /* 20010411 was using AP_REQ instead of true KerberosWrapper - ** - ** if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context, - ** &krb5in_data, krb5server, krb5keytab, - ** &ap_option, &krb5ticket)) != 0) { Error } - */ - - p = (unsigned char *)indata->data; - if ((asn1ticket = (KRB5_TKTBODY *) d2i_KRB5_TICKET(NULL, &p, - (long) indata->length)) == NULL) - { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "d2i_KRB5_TICKET() ASN.1 decode failure.\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - goto err; - } - - /* Was: krb5rc = krb5_decode_ticket(krb5in_data,&krb5ticket)) != 0) */ - if ((krb5rc = kssl_TKT2tkt(krb5context, asn1ticket, &krb5ticket, - kssl_err)) != 0) - { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "Error converting ASN.1 ticket to krb5_ticket.\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - goto err; - } - - if (! krb5_principal_compare(krb5context, krb5server, - krb5ticket->server)) { - krb5rc = KRB5_PRINC_NOMATCH; - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "server principal != ticket principal\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - goto err; - } - if ((krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, - krb5ticket->server, krb5ticket->enc_part.kvno, - krb5ticket->enc_part.enctype, &kt_entry)) != 0) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "krb5_kt_get_entry() fails with %x.\n", krb5rc); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - goto err; - } - if ((krb5rc = krb5_decrypt_tkt_part(krb5context, &kt_entry.key, - krb5ticket)) != 0) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "krb5_decrypt_tkt_part() failed.\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - goto err; - } - else { - krb5_kt_free_entry(krb5context, &kt_entry); -#ifdef KSSL_DEBUG - { - int i; krb5_address **paddr = krb5ticket->enc_part2->caddrs; - fprintf(stderr,"Decrypted ticket fields:\n"); - fprintf(stderr,"\tflags: %X, transit-type: %X", - krb5ticket->enc_part2->flags, - krb5ticket->enc_part2->transited.tr_type); - print_krb5_data("\ttransit-data: ", - &(krb5ticket->enc_part2->transited.tr_contents)); - fprintf(stderr,"\tcaddrs: %p, authdata: %p\n", - krb5ticket->enc_part2->caddrs, - krb5ticket->enc_part2->authorization_data); - if (paddr) - { - fprintf(stderr,"\tcaddrs:\n"); - for (i=0; paddr[i] != NULL; i++) - { - krb5_data d; - d.length=paddr[i]->length; - d.data=paddr[i]->contents; - print_krb5_data("\t\tIP: ", &d); - } - } - fprintf(stderr,"\tstart/auth/end times: %d / %d / %d\n", - krb5ticket->enc_part2->times.starttime, - krb5ticket->enc_part2->times.authtime, - krb5ticket->enc_part2->times.endtime); - } -#endif /* KSSL_DEBUG */ - } - - krb5rc = KRB5_NO_TKT_SUPPLIED; - if (!krb5ticket || !krb5ticket->enc_part2 || - !krb5ticket->enc_part2->client || - !krb5ticket->enc_part2->client->data || - !krb5ticket->enc_part2->session) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, - "bad ticket from krb5_rd_req.\n"); - } - else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT, - &krb5ticket->enc_part2->client->realm, - krb5ticket->enc_part2->client->data, - krb5ticket->enc_part2->client->length)) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, - "kssl_ctx_setprinc() fails.\n"); - } - else if (kssl_ctx_setkey(kssl_ctx, krb5ticket->enc_part2->session)) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, - "kssl_ctx_setkey() fails.\n"); - } - else if (krb5ticket->enc_part2->flags & TKT_FLG_INVALID) - { - krb5rc = KRB5KRB_AP_ERR_TKT_INVALID; - kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, - "invalid ticket from krb5_rd_req.\n"); - } - else krb5rc = 0; - - kssl_ctx->enctype = krb5ticket->enc_part.enctype; - ttimes->authtime = krb5ticket->enc_part2->times.authtime; - ttimes->starttime = krb5ticket->enc_part2->times.starttime; - ttimes->endtime = krb5ticket->enc_part2->times.endtime; - ttimes->renew_till = krb5ticket->enc_part2->times.renew_till; - - err: -#ifdef KSSL_DEBUG - kssl_ctx_show(kssl_ctx); -#endif /* KSSL_DEBUG */ - - if (asn1ticket) KRB5_TICKET_free((KRB5_TICKET *) asn1ticket); - if (krb5keytab) krb5_kt_close(krb5context, krb5keytab); - if (krb5ticket) krb5_free_ticket(krb5context, krb5ticket); - if (krb5server) krb5_free_principal(krb5context, krb5server); - return (krb5rc); - } - - -/* Allocate & return a new kssl_ctx struct. -*/ -KSSL_CTX * -kssl_ctx_new(void) - { - return ((KSSL_CTX *) kssl_calloc(1, sizeof(KSSL_CTX))); - } - - -/* Frees a kssl_ctx struct and any allocated memory it holds. -** Returns NULL. -*/ -KSSL_CTX * -kssl_ctx_free(KSSL_CTX *kssl_ctx) - { - if (kssl_ctx == NULL) return kssl_ctx; - - if (kssl_ctx->key) OPENSSL_cleanse(kssl_ctx->key, - kssl_ctx->length); - if (kssl_ctx->key) kssl_free(kssl_ctx->key); - if (kssl_ctx->client_princ) kssl_free(kssl_ctx->client_princ); - if (kssl_ctx->service_host) kssl_free(kssl_ctx->service_host); - if (kssl_ctx->service_name) kssl_free(kssl_ctx->service_name); - if (kssl_ctx->keytab_file) kssl_free(kssl_ctx->keytab_file); - - kssl_free(kssl_ctx); - return (KSSL_CTX *) NULL; - } - - -/* Given an array of (krb5_data *) entity (and optional realm), -** set the plain (char *) client_princ or service_host member -** of the kssl_ctx struct. -*/ -krb5_error_code -kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, - krb5_data *realm, krb5_data *entity, int nentities) - { - char **princ; - int length; - int i; - - if (kssl_ctx == NULL || entity == NULL) return KSSL_CTX_ERR; - - switch (which) - { - case KSSL_CLIENT: princ = &kssl_ctx->client_princ; break; - case KSSL_SERVER: princ = &kssl_ctx->service_host; break; - default: return KSSL_CTX_ERR; break; - } - if (*princ) kssl_free(*princ); - - /* Add up all the entity->lengths */ - length = 0; - for (i=0; i < nentities; i++) - { - length += entity[i].length; - } - /* Add in space for the '/' character(s) (if any) */ - length += nentities-1; - /* Space for the ('@'+realm+NULL | NULL) */ - length += ((realm)? realm->length + 2: 1); - - if ((*princ = kssl_calloc(1, length)) == NULL) - return KSSL_CTX_ERR; - else - { - for (i = 0; i < nentities; i++) - { - strncat(*princ, entity[i].data, entity[i].length); - if (i < nentities-1) - { - strcat (*princ, "/"); - } - } - if (realm) - { - strcat (*princ, "@"); - (void) strncat(*princ, realm->data, realm->length); - } - } - - return KSSL_CTX_OK; - } - - -/* Set one of the plain (char *) string members of the kssl_ctx struct. -** Default values should be: -** which == KSSL_SERVICE => "khost" (KRB5SVC) -** which == KSSL_KEYTAB => "/etc/krb5.keytab" (KRB5KEYTAB) -*/ -krb5_error_code -kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text) - { - char **string; - - if (!kssl_ctx) return KSSL_CTX_ERR; - - switch (which) - { - case KSSL_SERVICE: string = &kssl_ctx->service_name; break; - case KSSL_SERVER: string = &kssl_ctx->service_host; break; - case KSSL_CLIENT: string = &kssl_ctx->client_princ; break; - case KSSL_KEYTAB: string = &kssl_ctx->keytab_file; break; - default: return KSSL_CTX_ERR; break; - } - if (*string) kssl_free(*string); - - if (!text) - { - *string = '\0'; - return KSSL_CTX_OK; - } - - if ((*string = kssl_calloc(1, strlen(text) + 1)) == NULL) - return KSSL_CTX_ERR; - else - strcpy(*string, text); - - return KSSL_CTX_OK; - } - - -/* Copy the Kerberos session key from a (krb5_keyblock *) to a kssl_ctx -** struct. Clear kssl_ctx->key if Kerberos session key is NULL. -*/ -krb5_error_code -kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session) - { - int length; - krb5_enctype enctype; - krb5_octet FAR *contents = NULL; - - if (!kssl_ctx) return KSSL_CTX_ERR; - - if (kssl_ctx->key) - { - OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length); - kssl_free(kssl_ctx->key); - } - - if (session) - { - -#ifdef KRB5_HEIMDAL - length = session->keyvalue->length; - enctype = session->keytype; - contents = session->keyvalue->contents; -#else - length = session->length; - enctype = session->enctype; - contents = session->contents; -#endif - kssl_ctx->enctype = enctype; - kssl_ctx->length = length; - } - else - { - kssl_ctx->enctype = ENCTYPE_UNKNOWN; - kssl_ctx->length = 0; - return KSSL_CTX_OK; - } - - if ((kssl_ctx->key = - (krb5_octet FAR *) kssl_calloc(1, kssl_ctx->length)) == NULL) - { - kssl_ctx->length = 0; - return KSSL_CTX_ERR; - } - else - memcpy(kssl_ctx->key, contents, length); - - return KSSL_CTX_OK; - } - - -/* Display contents of kssl_ctx struct -*/ -void -kssl_ctx_show(KSSL_CTX *kssl_ctx) - { - int i; - - printf("kssl_ctx: "); - if (kssl_ctx == NULL) - { - printf("NULL\n"); - return; - } - else - printf("%p\n", (void *)kssl_ctx); - - printf("\tservice:\t%s\n", - (kssl_ctx->service_name)? kssl_ctx->service_name: "NULL"); - printf("\tclient:\t%s\n", - (kssl_ctx->client_princ)? kssl_ctx->client_princ: "NULL"); - printf("\tserver:\t%s\n", - (kssl_ctx->service_host)? kssl_ctx->service_host: "NULL"); - printf("\tkeytab:\t%s\n", - (kssl_ctx->keytab_file)? kssl_ctx->keytab_file: "NULL"); - printf("\tkey [%d:%d]:\t", - kssl_ctx->enctype, kssl_ctx->length); - - for (i=0; i < kssl_ctx->length && kssl_ctx->key; i++) - { - printf("%02x", kssl_ctx->key[i]); - } - printf("\n"); - return; - } - - int - kssl_keytab_is_available(KSSL_CTX *kssl_ctx) -{ - krb5_context krb5context = NULL; - krb5_keytab krb5keytab = NULL; - krb5_keytab_entry entry; - krb5_principal princ = NULL; - krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; - int rc = 0; - - if ((krb5rc = krb5_init_context(&krb5context))) - return(0); - - /* kssl_ctx->keytab_file == NULL ==> use Kerberos default - */ - if (kssl_ctx->keytab_file) - { - krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file, - &krb5keytab); - if (krb5rc) - goto exit; - } - else - { - krb5rc = krb5_kt_default(krb5context,&krb5keytab); - if (krb5rc) - goto exit; - } - - /* the host key we are looking for */ - krb5rc = krb5_sname_to_principal(krb5context, NULL, - kssl_ctx->service_name ? kssl_ctx->service_name: KRB5SVC, - KRB5_NT_SRV_HST, &princ); - - if (krb5rc) - goto exit; - - krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, - princ, - 0 /* IGNORE_VNO */, - 0 /* IGNORE_ENCTYPE */, - &entry); - if ( krb5rc == KRB5_KT_NOTFOUND ) { - rc = 1; - goto exit; - } else if ( krb5rc ) - goto exit; - - krb5_kt_free_entry(krb5context, &entry); - rc = 1; - - exit: - if (krb5keytab) krb5_kt_close(krb5context, krb5keytab); - if (princ) krb5_free_principal(krb5context, princ); - if (krb5context) krb5_free_context(krb5context); - return(rc); -} - -int -kssl_tgt_is_available(KSSL_CTX *kssl_ctx) - { - krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; - krb5_context krb5context = NULL; - krb5_ccache krb5ccdef = NULL; - krb5_creds krb5creds, *krb5credsp = NULL; - int rc = 0; - - memset((char *)&krb5creds, 0, sizeof(krb5creds)); - - if (!kssl_ctx) - return(0); - - if (!kssl_ctx->service_host) - return(0); - - if ((krb5rc = krb5_init_context(&krb5context)) != 0) - goto err; - - if ((krb5rc = krb5_sname_to_principal(krb5context, - kssl_ctx->service_host, - (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC, - KRB5_NT_SRV_HST, &krb5creds.server)) != 0) - goto err; - - if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0) - goto err; - - if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef, - &krb5creds.client)) != 0) - goto err; - - if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef, - &krb5creds, &krb5credsp)) != 0) - goto err; - - rc = 1; - - err: -#ifdef KSSL_DEBUG - kssl_ctx_show(kssl_ctx); -#endif /* KSSL_DEBUG */ - - if (krb5creds.client) krb5_free_principal(krb5context, krb5creds.client); - if (krb5creds.server) krb5_free_principal(krb5context, krb5creds.server); - if (krb5context) krb5_free_context(krb5context); - return(rc); - } - -#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WIN32) -void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data) - { -#ifdef KRB5_HEIMDAL - data->length = 0; - if (data->data) - free(data->data); -#elif defined(KRB5_MIT_OLD11) - if (data->data) { - krb5_xfree(data->data); - data->data = 0; - } -#else - krb5_free_data_contents(NULL, data); -#endif - } -#endif /* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */ - - -/* Given pointers to KerberosTime and struct tm structs, convert the -** KerberosTime string to struct tm. Note that KerberosTime is a -** ASN1_GENERALIZEDTIME value, constrained to GMT with no fractional -** seconds as defined in RFC 1510. -** Return pointer to the (partially) filled in struct tm on success, -** return NULL on failure. -*/ -static struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm) - { - char c, *p; - - if (!k_tm) return NULL; - if (gtime == NULL || gtime->length < 14) return NULL; - if (gtime->data == NULL) return NULL; - - p = (char *)>ime->data[14]; - - c = *p; *p = '\0'; p -= 2; k_tm->tm_sec = atoi(p); *(p+2) = c; - c = *p; *p = '\0'; p -= 2; k_tm->tm_min = atoi(p); *(p+2) = c; - c = *p; *p = '\0'; p -= 2; k_tm->tm_hour = atoi(p); *(p+2) = c; - c = *p; *p = '\0'; p -= 2; k_tm->tm_mday = atoi(p); *(p+2) = c; - c = *p; *p = '\0'; p -= 2; k_tm->tm_mon = atoi(p)-1; *(p+2) = c; - c = *p; *p = '\0'; p -= 4; k_tm->tm_year = atoi(p)-1900; *(p+4) = c; - - return k_tm; - } - - -/* Helper function for kssl_validate_times(). -** We need context->clockskew, but krb5_context is an opaque struct. -** So we try to sneek the clockskew out through the replay cache. -** If that fails just return a likely default (300 seconds). -*/ -static krb5_deltat get_rc_clockskew(krb5_context context) - { - krb5_rcache rc; - krb5_deltat clockskew; - - if (krb5_rc_default(context, &rc)) return KSSL_CLOCKSKEW; - if (krb5_rc_initialize(context, rc, 0)) return KSSL_CLOCKSKEW; - if (krb5_rc_get_lifespan(context, rc, &clockskew)) { - clockskew = KSSL_CLOCKSKEW; - } - (void) krb5_rc_destroy(context, rc); - return clockskew; - } - - -/* kssl_validate_times() combines (and more importantly exposes) -** the MIT KRB5 internal function krb5_validate_times() and the -** in_clock_skew() macro. The authenticator client time is checked -** to be within clockskew secs of the current time and the current -** time is checked to be within the ticket start and expire times. -** Either check may be omitted by supplying a NULL value. -** Returns 0 for valid times, SSL_R_KRB5* error codes otherwise. -** See Also: (Kerberos source)/krb5/lib/krb5/krb/valid_times.c -** 20010420 VRS -*/ -krb5_error_code kssl_validate_times( krb5_timestamp atime, - krb5_ticket_times *ttimes) - { - krb5_deltat skew; - krb5_timestamp start, now; - krb5_error_code rc; - krb5_context context; - - if ((rc = krb5_init_context(&context))) return SSL_R_KRB5_S_BAD_TICKET; - skew = get_rc_clockskew(context); - if ((rc = krb5_timeofday(context,&now))) return SSL_R_KRB5_S_BAD_TICKET; - krb5_free_context(context); - - if (atime && labs(atime - now) >= skew) return SSL_R_KRB5_S_TKT_SKEW; - - if (! ttimes) return 0; - - start = (ttimes->starttime != 0)? ttimes->starttime: ttimes->authtime; - if (start - now > skew) return SSL_R_KRB5_S_TKT_NYV; - if ((now - ttimes->endtime) > skew) return SSL_R_KRB5_S_TKT_EXPIRED; - -#ifdef KSSL_DEBUG - fprintf(stderr,"kssl_validate_times: %d |<- | %d - %d | < %d ->| %d\n", - start, atime, now, skew, ttimes->endtime); -#endif /* KSSL_DEBUG */ - - return 0; - } - - -/* Decode and decrypt given DER-encoded authenticator, then pass -** authenticator ctime back in *atimep (or 0 if time unavailable). -** Returns krb5_error_code and kssl_err on error. A NULL -** authenticator (authentp->length == 0) is not considered an error. -** Note that kssl_check_authent() makes use of the KRB5 session key; -** you must call kssl_sget_tkt() to get the key before calling this routine. -*/ -krb5_error_code kssl_check_authent( - /* IN */ KSSL_CTX *kssl_ctx, - /* IN */ krb5_data *authentp, - /* OUT */ krb5_timestamp *atimep, - /* OUT */ KSSL_ERR *kssl_err ) - { - krb5_error_code krb5rc = 0; - KRB5_ENCDATA *dec_authent = NULL; - KRB5_AUTHENTBODY *auth = NULL; - krb5_enctype enctype; - EVP_CIPHER_CTX ciph_ctx; - const EVP_CIPHER *enc = NULL; - unsigned char iv[EVP_MAX_IV_LENGTH]; - const unsigned char *p; - unsigned char *unenc_authent; - int outl, unencbufsize; - struct tm tm_time, *tm_l, *tm_g; - time_t now, tl, tg, tr, tz_offset; - - EVP_CIPHER_CTX_init(&ciph_ctx); - *atimep = 0; - kssl_err_set(kssl_err, 0, ""); - -#ifndef KRB5CHECKAUTH - authentp = NULL; -#else -#if KRB5CHECKAUTH == 0 - authentp = NULL; -#endif -#endif /* KRB5CHECKAUTH */ - - if (authentp == NULL || authentp->length == 0) return 0; - -#ifdef KSSL_DEBUG - { - unsigned int ui; - fprintf(stderr,"kssl_check_authent: authenticator[%d]:\n",authentp->length); - p = authentp->data; - for (ui=0; ui < authentp->length; ui++) fprintf(stderr,"%02x ",p[ui]); - fprintf(stderr,"\n"); - } -#endif /* KSSL_DEBUG */ - - unencbufsize = 2 * authentp->length; - if ((unenc_authent = calloc(1, unencbufsize)) == NULL) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "Unable to allocate authenticator buffer.\n"); - krb5rc = KRB5KRB_ERR_GENERIC; - goto err; - } - - p = (unsigned char *)authentp->data; - if ((dec_authent = d2i_KRB5_ENCDATA(NULL, &p, - (long) authentp->length)) == NULL) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "Error decoding authenticator.\n"); - krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto err; - } - - enctype = dec_authent->etype->data[0]; /* should = kssl_ctx->enctype */ -#if !defined(KRB5_MIT_OLD11) - switch ( enctype ) { - case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */ - case ENCTYPE_DES3_CBC_SHA: - case ENCTYPE_DES3_CBC_RAW: - krb5rc = 0; /* Skip, can't handle derived keys */ - goto err; - } -#endif - enc = kssl_map_enc(enctype); - memset(iv, 0, sizeof iv); /* per RFC 1510 */ - - if (enc == NULL) - { - /* Disable kssl_check_authent for ENCTYPE_DES3_CBC_SHA1. - ** This enctype indicates the authenticator was encrypted - ** using key-usage derived keys which openssl cannot decrypt. - */ - goto err; - } - - if (!EVP_CipherInit(&ciph_ctx,enc,kssl_ctx->key,iv,0)) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "EVP_CipherInit error decrypting authenticator.\n"); - krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto err; - } - outl = dec_authent->cipher->length; - if (!EVP_Cipher(&ciph_ctx,unenc_authent,dec_authent->cipher->data,outl)) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "EVP_Cipher error decrypting authenticator.\n"); - krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto err; - } - EVP_CIPHER_CTX_cleanup(&ciph_ctx); - -#ifdef KSSL_DEBUG - { - int padl; - fprintf(stderr,"kssl_check_authent: decrypted authenticator[%d] =\n", outl); - for (padl=0; padl < outl; padl++) fprintf(stderr,"%02x ",unenc_authent[padl]); - fprintf(stderr,"\n"); - } -#endif /* KSSL_DEBUG */ - - if ((p = kssl_skip_confound(enctype, unenc_authent)) == NULL) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "confounded by authenticator.\n"); - krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto err; - } - outl -= p - unenc_authent; - - if ((auth = (KRB5_AUTHENTBODY *) d2i_KRB5_AUTHENT(NULL, &p, - (long) outl))==NULL) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "Error decoding authenticator body.\n"); - krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto err; - } - - memset(&tm_time,0,sizeof(struct tm)); - if (k_gmtime(auth->ctime, &tm_time) && - ((tr = mktime(&tm_time)) != (time_t)(-1))) - { - now = time(&now); - tm_l = localtime(&now); tl = mktime(tm_l); - tm_g = gmtime(&now); tg = mktime(tm_g); - tz_offset = tg - tl; - - *atimep = (krb5_timestamp)(tr - tz_offset); - } - -#ifdef KSSL_DEBUG - fprintf(stderr,"kssl_check_authent: returns %d for client time ", *atimep); - if (auth && auth->ctime && auth->ctime->length && auth->ctime->data) - fprintf(stderr,"%.*s\n", auth->ctime->length, auth->ctime->data); - else fprintf(stderr,"NULL\n"); -#endif /* KSSL_DEBUG */ - - err: - if (auth) KRB5_AUTHENT_free((KRB5_AUTHENT *) auth); - if (dec_authent) KRB5_ENCDATA_free(dec_authent); - if (unenc_authent) free(unenc_authent); - EVP_CIPHER_CTX_cleanup(&ciph_ctx); - return krb5rc; - } - - -/* Replaces krb5_build_principal_ext(), with varargs length == 2 (svc, host), -** because I dont't know how to stub varargs. -** Returns krb5_error_code == ENOMEM on alloc error, otherwise -** passes back newly constructed principal, which should be freed by caller. -*/ -krb5_error_code kssl_build_principal_2( - /* UPDATE */ krb5_context context, - /* OUT */ krb5_principal *princ, - /* IN */ int rlen, const char *realm, - /* IN */ int slen, const char *svc, - /* IN */ int hlen, const char *host) - { - krb5_data *p_data = NULL; - krb5_principal new_p = NULL; - char *new_r = NULL; - - if ((p_data = (krb5_data *) calloc(2, sizeof(krb5_data))) == NULL || - (new_p = (krb5_principal) calloc(1, sizeof(krb5_principal_data))) - == NULL) goto err; - new_p->length = 2; - new_p->data = p_data; - - if ((new_r = calloc(1, rlen + 1)) == NULL) goto err; - memcpy(new_r, realm, rlen); - krb5_princ_set_realm_length(context, new_p, rlen); - krb5_princ_set_realm_data(context, new_p, new_r); - - if ((new_p->data[0].data = calloc(1, slen + 1)) == NULL) goto err; - memcpy(new_p->data[0].data, svc, slen); - new_p->data[0].length = slen; - - if ((new_p->data[1].data = calloc(1, hlen + 1)) == NULL) goto err; - memcpy(new_p->data[1].data, host, hlen); - new_p->data[1].length = hlen; - - krb5_princ_type(context, new_p) = KRB5_NT_UNKNOWN; - *princ = new_p; - return 0; - - err: - if (new_p && new_p[0].data) free(new_p[0].data); - if (new_p && new_p[1].data) free(new_p[1].data); - if (new_p) free(new_p); - if (new_r) free(new_r); - return ENOMEM; - } - -void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx) - { - s->kssl_ctx = kctx; - } - -KSSL_CTX * SSL_get0_kssl_ctx(SSL *s) - { - return s->kssl_ctx; - } - -char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx) - { - if (kctx) - return kctx->client_princ; - return NULL; - } - -#else /* !OPENSSL_NO_KRB5 */ - -#if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS) -static void *dummy=&dummy; -#endif - -#endif /* !OPENSSL_NO_KRB5 */ - diff --git a/main/openssl/ssl/kssl.h b/main/openssl/ssl/kssl.h deleted file mode 100644 index e4df8430..00000000 --- a/main/openssl/ssl/kssl.h +++ /dev/null @@ -1,192 +0,0 @@ -/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */ -/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000. - * project 2000. - */ -/* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* -** 19990701 VRS Started. -*/ - -#ifndef KSSL_H -#define KSSL_H - -#include <openssl/opensslconf.h> - -#ifndef OPENSSL_NO_KRB5 - -#include <stdio.h> -#include <ctype.h> -#include <krb5.h> -#ifdef OPENSSL_SYS_WIN32 -/* These can sometimes get redefined indirectly by krb5 header files - * after they get undefed in ossl_typ.h - */ -#undef X509_NAME -#undef X509_EXTENSIONS -#undef OCSP_REQUEST -#undef OCSP_RESPONSE -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* -** Depending on which KRB5 implementation used, some types from -** the other may be missing. Resolve that here and now -*/ -#ifdef KRB5_HEIMDAL -typedef unsigned char krb5_octet; -#define FAR -#else - -#ifndef FAR -#define FAR -#endif - -#endif - -/* Uncomment this to debug kssl problems or -** to trace usage of the Kerberos session key -** -** #define KSSL_DEBUG -*/ - -#ifndef KRB5SVC -#define KRB5SVC "host" -#endif - -#ifndef KRB5KEYTAB -#define KRB5KEYTAB "/etc/krb5.keytab" -#endif - -#ifndef KRB5SENDAUTH -#define KRB5SENDAUTH 1 -#endif - -#ifndef KRB5CHECKAUTH -#define KRB5CHECKAUTH 1 -#endif - -#ifndef KSSL_CLOCKSKEW -#define KSSL_CLOCKSKEW 300; -#endif - -#define KSSL_ERR_MAX 255 -typedef struct kssl_err_st { - int reason; - char text[KSSL_ERR_MAX+1]; - } KSSL_ERR; - - -/* Context for passing -** (1) Kerberos session key to SSL, and -** (2) Config data between application and SSL lib -*/ -typedef struct kssl_ctx_st - { - /* used by: disposition: */ - char *service_name; /* C,S default ok (kssl) */ - char *service_host; /* C input, REQUIRED */ - char *client_princ; /* S output from krb5 ticket */ - char *keytab_file; /* S NULL (/etc/krb5.keytab) */ - char *cred_cache; /* C NULL (default) */ - krb5_enctype enctype; - int length; - krb5_octet FAR *key; - } KSSL_CTX; - -#define KSSL_CLIENT 1 -#define KSSL_SERVER 2 -#define KSSL_SERVICE 3 -#define KSSL_KEYTAB 4 - -#define KSSL_CTX_OK 0 -#define KSSL_CTX_ERR 1 -#define KSSL_NOMEM 2 - -/* Public (for use by applications that use OpenSSL with Kerberos 5 support */ -krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text); -KSSL_CTX *kssl_ctx_new(void); -KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); -void kssl_ctx_show(KSSL_CTX *kssl_ctx); -krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, - krb5_data *realm, krb5_data *entity, int nentities); -krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, - krb5_data *authenp, KSSL_ERR *kssl_err); -krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, - krb5_ticket_times *ttimes, KSSL_ERR *kssl_err); -krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session); -void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text); -void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data); -krb5_error_code kssl_build_principal_2(krb5_context context, - krb5_principal *princ, int rlen, const char *realm, - int slen, const char *svc, int hlen, const char *host); -krb5_error_code kssl_validate_times(krb5_timestamp atime, - krb5_ticket_times *ttimes); -krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp, - krb5_timestamp *atimep, KSSL_ERR *kssl_err); -unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn); - -void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx); -KSSL_CTX * SSL_get0_kssl_ctx(SSL *s); -char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx); - -#ifdef __cplusplus -} -#endif -#endif /* OPENSSL_NO_KRB5 */ -#endif /* KSSL_H */ diff --git a/main/openssl/ssl/kssl_lcl.h b/main/openssl/ssl/kssl_lcl.h deleted file mode 100644 index c039c91b..00000000 --- a/main/openssl/ssl/kssl_lcl.h +++ /dev/null @@ -1,87 +0,0 @@ -/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */ -/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000. - * project 2000. - */ -/* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef KSSL_LCL_H -#define KSSL_LCL_H - -#include <openssl/kssl.h> - -#ifndef OPENSSL_NO_KRB5 - -#ifdef __cplusplus -extern "C" { -#endif - -/* Private (internal to OpenSSL) */ -void print_krb5_data(char *label, krb5_data *kdata); -void print_krb5_authdata(char *label, krb5_authdata **adata); -void print_krb5_keyblock(char *label, krb5_keyblock *keyblk); - -char *kstring(char *string); -char *knumber(int len, krb5_octet *contents); - -const EVP_CIPHER *kssl_map_enc(krb5_enctype enctype); - -int kssl_keytab_is_available(KSSL_CTX *kssl_ctx); -int kssl_tgt_is_available(KSSL_CTX *kssl_ctx); - -#ifdef __cplusplus -} -#endif -#endif /* OPENSSL_NO_KRB5 */ -#endif /* KSSL_LCL_H */ diff --git a/main/openssl/ssl/s23_clnt.c b/main/openssl/ssl/s23_clnt.c deleted file mode 100644 index f02c275c..00000000 --- a/main/openssl/ssl/s23_clnt.c +++ /dev/null @@ -1,815 +0,0 @@ -/* ssl/s23_clnt.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <stdio.h> -#include "ssl_locl.h" -#include <openssl/buffer.h> -#include <openssl/rand.h> -#include <openssl/objects.h> -#include <openssl/evp.h> - -static const SSL_METHOD *ssl23_get_client_method(int ver); -static int ssl23_client_hello(SSL *s); -static int ssl23_get_server_hello(SSL *s); -static const SSL_METHOD *ssl23_get_client_method(int ver) - { -#ifndef OPENSSL_NO_SSL2 - if (ver == SSL2_VERSION) - return(SSLv2_client_method()); -#endif -#ifndef OPENSSL_NO_SSL3 - if (ver == SSL3_VERSION) - return(SSLv3_client_method()); -#endif - if (ver == TLS1_VERSION) - return(TLSv1_client_method()); - else if (ver == TLS1_1_VERSION) - return(TLSv1_1_client_method()); - else if (ver == TLS1_2_VERSION) - return(TLSv1_2_client_method()); - else - return(NULL); - } - -IMPLEMENT_ssl23_meth_func(SSLv23_client_method, - ssl_undefined_function, - ssl23_connect, - ssl23_get_client_method) - -int ssl23_connect(SSL *s) - { - BUF_MEM *buf=NULL; - unsigned long Time=(unsigned long)time(NULL); - void (*cb)(const SSL *ssl,int type,int val)=NULL; - int ret= -1; - int new_state,state; - - RAND_add(&Time,sizeof(Time),0); - ERR_clear_error(); - clear_sys_error(); - - if (s->info_callback != NULL) - cb=s->info_callback; - else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; - - s->in_handshake++; - if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); - - for (;;) - { - state=s->state; - - switch(s->state) - { - case SSL_ST_BEFORE: - case SSL_ST_CONNECT: - case SSL_ST_BEFORE|SSL_ST_CONNECT: - case SSL_ST_OK|SSL_ST_CONNECT: - - if (s->session != NULL) - { - SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE); - ret= -1; - goto end; - } - s->server=0; - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); - - /* s->version=TLS1_VERSION; */ - s->type=SSL_ST_CONNECT; - - if (s->init_buf == NULL) - { - if ((buf=BUF_MEM_new()) == NULL) - { - ret= -1; - goto end; - } - if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) - { - ret= -1; - goto end; - } - s->init_buf=buf; - buf=NULL; - } - - if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } - - ssl3_init_finished_mac(s); - - s->state=SSL23_ST_CW_CLNT_HELLO_A; - s->ctx->stats.sess_connect++; - s->init_num=0; - break; - - case SSL23_ST_CW_CLNT_HELLO_A: - case SSL23_ST_CW_CLNT_HELLO_B: - - s->shutdown=0; - ret=ssl23_client_hello(s); - if (ret <= 0) goto end; - s->state=SSL23_ST_CR_SRVR_HELLO_A; - s->init_num=0; - - break; - - case SSL23_ST_CR_SRVR_HELLO_A: - case SSL23_ST_CR_SRVR_HELLO_B: - ret=ssl23_get_server_hello(s); - if (ret >= 0) cb=NULL; - goto end; - /* break; */ - - default: - SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE); - ret= -1; - goto end; - /* break; */ - } - - if (s->debug) { (void)BIO_flush(s->wbio); } - - if ((cb != NULL) && (s->state != state)) - { - new_state=s->state; - s->state=state; - cb(s,SSL_CB_CONNECT_LOOP,1); - s->state=new_state; - } - } -end: - s->in_handshake--; - if (buf != NULL) - BUF_MEM_free(buf); - if (cb != NULL) - cb(s,SSL_CB_CONNECT_EXIT,ret); - return(ret); - } - -static int ssl23_no_ssl2_ciphers(SSL *s) - { - SSL_CIPHER *cipher; - STACK_OF(SSL_CIPHER) *ciphers; - int i; - ciphers = SSL_get_ciphers(s); - for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) - { - cipher = sk_SSL_CIPHER_value(ciphers, i); - if (cipher->algorithm_ssl == SSL_SSLV2) - return 0; - } - return 1; - } - -/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 - * on failure, 1 on success. */ -int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) - { - int send_time = 0; - - if (len < 4) - return 0; - if (server) - send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0; - else - send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0; - if (send_time) - { - unsigned long Time = (unsigned long)time(NULL); - unsigned char *p = result; - l2n(Time, p); - return RAND_pseudo_bytes(p, len-4); - } - else - return RAND_pseudo_bytes(result, len); - } - -static int ssl23_client_hello(SSL *s) - { - unsigned char *buf; - unsigned char *p,*d; - int i,ch_len; - unsigned long l; - int ssl2_compat; - int version = 0, version_major, version_minor; -#ifndef OPENSSL_NO_COMP - int j; - SSL_COMP *comp; -#endif - int ret; - unsigned long mask, options = s->options; - - ssl2_compat = (options & SSL_OP_NO_SSLv2) ? 0 : 1; - - if (ssl2_compat && ssl23_no_ssl2_ciphers(s)) - ssl2_compat = 0; - - /* - * SSL_OP_NO_X disables all protocols above X *if* there are - * some protocols below X enabled. This is required in order - * to maintain "version capability" vector contiguous. So - * that if application wants to disable TLS1.0 in favour of - * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the - * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. - */ - mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1 -#if !defined(OPENSSL_NO_SSL3) - |SSL_OP_NO_SSLv3 -#endif -#if !defined(OPENSSL_NO_SSL2) - |(ssl2_compat?SSL_OP_NO_SSLv2:0) -#endif - ; -#if !defined(OPENSSL_NO_TLS1_2_CLIENT) - version = TLS1_2_VERSION; - - if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask) - version = TLS1_1_VERSION; -#else - version = TLS1_1_VERSION; -#endif - mask &= ~SSL_OP_NO_TLSv1_1; - if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask) - version = TLS1_VERSION; - mask &= ~SSL_OP_NO_TLSv1; -#if !defined(OPENSSL_NO_SSL3) - if ((options & SSL_OP_NO_TLSv1) && (options & mask) != mask) - version = SSL3_VERSION; - mask &= ~SSL_OP_NO_SSLv3; -#endif -#if !defined(OPENSSL_NO_SSL2) - if ((options & SSL_OP_NO_SSLv3) && (options & mask) != mask) - version = SSL2_VERSION; -#endif - -#ifndef OPENSSL_NO_TLSEXT - if (version != SSL2_VERSION) - { - /* have to disable SSL 2.0 compatibility if we need TLS extensions */ - - if (s->tlsext_hostname != NULL) - ssl2_compat = 0; - if (s->tlsext_status_type != -1) - ssl2_compat = 0; -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL) - ssl2_compat = 0; -#endif - } -#endif - - buf=(unsigned char *)s->init_buf->data; - if (s->state == SSL23_ST_CW_CLNT_HELLO_A) - { -#if 0 - /* don't reuse session-id's */ - if (!ssl_get_new_session(s,0)) - { - return(-1); - } -#endif - - p=s->s3->client_random; - if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) - return -1; - - if (version == TLS1_2_VERSION) - { - version_major = TLS1_2_VERSION_MAJOR; - version_minor = TLS1_2_VERSION_MINOR; - } - else if (version == TLS1_1_VERSION) - { - version_major = TLS1_1_VERSION_MAJOR; - version_minor = TLS1_1_VERSION_MINOR; - } - else if (version == TLS1_VERSION) - { - version_major = TLS1_VERSION_MAJOR; - version_minor = TLS1_VERSION_MINOR; - } -#ifdef OPENSSL_FIPS - else if(FIPS_mode()) - { - SSLerr(SSL_F_SSL23_CLIENT_HELLO, - SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); - return -1; - } -#endif - else if (version == SSL3_VERSION) - { - version_major = SSL3_VERSION_MAJOR; - version_minor = SSL3_VERSION_MINOR; - } - else if (version == SSL2_VERSION) - { - version_major = SSL2_VERSION_MAJOR; - version_minor = SSL2_VERSION_MINOR; - } - else - { - SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE); - return(-1); - } - - s->client_version = version; - - if (ssl2_compat) - { - /* create SSL 2.0 compatible Client Hello */ - - /* two byte record header will be written last */ - d = &(buf[2]); - p = d + 9; /* leave space for message type, version, individual length fields */ - - *(d++) = SSL2_MT_CLIENT_HELLO; - *(d++) = version_major; - *(d++) = version_minor; - - /* Ciphers supported */ - i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0); - if (i == 0) - { - /* no ciphers */ - SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); - return -1; - } - s2n(i,d); - p+=i; - - /* put in the session-id length (zero since there is no reuse) */ -#if 0 - s->session->session_id_length=0; -#endif - s2n(0,d); - - if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) - ch_len=SSL2_CHALLENGE_LENGTH; - else - ch_len=SSL2_MAX_CHALLENGE_LENGTH; - - /* write out sslv2 challenge */ - /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), - because it is one of SSL2_MAX_CHALLENGE_LENGTH (32) - or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the - check in for futurproofing */ - if (SSL3_RANDOM_SIZE < ch_len) - i=SSL3_RANDOM_SIZE; - else - i=ch_len; - s2n(i,d); - memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); - if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0) - return -1; - - memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); - p+=i; - - i= p- &(buf[2]); - buf[0]=((i>>8)&0xff)|0x80; - buf[1]=(i&0xff); - - /* number of bytes to write */ - s->init_num=i+2; - s->init_off=0; - - ssl3_finish_mac(s,&(buf[2]),i); - } - else - { - /* create Client Hello in SSL 3.0/TLS 1.0 format */ - - /* do the record header (5 bytes) and handshake message header (4 bytes) last */ - d = p = &(buf[9]); - - *(p++) = version_major; - *(p++) = version_minor; - - /* Random stuff */ - memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); - p += SSL3_RANDOM_SIZE; - - /* Session ID (zero since there is no reuse) */ - *(p++) = 0; - - /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ - i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char); - if (i == 0) - { - SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); - return -1; - } -#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH - /* Some servers hang if client hello > 256 bytes - * as hack workaround chop number of supported ciphers - * to keep it well below this if we use TLS v1.2 - */ - if (TLS1_get_version(s) >= TLS1_2_VERSION - && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) - i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; -#endif - s2n(i,p); - p+=i; - - /* COMPRESSION */ -#ifdef OPENSSL_NO_COMP - *(p++)=1; -#else - if ((s->options & SSL_OP_NO_COMPRESSION) - || !s->ctx->comp_methods) - j=0; - else - j=sk_SSL_COMP_num(s->ctx->comp_methods); - *(p++)=1+j; - for (i=0; i<j; i++) - { - comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); - *(p++)=comp->id; - } -#endif - *(p++)=0; /* Add the NULL method */ - -#ifndef OPENSSL_NO_TLSEXT - /* TLS extensions*/ - if (ssl_prepare_clienthello_tlsext(s) <= 0) - { - SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); - return -1; - } - if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) - { - SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); - return -1; - } -#endif - - l = p-d; - - /* fill in 4-byte handshake header */ - d=&(buf[5]); - *(d++)=SSL3_MT_CLIENT_HELLO; - l2n3(l,d); - - l += 4; - - if (l > SSL3_RT_MAX_PLAIN_LENGTH) - { - SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); - return -1; - } - - /* fill in 5-byte record header */ - d=buf; - *(d++) = SSL3_RT_HANDSHAKE; - *(d++) = version_major; - /* Some servers hang if we use long client hellos - * and a record number > TLS 1.0. - */ - if (TLS1_get_client_version(s) > TLS1_VERSION) - *(d++) = 1; - else - *(d++) = version_minor; - s2n((int)l,d); - - /* number of bytes to write */ - s->init_num=p-buf; - s->init_off=0; - - ssl3_finish_mac(s,&(buf[5]), s->init_num - 5); - } - - s->state=SSL23_ST_CW_CLNT_HELLO_B; - s->init_off=0; - } - - /* SSL3_ST_CW_CLNT_HELLO_B */ - ret = ssl23_write_bytes(s); - - if ((ret >= 2) && s->msg_callback) - { - /* Client Hello has been sent; tell msg_callback */ - - if (ssl2_compat) - s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); - else - s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg); - } - - return ret; - } - -static int ssl23_get_server_hello(SSL *s) - { - char buf[8]; - unsigned char *p; - int i; - int n; - - n=ssl23_read_bytes(s,7); - - if (n != 7) return(n); - p=s->packet; - - memcpy(buf,p,n); - - if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && - (p[5] == 0x00) && (p[6] == 0x02)) - { -#ifdef OPENSSL_NO_SSL2 - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); - goto err; -#else - /* we are talking sslv2 */ - /* we need to clean up the SSLv3 setup and put in the - * sslv2 stuff. */ - int ch_len; - - if (s->options & SSL_OP_NO_SSLv2) - { - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); - goto err; - } - if (s->s2 == NULL) - { - if (!ssl2_new(s)) - goto err; - } - else - ssl2_clear(s); - - if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) - ch_len=SSL2_CHALLENGE_LENGTH; - else - ch_len=SSL2_MAX_CHALLENGE_LENGTH; - - /* write out sslv2 challenge */ - /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because - it is one of SSL2_MAX_CHALLENGE_LENGTH (32) or - SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for - futurproofing */ - i=(SSL3_RANDOM_SIZE < ch_len) - ?SSL3_RANDOM_SIZE:ch_len; - s->s2->challenge_length=i; - memcpy(s->s2->challenge, - &(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); - - if (s->s3 != NULL) ssl3_free(s); - - if (!BUF_MEM_grow_clean(s->init_buf, - SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) - { - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB); - goto err; - } - - s->state=SSL2_ST_GET_SERVER_HELLO_A; - if (!(s->client_version == SSL2_VERSION)) - /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */ - s->s2->ssl2_rollback=1; - - /* setup the 7 bytes we have read so we get them from - * the sslv2 buffer */ - s->rstate=SSL_ST_READ_HEADER; - s->packet_length=n; - s->packet= &(s->s2->rbuf[0]); - memcpy(s->packet,buf,n); - s->s2->rbuf_left=n; - s->s2->rbuf_offs=0; - - /* we have already written one */ - s->s2->write_sequence=1; - - s->method=SSLv2_client_method(); - s->handshake_func=s->method->ssl_connect; -#endif - } - else if (p[1] == SSL3_VERSION_MAJOR && - p[2] <= TLS1_2_VERSION_MINOR && - ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) || - (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) - { - /* we have sslv3 or tls1 (server hello or alert) */ - -#ifndef OPENSSL_NO_SSL3 - if ((p[2] == SSL3_VERSION_MINOR) && - !(s->options & SSL_OP_NO_SSLv3)) - { -#ifdef OPENSSL_FIPS - if(FIPS_mode()) - { - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, - SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); - goto err; - } -#endif - s->version=SSL3_VERSION; - s->method=SSLv3_client_method(); - } - else -#endif - if ((p[2] == TLS1_VERSION_MINOR) && - !(s->options & SSL_OP_NO_TLSv1)) - { - s->version=TLS1_VERSION; - s->method=TLSv1_client_method(); - } - else if ((p[2] == TLS1_1_VERSION_MINOR) && - !(s->options & SSL_OP_NO_TLSv1_1)) - { - s->version=TLS1_1_VERSION; - s->method=TLSv1_1_client_method(); - } - else if ((p[2] == TLS1_2_VERSION_MINOR) && - !(s->options & SSL_OP_NO_TLSv1_2)) - { - s->version=TLS1_2_VERSION; - s->method=TLSv1_2_client_method(); - } - else - { - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); - goto err; - } - - /* ensure that TLS_MAX_VERSION is up-to-date */ - OPENSSL_assert(s->version <= TLS_MAX_VERSION); - - if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) - { - /* fatal alert */ - - void (*cb)(const SSL *ssl,int type,int val)=NULL; - int j; - - if (s->info_callback != NULL) - cb=s->info_callback; - else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; - - i=p[5]; - if (cb != NULL) - { - j=(i<<8)|p[6]; - cb(s,SSL_CB_READ_ALERT,j); - } - - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_ALERT, p+5, 2, s, s->msg_callback_arg); - - s->rwstate=SSL_NOTHING; - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]); - goto err; - } - - if (!ssl_init_wbio_buffer(s,1)) goto err; - - /* we are in this state */ - s->state=SSL3_ST_CR_SRVR_HELLO_A; - - /* put the 7 bytes we have read into the input buffer - * for SSLv3 */ - s->rstate=SSL_ST_READ_HEADER; - s->packet_length=n; - if (s->s3->rbuf.buf == NULL) - if (!ssl3_setup_read_buffer(s)) - goto err; - s->packet= &(s->s3->rbuf.buf[0]); - memcpy(s->packet,buf,n); - s->s3->rbuf.left=n; - s->s3->rbuf.offset=0; - - s->handshake_func=s->method->ssl_connect; - } - else - { - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL); - goto err; - } - s->init_num=0; - - /* Since, if we are sending a ssl23 client hello, we are not - * reusing a session-id */ - if (!s->session_creation_enabled) - { - if (!(s->client_version == SSL2_VERSION)) - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED); - goto err; - } - if (!ssl_get_new_session(s,0)) - goto err; - - return(SSL_connect(s)); -err: - return(-1); - } diff --git a/main/openssl/ssl/s23_lib.c b/main/openssl/ssl/s23_lib.c deleted file mode 100644 index f3c29d1d..00000000 --- a/main/openssl/ssl/s23_lib.c +++ /dev/null @@ -1,194 +0,0 @@ -/* ssl/s23_lib.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include <openssl/objects.h> -#include "ssl_locl.h" - -long ssl23_default_timeout(void) - { - return(300); - } - -int ssl23_num_ciphers(void) - { - return(ssl3_num_ciphers() -#ifndef OPENSSL_NO_SSL2 - + ssl2_num_ciphers() -#endif - ); - } - -const SSL_CIPHER *ssl23_get_cipher(unsigned int u) - { - unsigned int uu=ssl3_num_ciphers(); - - if (u < uu) - return(ssl3_get_cipher(u)); - else -#ifndef OPENSSL_NO_SSL2 - return(ssl2_get_cipher(u-uu)); -#else - return(NULL); -#endif - } - -/* This function needs to check if the ciphers required are actually - * available */ -const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) - { - const SSL_CIPHER *cp; - - cp=ssl3_get_cipher_by_char(p); -#ifndef OPENSSL_NO_SSL2 - if (cp == NULL) - cp=ssl2_get_cipher_by_char(p); -#endif - return(cp); - } - -int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) - { - long l; - - /* We can write SSLv2 and SSLv3 ciphers */ - /* but no ECC ciphers */ - if (c->algorithm_mkey == SSL_kECDHr || - c->algorithm_mkey == SSL_kECDHe || - c->algorithm_mkey == SSL_kEECDH || - c->algorithm_auth == SSL_aECDH || - c->algorithm_auth == SSL_aECDSA) - return 0; - if (p != NULL) - { - l=c->id; - p[0]=((unsigned char)(l>>16L))&0xFF; - p[1]=((unsigned char)(l>> 8L))&0xFF; - p[2]=((unsigned char)(l ))&0xFF; - } - return(3); - } - -int ssl23_read(SSL *s, void *buf, int len) - { - int n; - - clear_sys_error(); - if (SSL_in_init(s) && (!s->in_handshake)) - { - n=s->handshake_func(s); - if (n < 0) return(n); - if (n == 0) - { - SSLerr(SSL_F_SSL23_READ,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); - } - return(SSL_read(s,buf,len)); - } - else - { - ssl_undefined_function(s); - return(-1); - } - } - -int ssl23_peek(SSL *s, void *buf, int len) - { - int n; - - clear_sys_error(); - if (SSL_in_init(s) && (!s->in_handshake)) - { - n=s->handshake_func(s); - if (n < 0) return(n); - if (n == 0) - { - SSLerr(SSL_F_SSL23_PEEK,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); - } - return(SSL_peek(s,buf,len)); - } - else - { - ssl_undefined_function(s); - return(-1); - } - } - -int ssl23_write(SSL *s, const void *buf, int len) - { - int n; - - clear_sys_error(); - if (SSL_in_init(s) && (!s->in_handshake)) - { - n=s->handshake_func(s); - if (n < 0) return(n); - if (n == 0) - { - SSLerr(SSL_F_SSL23_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); - } - return(SSL_write(s,buf,len)); - } - else - { - ssl_undefined_function(s); - return(-1); - } - } diff --git a/main/openssl/ssl/s23_meth.c b/main/openssl/ssl/s23_meth.c deleted file mode 100644 index 40eae0f0..00000000 --- a/main/openssl/ssl/s23_meth.c +++ /dev/null @@ -1,92 +0,0 @@ -/* ssl/s23_meth.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include <openssl/objects.h> -#include "ssl_locl.h" - -static const SSL_METHOD *ssl23_get_method(int ver); -static const SSL_METHOD *ssl23_get_method(int ver) - { -#ifndef OPENSSL_NO_SSL2 - if (ver == SSL2_VERSION) - return(SSLv2_method()); - else -#endif -#ifndef OPENSSL_NO_SSL3 - if (ver == SSL3_VERSION) - return(SSLv3_method()); - else -#endif -#ifndef OPENSSL_NO_TLS1 - if (ver == TLS1_VERSION) - return(TLSv1_method()); - else if (ver == TLS1_1_VERSION) - return(TLSv1_1_method()); - else if (ver == TLS1_2_VERSION) - return(TLSv1_2_method()); - else -#endif - return(NULL); - } - -IMPLEMENT_ssl23_meth_func(SSLv23_method, - ssl23_accept, - ssl23_connect, - ssl23_get_method) - diff --git a/main/openssl/ssl/s23_pkt.c b/main/openssl/ssl/s23_pkt.c deleted file mode 100644 index 4ca6a1b2..00000000 --- a/main/openssl/ssl/s23_pkt.c +++ /dev/null @@ -1,117 +0,0 @@ -/* ssl/s23_pkt.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include <errno.h> -#define USE_SOCKETS -#include "ssl_locl.h" -#include <openssl/evp.h> -#include <openssl/buffer.h> - -int ssl23_write_bytes(SSL *s) - { - int i,num,tot; - char *buf; - - buf=s->init_buf->data; - tot=s->init_off; - num=s->init_num; - for (;;) - { - s->rwstate=SSL_WRITING; - i=BIO_write(s->wbio,&(buf[tot]),num); - if (i <= 0) - { - s->init_off=tot; - s->init_num=num; - return(i); - } - s->rwstate=SSL_NOTHING; - if (i == num) return(tot+i); - - num-=i; - tot+=i; - } - } - -/* return regularly only when we have read (at least) 'n' bytes */ -int ssl23_read_bytes(SSL *s, int n) - { - unsigned char *p; - int j; - - if (s->packet_length < (unsigned int)n) - { - p=s->packet; - - for (;;) - { - s->rwstate=SSL_READING; - j=BIO_read(s->rbio,(char *)&(p[s->packet_length]), - n-s->packet_length); - if (j <= 0) - return(j); - s->rwstate=SSL_NOTHING; - s->packet_length+=j; - if (s->packet_length >= (unsigned int)n) - return(s->packet_length); - } - } - return(n); - } - diff --git a/main/openssl/ssl/s23_srvr.c b/main/openssl/ssl/s23_srvr.c deleted file mode 100644 index 3178815e..00000000 --- a/main/openssl/ssl/s23_srvr.c +++ /dev/null @@ -1,660 +0,0 @@ -/* ssl/s23_srvr.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <stdio.h> -#include "ssl_locl.h" -#include <openssl/buffer.h> -#include <openssl/rand.h> -#include <openssl/objects.h> -#include <openssl/evp.h> -#ifdef OPENSSL_FIPS -#include <openssl/fips.h> -#endif - -static const SSL_METHOD *ssl23_get_server_method(int ver); -int ssl23_get_client_hello(SSL *s); -static const SSL_METHOD *ssl23_get_server_method(int ver) - { -#ifndef OPENSSL_NO_SSL2 - if (ver == SSL2_VERSION) - return(SSLv2_server_method()); -#endif -#ifndef OPENSSL_NO_SSL3 - if (ver == SSL3_VERSION) - return(SSLv3_server_method()); -#endif - if (ver == TLS1_VERSION) - return(TLSv1_server_method()); - else if (ver == TLS1_1_VERSION) - return(TLSv1_1_server_method()); - else if (ver == TLS1_2_VERSION) - return(TLSv1_2_server_method()); - else - return(NULL); - } - -IMPLEMENT_ssl23_meth_func(SSLv23_server_method, - ssl23_accept, - ssl_undefined_function, - ssl23_get_server_method) - -int ssl23_accept(SSL *s) - { - BUF_MEM *buf; - unsigned long Time=(unsigned long)time(NULL); - void (*cb)(const SSL *ssl,int type,int val)=NULL; - int ret= -1; - int new_state,state; - - RAND_add(&Time,sizeof(Time),0); - ERR_clear_error(); - clear_sys_error(); - - if (s->info_callback != NULL) - cb=s->info_callback; - else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; - - s->in_handshake++; - if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); - - for (;;) - { - state=s->state; - - switch(s->state) - { - case SSL_ST_BEFORE: - case SSL_ST_ACCEPT: - case SSL_ST_BEFORE|SSL_ST_ACCEPT: - case SSL_ST_OK|SSL_ST_ACCEPT: - - s->server=1; - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); - - /* s->version=SSL3_VERSION; */ - s->type=SSL_ST_ACCEPT; - - if (s->init_buf == NULL) - { - if ((buf=BUF_MEM_new()) == NULL) - { - ret= -1; - goto end; - } - if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) - { - BUF_MEM_free(buf); - ret= -1; - goto end; - } - s->init_buf=buf; - } - - ssl3_init_finished_mac(s); - - s->state=SSL23_ST_SR_CLNT_HELLO_A; - s->ctx->stats.sess_accept++; - s->init_num=0; - break; - - case SSL23_ST_SR_CLNT_HELLO_A: - case SSL23_ST_SR_CLNT_HELLO_B: - - s->shutdown=0; - ret=ssl23_get_client_hello(s); - if (ret >= 0) cb=NULL; - goto end; - /* break; */ - - default: - SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE); - ret= -1; - goto end; - /* break; */ - } - - if ((cb != NULL) && (s->state != state)) - { - new_state=s->state; - s->state=state; - cb(s,SSL_CB_ACCEPT_LOOP,1); - s->state=new_state; - } - } -end: - s->in_handshake--; - if (cb != NULL) - cb(s,SSL_CB_ACCEPT_EXIT,ret); - return(ret); - } - - -int ssl23_get_client_hello(SSL *s) - { - char buf_space[11]; /* Request this many bytes in initial read. - * We can detect SSL 3.0/TLS 1.0 Client Hellos - * ('type == 3') correctly only when the following - * is in a single record, which is not guaranteed by - * the protocol specification: - * Byte Content - * 0 type \ - * 1/2 version > record header - * 3/4 length / - * 5 msg_type \ - * 6-8 length > Client Hello message - * 9/10 client_version / - */ - char *buf= &(buf_space[0]); - unsigned char *p,*d,*d_len,*dd; - unsigned int i; - unsigned int csl,sil,cl; - int n=0,j; - int type=0; - int v[2]; - - if (s->state == SSL23_ST_SR_CLNT_HELLO_A) - { - /* read the initial header */ - v[0]=v[1]=0; - - if (!ssl3_setup_buffers(s)) goto err; - - n=ssl23_read_bytes(s, sizeof buf_space); - if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */ - - p=s->packet; - - memcpy(buf,p,n); - - if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) - { - /* - * SSLv2 header - */ - if ((p[3] == 0x00) && (p[4] == 0x02)) - { - v[0]=p[3]; v[1]=p[4]; - /* SSLv2 */ - if (!(s->options & SSL_OP_NO_SSLv2)) - type=1; - } - else if (p[3] == SSL3_VERSION_MAJOR) - { - v[0]=p[3]; v[1]=p[4]; - /* SSLv3/TLSv1 */ - if (p[4] >= TLS1_VERSION_MINOR) - { - if (p[4] >= TLS1_2_VERSION_MINOR && - !(s->options & SSL_OP_NO_TLSv1_2)) - { - s->version=TLS1_2_VERSION; - s->state=SSL23_ST_SR_CLNT_HELLO_B; - } - else if (p[4] >= TLS1_1_VERSION_MINOR && - !(s->options & SSL_OP_NO_TLSv1_1)) - { - s->version=TLS1_1_VERSION; - /* type=2; */ /* done later to survive restarts */ - s->state=SSL23_ST_SR_CLNT_HELLO_B; - } - else if (!(s->options & SSL_OP_NO_TLSv1)) - { - s->version=TLS1_VERSION; - /* type=2; */ /* done later to survive restarts */ - s->state=SSL23_ST_SR_CLNT_HELLO_B; - } - else if (!(s->options & SSL_OP_NO_SSLv3)) - { - s->version=SSL3_VERSION; - /* type=2; */ - s->state=SSL23_ST_SR_CLNT_HELLO_B; - } - else if (!(s->options & SSL_OP_NO_SSLv2)) - { - type=1; - } - } - else if (!(s->options & SSL_OP_NO_SSLv3)) - { - s->version=SSL3_VERSION; - /* type=2; */ - s->state=SSL23_ST_SR_CLNT_HELLO_B; - } - else if (!(s->options & SSL_OP_NO_SSLv2)) - type=1; - - } - } - else if ((p[0] == SSL3_RT_HANDSHAKE) && - (p[1] == SSL3_VERSION_MAJOR) && - (p[5] == SSL3_MT_CLIENT_HELLO) && - ((p[3] == 0 && p[4] < 5 /* silly record length? */) - || (p[9] >= p[1]))) - { - /* - * SSLv3 or tls1 header - */ - - v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */ - /* We must look at client_version inside the Client Hello message - * to get the correct minor version. - * However if we have only a pathologically small fragment of the - * Client Hello message, this would be difficult, and we'd have - * to read more records to find out. - * No known SSL 3.0 client fragments ClientHello like this, - * so we simply reject such connections to avoid - * protocol version downgrade attacks. */ - if (p[3] == 0 && p[4] < 6) - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); - goto err; - } - /* if major version number > 3 set minor to a value - * which will use the highest version 3 we support. - * If TLS 2.0 ever appears we will need to revise - * this.... - */ - if (p[9] > SSL3_VERSION_MAJOR) - v[1]=0xff; - else - v[1]=p[10]; /* minor version according to client_version */ - if (v[1] >= TLS1_VERSION_MINOR) - { - if (v[1] >= TLS1_2_VERSION_MINOR && - !(s->options & SSL_OP_NO_TLSv1_2)) - { - s->version=TLS1_2_VERSION; - type=3; - } - else if (v[1] >= TLS1_1_VERSION_MINOR && - !(s->options & SSL_OP_NO_TLSv1_1)) - { - s->version=TLS1_1_VERSION; - type=3; - } - else if (!(s->options & SSL_OP_NO_TLSv1)) - { - s->version=TLS1_VERSION; - type=3; - } - else if (!(s->options & SSL_OP_NO_SSLv3)) - { - s->version=SSL3_VERSION; - type=3; - } - } - else - { - /* client requests SSL 3.0 */ - if (!(s->options & SSL_OP_NO_SSLv3)) - { - s->version=SSL3_VERSION; - type=3; - } - else if (!(s->options & SSL_OP_NO_TLSv1)) - { - /* we won't be able to use TLS of course, - * but this will send an appropriate alert */ - s->version=TLS1_VERSION; - type=3; - } - } - } - else if ((strncmp("GET ", (char *)p,4) == 0) || - (strncmp("POST ",(char *)p,5) == 0) || - (strncmp("HEAD ",(char *)p,5) == 0) || - (strncmp("PUT ", (char *)p,4) == 0)) - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST); - goto err; - } - else if (strncmp("CONNECT",(char *)p,7) == 0) - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST); - goto err; - } - } - - /* ensure that TLS_MAX_VERSION is up-to-date */ - OPENSSL_assert(s->version <= TLS_MAX_VERSION); - -#ifdef OPENSSL_FIPS - if (FIPS_mode() && (s->version < TLS1_VERSION)) - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, - SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); - goto err; - } -#endif - - if (s->state == SSL23_ST_SR_CLNT_HELLO_B) - { - /* we have SSLv3/TLSv1 in an SSLv2 header - * (other cases skip this state) */ - - type=2; - p=s->packet; - v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ - v[1] = p[4]; - - /* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2 - * header is sent directly on the wire, not wrapped as a TLS - * record. It's format is: - * Byte Content - * 0-1 msg_length - * 2 msg_type - * 3-4 version - * 5-6 cipher_spec_length - * 7-8 session_id_length - * 9-10 challenge_length - * ... ... - */ - n=((p[0]&0x7f)<<8)|p[1]; - if (n > (1024*4)) - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE); - goto err; - } - if (n < 9) - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH); - goto err; - } - - j=ssl23_read_bytes(s,n+2); - /* We previously read 11 bytes, so if j > 0, we must have - * j == n+2 == s->packet_length. We have at least 11 valid - * packet bytes. */ - if (j <= 0) return(j); - - ssl3_finish_mac(s, s->packet+2, s->packet_length-2); - if (s->msg_callback) - s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ - - p=s->packet; - p+=5; - n2s(p,csl); - n2s(p,sil); - n2s(p,cl); - d=(unsigned char *)s->init_buf->data; - if ((csl+sil+cl+11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format - * Client Hello, can we? Error condition should be - * '>' otherweise */ - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH); - goto err; - } - - /* record header: msg_type ... */ - *(d++) = SSL3_MT_CLIENT_HELLO; - /* ... and length (actual value will be written later) */ - d_len = d; - d += 3; - - /* client_version */ - *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */ - *(d++) = v[1]; - - /* lets populate the random area */ - /* get the challenge_length */ - i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl; - memset(d,0,SSL3_RANDOM_SIZE); - memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i); - d+=SSL3_RANDOM_SIZE; - - /* no session-id reuse */ - *(d++)=0; - - /* ciphers */ - j=0; - dd=d; - d+=2; - for (i=0; i<csl; i+=3) - { - if (p[i] != 0) continue; - *(d++)=p[i+1]; - *(d++)=p[i+2]; - j+=2; - } - s2n(j,dd); - - /* COMPRESSION */ - *(d++)=1; - *(d++)=0; - -#if 0 - /* copy any remaining data with may be extensions */ - p = p+csl+sil+cl; - while (p < s->packet+s->packet_length) - { - *(d++)=*(p++); - } -#endif - - i = (d-(unsigned char *)s->init_buf->data) - 4; - l2n3((long)i, d_len); - - /* get the data reused from the init_buf */ - s->s3->tmp.reuse_message=1; - s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO; - s->s3->tmp.message_size=i; - } - - /* imaginary new state (for program structure): */ - /* s->state = SSL23_SR_CLNT_HELLO_C */ - - if (type == 1) - { -#ifdef OPENSSL_NO_SSL2 - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); - goto err; -#else - /* we are talking sslv2 */ - /* we need to clean up the SSLv3/TLSv1 setup and put in the - * sslv2 stuff. */ - - if (s->s2 == NULL) - { - if (!ssl2_new(s)) - goto err; - } - else - ssl2_clear(s); - - if (s->s3 != NULL) ssl3_free(s); - - if (!BUF_MEM_grow_clean(s->init_buf, - SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) - { - goto err; - } - - s->state=SSL2_ST_GET_CLIENT_HELLO_A; - if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3) - s->s2->ssl2_rollback=0; - else - /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 - * (SSL 3.0 draft/RFC 2246, App. E.2) */ - s->s2->ssl2_rollback=1; - - /* setup the n bytes we have read so we get them from - * the sslv2 buffer */ - s->rstate=SSL_ST_READ_HEADER; - s->packet_length=n; - s->packet= &(s->s2->rbuf[0]); - memcpy(s->packet,buf,n); - s->s2->rbuf_left=n; - s->s2->rbuf_offs=0; - - s->method=SSLv2_server_method(); - s->handshake_func=s->method->ssl_accept; -#endif - } - - if ((type == 2) || (type == 3)) - { - /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */ - const SSL_METHOD *new_method; - new_method = ssl23_get_server_method(s->version); - if (new_method == NULL) - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); - goto err; - } - s->method = new_method; - - if (!ssl_init_wbio_buffer(s,1)) goto err; - - /* we are in this state */ - s->state=SSL3_ST_SR_CLNT_HELLO_A; - - if (type == 3) - { - /* put the 'n' bytes we have read into the input buffer - * for SSLv3 */ - s->rstate=SSL_ST_READ_HEADER; - s->packet_length=n; - if (s->s3->rbuf.buf == NULL) - if (!ssl3_setup_read_buffer(s)) - goto err; - - s->packet= &(s->s3->rbuf.buf[0]); - memcpy(s->packet,buf,n); - s->s3->rbuf.left=n; - s->s3->rbuf.offset=0; - } - else - { - s->packet_length=0; - s->s3->rbuf.left=0; - s->s3->rbuf.offset=0; - } -#if 0 /* ssl3_get_client_hello does this */ - s->client_version=(v[0]<<8)|v[1]; -#endif - s->handshake_func=s->method->ssl_accept; - } - - if ((type < 1) || (type > 3)) - { - /* bad, very bad */ - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL); - goto err; - } - s->init_num=0; - - if (buf != buf_space) OPENSSL_free(buf); - return(SSL_accept(s)); -err: - if (buf != buf_space) OPENSSL_free(buf); - return(-1); - } diff --git a/main/openssl/ssl/s2_clnt.c b/main/openssl/ssl/s2_clnt.c deleted file mode 100644 index 03b6cf96..00000000 --- a/main/openssl/ssl/s2_clnt.c +++ /dev/null @@ -1,1127 +0,0 @@ -/* ssl/s2_clnt.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "ssl_locl.h" -#ifndef OPENSSL_NO_SSL2 -#include <stdio.h> -#include <openssl/rand.h> -#include <openssl/buffer.h> -#include <openssl/objects.h> -#include <openssl/evp.h> - -static const SSL_METHOD *ssl2_get_client_method(int ver); -static int get_server_finished(SSL *s); -static int get_server_verify(SSL *s); -static int get_server_hello(SSL *s); -static int client_hello(SSL *s); -static int client_master_key(SSL *s); -static int client_finished(SSL *s); -static int client_certificate(SSL *s); -static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from, - unsigned char *to,int padding); -#define BREAK break - -static const SSL_METHOD *ssl2_get_client_method(int ver) - { - if (ver == SSL2_VERSION) - return(SSLv2_client_method()); - else - return(NULL); - } - -IMPLEMENT_ssl2_meth_func(SSLv2_client_method, - ssl_undefined_function, - ssl2_connect, - ssl2_get_client_method) - -int ssl2_connect(SSL *s) - { - unsigned long l=(unsigned long)time(NULL); - BUF_MEM *buf=NULL; - int ret= -1; - void (*cb)(const SSL *ssl,int type,int val)=NULL; - int new_state,state; - - RAND_add(&l,sizeof(l),0); - ERR_clear_error(); - clear_sys_error(); - - if (s->info_callback != NULL) - cb=s->info_callback; - else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; - - /* init things to blank */ - s->in_handshake++; - if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); - - for (;;) - { - state=s->state; - - switch (s->state) - { - case SSL_ST_BEFORE: - case SSL_ST_CONNECT: - case SSL_ST_BEFORE|SSL_ST_CONNECT: - case SSL_ST_OK|SSL_ST_CONNECT: - - s->server=0; - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); - - s->version=SSL2_VERSION; - s->type=SSL_ST_CONNECT; - - buf=s->init_buf; - if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL)) - { - ret= -1; - goto end; - } - if (!BUF_MEM_grow(buf, - SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) - { - if (buf == s->init_buf) - buf=NULL; - ret= -1; - goto end; - } - s->init_buf=buf; - buf=NULL; - s->init_num=0; - s->state=SSL2_ST_SEND_CLIENT_HELLO_A; - s->ctx->stats.sess_connect++; - s->handshake_func=ssl2_connect; - BREAK; - - case SSL2_ST_SEND_CLIENT_HELLO_A: - case SSL2_ST_SEND_CLIENT_HELLO_B: - s->shutdown=0; - ret=client_hello(s); - if (ret <= 0) goto end; - s->init_num=0; - s->state=SSL2_ST_GET_SERVER_HELLO_A; - BREAK; - - case SSL2_ST_GET_SERVER_HELLO_A: - case SSL2_ST_GET_SERVER_HELLO_B: - ret=get_server_hello(s); - if (ret <= 0) goto end; - s->init_num=0; - if (!s->hit) /* new session */ - { - s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_A; - BREAK; - } - else - { - s->state=SSL2_ST_CLIENT_START_ENCRYPTION; - break; - } - - case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: - case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: - ret=client_master_key(s); - if (ret <= 0) goto end; - s->init_num=0; - s->state=SSL2_ST_CLIENT_START_ENCRYPTION; - break; - - case SSL2_ST_CLIENT_START_ENCRYPTION: - /* Ok, we now have all the stuff needed to - * start encrypting, so lets fire it up :-) */ - if (!ssl2_enc_init(s,1)) - { - ret= -1; - goto end; - } - s->s2->clear_text=0; - s->state=SSL2_ST_SEND_CLIENT_FINISHED_A; - break; - - case SSL2_ST_SEND_CLIENT_FINISHED_A: - case SSL2_ST_SEND_CLIENT_FINISHED_B: - ret=client_finished(s); - if (ret <= 0) goto end; - s->init_num=0; - s->state=SSL2_ST_GET_SERVER_VERIFY_A; - break; - - case SSL2_ST_GET_SERVER_VERIFY_A: - case SSL2_ST_GET_SERVER_VERIFY_B: - ret=get_server_verify(s); - if (ret <= 0) goto end; - s->init_num=0; - s->state=SSL2_ST_GET_SERVER_FINISHED_A; - break; - - case SSL2_ST_GET_SERVER_FINISHED_A: - case SSL2_ST_GET_SERVER_FINISHED_B: - ret=get_server_finished(s); - if (ret <= 0) goto end; - break; - - case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: - case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: - case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: - case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: - case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: - ret=client_certificate(s); - if (ret <= 0) goto end; - s->init_num=0; - s->state=SSL2_ST_GET_SERVER_FINISHED_A; - break; - - case SSL_ST_OK: - if (s->init_buf != NULL) - { - BUF_MEM_free(s->init_buf); - s->init_buf=NULL; - } - s->init_num=0; - /* ERR_clear_error();*/ - - /* If we want to cache session-ids in the client - * and we successfully add the session-id to the - * cache, and there is a callback, then pass it out. - * 26/11/96 - eay - only add if not a re-used session. - */ - - ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); - if (s->hit) s->ctx->stats.sess_hit++; - - ret=1; - /* s->server=0; */ - s->ctx->stats.sess_connect_good++; - - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); - - goto end; - /* break; */ - default: - SSLerr(SSL_F_SSL2_CONNECT,SSL_R_UNKNOWN_STATE); - return(-1); - /* break; */ - } - - if ((cb != NULL) && (s->state != state)) - { - new_state=s->state; - s->state=state; - cb(s,SSL_CB_CONNECT_LOOP,1); - s->state=new_state; - } - } -end: - s->in_handshake--; - if (buf != NULL) - BUF_MEM_free(buf); - if (cb != NULL) - cb(s,SSL_CB_CONNECT_EXIT,ret); - return(ret); - } - -static int get_server_hello(SSL *s) - { - unsigned char *buf; - unsigned char *p; - int i,j; - unsigned long len; - STACK_OF(SSL_CIPHER) *sk=NULL,*cl, *prio, *allow; - - buf=(unsigned char *)s->init_buf->data; - p=buf; - if (s->state == SSL2_ST_GET_SERVER_HELLO_A) - { - i=ssl2_read(s,(char *)&(buf[s->init_num]),11-s->init_num); - if (i < (11-s->init_num)) - return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i)); - s->init_num = 11; - - if (*(p++) != SSL2_MT_SERVER_HELLO) - { - if (p[-1] != SSL2_MT_ERROR) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_SERVER_HELLO, - SSL_R_READ_WRONG_PACKET_TYPE); - } - else - SSLerr(SSL_F_GET_SERVER_HELLO, - SSL_R_PEER_ERROR); - return(-1); - } -#if 0 - s->hit=(*(p++))?1:0; - /* Some [PPC?] compilers fail to increment p in above - statement, e.g. one provided with Rhapsody 5.5, but - most recent example XL C 11.1 for AIX, even without - optimization flag... */ -#else - s->hit=(*p)?1:0; p++; -#endif - s->s2->tmp.cert_type= *(p++); - n2s(p,i); - if (i < s->version) s->version=i; - n2s(p,i); s->s2->tmp.cert_length=i; - n2s(p,i); s->s2->tmp.csl=i; - n2s(p,i); s->s2->tmp.conn_id_length=i; - s->state=SSL2_ST_GET_SERVER_HELLO_B; - } - - /* SSL2_ST_GET_SERVER_HELLO_B */ - len = 11 + (unsigned long)s->s2->tmp.cert_length + (unsigned long)s->s2->tmp.csl + (unsigned long)s->s2->tmp.conn_id_length; - if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) - { - SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_MESSAGE_TOO_LONG); - return -1; - } - j = (int)len - s->init_num; - i = ssl2_read(s,(char *)&(buf[s->init_num]),j); - if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i)); - if (s->msg_callback) - s->msg_callback(0, s->version, 0, buf, (size_t)len, s, s->msg_callback_arg); /* SERVER-HELLO */ - - /* things are looking good */ - - p = buf + 11; - if (s->hit) - { - if (s->s2->tmp.cert_length != 0) - { - SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_LENGTH_NOT_ZERO); - return(-1); - } - if (s->s2->tmp.cert_type != 0) - { - if (!(s->options & - SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)) - { - SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_TYPE_NOT_ZERO); - return(-1); - } - } - if (s->s2->tmp.csl != 0) - { - SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CIPHER_LIST_NOT_ZERO); - return(-1); - } - } - else - { -#ifdef undef - /* very bad */ - memset(s->session->session_id,0, - SSL_MAX_SSL_SESSION_ID_LENGTH_IN_BYTES); - s->session->session_id_length=0; - */ -#endif - - /* we need to do this in case we were trying to reuse a - * client session but others are already reusing it. - * If this was a new 'blank' session ID, the session-id - * length will still be 0 */ - if (s->session->session_id_length > 0) - { - if (!ssl_get_new_session(s,0)) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - return(-1); - } - } - - if (ssl2_set_certificate(s,s->s2->tmp.cert_type, - s->s2->tmp.cert_length,p) <= 0) - { - ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE); - return(-1); - } - p+=s->s2->tmp.cert_length; - - if (s->s2->tmp.csl == 0) - { - ssl2_return_error(s,SSL2_PE_NO_CIPHER); - SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_LIST); - return(-1); - } - - /* We have just received a list of ciphers back from the - * server. We need to get the ones that match, then select - * the one we want the most :-). */ - - /* load the ciphers */ - sk=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.csl, - &s->session->ciphers); - p+=s->s2->tmp.csl; - if (sk == NULL) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE); - return(-1); - } - - (void)sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp); - - /* get the array of ciphers we will accept */ - cl=SSL_get_ciphers(s); - (void)sk_SSL_CIPHER_set_cmp_func(cl,ssl_cipher_ptr_id_cmp); - - /* - * If server preference flag set, choose the first - * (highest priority) cipher the server sends, otherwise - * client preference has priority. - */ - if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) - { - prio = sk; - allow = cl; - } - else - { - prio = cl; - allow = sk; - } - /* In theory we could have ciphers sent back that we - * don't want to use but that does not matter since we - * will check against the list we originally sent and - * for performance reasons we should not bother to match - * the two lists up just to check. */ - for (i=0; i<sk_SSL_CIPHER_num(prio); i++) - { - if (sk_SSL_CIPHER_find(allow, - sk_SSL_CIPHER_value(prio,i)) >= 0) - break; - } - - if (i >= sk_SSL_CIPHER_num(prio)) - { - ssl2_return_error(s,SSL2_PE_NO_CIPHER); - SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_MATCH); - return(-1); - } - s->session->cipher=sk_SSL_CIPHER_value(prio,i); - - - if (s->session->peer != NULL) /* can't happen*/ - { - ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR); - return(-1); - } - - s->session->peer = s->session->sess_cert->peer_key->x509; - /* peer_key->x509 has been set by ssl2_set_certificate. */ - CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509); - } - - if (s->session->sess_cert == NULL - || s->session->peer != s->session->sess_cert->peer_key->x509) - /* can't happen */ - { - ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR); - return(-1); - } - - s->s2->conn_id_length=s->s2->tmp.conn_id_length; - if (s->s2->conn_id_length > sizeof s->s2->conn_id) - { - ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG); - return -1; - } - memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); - return(1); - } - -static int client_hello(SSL *s) - { - unsigned char *buf; - unsigned char *p,*d; -/* CIPHER **cipher;*/ - int i,n,j; - - buf=(unsigned char *)s->init_buf->data; - if (s->state == SSL2_ST_SEND_CLIENT_HELLO_A) - { - if ((s->session == NULL) || - (s->session->ssl_version != s->version)) - { - if (!ssl_get_new_session(s,0)) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - return(-1); - } - } - /* else use the pre-loaded session */ - - p=buf; /* header */ - d=p+9; /* data section */ - *(p++)=SSL2_MT_CLIENT_HELLO; /* type */ - s2n(SSL2_VERSION,p); /* version */ - n=j=0; - - n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d,0); - d+=n; - - if (n == 0) - { - SSLerr(SSL_F_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); - return(-1); - } - - s2n(n,p); /* cipher spec num bytes */ - - if ((s->session->session_id_length > 0) && - (s->session->session_id_length <= - SSL2_MAX_SSL_SESSION_ID_LENGTH)) - { - i=s->session->session_id_length; - s2n(i,p); /* session id length */ - memcpy(d,s->session->session_id,(unsigned int)i); - d+=i; - } - else - { - s2n(0,p); - } - - s->s2->challenge_length=SSL2_CHALLENGE_LENGTH; - s2n(SSL2_CHALLENGE_LENGTH,p); /* challenge length */ - /*challenge id data*/ - if (RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH) <= 0) - return -1; - memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH); - d+=SSL2_CHALLENGE_LENGTH; - - s->state=SSL2_ST_SEND_CLIENT_HELLO_B; - s->init_num=d-buf; - s->init_off=0; - } - /* SSL2_ST_SEND_CLIENT_HELLO_B */ - return(ssl2_do_write(s)); - } - -static int client_master_key(SSL *s) - { - unsigned char *buf; - unsigned char *p,*d; - int clear,enc,karg,i; - SSL_SESSION *sess; - const EVP_CIPHER *c; - const EVP_MD *md; - - buf=(unsigned char *)s->init_buf->data; - if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A) - { - - if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL)) - { - ssl2_return_error(s,SSL2_PE_NO_CIPHER); - SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS); - return(-1); - } - sess=s->session; - p=buf; - d=p+10; - *(p++)=SSL2_MT_CLIENT_MASTER_KEY;/* type */ - - i=ssl_put_cipher_by_char(s,sess->cipher,p); - p+=i; - - /* make key_arg data */ - i=EVP_CIPHER_iv_length(c); - sess->key_arg_length=i; - if (i > SSL_MAX_KEY_ARG_LENGTH) - { - ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); - return -1; - } - if (i > 0) - if (RAND_pseudo_bytes(sess->key_arg,i) <= 0) - return -1; - - /* make a master key */ - i=EVP_CIPHER_key_length(c); - sess->master_key_length=i; - if (i > 0) - { - if (i > (int)sizeof(sess->master_key)) - { - ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); - return -1; - } - if (RAND_bytes(sess->master_key,i) <= 0) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - return(-1); - } - } - - if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC) - enc=8; - else if (SSL_C_IS_EXPORT(sess->cipher)) - enc=5; - else - enc=i; - - if ((int)i < enc) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_CIPHER_TABLE_SRC_ERROR); - return(-1); - } - clear=i-enc; - s2n(clear,p); - memcpy(d,sess->master_key,(unsigned int)clear); - d+=clear; - - enc=ssl_rsa_public_encrypt(sess->sess_cert,enc, - &(sess->master_key[clear]),d, - (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING); - if (enc <= 0) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PUBLIC_KEY_ENCRYPT_ERROR); - return(-1); - } -#ifdef PKCS1_CHECK - if (s->options & SSL_OP_PKCS1_CHECK_1) d[1]++; - if (s->options & SSL_OP_PKCS1_CHECK_2) - sess->master_key[clear]++; -#endif - s2n(enc,p); - d+=enc; - karg=sess->key_arg_length; - s2n(karg,p); /* key arg size */ - if (karg > (int)sizeof(sess->key_arg)) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); - return -1; - } - memcpy(d,sess->key_arg,(unsigned int)karg); - d+=karg; - - s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_B; - s->init_num=d-buf; - s->init_off=0; - } - - /* SSL2_ST_SEND_CLIENT_MASTER_KEY_B */ - return(ssl2_do_write(s)); - } - -static int client_finished(SSL *s) - { - unsigned char *p; - - if (s->state == SSL2_ST_SEND_CLIENT_FINISHED_A) - { - p=(unsigned char *)s->init_buf->data; - *(p++)=SSL2_MT_CLIENT_FINISHED; - if (s->s2->conn_id_length > sizeof s->s2->conn_id) - { - SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR); - return -1; - } - memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); - - s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; - s->init_num=s->s2->conn_id_length+1; - s->init_off=0; - } - return(ssl2_do_write(s)); - } - -/* read the data and then respond */ -static int client_certificate(SSL *s) - { - unsigned char *buf; - unsigned char *p,*d; - int i; - unsigned int n; - int cert_ch_len; - unsigned char *cert_ch; - - buf=(unsigned char *)s->init_buf->data; - - /* We have a cert associated with the SSL, so attach it to - * the session if it does not have one */ - - if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A) - { - i=ssl2_read(s,(char *)&(buf[s->init_num]), - SSL2_MAX_CERT_CHALLENGE_LENGTH+2-s->init_num); - if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+2-s->init_num)) - return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i)); - s->init_num += i; - if (s->msg_callback) - s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s, s->msg_callback_arg); /* REQUEST-CERTIFICATE */ - - /* type=buf[0]; */ - /* type eq x509 */ - if (buf[1] != SSL2_AT_MD5_WITH_RSA_ENCRYPTION) - { - ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE); - SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_AUTHENTICATION_TYPE); - return(-1); - } - - if ((s->cert == NULL) || - (s->cert->key->x509 == NULL) || - (s->cert->key->privatekey == NULL)) - { - s->state=SSL2_ST_X509_GET_CLIENT_CERTIFICATE; - } - else - s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C; - } - - cert_ch = buf + 2; - cert_ch_len = s->init_num - 2; - - if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE) - { - X509 *x509=NULL; - EVP_PKEY *pkey=NULL; - - /* If we get an error we need to - * ssl->rwstate=SSL_X509_LOOKUP; - * return(error); - * We should then be retried when things are ok and we - * can get a cert or not */ - - i=0; - if (s->ctx->client_cert_cb != NULL) - { - i=s->ctx->client_cert_cb(s,&(x509),&(pkey)); - } - - if (i < 0) - { - s->rwstate=SSL_X509_LOOKUP; - return(-1); - } - s->rwstate=SSL_NOTHING; - - if ((i == 1) && (pkey != NULL) && (x509 != NULL)) - { - s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C; - if ( !SSL_use_certificate(s,x509) || - !SSL_use_PrivateKey(s,pkey)) - { - i=0; - } - X509_free(x509); - EVP_PKEY_free(pkey); - } - else if (i == 1) - { - if (x509 != NULL) X509_free(x509); - if (pkey != NULL) EVP_PKEY_free(pkey); - SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); - i=0; - } - - if (i == 0) - { - /* We have no client certificate to respond with - * so send the correct error message back */ - s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_B; - p=buf; - *(p++)=SSL2_MT_ERROR; - s2n(SSL2_PE_NO_CERTIFICATE,p); - s->init_off=0; - s->init_num=3; - /* Write is done at the end */ - } - } - - if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_B) - { - return(ssl2_do_write(s)); - } - - if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_C) - { - EVP_MD_CTX ctx; - - /* ok, now we calculate the checksum - * do it first so we can reuse buf :-) */ - p=buf; - EVP_MD_CTX_init(&ctx); - EVP_SignInit_ex(&ctx,s->ctx->rsa_md5, NULL); - EVP_SignUpdate(&ctx,s->s2->key_material, - s->s2->key_material_length); - EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len); - i=i2d_X509(s->session->sess_cert->peer_key->x509,&p); - /* Don't update the signature if it fails - FIXME: probably should handle this better */ - if(i > 0) - EVP_SignUpdate(&ctx,buf,(unsigned int)i); - - p=buf; - d=p+6; - *(p++)=SSL2_MT_CLIENT_CERTIFICATE; - *(p++)=SSL2_CT_X509_CERTIFICATE; - n=i2d_X509(s->cert->key->x509,&d); - s2n(n,p); - - if (!EVP_SignFinal(&ctx,d,&n,s->cert->key->privatekey)) - { - /* this is not good. If things have failed it - * means there so something wrong with the key. - * We will continue with a 0 length signature - */ - } - EVP_MD_CTX_cleanup(&ctx); - s2n(n,p); - d+=n; - - s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_D; - s->init_num=d-buf; - s->init_off=0; - } - /* if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_D) */ - return(ssl2_do_write(s)); - } - -static int get_server_verify(SSL *s) - { - unsigned char *p; - int i, n, len; - - p=(unsigned char *)s->init_buf->data; - if (s->state == SSL2_ST_GET_SERVER_VERIFY_A) - { - i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num); - if (i < (1-s->init_num)) - return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i)); - s->init_num += i; - - s->state= SSL2_ST_GET_SERVER_VERIFY_B; - if (*p != SSL2_MT_SERVER_VERIFY) - { - if (p[0] != SSL2_MT_ERROR) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_SERVER_VERIFY, - SSL_R_READ_WRONG_PACKET_TYPE); - } - else - { - SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_PEER_ERROR); - /* try to read the error message */ - i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num); - return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i); - } - return(-1); - } - } - - p=(unsigned char *)s->init_buf->data; - len = 1 + s->s2->challenge_length; - n = len - s->init_num; - i = ssl2_read(s,(char *)&(p[s->init_num]),n); - if (i < n) - return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i)); - if (s->msg_callback) - s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */ - p += 1; - - if (CRYPTO_memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT); - return(-1); - } - return(1); - } - -static int get_server_finished(SSL *s) - { - unsigned char *buf; - unsigned char *p; - int i, n, len; - - buf=(unsigned char *)s->init_buf->data; - p=buf; - if (s->state == SSL2_ST_GET_SERVER_FINISHED_A) - { - i=ssl2_read(s,(char *)&(buf[s->init_num]),1-s->init_num); - if (i < (1-s->init_num)) - return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i)); - s->init_num += i; - - if (*p == SSL2_MT_REQUEST_CERTIFICATE) - { - s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_A; - return(1); - } - else if (*p != SSL2_MT_SERVER_FINISHED) - { - if (p[0] != SSL2_MT_ERROR) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE); - } - else - { - SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR); - /* try to read the error message */ - i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num); - return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i); - } - return(-1); - } - s->state=SSL2_ST_GET_SERVER_FINISHED_B; - } - - len = 1 + SSL2_SSL_SESSION_ID_LENGTH; - n = len - s->init_num; - i = ssl2_read(s,(char *)&(buf[s->init_num]), n); - if (i < n) /* XXX could be shorter than SSL2_SSL_SESSION_ID_LENGTH, that's the maximum */ - return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i)); - s->init_num += i; - if (s->msg_callback) - s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s, s->msg_callback_arg); /* SERVER-FINISHED */ - - if (!s->hit) /* new session */ - { - /* new session-id */ - /* Make sure we were not trying to re-use an old SSL_SESSION - * or bad things can happen */ - /* ZZZZZZZZZZZZZ */ - s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; - memcpy(s->session->session_id,p+1,SSL2_SSL_SESSION_ID_LENGTH); - } - else - { - if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) - { - if ((s->session->session_id_length > sizeof s->session->session_id) - || (0 != memcmp(buf + 1, s->session->session_id, - (unsigned int)s->session->session_id_length))) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT); - return(-1); - } - } - } - s->state = SSL_ST_OK; - return(1); - } - -/* loads in the certificate from the server */ -int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data) - { - STACK_OF(X509) *sk=NULL; - EVP_PKEY *pkey=NULL; - SESS_CERT *sc=NULL; - int i; - X509 *x509=NULL; - int ret=0; - - x509=d2i_X509(NULL,&data,(long)len); - if (x509 == NULL) - { - SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_X509_LIB); - goto err; - } - - if ((sk=sk_X509_new_null()) == NULL || !sk_X509_push(sk,x509)) - { - SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_MALLOC_FAILURE); - goto err; - } - - i=ssl_verify_cert_chain(s,sk); - - if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) - { - SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); - goto err; - } - ERR_clear_error(); /* but we keep s->verify_result */ - s->session->verify_result = s->verify_result; - - /* server's cert for this session */ - sc=ssl_sess_cert_new(); - if (sc == NULL) - { - ret= -1; - goto err; - } - if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert); - s->session->sess_cert=sc; - - sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509=x509; - sc->peer_key= &(sc->peer_pkeys[SSL_PKEY_RSA_ENC]); - - pkey=X509_get_pubkey(x509); - x509=NULL; - if (pkey == NULL) - { - SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY); - goto err; - } - if (pkey->type != EVP_PKEY_RSA) - { - SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_PUBLIC_KEY_NOT_RSA); - goto err; - } - - if (!ssl_set_peer_cert_type(sc,SSL2_CT_X509_CERTIFICATE)) - goto err; - ret=1; -err: - sk_X509_free(sk); - X509_free(x509); - EVP_PKEY_free(pkey); - return(ret); - } - -static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from, - unsigned char *to, int padding) - { - EVP_PKEY *pkey=NULL; - int i= -1; - - if ((sc == NULL) || (sc->peer_key->x509 == NULL) || - ((pkey=X509_get_pubkey(sc->peer_key->x509)) == NULL)) - { - SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_NO_PUBLICKEY); - return(-1); - } - if (pkey->type != EVP_PKEY_RSA) - { - SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA); - goto end; - } - - /* we have the public key */ - i=RSA_public_encrypt(len,from,to,pkey->pkey.rsa,padding); - if (i < 0) - SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB); -end: - EVP_PKEY_free(pkey); - return(i); - } -#else /* !OPENSSL_NO_SSL2 */ - -# if PEDANTIC -static void *dummy=&dummy; -# endif - -#endif diff --git a/main/openssl/ssl/s2_enc.c b/main/openssl/ssl/s2_enc.c deleted file mode 100644 index a35968f6..00000000 --- a/main/openssl/ssl/s2_enc.c +++ /dev/null @@ -1,197 +0,0 @@ -/* ssl/s2_enc.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "ssl_locl.h" -#ifndef OPENSSL_NO_SSL2 -#include <stdio.h> - -int ssl2_enc_init(SSL *s, int client) - { - /* Max number of bytes needed */ - EVP_CIPHER_CTX *rs,*ws; - const EVP_CIPHER *c; - const EVP_MD *md; - int num; - - if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL)) - { - ssl2_return_error(s,SSL2_PE_NO_CIPHER); - SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS); - return(0); - } - ssl_replace_hash(&s->read_hash,md); - ssl_replace_hash(&s->write_hash,md); - - if ((s->enc_read_ctx == NULL) && - ((s->enc_read_ctx=(EVP_CIPHER_CTX *) - OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) - goto err; - - /* make sure it's intialized in case the malloc for enc_write_ctx fails - * and we exit with an error */ - rs= s->enc_read_ctx; - EVP_CIPHER_CTX_init(rs); - - if ((s->enc_write_ctx == NULL) && - ((s->enc_write_ctx=(EVP_CIPHER_CTX *) - OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) - goto err; - - ws= s->enc_write_ctx; - EVP_CIPHER_CTX_init(ws); - - num=c->key_len; - s->s2->key_material_length=num*2; - OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material); - - if (ssl2_generate_key_material(s) <= 0) - return 0; - - OPENSSL_assert(c->iv_len <= (int)sizeof(s->session->key_arg)); - EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]), - s->session->key_arg); - EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]), - s->session->key_arg); - s->s2->read_key= &(s->s2->key_material[(client)?0:num]); - s->s2->write_key= &(s->s2->key_material[(client)?num:0]); - return(1); -err: - SSLerr(SSL_F_SSL2_ENC_INIT,ERR_R_MALLOC_FAILURE); - return(0); - } - -/* read/writes from s->s2->mac_data using length for encrypt and - * decrypt. It sets s->s2->padding and s->[rw]length - * if we are encrypting - * Returns 0 on error and 1 on success */ -int ssl2_enc(SSL *s, int send) - { - EVP_CIPHER_CTX *ds; - unsigned long l; - int bs; - - if (send) - { - ds=s->enc_write_ctx; - l=s->s2->wlength; - } - else - { - ds=s->enc_read_ctx; - l=s->s2->rlength; - } - - /* check for NULL cipher */ - if (ds == NULL) return 1; - - - bs=ds->cipher->block_size; - /* This should be using (bs-1) and bs instead of 7 and 8, but - * what the hell. */ - if (bs == 8) - l=(l+7)/8*8; - - if(EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l) < 1) - return 0; - - return 1; - } - -void ssl2_mac(SSL *s, unsigned char *md, int send) - { - EVP_MD_CTX c; - unsigned char sequence[4],*p,*sec,*act; - unsigned long seq; - unsigned int len; - - if (send) - { - seq=s->s2->write_sequence; - sec=s->s2->write_key; - len=s->s2->wact_data_length; - act=s->s2->wact_data; - } - else - { - seq=s->s2->read_sequence; - sec=s->s2->read_key; - len=s->s2->ract_data_length; - act=s->s2->ract_data; - } - - p= &(sequence[0]); - l2n(seq,p); - - /* There has to be a MAC algorithm. */ - EVP_MD_CTX_init(&c); - EVP_MD_CTX_copy(&c, s->read_hash); - EVP_DigestUpdate(&c,sec, - EVP_CIPHER_CTX_key_length(s->enc_read_ctx)); - EVP_DigestUpdate(&c,act,len); - /* the above line also does the pad data */ - EVP_DigestUpdate(&c,sequence,4); - EVP_DigestFinal_ex(&c,md,NULL); - EVP_MD_CTX_cleanup(&c); - } -#else /* !OPENSSL_NO_SSL2 */ - -# if PEDANTIC -static void *dummy=&dummy; -# endif - -#endif diff --git a/main/openssl/ssl/s2_lib.c b/main/openssl/ssl/s2_lib.c deleted file mode 100644 index c63be305..00000000 --- a/main/openssl/ssl/s2_lib.c +++ /dev/null @@ -1,558 +0,0 @@ -/* ssl/s2_lib.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "ssl_locl.h" -#ifndef OPENSSL_NO_SSL2 -#include <stdio.h> -#include <openssl/objects.h> -#include <openssl/evp.h> -#include <openssl/md5.h> - -const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT; - -#define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER)) - -/* list of available SSLv2 ciphers (sorted by id) */ -OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[]={ -#if 0 -/* NULL_WITH_MD5 v3 */ - { - 1, - SSL2_TXT_NULL_WITH_MD5, - SSL2_CK_NULL_WITH_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_eNULL, - SSL_MD5, - SSL_SSLV2, - SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE, - 0, - 0, - 0, - }, -#endif - -/* RC4_128_WITH_MD5 */ - { - 1, - SSL2_TXT_RC4_128_WITH_MD5, - SSL2_CK_RC4_128_WITH_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_MD5, - SSL_SSLV2, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - }, - -/* RC4_128_EXPORT40_WITH_MD5 */ - { - 1, - SSL2_TXT_RC4_128_EXPORT40_WITH_MD5, - SSL2_CK_RC4_128_EXPORT40_WITH_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_MD5, - SSL_SSLV2, - SSL_EXPORT|SSL_EXP40, - SSL2_CF_5_BYTE_ENC, - 40, - 128, - }, - -/* RC2_128_CBC_WITH_MD5 */ - { - 1, - SSL2_TXT_RC2_128_CBC_WITH_MD5, - SSL2_CK_RC2_128_CBC_WITH_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC2, - SSL_MD5, - SSL_SSLV2, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - }, - -/* RC2_128_CBC_EXPORT40_WITH_MD5 */ - { - 1, - SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5, - SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC2, - SSL_MD5, - SSL_SSLV2, - SSL_EXPORT|SSL_EXP40, - SSL2_CF_5_BYTE_ENC, - 40, - 128, - }, - -#ifndef OPENSSL_NO_IDEA -/* IDEA_128_CBC_WITH_MD5 */ - { - 1, - SSL2_TXT_IDEA_128_CBC_WITH_MD5, - SSL2_CK_IDEA_128_CBC_WITH_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_IDEA, - SSL_MD5, - SSL_SSLV2, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - }, -#endif - -/* DES_64_CBC_WITH_MD5 */ - { - 1, - SSL2_TXT_DES_64_CBC_WITH_MD5, - SSL2_CK_DES_64_CBC_WITH_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_DES, - SSL_MD5, - SSL_SSLV2, - SSL_NOT_EXP|SSL_LOW, - 0, - 56, - 56, - }, - -/* DES_192_EDE3_CBC_WITH_MD5 */ - { - 1, - SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5, - SSL2_CK_DES_192_EDE3_CBC_WITH_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_3DES, - SSL_MD5, - SSL_SSLV2, - SSL_NOT_EXP|SSL_HIGH, - 0, - 112, - 168, - }, - -#if 0 -/* RC4_64_WITH_MD5 */ - { - 1, - SSL2_TXT_RC4_64_WITH_MD5, - SSL2_CK_RC4_64_WITH_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_MD5, - SSL_SSLV2, - SSL_NOT_EXP|SSL_LOW, - SSL2_CF_8_BYTE_ENC, - 64, - 64, - }, -#endif - -#if 0 -/* NULL SSLeay (testing) */ - { - 0, - SSL2_TXT_NULL, - SSL2_CK_NULL, - 0, - 0, - 0, - 0, - SSL_SSLV2, - SSL_STRONG_NONE, - 0, - 0, - 0, - }, -#endif - -/* end of list :-) */ - }; - -long ssl2_default_timeout(void) - { - return(300); - } - -int ssl2_num_ciphers(void) - { - return(SSL2_NUM_CIPHERS); - } - -const SSL_CIPHER *ssl2_get_cipher(unsigned int u) - { - if (u < SSL2_NUM_CIPHERS) - return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u])); - else - return(NULL); - } - -int ssl2_pending(const SSL *s) - { - return SSL_in_init(s) ? 0 : s->s2->ract_data_length; - } - -int ssl2_new(SSL *s) - { - SSL2_STATE *s2; - - if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err; - memset(s2,0,sizeof *s2); - -#if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2 -# error "assertion failed" -#endif - - if ((s2->rbuf=OPENSSL_malloc( - SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err; - /* wbuf needs one byte more because when using two-byte headers, - * we leave the first byte unused in do_ssl_write (s2_pkt.c) */ - if ((s2->wbuf=OPENSSL_malloc( - SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err; - s->s2=s2; - - ssl2_clear(s); - return(1); -err: - if (s2 != NULL) - { - if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf); - if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf); - OPENSSL_free(s2); - } - return(0); - } - -void ssl2_free(SSL *s) - { - SSL2_STATE *s2; - - if(s == NULL) - return; - - s2=s->s2; - if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf); - if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf); - OPENSSL_cleanse(s2,sizeof *s2); - OPENSSL_free(s2); - s->s2=NULL; - } - -void ssl2_clear(SSL *s) - { - SSL2_STATE *s2; - unsigned char *rbuf,*wbuf; - - s2=s->s2; - - rbuf=s2->rbuf; - wbuf=s2->wbuf; - - memset(s2,0,sizeof *s2); - - s2->rbuf=rbuf; - s2->wbuf=wbuf; - s2->clear_text=1; - s->packet=s2->rbuf; - s->version=SSL2_VERSION; - s->packet_length=0; - } - -long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg) - { - int ret=0; - - switch(cmd) - { - case SSL_CTRL_GET_SESSION_REUSED: - ret=s->hit; - break; - case SSL_CTRL_CHECK_PROTO_VERSION: - return ssl3_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, larg, parg); - default: - break; - } - return(ret); - } - -long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) - { - return(0); - } - -long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) - { - return(0); - } - -long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) - { - return(0); - } - -/* This function needs to check if the ciphers required are actually - * available */ -const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) - { - SSL_CIPHER c; - const SSL_CIPHER *cp; - unsigned long id; - - id=0x02000000L|((unsigned long)p[0]<<16L)| - ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; - c.id=id; - cp = OBJ_bsearch_ssl_cipher_id(&c, ssl2_ciphers, SSL2_NUM_CIPHERS); - if ((cp == NULL) || (cp->valid == 0)) - return NULL; - else - return cp; - } - -int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) - { - long l; - - if (p != NULL) - { - l=c->id; - if ((l & 0xff000000) != 0x02000000 && l != SSL3_CK_FALLBACK_SCSV) return(0); - p[0]=((unsigned char)(l>>16L))&0xFF; - p[1]=((unsigned char)(l>> 8L))&0xFF; - p[2]=((unsigned char)(l ))&0xFF; - } - return(3); - } - -int ssl2_generate_key_material(SSL *s) - { - unsigned int i; - EVP_MD_CTX ctx; - unsigned char *km; - unsigned char c='0'; - const EVP_MD *md5; - int md_size; - - md5 = EVP_md5(); - -#ifdef CHARSET_EBCDIC - c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0', - see SSLv2 docu */ -#endif - EVP_MD_CTX_init(&ctx); - km=s->s2->key_material; - - if (s->session->master_key_length < 0 || - s->session->master_key_length > (int)sizeof(s->session->master_key)) - { - SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); - return 0; - } - md_size = EVP_MD_size(md5); - if (md_size < 0) - return 0; - for (i=0; i<s->s2->key_material_length; i += md_size) - { - if (((km - s->s2->key_material) + md_size) > - (int)sizeof(s->s2->key_material)) - { - /* EVP_DigestFinal_ex() below would write beyond buffer */ - SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); - return 0; - } - - EVP_DigestInit_ex(&ctx, md5, NULL); - - OPENSSL_assert(s->session->master_key_length >= 0 - && s->session->master_key_length - < (int)sizeof(s->session->master_key)); - EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); - EVP_DigestUpdate(&ctx,&c,1); - c++; - EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length); - EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length); - EVP_DigestFinal_ex(&ctx,km,NULL); - km += md_size; - } - - EVP_MD_CTX_cleanup(&ctx); - return 1; - } - -void ssl2_return_error(SSL *s, int err) - { - if (!s->error) - { - s->error=3; - s->error_code=err; - - ssl2_write_error(s); - } - } - - -void ssl2_write_error(SSL *s) - { - unsigned char buf[3]; - int i,error; - - buf[0]=SSL2_MT_ERROR; - buf[1]=(s->error_code>>8)&0xff; - buf[2]=(s->error_code)&0xff; - -/* state=s->rwstate;*/ - - error=s->error; /* number of bytes left to write */ - s->error=0; - OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf)); - i=ssl2_write(s,&(buf[3-error]),error); - -/* if (i == error) s->rwstate=state; */ - - if (i < 0) - s->error=error; - else - { - s->error=error-i; - - if (s->error == 0) - if (s->msg_callback) - s->msg_callback(1, s->version, 0, buf, 3, s, s->msg_callback_arg); /* ERROR */ - } - } - -int ssl2_shutdown(SSL *s) - { - s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); - return(1); - } -#else /* !OPENSSL_NO_SSL2 */ - -# if PEDANTIC -static void *dummy=&dummy; -# endif - -#endif diff --git a/main/openssl/ssl/s2_meth.c b/main/openssl/ssl/s2_meth.c deleted file mode 100644 index f0e8ca59..00000000 --- a/main/openssl/ssl/s2_meth.c +++ /dev/null @@ -1,84 +0,0 @@ -/* ssl/s2_meth.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "ssl_locl.h" -#ifndef OPENSSL_NO_SSL2 -#include <stdio.h> -#include <openssl/objects.h> - -static const SSL_METHOD *ssl2_get_method(int ver); -static const SSL_METHOD *ssl2_get_method(int ver) - { - if (ver == SSL2_VERSION) - return(SSLv2_method()); - else - return(NULL); - } - -IMPLEMENT_ssl2_meth_func(SSLv2_method, - ssl2_accept, - ssl2_connect, - ssl2_get_method) - -#else /* !OPENSSL_NO_SSL2 */ - -# if PEDANTIC -static void *dummy=&dummy; -# endif - -#endif diff --git a/main/openssl/ssl/s2_pkt.c b/main/openssl/ssl/s2_pkt.c deleted file mode 100644 index acd61dc5..00000000 --- a/main/openssl/ssl/s2_pkt.c +++ /dev/null @@ -1,748 +0,0 @@ -/* ssl/s2_pkt.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "ssl_locl.h" -#ifndef OPENSSL_NO_SSL2 -#include <stdio.h> -#include <errno.h> -#define USE_SOCKETS - -static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend); -static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len); -static int write_pending(SSL *s, const unsigned char *buf, unsigned int len); -static int ssl_mt_error(int n); - - -/* SSL 2.0 imlementation for SSL_read/SSL_peek - - * This routine will return 0 to len bytes, decrypted etc if required. - */ -static int ssl2_read_internal(SSL *s, void *buf, int len, int peek) - { - int n; - unsigned char mac[MAX_MAC_SIZE]; - unsigned char *p; - int i; - int mac_size; - - ssl2_read_again: - if (SSL_in_init(s) && !s->in_handshake) - { - n=s->handshake_func(s); - if (n < 0) return(n); - if (n == 0) - { - SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); - } - } - - clear_sys_error(); - s->rwstate=SSL_NOTHING; - if (len <= 0) return(len); - - if (s->s2->ract_data_length != 0) /* read from buffer */ - { - if (len > s->s2->ract_data_length) - n=s->s2->ract_data_length; - else - n=len; - - memcpy(buf,s->s2->ract_data,(unsigned int)n); - if (!peek) - { - s->s2->ract_data_length-=n; - s->s2->ract_data+=n; - if (s->s2->ract_data_length == 0) - s->rstate=SSL_ST_READ_HEADER; - } - - return(n); - } - - /* s->s2->ract_data_length == 0 - * - * Fill the buffer, then goto ssl2_read_again. - */ - - if (s->rstate == SSL_ST_READ_HEADER) - { - if (s->first_packet) - { - n=read_n(s,5,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0); - if (n <= 0) return(n); /* error or non-blocking */ - s->first_packet=0; - p=s->packet; - if (!((p[0] & 0x80) && ( - (p[2] == SSL2_MT_CLIENT_HELLO) || - (p[2] == SSL2_MT_SERVER_HELLO)))) - { - SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_NON_SSLV2_INITIAL_PACKET); - return(-1); - } - } - else - { - n=read_n(s,2,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0); - if (n <= 0) return(n); /* error or non-blocking */ - } - /* part read stuff */ - - s->rstate=SSL_ST_READ_BODY; - p=s->packet; - /* Do header */ - /*s->s2->padding=0;*/ - s->s2->escape=0; - s->s2->rlength=(((unsigned int)p[0])<<8)|((unsigned int)p[1]); - if ((p[0] & TWO_BYTE_BIT)) /* Two byte header? */ - { - s->s2->three_byte_header=0; - s->s2->rlength&=TWO_BYTE_MASK; - } - else - { - s->s2->three_byte_header=1; - s->s2->rlength&=THREE_BYTE_MASK; - - /* security >s2->escape */ - s->s2->escape=((p[0] & SEC_ESC_BIT))?1:0; - } - } - - if (s->rstate == SSL_ST_READ_BODY) - { - n=s->s2->rlength+2+s->s2->three_byte_header; - if (n > (int)s->packet_length) - { - n-=s->packet_length; - i=read_n(s,(unsigned int)n,(unsigned int)n,1); - if (i <= 0) return(i); /* ERROR */ - } - - p= &(s->packet[2]); - s->rstate=SSL_ST_READ_HEADER; - if (s->s2->three_byte_header) - s->s2->padding= *(p++); - else s->s2->padding=0; - - /* Data portion */ - if (s->s2->clear_text) - { - mac_size = 0; - s->s2->mac_data=p; - s->s2->ract_data=p; - if (s->s2->padding) - { - SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING); - return(-1); - } - } - else - { - mac_size=EVP_MD_CTX_size(s->read_hash); - if (mac_size < 0) - return -1; - OPENSSL_assert(mac_size <= MAX_MAC_SIZE); - s->s2->mac_data=p; - s->s2->ract_data= &p[mac_size]; - if (s->s2->padding + mac_size > s->s2->rlength) - { - SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING); - return(-1); - } - } - - s->s2->ract_data_length=s->s2->rlength; - /* added a check for length > max_size in case - * encryption was not turned on yet due to an error */ - if ((!s->s2->clear_text) && - (s->s2->rlength >= (unsigned int)mac_size)) - { - if(!ssl2_enc(s,0)) - { - SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_DECRYPTION_FAILED); - return(-1); - } - s->s2->ract_data_length-=mac_size; - ssl2_mac(s,mac,0); - s->s2->ract_data_length-=s->s2->padding; - if ( (CRYPTO_memcmp(mac,s->s2->mac_data,mac_size) != 0) || - (s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0)) - { - SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE); - return(-1); - } - } - INC32(s->s2->read_sequence); /* expect next number */ - /* s->s2->ract_data is now available for processing */ - - /* Possibly the packet that we just read had 0 actual data bytes. - * (SSLeay/OpenSSL itself never sends such packets; see ssl2_write.) - * In this case, returning 0 would be interpreted by the caller - * as indicating EOF, so it's not a good idea. Instead, we just - * continue reading; thus ssl2_read_internal may have to process - * multiple packets before it can return. - * - * [Note that using select() for blocking sockets *never* guarantees - * that the next SSL_read will not block -- the available - * data may contain incomplete packets, and except for SSL 2, - * renegotiation can confuse things even more.] */ - - goto ssl2_read_again; /* This should really be - * "return ssl2_read(s,buf,len)", - * but that would allow for - * denial-of-service attacks if a - * C compiler is used that does not - * recognize end-recursion. */ - } - else - { - SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_STATE); - return(-1); - } - } - -int ssl2_read(SSL *s, void *buf, int len) - { - return ssl2_read_internal(s, buf, len, 0); - } - -int ssl2_peek(SSL *s, void *buf, int len) - { - return ssl2_read_internal(s, buf, len, 1); - } - -static int read_n(SSL *s, unsigned int n, unsigned int max, - unsigned int extend) - { - int i,off,newb; - - /* if there is stuff still in the buffer from a previous read, - * and there is more than we want, take some. */ - if (s->s2->rbuf_left >= (int)n) - { - if (extend) - s->packet_length+=n; - else - { - s->packet= &(s->s2->rbuf[s->s2->rbuf_offs]); - s->packet_length=n; - } - s->s2->rbuf_left-=n; - s->s2->rbuf_offs+=n; - return(n); - } - - if (!s->read_ahead) max=n; - if (max > (unsigned int)(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) - max=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2; - - - /* Else we want more than we have. - * First, if there is some left or we want to extend */ - off=0; - if ((s->s2->rbuf_left != 0) || ((s->packet_length != 0) && extend)) - { - newb=s->s2->rbuf_left; - if (extend) - { - off=s->packet_length; - if (s->packet != s->s2->rbuf) - memcpy(s->s2->rbuf,s->packet, - (unsigned int)newb+off); - } - else if (s->s2->rbuf_offs != 0) - { - memcpy(s->s2->rbuf,&(s->s2->rbuf[s->s2->rbuf_offs]), - (unsigned int)newb); - s->s2->rbuf_offs=0; - } - s->s2->rbuf_left=0; - } - else - newb=0; - - /* off is the offset to start writing too. - * r->s2->rbuf_offs is the 'unread data', now 0. - * newb is the number of new bytes so far - */ - s->packet=s->s2->rbuf; - while (newb < (int)n) - { - clear_sys_error(); - if (s->rbio != NULL) - { - s->rwstate=SSL_READING; - i=BIO_read(s->rbio,(char *)&(s->s2->rbuf[off+newb]), - max-newb); - } - else - { - SSLerr(SSL_F_READ_N,SSL_R_READ_BIO_NOT_SET); - i= -1; - } -#ifdef PKT_DEBUG - if (s->debug & 0x01) sleep(1); -#endif - if (i <= 0) - { - s->s2->rbuf_left+=newb; - return(i); - } - newb+=i; - } - - /* record unread data */ - if (newb > (int)n) - { - s->s2->rbuf_offs=n+off; - s->s2->rbuf_left=newb-n; - } - else - { - s->s2->rbuf_offs=0; - s->s2->rbuf_left=0; - } - if (extend) - s->packet_length+=n; - else - s->packet_length=n; - s->rwstate=SSL_NOTHING; - return(n); - } - -int ssl2_write(SSL *s, const void *_buf, int len) - { - const unsigned char *buf=_buf; - unsigned int n,tot; - int i; - - if (SSL_in_init(s) && !s->in_handshake) - { - i=s->handshake_func(s); - if (i < 0) return(i); - if (i == 0) - { - SSLerr(SSL_F_SSL2_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); - } - } - - if (s->error) - { - ssl2_write_error(s); - if (s->error) - return(-1); - } - - clear_sys_error(); - s->rwstate=SSL_NOTHING; - if (len <= 0) return(len); - - tot=s->s2->wnum; - s->s2->wnum=0; - - n=(len-tot); - for (;;) - { - i=n_do_ssl_write(s,&(buf[tot]),n); - if (i <= 0) - { - s->s2->wnum=tot; - return(i); - } - if ((i == (int)n) || - (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)) - { - return(tot+i); - } - - n-=i; - tot+=i; - } - } - -static int write_pending(SSL *s, const unsigned char *buf, unsigned int len) - { - int i; - - /* s->s2->wpend_len != 0 MUST be true. */ - - /* check that they have given us the same buffer to - * write */ - if ((s->s2->wpend_tot > (int)len) || - ((s->s2->wpend_buf != buf) && - !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))) - { - SSLerr(SSL_F_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); - return(-1); - } - - for (;;) - { - clear_sys_error(); - if (s->wbio != NULL) - { - s->rwstate=SSL_WRITING; - i=BIO_write(s->wbio, - (char *)&(s->s2->write_ptr[s->s2->wpend_off]), - (unsigned int)s->s2->wpend_len); - } - else - { - SSLerr(SSL_F_WRITE_PENDING,SSL_R_WRITE_BIO_NOT_SET); - i= -1; - } -#ifdef PKT_DEBUG - if (s->debug & 0x01) sleep(1); -#endif - if (i == s->s2->wpend_len) - { - s->s2->wpend_len=0; - s->rwstate=SSL_NOTHING; - return(s->s2->wpend_ret); - } - else if (i <= 0) - return(i); - s->s2->wpend_off+=i; - s->s2->wpend_len-=i; - } - } - -static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len) - { - unsigned int j,k,olen,p,bs; - int mac_size; - register unsigned char *pp; - - olen=len; - - /* first check if there is data from an encryption waiting to - * be sent - it must be sent because the other end is waiting. - * This will happen with non-blocking IO. We print it and then - * return. - */ - if (s->s2->wpend_len != 0) return(write_pending(s,buf,len)); - - /* set mac_size to mac size */ - if (s->s2->clear_text) - mac_size=0; - else - { - mac_size=EVP_MD_CTX_size(s->write_hash); - if (mac_size < 0) - return -1; - } - - /* lets set the pad p */ - if (s->s2->clear_text) - { - if (len > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER) - len=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER; - p=0; - s->s2->three_byte_header=0; - /* len=len; */ - } - else - { - bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx); - j=len+mac_size; - /* Two-byte headers allow for a larger record length than - * three-byte headers, but we can't use them if we need - * padding or if we have to set the escape bit. */ - if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) && - (!s->s2->escape)) - { - if (j > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER) - j=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER; - /* set k to the max number of bytes with 2 - * byte header */ - k=j-(j%bs); - /* how many data bytes? */ - len=k-mac_size; - s->s2->three_byte_header=0; - p=0; - } - else if ((bs <= 1) && (!s->s2->escape)) - { - /* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus - * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */ - s->s2->three_byte_header=0; - p=0; - } - else /* we may have to use a 3 byte header */ - { - /* If s->s2->escape is not set, then - * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus - * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */ - p=(j%bs); - p=(p == 0)?0:(bs-p); - if (s->s2->escape) - { - s->s2->three_byte_header=1; - if (j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) - j=SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER; - } - else - s->s2->three_byte_header=(p == 0)?0:1; - } - } - - /* Now - * j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER - * holds, and if s->s2->three_byte_header is set, then even - * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER. - */ - - /* mac_size is the number of MAC bytes - * len is the number of data bytes we are going to send - * p is the number of padding bytes - * (if it is a two-byte header, then p == 0) */ - - s->s2->wlength=len; - s->s2->padding=p; - s->s2->mac_data= &(s->s2->wbuf[3]); - s->s2->wact_data= &(s->s2->wbuf[3+mac_size]); - /* we copy the data into s->s2->wbuf */ - memcpy(s->s2->wact_data,buf,len); - if (p) - memset(&(s->s2->wact_data[len]),0,p); /* arbitrary padding */ - - if (!s->s2->clear_text) - { - s->s2->wact_data_length=len+p; - ssl2_mac(s,s->s2->mac_data,1); - s->s2->wlength+=p+mac_size; - if(ssl2_enc(s,1) < 1) - return -1; - } - - /* package up the header */ - s->s2->wpend_len=s->s2->wlength; - if (s->s2->three_byte_header) /* 3 byte header */ - { - pp=s->s2->mac_data; - pp-=3; - pp[0]=(s->s2->wlength>>8)&(THREE_BYTE_MASK>>8); - if (s->s2->escape) pp[0]|=SEC_ESC_BIT; - pp[1]=s->s2->wlength&0xff; - pp[2]=s->s2->padding; - s->s2->wpend_len+=3; - } - else - { - pp=s->s2->mac_data; - pp-=2; - pp[0]=((s->s2->wlength>>8)&(TWO_BYTE_MASK>>8))|TWO_BYTE_BIT; - pp[1]=s->s2->wlength&0xff; - s->s2->wpend_len+=2; - } - s->s2->write_ptr=pp; - - INC32(s->s2->write_sequence); /* expect next number */ - - /* lets try to actually write the data */ - s->s2->wpend_tot=olen; - s->s2->wpend_buf=buf; - - s->s2->wpend_ret=len; - - s->s2->wpend_off=0; - return(write_pending(s,buf,olen)); - } - -int ssl2_part_read(SSL *s, unsigned long f, int i) - { - unsigned char *p; - int j; - - if (i < 0) - { - /* ssl2_return_error(s); */ - /* for non-blocking io, - * this is not necessarily fatal */ - return(i); - } - else - { - s->init_num+=i; - - /* Check for error. While there are recoverable errors, - * this function is not called when those must be expected; - * any error detected here is fatal. */ - if (s->init_num >= 3) - { - p=(unsigned char *)s->init_buf->data; - if (p[0] == SSL2_MT_ERROR) - { - j=(p[1]<<8)|p[2]; - SSLerr((int)f,ssl_mt_error(j)); - s->init_num -= 3; - if (s->init_num > 0) - memmove(p, p+3, s->init_num); - } - } - - /* If it's not an error message, we have some error anyway -- - * the message was shorter than expected. This too is treated - * as fatal (at least if SSL_get_error is asked for its opinion). */ - return(0); - } - } - -int ssl2_do_write(SSL *s) - { - int ret; - - ret=ssl2_write(s,&s->init_buf->data[s->init_off],s->init_num); - if (ret == s->init_num) - { - if (s->msg_callback) - s->msg_callback(1, s->version, 0, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg); - return(1); - } - if (ret < 0) - return(-1); - s->init_off+=ret; - s->init_num-=ret; - return(0); - } - -static int ssl_mt_error(int n) - { - int ret; - - switch (n) - { - case SSL2_PE_NO_CIPHER: - ret=SSL_R_PEER_ERROR_NO_CIPHER; - break; - case SSL2_PE_NO_CERTIFICATE: - ret=SSL_R_PEER_ERROR_NO_CERTIFICATE; - break; - case SSL2_PE_BAD_CERTIFICATE: - ret=SSL_R_PEER_ERROR_CERTIFICATE; - break; - case SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE: - ret=SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE; - break; - default: - ret=SSL_R_UNKNOWN_REMOTE_ERROR_TYPE; - break; - } - return(ret); - } -#else /* !OPENSSL_NO_SSL2 */ - -# if PEDANTIC -static void *dummy=&dummy; -# endif - -#endif diff --git a/main/openssl/ssl/s2_srvr.c b/main/openssl/ssl/s2_srvr.c deleted file mode 100644 index 59ced3f3..00000000 --- a/main/openssl/ssl/s2_srvr.c +++ /dev/null @@ -1,1156 +0,0 @@ -/* ssl/s2_srvr.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "ssl_locl.h" -#ifndef OPENSSL_NO_SSL2 -#include <stdio.h> -#include <openssl/bio.h> -#include <openssl/rand.h> -#include <openssl/objects.h> -#include <openssl/evp.h> - -static const SSL_METHOD *ssl2_get_server_method(int ver); -static int get_client_master_key(SSL *s); -static int get_client_hello(SSL *s); -static int server_hello(SSL *s); -static int get_client_finished(SSL *s); -static int server_verify(SSL *s); -static int server_finish(SSL *s); -static int request_certificate(SSL *s); -static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from, - unsigned char *to,int padding); -#define BREAK break - -static const SSL_METHOD *ssl2_get_server_method(int ver) - { - if (ver == SSL2_VERSION) - return(SSLv2_server_method()); - else - return(NULL); - } - -IMPLEMENT_ssl2_meth_func(SSLv2_server_method, - ssl2_accept, - ssl_undefined_function, - ssl2_get_server_method) - -int ssl2_accept(SSL *s) - { - unsigned long l=(unsigned long)time(NULL); - BUF_MEM *buf=NULL; - int ret= -1; - long num1; - void (*cb)(const SSL *ssl,int type,int val)=NULL; - int new_state,state; - - RAND_add(&l,sizeof(l),0); - ERR_clear_error(); - clear_sys_error(); - - if (s->info_callback != NULL) - cb=s->info_callback; - else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; - - /* init things to blank */ - s->in_handshake++; - if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); - - if (s->cert == NULL) - { - SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_NO_CERTIFICATE_SET); - return(-1); - } - - clear_sys_error(); - for (;;) - { - state=s->state; - - switch (s->state) - { - case SSL_ST_BEFORE: - case SSL_ST_ACCEPT: - case SSL_ST_BEFORE|SSL_ST_ACCEPT: - case SSL_ST_OK|SSL_ST_ACCEPT: - - s->server=1; - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); - - s->version=SSL2_VERSION; - s->type=SSL_ST_ACCEPT; - - if(s->init_buf == NULL) - { - if ((buf=BUF_MEM_new()) == NULL) - { - ret= -1; - goto end; - } - if (!BUF_MEM_grow(buf,(int) SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) - { - BUF_MEM_free(buf); - ret= -1; - goto end; - } - s->init_buf=buf; - } - s->init_num=0; - s->ctx->stats.sess_accept++; - s->handshake_func=ssl2_accept; - s->state=SSL2_ST_GET_CLIENT_HELLO_A; - BREAK; - - case SSL2_ST_GET_CLIENT_HELLO_A: - case SSL2_ST_GET_CLIENT_HELLO_B: - case SSL2_ST_GET_CLIENT_HELLO_C: - s->shutdown=0; - ret=get_client_hello(s); - if (ret <= 0) goto end; - s->init_num=0; - s->state=SSL2_ST_SEND_SERVER_HELLO_A; - BREAK; - - case SSL2_ST_SEND_SERVER_HELLO_A: - case SSL2_ST_SEND_SERVER_HELLO_B: - ret=server_hello(s); - if (ret <= 0) goto end; - s->init_num=0; - if (!s->hit) - { - s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_A; - BREAK; - } - else - { - s->state=SSL2_ST_SERVER_START_ENCRYPTION; - BREAK; - } - case SSL2_ST_GET_CLIENT_MASTER_KEY_A: - case SSL2_ST_GET_CLIENT_MASTER_KEY_B: - ret=get_client_master_key(s); - if (ret <= 0) goto end; - s->init_num=0; - s->state=SSL2_ST_SERVER_START_ENCRYPTION; - BREAK; - - case SSL2_ST_SERVER_START_ENCRYPTION: - /* Ok we how have sent all the stuff needed to - * start encrypting, the next packet back will - * be encrypted. */ - if (!ssl2_enc_init(s,0)) - { ret= -1; goto end; } - s->s2->clear_text=0; - s->state=SSL2_ST_SEND_SERVER_VERIFY_A; - BREAK; - - case SSL2_ST_SEND_SERVER_VERIFY_A: - case SSL2_ST_SEND_SERVER_VERIFY_B: - ret=server_verify(s); - if (ret <= 0) goto end; - s->init_num=0; - if (s->hit) - { - /* If we are in here, we have been - * buffering the output, so we need to - * flush it and remove buffering from - * future traffic */ - s->state=SSL2_ST_SEND_SERVER_VERIFY_C; - BREAK; - } - else - { - s->state=SSL2_ST_GET_CLIENT_FINISHED_A; - break; - } - - case SSL2_ST_SEND_SERVER_VERIFY_C: - /* get the number of bytes to write */ - num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); - if (num1 > 0) - { - s->rwstate=SSL_WRITING; - num1=BIO_flush(s->wbio); - if (num1 <= 0) { ret= -1; goto end; } - s->rwstate=SSL_NOTHING; - } - - /* flushed and now remove buffering */ - s->wbio=BIO_pop(s->wbio); - - s->state=SSL2_ST_GET_CLIENT_FINISHED_A; - BREAK; - - case SSL2_ST_GET_CLIENT_FINISHED_A: - case SSL2_ST_GET_CLIENT_FINISHED_B: - ret=get_client_finished(s); - if (ret <= 0) - goto end; - s->init_num=0; - s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_A; - BREAK; - - case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: - case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: - case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: - case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: - /* don't do a 'request certificate' if we - * don't want to, or we already have one, and - * we only want to do it once. */ - if (!(s->verify_mode & SSL_VERIFY_PEER) || - ((s->session->peer != NULL) && - (s->verify_mode & SSL_VERIFY_CLIENT_ONCE))) - { - s->state=SSL2_ST_SEND_SERVER_FINISHED_A; - break; - } - else - { - ret=request_certificate(s); - if (ret <= 0) goto end; - s->init_num=0; - s->state=SSL2_ST_SEND_SERVER_FINISHED_A; - } - BREAK; - - case SSL2_ST_SEND_SERVER_FINISHED_A: - case SSL2_ST_SEND_SERVER_FINISHED_B: - ret=server_finish(s); - if (ret <= 0) goto end; - s->init_num=0; - s->state=SSL_ST_OK; - break; - - case SSL_ST_OK: - BUF_MEM_free(s->init_buf); - ssl_free_wbio_buffer(s); - s->init_buf=NULL; - s->init_num=0; - /* ERR_clear_error();*/ - - ssl_update_cache(s,SSL_SESS_CACHE_SERVER); - - s->ctx->stats.sess_accept_good++; - /* s->server=1; */ - ret=1; - - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); - - goto end; - /* BREAK; */ - - default: - SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_UNKNOWN_STATE); - ret= -1; - goto end; - /* BREAK; */ - } - - if ((cb != NULL) && (s->state != state)) - { - new_state=s->state; - s->state=state; - cb(s,SSL_CB_ACCEPT_LOOP,1); - s->state=new_state; - } - } -end: - s->in_handshake--; - if (cb != NULL) - cb(s,SSL_CB_ACCEPT_EXIT,ret); - return(ret); - } - -static int get_client_master_key(SSL *s) - { - int is_export,i,n,keya,ek; - unsigned long len; - unsigned char *p; - const SSL_CIPHER *cp; - const EVP_CIPHER *c; - const EVP_MD *md; - - p=(unsigned char *)s->init_buf->data; - if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A) - { - i=ssl2_read(s,(char *)&(p[s->init_num]),10-s->init_num); - - if (i < (10-s->init_num)) - return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i)); - s->init_num = 10; - - if (*(p++) != SSL2_MT_CLIENT_MASTER_KEY) - { - if (p[-1] != SSL2_MT_ERROR) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE); - } - else - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR); - return(-1); - } - - cp=ssl2_get_cipher_by_char(p); - if (cp == NULL) - { - ssl2_return_error(s,SSL2_PE_NO_CIPHER); - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH); - return(-1); - } - s->session->cipher= cp; - - p+=3; - n2s(p,i); s->s2->tmp.clear=i; - n2s(p,i); s->s2->tmp.enc=i; - n2s(p,i); - if(i > SSL_MAX_KEY_ARG_LENGTH) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG); - return -1; - } - s->session->key_arg_length=i; - s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; - } - - /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ - p=(unsigned char *)s->init_buf->data; - if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); - return -1; - } - keya=s->session->key_arg_length; - len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya; - if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG); - return -1; - } - n = (int)len - s->init_num; - i = ssl2_read(s,(char *)&(p[s->init_num]),n); - if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i)); - if (s->msg_callback) - s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-MASTER-KEY */ - p += 10; - - memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]), - (unsigned int)keya); - - if (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY); - return(-1); - } - i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc, - &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]), - (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING); - - is_export=SSL_C_IS_EXPORT(s->session->cipher); - - if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL)) - { - ssl2_return_error(s,SSL2_PE_NO_CIPHER); - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS); - return(0); - } - - if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC) - { - is_export=1; - ek=8; - } - else - ek=5; - - /* bad decrypt */ -#if 1 - /* If a bad decrypt, continue with protocol but with a - * random master secret (Bleichenbacher attack) */ - if ((i < 0) || - ((!is_export && (i != EVP_CIPHER_key_length(c))) - || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i != - (unsigned int)EVP_CIPHER_key_length(c)))))) - { - ERR_clear_error(); - if (is_export) - i=ek; - else - i=EVP_CIPHER_key_length(c); - if (RAND_pseudo_bytes(p,i) <= 0) - return 0; - } -#else - if (i < 0) - { - error=1; - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_RSA_DECRYPT); - } - /* incorrect number of key bytes for non export cipher */ - else if ((!is_export && (i != EVP_CIPHER_key_length(c))) - || (is_export && ((i != ek) || (s->s2->tmp.clear+i != - EVP_CIPHER_key_length(c))))) - { - error=1; - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_WRONG_NUMBER_OF_KEY_BITS); - } - if (error) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - return(-1); - } -#endif - - if (is_export) i+=s->s2->tmp.clear; - - if (i > SSL_MAX_MASTER_KEY_LENGTH) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); - return -1; - } - s->session->master_key_length=i; - memcpy(s->session->master_key,p,(unsigned int)i); - return(1); - } - -static int get_client_hello(SSL *s) - { - int i,n; - unsigned long len; - unsigned char *p; - STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */ - STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */ - STACK_OF(SSL_CIPHER) *prio, *allow; - int z; - - /* This is a bit of a hack to check for the correct packet - * type the first time round. */ - if (s->state == SSL2_ST_GET_CLIENT_HELLO_A) - { - s->first_packet=1; - s->state=SSL2_ST_GET_CLIENT_HELLO_B; - } - - p=(unsigned char *)s->init_buf->data; - if (s->state == SSL2_ST_GET_CLIENT_HELLO_B) - { - i=ssl2_read(s,(char *)&(p[s->init_num]),9-s->init_num); - if (i < (9-s->init_num)) - return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i)); - s->init_num = 9; - - if (*(p++) != SSL2_MT_CLIENT_HELLO) - { - if (p[-1] != SSL2_MT_ERROR) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_READ_WRONG_PACKET_TYPE); - } - else - SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_PEER_ERROR); - return(-1); - } - n2s(p,i); - if (i < s->version) s->version=i; - n2s(p,i); s->s2->tmp.cipher_spec_length=i; - n2s(p,i); s->s2->tmp.session_id_length=i; - n2s(p,i); s->s2->challenge_length=i; - if ( (i < SSL2_MIN_CHALLENGE_LENGTH) || - (i > SSL2_MAX_CHALLENGE_LENGTH)) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH); - return(-1); - } - s->state=SSL2_ST_GET_CLIENT_HELLO_C; - } - - /* SSL2_ST_GET_CLIENT_HELLO_C */ - p=(unsigned char *)s->init_buf->data; - len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length; - if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG); - return -1; - } - n = (int)len - s->init_num; - i = ssl2_read(s,(char *)&(p[s->init_num]),n); - if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i)); - if (s->msg_callback) - s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-HELLO */ - p += 9; - - /* get session-id before cipher stuff so we can get out session - * structure if it is cached */ - /* session-id */ - if ((s->s2->tmp.session_id_length != 0) && - (s->s2->tmp.session_id_length != SSL2_SSL_SESSION_ID_LENGTH)) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_BAD_SSL_SESSION_ID_LENGTH); - return(-1); - } - - if (s->s2->tmp.session_id_length == 0) - { - if (!ssl_get_new_session(s,1)) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - return(-1); - } - } - else - { - i=ssl_get_prev_session(s,&(p[s->s2->tmp.cipher_spec_length]), - s->s2->tmp.session_id_length, NULL); - if (i == 1) - { /* previous session */ - s->hit=1; - } - else if (i == -1) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - return(-1); - } - else - { - if (s->cert == NULL) - { - ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE); - SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_NO_CERTIFICATE_SET); - return(-1); - } - - if (!ssl_get_new_session(s,1)) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - return(-1); - } - } - } - - if (!s->hit) - { - cs=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.cipher_spec_length, - &s->session->ciphers); - if (cs == NULL) goto mem_err; - - cl=SSL_get_ciphers(s); - - if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) - { - prio=sk_SSL_CIPHER_dup(cl); - if (prio == NULL) goto mem_err; - allow = cs; - } - else - { - prio = cs; - allow = cl; - } - for (z=0; z<sk_SSL_CIPHER_num(prio); z++) - { - if (sk_SSL_CIPHER_find(allow,sk_SSL_CIPHER_value(prio,z)) < 0) - { - (void)sk_SSL_CIPHER_delete(prio,z); - z--; - } - } - if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) - { - sk_SSL_CIPHER_free(s->session->ciphers); - s->session->ciphers = prio; - } - /* s->session->ciphers should now have a list of - * ciphers that are on both the client and server. - * This list is ordered by the order the client sent - * the ciphers or in the order of the server's preference - * if SSL_OP_CIPHER_SERVER_PREFERENCE was set. - */ - } - p+=s->s2->tmp.cipher_spec_length; - /* done cipher selection */ - - /* session id extracted already */ - p+=s->s2->tmp.session_id_length; - - /* challenge */ - if (s->s2->challenge_length > sizeof s->s2->challenge) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - return -1; - } - memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length); - return(1); -mem_err: - SSLerr(SSL_F_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE); - return(0); - } - -static int server_hello(SSL *s) - { - unsigned char *p,*d; - int n,hit; - - p=(unsigned char *)s->init_buf->data; - if (s->state == SSL2_ST_SEND_SERVER_HELLO_A) - { - d=p+11; - *(p++)=SSL2_MT_SERVER_HELLO; /* type */ - hit=s->hit; - *(p++)=(unsigned char)hit; -#if 1 - if (!hit) - { - if (s->session->sess_cert != NULL) - /* This can't really happen because get_client_hello - * has called ssl_get_new_session, which does not set - * sess_cert. */ - ssl_sess_cert_free(s->session->sess_cert); - s->session->sess_cert = ssl_sess_cert_new(); - if (s->session->sess_cert == NULL) - { - SSLerr(SSL_F_SERVER_HELLO, ERR_R_MALLOC_FAILURE); - return(-1); - } - } - /* If 'hit' is set, then s->sess_cert may be non-NULL or NULL, - * depending on whether it survived in the internal cache - * or was retrieved from an external cache. - * If it is NULL, we cannot put any useful data in it anyway, - * so we don't touch it. - */ - -#else /* That's what used to be done when cert_st and sess_cert_st were - * the same. */ - if (!hit) - { /* else add cert to session */ - CRYPTO_add(&s->cert->references,1,CRYPTO_LOCK_SSL_CERT); - if (s->session->sess_cert != NULL) - ssl_cert_free(s->session->sess_cert); - s->session->sess_cert=s->cert; - } - else /* We have a session id-cache hit, if the - * session-id has no certificate listed against - * the 'cert' structure, grab the 'old' one - * listed against the SSL connection */ - { - if (s->session->sess_cert == NULL) - { - CRYPTO_add(&s->cert->references,1, - CRYPTO_LOCK_SSL_CERT); - s->session->sess_cert=s->cert; - } - } -#endif - - if (s->cert == NULL) - { - ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE); - SSLerr(SSL_F_SERVER_HELLO,SSL_R_NO_CERTIFICATE_SPECIFIED); - return(-1); - } - - if (hit) - { - *(p++)=0; /* no certificate type */ - s2n(s->version,p); /* version */ - s2n(0,p); /* cert len */ - s2n(0,p); /* ciphers len */ - } - else - { - /* EAY EAY */ - /* put certificate type */ - *(p++)=SSL2_CT_X509_CERTIFICATE; - s2n(s->version,p); /* version */ - n=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL); - s2n(n,p); /* certificate length */ - i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&d); - n=0; - - /* lets send out the ciphers we like in the - * prefered order */ - n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0); - d+=n; - s2n(n,p); /* add cipher length */ - } - - /* make and send conn_id */ - s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */ - s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH; - if (RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length) <= 0) - return -1; - memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH); - d+=SSL2_CONNECTION_ID_LENGTH; - - s->state=SSL2_ST_SEND_SERVER_HELLO_B; - s->init_num=d-(unsigned char *)s->init_buf->data; - s->init_off=0; - } - /* SSL2_ST_SEND_SERVER_HELLO_B */ - /* If we are using TCP/IP, the performance is bad if we do 2 - * writes without a read between them. This occurs when - * Session-id reuse is used, so I will put in a buffering module - */ - if (s->hit) - { - if (!ssl_init_wbio_buffer(s,1)) return(-1); - } - - return(ssl2_do_write(s)); - } - -static int get_client_finished(SSL *s) - { - unsigned char *p; - int i, n; - unsigned long len; - - p=(unsigned char *)s->init_buf->data; - if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A) - { - i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num); - if (i < 1-s->init_num) - return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i)); - s->init_num += i; - - if (*p != SSL2_MT_CLIENT_FINISHED) - { - if (*p != SSL2_MT_ERROR) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE); - } - else - { - SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_PEER_ERROR); - /* try to read the error message */ - i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num); - return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i); - } - return(-1); - } - s->state=SSL2_ST_GET_CLIENT_FINISHED_B; - } - - /* SSL2_ST_GET_CLIENT_FINISHED_B */ - if (s->s2->conn_id_length > sizeof s->s2->conn_id) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR); - return -1; - } - len = 1 + (unsigned long)s->s2->conn_id_length; - n = (int)len - s->init_num; - i = ssl2_read(s,(char *)&(p[s->init_num]),n); - if (i < n) - { - return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i)); - } - if (s->msg_callback) - s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-FINISHED */ - p += 1; - if (memcmp(p,s->s2->conn_id,s->s2->conn_id_length) != 0) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT); - return(-1); - } - return(1); - } - -static int server_verify(SSL *s) - { - unsigned char *p; - - if (s->state == SSL2_ST_SEND_SERVER_VERIFY_A) - { - p=(unsigned char *)s->init_buf->data; - *(p++)=SSL2_MT_SERVER_VERIFY; - if (s->s2->challenge_length > sizeof s->s2->challenge) - { - SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR); - return -1; - } - memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length); - /* p+=s->s2->challenge_length; */ - - s->state=SSL2_ST_SEND_SERVER_VERIFY_B; - s->init_num=s->s2->challenge_length+1; - s->init_off=0; - } - return(ssl2_do_write(s)); - } - -static int server_finish(SSL *s) - { - unsigned char *p; - - if (s->state == SSL2_ST_SEND_SERVER_FINISHED_A) - { - p=(unsigned char *)s->init_buf->data; - *(p++)=SSL2_MT_SERVER_FINISHED; - - if (s->session->session_id_length > sizeof s->session->session_id) - { - SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR); - return -1; - } - memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length); - /* p+=s->session->session_id_length; */ - - s->state=SSL2_ST_SEND_SERVER_FINISHED_B; - s->init_num=s->session->session_id_length+1; - s->init_off=0; - } - - /* SSL2_ST_SEND_SERVER_FINISHED_B */ - return(ssl2_do_write(s)); - } - -/* send the request and check the response */ -static int request_certificate(SSL *s) - { - const unsigned char *cp; - unsigned char *p,*p2,*buf2; - unsigned char *ccd; - int i,j,ctype,ret= -1; - unsigned long len; - X509 *x509=NULL; - STACK_OF(X509) *sk=NULL; - - ccd=s->s2->tmp.ccl; - if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_A) - { - p=(unsigned char *)s->init_buf->data; - *(p++)=SSL2_MT_REQUEST_CERTIFICATE; - *(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION; - if (RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0) - return -1; - memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); - - s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B; - s->init_num=SSL2_MIN_CERT_CHALLENGE_LENGTH+2; - s->init_off=0; - } - - if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_B) - { - i=ssl2_do_write(s); - if (i <= 0) - { - ret=i; - goto end; - } - - s->init_num=0; - s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_C; - } - - if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C) - { - p=(unsigned char *)s->init_buf->data; - i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num); /* try to read 6 octets ... */ - if (i < 3-s->init_num) /* ... but don't call ssl2_part_read now if we got at least 3 - * (probably NO-CERTIFICATE-ERROR) */ - { - ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i); - goto end; - } - s->init_num += i; - - if ((s->init_num >= 3) && (p[0] == SSL2_MT_ERROR)) - { - n2s(p,i); - if (i != SSL2_PE_NO_CERTIFICATE) - { - /* not the error message we expected -- let ssl2_part_read handle it */ - s->init_num -= 3; - ret = ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE, 3); - goto end; - } - - if (s->msg_callback) - s->msg_callback(0, s->version, 0, p, 3, s, s->msg_callback_arg); /* ERROR */ - - /* this is the one place where we can recover from an SSL 2.0 error */ - - if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) - { - ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE); - SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); - goto end; - } - ret=1; - goto end; - } - if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (s->init_num < 6)) - { - ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_SHORT_READ); - goto end; - } - if (s->init_num != 6) - { - SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_INTERNAL_ERROR); - goto end; - } - - /* ok we have a response */ - /* certificate type, there is only one right now. */ - ctype= *(p++); - if (ctype != SSL2_AT_MD5_WITH_RSA_ENCRYPTION) - { - ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE); - SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_RESPONSE_ARGUMENT); - goto end; - } - n2s(p,i); s->s2->tmp.clen=i; - n2s(p,i); s->s2->tmp.rlen=i; - s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_D; - } - - /* SSL2_ST_SEND_REQUEST_CERTIFICATE_D */ - p=(unsigned char *)s->init_buf->data; - len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen; - if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) - { - SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG); - goto end; - } - j = (int)len - s->init_num; - i = ssl2_read(s,(char *)&(p[s->init_num]),j); - if (i < j) - { - ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i); - goto end; - } - if (s->msg_callback) - s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-CERTIFICATE */ - p += 6; - - cp = p; - x509=(X509 *)d2i_X509(NULL,&cp,(long)s->s2->tmp.clen); - if (x509 == NULL) - { - SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_X509_LIB); - goto msg_end; - } - - if (((sk=sk_X509_new_null()) == NULL) || (!sk_X509_push(sk,x509))) - { - SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE); - goto msg_end; - } - - i=ssl_verify_cert_chain(s,sk); - - if (i > 0) /* we like the packet, now check the chksum */ - { - EVP_MD_CTX ctx; - EVP_PKEY *pkey=NULL; - - EVP_MD_CTX_init(&ctx); - if (!EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL) - || !EVP_VerifyUpdate(&ctx,s->s2->key_material, - s->s2->key_material_length) - || !EVP_VerifyUpdate(&ctx,ccd, - SSL2_MIN_CERT_CHALLENGE_LENGTH)) - goto msg_end; - - i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL); - buf2=OPENSSL_malloc((unsigned int)i); - if (buf2 == NULL) - { - SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE); - goto msg_end; - } - p2=buf2; - i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2); - if (!EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i)) - { - OPENSSL_free(buf2); - goto msg_end; - } - OPENSSL_free(buf2); - - pkey=X509_get_pubkey(x509); - if (pkey == NULL) goto end; - i=EVP_VerifyFinal(&ctx,cp,s->s2->tmp.rlen,pkey); - EVP_PKEY_free(pkey); - EVP_MD_CTX_cleanup(&ctx); - - if (i > 0) - { - if (s->session->peer != NULL) - X509_free(s->session->peer); - s->session->peer=x509; - CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); - s->session->verify_result = s->verify_result; - ret=1; - goto end; - } - else - { - SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_CHECKSUM); - goto msg_end; - } - } - else - { -msg_end: - ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE); - } -end: - sk_X509_free(sk); - X509_free(x509); - return(ret); - } - -static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from, - unsigned char *to, int padding) - { - RSA *rsa; - int i; - - if ((c == NULL) || (c->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)) - { - SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_NO_PRIVATEKEY); - return(-1); - } - if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey->type != EVP_PKEY_RSA) - { - SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA); - return(-1); - } - rsa=c->pkeys[SSL_PKEY_RSA_ENC].privatekey->pkey.rsa; - - /* we have the public key */ - i=RSA_private_decrypt(len,from,to,rsa,padding); - if (i < 0) - SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB); - return(i); - } -#else /* !OPENSSL_NO_SSL2 */ - -# if PEDANTIC -static void *dummy=&dummy; -# endif - -#endif diff --git a/main/openssl/ssl/s3_both.c b/main/openssl/ssl/s3_both.c deleted file mode 100644 index 8d5e0b73..00000000 --- a/main/openssl/ssl/s3_both.c +++ /dev/null @@ -1,862 +0,0 @@ -/* ssl/s3_both.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - -#include <limits.h> -#include <string.h> -#include <stdio.h> -#include "ssl_locl.h" -#include <openssl/buffer.h> -#include <openssl/rand.h> -#include <openssl/objects.h> -#include <openssl/evp.h> -#include <openssl/x509.h> - -/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ -int ssl3_do_write(SSL *s, int type) - { - int ret; - - ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off], - s->init_num); - if (ret < 0) return(-1); - if (type == SSL3_RT_HANDSHAKE) - /* should not be done for 'Hello Request's, but in that case - * we'll ignore the result anyway */ - ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret); - - if (ret == s->init_num) - { - if (s->msg_callback) - s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg); - return(1); - } - s->init_off+=ret; - s->init_num-=ret; - return(0); - } - -int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) - { - unsigned char *p,*d; - int i; - unsigned long l; - - if (s->state == a) - { - d=(unsigned char *)s->init_buf->data; - p= &(d[4]); - - i=s->method->ssl3_enc->final_finish_mac(s, - sender,slen,s->s3->tmp.finish_md); - if (i == 0) - return 0; - s->s3->tmp.finish_md_len = i; - memcpy(p, s->s3->tmp.finish_md, i); - p+=i; - l=i; - - /* Copy the finished so we can use it for - renegotiation checks */ - if(s->type == SSL_ST_CONNECT) - { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_client_finished, - s->s3->tmp.finish_md, i); - s->s3->previous_client_finished_len=i; - } - else - { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_server_finished, - s->s3->tmp.finish_md, i); - s->s3->previous_server_finished_len=i; - } - -#ifdef OPENSSL_SYS_WIN16 - /* MSVC 1.5 does not clear the top bytes of the word unless - * I do this. - */ - l&=0xffff; -#endif - - *(d++)=SSL3_MT_FINISHED; - l2n3(l,d); - s->init_num=(int)l+4; - s->init_off=0; - - s->state=b; - } - - /* SSL3_ST_SEND_xxxxxx_HELLO_B */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); - } - -#ifndef OPENSSL_NO_NEXTPROTONEG -/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */ -static void ssl3_take_mac(SSL *s) - { - const char *sender; - int slen; - /* If no new cipher setup return immediately: other functions will - * set the appropriate error. - */ - if (s->s3->tmp.new_cipher == NULL) - return; - if (s->state & SSL_ST_CONNECT) - { - sender=s->method->ssl3_enc->server_finished_label; - slen=s->method->ssl3_enc->server_finished_label_len; - } - else - { - sender=s->method->ssl3_enc->client_finished_label; - slen=s->method->ssl3_enc->client_finished_label_len; - } - - s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, - sender,slen,s->s3->tmp.peer_finish_md); - } -#endif - -int ssl3_get_finished(SSL *s, int a, int b) - { - int al,i,ok; - long n; - unsigned char *p; - -#ifdef OPENSSL_NO_NEXTPROTONEG - /* the mac has already been generated when we received the - * change cipher spec message and is in s->s3->tmp.peer_finish_md. - */ -#endif - - n=s->method->ssl_get_message(s, - a, - b, - SSL3_MT_FINISHED, - 64, /* should actually be 36+4 :-) */ - &ok); - - if (!ok) return((int)n); - - /* If this occurs, we have missed a message */ - if (!s->s3->change_cipher_spec) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS); - goto f_err; - } - s->s3->change_cipher_spec=0; - - p = (unsigned char *)s->init_msg; - i = s->s3->tmp.peer_finish_md_len; - - if (i != n) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH); - goto f_err; - } - - if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) - { - al=SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED); - goto f_err; - } - - /* Copy the finished so we can use it for - renegotiation checks */ - if(s->type == SSL_ST_ACCEPT) - { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_client_finished, - s->s3->tmp.peer_finish_md, i); - s->s3->previous_client_finished_len=i; - } - else - { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_server_finished, - s->s3->tmp.peer_finish_md, i); - s->s3->previous_server_finished_len=i; - } - - return(1); -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - return(0); - } - -/* for these 2 messages, we need to - * ssl->enc_read_ctx re-init - * ssl->s3->read_sequence zero - * ssl->s3->read_mac_secret re-init - * ssl->session->read_sym_enc assign - * ssl->session->read_compression assign - * ssl->session->read_hash assign - */ -int ssl3_send_change_cipher_spec(SSL *s, int a, int b) - { - unsigned char *p; - - if (s->state == a) - { - p=(unsigned char *)s->init_buf->data; - *p=SSL3_MT_CCS; - s->init_num=1; - s->init_off=0; - - s->state=b; - } - - /* SSL3_ST_CW_CHANGE_B */ - return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); - } - -static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) - { - int n; - unsigned char *p; - - n=i2d_X509(x,NULL); - if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3))) - { - SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF,ERR_R_BUF_LIB); - return(-1); - } - p=(unsigned char *)&(buf->data[*l]); - l2n3(n,p); - i2d_X509(x,&p); - *l+=n+3; - - return(0); - } - -unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) - { - unsigned char *p; - int i; - unsigned long l=7; - BUF_MEM *buf; - int no_chain; - STACK_OF(X509) *cert_chain; - - cert_chain = SSL_get_certificate_chain(s, x); - - if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs || cert_chain) - no_chain = 1; - else - no_chain = 0; - - /* TLSv1 sends a chain with nothing in it, instead of an alert */ - buf=s->init_buf; - if (!BUF_MEM_grow_clean(buf,10)) - { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); - return(0); - } - if (x != NULL) - { - if (no_chain) - { - if (ssl3_add_cert_to_buf(buf, &l, x)) - return(0); - } - else - { - X509_STORE_CTX xs_ctx; - - if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL)) - { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); - return(0); - } - X509_verify_cert(&xs_ctx); - /* Don't leave errors in the queue */ - ERR_clear_error(); - for (i=0; i < sk_X509_num(xs_ctx.chain); i++) - { - x = sk_X509_value(xs_ctx.chain, i); - - if (ssl3_add_cert_to_buf(buf, &l, x)) - { - X509_STORE_CTX_cleanup(&xs_ctx); - return 0; - } - } - X509_STORE_CTX_cleanup(&xs_ctx); - } - } - /* Thawte special :-) */ - for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) - { - x=sk_X509_value(s->ctx->extra_certs,i); - if (ssl3_add_cert_to_buf(buf, &l, x)) - return(0); - } - - for (i=0; i<sk_X509_num(cert_chain); i++) - if (ssl3_add_cert_to_buf(buf, &l, sk_X509_value(cert_chain,i))) - return(0); - - l-=7; - p=(unsigned char *)&(buf->data[4]); - l2n3(l,p); - l+=3; - p=(unsigned char *)&(buf->data[0]); - *(p++)=SSL3_MT_CERTIFICATE; - l2n3(l,p); - l+=4; - return(l); - } - -/* Obtain handshake message of message type 'mt' (any if mt == -1), - * maximum acceptable body length 'max'. - * The first four bytes (msg_type and length) are read in state 'st1', - * the body is read in state 'stn'. - */ -long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) - { - unsigned char *p; - unsigned long l; - long n; - int i,al; - - if (s->s3->tmp.reuse_message) - { - s->s3->tmp.reuse_message=0; - if ((mt >= 0) && (s->s3->tmp.message_type != mt)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); - goto f_err; - } - *ok=1; - s->state = stn; - s->init_msg = s->init_buf->data + 4; - s->init_num = (int)s->s3->tmp.message_size; - return s->init_num; - } - - p=(unsigned char *)s->init_buf->data; - - if (s->state == st1) /* s->init_num < 4 */ - { - int skip_message; - - do - { - while (s->init_num < 4) - { - i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, - &p[s->init_num],4 - s->init_num, 0); - if (i <= 0) - { - s->rwstate=SSL_READING; - *ok = 0; - return i; - } - s->init_num+=i; - } - - skip_message = 0; - if (!s->server) - if (p[0] == SSL3_MT_HELLO_REQUEST) - /* The server may always send 'Hello Request' messages -- - * we are doing a handshake anyway now, so ignore them - * if their format is correct. Does not count for - * 'Finished' MAC. */ - if (p[1] == 0 && p[2] == 0 &&p[3] == 0) - { - s->init_num = 0; - skip_message = 1; - - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg); - } - } - while (skip_message); - - /* s->init_num == 4 */ - - if ((mt >= 0) && (*p != mt)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); - goto f_err; - } - if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) && - (st1 == SSL3_ST_SR_CERT_A) && - (stn == SSL3_ST_SR_CERT_B)) - { - /* At this point we have got an MS SGC second client - * hello (maybe we should always allow the client to - * start a new handshake?). We need to restart the mac. - * Don't increment {num,total}_renegotiations because - * we have not completed the handshake. */ - ssl3_init_finished_mac(s); - } - - s->s3->tmp.message_type= *(p++); - - n2l3(p,l); - if (l > (unsigned long)max) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); - goto f_err; - } - if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */ - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); - goto f_err; - } - if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4)) - { - SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB); - goto err; - } - s->s3->tmp.message_size=l; - s->state=stn; - - s->init_msg = s->init_buf->data + 4; - s->init_num = 0; - } - - /* next state (stn) */ - p = s->init_msg; - n = s->s3->tmp.message_size - s->init_num; - while (n > 0) - { - i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0); - if (i <= 0) - { - s->rwstate=SSL_READING; - *ok = 0; - return i; - } - s->init_num += i; - n -= i; - } - -#ifndef OPENSSL_NO_NEXTPROTONEG - /* If receiving Finished, record MAC of prior handshake messages for - * Finished verification. */ - if (*s->init_buf->data == SSL3_MT_FINISHED) - ssl3_take_mac(s); -#endif - - /* Feed this message into MAC computation. */ - if (*((unsigned char*) s->init_buf->data) != SSL3_MT_ENCRYPTED_EXTENSIONS) - ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg); - *ok=1; - return s->init_num; -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); -err: - *ok=0; - return(-1); - } - -int ssl_cert_type(X509 *x, EVP_PKEY *pkey) - { - EVP_PKEY *pk; - int ret= -1,i; - - if (pkey == NULL) - pk=X509_get_pubkey(x); - else - pk=pkey; - if (pk == NULL) goto err; - - i=pk->type; - if (i == EVP_PKEY_RSA) - { - ret=SSL_PKEY_RSA_ENC; - } - else if (i == EVP_PKEY_DSA) - { - ret=SSL_PKEY_DSA_SIGN; - } -#ifndef OPENSSL_NO_EC - else if (i == EVP_PKEY_EC) - { - ret = SSL_PKEY_ECC; - } -#endif - else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) - { - ret = SSL_PKEY_GOST94; - } - else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) - { - ret = SSL_PKEY_GOST01; - } -err: - if(!pkey) EVP_PKEY_free(pk); - return(ret); - } - -int ssl_verify_alarm_type(long type) - { - int al; - - switch(type) - { - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - case X509_V_ERR_UNABLE_TO_GET_CRL: - case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: - al=SSL_AD_UNKNOWN_CA; - break; - case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: - case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: - case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: - case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: - case X509_V_ERR_CERT_NOT_YET_VALID: - case X509_V_ERR_CRL_NOT_YET_VALID: - case X509_V_ERR_CERT_UNTRUSTED: - case X509_V_ERR_CERT_REJECTED: - al=SSL_AD_BAD_CERTIFICATE; - break; - case X509_V_ERR_CERT_SIGNATURE_FAILURE: - case X509_V_ERR_CRL_SIGNATURE_FAILURE: - al=SSL_AD_DECRYPT_ERROR; - break; - case X509_V_ERR_CERT_HAS_EXPIRED: - case X509_V_ERR_CRL_HAS_EXPIRED: - al=SSL_AD_CERTIFICATE_EXPIRED; - break; - case X509_V_ERR_CERT_REVOKED: - al=SSL_AD_CERTIFICATE_REVOKED; - break; - case X509_V_ERR_OUT_OF_MEM: - al=SSL_AD_INTERNAL_ERROR; - break; - case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: - case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: - case X509_V_ERR_CERT_CHAIN_TOO_LONG: - case X509_V_ERR_PATH_LENGTH_EXCEEDED: - case X509_V_ERR_INVALID_CA: - al=SSL_AD_UNKNOWN_CA; - break; - case X509_V_ERR_APPLICATION_VERIFICATION: - al=SSL_AD_HANDSHAKE_FAILURE; - break; - case X509_V_ERR_INVALID_PURPOSE: - al=SSL_AD_UNSUPPORTED_CERTIFICATE; - break; - default: - al=SSL_AD_CERTIFICATE_UNKNOWN; - break; - } - return(al); - } - -#ifndef OPENSSL_NO_BUF_FREELISTS -/* On some platforms, malloc() performance is bad enough that you can't just - * free() and malloc() buffers all the time, so we need to use freelists from - * unused buffers. Currently, each freelist holds memory chunks of only a - * given size (list->chunklen); other sized chunks are freed and malloced. - * This doesn't help much if you're using many different SSL option settings - * with a given context. (The options affecting buffer size are - * max_send_fragment, read buffer vs write buffer, - * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and - * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.) Using a separate freelist for every - * possible size is not an option, since max_send_fragment can take on many - * different values. - * - * If you are on a platform with a slow malloc(), and you're using SSL - * connections with many different settings for these options, and you need to - * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options: - * - Link against a faster malloc implementation. - * - Use a separate SSL_CTX for each option set. - * - Improve this code. - */ -static void * -freelist_extract(SSL_CTX *ctx, int for_read, int sz) - { - SSL3_BUF_FREELIST *list; - SSL3_BUF_FREELIST_ENTRY *ent = NULL; - void *result = NULL; - - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; - if (list != NULL && sz == (int)list->chunklen) - ent = list->head; - if (ent != NULL) - { - list->head = ent->next; - result = ent; - if (--list->len == 0) - list->chunklen = 0; - } - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - if (!result) - result = OPENSSL_malloc(sz); - return result; -} - -static void -freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem) - { - SSL3_BUF_FREELIST *list; - SSL3_BUF_FREELIST_ENTRY *ent; - - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; - if (list != NULL && - (sz == list->chunklen || list->chunklen == 0) && - list->len < ctx->freelist_max_len && - sz >= sizeof(*ent)) - { - list->chunklen = sz; - ent = mem; - ent->next = list->head; - list->head = ent; - ++list->len; - mem = NULL; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - if (mem) - OPENSSL_free(mem); - } -#else -#define freelist_extract(c,fr,sz) OPENSSL_malloc(sz) -#define freelist_insert(c,fr,sz,m) OPENSSL_free(m) -#endif - -int ssl3_setup_read_buffer(SSL *s) - { - unsigned char *p; - size_t len,align=0,headerlen; - - if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) - headerlen = DTLS1_RT_HEADER_LENGTH; - else - headerlen = SSL3_RT_HEADER_LENGTH; - -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1); -#endif - - if (s->s3->rbuf.buf == NULL) - { - len = SSL3_RT_MAX_PLAIN_LENGTH - + SSL3_RT_MAX_ENCRYPTED_OVERHEAD - + headerlen + align; - if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) - { - s->s3->init_extra = 1; - len += SSL3_RT_MAX_EXTRA; - } -#ifndef OPENSSL_NO_COMP - if (!(s->options & SSL_OP_NO_COMPRESSION)) - len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; -#endif - if ((p=freelist_extract(s->ctx, 1, len)) == NULL) - goto err; - s->s3->rbuf.buf = p; - s->s3->rbuf.len = len; - } - - s->packet= &(s->s3->rbuf.buf[0]); - return 1; - -err: - SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER,ERR_R_MALLOC_FAILURE); - return 0; - } - -int ssl3_setup_write_buffer(SSL *s) - { - unsigned char *p; - size_t len,align=0,headerlen; - - if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) - headerlen = DTLS1_RT_HEADER_LENGTH + 1; - else - headerlen = SSL3_RT_HEADER_LENGTH; - -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1); -#endif - - if (s->s3->wbuf.buf == NULL) - { - len = s->max_send_fragment - + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD - + headerlen + align; -#ifndef OPENSSL_NO_COMP - if (!(s->options & SSL_OP_NO_COMPRESSION)) - len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; -#endif - if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) - len += headerlen + align - + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; - - if ((p=freelist_extract(s->ctx, 0, len)) == NULL) - goto err; - s->s3->wbuf.buf = p; - s->s3->wbuf.len = len; - } - - return 1; - -err: - SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER,ERR_R_MALLOC_FAILURE); - return 0; - } - - -int ssl3_setup_buffers(SSL *s) - { - if (!ssl3_setup_read_buffer(s)) - return 0; - if (!ssl3_setup_write_buffer(s)) - return 0; - return 1; - } - -int ssl3_release_write_buffer(SSL *s) - { - if (s->s3->wbuf.buf != NULL) - { - freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf); - s->s3->wbuf.buf = NULL; - } - return 1; - } - -int ssl3_release_read_buffer(SSL *s) - { - if (s->s3->rbuf.buf != NULL) - { - freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf); - s->s3->rbuf.buf = NULL; - } - return 1; - } - diff --git a/main/openssl/ssl/s3_cbc.c b/main/openssl/ssl/s3_cbc.c deleted file mode 100644 index 11f13adb..00000000 --- a/main/openssl/ssl/s3_cbc.c +++ /dev/null @@ -1,755 +0,0 @@ -/* ssl/s3_cbc.c */ -/* ==================================================================== - * Copyright (c) 2012 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "../crypto/constant_time_locl.h" -#include "ssl_locl.h" - -#include <openssl/md5.h> -#include <openssl/sha.h> - -/* MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's length - * field. (SHA-384/512 have 128-bit length.) */ -#define MAX_HASH_BIT_COUNT_BYTES 16 - -/* MAX_HASH_BLOCK_SIZE is the maximum hash block size that we'll support. - * Currently SHA-384/512 has a 128-byte block size and that's the largest - * supported by TLS.) */ -#define MAX_HASH_BLOCK_SIZE 128 - -/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC - * record in |rec| by updating |rec->length| in constant time. - * - * block_size: the block size of the cipher used to encrypt the record. - * returns: - * 0: (in non-constant time) if the record is publicly invalid. - * 1: if the padding was valid - * -1: otherwise. */ -int ssl3_cbc_remove_padding(const SSL* s, - SSL3_RECORD *rec, - unsigned block_size, - unsigned mac_size) - { - unsigned padding_length, good; - const unsigned overhead = 1 /* padding length byte */ + mac_size; - - /* These lengths are all public so we can test them in non-constant - * time. */ - if (overhead > rec->length) - return 0; - - padding_length = rec->data[rec->length-1]; - good = constant_time_ge(rec->length, padding_length+overhead); - /* SSLv3 requires that the padding is minimal. */ - good &= constant_time_ge(block_size, padding_length+1); - padding_length = good & (padding_length+1); - rec->length -= padding_length; - rec->type |= padding_length<<8; /* kludge: pass padding length */ - return constant_time_select_int(good, 1, -1); - } - -/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC - * record in |rec| in constant time and returns 1 if the padding is valid and - * -1 otherwise. It also removes any explicit IV from the start of the record - * without leaking any timing about whether there was enough space after the - * padding was removed. - * - * block_size: the block size of the cipher used to encrypt the record. - * returns: - * 0: (in non-constant time) if the record is publicly invalid. - * 1: if the padding was valid - * -1: otherwise. */ -int tls1_cbc_remove_padding(const SSL* s, - SSL3_RECORD *rec, - unsigned block_size, - unsigned mac_size) - { - unsigned padding_length, good, to_check, i; - const unsigned overhead = 1 /* padding length byte */ + mac_size; - /* Check if version requires explicit IV */ - if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) - { - /* These lengths are all public so we can test them in - * non-constant time. - */ - if (overhead + block_size > rec->length) - return 0; - /* We can now safely skip explicit IV */ - rec->data += block_size; - rec->input += block_size; - rec->length -= block_size; - } - else if (overhead > rec->length) - return 0; - - padding_length = rec->data[rec->length-1]; - - /* NB: if compression is in operation the first packet may not be of - * even length so the padding bug check cannot be performed. This bug - * workaround has been around since SSLeay so hopefully it is either - * fixed now or no buggy implementation supports compression [steve] - */ - if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) - { - /* First packet is even in size, so check */ - if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",8) == 0) && - !(padding_length & 1)) - { - s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; - } - if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) && - padding_length > 0) - { - padding_length--; - } - } - - if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER) - { - /* padding is already verified */ - rec->length -= padding_length + 1; - return 1; - } - - good = constant_time_ge(rec->length, overhead+padding_length); - /* The padding consists of a length byte at the end of the record and - * then that many bytes of padding, all with the same value as the - * length byte. Thus, with the length byte included, there are i+1 - * bytes of padding. - * - * We can't check just |padding_length+1| bytes because that leaks - * decrypted information. Therefore we always have to check the maximum - * amount of padding possible. (Again, the length of the record is - * public information so we can use it.) */ - to_check = 255; /* maximum amount of padding. */ - if (to_check > rec->length-1) - to_check = rec->length-1; - - for (i = 0; i < to_check; i++) - { - unsigned char mask = constant_time_ge_8(padding_length, i); - unsigned char b = rec->data[rec->length-1-i]; - /* The final |padding_length+1| bytes should all have the value - * |padding_length|. Therefore the XOR should be zero. */ - good &= ~(mask&(padding_length ^ b)); - } - - /* If any of the final |padding_length+1| bytes had the wrong value, - * one or more of the lower eight bits of |good| will be cleared. - */ - good = constant_time_eq(0xff, good & 0xff); - padding_length = good & (padding_length+1); - rec->length -= padding_length; - rec->type |= padding_length<<8; /* kludge: pass padding length */ - - return constant_time_select_int(good, 1, -1); - } - -/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in - * constant time (independent of the concrete value of rec->length, which may - * vary within a 256-byte window). - * - * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to - * this function. - * - * On entry: - * rec->orig_len >= md_size - * md_size <= EVP_MAX_MD_SIZE - * - * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with - * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into - * a single or pair of cache-lines, then the variable memory accesses don't - * actually affect the timing. CPUs with smaller cache-lines [if any] are - * not multi-core and are not considered vulnerable to cache-timing attacks. - */ -#define CBC_MAC_ROTATE_IN_PLACE - -void ssl3_cbc_copy_mac(unsigned char* out, - const SSL3_RECORD *rec, - unsigned md_size,unsigned orig_len) - { -#if defined(CBC_MAC_ROTATE_IN_PLACE) - unsigned char rotated_mac_buf[64+EVP_MAX_MD_SIZE]; - unsigned char *rotated_mac; -#else - unsigned char rotated_mac[EVP_MAX_MD_SIZE]; -#endif - - /* mac_end is the index of |rec->data| just after the end of the MAC. */ - unsigned mac_end = rec->length; - unsigned mac_start = mac_end - md_size; - /* scan_start contains the number of bytes that we can ignore because - * the MAC's position can only vary by 255 bytes. */ - unsigned scan_start = 0; - unsigned i, j; - unsigned div_spoiler; - unsigned rotate_offset; - - OPENSSL_assert(orig_len >= md_size); - OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); - -#if defined(CBC_MAC_ROTATE_IN_PLACE) - rotated_mac = rotated_mac_buf + ((0-(size_t)rotated_mac_buf)&63); -#endif - - /* This information is public so it's safe to branch based on it. */ - if (orig_len > md_size + 255 + 1) - scan_start = orig_len - (md_size + 255 + 1); - /* div_spoiler contains a multiple of md_size that is used to cause the - * modulo operation to be constant time. Without this, the time varies - * based on the amount of padding when running on Intel chips at least. - * - * The aim of right-shifting md_size is so that the compiler doesn't - * figure out that it can remove div_spoiler as that would require it - * to prove that md_size is always even, which I hope is beyond it. */ - div_spoiler = md_size >> 1; - div_spoiler <<= (sizeof(div_spoiler)-1)*8; - rotate_offset = (div_spoiler + mac_start - scan_start) % md_size; - - memset(rotated_mac, 0, md_size); - for (i = scan_start, j = 0; i < orig_len; i++) - { - unsigned char mac_started = constant_time_ge_8(i, mac_start); - unsigned char mac_ended = constant_time_ge_8(i, mac_end); - unsigned char b = rec->data[i]; - rotated_mac[j++] |= b & mac_started & ~mac_ended; - j &= constant_time_lt(j,md_size); - } - - /* Now rotate the MAC */ -#if defined(CBC_MAC_ROTATE_IN_PLACE) - j = 0; - for (i = 0; i < md_size; i++) - { - /* in case cache-line is 32 bytes, touch second line */ - ((volatile unsigned char *)rotated_mac)[rotate_offset^32]; - out[j++] = rotated_mac[rotate_offset++]; - rotate_offset &= constant_time_lt(rotate_offset,md_size); - } -#else - memset(out, 0, md_size); - rotate_offset = md_size - rotate_offset; - rotate_offset &= constant_time_lt(rotate_offset,md_size); - for (i = 0; i < md_size; i++) - { - for (j = 0; j < md_size; j++) - out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset); - rotate_offset++; - rotate_offset &= constant_time_lt(rotate_offset,md_size); - } -#endif - } - -/* u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in - * little-endian order. The value of p is advanced by four. */ -#define u32toLE(n, p) \ - (*((p)++)=(unsigned char)(n), \ - *((p)++)=(unsigned char)(n>>8), \ - *((p)++)=(unsigned char)(n>>16), \ - *((p)++)=(unsigned char)(n>>24)) - -/* These functions serialize the state of a hash and thus perform the standard - * "final" operation without adding the padding and length that such a function - * typically does. */ -static void tls1_md5_final_raw(void* ctx, unsigned char *md_out) - { - MD5_CTX *md5 = ctx; - u32toLE(md5->A, md_out); - u32toLE(md5->B, md_out); - u32toLE(md5->C, md_out); - u32toLE(md5->D, md_out); - } - -static void tls1_sha1_final_raw(void* ctx, unsigned char *md_out) - { - SHA_CTX *sha1 = ctx; - l2n(sha1->h0, md_out); - l2n(sha1->h1, md_out); - l2n(sha1->h2, md_out); - l2n(sha1->h3, md_out); - l2n(sha1->h4, md_out); - } -#define LARGEST_DIGEST_CTX SHA_CTX - -#ifndef OPENSSL_NO_SHA256 -static void tls1_sha256_final_raw(void* ctx, unsigned char *md_out) - { - SHA256_CTX *sha256 = ctx; - unsigned i; - - for (i = 0; i < 8; i++) - { - l2n(sha256->h[i], md_out); - } - } -#undef LARGEST_DIGEST_CTX -#define LARGEST_DIGEST_CTX SHA256_CTX -#endif - -#ifndef OPENSSL_NO_SHA512 -static void tls1_sha512_final_raw(void* ctx, unsigned char *md_out) - { - SHA512_CTX *sha512 = ctx; - unsigned i; - - for (i = 0; i < 8; i++) - { - l2n8(sha512->h[i], md_out); - } - } -#undef LARGEST_DIGEST_CTX -#define LARGEST_DIGEST_CTX SHA512_CTX -#endif - -/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function - * which ssl3_cbc_digest_record supports. */ -char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) - { -#ifdef OPENSSL_FIPS - if (FIPS_mode()) - return 0; -#endif - switch (EVP_MD_CTX_type(ctx)) - { - case NID_md5: - case NID_sha1: -#ifndef OPENSSL_NO_SHA256 - case NID_sha224: - case NID_sha256: -#endif -#ifndef OPENSSL_NO_SHA512 - case NID_sha384: - case NID_sha512: -#endif - return 1; - default: - return 0; - } - } - -/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS - * record. - * - * ctx: the EVP_MD_CTX from which we take the hash function. - * ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX. - * md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written. - * md_out_size: if non-NULL, the number of output bytes is written here. - * header: the 13-byte, TLS record header. - * data: the record data itself, less any preceeding explicit IV. - * data_plus_mac_size: the secret, reported length of the data and MAC - * once the padding has been removed. - * data_plus_mac_plus_padding_size: the public length of the whole - * record, including padding. - * is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS. - * - * On entry: by virtue of having been through one of the remove_padding - * functions, above, we know that data_plus_mac_size is large enough to contain - * a padding byte and MAC. (If the padding was invalid, it might contain the - * padding too. ) */ -void ssl3_cbc_digest_record( - const EVP_MD_CTX *ctx, - unsigned char* md_out, - size_t* md_out_size, - const unsigned char header[13], - const unsigned char *data, - size_t data_plus_mac_size, - size_t data_plus_mac_plus_padding_size, - const unsigned char *mac_secret, - unsigned mac_secret_length, - char is_sslv3) - { - union { double align; - unsigned char c[sizeof(LARGEST_DIGEST_CTX)]; } md_state; - void (*md_final_raw)(void *ctx, unsigned char *md_out); - void (*md_transform)(void *ctx, const unsigned char *block); - unsigned md_size, md_block_size = 64; - unsigned sslv3_pad_length = 40, header_length, variance_blocks, - len, max_mac_bytes, num_blocks, - num_starting_blocks, k, mac_end_offset, c, index_a, index_b; - unsigned int bits; /* at most 18 bits */ - unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES]; - /* hmac_pad is the masked HMAC key. */ - unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE]; - unsigned char first_block[MAX_HASH_BLOCK_SIZE]; - unsigned char mac_out[EVP_MAX_MD_SIZE]; - unsigned i, j, md_out_size_u; - EVP_MD_CTX md_ctx; - /* mdLengthSize is the number of bytes in the length field that terminates - * the hash. */ - unsigned md_length_size = 8; - char length_is_big_endian = 1; - - /* This is a, hopefully redundant, check that allows us to forget about - * many possible overflows later in this function. */ - OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024); - - switch (EVP_MD_CTX_type(ctx)) - { - case NID_md5: - MD5_Init((MD5_CTX*)md_state.c); - md_final_raw = tls1_md5_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform; - md_size = 16; - sslv3_pad_length = 48; - length_is_big_endian = 0; - break; - case NID_sha1: - SHA1_Init((SHA_CTX*)md_state.c); - md_final_raw = tls1_sha1_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform; - md_size = 20; - break; -#ifndef OPENSSL_NO_SHA256 - case NID_sha224: - SHA224_Init((SHA256_CTX*)md_state.c); - md_final_raw = tls1_sha256_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; - md_size = 224/8; - break; - case NID_sha256: - SHA256_Init((SHA256_CTX*)md_state.c); - md_final_raw = tls1_sha256_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; - md_size = 32; - break; -#endif -#ifndef OPENSSL_NO_SHA512 - case NID_sha384: - SHA384_Init((SHA512_CTX*)md_state.c); - md_final_raw = tls1_sha512_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; - md_size = 384/8; - md_block_size = 128; - md_length_size = 16; - break; - case NID_sha512: - SHA512_Init((SHA512_CTX*)md_state.c); - md_final_raw = tls1_sha512_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; - md_size = 64; - md_block_size = 128; - md_length_size = 16; - break; -#endif - default: - /* ssl3_cbc_record_digest_supported should have been - * called first to check that the hash function is - * supported. */ - OPENSSL_assert(0); - if (md_out_size) - *md_out_size = -1; - return; - } - - OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES); - OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE); - OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); - - header_length = 13; - if (is_sslv3) - { - header_length = - mac_secret_length + - sslv3_pad_length + - 8 /* sequence number */ + - 1 /* record type */ + - 2 /* record length */; - } - - /* variance_blocks is the number of blocks of the hash that we have to - * calculate in constant time because they could be altered by the - * padding value. - * - * In SSLv3, the padding must be minimal so the end of the plaintext - * varies by, at most, 15+20 = 35 bytes. (We conservatively assume that - * the MAC size varies from 0..20 bytes.) In case the 9 bytes of hash - * termination (0x80 + 64-bit length) don't fit in the final block, we - * say that the final two blocks can vary based on the padding. - * - * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not - * required to be minimal. Therefore we say that the final six blocks - * can vary based on the padding. - * - * Later in the function, if the message is short and there obviously - * cannot be this many blocks then variance_blocks can be reduced. */ - variance_blocks = is_sslv3 ? 2 : 6; - /* From now on we're dealing with the MAC, which conceptually has 13 - * bytes of `header' before the start of the data (TLS) or 71/75 bytes - * (SSLv3) */ - len = data_plus_mac_plus_padding_size + header_length; - /* max_mac_bytes contains the maximum bytes of bytes in the MAC, including - * |header|, assuming that there's no padding. */ - max_mac_bytes = len - md_size - 1; - /* num_blocks is the maximum number of hash blocks. */ - num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size; - /* In order to calculate the MAC in constant time we have to handle - * the final blocks specially because the padding value could cause the - * end to appear somewhere in the final |variance_blocks| blocks and we - * can't leak where. However, |num_starting_blocks| worth of data can - * be hashed right away because no padding value can affect whether - * they are plaintext. */ - num_starting_blocks = 0; - /* k is the starting byte offset into the conceptual header||data where - * we start processing. */ - k = 0; - /* mac_end_offset is the index just past the end of the data to be - * MACed. */ - mac_end_offset = data_plus_mac_size + header_length - md_size; - /* c is the index of the 0x80 byte in the final hash block that - * contains application data. */ - c = mac_end_offset % md_block_size; - /* index_a is the hash block number that contains the 0x80 terminating - * value. */ - index_a = mac_end_offset / md_block_size; - /* index_b is the hash block number that contains the 64-bit hash - * length, in bits. */ - index_b = (mac_end_offset + md_length_size) / md_block_size; - /* bits is the hash-length in bits. It includes the additional hash - * block for the masked HMAC key, or whole of |header| in the case of - * SSLv3. */ - - /* For SSLv3, if we're going to have any starting blocks then we need - * at least two because the header is larger than a single block. */ - if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0)) - { - num_starting_blocks = num_blocks - variance_blocks; - k = md_block_size*num_starting_blocks; - } - - bits = 8*mac_end_offset; - if (!is_sslv3) - { - /* Compute the initial HMAC block. For SSLv3, the padding and - * secret bytes are included in |header| because they take more - * than a single block. */ - bits += 8*md_block_size; - memset(hmac_pad, 0, md_block_size); - OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad)); - memcpy(hmac_pad, mac_secret, mac_secret_length); - for (i = 0; i < md_block_size; i++) - hmac_pad[i] ^= 0x36; - - md_transform(md_state.c, hmac_pad); - } - - if (length_is_big_endian) - { - memset(length_bytes,0,md_length_size-4); - length_bytes[md_length_size-4] = (unsigned char)(bits>>24); - length_bytes[md_length_size-3] = (unsigned char)(bits>>16); - length_bytes[md_length_size-2] = (unsigned char)(bits>>8); - length_bytes[md_length_size-1] = (unsigned char)bits; - } - else - { - memset(length_bytes,0,md_length_size); - length_bytes[md_length_size-5] = (unsigned char)(bits>>24); - length_bytes[md_length_size-6] = (unsigned char)(bits>>16); - length_bytes[md_length_size-7] = (unsigned char)(bits>>8); - length_bytes[md_length_size-8] = (unsigned char)bits; - } - - if (k > 0) - { - if (is_sslv3) - { - /* The SSLv3 header is larger than a single block. - * overhang is the number of bytes beyond a single - * block that the header consumes: either 7 bytes - * (SHA1) or 11 bytes (MD5). */ - unsigned overhang = header_length-md_block_size; - md_transform(md_state.c, header); - memcpy(first_block, header + md_block_size, overhang); - memcpy(first_block + overhang, data, md_block_size-overhang); - md_transform(md_state.c, first_block); - for (i = 1; i < k/md_block_size - 1; i++) - md_transform(md_state.c, data + md_block_size*i - overhang); - } - else - { - /* k is a multiple of md_block_size. */ - memcpy(first_block, header, 13); - memcpy(first_block+13, data, md_block_size-13); - md_transform(md_state.c, first_block); - for (i = 1; i < k/md_block_size; i++) - md_transform(md_state.c, data + md_block_size*i - 13); - } - } - - memset(mac_out, 0, sizeof(mac_out)); - - /* We now process the final hash blocks. For each block, we construct - * it in constant time. If the |i==index_a| then we'll include the 0x80 - * bytes and zero pad etc. For each block we selectively copy it, in - * constant time, to |mac_out|. */ - for (i = num_starting_blocks; i <= num_starting_blocks+variance_blocks; i++) - { - unsigned char block[MAX_HASH_BLOCK_SIZE]; - unsigned char is_block_a = constant_time_eq_8(i, index_a); - unsigned char is_block_b = constant_time_eq_8(i, index_b); - for (j = 0; j < md_block_size; j++) - { - unsigned char b = 0, is_past_c, is_past_cp1; - if (k < header_length) - b = header[k]; - else if (k < data_plus_mac_plus_padding_size + header_length) - b = data[k-header_length]; - k++; - - is_past_c = is_block_a & constant_time_ge_8(j, c); - is_past_cp1 = is_block_a & constant_time_ge_8(j, c+1); - /* If this is the block containing the end of the - * application data, and we are at the offset for the - * 0x80 value, then overwrite b with 0x80. */ - b = constant_time_select_8(is_past_c, 0x80, b); - /* If this the the block containing the end of the - * application data and we're past the 0x80 value then - * just write zero. */ - b = b&~is_past_cp1; - /* If this is index_b (the final block), but not - * index_a (the end of the data), then the 64-bit - * length didn't fit into index_a and we're having to - * add an extra block of zeros. */ - b &= ~is_block_b | is_block_a; - - /* The final bytes of one of the blocks contains the - * length. */ - if (j >= md_block_size - md_length_size) - { - /* If this is index_b, write a length byte. */ - b = constant_time_select_8( - is_block_b, length_bytes[j-(md_block_size-md_length_size)], b); - } - block[j] = b; - } - - md_transform(md_state.c, block); - md_final_raw(md_state.c, block); - /* If this is index_b, copy the hash value to |mac_out|. */ - for (j = 0; j < md_size; j++) - mac_out[j] |= block[j]&is_block_b; - } - - EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */); - if (is_sslv3) - { - /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */ - memset(hmac_pad, 0x5c, sslv3_pad_length); - - EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length); - EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length); - EVP_DigestUpdate(&md_ctx, mac_out, md_size); - } - else - { - /* Complete the HMAC in the standard manner. */ - for (i = 0; i < md_block_size; i++) - hmac_pad[i] ^= 0x6a; - - EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size); - EVP_DigestUpdate(&md_ctx, mac_out, md_size); - } - EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u); - if (md_out_size) - *md_out_size = md_out_size_u; - EVP_MD_CTX_cleanup(&md_ctx); - } - -#ifdef OPENSSL_FIPS - -/* Due to the need to use EVP in FIPS mode we can't reimplement digests but - * we can ensure the number of blocks processed is equal for all cases - * by digesting additional data. - */ - -void tls_fips_digest_extra( - const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx, - const unsigned char *data, size_t data_len, size_t orig_len) - { - size_t block_size, digest_pad, blocks_data, blocks_orig; - if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE) - return; - block_size = EVP_MD_CTX_block_size(mac_ctx); - /* We are in FIPS mode if we get this far so we know we have only SHA* - * digests and TLS to deal with. - * Minimum digest padding length is 17 for SHA384/SHA512 and 9 - * otherwise. - * Additional header is 13 bytes. To get the number of digest blocks - * processed round up the amount of data plus padding to the nearest - * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise. - * So we have: - * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size - * equivalently: - * blocks = (payload_len + digest_pad + 12)/block_size + 1 - * HMAC adds a constant overhead. - * We're ultimately only interested in differences so this becomes - * blocks = (payload_len + 29)/128 - * for SHA384/SHA512 and - * blocks = (payload_len + 21)/64 - * otherwise. - */ - digest_pad = block_size == 64 ? 21 : 29; - blocks_orig = (orig_len + digest_pad)/block_size; - blocks_data = (data_len + digest_pad)/block_size; - /* MAC enough blocks to make up the difference between the original - * and actual lengths plus one extra block to ensure this is never a - * no op. The "data" pointer should always have enough space to - * perform this operation as it is large enough for a maximum - * length TLS buffer. - */ - EVP_DigestSignUpdate(mac_ctx, data, - (blocks_orig - blocks_data + 1) * block_size); - } -#endif diff --git a/main/openssl/ssl/s3_clnt.c b/main/openssl/ssl/s3_clnt.c deleted file mode 100644 index f06c7160..00000000 --- a/main/openssl/ssl/s3_clnt.c +++ /dev/null @@ -1,3773 +0,0 @@ -/* ssl/s3_clnt.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * ECC cipher suite support in OpenSSL originally written by - * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. - * - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#include <stdio.h> -#include "ssl_locl.h" -#include "kssl_lcl.h" -#include <openssl/buffer.h> -#include <openssl/rand.h> -#include <openssl/objects.h> -#include <openssl/evp.h> -#include <openssl/md5.h> -#ifdef OPENSSL_FIPS -#include <openssl/fips.h> -#endif -#ifndef OPENSSL_NO_DH -#include <openssl/dh.h> -#endif -#include <openssl/bn.h> -#ifndef OPENSSL_NO_ENGINE -#include <openssl/engine.h> -#endif - -static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); - -#ifndef OPENSSL_NO_SSL3_METHOD -static const SSL_METHOD *ssl3_get_client_method(int ver) - { - if (ver == SSL3_VERSION) - return(SSLv3_client_method()); - else - return(NULL); - } - -IMPLEMENT_ssl3_meth_func(SSLv3_client_method, - ssl_undefined_function, - ssl3_connect, - ssl3_get_client_method) -#endif - -int ssl3_connect(SSL *s) - { - BUF_MEM *buf=NULL; - unsigned long Time=(unsigned long)time(NULL); - void (*cb)(const SSL *ssl,int type,int val)=NULL; - int ret= -1; - int new_state,state,skip=0; - - RAND_add(&Time,sizeof(Time),0); - ERR_clear_error(); - clear_sys_error(); - - if (s->info_callback != NULL) - cb=s->info_callback; - else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; - - s->in_handshake++; - if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); - -#ifndef OPENSSL_NO_HEARTBEATS - /* If we're awaiting a HeartbeatResponse, pretend we - * already got and don't await it anymore, because - * Heartbeats don't make sense during handshakes anyway. - */ - if (s->tlsext_hb_pending) - { - s->tlsext_hb_pending = 0; - s->tlsext_hb_seq++; - } -#endif - - if (SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) - { - /* Send app data along with CCS/Finished */ - s->s3->flags |= SSL3_FLAGS_DELAY_CLIENT_FINISHED; - } - - for (;;) - { - state=s->state; - - switch(s->state) - { - case SSL_ST_RENEGOTIATE: - s->renegotiate=1; - s->state=SSL_ST_CONNECT; - s->ctx->stats.sess_connect_renegotiate++; - /* break */ - case SSL_ST_BEFORE: - case SSL_ST_CONNECT: - case SSL_ST_BEFORE|SSL_ST_CONNECT: - case SSL_ST_OK|SSL_ST_CONNECT: - - s->server=0; - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); - - if ((s->version & 0xff00 ) != 0x0300) - { - SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR); - ret = -1; - goto end; - } - - /* s->version=SSL3_VERSION; */ - s->type=SSL_ST_CONNECT; - - if (s->init_buf == NULL) - { - if ((buf=BUF_MEM_new()) == NULL) - { - ret= -1; - goto end; - } - if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) - { - ret= -1; - goto end; - } - s->init_buf=buf; - buf=NULL; - } - - if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } - - /* setup buffing BIO */ - if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; } - - /* don't push the buffering BIO quite yet */ - - ssl3_init_finished_mac(s); - - s->state=SSL3_ST_CW_CLNT_HELLO_A; - s->ctx->stats.sess_connect++; - s->init_num=0; - s->s3->flags &= ~SSL3_FLAGS_CCS_OK; - /* Should have been reset by ssl3_get_finished, too. */ - s->s3->change_cipher_spec = 0; - break; - - case SSL3_ST_CW_CLNT_HELLO_A: - case SSL3_ST_CW_CLNT_HELLO_B: - - s->shutdown=0; - ret=ssl3_client_hello(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_CR_SRVR_HELLO_A; - s->init_num=0; - - /* turn on buffering for the next lot of output */ - if (s->bbio != s->wbio) - s->wbio=BIO_push(s->bbio,s->wbio); - - break; - - case SSL3_ST_CR_SRVR_HELLO_A: - case SSL3_ST_CR_SRVR_HELLO_B: - ret=ssl3_get_server_hello(s); - if (ret <= 0) goto end; - - if (s->hit) - { - s->state=SSL3_ST_CR_FINISHED_A; -#ifndef OPENSSL_NO_TLSEXT - if (s->tlsext_ticket_expected) - { - /* receive renewed session ticket */ - s->state=SSL3_ST_CR_SESSION_TICKET_A; - } -#endif - } - else - s->state=SSL3_ST_CR_CERT_A; - s->init_num=0; - break; - - case SSL3_ST_CR_CERT_A: - case SSL3_ST_CR_CERT_B: - /* Check if it is anon DH/ECDH, SRP auth */ - /* or non-RSA PSK */ - if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP)) && - !((s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK) && - !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kRSA))) - { - ret=ssl3_get_server_certificate(s); - if (ret <= 0) goto end; -#ifndef OPENSSL_NO_TLSEXT - if (s->tlsext_status_expected) - s->state=SSL3_ST_CR_CERT_STATUS_A; - else - s->state=SSL3_ST_CR_KEY_EXCH_A; - } - else - { - skip = 1; - s->state=SSL3_ST_CR_KEY_EXCH_A; - } -#else - } - else - skip=1; - - s->state=SSL3_ST_CR_KEY_EXCH_A; -#endif - s->init_num=0; - break; - - case SSL3_ST_CR_KEY_EXCH_A: - case SSL3_ST_CR_KEY_EXCH_B: - ret=ssl3_get_key_exchange(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_CR_CERT_REQ_A; - s->init_num=0; - - /* at this point we check that we have the - * required stuff from the server */ - if (!ssl3_check_cert_and_algorithm(s)) - { - ret= -1; - goto end; - } - break; - - case SSL3_ST_CR_CERT_REQ_A: - case SSL3_ST_CR_CERT_REQ_B: - ret=ssl3_get_certificate_request(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_CR_SRVR_DONE_A; - s->init_num=0; - break; - - case SSL3_ST_CR_SRVR_DONE_A: - case SSL3_ST_CR_SRVR_DONE_B: - ret=ssl3_get_server_done(s); - if (ret <= 0) goto end; -#ifndef OPENSSL_NO_SRP - if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) - { - if ((ret = SRP_Calc_A_param(s))<=0) - { - SSLerr(SSL_F_SSL3_CONNECT,SSL_R_SRP_A_CALC); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR); - goto end; - } - } -#endif - if (s->s3->tmp.cert_req) - s->state=SSL3_ST_CW_CERT_A; - else - s->state=SSL3_ST_CW_KEY_EXCH_A; - s->init_num=0; - - break; - - case SSL3_ST_CW_CERT_A: - case SSL3_ST_CW_CERT_B: - case SSL3_ST_CW_CERT_C: - case SSL3_ST_CW_CERT_D: - ret=ssl3_send_client_certificate(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_CW_KEY_EXCH_A; - s->init_num=0; - break; - - case SSL3_ST_CW_KEY_EXCH_A: - case SSL3_ST_CW_KEY_EXCH_B: - ret=ssl3_send_client_key_exchange(s); - if (ret <= 0) goto end; - /* EAY EAY EAY need to check for DH fix cert - * sent back */ - /* For TLS, cert_req is set to 2, so a cert chain - * of nothing is sent, but no verify packet is sent */ - /* XXX: For now, we do not support client - * authentication in ECDH cipher suites with - * ECDH (rather than ECDSA) certificates. - * We need to skip the certificate verify - * message when client's ECDH public key is sent - * inside the client certificate. - */ - if (s->s3->tmp.cert_req == 1) - { - s->state=SSL3_ST_CW_CERT_VRFY_A; - } - else - { - s->state=SSL3_ST_CW_CHANGE_A; - } - if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) - { - s->state=SSL3_ST_CW_CHANGE_A; - } - - s->init_num=0; - break; - - case SSL3_ST_CW_CERT_VRFY_A: - case SSL3_ST_CW_CERT_VRFY_B: - ret=ssl3_send_client_verify(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_CW_CHANGE_A; - s->init_num=0; - break; - - case SSL3_ST_CW_CHANGE_A: - case SSL3_ST_CW_CHANGE_B: - ret=ssl3_send_change_cipher_spec(s, - SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); - if (ret <= 0) goto end; - - s->state=SSL3_ST_CW_FINISHED_A; -#if !defined(OPENSSL_NO_TLSEXT) - if (s->s3->tlsext_channel_id_valid) - s->state=SSL3_ST_CW_CHANNEL_ID_A; -# if !defined(OPENSSL_NO_NEXTPROTONEG) - if (s->s3->next_proto_neg_seen) - s->state=SSL3_ST_CW_NEXT_PROTO_A; -# endif -#endif - s->init_num=0; - - s->session->cipher=s->s3->tmp.new_cipher; -#ifdef OPENSSL_NO_COMP - s->session->compress_meth=0; -#else - if (s->s3->tmp.new_compression == NULL) - s->session->compress_meth=0; - else - s->session->compress_meth= - s->s3->tmp.new_compression->id; -#endif - if (!s->method->ssl3_enc->setup_key_block(s)) - { - ret= -1; - goto end; - } - - if (!s->method->ssl3_enc->change_cipher_state(s, - SSL3_CHANGE_CIPHER_CLIENT_WRITE)) - { - ret= -1; - goto end; - } - - break; - -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) - case SSL3_ST_CW_NEXT_PROTO_A: - case SSL3_ST_CW_NEXT_PROTO_B: - ret=ssl3_send_next_proto(s); - if (ret <= 0) goto end; - if (s->s3->tlsext_channel_id_valid) - s->state=SSL3_ST_CW_CHANNEL_ID_A; - else - s->state=SSL3_ST_CW_FINISHED_A; - break; -#endif - -#if !defined(OPENSSL_NO_TLSEXT) - case SSL3_ST_CW_CHANNEL_ID_A: - case SSL3_ST_CW_CHANNEL_ID_B: - ret=ssl3_send_channel_id(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_CW_FINISHED_A; - break; -#endif - - case SSL3_ST_CW_FINISHED_A: - case SSL3_ST_CW_FINISHED_B: - ret=ssl3_send_finished(s, - SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, - s->method->ssl3_enc->client_finished_label, - s->method->ssl3_enc->client_finished_label_len); - if (ret <= 0) goto end; - s->state=SSL3_ST_CW_FLUSH; - - /* clear flags */ - s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; - if (s->hit) - { - s->s3->tmp.next_state=SSL_ST_OK; - if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) - { - s->state=SSL_ST_OK; - s->s3->flags|=SSL3_FLAGS_POP_BUFFER; - s->s3->delay_buf_pop_ret=0; - } - } - else - { - /* This is a non-resumption handshake. If it - * involves ChannelID, then record the - * handshake hashes at this point in the - * session so that any resumption of this - * session with ChannelID can sign those - * hashes. */ - if (s->s3->tlsext_channel_id_new) - { - ret = tls1_record_handshake_hashes_for_channel_id(s); - if (ret <= 0) - goto end; - } - if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) - && ssl3_can_cutthrough(s) - && s->s3->previous_server_finished_len == 0 /* no cutthrough on renegotiation (would complicate the state machine) */ - ) - { - if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) - { - s->state=SSL3_ST_CUTTHROUGH_COMPLETE; - s->s3->flags|=SSL3_FLAGS_POP_BUFFER; - s->s3->delay_buf_pop_ret=0; - } - else - { - s->s3->tmp.next_state=SSL3_ST_CUTTHROUGH_COMPLETE; - } - } - else - { -#ifndef OPENSSL_NO_TLSEXT - /* Allow NewSessionTicket if ticket expected */ - if (s->tlsext_ticket_expected) - s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A; - else -#endif - s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; - } - } - s->init_num=0; - break; - -#ifndef OPENSSL_NO_TLSEXT - case SSL3_ST_CR_SESSION_TICKET_A: - case SSL3_ST_CR_SESSION_TICKET_B: - ret=ssl3_get_new_session_ticket(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_CR_FINISHED_A; - s->init_num=0; - break; - - case SSL3_ST_CR_CERT_STATUS_A: - case SSL3_ST_CR_CERT_STATUS_B: - ret=ssl3_get_cert_status(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_CR_KEY_EXCH_A; - s->init_num=0; - break; -#endif - - case SSL3_ST_CR_FINISHED_A: - case SSL3_ST_CR_FINISHED_B: - s->s3->flags |= SSL3_FLAGS_CCS_OK; - ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, - SSL3_ST_CR_FINISHED_B); - if (ret <= 0) goto end; - - if (s->hit) - s->state=SSL3_ST_CW_CHANGE_A; - else - s->state=SSL_ST_OK; - s->init_num=0; - break; - - case SSL3_ST_CW_FLUSH: - s->rwstate=SSL_WRITING; - if (BIO_flush(s->wbio) <= 0) - { - ret= -1; - goto end; - } - s->rwstate=SSL_NOTHING; - s->state=s->s3->tmp.next_state; - break; - - case SSL3_ST_CUTTHROUGH_COMPLETE: -#ifndef OPENSSL_NO_TLSEXT - /* Allow NewSessionTicket if ticket expected */ - if (s->tlsext_ticket_expected) - s->state=SSL3_ST_CR_SESSION_TICKET_A; - else -#endif - s->state=SSL3_ST_CR_FINISHED_A; - - /* SSL_write() will take care of flushing buffered data if - * DELAY_CLIENT_FINISHED is set. - */ - if (!(s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)) - ssl_free_wbio_buffer(s); - ret = 1; - goto end; - /* break; */ - - case SSL_ST_OK: - /* clean a few things up */ - ssl3_cleanup_key_block(s); - - if (s->init_buf != NULL) - { - BUF_MEM_free(s->init_buf); - s->init_buf=NULL; - } - - /* If we are not 'joining' the last two packets, - * remove the buffering now */ - if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) - ssl_free_wbio_buffer(s); - /* else do it later in ssl3_write */ - - s->init_num=0; - s->renegotiate=0; - s->new_session=0; - - ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); - if (s->hit) s->ctx->stats.sess_hit++; - - ret=1; - /* s->server=0; */ - s->handshake_func=ssl3_connect; - s->ctx->stats.sess_connect_good++; - - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); - - goto end; - /* break; */ - - default: - SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE); - ret= -1; - goto end; - /* break; */ - } - - /* did we do anything */ - if (!s->s3->tmp.reuse_message && !skip) - { - if (s->debug) - { - if ((ret=BIO_flush(s->wbio)) <= 0) - goto end; - } - - if ((cb != NULL) && (s->state != state)) - { - new_state=s->state; - s->state=state; - cb(s,SSL_CB_CONNECT_LOOP,1); - s->state=new_state; - } - } - skip=0; - } -end: - s->in_handshake--; - if (buf != NULL) - BUF_MEM_free(buf); - if (cb != NULL) - cb(s,SSL_CB_CONNECT_EXIT,ret); - return(ret); - } - - -int ssl3_client_hello(SSL *s) - { - unsigned char *buf; - unsigned char *p,*d; - int i; - unsigned long l; -#ifndef OPENSSL_NO_COMP - int j; - SSL_COMP *comp; -#endif - - buf=(unsigned char *)s->init_buf->data; - if (s->state == SSL3_ST_CW_CLNT_HELLO_A) - { - SSL_SESSION *sess = s->session; - if ((sess == NULL) || - (sess->ssl_version != s->version) || - !sess->session_id_length || - (sess->not_resumable)) - { - if (!s->session_creation_enabled) - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED); - goto err; - } - if (!ssl_get_new_session(s,0)) - goto err; - } - /* else use the pre-loaded session */ - - p=s->s3->client_random; - - if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) - goto err; - - /* Do the message type and length last */ - d=p= &(buf[4]); - - /* version indicates the negotiated version: for example from - * an SSLv2/v3 compatible client hello). The client_version - * field is the maximum version we permit and it is also - * used in RSA encrypted premaster secrets. Some servers can - * choke if we initially report a higher version then - * renegotiate to a lower one in the premaster secret. This - * didn't happen with TLS 1.0 as most servers supported it - * but it can with TLS 1.1 or later if the server only supports - * 1.0. - * - * Possible scenario with previous logic: - * 1. Client hello indicates TLS 1.2 - * 2. Server hello says TLS 1.0 - * 3. RSA encrypted premaster secret uses 1.2. - * 4. Handhaked proceeds using TLS 1.0. - * 5. Server sends hello request to renegotiate. - * 6. Client hello indicates TLS v1.0 as we now - * know that is maximum server supports. - * 7. Server chokes on RSA encrypted premaster secret - * containing version 1.0. - * - * For interoperability it should be OK to always use the - * maximum version we support in client hello and then rely - * on the checking of version to ensure the servers isn't - * being inconsistent: for example initially negotiating with - * TLS 1.0 and renegotiating with TLS 1.2. We do this by using - * client_version in client hello and not resetting it to - * the negotiated version. - */ -#if 0 - *(p++)=s->version>>8; - *(p++)=s->version&0xff; - s->client_version=s->version; -#else - *(p++)=s->client_version>>8; - *(p++)=s->client_version&0xff; -#endif - - /* Random stuff */ - memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); - p+=SSL3_RANDOM_SIZE; - - /* Session ID */ - if (s->new_session) - i=0; - else - i=s->session->session_id_length; - *(p++)=i; - if (i != 0) - { - if (i > (int)sizeof(s->session->session_id)) - { - SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - goto err; - } - memcpy(p,s->session->session_id,i); - p+=i; - } - - /* Ciphers supported */ - i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0); - if (i == 0) - { - SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); - goto err; - } -#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH - /* Some servers hang if client hello > 256 bytes - * as hack workaround chop number of supported ciphers - * to keep it well below this if we use TLS v1.2 - */ - if (TLS1_get_version(s) >= TLS1_2_VERSION - && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) - i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; -#endif - s2n(i,p); - p+=i; - - /* COMPRESSION */ -#ifdef OPENSSL_NO_COMP - *(p++)=1; -#else - - if ((s->options & SSL_OP_NO_COMPRESSION) - || !s->ctx->comp_methods) - j=0; - else - j=sk_SSL_COMP_num(s->ctx->comp_methods); - *(p++)=1+j; - for (i=0; i<j; i++) - { - comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); - *(p++)=comp->id; - } -#endif - *(p++)=0; /* Add the NULL method */ - -#ifndef OPENSSL_NO_TLSEXT - /* TLS extensions*/ - if (ssl_prepare_clienthello_tlsext(s) <= 0) - { - SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); - goto err; - } - if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) - { - SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); - goto err; - } -#endif - - l=(p-d); - d=buf; - *(d++)=SSL3_MT_CLIENT_HELLO; - l2n3(l,d); - - s->state=SSL3_ST_CW_CLNT_HELLO_B; - /* number of bytes to write */ - s->init_num=p-buf; - s->init_off=0; - } - - /* SSL3_ST_CW_CLNT_HELLO_B */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); -err: - return(-1); - } - -int ssl3_get_server_hello(SSL *s) - { - STACK_OF(SSL_CIPHER) *sk; - const SSL_CIPHER *c; - unsigned char *p,*d; - int i,al,ok; - unsigned int j; - long n; -#ifndef OPENSSL_NO_COMP - SSL_COMP *comp; -#endif - - n=s->method->ssl_get_message(s, - SSL3_ST_CR_SRVR_HELLO_A, - SSL3_ST_CR_SRVR_HELLO_B, - -1, - 20000, /* ?? */ - &ok); - - if (!ok) return((int)n); - - if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) - { - if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) - { - if ( s->d1->send_cookie == 0) - { - s->s3->tmp.reuse_message = 1; - return 1; - } - else /* already sent a cookie */ - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE); - goto f_err; - } - } - } - - if ( s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE); - goto f_err; - } - - d=p=(unsigned char *)s->init_msg; - - if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff))) - { - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION); - s->version=(s->version&0xff00)|p[1]; - al=SSL_AD_PROTOCOL_VERSION; - goto f_err; - } - p+=2; - - /* load the server hello data */ - /* load the server random */ - memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE); - p+=SSL3_RANDOM_SIZE; - - s->hit = 0; - - /* get the session-id */ - j= *(p++); - - if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG); - goto f_err; - } - -#ifndef OPENSSL_NO_TLSEXT - /* check if we want to resume the session based on external pre-shared secret */ - if (s->version >= TLS1_VERSION && s->tls_session_secret_cb) - { - SSL_CIPHER *pref_cipher=NULL; - s->session->master_key_length=sizeof(s->session->master_key); - if (s->tls_session_secret_cb(s, s->session->master_key, - &s->session->master_key_length, - NULL, &pref_cipher, - s->tls_session_secret_cb_arg)) - { - s->session->cipher = pref_cipher ? - pref_cipher : ssl_get_cipher_by_char(s, p+j); - s->hit = 1; - } - } -#endif /* OPENSSL_NO_TLSEXT */ - - if (!s->hit && j != 0 && j == s->session->session_id_length - && memcmp(p,s->session->session_id,j) == 0) - { - if(s->sid_ctx_length != s->session->sid_ctx_length - || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length)) - { - /* actually a client application bug */ - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); - goto f_err; - } - s->hit=1; - } - /* a miss or crap from the other end */ - if (!s->hit) - { - /* If we were trying for session-id reuse, make a new - * SSL_SESSION so we don't stuff up other people */ - if (s->session->session_id_length > 0) - { - if (!s->session_creation_enabled) - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED); - goto err; - } - if (!ssl_get_new_session(s,0)) - { - al=SSL_AD_INTERNAL_ERROR; - goto f_err; - } - } - s->session->session_id_length=j; - memcpy(s->session->session_id,p,j); /* j could be 0 */ - } - p+=j; - c=ssl_get_cipher_by_char(s,p); - if (c == NULL) - { - /* unknown cipher */ - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED); - goto f_err; - } - /* TLS v1.2 only ciphersuites require v1.2 or later */ - if ((c->algorithm_ssl & SSL_TLSV1_2) && - (TLS1_get_version(s) < TLS1_2_VERSION)) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED); - goto f_err; - } -#ifndef OPENSSL_NO_SRP - if (((c->algorithm_mkey & SSL_kSRP) || (c->algorithm_auth & SSL_aSRP)) && - !(s->srp_ctx.srp_Mask & SSL_kSRP)) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED); - goto f_err; - } -#endif /* OPENSSL_NO_SRP */ - p+=ssl_put_cipher_by_char(s,NULL,NULL); - - sk=ssl_get_ciphers_by_id(s); - i=sk_SSL_CIPHER_find(sk,c); - if (i < 0) - { - /* we did not say we would use this cipher */ - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED); - goto f_err; - } - - /* Depending on the session caching (internal/external), the cipher - and/or cipher_id values may not be set. Make sure that - cipher_id is set and use it for comparison. */ - if (s->session->cipher) - s->session->cipher_id = s->session->cipher->id; - if (s->hit && (s->session->cipher_id != c->id)) - { -/* Workaround is now obsolete */ -#if 0 - if (!(s->options & - SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) -#endif - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); - goto f_err; - } - } - s->s3->tmp.new_cipher=c; - /* Don't digest cached records if TLS v1.2: we may need them for - * client authentication. - */ - if (TLS1_get_version(s) < TLS1_2_VERSION && !ssl3_digest_cached_records(s)) - { - al = SSL_AD_INTERNAL_ERROR; - goto f_err; - } - /* lets get the compression algorithm */ - /* COMPRESSION */ -#ifdef OPENSSL_NO_COMP - if (*(p++) != 0) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); - goto f_err; - } - /* If compression is disabled we'd better not try to resume a session - * using compression. - */ - if (s->session->compress_meth != 0) - { - al=SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_INCONSISTENT_COMPRESSION); - goto f_err; - } -#else - j= *(p++); - if (s->hit && j != s->session->compress_meth) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED); - goto f_err; - } - if (j == 0) - comp=NULL; - else if (s->options & SSL_OP_NO_COMPRESSION) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_COMPRESSION_DISABLED); - goto f_err; - } - else - comp=ssl3_comp_find(s->ctx->comp_methods,j); - - if ((j != 0) && (comp == NULL)) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); - goto f_err; - } - else - { - s->s3->tmp.new_compression=comp; - } -#endif - -#ifndef OPENSSL_NO_TLSEXT - /* TLS extensions*/ - if (s->version >= SSL3_VERSION) - { - if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al)) - { - /* 'al' set by ssl_parse_serverhello_tlsext */ - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLSEXT); - goto f_err; - } - if (ssl_check_serverhello_tlsext(s) <= 0) - { - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT); - goto err; - } - } -#endif - - if (p != (d+n)) - { - /* wrong packet length */ - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH); - goto f_err; - } - - return(1); -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); -err: - return(-1); - } - -int ssl3_get_server_certificate(SSL *s) - { - int al,i,ok,ret= -1; - unsigned long n,nc,llen,l; - X509 *x=NULL; - const unsigned char *q,*p; - unsigned char *d; - STACK_OF(X509) *sk=NULL; - SESS_CERT *sc; - EVP_PKEY *pkey=NULL; - int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ - - n=s->method->ssl_get_message(s, - SSL3_ST_CR_CERT_A, - SSL3_ST_CR_CERT_B, - -1, - s->max_cert_list, - &ok); - - if (!ok) return((int)n); - - if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) || - ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) && - (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) - { - s->s3->tmp.reuse_message=1; - return(1); - } - - if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE); - goto f_err; - } - p=d=(unsigned char *)s->init_msg; - - if ((sk=sk_X509_new_null()) == NULL) - { - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); - goto err; - } - - n2l3(p,llen); - if (llen+3 != n) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH); - goto f_err; - } - for (nc=0; nc<llen; ) - { - n2l3(p,l); - if ((l+nc+3) > llen) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); - goto f_err; - } - - q=p; - x=d2i_X509(NULL,&q,l); - if (x == NULL) - { - al=SSL_AD_BAD_CERTIFICATE; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB); - goto f_err; - } - if (q != (p+l)) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); - goto f_err; - } - if (!sk_X509_push(sk,x)) - { - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); - goto err; - } - x=NULL; - nc+=l+3; - p=q; - } - - i=ssl_verify_cert_chain(s,sk); - if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0) -#ifndef OPENSSL_NO_KRB5 - && !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) && - (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) -#endif /* OPENSSL_NO_KRB5 */ - ) - { - al=ssl_verify_alarm_type(s->verify_result); - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); - goto f_err; - } - ERR_clear_error(); /* but we keep s->verify_result */ - - sc=ssl_sess_cert_new(); - if (sc == NULL) goto err; - - if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert); - s->session->sess_cert=sc; - - sc->cert_chain=sk; - /* Inconsistency alert: cert_chain does include the peer's - * certificate, which we don't include in s3_srvr.c */ - x=sk_X509_value(sk,0); - sk=NULL; - /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/ - - pkey=X509_get_pubkey(x); - - /* VRS: allow null cert if auth == KRB5 */ - need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) && - (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) - ? 0 : 1; - -#ifdef KSSL_DEBUG - fprintf(stderr,"pkey,x = %p, %p\n", pkey,x); - fprintf(stderr,"ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); - fprintf(stderr,"cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name, - s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert); -#endif /* KSSL_DEBUG */ - - if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) - { - x=NULL; - al=SSL3_AL_FATAL; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, - SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); - goto f_err; - } - - i=ssl_cert_type(x,pkey); - if (need_cert && i < 0) - { - x=NULL; - al=SSL3_AL_FATAL; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, - SSL_R_UNKNOWN_CERTIFICATE_TYPE); - goto f_err; - } - - if (need_cert) - { - sc->peer_cert_type=i; - CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); - /* Why would the following ever happen? - * We just created sc a couple of lines ago. */ - if (sc->peer_pkeys[i].x509 != NULL) - X509_free(sc->peer_pkeys[i].x509); - sc->peer_pkeys[i].x509=x; - sc->peer_key= &(sc->peer_pkeys[i]); - - if (s->session->peer != NULL) - X509_free(s->session->peer); - CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); - s->session->peer=x; - } - else - { - sc->peer_cert_type=i; - sc->peer_key= NULL; - - if (s->session->peer != NULL) - X509_free(s->session->peer); - s->session->peer=NULL; - } - s->session->verify_result = s->verify_result; - - x=NULL; - ret=1; - - if (0) - { -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - } -err: - EVP_PKEY_free(pkey); - X509_free(x); - sk_X509_pop_free(sk,X509_free); - return(ret); - } - -int ssl3_get_key_exchange(SSL *s) - { -#ifndef OPENSSL_NO_RSA - unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2]; -#endif - EVP_MD_CTX md_ctx; - unsigned char *param,*p; - int al,j,ok; - long i,param_len,n,alg_k,alg_a; - EVP_PKEY *pkey=NULL; - const EVP_MD *md = NULL; -#ifndef OPENSSL_NO_RSA - RSA *rsa=NULL; -#endif -#ifndef OPENSSL_NO_DH - DH *dh=NULL; -#endif -#ifndef OPENSSL_NO_ECDH - EC_KEY *ecdh = NULL; - BN_CTX *bn_ctx = NULL; - EC_POINT *srvr_ecpoint = NULL; - int curve_nid = 0; - int encoded_pt_len = 0; -#endif - - EVP_MD_CTX_init(&md_ctx); - - /* use same message size as in ssl3_get_certificate_request() - * as ServerKeyExchange message may be skipped */ - n=s->method->ssl_get_message(s, - SSL3_ST_CR_KEY_EXCH_A, - SSL3_ST_CR_KEY_EXCH_B, - -1, - s->max_cert_list, - &ok); - if (!ok) return((int)n); - - alg_k=s->s3->tmp.new_cipher->algorithm_mkey; - - if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) - { - /* - * Can't skip server key exchange if this is an ephemeral - * ciphersuite. - */ - if (alg_k & (SSL_kEDH|SSL_kEECDH)) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); - al = SSL_AD_UNEXPECTED_MESSAGE; - goto f_err; - } -#ifndef OPENSSL_NO_PSK - /* In plain PSK ciphersuite, ServerKeyExchange can be - omitted if no identity hint is sent. Set - session->sess_cert anyway to avoid problems - later.*/ - if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK) - { - s->session->sess_cert=ssl_sess_cert_new(); - if (s->session->psk_identity_hint) - { - OPENSSL_free(s->session->psk_identity_hint); - s->session->psk_identity_hint = NULL; - } - } -#endif - s->s3->tmp.reuse_message=1; - return(1); - } - - param=p=(unsigned char *)s->init_msg; - if (s->session->sess_cert != NULL) - { -#ifndef OPENSSL_NO_RSA - if (s->session->sess_cert->peer_rsa_tmp != NULL) - { - RSA_free(s->session->sess_cert->peer_rsa_tmp); - s->session->sess_cert->peer_rsa_tmp=NULL; - } -#endif -#ifndef OPENSSL_NO_DH - if (s->session->sess_cert->peer_dh_tmp) - { - DH_free(s->session->sess_cert->peer_dh_tmp); - s->session->sess_cert->peer_dh_tmp=NULL; - } -#endif -#ifndef OPENSSL_NO_ECDH - if (s->session->sess_cert->peer_ecdh_tmp) - { - EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp); - s->session->sess_cert->peer_ecdh_tmp=NULL; - } -#endif - } - else - { - s->session->sess_cert=ssl_sess_cert_new(); - } - - /* Total length of the parameters including the length prefix */ - param_len=0; - - alg_a=s->s3->tmp.new_cipher->algorithm_auth; - - al=SSL_AD_DECODE_ERROR; - -#ifndef OPENSSL_NO_PSK - if (alg_a & SSL_aPSK) - { - char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1]; - - param_len = 2; - if (param_len > n) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, - SSL_R_LENGTH_TOO_SHORT); - goto f_err; - } - n2s(p,i); - - if (s->session->psk_identity_hint) - { - OPENSSL_free(s->session->psk_identity_hint); - s->session->psk_identity_hint = NULL; - } - if (i != 0) - { - /* Store PSK identity hint for later use, hint is used - * in ssl3_send_client_key_exchange. Assume that the - * maximum length of a PSK identity hint can be as - * long as the maximum length of a PSK identity. */ - if (i > PSK_MAX_IDENTITY_LEN) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto f_err; - } - if (i > n - param_len) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, - SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH); - goto f_err; - } - param_len += i; - - /* If received PSK identity hint contains NULL - * characters, the hint is truncated from the first - * NULL. p may not be ending with NULL, so create a - * NULL-terminated string. */ - memcpy(tmp_id_hint, p, i); - memset(tmp_id_hint+i, 0, PSK_MAX_IDENTITY_LEN+1-i); - s->session->psk_identity_hint = BUF_strdup(tmp_id_hint); - if (s->session->psk_identity_hint == NULL) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); - goto f_err; - } - } - p+=i; - n-=param_len; - } -#endif /* !OPENSSL_NO_PSK */ - - if (0) {} -#ifndef OPENSSL_NO_SRP - else if (alg_k & SSL_kSRP) - { - param_len = 2; - if (param_len > n) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, - SSL_R_LENGTH_TOO_SHORT); - goto f_err; - } - n2s(p,i); - - if (i > n - param_len) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_N_LENGTH); - goto f_err; - } - param_len += i; - - if (!(s->srp_ctx.N=BN_bin2bn(p,i,NULL))) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); - goto err; - } - p+=i; - - - if (2 > n - param_len) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, - SSL_R_LENGTH_TOO_SHORT); - goto f_err; - } - param_len += 2; - - n2s(p,i); - - if (i > n - param_len) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_G_LENGTH); - goto f_err; - } - param_len += i; - - if (!(s->srp_ctx.g=BN_bin2bn(p,i,NULL))) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); - goto err; - } - p+=i; - - - if (1 > n - param_len) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, - SSL_R_LENGTH_TOO_SHORT); - goto f_err; - } - param_len += 1; - - i = (unsigned int)(p[0]); - p++; - - if (i > n - param_len) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_S_LENGTH); - goto f_err; - } - param_len += i; - - if (!(s->srp_ctx.s=BN_bin2bn(p,i,NULL))) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); - goto err; - } - p+=i; - - if (2 > n - param_len) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, - SSL_R_LENGTH_TOO_SHORT); - goto f_err; - } - param_len += 2; - - n2s(p,i); - - if (i > n - param_len) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_B_LENGTH); - goto f_err; - } - param_len += i; - - if (!(s->srp_ctx.B=BN_bin2bn(p,i,NULL))) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); - goto err; - } - p+=i; - n-=param_len; - - if (!srp_verify_server_param(s, &al)) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_PARAMETERS); - goto f_err; - } - -/* We must check if there is a certificate */ -#ifndef OPENSSL_NO_RSA - if (alg_a & SSL_aRSA) - pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); -#else - if (0) - ; -#endif -#ifndef OPENSSL_NO_DSA - else if (alg_a & SSL_aDSS) - pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); -#endif - } -#endif /* !OPENSSL_NO_SRP */ -#ifndef OPENSSL_NO_RSA - else if (alg_k & SSL_kRSA) - { - /* Temporary RSA keys only allowed in export ciphersuites */ - if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); - goto f_err; - } - if ((rsa=RSA_new()) == NULL) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); - goto err; - } - - param_len = 2; - if (param_len > n) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, - SSL_R_LENGTH_TOO_SHORT); - goto f_err; - } - n2s(p,i); - - if (i > n - param_len) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH); - goto f_err; - } - param_len += i; - - if (!(rsa->n=BN_bin2bn(p,i,rsa->n))) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); - goto err; - } - p+=i; - - if (2 > n - param_len) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, - SSL_R_LENGTH_TOO_SHORT); - goto f_err; - } - param_len += 2; - - n2s(p,i); - - if (i > n - param_len) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH); - goto f_err; - } - param_len += i; - - if (!(rsa->e=BN_bin2bn(p,i,rsa->e))) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); - goto err; - } - p+=i; - n-=param_len; - - /* this should be because we are using an export cipher */ - if (alg_a & SSL_aRSA) - pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); - else - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); - goto err; - } - s->session->sess_cert->peer_rsa_tmp=rsa; - rsa=NULL; - } -#endif -#ifndef OPENSSL_NO_DH - else if (alg_k & SSL_kEDH) - { - if ((dh=DH_new()) == NULL) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB); - goto err; - } - - param_len = 2; - if (param_len > n) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, - SSL_R_LENGTH_TOO_SHORT); - goto f_err; - } - n2s(p,i); - - if (i > n - param_len) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH); - goto f_err; - } - param_len += i; - - if (!(dh->p=BN_bin2bn(p,i,NULL))) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); - goto err; - } - p+=i; - - if (2 > n - param_len) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, - SSL_R_LENGTH_TOO_SHORT); - goto f_err; - } - param_len += 2; - - n2s(p,i); - - if (i > n - param_len) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH); - goto f_err; - } - param_len += i; - - if (!(dh->g=BN_bin2bn(p,i,NULL))) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); - goto err; - } - p+=i; - - if (2 > n - param_len) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, - SSL_R_LENGTH_TOO_SHORT); - goto f_err; - } - param_len += 2; - - n2s(p,i); - - if (i > n - param_len) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH); - goto f_err; - } - param_len += i; - - if (!(dh->pub_key=BN_bin2bn(p,i,NULL))) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); - goto err; - } - p+=i; - n-=param_len; - -#ifndef OPENSSL_NO_RSA - if (alg_a & SSL_aRSA) - pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); -#else - if (0) - ; -#endif -#ifndef OPENSSL_NO_DSA - else if (alg_a & SSL_aDSS) - pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); -#endif - /* else anonymous DH, so no certificate or pkey. */ - - s->session->sess_cert->peer_dh_tmp=dh; - dh=NULL; - } - else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); - goto f_err; - } -#endif /* !OPENSSL_NO_DH */ - -#ifndef OPENSSL_NO_ECDH - else if (alg_k & SSL_kEECDH) - { - EC_GROUP *ngroup; - const EC_GROUP *group; - - if ((ecdh=EC_KEY_new()) == NULL) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); - goto err; - } - - /* Extract elliptic curve parameters and the - * server's ephemeral ECDH public key. - * Keep accumulating lengths of various components in - * param_len and make sure it never exceeds n. - */ - - /* XXX: For now we only support named (not generic) curves - * and the ECParameters in this case is just three bytes. We - * also need one byte for the length of the encoded point - */ - param_len=4; - if (param_len > n) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, - SSL_R_LENGTH_TOO_SHORT); - goto f_err; - } - - if ((*p != NAMED_CURVE_TYPE) || - ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) - { - al=SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); - goto f_err; - } - - ngroup = EC_GROUP_new_by_curve_name(curve_nid); - if (ngroup == NULL) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB); - goto err; - } - if (EC_KEY_set_group(ecdh, ngroup) == 0) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB); - goto err; - } - EC_GROUP_free(ngroup); - - group = EC_KEY_get0_group(ecdh); - - if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && - (EC_GROUP_get_degree(group) > 163)) - { - al=SSL_AD_EXPORT_RESTRICTION; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER); - goto f_err; - } - - p+=3; - - /* Next, get the encoded ECPoint */ - if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || - ((bn_ctx = BN_CTX_new()) == NULL)) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); - goto err; - } - - encoded_pt_len = *p; /* length of encoded point */ - p+=1; - - if ((encoded_pt_len > n - param_len) || - (EC_POINT_oct2point(group, srvr_ecpoint, - p, encoded_pt_len, bn_ctx) == 0)) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT); - goto f_err; - } - param_len += encoded_pt_len; - - n-=param_len; - p+=encoded_pt_len; - - /* The ECC/TLS specification does not mention - * the use of DSA to sign ECParameters in the server - * key exchange message. We do support RSA and ECDSA. - */ - if (0) ; -#ifndef OPENSSL_NO_RSA - else if (alg_a & SSL_aRSA) - pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); -#endif -#ifndef OPENSSL_NO_ECDSA - else if (alg_a & SSL_aECDSA) - pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); -#endif - /* else anonymous ECDH, so no certificate or pkey. */ - EC_KEY_set_public_key(ecdh, srvr_ecpoint); - s->session->sess_cert->peer_ecdh_tmp=ecdh; - ecdh=NULL; - BN_CTX_free(bn_ctx); - bn_ctx = NULL; - EC_POINT_free(srvr_ecpoint); - srvr_ecpoint = NULL; - } -#endif /* !OPENSSL_NO_ECDH */ - - else if (!(alg_k & SSL_kPSK)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); - goto f_err; - } - - /* p points to the next byte, there are 'n' bytes left */ - - /* if it was signed, check the signature */ - if (pkey != NULL) - { - if (TLS1_get_version(s) >= TLS1_2_VERSION) - { - int sigalg; - if (2 > n) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, - SSL_R_LENGTH_TOO_SHORT); - goto f_err; - } - - sigalg = tls12_get_sigid(pkey); - /* Should never happen */ - if (sigalg == -1) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); - goto err; - } - /* Check key type is consistent with signature */ - if (sigalg != (int)p[1]) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_TYPE); - al=SSL_AD_DECODE_ERROR; - goto f_err; - } - md = tls12_get_hash(p[0]); - if (md == NULL) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNKNOWN_DIGEST); - goto f_err; - } -#ifdef SSL_DEBUG -fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); -#endif - p += 2; - n -= 2; - } - else - md = EVP_sha1(); - - if (2 > n) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, - SSL_R_LENGTH_TOO_SHORT); - goto f_err; - } - n2s(p,i); - n-=2; - j=EVP_PKEY_size(pkey); - - /* Check signature length. If n is 0 then signature is empty */ - if ((i != n) || (n > j) || (n <= 0)) - { - /* wrong packet length */ - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH); - goto f_err; - } - -#ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) - { - int num; - unsigned int size; - - j=0; - q=md_buf; - for (num=2; num > 0; num--) - { - EVP_MD_CTX_set_flags(&md_ctx, - EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_DigestInit_ex(&md_ctx,(num == 2) - ?s->ctx->md5:s->ctx->sha1, NULL); - EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx,param,param_len); - EVP_DigestFinal_ex(&md_ctx,q,&size); - q+=size; - j+=size; - } - i=RSA_verify(NID_md5_sha1, md_buf, j, p, n, - pkey->pkey.rsa); - if (i < 0) - { - al=SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); - goto f_err; - } - if (i == 0) - { - /* bad signature */ - al=SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); - goto f_err; - } - } - else -#endif - { - EVP_VerifyInit_ex(&md_ctx, md, NULL); - EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); - EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); - EVP_VerifyUpdate(&md_ctx,param,param_len); - if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0) - { - /* bad signature */ - al=SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); - goto f_err; - } - } - } - else - { - if (!(alg_a & (SSL_aNULL|SSL_aSRP)) && - /* Among PSK ciphers only RSA_PSK needs a public key */ - !((alg_a & SSL_aPSK) && !(alg_k & SSL_kRSA))) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); - goto err; - } - /* still data left over */ - if (n != 0) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE); - goto f_err; - } - } - EVP_PKEY_free(pkey); - EVP_MD_CTX_cleanup(&md_ctx); - return(1); -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); -err: - EVP_PKEY_free(pkey); -#ifndef OPENSSL_NO_RSA - if (rsa != NULL) - RSA_free(rsa); -#endif -#ifndef OPENSSL_NO_DH - if (dh != NULL) - DH_free(dh); -#endif -#ifndef OPENSSL_NO_ECDH - BN_CTX_free(bn_ctx); - EC_POINT_free(srvr_ecpoint); - if (ecdh != NULL) - EC_KEY_free(ecdh); -#endif - EVP_MD_CTX_cleanup(&md_ctx); - return(-1); - } - -int ssl3_get_certificate_request(SSL *s) - { - int ok,ret=0; - unsigned long n,nc,l; - unsigned int llen, ctype_num,i; - X509_NAME *xn=NULL; - const unsigned char *p,*q; - unsigned char *d; - STACK_OF(X509_NAME) *ca_sk=NULL; - - n=s->method->ssl_get_message(s, - SSL3_ST_CR_CERT_REQ_A, - SSL3_ST_CR_CERT_REQ_B, - -1, - s->max_cert_list, - &ok); - - if (!ok) return((int)n); - - s->s3->tmp.cert_req=0; - - if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) - { - s->s3->tmp.reuse_message=1; - /* If we get here we don't need any cached handshake records - * as we wont be doing client auth. - */ - if (s->s3->handshake_buffer) - { - if (!ssl3_digest_cached_records(s)) - goto err; - } - return(1); - } - - if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE); - goto err; - } - - /* TLS does not like anon-DH with client cert */ - if (s->version > SSL3_VERSION) - { - if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); - goto err; - } - } - - p=d=(unsigned char *)s->init_msg; - - if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL) - { - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); - goto err; - } - - /* get the certificate types */ - ctype_num= *(p++); - if (ctype_num > SSL3_CT_NUMBER) - ctype_num=SSL3_CT_NUMBER; - for (i=0; i<ctype_num; i++) - s->s3->tmp.ctype[i]= p[i]; - p+=ctype_num; - if (TLS1_get_version(s) >= TLS1_2_VERSION) - { - n2s(p, llen); - /* Check we have enough room for signature algorithms and - * following length value. - */ - if ((unsigned long)(p - d + llen + 2) > n) - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - if (llen & 1) - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_SIGNATURE_ALGORITHMS_ERROR); - goto err; - } - tls1_process_sigalgs(s, p, llen); - p += llen; - } - - /* get the CA RDNs */ - n2s(p,llen); -#if 0 -{ -FILE *out; -out=fopen("/tmp/vsign.der","w"); -fwrite(p,1,llen,out); -fclose(out); -} -#endif - - if ((unsigned long)(p - d + llen) != n) - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH); - goto err; - } - - for (nc=0; nc<llen; ) - { - n2s(p,l); - if ((l+nc+2) > llen) - { - if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) - goto cont; /* netscape bugs */ - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG); - goto err; - } - - q=p; - - if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL) - { - /* If netscape tolerance is on, ignore errors */ - if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG) - goto cont; - else - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB); - goto err; - } - } - - if (q != (p+l)) - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH); - goto err; - } - if (!sk_X509_NAME_push(ca_sk,xn)) - { - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); - goto err; - } - - p+=l; - nc+=l+2; - } - - if (0) - { -cont: - ERR_clear_error(); - } - - /* we should setup a certificate to return.... */ - s->s3->tmp.cert_req=1; - s->s3->tmp.ctype_num=ctype_num; - if (s->s3->tmp.ca_names != NULL) - sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); - s->s3->tmp.ca_names=ca_sk; - ca_sk=NULL; - - ret=1; -err: - if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free); - return(ret); - } - -static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b) - { - return(X509_NAME_cmp(*a,*b)); - } -#ifndef OPENSSL_NO_TLSEXT -int ssl3_get_new_session_ticket(SSL *s) - { - int ok,al,ret=0, ticklen; - long n; - const unsigned char *p; - unsigned char *d; - - n=s->method->ssl_get_message(s, - SSL3_ST_CR_SESSION_TICKET_A, - SSL3_ST_CR_SESSION_TICKET_B, - SSL3_MT_NEWSESSION_TICKET, - 16384, - &ok); - - if (!ok) - return((int)n); - - if (n < 6) - { - /* need at least ticket_lifetime_hint + ticket length */ - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); - goto f_err; - } - - p=d=(unsigned char *)s->init_msg; - n2l(p, s->session->tlsext_tick_lifetime_hint); - n2s(p, ticklen); - /* ticket_lifetime_hint + ticket_length + ticket */ - if (ticklen + 6 != n) - { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); - goto f_err; - } - if (s->session->tlsext_tick) - { - OPENSSL_free(s->session->tlsext_tick); - s->session->tlsext_ticklen = 0; - } - s->session->tlsext_tick = OPENSSL_malloc(ticklen); - if (!s->session->tlsext_tick) - { - SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,ERR_R_MALLOC_FAILURE); - goto err; - } - memcpy(s->session->tlsext_tick, p, ticklen); - s->session->tlsext_ticklen = ticklen; - /* There are two ways to detect a resumed ticket session. - * One is to set an appropriate session ID and then the server - * must return a match in ServerHello. This allows the normal - * client session ID matching to work and we know much - * earlier that the ticket has been accepted. - * - * The other way is to set zero length session ID when the - * ticket is presented and rely on the handshake to determine - * session resumption. - * - * We choose the former approach because this fits in with - * assumptions elsewhere in OpenSSL. The session ID is set - * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the - * ticket. - */ - EVP_Digest(p, ticklen, - s->session->session_id, &s->session->session_id_length, -#ifndef OPENSSL_NO_SHA256 - EVP_sha256(), NULL); -#else - EVP_sha1(), NULL); -#endif - ret=1; - return(ret); -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); -err: - return(-1); - } - -int ssl3_get_cert_status(SSL *s) - { - int ok, al; - unsigned long resplen,n; - const unsigned char *p; - - n=s->method->ssl_get_message(s, - SSL3_ST_CR_CERT_STATUS_A, - SSL3_ST_CR_CERT_STATUS_B, - SSL3_MT_CERTIFICATE_STATUS, - 16384, - &ok); - - if (!ok) return((int)n); - if (n < 4) - { - /* need at least status type + length */ - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); - goto f_err; - } - p = (unsigned char *)s->init_msg; - if (*p++ != TLSEXT_STATUSTYPE_ocsp) - { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_UNSUPPORTED_STATUS_TYPE); - goto f_err; - } - n2l3(p, resplen); - if (resplen + 4 != n) - { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); - goto f_err; - } - if (s->tlsext_ocsp_resp) - OPENSSL_free(s->tlsext_ocsp_resp); - s->tlsext_ocsp_resp = BUF_memdup(p, resplen); - if (!s->tlsext_ocsp_resp) - { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE); - goto f_err; - } - s->tlsext_ocsp_resplen = resplen; - if (s->ctx->tlsext_status_cb) - { - int ret; - ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); - if (ret == 0) - { - al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_INVALID_STATUS_RESPONSE); - goto f_err; - } - if (ret < 0) - { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE); - goto f_err; - } - } - return 1; -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - return(-1); - } -#endif - -int ssl3_get_server_done(SSL *s) - { - int ok,ret=0; - long n; - - n=s->method->ssl_get_message(s, - SSL3_ST_CR_SRVR_DONE_A, - SSL3_ST_CR_SRVR_DONE_B, - SSL3_MT_SERVER_DONE, - 30, /* should be very small, like 0 :-) */ - &ok); - - if (!ok) return((int)n); - if (n > 0) - { - /* should contain no data */ - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH); - return -1; - } - ret=1; - return(ret); - } - - -int ssl3_send_client_key_exchange(SSL *s) - { - unsigned char *p,*d; - int n = 0; - unsigned long alg_k; - unsigned long alg_a; -#ifndef OPENSSL_NO_RSA - unsigned char *q; - EVP_PKEY *pkey=NULL; -#endif -#ifndef OPENSSL_NO_KRB5 - KSSL_ERR kssl_err; -#endif /* OPENSSL_NO_KRB5 */ -#ifndef OPENSSL_NO_ECDH - EC_KEY *clnt_ecdh = NULL; - const EC_POINT *srvr_ecpoint = NULL; - EVP_PKEY *srvr_pub_pkey = NULL; - unsigned char *encodedPoint = NULL; - int encoded_pt_len = 0; - BN_CTX * bn_ctx = NULL; -#ifndef OPENSSL_NO_PSK - unsigned int psk_len = 0; - unsigned char psk[PSK_MAX_PSK_LEN]; -#endif /* OPENSSL_NO_PSK */ -#endif /* OPENSSL_NO_ECDH */ - - if (s->state == SSL3_ST_CW_KEY_EXCH_A) - { - d=(unsigned char *)s->init_buf->data; - p= &(d[4]); - - alg_k=s->s3->tmp.new_cipher->algorithm_mkey; - alg_a=s->s3->tmp.new_cipher->algorithm_auth; - -#ifndef OPENSSL_NO_PSK - if (alg_a & SSL_aPSK) - { - /* The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes - * to return a \0-terminated identity. The last byte - * is for us for simulating strnlen. */ - char identity[PSK_MAX_IDENTITY_LEN + 2]; - size_t identity_len; - unsigned char *t = NULL; - unsigned char pre_ms[PSK_MAX_PSK_LEN*2+4]; - unsigned int pre_ms_len = 0; - int psk_err = 1; - - n = 0; - if (s->psk_client_callback == NULL) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - SSL_R_PSK_NO_CLIENT_CB); - goto err; - } - - memset(identity, 0, sizeof(identity)); - psk_len = s->psk_client_callback(s, s->session->psk_identity_hint, - identity, sizeof(identity) - 1, psk, sizeof(psk)); - if (psk_len > PSK_MAX_PSK_LEN) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto psk_err; - } - else if (psk_len == 0) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - SSL_R_PSK_IDENTITY_NOT_FOUND); - goto psk_err; - } - identity[PSK_MAX_IDENTITY_LEN + 1] = '\0'; - identity_len = strlen(identity); - if (identity_len > PSK_MAX_IDENTITY_LEN) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto psk_err; - } - if (!(alg_k & SSL_kEECDH)) - { - /* Create the shared secret now if we're not using ECDHE-PSK.*/ - pre_ms_len = 2+psk_len+2+psk_len; - t = pre_ms; - s2n(psk_len, t); - memset(t, 0, psk_len); - t+=psk_len; - s2n(psk_len, t); - memcpy(t, psk, psk_len); - - s->session->master_key_length = - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, - pre_ms, pre_ms_len); - s2n(identity_len, p); - memcpy(p, identity, identity_len); - n = 2 + identity_len; - } - - if (s->session->psk_identity != NULL) - OPENSSL_free(s->session->psk_identity); - s->session->psk_identity = BUF_strdup(identity); - if (s->session->psk_identity == NULL) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); - goto psk_err; - } - psk_err = 0; - psk_err: - OPENSSL_cleanse(identity, sizeof(identity)); - OPENSSL_cleanse(pre_ms, sizeof(pre_ms)); - if (psk_err != 0) - { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - goto err; - } - } -#endif - /* Fool emacs indentation */ - if (0) {} -#ifndef OPENSSL_NO_RSA - else if (alg_k & SSL_kRSA) - { - RSA *rsa; - unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; - - if (s->session->sess_cert == NULL) - { - /* We should always have a server certificate with SSL_kRSA. */ - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); - goto err; - } - - if (s->session->sess_cert->peer_rsa_tmp != NULL) - rsa=s->session->sess_cert->peer_rsa_tmp; - else - { - pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); - if ((pkey == NULL) || - (pkey->type != EVP_PKEY_RSA) || - (pkey->pkey.rsa == NULL)) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); - goto err; - } - rsa=pkey->pkey.rsa; - EVP_PKEY_free(pkey); - } - - tmp_buf[0]=s->client_version>>8; - tmp_buf[1]=s->client_version&0xff; - if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0) - goto err; - - s->session->master_key_length=sizeof tmp_buf; - - q=p; - /* Fix buf for TLS and beyond */ - if (s->version > SSL3_VERSION) - p+=2; - n=RSA_public_encrypt(sizeof tmp_buf, - tmp_buf,p,rsa,RSA_PKCS1_PADDING); -#ifdef PKCS1_CHECK - if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++; - if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70; -#endif - if (n <= 0) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT); - goto err; - } - - /* Fix buf for TLS and beyond */ - if (s->version > SSL3_VERSION) - { - s2n(n,q); - n+=2; - } - - s->session->master_key_length= - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, - tmp_buf,sizeof tmp_buf); - OPENSSL_cleanse(tmp_buf,sizeof tmp_buf); - } -#endif -#ifndef OPENSSL_NO_KRB5 - else if (alg_k & SSL_kKRB5) - { - krb5_error_code krb5rc; - KSSL_CTX *kssl_ctx = s->kssl_ctx; - /* krb5_data krb5_ap_req; */ - krb5_data *enc_ticket; - krb5_data authenticator, *authp = NULL; - EVP_CIPHER_CTX ciph_ctx; - const EVP_CIPHER *enc = NULL; - unsigned char iv[EVP_MAX_IV_LENGTH]; - unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; - unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH - + EVP_MAX_IV_LENGTH]; - int padl, outl = sizeof(epms); - - EVP_CIPHER_CTX_init(&ciph_ctx); - -#ifdef KSSL_DEBUG - fprintf(stderr,"ssl3_send_client_key_exchange(%lx & %lx)\n", - alg_k, SSL_kKRB5); -#endif /* KSSL_DEBUG */ - - authp = NULL; -#ifdef KRB5SENDAUTH - if (KRB5SENDAUTH) authp = &authenticator; -#endif /* KRB5SENDAUTH */ - - krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, - &kssl_err); - enc = kssl_map_enc(kssl_ctx->enctype); - if (enc == NULL) - goto err; -#ifdef KSSL_DEBUG - { - fprintf(stderr,"kssl_cget_tkt rtn %d\n", krb5rc); - if (krb5rc && kssl_err.text) - fprintf(stderr,"kssl_cget_tkt kssl_err=%s\n", kssl_err.text); - } -#endif /* KSSL_DEBUG */ - - if (krb5rc) - { - ssl3_send_alert(s,SSL3_AL_FATAL, - SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - kssl_err.reason); - goto err; - } - - /* 20010406 VRS - Earlier versions used KRB5 AP_REQ - ** in place of RFC 2712 KerberosWrapper, as in: - ** - ** Send ticket (copy to *p, set n = length) - ** n = krb5_ap_req.length; - ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); - ** if (krb5_ap_req.data) - ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); - ** - ** Now using real RFC 2712 KerberosWrapper - ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>) - ** Note: 2712 "opaque" types are here replaced - ** with a 2-byte length followed by the value. - ** Example: - ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms - ** Where "xx xx" = length bytes. Shown here with - ** optional authenticator omitted. - */ - - /* KerberosWrapper.Ticket */ - s2n(enc_ticket->length,p); - memcpy(p, enc_ticket->data, enc_ticket->length); - p+= enc_ticket->length; - n = enc_ticket->length + 2; - - /* KerberosWrapper.Authenticator */ - if (authp && authp->length) - { - s2n(authp->length,p); - memcpy(p, authp->data, authp->length); - p+= authp->length; - n+= authp->length + 2; - - free(authp->data); - authp->data = NULL; - authp->length = 0; - } - else - { - s2n(0,p);/* null authenticator length */ - n+=2; - } - - tmp_buf[0]=s->client_version>>8; - tmp_buf[1]=s->client_version&0xff; - if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0) - goto err; - - /* 20010420 VRS. Tried it this way; failed. - ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); - ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx, - ** kssl_ctx->length); - ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); - */ - - memset(iv, 0, sizeof iv); /* per RFC 1510 */ - EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, - kssl_ctx->key,iv); - EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf, - sizeof tmp_buf); - EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); - outl += padl; - if (outl > (int)sizeof epms) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); - goto err; - } - EVP_CIPHER_CTX_cleanup(&ciph_ctx); - - /* KerberosWrapper.EncryptedPreMasterSecret */ - s2n(outl,p); - memcpy(p, epms, outl); - p+=outl; - n+=outl + 2; - - s->session->master_key_length= - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, - tmp_buf, sizeof tmp_buf); - - OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); - OPENSSL_cleanse(epms, outl); - } -#endif -#ifndef OPENSSL_NO_DH - else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) - { - DH *dh_srvr,*dh_clnt; - - if (s->session->sess_cert == NULL) - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); - goto err; - } - - if (s->session->sess_cert->peer_dh_tmp != NULL) - dh_srvr=s->session->sess_cert->peer_dh_tmp; - else - { - /* we get them from the cert */ - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); - goto err; - } - - /* generate a new random key */ - if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); - goto err; - } - if (!DH_generate_key(dh_clnt)) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); - DH_free(dh_clnt); - goto err; - } - - /* use the 'p' output buffer for the DH key, but - * make sure to clear it out afterwards */ - - n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt); - - if (n <= 0) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); - DH_free(dh_clnt); - goto err; - } - - /* generate master key from the result */ - s->session->master_key_length= - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key,p,n); - /* clean up */ - memset(p,0,n); - - /* send off the data */ - n=BN_num_bytes(dh_clnt->pub_key); - s2n(n,p); - BN_bn2bin(dh_clnt->pub_key,p); - n+=2; - - DH_free(dh_clnt); - - /* perhaps clean things up a bit EAY EAY EAY EAY*/ - } -#endif -#ifndef OPENSSL_NO_ECDH - else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) - { - const EC_GROUP *srvr_group = NULL; - EC_KEY *tkey; - int ecdh_clnt_cert = 0; - int field_size = 0; -#ifndef OPENSSL_NO_PSK - unsigned char *pre_ms; - unsigned char *t; - unsigned int pre_ms_len; - unsigned int i; -#endif - - if (s->session->sess_cert == NULL) - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); - goto err; - } - - /* Did we send out the client's - * ECDH share for use in premaster - * computation as part of client certificate? - * If so, set ecdh_clnt_cert to 1. - */ - if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) - { - /* XXX: For now, we do not support client - * authentication using ECDH certificates. - * To add such support, one needs to add - * code that checks for appropriate - * conditions and sets ecdh_clnt_cert to 1. - * For example, the cert have an ECC - * key on the same curve as the server's - * and the key should be authorized for - * key agreement. - * - * One also needs to add code in ssl3_connect - * to skip sending the certificate verify - * message. - * - * if ((s->cert->key->privatekey != NULL) && - * (s->cert->key->privatekey->type == - * EVP_PKEY_EC) && ...) - * ecdh_clnt_cert = 1; - */ - } - - if (s->session->sess_cert->peer_ecdh_tmp != NULL) - { - tkey = s->session->sess_cert->peer_ecdh_tmp; - } - else - { - /* Get the Server Public Key from Cert */ - srvr_pub_pkey = X509_get_pubkey(s->session-> \ - sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); - if ((srvr_pub_pkey == NULL) || - (srvr_pub_pkey->type != EVP_PKEY_EC) || - (srvr_pub_pkey->pkey.ec == NULL)) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto err; - } - - tkey = srvr_pub_pkey->pkey.ec; - } - - srvr_group = EC_KEY_get0_group(tkey); - srvr_ecpoint = EC_KEY_get0_public_key(tkey); - - if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto err; - } - - if ((clnt_ecdh=EC_KEY_new()) == NULL) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB); - goto err; - } - if (ecdh_clnt_cert) - { - /* Reuse key info from our certificate - * We only need our private key to perform - * the ECDH computation. - */ - const BIGNUM *priv_key; - tkey = s->cert->key->privatekey->pkey.ec; - priv_key = EC_KEY_get0_private_key(tkey); - if (priv_key == NULL) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); - goto err; - } - if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB); - goto err; - } - } - else - { - /* Generate a new ECDH key pair */ - if (!(EC_KEY_generate_key(clnt_ecdh))) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); - goto err; - } - } - - /* use the 'p' output buffer for the ECDH key, but - * make sure to clear it out afterwards - */ - - field_size = EC_GROUP_get_degree(srvr_group); - if (field_size <= 0) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_ECDH_LIB); - goto err; - } - n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL); - if (n <= 0) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_ECDH_LIB); - goto err; - } - -#ifndef OPENSSL_NO_PSK - /* ECDHE PSK ciphersuites from RFC 5489 */ - if ((alg_a & SSL_aPSK) && psk_len != 0) - { - pre_ms_len = 2+n+2+psk_len; - pre_ms = OPENSSL_malloc(pre_ms_len); - if (pre_ms == NULL) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); - goto err; - } - memset(pre_ms, 0, pre_ms_len); - t = pre_ms; - s2n(n, t); - memcpy(t, p, n); - t += n; - s2n(psk_len, t); - memcpy(t, psk, psk_len); - s->session->master_key_length = s->method->ssl3_enc \ - -> generate_master_secret(s, - s->session->master_key, pre_ms, pre_ms_len); - OPENSSL_cleanse(pre_ms, pre_ms_len); - OPENSSL_free(pre_ms); - } -#endif /* OPENSSL_NO_PSK */ - if (!(alg_a & SSL_aPSK)) - { - /* generate master key from the result */ - s->session->master_key_length = s->method->ssl3_enc \ - -> generate_master_secret(s, - s->session->master_key, p, n); - } - memset(p, 0, n); /* clean up */ - if (ecdh_clnt_cert) - { - /* Send empty client key exch message */ - n = 0; - } - else - { - /* First check the size of encoding and - * allocate memory accordingly. - */ - encoded_pt_len = - EC_POINT_point2oct(srvr_group, - EC_KEY_get0_public_key(clnt_ecdh), - POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, NULL); - - encodedPoint = (unsigned char *) - OPENSSL_malloc(encoded_pt_len * - sizeof(unsigned char)); - bn_ctx = BN_CTX_new(); - if ((encodedPoint == NULL) || - (bn_ctx == NULL)) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); - goto err; - } - - /* Encode the public key */ - encoded_pt_len = EC_POINT_point2oct(srvr_group, - EC_KEY_get0_public_key(clnt_ecdh), - POINT_CONVERSION_UNCOMPRESSED, - encodedPoint, encoded_pt_len, bn_ctx); - - n = 0; -#ifndef OPENSSL_NO_PSK - if ((alg_a & SSL_aPSK) && psk_len != 0) - { - i = strlen(s->session->psk_identity); - s2n(i, p); - memcpy(p, s->session->psk_identity, i); - p += i; - n = i + 2; - } -#endif - - *p = encoded_pt_len; /* length of encoded point */ - /* Encoded point will be copied here */ - p += 1; - n += 1; - /* copy the point */ - memcpy((unsigned char *)p, encodedPoint, encoded_pt_len); - /* increment n to account for length field */ - n += encoded_pt_len; - } - - /* Free allocated memory */ - BN_CTX_free(bn_ctx); - if (encodedPoint != NULL) OPENSSL_free(encodedPoint); - if (clnt_ecdh != NULL) - EC_KEY_free(clnt_ecdh); - EVP_PKEY_free(srvr_pub_pkey); - } -#endif /* !OPENSSL_NO_ECDH */ - else if (alg_k & SSL_kGOST) - { - /* GOST key exchange message creation */ - EVP_PKEY_CTX *pkey_ctx; - X509 *peer_cert; - size_t msglen; - unsigned int md_len; - int keytype; - unsigned char premaster_secret[32],shared_ukm[32], tmp[256]; - EVP_MD_CTX *ukm_hash; - EVP_PKEY *pub_key; - - /* Get server sertificate PKEY and create ctx from it */ - peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST01)].x509; - if (!peer_cert) - peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST94)].x509; - if (!peer_cert) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); - goto err; - } - - pkey_ctx=EVP_PKEY_CTX_new(pub_key=X509_get_pubkey(peer_cert),NULL); - /* If we have send a certificate, and certificate key - - * parameters match those of server certificate, use - * certificate key for key exchange - */ - - /* Otherwise, generate ephemeral key pair */ - - EVP_PKEY_encrypt_init(pkey_ctx); - /* Generate session key */ - RAND_bytes(premaster_secret,32); - /* If we have client certificate, use its secret as peer key */ - if (s->s3->tmp.cert_req && s->cert->key->privatekey) { - if (EVP_PKEY_derive_set_peer(pkey_ctx,s->cert->key->privatekey) <=0) { - /* If there was an error - just ignore it. Ephemeral key - * would be used - */ - ERR_clear_error(); - } - } - /* Compute shared IV and store it in algorithm-specific - * context data */ - ukm_hash = EVP_MD_CTX_create(); - EVP_DigestInit(ukm_hash,EVP_get_digestbynid(NID_id_GostR3411_94)); - EVP_DigestUpdate(ukm_hash,s->s3->client_random,SSL3_RANDOM_SIZE); - EVP_DigestUpdate(ukm_hash,s->s3->server_random,SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len); - EVP_MD_CTX_destroy(ukm_hash); - if (EVP_PKEY_CTX_ctrl(pkey_ctx,-1,EVP_PKEY_OP_ENCRYPT,EVP_PKEY_CTRL_SET_IV, - 8,shared_ukm)<0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - SSL_R_LIBRARY_BUG); - goto err; - } - /* Make GOST keytransport blob message */ - /*Encapsulate it into sequence */ - *(p++)=V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED; - msglen=255; - if (EVP_PKEY_encrypt(pkey_ctx,tmp,&msglen,premaster_secret,32)<0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - SSL_R_LIBRARY_BUG); - goto err; - } - if (msglen >= 0x80) - { - *(p++)=0x81; - *(p++)= msglen & 0xff; - n=msglen+3; - } - else - { - *(p++)= msglen & 0xff; - n=msglen+2; - } - memcpy(p, tmp, msglen); - /* Check if pubkey from client certificate was used */ - if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) - { - /* Set flag "skip certificate verify" */ - s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY; - } - EVP_PKEY_CTX_free(pkey_ctx); - s->session->master_key_length= - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key,premaster_secret,32); - EVP_PKEY_free(pub_key); - - } -#ifndef OPENSSL_NO_SRP - else if (alg_k & SSL_kSRP) - { - if (s->srp_ctx.A != NULL) - { - /* send off the data */ - n=BN_num_bytes(s->srp_ctx.A); - s2n(n,p); - BN_bn2bin(s->srp_ctx.A,p); - n+=2; - } - else - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); - goto err; - } - if (s->session->srp_username != NULL) - OPENSSL_free(s->session->srp_username); - s->session->srp_username = BUF_strdup(s->srp_ctx.login); - if (s->session->srp_username == NULL) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); - goto err; - } - - if ((s->session->master_key_length = SRP_generate_client_master_secret(s,s->session->master_key))<0) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); - goto err; - } - } -#endif - else if (!(alg_k & SSL_kPSK) || ((alg_k & SSL_kPSK) && !(alg_a & SSL_aPSK))) - { - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto err; - } - - *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE; - l2n3(n,d); - - s->state=SSL3_ST_CW_KEY_EXCH_B; - /* number of bytes to write */ - s->init_num=n+4; - s->init_off=0; - } - - /* SSL3_ST_CW_KEY_EXCH_B */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); -err: -#ifndef OPENSSL_NO_ECDH - BN_CTX_free(bn_ctx); - if (encodedPoint != NULL) OPENSSL_free(encodedPoint); - if (clnt_ecdh != NULL) - EC_KEY_free(clnt_ecdh); - EVP_PKEY_free(srvr_pub_pkey); -#endif - return(-1); - } - -int ssl3_send_client_verify(SSL *s) - { - unsigned char *p,*d; - unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; - EVP_PKEY *pkey; - EVP_PKEY_CTX *pctx=NULL; - EVP_MD_CTX mctx; - unsigned u=0; - unsigned long n; - int j; - - EVP_MD_CTX_init(&mctx); - - if (s->state == SSL3_ST_CW_CERT_VRFY_A) - { - d=(unsigned char *)s->init_buf->data; - p= &(d[4]); - pkey=s->cert->key->privatekey; -/* Create context from key and test if sha1 is allowed as digest */ - pctx = EVP_PKEY_CTX_new(pkey,NULL); - EVP_PKEY_sign_init(pctx); - if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0) - { - if (TLS1_get_version(s) < TLS1_2_VERSION) - s->method->ssl3_enc->cert_verify_mac(s, - NID_sha1, - &(data[MD5_DIGEST_LENGTH])); - } - else - { - ERR_clear_error(); - } - /* For TLS v1.2 send signature algorithm and signature - * using agreed digest and cached handshake records. - */ - if (TLS1_get_version(s) >= TLS1_2_VERSION) - { - long hdatalen = 0; - void *hdata; - const EVP_MD *md; - switch (ssl_cert_type(NULL, pkey)) - { - case SSL_PKEY_RSA_ENC: - md = s->s3->digest_rsa; - break; - case SSL_PKEY_DSA_SIGN: - md = s->s3->digest_dsa; - break; - case SSL_PKEY_ECC: - md = s->s3->digest_ecdsa; - break; - default: - md = NULL; - } - if (!md) - /* Unlike with the SignatureAlgorithm extension (sent by clients), - * there are no default algorithms for the CertificateRequest message - * (sent by servers). However, now that we've sent a certificate - * for which we don't really know what hash to use for signing, the - * best we can do is try a default algorithm. */ - md = EVP_sha1(); - hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, - &hdata); - if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, - ERR_R_INTERNAL_ERROR); - goto err; - } - p += 2; -#ifdef SSL_DEBUG - fprintf(stderr, "Using TLS 1.2 with client alg %s\n", - EVP_MD_name(md)); -#endif - if (!EVP_SignInit_ex(&mctx, md, NULL) - || !EVP_SignUpdate(&mctx, hdata, hdatalen) - || !EVP_SignFinal(&mctx, p + 2, &u, pkey)) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, - ERR_R_EVP_LIB); - goto err; - } - s2n(u,p); - n = u + 4; - if (!ssl3_digest_cached_records(s)) - goto err; - } - else -#ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA) - { - s->method->ssl3_enc->cert_verify_mac(s, - NID_md5, - &(data[0])); - if (RSA_sign(NID_md5_sha1, data, - MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, - &(p[2]), &u, pkey->pkey.rsa) <= 0 ) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB); - goto err; - } - s2n(u,p); - n=u+2; - } - else -#endif -#ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - { - if (!DSA_sign(pkey->save_type, - &(data[MD5_DIGEST_LENGTH]), - SHA_DIGEST_LENGTH,&(p[2]), - (unsigned int *)&j,pkey->pkey.dsa)) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB); - goto err; - } - s2n(j,p); - n=j+2; - } - else -#endif -#ifndef OPENSSL_NO_ECDSA - if (pkey->type == EVP_PKEY_EC) - { - if (!ECDSA_sign(pkey->save_type, - &(data[MD5_DIGEST_LENGTH]), - SHA_DIGEST_LENGTH,&(p[2]), - (unsigned int *)&j,pkey->pkey.ec)) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, - ERR_R_ECDSA_LIB); - goto err; - } - s2n(j,p); - n=j+2; - } - else -#endif - if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) - { - unsigned char signbuf[64]; - int i; - size_t sigsize=64; - s->method->ssl3_enc->cert_verify_mac(s, - NID_id_GostR3411_94, - data); - if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, - ERR_R_INTERNAL_ERROR); - goto err; - } - for (i=63,j=0; i>=0; j++, i--) { - p[2+j]=signbuf[i]; - } - s2n(j,p); - n=j+2; - } - else - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); - goto err; - } - *(d++)=SSL3_MT_CERTIFICATE_VERIFY; - l2n3(n,d); - - s->state=SSL3_ST_CW_CERT_VRFY_B; - s->init_num=(int)n+4; - s->init_off=0; - } - EVP_MD_CTX_cleanup(&mctx); - EVP_PKEY_CTX_free(pctx); - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); -err: - EVP_MD_CTX_cleanup(&mctx); - EVP_PKEY_CTX_free(pctx); - return(-1); - } - -int ssl3_send_client_certificate(SSL *s) - { - X509 *x509=NULL; - EVP_PKEY *pkey=NULL; - int i; - unsigned long l; - - if (s->state == SSL3_ST_CW_CERT_A) - { - if ((s->cert == NULL) || - (s->cert->key->x509 == NULL) || - (s->cert->key->privatekey == NULL)) - s->state=SSL3_ST_CW_CERT_B; - else - s->state=SSL3_ST_CW_CERT_C; - } - - /* We need to get a client cert */ - if (s->state == SSL3_ST_CW_CERT_B) - { - /* If we get an error, we need to - * ssl->rwstate=SSL_X509_LOOKUP; return(-1); - * We then get retied later */ - i=0; - i = ssl_do_client_cert_cb(s, &x509, &pkey); - if (i < 0) - { - s->rwstate=SSL_X509_LOOKUP; - return(-1); - } - s->rwstate=SSL_NOTHING; - if ((i == 1) && (pkey != NULL) && (x509 != NULL)) - { - s->state=SSL3_ST_CW_CERT_B; - if ( !SSL_use_certificate(s,x509) || - !SSL_use_PrivateKey(s,pkey)) - i=0; - } - else if (i == 1) - { - i=0; - SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); - } - - if (x509 != NULL) X509_free(x509); - if (pkey != NULL) EVP_PKEY_free(pkey); - if (i == 0) - { - if (s->version == SSL3_VERSION) - { - s->s3->tmp.cert_req=0; - ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE); - return(1); - } - else - { - s->s3->tmp.cert_req=2; - } - } - - /* Ok, we have a cert */ - s->state=SSL3_ST_CW_CERT_C; - } - - if (s->state == SSL3_ST_CW_CERT_C) - { - s->state=SSL3_ST_CW_CERT_D; - l=ssl3_output_cert_chain(s, - (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509); - if (!l) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR); - return 0; - } - s->init_num=(int)l; - s->init_off=0; - } - /* SSL3_ST_CW_CERT_D */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); - } - -#define has_bits(i,m) (((i)&(m)) == (m)) - -int ssl3_check_cert_and_algorithm(SSL *s) - { - int i,idx; - long alg_k,alg_a; - EVP_PKEY *pkey=NULL; - SESS_CERT *sc; -#ifndef OPENSSL_NO_RSA - RSA *rsa; -#endif -#ifndef OPENSSL_NO_DH - DH *dh; -#endif - - alg_k=s->s3->tmp.new_cipher->algorithm_mkey; - alg_a=s->s3->tmp.new_cipher->algorithm_auth; - - /* we don't have a certificate */ - if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK)) - return(1); - - sc=s->session->sess_cert; - if (sc == NULL) - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR); - goto err; - } - -#ifndef OPENSSL_NO_RSA - rsa=s->session->sess_cert->peer_rsa_tmp; -#endif -#ifndef OPENSSL_NO_DH - dh=s->session->sess_cert->peer_dh_tmp; -#endif - - /* This is the passed certificate */ - - idx=sc->peer_cert_type; -#ifndef OPENSSL_NO_ECDH - if (idx == SSL_PKEY_ECC) - { - if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, - s) == 0) - { /* check failed */ - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT); - goto f_err; - } - else - { - return 1; - } - } -#endif - pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); - i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); - EVP_PKEY_free(pkey); - - - /* Check that we have a certificate if we require one */ - if ((alg_a & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN)) - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT); - goto f_err; - } -#ifndef OPENSSL_NO_DSA - else if ((alg_a & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN)) - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT); - goto f_err; - } -#endif -#ifndef OPENSSL_NO_RSA - if ((alg_k & SSL_kRSA) && - !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT); - goto f_err; - } -#endif -#ifndef OPENSSL_NO_DH - if ((alg_k & SSL_kEDH) && - !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY); - goto f_err; - } - else if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA)) - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT); - goto f_err; - } -#ifndef OPENSSL_NO_DSA - else if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA)) - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT); - goto f_err; - } -#endif -#endif - - if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP)) - { -#ifndef OPENSSL_NO_RSA - if (alg_k & SSL_kRSA) - { - if (rsa == NULL - || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY); - goto f_err; - } - } - else -#endif -#ifndef OPENSSL_NO_DH - if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) - { - if (dh == NULL - || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY); - goto f_err; - } - } - else -#endif - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); - goto f_err; - } - } - return(1); -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); -err: - return(0); - } - -#if !defined(OPENSSL_NO_TLSEXT) -# if !defined(OPENSSL_NO_NEXTPROTONEG) -int ssl3_send_next_proto(SSL *s) - { - unsigned int len, padding_len; - unsigned char *d; - - if (s->state == SSL3_ST_CW_NEXT_PROTO_A) - { - len = s->next_proto_negotiated_len; - padding_len = 32 - ((len + 2) % 32); - d = (unsigned char *)s->init_buf->data; - d[4] = len; - memcpy(d + 5, s->next_proto_negotiated, len); - d[5 + len] = padding_len; - memset(d + 6 + len, 0, padding_len); - *(d++)=SSL3_MT_NEXT_PROTO; - l2n3(2 + len + padding_len, d); - s->state = SSL3_ST_CW_NEXT_PROTO_B; - s->init_num = 4 + 2 + len + padding_len; - s->init_off = 0; - } - - return ssl3_do_write(s, SSL3_RT_HANDSHAKE); - } -# endif /* !OPENSSL_NO_NEXTPROTONEG */ - -int ssl3_send_channel_id(SSL *s) - { - unsigned char *d; - int ret = -1, public_key_len; - EVP_MD_CTX md_ctx; - size_t sig_len; - ECDSA_SIG *sig = NULL; - unsigned char *public_key = NULL, *derp, *der_sig = NULL; - - if (s->state != SSL3_ST_CW_CHANNEL_ID_A) - return ssl3_do_write(s, SSL3_RT_HANDSHAKE); - - if (!s->tlsext_channel_id_private && s->ctx->channel_id_cb) - { - EVP_PKEY *key = NULL; - s->ctx->channel_id_cb(s, &key); - if (key != NULL) - { - s->tlsext_channel_id_private = key; - } - } - if (!s->tlsext_channel_id_private) - { - s->rwstate=SSL_CHANNEL_ID_LOOKUP; - return (-1); - } - s->rwstate=SSL_NOTHING; - - d = (unsigned char *)s->init_buf->data; - *(d++)=SSL3_MT_ENCRYPTED_EXTENSIONS; - l2n3(2 + 2 + TLSEXT_CHANNEL_ID_SIZE, d); - if (s->s3->tlsext_channel_id_new) - s2n(TLSEXT_TYPE_channel_id_new, d); - else - s2n(TLSEXT_TYPE_channel_id, d); - s2n(TLSEXT_CHANNEL_ID_SIZE, d); - - EVP_MD_CTX_init(&md_ctx); - - public_key_len = i2d_PublicKey(s->tlsext_channel_id_private, NULL); - if (public_key_len <= 0) - { - SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY); - goto err; - } - /* i2d_PublicKey will produce an ANSI X9.62 public key which, for a - * P-256 key, is 0x04 (meaning uncompressed) followed by the x and y - * field elements as 32-byte, big-endian numbers. */ - if (public_key_len != 65) - { - SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_CHANNEL_ID_NOT_P256); - goto err; - } - public_key = OPENSSL_malloc(public_key_len); - if (!public_key) - { - SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,ERR_R_MALLOC_FAILURE); - goto err; - } - - derp = public_key; - i2d_PublicKey(s->tlsext_channel_id_private, &derp); - - if (EVP_DigestSignInit(&md_ctx, NULL, EVP_sha256(), NULL, - s->tlsext_channel_id_private) != 1) - { - SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNINIT_FAILED); - goto err; - } - - if (!tls1_channel_id_hash(&md_ctx, s)) - goto err; - - if (!EVP_DigestSignFinal(&md_ctx, NULL, &sig_len)) - { - SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNFINAL_FAILED); - goto err; - } - - der_sig = OPENSSL_malloc(sig_len); - if (!der_sig) - { - SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!EVP_DigestSignFinal(&md_ctx, der_sig, &sig_len)) - { - SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNFINAL_FAILED); - goto err; - } - - derp = der_sig; - sig = d2i_ECDSA_SIG(NULL, (const unsigned char**) &derp, sig_len); - if (sig == NULL) - { - SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_D2I_ECDSA_SIG); - goto err; - } - - /* The first byte of public_key will be 0x4, denoting an uncompressed key. */ - memcpy(d, public_key + 1, 64); - d += 64; - memset(d, 0, 2 * 32); - BN_bn2bin(sig->r, d + 32 - BN_num_bytes(sig->r)); - d += 32; - BN_bn2bin(sig->s, d + 32 - BN_num_bytes(sig->s)); - d += 32; - - s->state = SSL3_ST_CW_CHANNEL_ID_B; - s->init_num = 4 + 2 + 2 + TLSEXT_CHANNEL_ID_SIZE; - s->init_off = 0; - - ret = ssl3_do_write(s, SSL3_RT_HANDSHAKE); - -err: - EVP_MD_CTX_cleanup(&md_ctx); - if (public_key) - OPENSSL_free(public_key); - if (der_sig) - OPENSSL_free(der_sig); - if (sig) - ECDSA_SIG_free(sig); - - return ret; - } -#endif /* !OPENSSL_NO_TLSEXT */ - -int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) - { - int i = 0; -#ifndef OPENSSL_NO_ENGINE - if (s->ctx->client_cert_engine) - { - i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, - SSL_get_client_CA_list(s), - px509, ppkey, NULL, NULL, NULL); - if (i != 0) - return i; - } -#endif - if (s->ctx->client_cert_cb) - i = s->ctx->client_cert_cb(s,px509,ppkey); - return i; - } diff --git a/main/openssl/ssl/s3_enc.c b/main/openssl/ssl/s3_enc.c deleted file mode 100644 index f99b61ce..00000000 --- a/main/openssl/ssl/s3_enc.c +++ /dev/null @@ -1,906 +0,0 @@ -/* ssl/s3_enc.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#include <stdio.h> -#include "ssl_locl.h" -#include <openssl/evp.h> -#include <openssl/md5.h> - -static unsigned char ssl3_pad_1[48]={ - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36 }; - -static unsigned char ssl3_pad_2[48]={ - 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, - 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, - 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, - 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, - 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, - 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c }; -static int ssl3_handshake_mac(SSL *s, int md_nid, - const char *sender, int len, unsigned char *p); -static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) - { - EVP_MD_CTX m5; - EVP_MD_CTX s1; - unsigned char buf[16],smd[SHA_DIGEST_LENGTH]; - unsigned char c='A'; - unsigned int i,j,k; - -#ifdef CHARSET_EBCDIC - c = os_toascii[c]; /*'A' in ASCII */ -#endif - k=0; - EVP_MD_CTX_init(&m5); - EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_MD_CTX_init(&s1); - for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH) - { - k++; - if (k > sizeof buf) - { - /* bug: 'buf' is too small for this ciphersuite */ - SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); - return 0; - } - - for (j=0; j<k; j++) - buf[j]=c; - c++; - EVP_DigestInit_ex(&s1,EVP_sha1(), NULL); - EVP_DigestUpdate(&s1,buf,k); - EVP_DigestUpdate(&s1,s->session->master_key, - s->session->master_key_length); - EVP_DigestUpdate(&s1,s->s3->server_random,SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&s1,s->s3->client_random,SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(&s1,smd,NULL); - - EVP_DigestInit_ex(&m5,EVP_md5(), NULL); - EVP_DigestUpdate(&m5,s->session->master_key, - s->session->master_key_length); - EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH); - if ((int)(i+MD5_DIGEST_LENGTH) > num) - { - EVP_DigestFinal_ex(&m5,smd,NULL); - memcpy(km,smd,(num-i)); - } - else - EVP_DigestFinal_ex(&m5,km,NULL); - - km+=MD5_DIGEST_LENGTH; - } - OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH); - EVP_MD_CTX_cleanup(&m5); - EVP_MD_CTX_cleanup(&s1); - return 1; - } - -int ssl3_change_cipher_state(SSL *s, int which) - { - unsigned char *p,*mac_secret; - unsigned char exp_key[EVP_MAX_KEY_LENGTH]; - unsigned char exp_iv[EVP_MAX_IV_LENGTH]; - unsigned char *ms,*key,*iv,*er1,*er2; - EVP_CIPHER_CTX *dd; - const EVP_CIPHER *c; -#ifndef OPENSSL_NO_COMP - COMP_METHOD *comp; -#endif - const EVP_MD *m; - EVP_MD_CTX md; - int is_exp,n,i,j,k,cl; - int reuse_dd = 0; - - is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); - c=s->s3->tmp.new_sym_enc; - m=s->s3->tmp.new_hash; - /* m == NULL will lead to a crash later */ - OPENSSL_assert(m); -#ifndef OPENSSL_NO_COMP - if (s->s3->tmp.new_compression == NULL) - comp=NULL; - else - comp=s->s3->tmp.new_compression->method; -#endif - - if (which & SSL3_CC_READ) - { - if (s->enc_read_ctx != NULL) - reuse_dd = 1; - else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) - goto err; - else - /* make sure it's intialized in case we exit later with an error */ - EVP_CIPHER_CTX_init(s->enc_read_ctx); - dd= s->enc_read_ctx; - - ssl_replace_hash(&s->read_hash,m); -#ifndef OPENSSL_NO_COMP - /* COMPRESS */ - if (s->expand != NULL) - { - COMP_CTX_free(s->expand); - s->expand=NULL; - } - if (comp != NULL) - { - s->expand=COMP_CTX_new(comp); - if (s->expand == NULL) - { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR); - goto err2; - } - if (s->s3->rrec.comp == NULL) - s->s3->rrec.comp=(unsigned char *) - OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH); - if (s->s3->rrec.comp == NULL) - goto err; - } -#endif - memset(&(s->s3->read_sequence[0]),0,8); - mac_secret= &(s->s3->read_mac_secret[0]); - } - else - { - if (s->enc_write_ctx != NULL) - reuse_dd = 1; - else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) - goto err; - else - /* make sure it's intialized in case we exit later with an error */ - EVP_CIPHER_CTX_init(s->enc_write_ctx); - dd= s->enc_write_ctx; - ssl_replace_hash(&s->write_hash,m); -#ifndef OPENSSL_NO_COMP - /* COMPRESS */ - if (s->compress != NULL) - { - COMP_CTX_free(s->compress); - s->compress=NULL; - } - if (comp != NULL) - { - s->compress=COMP_CTX_new(comp); - if (s->compress == NULL) - { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR); - goto err2; - } - } -#endif - memset(&(s->s3->write_sequence[0]),0,8); - mac_secret= &(s->s3->write_mac_secret[0]); - } - - if (reuse_dd) - EVP_CIPHER_CTX_cleanup(dd); - - p=s->s3->tmp.key_block; - i=EVP_MD_size(m); - if (i < 0) - goto err2; - cl=EVP_CIPHER_key_length(c); - j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? - cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; - /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */ - k=EVP_CIPHER_iv_length(c); - if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || - (which == SSL3_CHANGE_CIPHER_SERVER_READ)) - { - ms= &(p[ 0]); n=i+i; - key= &(p[ n]); n+=j+j; - iv= &(p[ n]); n+=k+k; - er1= &(s->s3->client_random[0]); - er2= &(s->s3->server_random[0]); - } - else - { - n=i; - ms= &(p[ n]); n+=i+j; - key= &(p[ n]); n+=j+k; - iv= &(p[ n]); n+=k; - er1= &(s->s3->server_random[0]); - er2= &(s->s3->client_random[0]); - } - - if (n > s->s3->tmp.key_block_length) - { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR); - goto err2; - } - - EVP_MD_CTX_init(&md); - memcpy(mac_secret,ms,i); - if (is_exp) - { - /* In here I set both the read and write key/iv to the - * same value since only the correct one will be used :-). - */ - EVP_DigestInit_ex(&md,EVP_md5(), NULL); - EVP_DigestUpdate(&md,key,j); - EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(&md,&(exp_key[0]),NULL); - key= &(exp_key[0]); - - if (k > 0) - { - EVP_DigestInit_ex(&md,EVP_md5(), NULL); - EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(&md,&(exp_iv[0]),NULL); - iv= &(exp_iv[0]); - } - } - - s->session->key_arg_length=0; - - EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE)); - - OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key)); - OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv)); - EVP_MD_CTX_cleanup(&md); - return(1); -err: - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); -err2: - return(0); - } - -int ssl3_setup_key_block(SSL *s) - { - unsigned char *p; - const EVP_CIPHER *c; - const EVP_MD *hash; - int num; - int ret = 0; - SSL_COMP *comp; - - if (s->s3->tmp.key_block_length != 0) - return(1); - - if (!ssl_cipher_get_evp(s->session,&c,&hash,NULL,NULL,&comp)) - { - SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE); - return(0); - } - - s->s3->tmp.new_sym_enc=c; - s->s3->tmp.new_hash=hash; -#ifdef OPENSSL_NO_COMP - s->s3->tmp.new_compression=NULL; -#else - s->s3->tmp.new_compression=comp; -#endif - - num=EVP_MD_size(hash); - if (num < 0) - return 0; - - num=EVP_CIPHER_key_length(c)+num+EVP_CIPHER_iv_length(c); - num*=2; - - ssl3_cleanup_key_block(s); - - if ((p=OPENSSL_malloc(num)) == NULL) - goto err; - - s->s3->tmp.key_block_length=num; - s->s3->tmp.key_block=p; - - ret = ssl3_generate_key_block(s,p,num); - - /* enable vulnerability countermeasure for CBC ciphers with - * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */ - if ((s->mode & SSL_MODE_CBC_RECORD_SPLITTING) != 0) - { - s->s3->need_record_splitting = 1; - - if (s->session->cipher != NULL) - { - if (s->session->cipher->algorithm_enc == SSL_eNULL) - s->s3->need_record_splitting = 0; - -#ifndef OPENSSL_NO_RC4 - if (s->session->cipher->algorithm_enc == SSL_RC4) - s->s3->need_record_splitting = 0; -#endif - } - } - - return ret; - -err: - SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); - return(0); - } - -void ssl3_cleanup_key_block(SSL *s) - { - if (s->s3->tmp.key_block != NULL) - { - OPENSSL_cleanse(s->s3->tmp.key_block, - s->s3->tmp.key_block_length); - OPENSSL_free(s->s3->tmp.key_block); - s->s3->tmp.key_block=NULL; - } - s->s3->tmp.key_block_length=0; - } - -/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. - * - * Returns: - * 0: (in non-constant time) if the record is publically invalid (i.e. too - * short etc). - * 1: if the record's padding is valid / the encryption was successful. - * -1: if the record's padding is invalid or, if sending, an internal error - * occured. - */ -int ssl3_enc(SSL *s, int send) - { - SSL3_RECORD *rec; - EVP_CIPHER_CTX *ds; - unsigned long l; - int bs,i,mac_size=0; - const EVP_CIPHER *enc; - - if (send) - { - ds=s->enc_write_ctx; - rec= &(s->s3->wrec); - if (s->enc_write_ctx == NULL) - enc=NULL; - else - enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); - } - else - { - ds=s->enc_read_ctx; - rec= &(s->s3->rrec); - if (s->enc_read_ctx == NULL) - enc=NULL; - else - enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); - } - - if ((s->session == NULL) || (ds == NULL) || - (enc == NULL)) - { - memmove(rec->data,rec->input,rec->length); - rec->input=rec->data; - } - else - { - l=rec->length; - bs=EVP_CIPHER_block_size(ds->cipher); - - /* COMPRESS */ - - if ((bs != 1) && send) - { - i=bs-((int)l%bs); - - /* we need to add 'i-1' padding bytes */ - l+=i; - /* the last of these zero bytes will be overwritten - * with the padding length. */ - memset(&rec->input[rec->length], 0, i); - rec->length+=i; - rec->input[l-1]=(i-1); - } - - if (!send) - { - if (l == 0 || l%bs != 0) - return 0; - /* otherwise, rec->length >= bs */ - } - - if(EVP_Cipher(ds,rec->data,rec->input,l) < 1) - return -1; - - if (EVP_MD_CTX_md(s->read_hash) != NULL) - mac_size = EVP_MD_CTX_size(s->read_hash); - if ((bs != 1) && !send) - return ssl3_cbc_remove_padding(s, rec, bs, mac_size); - } - return(1); - } - -void ssl3_init_finished_mac(SSL *s) - { - if (s->s3->handshake_buffer) BIO_free(s->s3->handshake_buffer); - if (s->s3->handshake_dgst) ssl3_free_digest_list(s); - s->s3->handshake_buffer=BIO_new(BIO_s_mem()); - (void)BIO_set_close(s->s3->handshake_buffer,BIO_CLOSE); - } - -void ssl3_free_digest_list(SSL *s) - { - int i; - if (!s->s3->handshake_dgst) return; - for (i=0;i<SSL_MAX_DIGEST;i++) - { - if (s->s3->handshake_dgst[i]) - EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]); - } - OPENSSL_free(s->s3->handshake_dgst); - s->s3->handshake_dgst=NULL; - } - - - -void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) - { - if (s->s3->handshake_buffer && !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) - { - BIO_write (s->s3->handshake_buffer,(void *)buf,len); - } - else - { - int i; - for (i=0;i< SSL_MAX_DIGEST;i++) - { - if (s->s3->handshake_dgst[i]!= NULL) - EVP_DigestUpdate(s->s3->handshake_dgst[i],buf,len); - } - } - } - -int ssl3_digest_cached_records(SSL *s) - { - int i; - long mask; - const EVP_MD *md; - long hdatalen; - void *hdata; - - /* Allocate handshake_dgst array */ - ssl3_free_digest_list(s); - s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *)); - memset(s->s3->handshake_dgst,0,SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *)); - hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,&hdata); - if (hdatalen <= 0) - { - SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH); - return 0; - } - - /* Loop through bitso of algorithm2 field and create MD_CTX-es */ - for (i=0;ssl_get_handshake_digest(i,&mask,&md); i++) - { - if ((mask & ssl_get_algorithm2(s)) && md) - { - s->s3->handshake_dgst[i]=EVP_MD_CTX_create(); -#ifdef OPENSSL_FIPS - if (EVP_MD_nid(md) == NID_md5) - { - EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i], - EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - } -#endif - EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL); - EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen); - } - else - { - s->s3->handshake_dgst[i]=NULL; - } - } - if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) - { - /* Free handshake_buffer BIO */ - BIO_free(s->s3->handshake_buffer); - s->s3->handshake_buffer = NULL; - } - - return 1; - } - -int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p) - { - return(ssl3_handshake_mac(s,md_nid,NULL,0,p)); - } -int ssl3_final_finish_mac(SSL *s, - const char *sender, int len, unsigned char *p) - { - int ret, sha1len; - ret=ssl3_handshake_mac(s,NID_md5,sender,len,p); - if(ret == 0) - return 0; - - p+=ret; - - sha1len=ssl3_handshake_mac(s,NID_sha1,sender,len,p); - if(sha1len == 0) - return 0; - - ret+=sha1len; - return(ret); - } -static int ssl3_handshake_mac(SSL *s, int md_nid, - const char *sender, int len, unsigned char *p) - { - unsigned int ret; - int npad,n; - unsigned int i; - unsigned char md_buf[EVP_MAX_MD_SIZE]; - EVP_MD_CTX ctx,*d=NULL; - - if (s->s3->handshake_buffer) - if (!ssl3_digest_cached_records(s)) - return 0; - - /* Search for digest of specified type in the handshake_dgst - * array*/ - for (i=0;i<SSL_MAX_DIGEST;i++) - { - if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid) - { - d=s->s3->handshake_dgst[i]; - break; - } - } - if (!d) { - SSLerr(SSL_F_SSL3_HANDSHAKE_MAC,SSL_R_NO_REQUIRED_DIGEST); - return 0; - } - EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_MD_CTX_copy_ex(&ctx,d); - n=EVP_MD_CTX_size(&ctx); - if (n < 0) - return 0; - - npad=(48/n)*n; - if (sender != NULL) - EVP_DigestUpdate(&ctx,sender,len); - EVP_DigestUpdate(&ctx,s->session->master_key, - s->session->master_key_length); - EVP_DigestUpdate(&ctx,ssl3_pad_1,npad); - EVP_DigestFinal_ex(&ctx,md_buf,&i); - - EVP_DigestInit_ex(&ctx,EVP_MD_CTX_md(&ctx), NULL); - EVP_DigestUpdate(&ctx,s->session->master_key, - s->session->master_key_length); - EVP_DigestUpdate(&ctx,ssl3_pad_2,npad); - EVP_DigestUpdate(&ctx,md_buf,i); - EVP_DigestFinal_ex(&ctx,p,&ret); - - EVP_MD_CTX_cleanup(&ctx); - - return((int)ret); - } - -int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) - { - SSL3_RECORD *rec; - unsigned char *mac_sec,*seq; - EVP_MD_CTX md_ctx; - const EVP_MD_CTX *hash; - unsigned char *p,rec_char; - size_t md_size, orig_len; - int npad; - int t; - - if (send) - { - rec= &(ssl->s3->wrec); - mac_sec= &(ssl->s3->write_mac_secret[0]); - seq= &(ssl->s3->write_sequence[0]); - hash=ssl->write_hash; - } - else - { - rec= &(ssl->s3->rrec); - mac_sec= &(ssl->s3->read_mac_secret[0]); - seq= &(ssl->s3->read_sequence[0]); - hash=ssl->read_hash; - } - - t=EVP_MD_CTX_size(hash); - if (t < 0 || t > 20) - return -1; - md_size=t; - npad=(48/md_size)*md_size; - - /* kludge: ssl3_cbc_remove_padding passes padding length in rec->type */ - orig_len = rec->length+md_size+((unsigned int)rec->type>>8); - rec->type &= 0xff; - - if (!send && - EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && - ssl3_cbc_record_digest_supported(hash)) - { - /* This is a CBC-encrypted record. We must avoid leaking any - * timing-side channel information about how many blocks of - * data we are hashing because that gives an attacker a - * timing-oracle. */ - - /* npad is, at most, 48 bytes and that's with MD5: - * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75. - * - * With SHA-1 (the largest hash speced for SSLv3) the hash size - * goes up 4, but npad goes down by 8, resulting in a smaller - * total size. */ - unsigned char header[75]; - unsigned j = 0; - memcpy(header+j, mac_sec, md_size); - j += md_size; - memcpy(header+j, ssl3_pad_1, npad); - j += npad; - memcpy(header+j, seq, 8); - j += 8; - header[j++] = rec->type; - header[j++] = rec->length >> 8; - header[j++] = rec->length & 0xff; - - ssl3_cbc_digest_record( - hash, - md, &md_size, - header, rec->input, - rec->length + md_size, orig_len, - mac_sec, md_size, - 1 /* is SSLv3 */); - } - else - { - unsigned int md_size_u; - /* Chop the digest off the end :-) */ - EVP_MD_CTX_init(&md_ctx); - - EVP_MD_CTX_copy_ex( &md_ctx,hash); - EVP_DigestUpdate(&md_ctx,mac_sec,md_size); - EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad); - EVP_DigestUpdate(&md_ctx,seq,8); - rec_char=rec->type; - EVP_DigestUpdate(&md_ctx,&rec_char,1); - p=md; - s2n(rec->length,p); - EVP_DigestUpdate(&md_ctx,md,2); - EVP_DigestUpdate(&md_ctx,rec->input,rec->length); - EVP_DigestFinal_ex( &md_ctx,md,NULL); - - EVP_MD_CTX_copy_ex( &md_ctx,hash); - EVP_DigestUpdate(&md_ctx,mac_sec,md_size); - EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad); - EVP_DigestUpdate(&md_ctx,md,md_size); - EVP_DigestFinal_ex( &md_ctx,md,&md_size_u); - md_size = md_size_u; - - EVP_MD_CTX_cleanup(&md_ctx); - } - - ssl3_record_sequence_update(seq); - return(md_size); - } - -void ssl3_record_sequence_update(unsigned char *seq) - { - int i; - - for (i=7; i>=0; i--) - { - ++seq[i]; - if (seq[i] != 0) break; - } - } - -int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, - int len) - { - static const unsigned char *salt[3]={ -#ifndef CHARSET_EBCDIC - (const unsigned char *)"A", - (const unsigned char *)"BB", - (const unsigned char *)"CCC", -#else - (const unsigned char *)"\x41", - (const unsigned char *)"\x42\x42", - (const unsigned char *)"\x43\x43\x43", -#endif - }; - unsigned char buf[EVP_MAX_MD_SIZE]; - EVP_MD_CTX ctx; - int i,ret=0; - unsigned int n; - - EVP_MD_CTX_init(&ctx); - for (i=0; i<3; i++) - { - EVP_DigestInit_ex(&ctx,s->ctx->sha1, NULL); - EVP_DigestUpdate(&ctx,salt[i],strlen((const char *)salt[i])); - EVP_DigestUpdate(&ctx,p,len); - EVP_DigestUpdate(&ctx,&(s->s3->client_random[0]), - SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&ctx,&(s->s3->server_random[0]), - SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(&ctx,buf,&n); - - EVP_DigestInit_ex(&ctx,s->ctx->md5, NULL); - EVP_DigestUpdate(&ctx,p,len); - EVP_DigestUpdate(&ctx,buf,n); - EVP_DigestFinal_ex(&ctx,out,&n); - out+=n; - ret+=n; - } - EVP_MD_CTX_cleanup(&ctx); - return(ret); - } - -int ssl3_alert_code(int code) - { - switch (code) - { - case SSL_AD_CLOSE_NOTIFY: return(SSL3_AD_CLOSE_NOTIFY); - case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE); - case SSL_AD_BAD_RECORD_MAC: return(SSL3_AD_BAD_RECORD_MAC); - case SSL_AD_DECRYPTION_FAILED: return(SSL3_AD_BAD_RECORD_MAC); - case SSL_AD_RECORD_OVERFLOW: return(SSL3_AD_BAD_RECORD_MAC); - case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE); - case SSL_AD_HANDSHAKE_FAILURE: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_NO_CERTIFICATE: return(SSL3_AD_NO_CERTIFICATE); - case SSL_AD_BAD_CERTIFICATE: return(SSL3_AD_BAD_CERTIFICATE); - case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE); - case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED); - case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED); - case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN); - case SSL_AD_ILLEGAL_PARAMETER: return(SSL3_AD_ILLEGAL_PARAMETER); - case SSL_AD_UNKNOWN_CA: return(SSL3_AD_BAD_CERTIFICATE); - case SSL_AD_ACCESS_DENIED: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_DECODE_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_DECRYPT_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_EXPORT_RESTRICTION: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_PROTOCOL_VERSION: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_INSUFFICIENT_SECURITY:return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_INTERNAL_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_USER_CANCELLED: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_NO_RENEGOTIATION: return(-1); /* Don't send it :-) */ - case SSL_AD_UNSUPPORTED_EXTENSION: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_UNRECOGNIZED_NAME: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); - case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK); - default: return(-1); - } - } diff --git a/main/openssl/ssl/s3_lib.c b/main/openssl/ssl/s3_lib.c deleted file mode 100644 index e752ebdd..00000000 --- a/main/openssl/ssl/s3_lib.c +++ /dev/null @@ -1,4443 +0,0 @@ -/* ssl/s3_lib.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * ECC cipher suite support in OpenSSL originally written by - * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. - * - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#include <stdio.h> -#include <openssl/objects.h> -#include "ssl_locl.h" -#include "kssl_lcl.h" -#ifndef OPENSSL_NO_TLSEXT -#ifndef OPENSSL_NO_EC -#include "../crypto/ec/ec_lcl.h" -#endif /* OPENSSL_NO_EC */ -#endif /* OPENSSL_NO_TLSEXT */ -#include <openssl/md5.h> -#ifndef OPENSSL_NO_DH -#include <openssl/dh.h> -#endif - -const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; - -#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) - -/* list of available SSLv3 ciphers (sorted by id) */ -OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ - -/* The RSA ciphers */ -/* Cipher 01 */ - { - 1, - SSL3_TXT_RSA_NULL_MD5, - SSL3_CK_RSA_NULL_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_eNULL, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP|SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, - }, - -/* Cipher 02 */ - { - 1, - SSL3_TXT_RSA_NULL_SHA, - SSL3_CK_RSA_NULL_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_eNULL, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, - }, - -/* Cipher 03 */ - { - 1, - SSL3_TXT_RSA_RC4_40_MD5, - SSL3_CK_RSA_RC4_40_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 128, - }, - -/* Cipher 04 */ - { - 1, - SSL3_TXT_RSA_RC4_128_MD5, - SSL3_CK_RSA_RC4_128_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - -/* Cipher 05 */ - { - 1, - SSL3_TXT_RSA_RC4_128_SHA, - SSL3_CK_RSA_RC4_128_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - -/* Cipher 06 */ - { - 1, - SSL3_TXT_RSA_RC2_40_MD5, - SSL3_CK_RSA_RC2_40_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC2, - SSL_MD5, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 128, - }, - -/* Cipher 07 */ -#ifndef OPENSSL_NO_IDEA - { - 1, - SSL3_TXT_RSA_IDEA_128_SHA, - SSL3_CK_RSA_IDEA_128_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_IDEA, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, -#endif - -/* Cipher 08 */ - { - 1, - SSL3_TXT_RSA_DES_40_CBC_SHA, - SSL3_CK_RSA_DES_40_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 56, - }, - -/* Cipher 09 */ - { - 1, - SSL3_TXT_RSA_DES_64_CBC_SHA, - SSL3_CK_RSA_DES_64_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, - }, - -/* Cipher 0A */ - { - 1, - SSL3_TXT_RSA_DES_192_CBC3_SHA, - SSL3_CK_RSA_DES_192_CBC3_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 112, - 168, - }, - -/* The DH ciphers */ -/* Cipher 0B */ - { - 0, - SSL3_TXT_DH_DSS_DES_40_CBC_SHA, - SSL3_CK_DH_DSS_DES_40_CBC_SHA, - SSL_kDHd, - SSL_aDH, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 56, - }, - -/* Cipher 0C */ - { - 0, /* not implemented (non-ephemeral DH) */ - SSL3_TXT_DH_DSS_DES_64_CBC_SHA, - SSL3_CK_DH_DSS_DES_64_CBC_SHA, - SSL_kDHd, - SSL_aDH, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, - }, - -/* Cipher 0D */ - { - 0, /* not implemented (non-ephemeral DH) */ - SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, - SSL3_CK_DH_DSS_DES_192_CBC3_SHA, - SSL_kDHd, - SSL_aDH, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 112, - 168, - }, - -/* Cipher 0E */ - { - 0, /* not implemented (non-ephemeral DH) */ - SSL3_TXT_DH_RSA_DES_40_CBC_SHA, - SSL3_CK_DH_RSA_DES_40_CBC_SHA, - SSL_kDHr, - SSL_aDH, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 56, - }, - -/* Cipher 0F */ - { - 0, /* not implemented (non-ephemeral DH) */ - SSL3_TXT_DH_RSA_DES_64_CBC_SHA, - SSL3_CK_DH_RSA_DES_64_CBC_SHA, - SSL_kDHr, - SSL_aDH, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, - }, - -/* Cipher 10 */ - { - 0, /* not implemented (non-ephemeral DH) */ - SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, - SSL3_CK_DH_RSA_DES_192_CBC3_SHA, - SSL_kDHr, - SSL_aDH, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 112, - 168, - }, - -/* The Ephemeral DH ciphers */ -/* Cipher 11 */ - { - 1, - SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, - SSL3_CK_EDH_DSS_DES_40_CBC_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 56, - }, - -/* Cipher 12 */ - { - 1, - SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, - SSL3_CK_EDH_DSS_DES_64_CBC_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, - }, - -/* Cipher 13 */ - { - 1, - SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, - SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 112, - 168, - }, - -/* Cipher 14 */ - { - 1, - SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, - SSL3_CK_EDH_RSA_DES_40_CBC_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 56, - }, - -/* Cipher 15 */ - { - 1, - SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, - SSL3_CK_EDH_RSA_DES_64_CBC_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, - }, - -/* Cipher 16 */ - { - 1, - SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, - SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 112, - 168, - }, - -/* Cipher 17 */ - { - 1, - SSL3_TXT_ADH_RC4_40_MD5, - SSL3_CK_ADH_RC4_40_MD5, - SSL_kEDH, - SSL_aNULL, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 128, - }, - -/* Cipher 18 */ - { - 1, - SSL3_TXT_ADH_RC4_128_MD5, - SSL3_CK_ADH_RC4_128_MD5, - SSL_kEDH, - SSL_aNULL, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - -/* Cipher 19 */ - { - 1, - SSL3_TXT_ADH_DES_40_CBC_SHA, - SSL3_CK_ADH_DES_40_CBC_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 128, - }, - -/* Cipher 1A */ - { - 1, - SSL3_TXT_ADH_DES_64_CBC_SHA, - SSL3_CK_ADH_DES_64_CBC_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, - }, - -/* Cipher 1B */ - { - 1, - SSL3_TXT_ADH_DES_192_CBC_SHA, - SSL3_CK_ADH_DES_192_CBC_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 112, - 168, - }, - -/* Fortezza ciphersuite from SSL 3.0 spec */ -#if 0 -/* Cipher 1C */ - { - 0, - SSL3_TXT_FZA_DMS_NULL_SHA, - SSL3_CK_FZA_DMS_NULL_SHA, - SSL_kFZA, - SSL_aFZA, - SSL_eNULL, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, - }, - -/* Cipher 1D */ - { - 0, - SSL3_TXT_FZA_DMS_FZA_SHA, - SSL3_CK_FZA_DMS_FZA_SHA, - SSL_kFZA, - SSL_aFZA, - SSL_eFZA, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, - }, - -/* Cipher 1E */ - { - 0, - SSL3_TXT_FZA_DMS_RC4_SHA, - SSL3_CK_FZA_DMS_RC4_SHA, - SSL_kFZA, - SSL_aFZA, - SSL_RC4, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, -#endif - -#ifndef OPENSSL_NO_KRB5 -/* The Kerberos ciphers*/ -/* Cipher 1E */ - { - 1, - SSL3_TXT_KRB5_DES_64_CBC_SHA, - SSL3_CK_KRB5_DES_64_CBC_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, - }, - -/* Cipher 1F */ - { - 1, - SSL3_TXT_KRB5_DES_192_CBC3_SHA, - SSL3_CK_KRB5_DES_192_CBC3_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 112, - 168, - }, - -/* Cipher 20 */ - { - 1, - SSL3_TXT_KRB5_RC4_128_SHA, - SSL3_CK_KRB5_RC4_128_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC4, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - -/* Cipher 21 */ - { - 1, - SSL3_TXT_KRB5_IDEA_128_CBC_SHA, - SSL3_CK_KRB5_IDEA_128_CBC_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_IDEA, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - -/* Cipher 22 */ - { - 1, - SSL3_TXT_KRB5_DES_64_CBC_MD5, - SSL3_CK_KRB5_DES_64_CBC_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_DES, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, - }, - -/* Cipher 23 */ - { - 1, - SSL3_TXT_KRB5_DES_192_CBC3_MD5, - SSL3_CK_KRB5_DES_192_CBC3_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_3DES, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 112, - 168, - }, - -/* Cipher 24 */ - { - 1, - SSL3_TXT_KRB5_RC4_128_MD5, - SSL3_CK_KRB5_RC4_128_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - -/* Cipher 25 */ - { - 1, - SSL3_TXT_KRB5_IDEA_128_CBC_MD5, - SSL3_CK_KRB5_IDEA_128_CBC_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_IDEA, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - -/* Cipher 26 */ - { - 1, - SSL3_TXT_KRB5_DES_40_CBC_SHA, - SSL3_CK_KRB5_DES_40_CBC_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 56, - }, - -/* Cipher 27 */ - { - 1, - SSL3_TXT_KRB5_RC2_40_CBC_SHA, - SSL3_CK_KRB5_RC2_40_CBC_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC2, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 128, - }, - -/* Cipher 28 */ - { - 1, - SSL3_TXT_KRB5_RC4_40_SHA, - SSL3_CK_KRB5_RC4_40_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC4, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 128, - }, - -/* Cipher 29 */ - { - 1, - SSL3_TXT_KRB5_DES_40_CBC_MD5, - SSL3_CK_KRB5_DES_40_CBC_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_DES, - SSL_MD5, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 56, - }, - -/* Cipher 2A */ - { - 1, - SSL3_TXT_KRB5_RC2_40_CBC_MD5, - SSL3_CK_KRB5_RC2_40_CBC_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC2, - SSL_MD5, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 128, - }, - -/* Cipher 2B */ - { - 1, - SSL3_TXT_KRB5_RC4_40_MD5, - SSL3_CK_KRB5_RC4_40_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 128, - }, -#endif /* OPENSSL_NO_KRB5 */ - -/* New AES ciphersuites */ -/* Cipher 2F */ - { - 1, - TLS1_TXT_RSA_WITH_AES_128_SHA, - TLS1_CK_RSA_WITH_AES_128_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, -/* Cipher 30 */ - { - 0, - TLS1_TXT_DH_DSS_WITH_AES_128_SHA, - TLS1_CK_DH_DSS_WITH_AES_128_SHA, - SSL_kDHd, - SSL_aDH, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, -/* Cipher 31 */ - { - 0, - TLS1_TXT_DH_RSA_WITH_AES_128_SHA, - TLS1_CK_DH_RSA_WITH_AES_128_SHA, - SSL_kDHr, - SSL_aDH, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, -/* Cipher 32 */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, - TLS1_CK_DHE_DSS_WITH_AES_128_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, -/* Cipher 33 */ - { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, - TLS1_CK_DHE_RSA_WITH_AES_128_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, -/* Cipher 34 */ - { - 1, - TLS1_TXT_ADH_WITH_AES_128_SHA, - TLS1_CK_ADH_WITH_AES_128_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - -/* Cipher 35 */ - { - 1, - TLS1_TXT_RSA_WITH_AES_256_SHA, - TLS1_CK_RSA_WITH_AES_256_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, -/* Cipher 36 */ - { - 0, - TLS1_TXT_DH_DSS_WITH_AES_256_SHA, - TLS1_CK_DH_DSS_WITH_AES_256_SHA, - SSL_kDHd, - SSL_aDH, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - -/* Cipher 37 */ - { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_RSA_WITH_AES_256_SHA, - TLS1_CK_DH_RSA_WITH_AES_256_SHA, - SSL_kDHr, - SSL_aDH, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - -/* Cipher 38 */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, - TLS1_CK_DHE_DSS_WITH_AES_256_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - -/* Cipher 39 */ - { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, - TLS1_CK_DHE_RSA_WITH_AES_256_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - - /* Cipher 3A */ - { - 1, - TLS1_TXT_ADH_WITH_AES_256_SHA, - TLS1_CK_ADH_WITH_AES_256_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - - /* TLS v1.2 ciphersuites */ - /* Cipher 3B */ - { - 1, - TLS1_TXT_RSA_WITH_NULL_SHA256, - TLS1_CK_RSA_WITH_NULL_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_eNULL, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, - }, - - /* Cipher 3C */ - { - 1, - TLS1_TXT_RSA_WITH_AES_128_SHA256, - TLS1_CK_RSA_WITH_AES_128_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher 3D */ - { - 1, - TLS1_TXT_RSA_WITH_AES_256_SHA256, - TLS1_CK_RSA_WITH_AES_256_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_AES256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - - /* Cipher 3E */ - { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, - TLS1_CK_DH_DSS_WITH_AES_128_SHA256, - SSL_kDHd, - SSL_aDH, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher 3F */ - { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_RSA_WITH_AES_128_SHA256, - TLS1_CK_DH_RSA_WITH_AES_128_SHA256, - SSL_kDHr, - SSL_aDH, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher 40 */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, - TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, - SSL_kEDH, - SSL_aDSS, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - -#ifndef OPENSSL_NO_CAMELLIA - /* Camellia ciphersuites from RFC4132 (128-bit portion) */ - - /* Cipher 41 */ - { - 1, - TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher 42 */ - { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, - SSL_kDHd, - SSL_aDH, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher 43 */ - { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_kDHr, - SSL_aDH, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher 44 */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher 45 */ - { - 1, - TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher 46 */ - { - 1, - TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, -#endif /* OPENSSL_NO_CAMELLIA */ - -#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES - /* New TLS Export CipherSuites from expired ID */ -#if 0 - /* Cipher 60 */ - { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, - TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_MD5, - SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 128, - }, - - /* Cipher 61 */ - { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, - TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC2, - SSL_MD5, - SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 128, - }, -#endif - - /* Cipher 62 */ - { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, - TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_DES, - SSL_SHA1, - SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, - }, - - /* Cipher 63 */ - { - 1, - TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, - TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_DES, - SSL_SHA1, - SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, - }, - - /* Cipher 64 */ - { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, - TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 128, - }, - - /* Cipher 65 */ - { - 1, - TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, - TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 128, - }, - - /* Cipher 66 */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, - TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, -#endif - - /* TLS v1.2 ciphersuites */ - /* Cipher 67 */ - { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, - SSL_kEDH, - SSL_aRSA, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher 68 */ - { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, - TLS1_CK_DH_DSS_WITH_AES_256_SHA256, - SSL_kDHd, - SSL_aDH, - SSL_AES256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - - /* Cipher 69 */ - { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_RSA_WITH_AES_256_SHA256, - TLS1_CK_DH_RSA_WITH_AES_256_SHA256, - SSL_kDHr, - SSL_aDH, - SSL_AES256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - - /* Cipher 6A */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, - TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, - SSL_kEDH, - SSL_aDSS, - SSL_AES256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - - /* Cipher 6B */ - { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, - SSL_kEDH, - SSL_aRSA, - SSL_AES256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - - /* Cipher 6C */ - { - 1, - TLS1_TXT_ADH_WITH_AES_128_SHA256, - TLS1_CK_ADH_WITH_AES_128_SHA256, - SSL_kEDH, - SSL_aNULL, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher 6D */ - { - 1, - TLS1_TXT_ADH_WITH_AES_256_SHA256, - TLS1_CK_ADH_WITH_AES_256_SHA256, - SSL_kEDH, - SSL_aNULL, - SSL_AES256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - - /* GOST Ciphersuites */ - - { - 1, - "GOST94-GOST89-GOST89", - 0x3000080, - SSL_kGOST, - SSL_aGOST94, - SSL_eGOST2814789CNT, - SSL_GOST89MAC, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, - 256, - 256 - }, - { - 1, - "GOST2001-GOST89-GOST89", - 0x3000081, - SSL_kGOST, - SSL_aGOST01, - SSL_eGOST2814789CNT, - SSL_GOST89MAC, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, - 256, - 256 - }, - { - 1, - "GOST94-NULL-GOST94", - 0x3000082, - SSL_kGOST, - SSL_aGOST94, - SSL_eNULL, - SSL_GOST94, - SSL_TLSV1, - SSL_NOT_EXP|SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, - 0, - 0 - }, - { - 1, - "GOST2001-NULL-GOST94", - 0x3000083, - SSL_kGOST, - SSL_aGOST01, - SSL_eNULL, - SSL_GOST94, - SSL_TLSV1, - SSL_NOT_EXP|SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, - 0, - 0 - }, - -#ifndef OPENSSL_NO_CAMELLIA - /* Camellia ciphersuites from RFC4132 (256-bit portion) */ - - /* Cipher 84 */ - { - 1, - TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - /* Cipher 85 */ - { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, - SSL_kDHd, - SSL_aDH, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - - /* Cipher 86 */ - { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, - SSL_kDHr, - SSL_aDH, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - - /* Cipher 87 */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - - /* Cipher 88 */ - { - 1, - TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - - /* Cipher 89 */ - { - 1, - TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, -#endif /* OPENSSL_NO_CAMELLIA */ - -#ifndef OPENSSL_NO_PSK - /* Cipher 8A */ - { - 1, - TLS1_TXT_PSK_WITH_RC4_128_SHA, - TLS1_CK_PSK_WITH_RC4_128_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher 8B */ - { - 1, - TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 112, - 168, - }, - - /* Cipher 8C */ - { - 1, - TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, - TLS1_CK_PSK_WITH_AES_128_CBC_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher 8D */ - { - 1, - TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, - TLS1_CK_PSK_WITH_AES_256_CBC_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, -#endif /* OPENSSL_NO_PSK */ - -#ifndef OPENSSL_NO_SEED - /* SEED ciphersuites from RFC4162 */ - - /* Cipher 96 */ - { - 1, - TLS1_TXT_RSA_WITH_SEED_SHA, - TLS1_CK_RSA_WITH_SEED_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_SEED, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher 97 */ - { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_DSS_WITH_SEED_SHA, - TLS1_CK_DH_DSS_WITH_SEED_SHA, - SSL_kDHd, - SSL_aDH, - SSL_SEED, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher 98 */ - { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_RSA_WITH_SEED_SHA, - TLS1_CK_DH_RSA_WITH_SEED_SHA, - SSL_kDHr, - SSL_aDH, - SSL_SEED, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher 99 */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_SEED_SHA, - TLS1_CK_DHE_DSS_WITH_SEED_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_SEED, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher 9A */ - { - 1, - TLS1_TXT_DHE_RSA_WITH_SEED_SHA, - TLS1_CK_DHE_RSA_WITH_SEED_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_SEED, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher 9B */ - { - 1, - TLS1_TXT_ADH_WITH_SEED_SHA, - TLS1_CK_ADH_WITH_SEED_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_SEED, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - -#endif /* OPENSSL_NO_SEED */ - - /* GCM ciphersuites from RFC5288 */ - - /* Cipher 9C */ - { - 1, - TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, - }, - - /* Cipher 9D */ - { - 1, - TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, - SSL_kRSA, - SSL_aRSA, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, - }, - - /* Cipher 9E */ - { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, - SSL_kEDH, - SSL_aRSA, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, - }, - - /* Cipher 9F */ - { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, - SSL_kEDH, - SSL_aRSA, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, - }, - - /* Cipher A0 */ - { - 0, - TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256, - SSL_kDHr, - SSL_aDH, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, - }, - - /* Cipher A1 */ - { - 0, - TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384, - SSL_kDHr, - SSL_aDH, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, - }, - - /* Cipher A2 */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, - TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, - SSL_kEDH, - SSL_aDSS, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, - }, - - /* Cipher A3 */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, - TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, - SSL_kEDH, - SSL_aDSS, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, - }, - - /* Cipher A4 */ - { - 0, - TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, - TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256, - SSL_kDHd, - SSL_aDH, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, - }, - - /* Cipher A5 */ - { - 0, - TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, - TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384, - SSL_kDHd, - SSL_aDH, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, - }, - - /* Cipher A6 */ - { - 1, - TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, - TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, - SSL_kEDH, - SSL_aNULL, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, - }, - - /* Cipher A7 */ - { - 1, - TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, - TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, - SSL_kEDH, - SSL_aNULL, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, - }, - -#ifndef OPENSSL_NO_ECDH - /* Cipher C001 */ - { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, - TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, - SSL_kECDHe, - SSL_aECDH, - SSL_eNULL, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, - }, - - /* Cipher C002 */ - { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, - TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, - SSL_kECDHe, - SSL_aECDH, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher C003 */ - { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, - SSL_kECDHe, - SSL_aECDH, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 112, - 168, - }, - - /* Cipher C004 */ - { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - SSL_kECDHe, - SSL_aECDH, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher C005 */ - { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, - SSL_kECDHe, - SSL_aECDH, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - - /* Cipher C006 */ - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, - SSL_kEECDH, - SSL_aECDSA, - SSL_eNULL, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, - }, - - /* Cipher C007 */ - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, - SSL_kEECDH, - SSL_aECDSA, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher C008 */ - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, - SSL_kEECDH, - SSL_aECDSA, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 112, - 168, - }, - - /* Cipher C009 */ - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - SSL_kEECDH, - SSL_aECDSA, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher C00A */ - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - SSL_kEECDH, - SSL_aECDSA, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - - /* Cipher C00B */ - { - 1, - TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, - TLS1_CK_ECDH_RSA_WITH_NULL_SHA, - SSL_kECDHr, - SSL_aECDH, - SSL_eNULL, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, - }, - - /* Cipher C00C */ - { - 1, - TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, - TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, - SSL_kECDHr, - SSL_aECDH, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher C00D */ - { - 1, - TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, - SSL_kECDHr, - SSL_aECDH, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 112, - 168, - }, - - /* Cipher C00E */ - { - 1, - TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, - SSL_kECDHr, - SSL_aECDH, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher C00F */ - { - 1, - TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, - SSL_kECDHr, - SSL_aECDH, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - - /* Cipher C010 */ - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, - TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, - SSL_kEECDH, - SSL_aRSA, - SSL_eNULL, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, - }, - - /* Cipher C011 */ - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, - SSL_kEECDH, - SSL_aRSA, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher C012 */ - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, - SSL_kEECDH, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 112, - 168, - }, - - /* Cipher C013 */ - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, - SSL_kEECDH, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher C014 */ - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, - SSL_kEECDH, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - - /* Cipher C015 */ - { - 1, - TLS1_TXT_ECDH_anon_WITH_NULL_SHA, - TLS1_CK_ECDH_anon_WITH_NULL_SHA, - SSL_kEECDH, - SSL_aNULL, - SSL_eNULL, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, - }, - - /* Cipher C016 */ - { - 1, - TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, - TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, - SSL_kEECDH, - SSL_aNULL, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher C017 */ - { - 1, - TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, - SSL_kEECDH, - SSL_aNULL, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 112, - 168, - }, - - /* Cipher C018 */ - { - 1, - TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, - SSL_kEECDH, - SSL_aNULL, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher C019 */ - { - 1, - TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, - SSL_kEECDH, - SSL_aNULL, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, -#endif /* OPENSSL_NO_ECDH */ - -#ifndef OPENSSL_NO_SRP - /* Cipher C01A */ - { - 1, - TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, - SSL_kSRP, - SSL_aSRP, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 112, - 168, - }, - - /* Cipher C01B */ - { - 1, - TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_kSRP, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 112, - 168, - }, - - /* Cipher C01C */ - { - 1, - TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, - SSL_kSRP, - SSL_aDSS, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 112, - 168, - }, - - /* Cipher C01D */ - { - 1, - TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, - TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, - SSL_kSRP, - SSL_aSRP, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher C01E */ - { - 1, - TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, - TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, - SSL_kSRP, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher C01F */ - { - 1, - TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, - TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, - SSL_kSRP, - SSL_aDSS, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher C020 */ - { - 1, - TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, - TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, - SSL_kSRP, - SSL_aSRP, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - - /* Cipher C021 */ - { - 1, - TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, - TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, - SSL_kSRP, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - - /* Cipher C022 */ - { - 1, - TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, - TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, - SSL_kSRP, - SSL_aDSS, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, -#endif /* OPENSSL_NO_SRP */ -#ifndef OPENSSL_NO_ECDH - - /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ - - /* Cipher C023 */ - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, - SSL_kEECDH, - SSL_aECDSA, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, - }, - - /* Cipher C024 */ - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, - SSL_kEECDH, - SSL_aECDSA, - SSL_AES256, - SSL_SHA384, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, - }, - - /* Cipher C025 */ - { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256, - TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256, - SSL_kECDHe, - SSL_aECDH, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, - }, - - /* Cipher C026 */ - { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384, - TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384, - SSL_kECDHe, - SSL_aECDH, - SSL_AES256, - SSL_SHA384, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, - }, - - /* Cipher C027 */ - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, - TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, - SSL_kEECDH, - SSL_aRSA, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, - }, - - /* Cipher C028 */ - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, - TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, - SSL_kEECDH, - SSL_aRSA, - SSL_AES256, - SSL_SHA384, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, - }, - - /* Cipher C029 */ - { - 1, - TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, - TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, - SSL_kECDHr, - SSL_aECDH, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, - }, - - /* Cipher C02A */ - { - 1, - TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, - TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, - SSL_kECDHr, - SSL_aECDH, - SSL_AES256, - SSL_SHA384, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, - }, - - /* GCM based TLS v1.2 ciphersuites from RFC5289 */ - - /* Cipher C02B */ - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - SSL_kEECDH, - SSL_aECDSA, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, - }, - - /* Cipher C02C */ - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - SSL_kEECDH, - SSL_aECDSA, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, - }, - - /* Cipher C02D */ - { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, - SSL_kECDHe, - SSL_aECDH, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, - }, - - /* Cipher C02E */ - { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, - SSL_kECDHe, - SSL_aECDH, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, - }, - - /* Cipher C02F */ - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - SSL_kEECDH, - SSL_aRSA, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, - }, - - /* Cipher C030 */ - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - SSL_kEECDH, - SSL_aRSA, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, - }, - - /* Cipher C031 */ - { - 1, - TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, - SSL_kECDHr, - SSL_aECDH, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, - }, - - /* Cipher C032 */ - { - 1, - TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, - SSL_kECDHr, - SSL_aECDH, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, - }, - -#ifndef OPENSSL_NO_PSK - /* ECDH PSK ciphersuites from RFC 5489 */ - /* Cipher C035 */ - { - 1, - TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA, - SSL_kEECDH, - SSL_aPSK, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* Cipher C036 */ - { - 1, - TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA, - SSL_kEECDH, - SSL_aPSK, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, -#endif /* OPENSSL_NO_PSK */ - -#endif /* OPENSSL_NO_ECDH */ - - -#ifdef TEMP_GOST_TLS -/* Cipher FF00 */ - { - 1, - "GOST-MD5", - 0x0300ff00, - SSL_kRSA, - SSL_aRSA, - SSL_eGOST2814789CNT, - SSL_MD5, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - { - 1, - "GOST-GOST94", - 0x0300ff01, - SSL_kRSA, - SSL_aRSA, - SSL_eGOST2814789CNT, - SSL_GOST94, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256 - }, - { - 1, - "GOST-GOST89MAC", - 0x0300ff02, - SSL_kRSA, - SSL_aRSA, - SSL_eGOST2814789CNT, - SSL_GOST89MAC, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256 - }, - { - 1, - "GOST-GOST89STREAM", - 0x0300ff03, - SSL_kRSA, - SSL_aRSA, - SSL_eGOST2814789CNT, - SSL_GOST89MAC, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC, - 256, - 256 - }, -#endif - -/* end of list */ - }; - -SSL3_ENC_METHOD SSLv3_enc_data={ - ssl3_enc, - n_ssl3_mac, - ssl3_setup_key_block, - ssl3_generate_master_secret, - ssl3_change_cipher_state, - ssl3_final_finish_mac, - MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, - ssl3_cert_verify_mac, - SSL3_MD_CLIENT_FINISHED_CONST,4, - SSL3_MD_SERVER_FINISHED_CONST,4, - ssl3_alert_code, - (int (*)(SSL *, unsigned char *, size_t, const char *, - size_t, const unsigned char *, size_t, - int use_context))ssl_undefined_function, - }; - -long ssl3_default_timeout(void) - { - /* 2 hours, the 24 hours mentioned in the SSLv3 spec - * is way too long for http, the cache would over fill */ - return(60*60*2); - } - -int ssl3_num_ciphers(void) - { - return(SSL3_NUM_CIPHERS); - } - -const SSL_CIPHER *ssl3_get_cipher(unsigned int u) - { - if (u < SSL3_NUM_CIPHERS) - return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); - else - return(NULL); - } - -int ssl3_pending(const SSL *s) - { - if (s->rstate == SSL_ST_READ_BODY) - return 0; - - return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; - } - -int ssl3_new(SSL *s) - { - SSL3_STATE *s3; - - if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err; - memset(s3,0,sizeof *s3); - memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num)); - memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num)); - - s->s3=s3; - -#ifndef OPENSSL_NO_SRP - SSL_SRP_CTX_init(s); -#endif -#if !defined(OPENSSL_NO_TLSEXT) - s->tlsext_channel_id_enabled = s->ctx->tlsext_channel_id_enabled; - if (s->ctx->tlsext_channel_id_private) - s->tlsext_channel_id_private = EVP_PKEY_dup(s->ctx->tlsext_channel_id_private); -#endif - s->method->ssl_clear(s); - return(1); -err: - return(0); - } - -void ssl3_free(SSL *s) - { - if(s == NULL) - return; - -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->client_opaque_prf_input != NULL) - OPENSSL_free(s->s3->client_opaque_prf_input); - if (s->s3->server_opaque_prf_input != NULL) - OPENSSL_free(s->s3->server_opaque_prf_input); -#endif - - ssl3_cleanup_key_block(s); - if (s->s3->rbuf.buf != NULL) - ssl3_release_read_buffer(s); - if (s->s3->wbuf.buf != NULL) - ssl3_release_write_buffer(s); - if (s->s3->rrec.comp != NULL) - OPENSSL_free(s->s3->rrec.comp); -#ifndef OPENSSL_NO_DH - if (s->s3->tmp.dh != NULL) - DH_free(s->s3->tmp.dh); -#endif -#ifndef OPENSSL_NO_ECDH - if (s->s3->tmp.ecdh != NULL) - EC_KEY_free(s->s3->tmp.ecdh); -#endif - - if (s->s3->tmp.ca_names != NULL) - sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); - if (s->s3->handshake_buffer) { - BIO_free(s->s3->handshake_buffer); - } - if (s->s3->handshake_dgst) ssl3_free_digest_list(s); -#ifndef OPENSSL_NO_TLSEXT - if (s->s3->alpn_selected) - OPENSSL_free(s->s3->alpn_selected); -#endif - -#ifndef OPENSSL_NO_SRP - SSL_SRP_CTX_free(s); -#endif - OPENSSL_cleanse(s->s3,sizeof *s->s3); - OPENSSL_free(s->s3); - s->s3=NULL; - } - -void ssl3_clear(SSL *s) - { - unsigned char *rp,*wp; - size_t rlen, wlen; - int init_extra; - -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->client_opaque_prf_input != NULL) - OPENSSL_free(s->s3->client_opaque_prf_input); - s->s3->client_opaque_prf_input = NULL; - if (s->s3->server_opaque_prf_input != NULL) - OPENSSL_free(s->s3->server_opaque_prf_input); - s->s3->server_opaque_prf_input = NULL; -#endif - - ssl3_cleanup_key_block(s); - if (s->s3->tmp.ca_names != NULL) - sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); - - if (s->s3->rrec.comp != NULL) - { - OPENSSL_free(s->s3->rrec.comp); - s->s3->rrec.comp=NULL; - } -#ifndef OPENSSL_NO_DH - if (s->s3->tmp.dh != NULL) - { - DH_free(s->s3->tmp.dh); - s->s3->tmp.dh = NULL; - } -#endif -#ifndef OPENSSL_NO_ECDH - if (s->s3->tmp.ecdh != NULL) - { - EC_KEY_free(s->s3->tmp.ecdh); - s->s3->tmp.ecdh = NULL; - } -#endif -#ifndef OPENSSL_NO_TLSEXT -#ifndef OPENSSL_NO_EC - s->s3->is_probably_safari = 0; -#endif /* !OPENSSL_NO_EC */ -#endif /* !OPENSSL_NO_TLSEXT */ - - rp = s->s3->rbuf.buf; - wp = s->s3->wbuf.buf; - rlen = s->s3->rbuf.len; - wlen = s->s3->wbuf.len; - init_extra = s->s3->init_extra; - if (s->s3->handshake_buffer) { - BIO_free(s->s3->handshake_buffer); - s->s3->handshake_buffer = NULL; - } - if (s->s3->handshake_dgst) { - ssl3_free_digest_list(s); - } - -#if !defined(OPENSSL_NO_TLSEXT) - if (s->s3->alpn_selected) - { - free(s->s3->alpn_selected); - s->s3->alpn_selected = NULL; - } -#endif - memset(s->s3,0,sizeof *s->s3); - s->s3->rbuf.buf = rp; - s->s3->wbuf.buf = wp; - s->s3->rbuf.len = rlen; - s->s3->wbuf.len = wlen; - s->s3->init_extra = init_extra; - - ssl_free_wbio_buffer(s); - - s->packet_length=0; - s->s3->renegotiate=0; - s->s3->total_renegotiations=0; - s->s3->num_renegotiations=0; - s->s3->in_read_app_data=0; - s->version=SSL3_VERSION; - -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) - if (s->next_proto_negotiated) - { - OPENSSL_free(s->next_proto_negotiated); - s->next_proto_negotiated = NULL; - s->next_proto_negotiated_len = 0; - } -#endif - -#if !defined(OPENSSL_NO_TLSEXT) - s->s3->tlsext_channel_id_valid = 0; -#endif - } - -#ifndef OPENSSL_NO_SRP -static char * MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg) - { - return BUF_strdup(s->srp_ctx.info) ; - } -#endif - -long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) - { - int ret=0; - -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) - if ( -#ifndef OPENSSL_NO_RSA - cmd == SSL_CTRL_SET_TMP_RSA || - cmd == SSL_CTRL_SET_TMP_RSA_CB || -#endif -#ifndef OPENSSL_NO_DSA - cmd == SSL_CTRL_SET_TMP_DH || - cmd == SSL_CTRL_SET_TMP_DH_CB || -#endif - 0) - { - if (!ssl_cert_inst(&s->cert)) - { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); - return(0); - } - } -#endif - - switch (cmd) - { - case SSL_CTRL_GET_SESSION_REUSED: - ret=s->hit; - break; - case SSL_CTRL_GET_CLIENT_CERT_REQUEST: - break; - case SSL_CTRL_GET_NUM_RENEGOTIATIONS: - ret=s->s3->num_renegotiations; - break; - case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: - ret=s->s3->num_renegotiations; - s->s3->num_renegotiations=0; - break; - case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: - ret=s->s3->total_renegotiations; - break; - case SSL_CTRL_GET_FLAGS: - ret=(int)(s->s3->flags); - break; -#ifndef OPENSSL_NO_RSA - case SSL_CTRL_NEED_TMP_RSA: - if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && - ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || - (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))) - ret = 1; - break; - case SSL_CTRL_SET_TMP_RSA: - { - RSA *rsa = (RSA *)parg; - if (rsa == NULL) - { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); - return(ret); - } - if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) - { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); - return(ret); - } - if (s->cert->rsa_tmp != NULL) - RSA_free(s->cert->rsa_tmp); - s->cert->rsa_tmp = rsa; - ret = 1; - } - break; - case SSL_CTRL_SET_TMP_RSA_CB: - { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(ret); - } - break; -#endif -#ifndef OPENSSL_NO_DH - case SSL_CTRL_SET_TMP_DH: - { - DH *dh = (DH *)parg; - if (dh == NULL) - { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); - return(ret); - } - if ((dh = DHparams_dup(dh)) == NULL) - { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); - return(ret); - } - if (!(s->options & SSL_OP_SINGLE_DH_USE)) - { - if (!DH_generate_key(dh)) - { - DH_free(dh); - SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); - return(ret); - } - } - if (s->cert->dh_tmp != NULL) - DH_free(s->cert->dh_tmp); - s->cert->dh_tmp = dh; - ret = 1; - } - break; - case SSL_CTRL_SET_TMP_DH_CB: - { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(ret); - } - break; -#endif -#ifndef OPENSSL_NO_ECDH - case SSL_CTRL_SET_TMP_ECDH: - { - EC_KEY *ecdh = NULL; - - if (parg == NULL) - { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); - return(ret); - } - if (!EC_KEY_up_ref((EC_KEY *)parg)) - { - SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB); - return(ret); - } - ecdh = (EC_KEY *)parg; - if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) - { - if (!EC_KEY_generate_key(ecdh)) - { - EC_KEY_free(ecdh); - SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB); - return(ret); - } - } - if (s->cert->ecdh_tmp != NULL) - EC_KEY_free(s->cert->ecdh_tmp); - s->cert->ecdh_tmp = ecdh; - ret = 1; - } - break; - case SSL_CTRL_SET_TMP_ECDH_CB: - { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(ret); - } - break; -#endif /* !OPENSSL_NO_ECDH */ -#ifndef OPENSSL_NO_TLSEXT - case SSL_CTRL_SET_TLSEXT_HOSTNAME: - if (larg == TLSEXT_NAMETYPE_host_name) - { - if (s->tlsext_hostname != NULL) - OPENSSL_free(s->tlsext_hostname); - s->tlsext_hostname = NULL; - - ret = 1; - if (parg == NULL) - break; - if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) - { - SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); - return 0; - } - if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) - { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR); - return 0; - } - } - else - { - SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); - return 0; - } - break; - case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: - s->tlsext_debug_arg=parg; - ret = 1; - break; - -#ifdef TLSEXT_TYPE_opaque_prf_input - case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT: - if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message - * (including the cert chain and everything) */ - { - SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); - break; - } - if (s->tlsext_opaque_prf_input != NULL) - OPENSSL_free(s->tlsext_opaque_prf_input); - if ((size_t)larg == 0) - s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ - else - s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg); - if (s->tlsext_opaque_prf_input != NULL) - { - s->tlsext_opaque_prf_input_len = (size_t)larg; - ret = 1; - } - else - s->tlsext_opaque_prf_input_len = 0; - break; -#endif - - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: - s->tlsext_status_type=larg; - ret = 1; - break; - - case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: - *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; - ret = 1; - break; - - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: - s->tlsext_ocsp_exts = parg; - ret = 1; - break; - - case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: - *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids; - ret = 1; - break; - - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: - s->tlsext_ocsp_ids = parg; - ret = 1; - break; - - case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: - *(unsigned char **)parg = s->tlsext_ocsp_resp; - return s->tlsext_ocsp_resplen; - - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: - if (s->tlsext_ocsp_resp) - OPENSSL_free(s->tlsext_ocsp_resp); - s->tlsext_ocsp_resp = parg; - s->tlsext_ocsp_resplen = larg; - ret = 1; - break; - -#ifndef OPENSSL_NO_HEARTBEATS - case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT: - if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) - ret = dtls1_heartbeat(s); - else - ret = tls1_heartbeat(s); - break; - - case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING: - ret = s->tlsext_hb_pending; - break; - - case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS: - if (larg) - s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS; - else - s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS; - ret = 1; - break; -#endif - case SSL_CTRL_CHANNEL_ID: - s->tlsext_channel_id_enabled = 1; - ret = 1; - break; - - case SSL_CTRL_SET_CHANNEL_ID: - if (s->server) - break; - s->tlsext_channel_id_enabled = 1; - if (EVP_PKEY_bits(parg) != 256) - { - SSLerr(SSL_F_SSL3_CTRL,SSL_R_CHANNEL_ID_NOT_P256); - break; - } - if (s->tlsext_channel_id_private) - EVP_PKEY_free(s->tlsext_channel_id_private); - s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg); - ret = 1; - break; - - case SSL_CTRL_GET_CHANNEL_ID: - if (!s->server) - break; - if (!s->s3->tlsext_channel_id_valid) - break; - memcpy(parg, s->s3->tlsext_channel_id, larg < 64 ? larg : 64); - return 64; - -#endif /* !OPENSSL_NO_TLSEXT */ - - case SSL_CTRL_CHECK_PROTO_VERSION: - /* For library-internal use; checks that the current protocol - * is the highest enabled version (according to s->ctx->method, - * as version negotiation may have changed s->method). */ - if (s->version == s->ctx->method->version) - return 1; - /* Apparently we're using a version-flexible SSL_METHOD - * (not at its highest protocol version). */ - if (s->ctx->method->version == SSLv23_method()->version) - { -#if TLS_MAX_VERSION != TLS1_2_VERSION -# error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION. -#endif - if (!(s->options & SSL_OP_NO_TLSv1_2)) - return s->version == TLS1_2_VERSION; - if (!(s->options & SSL_OP_NO_TLSv1_1)) - return s->version == TLS1_1_VERSION; - if (!(s->options & SSL_OP_NO_TLSv1)) - return s->version == TLS1_VERSION; - if (!(s->options & SSL_OP_NO_SSLv3)) - return s->version == SSL3_VERSION; - if (!(s->options & SSL_OP_NO_SSLv2)) - return s->version == SSL2_VERSION; - } - return 0; /* Unexpected state; fail closed. */ - - default: - break; - } - return(ret); - } - -long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) - { - int ret=0; - -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) - if ( -#ifndef OPENSSL_NO_RSA - cmd == SSL_CTRL_SET_TMP_RSA_CB || -#endif -#ifndef OPENSSL_NO_DSA - cmd == SSL_CTRL_SET_TMP_DH_CB || -#endif - 0) - { - if (!ssl_cert_inst(&s->cert)) - { - SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); - return(0); - } - } -#endif - - switch (cmd) - { -#ifndef OPENSSL_NO_RSA - case SSL_CTRL_SET_TMP_RSA_CB: - { - s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; - } - break; -#endif -#ifndef OPENSSL_NO_DH - case SSL_CTRL_SET_TMP_DH_CB: - { - s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; - } - break; -#endif -#ifndef OPENSSL_NO_ECDH - case SSL_CTRL_SET_TMP_ECDH_CB: - { - s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; - } - break; -#endif -#ifndef OPENSSL_NO_TLSEXT - case SSL_CTRL_SET_TLSEXT_DEBUG_CB: - s->tlsext_debug_cb=(void (*)(SSL *,int ,int, - unsigned char *, int, void *))fp; - break; -#endif - default: - break; - } - return(ret); - } - -long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) - { - CERT *cert; - - cert=ctx->cert; - - switch (cmd) - { -#ifndef OPENSSL_NO_RSA - case SSL_CTRL_NEED_TMP_RSA: - if ( (cert->rsa_tmp == NULL) && - ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || - (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))) - ) - return(1); - else - return(0); - /* break; */ - case SSL_CTRL_SET_TMP_RSA: - { - RSA *rsa; - int i; - - rsa=(RSA *)parg; - i=1; - if (rsa == NULL) - i=0; - else - { - if ((rsa=RSAPrivateKey_dup(rsa)) == NULL) - i=0; - } - if (!i) - { - SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB); - return(0); - } - else - { - if (cert->rsa_tmp != NULL) - RSA_free(cert->rsa_tmp); - cert->rsa_tmp=rsa; - return(1); - } - } - /* break; */ - case SSL_CTRL_SET_TMP_RSA_CB: - { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(0); - } - break; -#endif -#ifndef OPENSSL_NO_DH - case SSL_CTRL_SET_TMP_DH: - { - DH *new=NULL,*dh; - - dh=(DH *)parg; - if ((new=DHparams_dup(dh)) == NULL) - { - SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); - return 0; - } - if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) - { - if (!DH_generate_key(new)) - { - SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); - DH_free(new); - return 0; - } - } - if (cert->dh_tmp != NULL) - DH_free(cert->dh_tmp); - cert->dh_tmp=new; - return 1; - } - /*break; */ - case SSL_CTRL_SET_TMP_DH_CB: - { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(0); - } - break; -#endif -#ifndef OPENSSL_NO_ECDH - case SSL_CTRL_SET_TMP_ECDH: - { - EC_KEY *ecdh = NULL; - - if (parg == NULL) - { - SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); - return 0; - } - ecdh = EC_KEY_dup((EC_KEY *)parg); - if (ecdh == NULL) - { - SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB); - return 0; - } - if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) - { - if (!EC_KEY_generate_key(ecdh)) - { - EC_KEY_free(ecdh); - SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); - return 0; - } - } - - if (cert->ecdh_tmp != NULL) - { - EC_KEY_free(cert->ecdh_tmp); - } - cert->ecdh_tmp = ecdh; - return 1; - } - /* break; */ - case SSL_CTRL_SET_TMP_ECDH_CB: - { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(0); - } - break; -#endif /* !OPENSSL_NO_ECDH */ -#ifndef OPENSSL_NO_TLSEXT - case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: - ctx->tlsext_servername_arg=parg; - break; - case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: - case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: - { - unsigned char *keys = parg; - if (!keys) - return 48; - if (larg != 48) - { - SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); - return 0; - } - if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) - { - memcpy(ctx->tlsext_tick_key_name, keys, 16); - memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16); - memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); - } - else - { - memcpy(keys, ctx->tlsext_tick_key_name, 16); - memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); - memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); - } - return 1; - } - case SSL_CTRL_CHANNEL_ID: - /* must be called on a server */ - if (ctx->method->ssl_accept == ssl_undefined_function) - return 0; - ctx->tlsext_channel_id_enabled=1; - return 1; - -#ifdef TLSEXT_TYPE_opaque_prf_input - case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG: - ctx->tlsext_opaque_prf_input_callback_arg = parg; - return 1; -#endif - - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: - ctx->tlsext_status_arg=parg; - return 1; - break; - -#ifndef OPENSSL_NO_SRP - case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME: - ctx->srp_ctx.srp_Mask|=SSL_kSRP; - if (ctx->srp_ctx.login != NULL) - OPENSSL_free(ctx->srp_ctx.login); - ctx->srp_ctx.login = NULL; - if (parg == NULL) - break; - if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) - { - SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME); - return 0; - } - if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) - { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR); - return 0; - } - break; - case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD: - ctx->srp_ctx.SRP_give_srp_client_pwd_callback=srp_password_from_info_cb; - ctx->srp_ctx.info=parg; - break; - case SSL_CTRL_SET_SRP_ARG: - ctx->srp_ctx.srp_Mask|=SSL_kSRP; - ctx->srp_ctx.SRP_cb_arg=parg; - break; - - case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH: - ctx->srp_ctx.strength=larg; - break; -#endif -#endif /* !OPENSSL_NO_TLSEXT */ - - /* A Thawte special :-) */ - case SSL_CTRL_EXTRA_CHAIN_CERT: - if (ctx->extra_certs == NULL) - { - if ((ctx->extra_certs=sk_X509_new_null()) == NULL) - return(0); - } - sk_X509_push(ctx->extra_certs,(X509 *)parg); - break; - - case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: - *(STACK_OF(X509) **)parg = ctx->extra_certs; - break; - - case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: - if (ctx->extra_certs) - { - sk_X509_pop_free(ctx->extra_certs, X509_free); - ctx->extra_certs = NULL; - } - break; - - case SSL_CTRL_SET_CHANNEL_ID: - ctx->tlsext_channel_id_enabled = 1; - if (EVP_PKEY_bits(parg) != 256) - { - SSLerr(SSL_F_SSL3_CTX_CTRL,SSL_R_CHANNEL_ID_NOT_P256); - break; - } - if (ctx->tlsext_channel_id_private) - EVP_PKEY_free(ctx->tlsext_channel_id_private); - ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg); - break; - - default: - return(0); - } - return(1); - } - -long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) - { - CERT *cert; - - cert=ctx->cert; - - switch (cmd) - { -#ifndef OPENSSL_NO_RSA - case SSL_CTRL_SET_TMP_RSA_CB: - { - cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; - } - break; -#endif -#ifndef OPENSSL_NO_DH - case SSL_CTRL_SET_TMP_DH_CB: - { - cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; - } - break; -#endif -#ifndef OPENSSL_NO_ECDH - case SSL_CTRL_SET_TMP_ECDH_CB: - { - cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; - } - break; -#endif -#ifndef OPENSSL_NO_TLSEXT - case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: - ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp; - break; - -#ifdef TLSEXT_TYPE_opaque_prf_input - case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB: - ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp; - break; -#endif - - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: - ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp; - break; - - case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: - ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *, - unsigned char *, - EVP_CIPHER_CTX *, - HMAC_CTX *, int))fp; - break; - -#ifndef OPENSSL_NO_SRP - case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB: - ctx->srp_ctx.srp_Mask|=SSL_kSRP; - ctx->srp_ctx.SRP_verify_param_callback=(int (*)(SSL *,void *))fp; - break; - case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB: - ctx->srp_ctx.srp_Mask|=SSL_kSRP; - ctx->srp_ctx.TLS_ext_srp_username_callback=(int (*)(SSL *,int *,void *))fp; - break; - case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB: - ctx->srp_ctx.srp_Mask|=SSL_kSRP; - ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp; - break; -#endif -#endif - - default: - return(0); - } - return(1); - } - -/* This function needs to check if the ciphers required are actually - * available */ -const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) - { - SSL_CIPHER c; - const SSL_CIPHER *cp; - unsigned long id; - - id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; - c.id=id; - cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); -#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES -if (cp == NULL) fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]); -#endif - if (cp == NULL || cp->valid == 0) - return NULL; - else - return cp; - } - -int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) - { - long l; - - if (p != NULL) - { - l=c->id; - if ((l & 0xff000000) != 0x03000000) return(0); - p[0]=((unsigned char)(l>> 8L))&0xFF; - p[1]=((unsigned char)(l ))&0xFF; - } - return(2); - } - -SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, - STACK_OF(SSL_CIPHER) *srvr) - { - SSL_CIPHER *c,*ret=NULL; - STACK_OF(SSL_CIPHER) *prio, *allow; - int i,ii,ok; -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC) - unsigned int j; - int ec_ok, ec_nid; - unsigned char ec_search1 = 0, ec_search2 = 0; -#endif - CERT *cert; - unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a; - - /* Let's see which ciphers we can support */ - cert=s->cert; - -#if 0 - /* Do not set the compare functions, because this may lead to a - * reordering by "id". We want to keep the original ordering. - * We may pay a price in performance during sk_SSL_CIPHER_find(), - * but would have to pay with the price of sk_SSL_CIPHER_dup(). - */ - sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp); - sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp); -#endif - -#ifdef CIPHER_DEBUG - fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr); - for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i) - { - c=sk_SSL_CIPHER_value(srvr,i); - fprintf(stderr, "%p:%s\n",(void *)c,c->name); - } - fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt); - for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i) - { - c=sk_SSL_CIPHER_value(clnt,i); - fprintf(stderr, "%p:%s\n",(void *)c,c->name); - } -#endif - - if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) - { - prio = srvr; - allow = clnt; - } - else - { - prio = clnt; - allow = srvr; - } - - for (i=0; i<sk_SSL_CIPHER_num(prio); i++) - { - c=sk_SSL_CIPHER_value(prio,i); - - /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ - if ((c->algorithm_ssl & SSL_TLSV1_2) && - (TLS1_get_version(s) < TLS1_2_VERSION)) - continue; - - ssl_set_cert_masks(cert,c); - mask_k = cert->mask_k; - mask_a = cert->mask_a; - emask_k = cert->export_mask_k; - emask_a = cert->export_mask_a; -#ifndef OPENSSL_NO_SRP - if (s->srp_ctx.srp_Mask & SSL_kSRP) - { - mask_k |= SSL_kSRP; - emask_k |= SSL_kSRP; - mask_a |= SSL_aSRP; - emask_a |= SSL_aSRP; - } -#endif - -#ifdef KSSL_DEBUG -/* fprintf(stderr,"ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/ -#endif /* KSSL_DEBUG */ - - alg_k=c->algorithm_mkey; - alg_a=c->algorithm_auth; - -#ifndef OPENSSL_NO_KRB5 - if (alg_k & SSL_kKRB5) - { - if ( !kssl_keytab_is_available(s->kssl_ctx) ) - continue; - } -#endif /* OPENSSL_NO_KRB5 */ -#ifndef OPENSSL_NO_PSK - /* with PSK there must be server callback set */ - if ((alg_a & SSL_aPSK) && s->psk_server_callback == NULL) - continue; -#endif /* OPENSSL_NO_PSK */ - - if (SSL_C_IS_EXPORT(c)) - { - ok = (alg_k & emask_k) && (alg_a & emask_a); -#ifdef CIPHER_DEBUG - fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a, - (void *)c,c->name); -#endif - } - else - { - ok = (alg_k & mask_k) && (alg_a & mask_a); -#ifdef CIPHER_DEBUG - fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c, - c->name); -#endif - } - -#ifndef OPENSSL_NO_TLSEXT -#ifndef OPENSSL_NO_EC - if ( - /* if we are considering an ECC cipher suite that uses our certificate */ - (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) - /* and we have an ECC certificate */ - && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) - /* and the client specified a Supported Point Formats extension */ - && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL)) - /* and our certificate's point is compressed */ - && ( - (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL) - && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL) - && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL) - && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL) - && ( - (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED) - || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1) - ) - ) - ) - { - ec_ok = 0; - /* if our certificate's curve is over a field type that the client does not support - * then do not allow this cipher suite to be negotiated */ - if ( - (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) - && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) - && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL) - && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) - ) - { - for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) - { - if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime) - { - ec_ok = 1; - break; - } - } - } - else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) - { - for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) - { - if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2) - { - ec_ok = 1; - break; - } - } - } - ok = ok && ec_ok; - } - if ( - /* if we are considering an ECC cipher suite that uses our certificate */ - (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) - /* and we have an ECC certificate */ - && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) - /* and the client specified an EllipticCurves extension */ - && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL)) - ) - { - ec_ok = 0; - if ( - (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) - && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) - ) - { - ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group); - if ((ec_nid == 0) - && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL) - ) - { - if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) - { - ec_search1 = 0xFF; - ec_search2 = 0x01; - } - else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) - { - ec_search1 = 0xFF; - ec_search2 = 0x02; - } - } - else - { - ec_search1 = 0x00; - ec_search2 = tls1_ec_nid2curve_id(ec_nid); - } - if ((ec_search1 != 0) || (ec_search2 != 0)) - { - for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) - { - if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2)) - { - ec_ok = 1; - break; - } - } - } - } - ok = ok && ec_ok; - } -#ifndef OPENSSL_NO_ECDH - if ( - /* if we are considering an ECC cipher suite that uses an ephemeral EC key */ - (alg_k & SSL_kEECDH) - /* and we have an ephemeral EC key */ - && (s->cert->ecdh_tmp != NULL) - /* and the client specified an EllipticCurves extension */ - && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL)) - ) - { - ec_ok = 0; - if (s->cert->ecdh_tmp->group != NULL) - { - ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group); - if ((ec_nid == 0) - && (s->cert->ecdh_tmp->group->meth != NULL) - ) - { - if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field) - { - ec_search1 = 0xFF; - ec_search2 = 0x01; - } - else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field) - { - ec_search1 = 0xFF; - ec_search2 = 0x02; - } - } - else - { - ec_search1 = 0x00; - ec_search2 = tls1_ec_nid2curve_id(ec_nid); - } - if ((ec_search1 != 0) || (ec_search2 != 0)) - { - for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) - { - if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2)) - { - ec_ok = 1; - break; - } - } - } - } - ok = ok && ec_ok; - } -#endif /* OPENSSL_NO_ECDH */ -#endif /* OPENSSL_NO_EC */ -#endif /* OPENSSL_NO_TLSEXT */ - - if (!ok) continue; - ii=sk_SSL_CIPHER_find(allow,c); - if (ii >= 0) - { -#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT) - if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) - { - if (!ret) ret=sk_SSL_CIPHER_value(allow,ii); - continue; - } -#endif - ret=sk_SSL_CIPHER_value(allow,ii); - break; - } - } - return(ret); - } - -int ssl3_get_req_cert_type(SSL *s, unsigned char *p) - { - int ret=0; - unsigned long alg_k; - - alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - -#ifndef OPENSSL_NO_GOST - if (s->version >= TLS1_VERSION) - { - if (alg_k & SSL_kGOST) - { - p[ret++]=TLS_CT_GOST94_SIGN; - p[ret++]=TLS_CT_GOST01_SIGN; - return(ret); - } - } -#endif - -#ifndef OPENSSL_NO_DH - if (alg_k & (SSL_kDHr|SSL_kEDH)) - { -# ifndef OPENSSL_NO_RSA - p[ret++]=SSL3_CT_RSA_FIXED_DH; -# endif -# ifndef OPENSSL_NO_DSA - p[ret++]=SSL3_CT_DSS_FIXED_DH; -# endif - } - if ((s->version == SSL3_VERSION) && - (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) - { -# ifndef OPENSSL_NO_RSA - p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; -# endif -# ifndef OPENSSL_NO_DSA - p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH; -# endif - } -#endif /* !OPENSSL_NO_DH */ -#ifndef OPENSSL_NO_RSA - p[ret++]=SSL3_CT_RSA_SIGN; -#endif -#ifndef OPENSSL_NO_DSA - p[ret++]=SSL3_CT_DSS_SIGN; -#endif -#ifndef OPENSSL_NO_ECDH - if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) - { - p[ret++]=TLS_CT_RSA_FIXED_ECDH; - p[ret++]=TLS_CT_ECDSA_FIXED_ECDH; - } -#endif - -#ifndef OPENSSL_NO_ECDSA - /* ECDSA certs can be used with RSA cipher suites as well - * so we don't need to check for SSL_kECDH or SSL_kEECDH - */ - if (s->version >= TLS1_VERSION) - { - p[ret++]=TLS_CT_ECDSA_SIGN; - } -#endif - return(ret); - } - -int ssl3_shutdown(SSL *s) - { - int ret; - - /* Don't do anything much if we have not done the handshake or - * we don't want to send messages :-) */ - if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) - { - s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); - return(1); - } - - if (!(s->shutdown & SSL_SENT_SHUTDOWN)) - { - s->shutdown|=SSL_SENT_SHUTDOWN; -#if 1 - ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY); -#endif - /* our shutdown alert has been sent now, and if it still needs - * to be written, s->s3->alert_dispatch will be true */ - if (s->s3->alert_dispatch) - return(-1); /* return WANT_WRITE */ - } - else if (s->s3->alert_dispatch) - { - /* resend it if not sent */ -#if 1 - ret=s->method->ssl_dispatch_alert(s); - if(ret == -1) - { - /* we only get to return -1 here the 2nd/Nth - * invocation, we must have already signalled - * return 0 upon a previous invoation, - * return WANT_WRITE */ - return(ret); - } -#endif - } - else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) - { - /* If we are waiting for a close from our peer, we are closed */ - s->method->ssl_read_bytes(s,0,NULL,0,0); - if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) - { - return(-1); /* return WANT_READ */ - } - } - - if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && - !s->s3->alert_dispatch) - return(1); - else - return(0); - } - -int ssl3_write(SSL *s, const void *buf, int len) - { - int ret,n; - -#if 0 - if (s->shutdown & SSL_SEND_SHUTDOWN) - { - s->rwstate=SSL_NOTHING; - return(0); - } -#endif - clear_sys_error(); - if (s->s3->renegotiate) ssl3_renegotiate_check(s); - - /* This is an experimental flag that sends the - * last handshake message in the same packet as the first - * use data - used to see if it helps the TCP protocol during - * session-id reuse */ - /* The second test is because the buffer may have been removed */ - if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) - { - /* First time through, we write into the buffer */ - if (s->s3->delay_buf_pop_ret == 0) - { - ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, - buf,len); - if (ret <= 0) return(ret); - - s->s3->delay_buf_pop_ret=ret; - } - - s->rwstate=SSL_WRITING; - n=BIO_flush(s->wbio); - if (n <= 0) return(n); - s->rwstate=SSL_NOTHING; - - /* We have flushed the buffer, so remove it */ - ssl_free_wbio_buffer(s); - s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; - - ret=s->s3->delay_buf_pop_ret; - s->s3->delay_buf_pop_ret=0; - } - else - { - ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA, - buf,len); - if (ret <= 0) return(ret); - } - - return(ret); - } - -static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) - { - int n,ret; - - clear_sys_error(); - if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) - { - /* Deal with an application that calls SSL_read() when handshake data - * is yet to be written. - */ - if (BIO_wpending(s->wbio) > 0) - { - s->rwstate=SSL_WRITING; - n=BIO_flush(s->wbio); - if (n <= 0) return(n); - s->rwstate=SSL_NOTHING; - } - } - if (s->s3->renegotiate) ssl3_renegotiate_check(s); - s->s3->in_read_app_data=1; - ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); - if ((ret == -1) && (s->s3->in_read_app_data == 2)) - { - /* ssl3_read_bytes decided to call s->handshake_func, which - * called ssl3_read_bytes to read handshake data. - * However, ssl3_read_bytes actually found application data - * and thinks that application data makes sense here; so disable - * handshake processing and try to read application data again. */ - s->in_handshake++; - ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); - s->in_handshake--; - } - else - s->s3->in_read_app_data=0; - - return(ret); - } - -int ssl3_read(SSL *s, void *buf, int len) - { - return ssl3_read_internal(s, buf, len, 0); - } - -int ssl3_peek(SSL *s, void *buf, int len) - { - return ssl3_read_internal(s, buf, len, 1); - } - -int ssl3_renegotiate(SSL *s) - { - if (s->handshake_func == NULL) - return(1); - - if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) - return(0); - - s->s3->renegotiate=1; - return(1); - } - -int ssl3_renegotiate_check(SSL *s) - { - int ret=0; - - if (s->s3->renegotiate) - { - if ( (s->s3->rbuf.left == 0) && - (s->s3->wbuf.left == 0) && - !SSL_in_init(s)) - { -/* -if we are the server, and we have sent a 'RENEGOTIATE' message, we -need to go to SSL_ST_ACCEPT. -*/ - /* SSL_ST_ACCEPT */ - s->state=SSL_ST_RENEGOTIATE; - s->s3->renegotiate=0; - s->s3->num_renegotiations++; - s->s3->total_renegotiations++; - ret=1; - } - } - return(ret); - } -/* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch - * to new SHA256 PRF and handshake macs - */ -long ssl_get_algorithm2(SSL *s) - { - long alg2 = s->s3->tmp.new_cipher->algorithm2; - if (s->method->version == TLS1_2_VERSION && - alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) - return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; - return alg2; - } diff --git a/main/openssl/ssl/s3_meth.c b/main/openssl/ssl/s3_meth.c deleted file mode 100644 index 4dec7033..00000000 --- a/main/openssl/ssl/s3_meth.c +++ /dev/null @@ -1,76 +0,0 @@ -/* ssl/s3_meth.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include <openssl/objects.h> -#include "ssl_locl.h" - -#ifndef OPENSSL_NO_SSL3_METHOD -static const SSL_METHOD *ssl3_get_method(int ver) - { - if (ver == SSL3_VERSION) - return(SSLv3_method()); - else - return(NULL); - } - -IMPLEMENT_ssl3_meth_func(SSLv3_method, - ssl3_accept, - ssl3_connect, - ssl3_get_method) -#endif diff --git a/main/openssl/ssl/s3_pkt.c b/main/openssl/ssl/s3_pkt.c deleted file mode 100644 index c2ae93bc..00000000 --- a/main/openssl/ssl/s3_pkt.c +++ /dev/null @@ -1,1586 +0,0 @@ -/* ssl/s3_pkt.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <stdio.h> -#include <limits.h> -#include <errno.h> -#define USE_SOCKETS -#include "ssl_locl.h" -#include <openssl/evp.h> -#include <openssl/buffer.h> -#include <openssl/rand.h> - -static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, - unsigned int len, char fragment, char is_fragment); -static int ssl3_get_record(SSL *s); - -int ssl3_read_n(SSL *s, int n, int max, int extend) - { - /* If extend == 0, obtain new n-byte packet; if extend == 1, increase - * packet by another n bytes. - * The packet will be in the sub-array of s->s3->rbuf.buf specified - * by s->packet and s->packet_length. - * (If s->read_ahead is set, 'max' bytes may be stored in rbuf - * [plus s->packet_length bytes if extend == 1].) - */ - int i,len,left; - long align=0; - unsigned char *pkt; - SSL3_BUFFER *rb; - - if (n <= 0) return n; - - rb = &(s->s3->rbuf); - if (rb->buf == NULL) - if (!ssl3_setup_read_buffer(s)) - return -1; - - left = rb->left; -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - align = (long)rb->buf + SSL3_RT_HEADER_LENGTH; - align = (-align)&(SSL3_ALIGN_PAYLOAD-1); -#endif - - if (!extend) - { - /* start with empty packet ... */ - if (left == 0) - rb->offset = align; - else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) - { - /* check if next packet length is large - * enough to justify payload alignment... */ - pkt = rb->buf + rb->offset; - if (pkt[0] == SSL3_RT_APPLICATION_DATA - && (pkt[3]<<8|pkt[4]) >= 128) - { - /* Note that even if packet is corrupted - * and its length field is insane, we can - * only be led to wrong decision about - * whether memmove will occur or not. - * Header values has no effect on memmove - * arguments and therefore no buffer - * overrun can be triggered. */ - memmove (rb->buf+align,pkt,left); - rb->offset = align; - } - } - s->packet = rb->buf + rb->offset; - s->packet_length = 0; - /* ... now we can act as if 'extend' was set */ - } - - /* For DTLS/UDP reads should not span multiple packets - * because the read operation returns the whole packet - * at once (as long as it fits into the buffer). */ - if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) - { - if (left == 0 && extend) - return 0; - if (left > 0 && n > left) - n = left; - } - - /* if there is enough in the buffer from a previous read, take some */ - if (left >= n) - { - s->packet_length+=n; - rb->left=left-n; - rb->offset+=n; - return(n); - } - - /* else we need to read more data */ - - len = s->packet_length; - pkt = rb->buf+align; - /* Move any available bytes to front of buffer: - * 'len' bytes already pointed to by 'packet', - * 'left' extra ones at the end */ - if (s->packet != pkt) /* len > 0 */ - { - memmove(pkt, s->packet, len+left); - s->packet = pkt; - rb->offset = len + align; - } - - if (n > (int)(rb->len - rb->offset)) /* does not happen */ - { - SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR); - return -1; - } - - if (!s->read_ahead) - /* ignore max parameter */ - max = n; - else - { - if (max < n) - max = n; - if (max > (int)(rb->len - rb->offset)) - max = rb->len - rb->offset; - } - - while (left < n) - { - /* Now we have len+left bytes at the front of s->s3->rbuf.buf - * and need to read in more until we have len+n (up to - * len+max if possible) */ - - clear_sys_error(); - if (s->rbio != NULL) - { - s->rwstate=SSL_READING; - i=BIO_read(s->rbio,pkt+len+left, max-left); - } - else - { - SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET); - i = -1; - } - - if (i <= 0) - { - rb->left = left; - if (s->mode & SSL_MODE_RELEASE_BUFFERS && - SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) - if (len+left == 0) - ssl3_release_read_buffer(s); - return(i); - } - left+=i; - /* reads should *never* span multiple packets for DTLS because - * the underlying transport protocol is message oriented as opposed - * to byte oriented as in the TLS case. */ - if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) - { - if (n > left) - n = left; /* makes the while condition false */ - } - } - - /* done reading, now the book-keeping */ - rb->offset += n; - rb->left = left - n; - s->packet_length += n; - s->rwstate=SSL_NOTHING; - return(n); - } - -/* MAX_EMPTY_RECORDS defines the number of consecutive, empty records that will - * be processed per call to ssl3_get_record. Without this limit an attacker - * could send empty records at a faster rate than we can process and cause - * ssl3_get_record to loop forever. */ -#define MAX_EMPTY_RECORDS 32 - -/* Call this to get a new input record. - * It will return <= 0 if more data is needed, normally due to an error - * or non-blocking IO. - * When it finishes, one packet has been decoded and can be found in - * ssl->s3->rrec.type - is the type of record - * ssl->s3->rrec.data, - data - * ssl->s3->rrec.length, - number of bytes - */ -/* used only by ssl3_read_bytes */ -static int ssl3_get_record(SSL *s) - { - int ssl_major,ssl_minor,al; - int enc_err,n,i,ret= -1; - SSL3_RECORD *rr; - SSL_SESSION *sess; - unsigned char *p; - unsigned char md[EVP_MAX_MD_SIZE]; - short version; - unsigned mac_size, orig_len; - size_t extra; - unsigned empty_record_count = 0; - - rr= &(s->s3->rrec); - sess=s->session; - - if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) - extra=SSL3_RT_MAX_EXTRA; - else - extra=0; - if (extra && !s->s3->init_extra) - { - /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER - * set after ssl3_setup_buffers() was done */ - SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); - return -1; - } - -again: - /* check if we have the header */ - if ( (s->rstate != SSL_ST_READ_BODY) || - (s->packet_length < SSL3_RT_HEADER_LENGTH)) - { - n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); - if (n <= 0) return(n); /* error or non-blocking */ - s->rstate=SSL_ST_READ_BODY; - - p=s->packet; - - /* Pull apart the header into the SSL3_RECORD */ - rr->type= *(p++); - ssl_major= *(p++); - ssl_minor= *(p++); - version=(ssl_major<<8)|ssl_minor; - n2s(p,rr->length); -#if 0 -fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length); -#endif - - /* Lets check version */ - if (!s->first_packet) - { - if (version != s->version) - { - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash) - /* Send back error using their minor version number :-) */ - s->version = (unsigned short)version; - al=SSL_AD_PROTOCOL_VERSION; - goto f_err; - } - } - - if ((version>>8) != SSL3_VERSION_MAJOR) - { - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - goto err; - } - - if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) - { - al=SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG); - goto f_err; - } - - /* now s->rstate == SSL_ST_READ_BODY */ - } - - /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ - - if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH) - { - /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ - i=rr->length; - n=ssl3_read_n(s,i,i,1); - if (n <= 0) return(n); /* error or non-blocking io */ - /* now n == rr->length, - * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */ - } - - s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */ - - /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, - * and we have that many bytes in s->packet - */ - rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]); - - /* ok, we can now read from 's->packet' data into 'rr' - * rr->input points at rr->length bytes, which - * need to be copied into rr->data by either - * the decryption or by the decompression - * When the data is 'copied' into the rr->data buffer, - * rr->input will be pointed at the new buffer */ - - /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] - * rr->length bytes of encrypted compressed stuff. */ - - /* check is not needed I believe */ - if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) - { - al=SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); - goto f_err; - } - - /* decrypt in place in 'rr->input' */ - rr->data=rr->input; - - enc_err = s->method->ssl3_enc->enc(s,0); - /* enc_err is: - * 0: (in non-constant time) if the record is publically invalid. - * 1: if the padding is valid - * -1: if the padding is invalid */ - if (enc_err == 0) - { - al=SSL_AD_DECRYPTION_FAILED; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); - goto f_err; - } - -#ifdef TLS_DEBUG -printf("dec %d\n",rr->length); -{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } -printf("\n"); -#endif - - /* r->length is now the compressed data plus mac */ - if ((sess != NULL) && - (s->enc_read_ctx != NULL) && - (EVP_MD_CTX_md(s->read_hash) != NULL)) - { - /* s->read_hash != NULL => mac_size != -1 */ - unsigned char *mac = NULL; - unsigned char mac_tmp[EVP_MAX_MD_SIZE]; - mac_size=EVP_MD_CTX_size(s->read_hash); - OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); - - /* kludge: *_cbc_remove_padding passes padding length in rr->type */ - orig_len = rr->length+((unsigned int)rr->type>>8); - - /* orig_len is the length of the record before any padding was - * removed. This is public information, as is the MAC in use, - * therefore we can safely process the record in a different - * amount of time if it's too short to possibly contain a MAC. - */ - if (orig_len < mac_size || - /* CBC records must have a padding length byte too. */ - (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && - orig_len < mac_size+1)) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); - goto f_err; - } - - if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) - { - /* We update the length so that the TLS header bytes - * can be constructed correctly but we need to extract - * the MAC in constant time from within the record, - * without leaking the contents of the padding bytes. - * */ - mac = mac_tmp; - ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len); - rr->length -= mac_size; - } - else - { - /* In this case there's no padding, so |orig_len| - * equals |rec->length| and we checked that there's - * enough bytes for |mac_size| above. */ - rr->length -= mac_size; - mac = &rr->data[rr->length]; - } - - i=s->method->ssl3_enc->mac(s,md,0 /* not send */); - if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) - enc_err = -1; - if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) - enc_err = -1; - } - - if (enc_err < 0) - { - /* A separate 'decryption_failed' alert was introduced with TLS 1.0, - * SSL 3.0 only has 'bad_record_mac'. But unless a decryption - * failure is directly visible from the ciphertext anyway, - * we should not reveal which kind of error occured -- this - * might become visible to an attacker (e.g. via a logfile) */ - al=SSL_AD_BAD_RECORD_MAC; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); - goto f_err; - } - - /* r->length is now just compressed */ - if (s->expand != NULL) - { - if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra) - { - al=SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); - goto f_err; - } - if (!ssl3_do_uncompress(s)) - { - al=SSL_AD_DECOMPRESSION_FAILURE; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION); - goto f_err; - } - } - - if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra) - { - al=SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG); - goto f_err; - } - - rr->off=0; - /* So at this point the following is true - * ssl->s3->rrec.type is the type of record - * ssl->s3->rrec.length == number of bytes in record - * ssl->s3->rrec.off == offset to first valid byte - * ssl->s3->rrec.data == where to take bytes from, increment - * after use :-). - */ - - /* we have pulled in a full packet so zero things */ - s->packet_length=0; - - /* just read a 0 length packet */ - if (rr->length == 0) - { - empty_record_count++; - if (empty_record_count > MAX_EMPTY_RECORDS) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_RECORD_TOO_SMALL); - goto f_err; - } - goto again; - } - -#if 0 -fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type, rr->length); -#endif - - return(1); - -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); -err: - return(ret); - } - -int ssl3_do_uncompress(SSL *ssl) - { -#ifndef OPENSSL_NO_COMP - int i; - SSL3_RECORD *rr; - - rr= &(ssl->s3->rrec); - i=COMP_expand_block(ssl->expand,rr->comp, - SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length); - if (i < 0) - return(0); - else - rr->length=i; - rr->data=rr->comp; -#endif - return(1); - } - -int ssl3_do_compress(SSL *ssl) - { -#ifndef OPENSSL_NO_COMP - int i; - SSL3_RECORD *wr; - - wr= &(ssl->s3->wrec); - i=COMP_compress_block(ssl->compress,wr->data, - SSL3_RT_MAX_COMPRESSED_LENGTH, - wr->input,(int)wr->length); - if (i < 0) - return(0); - else - wr->length=i; - - wr->input=wr->data; -#endif - return(1); - } - -/* Call this to write data in records of type 'type' - * It will return <= 0 if not all data has been sent or non-blocking IO. - */ -int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) - { - const unsigned char *buf=buf_; - unsigned int n,nw; - int i,tot; - - s->rwstate=SSL_NOTHING; - OPENSSL_assert(s->s3->wnum <= INT_MAX); - tot=s->s3->wnum; - s->s3->wnum=0; - - if (SSL_in_init(s) && !s->in_handshake) - { - i=s->handshake_func(s); - if (i < 0) return(i); - if (i == 0) - { - SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); - return -1; - } - } - - /* ensure that if we end up with a smaller value of data to write - * out than the the original len from a write which didn't complete - * for non-blocking I/O and also somehow ended up avoiding - * the check for this in ssl3_write_pending/SSL_R_BAD_WRITE_RETRY as - * it must never be possible to end up with (len-tot) as a large - * number that will then promptly send beyond the end of the users - * buffer ... so we trap and report the error in a way the user - * will notice - */ - if (len < tot) - { - SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_BAD_LENGTH); - return(-1); - } - - - n=(len-tot); - for (;;) - { - /* max contains the maximum number of bytes that we can put - * into a record. */ - unsigned max = s->max_send_fragment; - /* fragment is true if do_ssl3_write should send the first byte - * in its own record in order to randomise a CBC IV. */ - int fragment = 0; - - if (n > 1 && - s->s3->need_record_splitting && - type == SSL3_RT_APPLICATION_DATA && - !s->s3->record_split_done) - { - fragment = 1; - /* record_split_done records that the splitting has - * been done in case we hit an SSL_WANT_WRITE condition. - * In that case, we don't need to do the split again. */ - s->s3->record_split_done = 1; - } - - if (n > max) - nw=max; - else - nw=n; - - i=do_ssl3_write(s, type, &(buf[tot]), nw, fragment, 0); - if (i <= 0) - { - s->s3->wnum=tot; - /* Try to write the fragment next time. */ - s->s3->record_split_done = 0; - return i; - } - - if ((i == (int)n) || - (type == SSL3_RT_APPLICATION_DATA && - (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) - { - /* next chunk of data should get another prepended, - * one-byte fragment in ciphersuites with known-IV - * weakness. */ - s->s3->record_split_done = 0; - return tot+i; - } - - n-=i; - tot+=i; - } - } - -/* do_ssl3_write writes an SSL record of the given type. If |fragment| is 1 - * then it splits the record into a one byte record and a record with the rest - * of the data in order to randomise a CBC IV. If |is_fragment| is true then - * this call resulted from do_ssl3_write calling itself in order to create that - * one byte fragment. */ -static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, - unsigned int len, char fragment, char is_fragment) - { - unsigned char *p,*plen; - int i,mac_size; - int prefix_len=0; - int eivlen; - long align=0; - SSL3_RECORD *wr; - SSL3_BUFFER *wb=&(s->s3->wbuf); - SSL_SESSION *sess; - - - /* first check if there is a SSL3_BUFFER still being written - * out. This will happen with non blocking IO */ - if (wb->left != 0) - return(ssl3_write_pending(s,type,buf,len)); - - /* If we have an alert to send, lets send it */ - if (s->s3->alert_dispatch) - { - i=s->method->ssl_dispatch_alert(s); - if (i <= 0) - return(i); - /* if it went, fall through and send more stuff */ - } - - if (wb->buf == NULL) - if (!ssl3_setup_write_buffer(s)) - return -1; - - if (len == 0) - return 0; - - wr= &(s->s3->wrec); - sess=s->session; - - if ( (sess == NULL) || - (s->enc_write_ctx == NULL) || - (EVP_MD_CTX_md(s->write_hash) == NULL)) - { - mac_size=0; - } - else - { - mac_size=EVP_MD_CTX_size(s->write_hash); - if (mac_size < 0) - goto err; - } - - if (fragment) - { - /* countermeasure against known-IV weakness in CBC ciphersuites - * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ - prefix_len = do_ssl3_write(s, type, buf, 1 /* length */, - 0 /* fragment */, - 1 /* is_fragment */); - if (prefix_len <= 0) - goto err; - - if (prefix_len > (SSL3_RT_HEADER_LENGTH + - SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) - { - /* insufficient space */ - SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); - goto err; - } - } - - if (is_fragment) - { -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - /* The extra fragment would be couple of cipher blocks, and - * that will be a multiple of SSL3_ALIGN_PAYLOAD. So, if we - * want to align the real payload, we can just pretend that we - * have two headers and a byte. */ - align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH + 1; - align = (-align)&(SSL3_ALIGN_PAYLOAD-1); -#endif - p = wb->buf + align; - wb->offset = align; - } - else if (prefix_len) - { - p = wb->buf + wb->offset + prefix_len; - } - else - { -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - align = (long)wb->buf + SSL3_RT_HEADER_LENGTH; - align = (-align)&(SSL3_ALIGN_PAYLOAD-1); -#endif - p = wb->buf + align; - wb->offset = align; - } - - /* write the header */ - - *(p++)=type&0xff; - wr->type=type; - - *(p++)=(s->version>>8); - /* Some servers hang if iniatial client hello is larger than 256 - * bytes and record version number > TLS 1.0 - */ - if (s->state == SSL3_ST_CW_CLNT_HELLO_B - && !s->renegotiate - && TLS1_get_version(s) > TLS1_VERSION) - *(p++) = 0x1; - else - *(p++)=s->version&0xff; - - /* field where we are to write out packet length */ - plen=p; - p+=2; - /* Explicit IV length, block ciphers and TLS version 1.1 or later */ - if (s->enc_write_ctx && s->version >= TLS1_1_VERSION) - { - int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); - if (mode == EVP_CIPH_CBC_MODE) - { - eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); - if (eivlen <= 1) - eivlen = 0; - } - /* Need explicit part of IV for GCM mode */ - else if (mode == EVP_CIPH_GCM_MODE) - eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN; - else - eivlen = 0; - } - else - eivlen = 0; - - /* lets setup the record stuff. */ - wr->data=p + eivlen; - wr->length=(int)(len - (fragment != 0)); - wr->input=(unsigned char *)buf + (fragment != 0); - - /* we now 'read' from wr->input, wr->length bytes into - * wr->data */ - - /* first we compress */ - if (s->compress != NULL) - { - if (!ssl3_do_compress(s)) - { - SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE); - goto err; - } - } - else - { - memcpy(wr->data,wr->input,wr->length); - wr->input=wr->data; - } - - /* we should still have the output to wr->data and the input - * from wr->input. Length should be wr->length. - * wr->data still points in the wb->buf */ - - if (mac_size != 0) - { - if (s->method->ssl3_enc->mac(s,&(p[wr->length + eivlen]),1) < 0) - goto err; - wr->length+=mac_size; - } - - wr->input=p; - wr->data=p; - - if (eivlen) - { - /* if (RAND_pseudo_bytes(p, eivlen) <= 0) - goto err; */ - wr->length += eivlen; - } - - if(s->method->ssl3_enc->enc(s,1)<1) goto err; - - /* record length after mac and block padding */ - s2n(wr->length,plen); - - /* we should now have - * wr->data pointing to the encrypted data, which is - * wr->length long */ - wr->type=type; /* not needed but helps for debugging */ - wr->length+=SSL3_RT_HEADER_LENGTH; - - if (is_fragment) - { - /* we are in a recursive call; just return the length, don't - * write out anything. */ - return wr->length; - } - - /* now let's set up wb */ - wb->left = prefix_len + wr->length; - - /* memorize arguments so that ssl3_write_pending can detect bad write retries later */ - s->s3->wpend_tot=len; - s->s3->wpend_buf=buf; - s->s3->wpend_type=type; - s->s3->wpend_ret=len; - - /* we now just need to write the buffer */ - return ssl3_write_pending(s,type,buf,len); -err: - return -1; - } - -/* if s->s3->wbuf.left != 0, we need to call this */ -int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, - unsigned int len) - { - int i; - SSL3_BUFFER *wb=&(s->s3->wbuf); - -/* XXXX */ - if ((s->s3->wpend_tot > (int)len) - || ((s->s3->wpend_buf != buf) && - !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) - || (s->s3->wpend_type != type)) - { - SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); - return(-1); - } - - for (;;) - { - clear_sys_error(); - if (s->wbio != NULL) - { - s->rwstate=SSL_WRITING; - i=BIO_write(s->wbio, - (char *)&(wb->buf[wb->offset]), - (unsigned int)wb->left); - } - else - { - SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET); - i= -1; - } - if (i == wb->left) - { - wb->left=0; - wb->offset+=i; - if (s->mode & SSL_MODE_RELEASE_BUFFERS && - SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) - ssl3_release_write_buffer(s); - s->rwstate=SSL_NOTHING; - return(s->s3->wpend_ret); - } - else if (i <= 0) { - if (s->version == DTLS1_VERSION || - s->version == DTLS1_BAD_VER) { - /* For DTLS, just drop it. That's kind of the whole - point in using a datagram service */ - wb->left = 0; - } - return(i); - } - wb->offset+=i; - wb->left-=i; - } - } - -/* Return up to 'len' payload bytes received in 'type' records. - * 'type' is one of the following: - * - * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) - * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us) - * - 0 (during a shutdown, no data has to be returned) - * - * If we don't have stored data to work from, read a SSL/TLS record first - * (possibly multiple records if we still don't have anything to return). - * - * This function must handle any surprises the peer may have for us, such as - * Alert records (e.g. close_notify), ChangeCipherSpec records (not really - * a surprise, but handled as if it were), or renegotiation requests. - * Also if record payloads contain fragments too small to process, we store - * them until there is enough for the respective protocol (the record protocol - * may use arbitrary fragmentation and even interleaving): - * Change cipher spec protocol - * just 1 byte needed, no need for keeping anything stored - * Alert protocol - * 2 bytes needed (AlertLevel, AlertDescription) - * Handshake protocol - * 4 bytes needed (HandshakeType, uint24 length) -- we just have - * to detect unexpected Client Hello and Hello Request messages - * here, anything else is handled by higher layers - * Application data protocol - * none of our business - */ -int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) - { - int al,i,j,ret; - unsigned int n; - SSL3_RECORD *rr; - void (*cb)(const SSL *ssl,int type2,int val)=NULL; - - if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ - if (!ssl3_setup_read_buffer(s)) - return(-1); - - if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE)) || - (peek && (type != SSL3_RT_APPLICATION_DATA))) - { - SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); - return -1; - } - - if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0)) - /* (partially) satisfy request from storage */ - { - unsigned char *src = s->s3->handshake_fragment; - unsigned char *dst = buf; - unsigned int k; - - /* peek == 0 */ - n = 0; - while ((len > 0) && (s->s3->handshake_fragment_len > 0)) - { - *dst++ = *src++; - len--; s->s3->handshake_fragment_len--; - n++; - } - /* move any remaining fragment bytes: */ - for (k = 0; k < s->s3->handshake_fragment_len; k++) - s->s3->handshake_fragment[k] = *src++; - return n; - } - - /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ - - if (!s->in_handshake && SSL_in_init(s)) - { - /* type == SSL3_RT_APPLICATION_DATA */ - i=s->handshake_func(s); - if (i < 0) return(i); - if (i == 0) - { - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); - } - } -start: - s->rwstate=SSL_NOTHING; - - /* s->s3->rrec.type - is the type of record - * s->s3->rrec.data, - data - * s->s3->rrec.off, - offset into 'data' for next read - * s->s3->rrec.length, - number of bytes. */ - rr = &(s->s3->rrec); - - /* get new packet if necessary */ - if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) - { - ret=ssl3_get_record(s); - if (ret <= 0) return(ret); - } - - /* we now have a packet which can be read and processed */ - - if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, - * reset by ssl3_get_finished */ - && (rr->type != SSL3_RT_HANDSHAKE)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); - goto f_err; - } - - /* If the other end has shut down, throw anything we read away - * (even in 'peek' mode) */ - if (s->shutdown & SSL_RECEIVED_SHUTDOWN) - { - rr->length=0; - s->rwstate=SSL_NOTHING; - return(0); - } - - - if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ - { - /* make sure that we are not getting application data when we - * are doing a handshake for the first time */ - if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && - (s->enc_read_ctx == NULL)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE); - goto f_err; - } - - if (len <= 0) return(len); - - if ((unsigned int)len > rr->length) - n = rr->length; - else - n = (unsigned int)len; - - memcpy(buf,&(rr->data[rr->off]),n); - if (!peek) - { - rr->length-=n; - rr->off+=n; - if (rr->length == 0) - { - s->rstate=SSL_ST_READ_HEADER; - rr->off=0; - if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0) - ssl3_release_read_buffer(s); - } - } - return(n); - } - - - /* If we get here, then type != rr->type; if we have a handshake - * message, then it was unexpected (Hello Request or Client Hello). */ - - /* In case of record types for which we have 'fragment' storage, - * fill that so that we can process the data at a fixed place. - */ - { - unsigned int dest_maxlen = 0; - unsigned char *dest = NULL; - unsigned int *dest_len = NULL; - - if (rr->type == SSL3_RT_HANDSHAKE) - { - dest_maxlen = sizeof s->s3->handshake_fragment; - dest = s->s3->handshake_fragment; - dest_len = &s->s3->handshake_fragment_len; - } - else if (rr->type == SSL3_RT_ALERT) - { - dest_maxlen = sizeof s->s3->alert_fragment; - dest = s->s3->alert_fragment; - dest_len = &s->s3->alert_fragment_len; - } -#ifndef OPENSSL_NO_HEARTBEATS - else if (rr->type == TLS1_RT_HEARTBEAT) - { - tls1_process_heartbeat(s); - - /* Exit and notify application to read again */ - rr->length = 0; - s->rwstate=SSL_READING; - BIO_clear_retry_flags(SSL_get_rbio(s)); - BIO_set_retry_read(SSL_get_rbio(s)); - return(-1); - } -#endif - - if (dest_maxlen > 0) - { - n = dest_maxlen - *dest_len; /* available space in 'dest' */ - if (rr->length < n) - n = rr->length; /* available bytes */ - - /* now move 'n' bytes: */ - while (n-- > 0) - { - dest[(*dest_len)++] = rr->data[rr->off++]; - rr->length--; - } - - if (*dest_len < dest_maxlen) - goto start; /* fragment was too small */ - } - } - - /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; - * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT. - * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ - - /* If we are a client, check for an incoming 'Hello Request': */ - if ((!s->server) && - (s->s3->handshake_fragment_len >= 4) && - (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && - (s->session != NULL) && (s->session->cipher != NULL)) - { - s->s3->handshake_fragment_len = 0; - - if ((s->s3->handshake_fragment[1] != 0) || - (s->s3->handshake_fragment[2] != 0) || - (s->s3->handshake_fragment[3] != 0)) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST); - goto f_err; - } - - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg); - - if (SSL_is_init_finished(s) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && - !s->s3->renegotiate) - { - ssl3_renegotiate(s); - if (ssl3_renegotiate_check(s)) - { - i=s->handshake_func(s); - if (i < 0) return(i); - if (i == 0) - { - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); - } - - if (!(s->mode & SSL_MODE_AUTO_RETRY)) - { - if (s->s3->rbuf.left == 0) /* no read-ahead left? */ - { - BIO *bio; - /* In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world */ - s->rwstate=SSL_READING; - bio=SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return(-1); - } - } - } - } - /* we either finished a handshake or ignored the request, - * now try again to obtain the (application) data we were asked for */ - goto start; - } - /* If we are a server and get a client hello when renegotiation isn't - * allowed send back a no renegotiation alert and carry on. - * WARNING: experimental code, needs reviewing (steve) - */ - if (s->server && - SSL_is_init_finished(s) && - !s->s3->send_connection_binding && - (s->version > SSL3_VERSION) && - (s->s3->handshake_fragment_len >= 4) && - (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && - (s->session != NULL) && (s->session->cipher != NULL) && - !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - - { - /*s->s3->handshake_fragment_len = 0;*/ - rr->length = 0; - ssl3_send_alert(s,SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); - goto start; - } - if (s->s3->alert_fragment_len >= 2) - { - int alert_level = s->s3->alert_fragment[0]; - int alert_descr = s->s3->alert_fragment[1]; - - s->s3->alert_fragment_len = 0; - - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg); - - if (s->info_callback != NULL) - cb=s->info_callback; - else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; - - if (cb != NULL) - { - j = (alert_level << 8) | alert_descr; - cb(s, SSL_CB_READ_ALERT, j); - } - - if (alert_level == 1) /* warning */ - { - s->s3->warn_alert = alert_descr; - if (alert_descr == SSL_AD_CLOSE_NOTIFY) - { - s->shutdown |= SSL_RECEIVED_SHUTDOWN; - return(0); - } - /* This is a warning but we receive it if we requested - * renegotiation and the peer denied it. Terminate with - * a fatal alert because if application tried to - * renegotiatie it presumably had a good reason and - * expects it to succeed. - * - * In future we might have a renegotiation where we - * don't care if the peer refused it where we carry on. - */ - else if (alert_descr == SSL_AD_NO_RENEGOTIATION) - { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION); - goto f_err; - } -#ifdef SSL_AD_MISSING_SRP_USERNAME - else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) - return(0); -#endif - } - else if (alert_level == 2) /* fatal */ - { - char tmp[16]; - - s->rwstate=SSL_NOTHING; - s->s3->fatal_alert = alert_descr; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); - BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr); - ERR_add_error_data(2,"SSL alert number ",tmp); - s->shutdown|=SSL_RECEIVED_SHUTDOWN; - SSL_CTX_remove_session(s->ctx,s->session); - return(0); - } - else - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE); - goto f_err; - } - - goto start; - } - - if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */ - { - s->rwstate=SSL_NOTHING; - rr->length=0; - return(0); - } - - if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) - { - /* 'Change Cipher Spec' is just a single byte, so we know - * exactly what the record payload has to look like */ - if ( (rr->length != 1) || (rr->off != 0) || - (rr->data[0] != SSL3_MT_CCS)) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); - goto f_err; - } - - /* Check we have a cipher to change to */ - if (s->s3->tmp.new_cipher == NULL) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY); - goto f_err; - } - - if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY); - goto f_err; - } - - s->s3->flags &= ~SSL3_FLAGS_CCS_OK; - - rr->length=0; - - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg); - - s->s3->change_cipher_spec=1; - if (!ssl3_do_change_cipher_spec(s)) - goto err; - else - goto start; - } - - /* Unexpected handshake message (Client Hello, or protocol violation) */ - if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) - { - if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) - { -#if 0 /* worked only because C operator preferences are not as expected (and - * because this is not really needed for clients except for detecting - * protocol violations): */ - s->state=SSL_ST_BEFORE|(s->server) - ?SSL_ST_ACCEPT - :SSL_ST_CONNECT; -#else - s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; -#endif - s->renegotiate=1; - s->new_session=1; - } - i=s->handshake_func(s); - if (i < 0) return(i); - if (i == 0) - { - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); - } - - if (!(s->mode & SSL_MODE_AUTO_RETRY)) - { - if (s->s3->rbuf.left == 0) /* no read-ahead left? */ - { - BIO *bio; - /* In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world */ - s->rwstate=SSL_READING; - bio=SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return(-1); - } - } - goto start; - } - - switch (rr->type) - { - default: -#ifndef OPENSSL_NO_TLS - /* TLS up to v1.1 just ignores unknown message types: - * TLS v1.2 give an unexpected message alert. - */ - if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) - { - rr->length = 0; - goto start; - } -#endif - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); - goto f_err; - case SSL3_RT_CHANGE_CIPHER_SPEC: - case SSL3_RT_ALERT: - case SSL3_RT_HANDSHAKE: - /* we already handled all of these, with the possible exception - * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that - * should not happen when type != rr->type */ - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR); - goto f_err; - case SSL3_RT_APPLICATION_DATA: - /* At this point, we were expecting handshake data, - * but have application data. If the library was - * running inside ssl3_read() (i.e. in_read_app_data - * is set) and it makes sense to read application data - * at this point (session renegotiation not yet started), - * we will indulge it. - */ - if (s->s3->in_read_app_data && - (s->s3->total_renegotiations != 0) && - (( - (s->state & SSL_ST_CONNECT) && - (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && - (s->state <= SSL3_ST_CR_SRVR_HELLO_A) - ) || ( - (s->state & SSL_ST_ACCEPT) && - (s->state <= SSL3_ST_SW_HELLO_REQ_A) && - (s->state >= SSL3_ST_SR_CLNT_HELLO_A) - ) - )) - { - s->s3->in_read_app_data=2; - return(-1); - } - else - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); - goto f_err; - } - } - /* not reached */ - -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); -err: - return(-1); - } - -int ssl3_do_change_cipher_spec(SSL *s) - { - int i; - const char *sender; - int slen; - - if (s->state & SSL_ST_ACCEPT) - i=SSL3_CHANGE_CIPHER_SERVER_READ; - else - i=SSL3_CHANGE_CIPHER_CLIENT_READ; - - if (s->s3->tmp.key_block == NULL) - { - if (s->session == NULL || s->session->master_key_length == 0) - { - /* might happen if dtls1_read_bytes() calls this */ - SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); - return (0); - } - - s->session->cipher=s->s3->tmp.new_cipher; - if (!s->method->ssl3_enc->setup_key_block(s)) return(0); - } - - if (!s->method->ssl3_enc->change_cipher_state(s,i)) - return(0); - - /* we have to record the message digest at - * this point so we can get it before we read - * the finished message */ - if (s->state & SSL_ST_CONNECT) - { - sender=s->method->ssl3_enc->server_finished_label; - slen=s->method->ssl3_enc->server_finished_label_len; - } - else - { - sender=s->method->ssl3_enc->client_finished_label; - slen=s->method->ssl3_enc->client_finished_label_len; - } - - i = s->method->ssl3_enc->final_finish_mac(s, - sender,slen,s->s3->tmp.peer_finish_md); - if (i == 0) - { - SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); - return 0; - } - s->s3->tmp.peer_finish_md_len = i; - - return(1); - } - -int ssl3_send_alert(SSL *s, int level, int desc) - { - /* Map tls/ssl alert value to correct one */ - desc=s->method->ssl3_enc->alert_value(desc); - if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) - desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */ - if (desc < 0) return -1; - /* If a fatal one, remove from cache */ - if ((level == 2) && (s->session != NULL)) - SSL_CTX_remove_session(s->ctx,s->session); - - s->s3->alert_dispatch=1; - s->s3->send_alert[0]=level; - s->s3->send_alert[1]=desc; - if (s->s3->wbuf.left == 0) /* data still being written out? */ - return s->method->ssl_dispatch_alert(s); - /* else data is still being written out, we will get written - * some time in the future */ - return -1; - } - -int ssl3_dispatch_alert(SSL *s) - { - int i,j; - void (*cb)(const SSL *ssl,int type,int val)=NULL; - - s->s3->alert_dispatch=0; - i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0, 0); - if (i <= 0) - { - s->s3->alert_dispatch=1; - } - else - { - /* Alert sent to BIO. If it is important, flush it now. - * If the message does not get sent due to non-blocking IO, - * we will not worry too much. */ - if (s->s3->send_alert[0] == SSL3_AL_FATAL) - (void)BIO_flush(s->wbio); - - if (s->msg_callback) - s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg); - - if (s->info_callback != NULL) - cb=s->info_callback; - else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; - - if (cb != NULL) - { - j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; - cb(s,SSL_CB_WRITE_ALERT,j); - } - } - return(i); - } diff --git a/main/openssl/ssl/s3_srvr.c b/main/openssl/ssl/s3_srvr.c deleted file mode 100644 index ac3d213d..00000000 --- a/main/openssl/ssl/s3_srvr.c +++ /dev/null @@ -1,3901 +0,0 @@ -/* ssl/s3_srvr.c -*- mode:C; c-file-style: "eay" -*- */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * ECC cipher suite support in OpenSSL originally written by - * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. - * - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#define REUSE_CIPHER_BUG -#define NETSCAPE_HANG_BUG - -#include <stdio.h> -#include "ssl_locl.h" -#include "kssl_lcl.h" -#include "../crypto/constant_time_locl.h" -#include <openssl/buffer.h> -#include <openssl/rand.h> -#include <openssl/objects.h> -#include <openssl/ec.h> -#include <openssl/ecdsa.h> -#include <openssl/evp.h> -#include <openssl/hmac.h> -#include <openssl/sha.h> -#include <openssl/x509.h> -#ifndef OPENSSL_NO_DH -#include <openssl/dh.h> -#endif -#include <openssl/bn.h> -#ifndef OPENSSL_NO_KRB5 -#include <openssl/krb5_asn.h> -#endif -#include <openssl/md5.h> - -#ifndef OPENSSL_NO_SSL3_METHOD -static const SSL_METHOD *ssl3_get_server_method(int ver); - -static const SSL_METHOD *ssl3_get_server_method(int ver) - { - if (ver == SSL3_VERSION) - return(SSLv3_server_method()); - else - return(NULL); - } - -IMPLEMENT_ssl3_meth_func(SSLv3_server_method, - ssl3_accept, - ssl_undefined_function, - ssl3_get_server_method) -#endif - -#ifndef OPENSSL_NO_SRP -static int ssl_check_srp_ext_ClientHello(SSL *s, int *al) - { - int ret = SSL_ERROR_NONE; - - *al = SSL_AD_UNRECOGNIZED_NAME; - - if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) && - (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) - { - if(s->srp_ctx.login == NULL) - { - /* RFC 5054 says SHOULD reject, - we do so if There is no srp login name */ - ret = SSL3_AL_FATAL; - *al = SSL_AD_UNKNOWN_PSK_IDENTITY; - } - else - { - ret = SSL_srp_server_param_with_username(s,al); - } - } - return ret; - } -#endif - -int ssl3_accept(SSL *s) - { - BUF_MEM *buf; - unsigned long alg_k,Time=(unsigned long)time(NULL); - unsigned long alg_a; - void (*cb)(const SSL *ssl,int type,int val)=NULL; - int ret= -1; - int new_state,state,skip=0; - - RAND_add(&Time,sizeof(Time),0); - ERR_clear_error(); - clear_sys_error(); - - if (s->info_callback != NULL) - cb=s->info_callback; - else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; - - /* init things to blank */ - s->in_handshake++; - if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); - - if (s->cert == NULL) - { - SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET); - return(-1); - } - -#ifndef OPENSSL_NO_HEARTBEATS - /* If we're awaiting a HeartbeatResponse, pretend we - * already got and don't await it anymore, because - * Heartbeats don't make sense during handshakes anyway. - */ - if (s->tlsext_hb_pending) - { - s->tlsext_hb_pending = 0; - s->tlsext_hb_seq++; - } -#endif - - for (;;) - { - state=s->state; - - switch (s->state) - { - case SSL_ST_RENEGOTIATE: - s->renegotiate=1; - /* s->state=SSL_ST_ACCEPT; */ - - case SSL_ST_BEFORE: - case SSL_ST_ACCEPT: - case SSL_ST_BEFORE|SSL_ST_ACCEPT: - case SSL_ST_OK|SSL_ST_ACCEPT: - - s->server=1; - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); - - if ((s->version>>8) != 3) - { - SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); - return -1; - } - s->type=SSL_ST_ACCEPT; - - if (s->init_buf == NULL) - { - if ((buf=BUF_MEM_new()) == NULL) - { - ret= -1; - goto end; - } - if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) - { - BUF_MEM_free(buf); - ret= -1; - goto end; - } - s->init_buf=buf; - } - - if (!ssl3_setup_buffers(s)) - { - ret= -1; - goto end; - } - - s->init_num=0; - s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE; - s->s3->flags &= ~SSL3_FLAGS_CCS_OK; - /* Should have been reset by ssl3_get_finished, too. */ - s->s3->change_cipher_spec = 0; - - if (s->state != SSL_ST_RENEGOTIATE) - { - /* Ok, we now need to push on a buffering BIO so that - * the output is sent in a way that TCP likes :-) - */ - if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; } - - ssl3_init_finished_mac(s); - s->state=SSL3_ST_SR_CLNT_HELLO_A; - s->ctx->stats.sess_accept++; - } - else if (!s->s3->send_connection_binding && - !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - { - /* Server attempting to renegotiate with - * client that doesn't support secure - * renegotiation. - */ - SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); - ret = -1; - goto end; - } - else - { - /* s->state == SSL_ST_RENEGOTIATE, - * we will just send a HelloRequest */ - s->ctx->stats.sess_accept_renegotiate++; - s->state=SSL3_ST_SW_HELLO_REQ_A; - } - break; - - case SSL3_ST_SW_HELLO_REQ_A: - case SSL3_ST_SW_HELLO_REQ_B: - - s->shutdown=0; - ret=ssl3_send_hello_request(s); - if (ret <= 0) goto end; - s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C; - s->state=SSL3_ST_SW_FLUSH; - s->init_num=0; - - ssl3_init_finished_mac(s); - break; - - case SSL3_ST_SW_HELLO_REQ_C: - s->state=SSL_ST_OK; - break; - - case SSL3_ST_SR_CLNT_HELLO_A: - case SSL3_ST_SR_CLNT_HELLO_B: - case SSL3_ST_SR_CLNT_HELLO_C: - - s->shutdown=0; - if (s->rwstate != SSL_X509_LOOKUP) - { - ret=ssl3_get_client_hello(s); - if (ret <= 0) goto end; - } -#ifndef OPENSSL_NO_SRP - { - int al; - if ((ret = ssl_check_srp_ext_ClientHello(s,&al)) < 0) - { - /* callback indicates firther work to be done */ - s->rwstate=SSL_X509_LOOKUP; - goto end; - } - if (ret != SSL_ERROR_NONE) - { - ssl3_send_alert(s,SSL3_AL_FATAL,al); - /* This is not really an error but the only means to - for a client to detect whether srp is supported. */ - if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY) - SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLSEXT); - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - ret= -1; - goto end; - } - } -#endif - - s->renegotiate = 2; - s->state=SSL3_ST_SW_SRVR_HELLO_A; - s->init_num=0; - break; - - case SSL3_ST_SW_SRVR_HELLO_A: - case SSL3_ST_SW_SRVR_HELLO_B: - ret=ssl3_send_server_hello(s); - if (ret <= 0) goto end; -#ifndef OPENSSL_NO_TLSEXT - if (s->hit) - { - if (s->tlsext_ticket_expected) - s->state=SSL3_ST_SW_SESSION_TICKET_A; - else - s->state=SSL3_ST_SW_CHANGE_A; - } -#else - if (s->hit) - s->state=SSL3_ST_SW_CHANGE_A; -#endif - else - s->state=SSL3_ST_SW_CERT_A; - s->init_num=0; - break; - - case SSL3_ST_SW_CERT_A: - case SSL3_ST_SW_CERT_B: - /* Check if it is anon DH or anon ECDH, */ - /* non-RSA PSK or KRB5 or SRP */ - if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aKRB5|SSL_aSRP)) - /* Among PSK ciphersuites only RSA_PSK uses server certificate */ - && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK && - !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kRSA))) - { - ret=ssl3_send_server_certificate(s); - if (ret <= 0) goto end; -#ifndef OPENSSL_NO_TLSEXT - if (s->tlsext_status_expected) - s->state=SSL3_ST_SW_CERT_STATUS_A; - else - s->state=SSL3_ST_SW_KEY_EXCH_A; - } - else - { - skip = 1; - s->state=SSL3_ST_SW_KEY_EXCH_A; - } -#else - } - else - skip=1; - - s->state=SSL3_ST_SW_KEY_EXCH_A; -#endif - s->init_num=0; - break; - - case SSL3_ST_SW_KEY_EXCH_A: - case SSL3_ST_SW_KEY_EXCH_B: - alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - alg_a = s->s3->tmp.new_cipher->algorithm_auth; - - /* - * clear this, it may get reset by - * send_server_key_exchange - */ - s->s3->tmp.use_rsa_tmp=0; - - - /* only send if a DH key exchange, fortezza or - * RSA but we have a sign only certificate - * - * PSK: may send PSK identity hints - * - * For ECC ciphersuites, we send a serverKeyExchange - * message only if the cipher suite is either - * ECDH-anon or ECDHE. In other cases, the - * server certificate contains the server's - * public key for key exchange. - */ - if (0 - /* PSK: send ServerKeyExchange if either: - * - PSK identity hint is provided, or - * - the key exchange is kEECDH. - */ -#ifndef OPENSSL_NO_PSK - || ((alg_a & SSL_aPSK) && ((alg_k & SSL_kEECDH) || s->session->psk_identity_hint)) -#endif -#ifndef OPENSSL_NO_SRP - /* SRP: send ServerKeyExchange */ - || (alg_k & SSL_kSRP) -#endif - || (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH)) - || (alg_k & SSL_kEECDH) - || ((alg_k & SSL_kRSA) - && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL - || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) - && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher) - ) - ) - ) - ) - { - ret=ssl3_send_server_key_exchange(s); - if (ret <= 0) goto end; - } - else - skip=1; - - s->state=SSL3_ST_SW_CERT_REQ_A; - s->init_num=0; - break; - - case SSL3_ST_SW_CERT_REQ_A: - case SSL3_ST_SW_CERT_REQ_B: - if (/* don't request cert unless asked for it: */ - !(s->verify_mode & SSL_VERIFY_PEER) || - /* if SSL_VERIFY_CLIENT_ONCE is set, - * don't request cert during re-negotiation: */ - ((s->session->peer != NULL) && - (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || - /* never request cert in anonymous ciphersuites - * (see section "Certificate request" in SSL 3 drafts - * and in RFC 2246): */ - ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && - /* ... except when the application insists on verification - * (against the specs, but s3_clnt.c accepts this for SSL 3) */ - !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || - /* never request cert in Kerberos ciphersuites */ - (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) || - /* don't request certificate for SRP auth */ - (s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP) - /* With normal PSK Certificates and - * Certificate Requests are omitted */ - || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) - { - /* no cert request */ - skip=1; - s->s3->tmp.cert_request=0; - s->state=SSL3_ST_SW_SRVR_DONE_A; - if (s->s3->handshake_buffer) - if (!ssl3_digest_cached_records(s)) - return -1; - } - else - { - s->s3->tmp.cert_request=1; - ret=ssl3_send_certificate_request(s); - if (ret <= 0) goto end; -#ifndef NETSCAPE_HANG_BUG - s->state=SSL3_ST_SW_SRVR_DONE_A; -#else - s->state=SSL3_ST_SW_FLUSH; - s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; -#endif - s->init_num=0; - } - break; - - case SSL3_ST_SW_SRVR_DONE_A: - case SSL3_ST_SW_SRVR_DONE_B: - ret=ssl3_send_server_done(s); - if (ret <= 0) goto end; - s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; - s->state=SSL3_ST_SW_FLUSH; - s->init_num=0; - break; - - case SSL3_ST_SW_FLUSH: - - /* This code originally checked to see if - * any data was pending using BIO_CTRL_INFO - * and then flushed. This caused problems - * as documented in PR#1939. The proposed - * fix doesn't completely resolve this issue - * as buggy implementations of BIO_CTRL_PENDING - * still exist. So instead we just flush - * unconditionally. - */ - - s->rwstate=SSL_WRITING; - if (BIO_flush(s->wbio) <= 0) - { - ret= -1; - goto end; - } - s->rwstate=SSL_NOTHING; - - s->state=s->s3->tmp.next_state; - break; - - case SSL3_ST_SR_CERT_A: - case SSL3_ST_SR_CERT_B: - /* Check for second client hello (MS SGC) */ - ret = ssl3_check_client_hello(s); - if (ret <= 0) - goto end; - if (ret == 2) - s->state = SSL3_ST_SR_CLNT_HELLO_C; - else { - if (s->s3->tmp.cert_request) - { - ret=ssl3_get_client_certificate(s); - if (ret <= 0) goto end; - } - s->init_num=0; - s->state=SSL3_ST_SR_KEY_EXCH_A; - } - break; - - case SSL3_ST_SR_KEY_EXCH_A: - case SSL3_ST_SR_KEY_EXCH_B: - ret=ssl3_get_client_key_exchange(s); - if (ret <= 0) - goto end; - if (ret == 2) - { - /* For the ECDH ciphersuites when - * the client sends its ECDH pub key in - * a certificate, the CertificateVerify - * message is not sent. - * Also for GOST ciphersuites when - * the client uses its key from the certificate - * for key exchange. - */ - s->init_num = 0; - s->state=SSL3_ST_SR_POST_CLIENT_CERT; - } - else if (TLS1_get_version(s) >= TLS1_2_VERSION) - { - s->state=SSL3_ST_SR_CERT_VRFY_A; - s->init_num=0; - if (!s->session->peer) - break; - /* For TLS v1.2 freeze the handshake buffer - * at this point and digest cached records. - */ - if (!s->s3->handshake_buffer) - { - SSLerr(SSL_F_SSL3_ACCEPT,ERR_R_INTERNAL_ERROR); - return -1; - } - s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; - if (!ssl3_digest_cached_records(s)) - return -1; - } - else - { - int offset=0; - int dgst_num; - - s->state=SSL3_ST_SR_CERT_VRFY_A; - s->init_num=0; - - /* We need to get hashes here so if there is - * a client cert, it can be verified - * FIXME - digest processing for CertificateVerify - * should be generalized. But it is next step - */ - if (s->s3->handshake_buffer) - if (!ssl3_digest_cached_records(s)) - return -1; - for (dgst_num=0; dgst_num<SSL_MAX_DIGEST;dgst_num++) - if (s->s3->handshake_dgst[dgst_num]) - { - int dgst_size; - - s->method->ssl3_enc->cert_verify_mac(s,EVP_MD_CTX_type(s->s3->handshake_dgst[dgst_num]),&(s->s3->tmp.cert_verify_md[offset])); - dgst_size=EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]); - if (dgst_size < 0) - { - ret = -1; - goto end; - } - offset+=dgst_size; - } - } - break; - - case SSL3_ST_SR_CERT_VRFY_A: - case SSL3_ST_SR_CERT_VRFY_B: - /* - * This *should* be the first time we enable CCS, but be - * extra careful about surrounding code changes. We need - * to set this here because we don't know if we're - * expecting a CertificateVerify or not. - */ - if (!s->s3->change_cipher_spec) - s->s3->flags |= SSL3_FLAGS_CCS_OK; - /* we should decide if we expected this one */ - ret=ssl3_get_cert_verify(s); - if (ret <= 0) goto end; - - s->state=SSL3_ST_SR_POST_CLIENT_CERT; - s->init_num=0; - break; - - case SSL3_ST_SR_POST_CLIENT_CERT: { - char next_proto_neg = 0; - char channel_id = 0; -#if !defined(OPENSSL_NO_TLSEXT) -# if !defined(OPENSSL_NO_NEXTPROTONEG) - next_proto_neg = s->s3->next_proto_neg_seen; -# endif - channel_id = s->s3->tlsext_channel_id_valid; -#endif - - if (next_proto_neg) - s->state=SSL3_ST_SR_NEXT_PROTO_A; - else if (channel_id) - s->state=SSL3_ST_SR_CHANNEL_ID_A; - else - s->state=SSL3_ST_SR_FINISHED_A; - break; - } - -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) - case SSL3_ST_SR_NEXT_PROTO_A: - case SSL3_ST_SR_NEXT_PROTO_B: - /* - * Enable CCS for resumed handshakes with NPN. - * In a full handshake with NPN, we end up here through - * SSL3_ST_SR_CERT_VRFY_B, where SSL3_FLAGS_CCS_OK was - * already set. Receiving a CCS clears the flag, so make - * sure not to re-enable it to ban duplicates. - * s->s3->change_cipher_spec is set when a CCS is - * processed in s3_pkt.c, and remains set until - * the client's Finished message is read. - */ - if (!s->s3->change_cipher_spec) - s->s3->flags |= SSL3_FLAGS_CCS_OK; - - ret=ssl3_get_next_proto(s); - if (ret <= 0) goto end; - s->init_num = 0; - if (s->s3->tlsext_channel_id_valid) - s->state=SSL3_ST_SR_CHANNEL_ID_A; - else - s->state=SSL3_ST_SR_FINISHED_A; - break; -#endif - -#if !defined(OPENSSL_NO_TLSEXT) - case SSL3_ST_SR_CHANNEL_ID_A: - case SSL3_ST_SR_CHANNEL_ID_B: - ret=ssl3_get_channel_id(s); - if (ret <= 0) goto end; - s->init_num = 0; - s->state=SSL3_ST_SR_FINISHED_A; - break; -#endif - - case SSL3_ST_SR_FINISHED_A: - case SSL3_ST_SR_FINISHED_B: - /* - * Enable CCS for resumed handshakes without NPN. - * In a full handshake, we end up here through - * SSL3_ST_SR_CERT_VRFY_B, where SSL3_FLAGS_CCS_OK was - * already set. Receiving a CCS clears the flag, so make - * sure not to re-enable it to ban duplicates. - * s->s3->change_cipher_spec is set when a CCS is - * processed in s3_pkt.c, and remains set until - * the client's Finished message is read. - */ - if (!s->s3->change_cipher_spec) - s->s3->flags |= SSL3_FLAGS_CCS_OK; - ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, - SSL3_ST_SR_FINISHED_B); - if (ret <= 0) goto end; - if (s->hit) - s->state=SSL_ST_OK; -#ifndef OPENSSL_NO_TLSEXT - else if (s->tlsext_ticket_expected) - s->state=SSL3_ST_SW_SESSION_TICKET_A; -#endif - else - s->state=SSL3_ST_SW_CHANGE_A; - /* If this is a full handshake with ChannelID then - * record the hashshake hashes in |s->session| in case - * we need them to verify a ChannelID signature on a - * resumption of this session in the future. */ - if (!s->hit && s->s3->tlsext_channel_id_new) - { - ret = tls1_record_handshake_hashes_for_channel_id(s); - if (ret <= 0) goto end; - } - s->init_num=0; - break; - -#ifndef OPENSSL_NO_TLSEXT - case SSL3_ST_SW_SESSION_TICKET_A: - case SSL3_ST_SW_SESSION_TICKET_B: - ret=ssl3_send_newsession_ticket(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_SW_CHANGE_A; - s->init_num=0; - break; - - case SSL3_ST_SW_CERT_STATUS_A: - case SSL3_ST_SW_CERT_STATUS_B: - ret=ssl3_send_cert_status(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_SW_KEY_EXCH_A; - s->init_num=0; - break; - -#endif - - case SSL3_ST_SW_CHANGE_A: - case SSL3_ST_SW_CHANGE_B: - - s->session->cipher=s->s3->tmp.new_cipher; - if (!s->method->ssl3_enc->setup_key_block(s)) - { ret= -1; goto end; } - - ret=ssl3_send_change_cipher_spec(s, - SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B); - - if (ret <= 0) goto end; - s->state=SSL3_ST_SW_FINISHED_A; - s->init_num=0; - - if (!s->method->ssl3_enc->change_cipher_state(s, - SSL3_CHANGE_CIPHER_SERVER_WRITE)) - { - ret= -1; - goto end; - } - - break; - - case SSL3_ST_SW_FINISHED_A: - case SSL3_ST_SW_FINISHED_B: - ret=ssl3_send_finished(s, - SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B, - s->method->ssl3_enc->server_finished_label, - s->method->ssl3_enc->server_finished_label_len); - if (ret <= 0) goto end; - s->state=SSL3_ST_SW_FLUSH; - if (s->hit) - s->s3->tmp.next_state=SSL3_ST_SR_POST_CLIENT_CERT; - else - s->s3->tmp.next_state=SSL_ST_OK; - s->init_num=0; - break; - - case SSL_ST_OK: - /* clean a few things up */ - ssl3_cleanup_key_block(s); - - BUF_MEM_free(s->init_buf); - s->init_buf=NULL; - - /* remove buffering on output */ - ssl_free_wbio_buffer(s); - - s->init_num=0; - - if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */ - { - s->renegotiate=0; - s->new_session=0; - - ssl_update_cache(s,SSL_SESS_CACHE_SERVER); - - s->ctx->stats.sess_accept_good++; - /* s->server=1; */ - s->handshake_func=ssl3_accept; - - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); - } - - ret = 1; - goto end; - /* break; */ - - default: - SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE); - ret= -1; - goto end; - /* break; */ - } - - if (!s->s3->tmp.reuse_message && !skip) - { - if (s->debug) - { - if ((ret=BIO_flush(s->wbio)) <= 0) - goto end; - } - - - if ((cb != NULL) && (s->state != state)) - { - new_state=s->state; - s->state=state; - cb(s,SSL_CB_ACCEPT_LOOP,1); - s->state=new_state; - } - } - skip=0; - } -end: - /* BIO_flush(s->wbio); */ - - s->in_handshake--; - if (cb != NULL) - cb(s,SSL_CB_ACCEPT_EXIT,ret); - return(ret); - } - -int ssl3_send_hello_request(SSL *s) - { - unsigned char *p; - - if (s->state == SSL3_ST_SW_HELLO_REQ_A) - { - p=(unsigned char *)s->init_buf->data; - *(p++)=SSL3_MT_HELLO_REQUEST; - *(p++)=0; - *(p++)=0; - *(p++)=0; - - s->state=SSL3_ST_SW_HELLO_REQ_B; - /* number of bytes to write */ - s->init_num=4; - s->init_off=0; - } - - /* SSL3_ST_SW_HELLO_REQ_B */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); - } - -int ssl3_check_client_hello(SSL *s) - { - int ok; - long n; - - /* this function is called when we really expect a Certificate message, - * so permit appropriate message length */ - n=s->method->ssl_get_message(s, - SSL3_ST_SR_CERT_A, - SSL3_ST_SR_CERT_B, - -1, - s->max_cert_list, - &ok); - if (!ok) return((int)n); - s->s3->tmp.reuse_message = 1; - if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) - { - /* We only allow the client to restart the handshake once per - * negotiation. */ - if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) - { - SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS); - return -1; - } - /* Throw away what we have done so far in the current handshake, - * which will now be aborted. (A full SSL_clear would be too much.) */ -#ifndef OPENSSL_NO_DH - if (s->s3->tmp.dh != NULL) - { - DH_free(s->s3->tmp.dh); - s->s3->tmp.dh = NULL; - } -#endif -#ifndef OPENSSL_NO_ECDH - if (s->s3->tmp.ecdh != NULL) - { - EC_KEY_free(s->s3->tmp.ecdh); - s->s3->tmp.ecdh = NULL; - } -#endif - s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE; - return 2; - } - return 1; -} - -int ssl3_get_client_hello(SSL *s) - { - int i,j,ok,al,ret= -1; - unsigned int cookie_len; - long n; - unsigned long id; - unsigned char *p,*d,*q; - SSL_CIPHER *c; -#ifndef OPENSSL_NO_COMP - SSL_COMP *comp=NULL; -#endif - STACK_OF(SSL_CIPHER) *ciphers=NULL; - - /* We do this so that we will respond with our native type. - * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, - * This down switching should be handled by a different method. - * If we are SSLv3, we will respond with SSLv3, even if prompted with - * TLSv1. - */ - if (s->state == SSL3_ST_SR_CLNT_HELLO_A - ) - { - s->state=SSL3_ST_SR_CLNT_HELLO_B; - } - s->first_packet=1; - n=s->method->ssl_get_message(s, - SSL3_ST_SR_CLNT_HELLO_B, - SSL3_ST_SR_CLNT_HELLO_C, - SSL3_MT_CLIENT_HELLO, - SSL3_RT_MAX_PLAIN_LENGTH, - &ok); - - if (!ok) return((int)n); - s->first_packet=0; - d=p=(unsigned char *)s->init_msg; - - /* use version from inside client hello, not from record header - * (may differ: see RFC 2246, Appendix E, second paragraph) */ - s->client_version=(((int)p[0])<<8)|(int)p[1]; - p+=2; - - if ((s->version == DTLS1_VERSION && s->client_version > s->version) || - (s->version != DTLS1_VERSION && s->client_version < s->version)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); - if ((s->client_version>>8) == SSL3_VERSION_MAJOR && - !s->enc_write_ctx && !s->write_hash) - { - /* similar to ssl3_get_record, send alert using remote version number */ - s->version = s->client_version; - } - al = SSL_AD_PROTOCOL_VERSION; - goto f_err; - } - - /* If we require cookies and this ClientHello doesn't - * contain one, just return since we do not want to - * allocate any memory yet. So check cookie length... - */ - if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) - { - unsigned int session_length, cookie_length; - - session_length = *(p + SSL3_RANDOM_SIZE); - cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1); - - if (cookie_length == 0) - return 1; - } - - /* load the client random */ - memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE); - p+=SSL3_RANDOM_SIZE; - - /* get the session-id */ - j= *(p++); - - s->hit=0; - /* Versions before 0.9.7 always allow clients to resume sessions in renegotiation. - * 0.9.7 and later allow this by default, but optionally ignore resumption requests - * with flag SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag rather - * than a change to default behavior so that applications relying on this for security - * won't even compile against older library versions). - * - * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() to request - * renegotiation but not a new session (s->new_session remains unset): for servers, - * this essentially just means that the SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION - * setting will be ignored. - */ - if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) - { - if (!s->session_creation_enabled) - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED); - goto err; - } - if (!ssl_get_new_session(s,1)) - goto err; - } - else - { - i=ssl_get_prev_session(s, p, j, d + n); - /* - * Only resume if the session's version matches the negotiated - * version. - * RFC 5246 does not provide much useful advice on resumption - * with a different protocol version. It doesn't forbid it but - * the sanity of such behaviour would be questionable. - * In practice, clients do not accept a version mismatch and - * will abort the handshake with an error. - */ - if (i == 1 && s->version == s->session->ssl_version) - { /* previous session */ - s->hit=1; - } - else if (i == -1) - goto err; - else /* i == 0 */ - { - if (!s->session_creation_enabled) - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED); - goto err; - } - if (!ssl_get_new_session(s,1)) - goto err; - } - } - - p+=j; - - if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) - { - /* cookie stuff */ - cookie_len = *(p++); - - /* - * The ClientHello may contain a cookie even if the - * HelloVerify message has not been sent--make sure that it - * does not cause an overflow. - */ - if ( cookie_len > sizeof(s->d1->rcvd_cookie)) - { - /* too much data */ - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); - goto f_err; - } - - /* verify the cookie if appropriate option is set. */ - if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && - cookie_len > 0) - { - memcpy(s->d1->rcvd_cookie, p, cookie_len); - - if ( s->ctx->app_verify_cookie_cb != NULL) - { - if ( s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie, - cookie_len) == 0) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, - SSL_R_COOKIE_MISMATCH); - goto f_err; - } - /* else cookie verification succeeded */ - } - else if ( memcmp(s->d1->rcvd_cookie, s->d1->cookie, - s->d1->cookie_len) != 0) /* default verification */ - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, - SSL_R_COOKIE_MISMATCH); - goto f_err; - } - - ret = 2; - } - - p += cookie_len; - } - - n2s(p,i); - if ((i == 0) && (j != 0)) - { - /* we need a cipher if we are not resuming a session */ - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED); - goto f_err; - } - if ((p+i) >= (d+n)) - { - /* not enough data */ - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH); - goto f_err; - } - if ((i > 0) && (ssl_bytes_to_cipher_list(s,p,i,&(ciphers)) - == NULL)) - { - goto err; - } - p+=i; - - /* If it is a hit, check that the cipher is in the list */ - if ((s->hit) && (i > 0)) - { - j=0; - id=s->session->cipher->id; - -#ifdef CIPHER_DEBUG - fprintf(stderr,"client sent %d ciphers\n",sk_SSL_CIPHER_num(ciphers)); -#endif - for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++) - { - c=sk_SSL_CIPHER_value(ciphers,i); -#ifdef CIPHER_DEBUG - fprintf(stderr,"client [%2d of %2d]:%s\n", - i,sk_SSL_CIPHER_num(ciphers), - SSL_CIPHER_get_name(c)); -#endif - if (c->id == id) - { - j=1; - break; - } - } -/* Disabled because it can be used in a ciphersuite downgrade - * attack: CVE-2010-4180. - */ -#if 0 - if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) - { - /* Special case as client bug workaround: the previously used cipher may - * not be in the current list, the client instead might be trying to - * continue using a cipher that before wasn't chosen due to server - * preferences. We'll have to reject the connection if the cipher is not - * enabled, though. */ - c = sk_SSL_CIPHER_value(ciphers, 0); - if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0) - { - s->session->cipher = c; - j = 1; - } - } -#endif - if (j == 0) - { - /* we need to have the cipher in the cipher - * list if we are asked to reuse it */ - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING); - goto f_err; - } - } - - /* compression */ - i= *(p++); - if ((p+i) > (d+n)) - { - /* not enough data */ - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH); - goto f_err; - } - q=p; - for (j=0; j<i; j++) - { - if (p[j] == 0) break; - } - - p+=i; - if (j >= i) - { - /* no compress */ - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_COMPRESSION_SPECIFIED); - goto f_err; - } - -#ifndef OPENSSL_NO_TLSEXT - /* TLS extensions*/ - if (s->version >= SSL3_VERSION) - { - if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al)) - { - /* 'al' set by ssl_parse_clienthello_tlsext */ - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT); - goto f_err; - } - } - if (ssl_check_clienthello_tlsext_early(s) <= 0) { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); - goto err; - } - - /* Check if we want to use external pre-shared secret for this - * handshake for not reused session only. We need to generate - * server_random before calling tls_session_secret_cb in order to allow - * SessionTicket processing to use it in key derivation. */ - { - unsigned char *pos; - pos=s->s3->server_random; - if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE) <= 0) - { - al=SSL_AD_INTERNAL_ERROR; - goto f_err; - } - } - - if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) - { - SSL_CIPHER *pref_cipher=NULL; - - s->session->master_key_length=sizeof(s->session->master_key); - if(s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length, - ciphers, &pref_cipher, s->tls_session_secret_cb_arg)) - { - s->hit=1; - s->session->ciphers=ciphers; - s->session->verify_result=X509_V_OK; - - ciphers=NULL; - - /* check if some cipher was preferred by call back */ - pref_cipher=pref_cipher ? pref_cipher : ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s)); - if (pref_cipher == NULL) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER); - goto f_err; - } - - s->session->cipher=pref_cipher; - - if (s->cipher_list) - sk_SSL_CIPHER_free(s->cipher_list); - - if (s->cipher_list_by_id) - sk_SSL_CIPHER_free(s->cipher_list_by_id); - - s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers); - s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers); - } - } -#endif - - /* Worst case, we will use the NULL compression, but if we have other - * options, we will now look for them. We have i-1 compression - * algorithms from the client, starting at q. */ - s->s3->tmp.new_compression=NULL; -#ifndef OPENSSL_NO_COMP - /* This only happens if we have a cache hit */ - if (s->session->compress_meth != 0) - { - int m, comp_id = s->session->compress_meth; - /* Perform sanity checks on resumed compression algorithm */ - /* Can't disable compression */ - if (s->options & SSL_OP_NO_COMPRESSION) - { - al=SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION); - goto f_err; - } - /* Look for resumed compression method */ - for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) - { - comp=sk_SSL_COMP_value(s->ctx->comp_methods,m); - if (comp_id == comp->id) - { - s->s3->tmp.new_compression=comp; - break; - } - } - if (s->s3->tmp.new_compression == NULL) - { - al=SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INVALID_COMPRESSION_ALGORITHM); - goto f_err; - } - /* Look for resumed method in compression list */ - for (m = 0; m < i; m++) - { - if (q[m] == comp_id) - break; - } - if (m >= i) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING); - goto f_err; - } - } - else if (s->hit) - comp = NULL; - else if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods) - { /* See if we have a match */ - int m,nn,o,v,done=0; - - nn=sk_SSL_COMP_num(s->ctx->comp_methods); - for (m=0; m<nn; m++) - { - comp=sk_SSL_COMP_value(s->ctx->comp_methods,m); - v=comp->id; - for (o=0; o<i; o++) - { - if (v == q[o]) - { - done=1; - break; - } - } - if (done) break; - } - if (done) - s->s3->tmp.new_compression=comp; - else - comp=NULL; - } -#else - /* If compression is disabled we'd better not try to resume a session - * using compression. - */ - if (s->session->compress_meth != 0) - { - al=SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION); - goto f_err; - } -#endif - - /* Given s->session->ciphers and SSL_get_ciphers, we must - * pick a cipher */ - - if (!s->hit) - { -#ifdef OPENSSL_NO_COMP - s->session->compress_meth=0; -#else - s->session->compress_meth=(comp == NULL)?0:comp->id; -#endif - if (s->session->ciphers != NULL) - sk_SSL_CIPHER_free(s->session->ciphers); - s->session->ciphers=ciphers; - if (ciphers == NULL) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED); - goto f_err; - } - ciphers=NULL; - c=ssl3_choose_cipher(s,s->session->ciphers, - SSL_get_ciphers(s)); - - if (c == NULL) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER); - goto f_err; - } - s->s3->tmp.new_cipher=c; - } - else - { - /* Session-id reuse */ -#ifdef REUSE_CIPHER_BUG - STACK_OF(SSL_CIPHER) *sk; - SSL_CIPHER *nc=NULL; - SSL_CIPHER *ec=NULL; - - if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) - { - sk=s->session->ciphers; - for (i=0; i<sk_SSL_CIPHER_num(sk); i++) - { - c=sk_SSL_CIPHER_value(sk,i); - if (c->algorithm_enc & SSL_eNULL) - nc=c; - if (SSL_C_IS_EXPORT(c)) - ec=c; - } - if (nc != NULL) - s->s3->tmp.new_cipher=nc; - else if (ec != NULL) - s->s3->tmp.new_cipher=ec; - else - s->s3->tmp.new_cipher=s->session->cipher; - } - else -#endif - s->s3->tmp.new_cipher=s->session->cipher; - } - - if (TLS1_get_version(s) < TLS1_2_VERSION || !(s->verify_mode & SSL_VERIFY_PEER)) - { - if (!ssl3_digest_cached_records(s)) - { - al = SSL_AD_INTERNAL_ERROR; - goto f_err; - } - } - - /* we now have the following setup. - * client_random - * cipher_list - our prefered list of ciphers - * ciphers - the clients prefered list of ciphers - * compression - basically ignored right now - * ssl version is set - sslv3 - * s->session - The ssl session has been setup. - * s->hit - session reuse flag - * s->tmp.new_cipher - the new cipher to use. - */ - - /* Handles TLS extensions that we couldn't check earlier */ - if (s->version >= SSL3_VERSION) - { - if (ssl_check_clienthello_tlsext_late(s) <= 0) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); - goto err; - } - } - - if (ret < 0) ret=1; - if (0) - { -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - } -err: - if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers); - return(ret); - } - -int ssl3_send_server_hello(SSL *s) - { - unsigned char *buf; - unsigned char *p,*d; - int i,sl; - unsigned long l; - - if (s->state == SSL3_ST_SW_SRVR_HELLO_A) - { - /* We only accept ChannelIDs on connections with ECDHE in order - * to avoid a known attack while we fix ChannelID itself. */ - if (s->s3 && - s->s3->tlsext_channel_id_valid && - (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kEECDH) == 0) - s->s3->tlsext_channel_id_valid = 0; - - /* If this is a resumption and the original handshake didn't - * support ChannelID then we didn't record the original - * handshake hashes in the session and so cannot resume with - * ChannelIDs. */ - if (s->hit && - s->s3->tlsext_channel_id_new && - s->session->original_handshake_hash_len == 0) - s->s3->tlsext_channel_id_valid = 0; - - buf=(unsigned char *)s->init_buf->data; -#ifdef OPENSSL_NO_TLSEXT - p=s->s3->server_random; - if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) - return -1; -#endif - /* Do the message type and length last */ - d=p= &(buf[4]); - - *(p++)=s->version>>8; - *(p++)=s->version&0xff; - - /* Random stuff */ - memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); - p+=SSL3_RANDOM_SIZE; - - /* There are several cases for the session ID to send - * back in the server hello: - * - For session reuse from the session cache, - * we send back the old session ID. - * - If stateless session reuse (using a session ticket) - * is successful, we send back the client's "session ID" - * (which doesn't actually identify the session). - * - If it is a new session, we send back the new - * session ID. - * - However, if we want the new session to be single-use, - * we send back a 0-length session ID. - * s->hit is non-zero in either case of session reuse, - * so the following won't overwrite an ID that we're supposed - * to send back. - */ - if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) - && !s->hit) - s->session->session_id_length=0; - - sl=s->session->session_id_length; - if (sl > (int)sizeof(s->session->session_id)) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); - return -1; - } - *(p++)=sl; - memcpy(p,s->session->session_id,sl); - p+=sl; - - /* put the cipher */ - i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p); - p+=i; - - /* put the compression method */ -#ifdef OPENSSL_NO_COMP - *(p++)=0; -#else - if (s->s3->tmp.new_compression == NULL) - *(p++)=0; - else - *(p++)=s->s3->tmp.new_compression->id; -#endif -#ifndef OPENSSL_NO_TLSEXT - if (ssl_prepare_serverhello_tlsext(s) <= 0) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT); - return -1; - } - if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR); - return -1; - } -#endif - /* do the header */ - l=(p-d); - d=buf; - *(d++)=SSL3_MT_SERVER_HELLO; - l2n3(l,d); - - s->state=SSL3_ST_SW_SRVR_HELLO_B; - /* number of bytes to write */ - s->init_num=p-buf; - s->init_off=0; - } - - /* SSL3_ST_SW_SRVR_HELLO_B */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); - } - -int ssl3_send_server_done(SSL *s) - { - unsigned char *p; - - if (s->state == SSL3_ST_SW_SRVR_DONE_A) - { - p=(unsigned char *)s->init_buf->data; - - /* do the header */ - *(p++)=SSL3_MT_SERVER_DONE; - *(p++)=0; - *(p++)=0; - *(p++)=0; - - s->state=SSL3_ST_SW_SRVR_DONE_B; - /* number of bytes to write */ - s->init_num=4; - s->init_off=0; - } - - /* SSL3_ST_SW_SRVR_DONE_B */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); - } - -int ssl3_send_server_key_exchange(SSL *s) - { -#ifndef OPENSSL_NO_RSA - unsigned char *q; - int j,num; - RSA *rsa; - unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; - unsigned int u; -#endif -#ifndef OPENSSL_NO_DH - DH *dh=NULL,*dhp; -#endif -#ifndef OPENSSL_NO_ECDH - EC_KEY *ecdh=NULL, *ecdhp; - unsigned char *encodedPoint = NULL; - int encodedlen = 0; - int curve_id = 0; - BN_CTX *bn_ctx = NULL; -#endif -#ifndef OPENSSL_NO_PSK - const char* psk_identity_hint; - size_t psk_identity_hint_len; -#endif - EVP_PKEY *pkey; - const EVP_MD *md = NULL; - unsigned char *p,*d; - int al,i; - unsigned long alg_k; - unsigned long alg_a; - int n; - CERT *cert; - BIGNUM *r[4]; - int nr[4],kn; - BUF_MEM *buf; - EVP_MD_CTX md_ctx; - - EVP_MD_CTX_init(&md_ctx); - if (s->state == SSL3_ST_SW_KEY_EXCH_A) - { - alg_k=s->s3->tmp.new_cipher->algorithm_mkey; - alg_a=s->s3->tmp.new_cipher->algorithm_auth; - cert=s->cert; - - buf=s->init_buf; - - r[0]=r[1]=r[2]=r[3]=NULL; - n=0; -#ifndef OPENSSL_NO_PSK - if (alg_a & SSL_aPSK) - { - /* size for PSK identity hint */ - psk_identity_hint = s->session->psk_identity_hint; - if (psk_identity_hint) - psk_identity_hint_len = strlen(psk_identity_hint); - else - psk_identity_hint_len = 0; - n+=2+psk_identity_hint_len; - } -#endif /* !OPENSSL_NO_PSK */ -#ifndef OPENSSL_NO_RSA - if (alg_k & SSL_kRSA) - { - rsa=cert->rsa_tmp; - if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) - { - rsa=s->cert->rsa_tmp_cb(s, - SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), - SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); - if(rsa == NULL) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY); - goto f_err; - } - RSA_up_ref(rsa); - cert->rsa_tmp=rsa; - } - if (rsa == NULL) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY); - goto f_err; - } - r[0]=rsa->n; - r[1]=rsa->e; - s->s3->tmp.use_rsa_tmp=1; - } -#endif -#ifndef OPENSSL_NO_DH - else if (alg_k & SSL_kEDH) - { - dhp=cert->dh_tmp; - if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) - dhp=s->cert->dh_tmp_cb(s, - SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), - SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); - if (dhp == NULL) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY); - goto f_err; - } - - if (s->s3->tmp.dh != NULL) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); - goto err; - } - - if ((dh=DHparams_dup(dhp)) == NULL) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB); - goto err; - } - - s->s3->tmp.dh=dh; - if ((dhp->pub_key == NULL || - dhp->priv_key == NULL || - (s->options & SSL_OP_SINGLE_DH_USE))) - { - if(!DH_generate_key(dh)) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, - ERR_R_DH_LIB); - goto err; - } - } - else - { - dh->pub_key=BN_dup(dhp->pub_key); - dh->priv_key=BN_dup(dhp->priv_key); - if ((dh->pub_key == NULL) || - (dh->priv_key == NULL)) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB); - goto err; - } - } - r[0]=dh->p; - r[1]=dh->g; - r[2]=dh->pub_key; - } -#endif -#ifndef OPENSSL_NO_ECDH - else if (alg_k & SSL_kEECDH) - { - const EC_GROUP *group; - - ecdhp=cert->ecdh_tmp; - if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) - { - ecdhp=s->cert->ecdh_tmp_cb(s, - SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), - SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); - } - if (ecdhp == NULL) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY); - goto f_err; - } - - if (s->s3->tmp.ecdh != NULL) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); - goto err; - } - - /* Duplicate the ECDH structure. */ - if (ecdhp == NULL) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); - goto err; - } - if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); - goto err; - } - - s->s3->tmp.ecdh=ecdh; - if ((EC_KEY_get0_public_key(ecdh) == NULL) || - (EC_KEY_get0_private_key(ecdh) == NULL) || - (s->options & SSL_OP_SINGLE_ECDH_USE)) - { - if(!EC_KEY_generate_key(ecdh)) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); - goto err; - } - } - - if (((group = EC_KEY_get0_group(ecdh)) == NULL) || - (EC_KEY_get0_public_key(ecdh) == NULL) || - (EC_KEY_get0_private_key(ecdh) == NULL)) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); - goto err; - } - - if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && - (EC_GROUP_get_degree(group) > 163)) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER); - goto err; - } - - /* XXX: For now, we only support ephemeral ECDH - * keys over named (not generic) curves. For - * supported named curves, curve_id is non-zero. - */ - if ((curve_id = - tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group))) - == 0) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); - goto err; - } - - /* Encode the public key. - * First check the size of encoding and - * allocate memory accordingly. - */ - encodedlen = EC_POINT_point2oct(group, - EC_KEY_get0_public_key(ecdh), - POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, NULL); - - encodedPoint = (unsigned char *) - OPENSSL_malloc(encodedlen*sizeof(unsigned char)); - bn_ctx = BN_CTX_new(); - if ((encodedPoint == NULL) || (bn_ctx == NULL)) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); - goto err; - } - - - encodedlen = EC_POINT_point2oct(group, - EC_KEY_get0_public_key(ecdh), - POINT_CONVERSION_UNCOMPRESSED, - encodedPoint, encodedlen, bn_ctx); - - if (encodedlen == 0) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); - goto err; - } - - BN_CTX_free(bn_ctx); bn_ctx=NULL; - - /* XXX: For now, we only support named (not - * generic) curves in ECDH ephemeral key exchanges. - * In this situation, we need four additional bytes - * to encode the entire ServerECDHParams - * structure. - */ - n += 4 + encodedlen; - - /* We'll generate the serverKeyExchange message - * explicitly so we can set these to NULLs - */ - r[0]=NULL; - r[1]=NULL; - r[2]=NULL; - r[3]=NULL; - } -#endif /* !OPENSSL_NO_ECDH */ -#ifndef OPENSSL_NO_SRP - else if (alg_k & SSL_kSRP) - { - if ((s->srp_ctx.N == NULL) || - (s->srp_ctx.g == NULL) || - (s->srp_ctx.s == NULL) || - (s->srp_ctx.B == NULL)) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_SRP_PARAM); - goto err; - } - r[0]=s->srp_ctx.N; - r[1]=s->srp_ctx.g; - r[2]=s->srp_ctx.s; - r[3]=s->srp_ctx.B; - } -#endif - else if (!(alg_k & SSL_kPSK)) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); - goto f_err; - } - for (i=0; i < 4 && r[i] != NULL; i++) - { - nr[i]=BN_num_bytes(r[i]); -#ifndef OPENSSL_NO_SRP - if ((i == 2) && (alg_k & SSL_kSRP)) - n+=1+nr[i]; - else -#endif - n+=2+nr[i]; - } - - if (!(alg_a & (SSL_aNULL|SSL_aSRP)) - /* Among PSK ciphersuites only RSA uses a certificate */ - && !((alg_a & SSL_aPSK) && !(alg_k & SSL_kRSA))) - { - if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher,&md)) - == NULL) - { - al=SSL_AD_DECODE_ERROR; - goto f_err; - } - kn=EVP_PKEY_size(pkey); - } - else - { - pkey=NULL; - kn=0; - } - - if (!BUF_MEM_grow_clean(buf,n+4+kn)) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF); - goto err; - } - d=(unsigned char *)s->init_buf->data; - p= &(d[4]); - - for (i=0; i < 4 && r[i] != NULL; i++) - { -#ifndef OPENSSL_NO_SRP - if ((i == 2) && (alg_k & SSL_kSRP)) - { - *p = nr[i]; - p++; - } - else -#endif - s2n(nr[i],p); - BN_bn2bin(r[i],p); - p+=nr[i]; - } - -/* Note: ECDHE PSK ciphersuites use SSL_kEECDH and SSL_aPSK. - * When one of them is used, the server key exchange record needs to have both - * the psk_identity_hint and the ServerECDHParams. */ -#ifndef OPENSSL_NO_PSK - if (alg_a & SSL_aPSK) - { - /* copy PSK identity hint (if provided) */ - s2n(psk_identity_hint_len, p); - if (psk_identity_hint_len > 0) - { - memcpy(p, psk_identity_hint, psk_identity_hint_len); - p+=psk_identity_hint_len; - } - } -#endif /* OPENSSL_NO_PSK */ - -#ifndef OPENSSL_NO_ECDH - if (alg_k & SSL_kEECDH) - { - /* XXX: For now, we only support named (not generic) curves. - * In this situation, the serverKeyExchange message has: - * [1 byte CurveType], [2 byte CurveName] - * [1 byte length of encoded point], followed by - * the actual encoded point itself - */ - *p = NAMED_CURVE_TYPE; - p += 1; - *p = 0; - p += 1; - *p = curve_id; - p += 1; - *p = encodedlen; - p += 1; - memcpy((unsigned char*)p, - (unsigned char *)encodedPoint, - encodedlen); - OPENSSL_free(encodedPoint); - encodedPoint = NULL; - p += encodedlen; - } -#endif /* OPENSSL_NO_ECDH */ - - /* not anonymous */ - if (pkey != NULL) - { - /* n is the length of the params, they start at &(d[4]) - * and p points to the space at the end. */ -#ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA - && TLS1_get_version(s) < TLS1_2_VERSION) - { - q=md_buf; - j=0; - for (num=2; num > 0; num--) - { - EVP_MD_CTX_set_flags(&md_ctx, - EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_DigestInit_ex(&md_ctx,(num == 2) - ?s->ctx->md5:s->ctx->sha1, NULL); - EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx,&(d[4]),n); - EVP_DigestFinal_ex(&md_ctx,q, - (unsigned int *)&i); - q+=i; - j+=i; - } - if (RSA_sign(NID_md5_sha1, md_buf, j, - &(p[2]), &u, pkey->pkey.rsa) <= 0) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA); - goto err; - } - s2n(u,p); - n+=u+2; - } - else -#endif /* OPENSSL_NO_RSA */ - if (md) - { - /* For TLS1.2 and later send signature - * algorithm */ - if (TLS1_get_version(s) >= TLS1_2_VERSION) - { - if (!tls12_get_sigandhash(p, pkey, md)) - { - /* Should never happen */ - al=SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); - goto f_err; - } - p+=2; - } -#ifdef SSL_DEBUG - fprintf(stderr, "Using hash %s\n", - EVP_MD_name(md)); -#endif - EVP_SignInit_ex(&md_ctx, md, NULL); - EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); - EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); - EVP_SignUpdate(&md_ctx,&(d[4]),n); - if (!EVP_SignFinal(&md_ctx,&(p[2]), - (unsigned int *)&i,pkey)) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_EVP); - goto err; - } - s2n(i,p); - n+=i+2; - if (TLS1_get_version(s) >= TLS1_2_VERSION) - n+= 2; - } - else - { - /* Is this error check actually needed? */ - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE); - goto f_err; - } - } - - *(d++)=SSL3_MT_SERVER_KEY_EXCHANGE; - l2n3(n,d); - - /* we should now have things packed up, so lets send - * it off */ - s->init_num=n+4; - s->init_off=0; - } - - s->state = SSL3_ST_SW_KEY_EXCH_B; - EVP_MD_CTX_cleanup(&md_ctx); - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); -err: -#ifndef OPENSSL_NO_ECDH - if (encodedPoint != NULL) OPENSSL_free(encodedPoint); - BN_CTX_free(bn_ctx); -#endif - EVP_MD_CTX_cleanup(&md_ctx); - return(-1); - } - -int ssl3_send_certificate_request(SSL *s) - { - unsigned char *p,*d; - int i,j,nl,off,n; - STACK_OF(X509_NAME) *sk=NULL; - X509_NAME *name; - BUF_MEM *buf; - - if (s->state == SSL3_ST_SW_CERT_REQ_A) - { - buf=s->init_buf; - - d=p=(unsigned char *)&(buf->data[4]); - - /* get the list of acceptable cert types */ - p++; - n=ssl3_get_req_cert_type(s,p); - d[0]=n; - p+=n; - n++; - - if (TLS1_get_version(s) >= TLS1_2_VERSION) - { - nl = tls12_get_req_sig_algs(s, p + 2); - s2n(nl, p); - p += nl + 2; - n += nl + 2; - } - - off=n; - p+=2; - n+=2; - - sk=SSL_get_client_CA_list(s); - nl=0; - if (sk != NULL) - { - for (i=0; i<sk_X509_NAME_num(sk); i++) - { - name=sk_X509_NAME_value(sk,i); - j=i2d_X509_NAME(name,NULL); - if (!BUF_MEM_grow_clean(buf,4+n+j+2)) - { - SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB); - goto err; - } - p=(unsigned char *)&(buf->data[4+n]); - if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) - { - s2n(j,p); - i2d_X509_NAME(name,&p); - n+=2+j; - nl+=2+j; - } - else - { - d=p; - i2d_X509_NAME(name,&p); - j-=2; s2n(j,d); j+=2; - n+=j; - nl+=j; - } - } - } - /* else no CA names */ - p=(unsigned char *)&(buf->data[4+off]); - s2n(nl,p); - - d=(unsigned char *)buf->data; - *(d++)=SSL3_MT_CERTIFICATE_REQUEST; - l2n3(n,d); - - /* we should now have things packed up, so lets send - * it off */ - - s->init_num=n+4; - s->init_off=0; -#ifdef NETSCAPE_HANG_BUG - if (!BUF_MEM_grow_clean(buf, s->init_num + 4)) - { - SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB); - goto err; - } - p=(unsigned char *)s->init_buf->data + s->init_num; - - /* do the header */ - *(p++)=SSL3_MT_SERVER_DONE; - *(p++)=0; - *(p++)=0; - *(p++)=0; - s->init_num += 4; -#endif - - s->state = SSL3_ST_SW_CERT_REQ_B; - } - - /* SSL3_ST_SW_CERT_REQ_B */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); -err: - return(-1); - } - -int ssl3_get_client_key_exchange(SSL *s) - { - int i,al,ok; - long n; - unsigned long alg_k; - unsigned long alg_a; - unsigned char *p; -#ifndef OPENSSL_NO_RSA - RSA *rsa=NULL; - EVP_PKEY *pkey=NULL; -#endif -#ifndef OPENSSL_NO_DH - BIGNUM *pub=NULL; - DH *dh_srvr; -#endif -#ifndef OPENSSL_NO_KRB5 - KSSL_ERR kssl_err; -#endif /* OPENSSL_NO_KRB5 */ - -#ifndef OPENSSL_NO_ECDH - EC_KEY *srvr_ecdh = NULL; - EVP_PKEY *clnt_pub_pkey = NULL; - EC_POINT *clnt_ecpoint = NULL; - BN_CTX *bn_ctx = NULL; -#ifndef OPENSSL_NO_PSK - unsigned int psk_len = 0; - unsigned char psk[PSK_MAX_PSK_LEN]; -#endif /* OPENSSL_NO_PSK */ -#endif - - n=s->method->ssl_get_message(s, - SSL3_ST_SR_KEY_EXCH_A, - SSL3_ST_SR_KEY_EXCH_B, - SSL3_MT_CLIENT_KEY_EXCHANGE, - 2048, /* ??? */ - &ok); - - if (!ok) return((int)n); - p=(unsigned char *)s->init_msg; - - alg_k=s->s3->tmp.new_cipher->algorithm_mkey; - alg_a=s->s3->tmp.new_cipher->algorithm_auth; - -#ifndef OPENSSL_NO_PSK - if (alg_a & SSL_aPSK) - { - unsigned char *t = NULL; - unsigned char pre_ms[PSK_MAX_PSK_LEN*2+4]; - unsigned int pre_ms_len = 0; - int psk_err = 1; - char tmp_id[PSK_MAX_IDENTITY_LEN+1]; - - al=SSL_AD_HANDSHAKE_FAILURE; - - n2s(p, i); - if (n != i+2 && !(alg_k & SSL_kEECDH)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_LENGTH_MISMATCH); - goto psk_err; - } - if (i > PSK_MAX_IDENTITY_LEN) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto psk_err; - } - if (s->psk_server_callback == NULL) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_PSK_NO_SERVER_CB); - goto psk_err; - } - - /* Create guaranteed NUL-terminated identity - * string for the callback */ - memcpy(tmp_id, p, i); - memset(tmp_id+i, 0, PSK_MAX_IDENTITY_LEN+1-i); - psk_len = s->psk_server_callback(s, tmp_id, psk, sizeof(psk)); - - if (psk_len > PSK_MAX_PSK_LEN) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto psk_err; - } - else if (psk_len == 0) - { - /* PSK related to the given identity not found */ - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_PSK_IDENTITY_NOT_FOUND); - al=SSL_AD_UNKNOWN_PSK_IDENTITY; - goto psk_err; - } - if (!(alg_k & SSL_kEECDH)) - { - /* Create the shared secret now if we're not using ECDHE-PSK.*/ - pre_ms_len=2+psk_len+2+psk_len; - t = pre_ms; - s2n(psk_len, t); - memset(t, 0, psk_len); - t+=psk_len; - s2n(psk_len, t); - memcpy(t, psk, psk_len); - - s->session->master_key_length= - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, pre_ms, pre_ms_len); - } - if (s->session->psk_identity != NULL) - OPENSSL_free(s->session->psk_identity); - s->session->psk_identity = BUF_strdup(tmp_id); - OPENSSL_cleanse(tmp_id, PSK_MAX_IDENTITY_LEN+1); - if (s->session->psk_identity == NULL) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); - goto psk_err; - } - - p += i; - n -= (i + 2); - psk_err = 0; - psk_err: - OPENSSL_cleanse(pre_ms, sizeof(pre_ms)); - if (psk_err != 0) - goto f_err; - } -#endif /* OPENSSL_NO_PSK */ - if (0) {} -#ifndef OPENSSL_NO_RSA - if (alg_k & SSL_kRSA) - { - unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH]; - int decrypt_len; - unsigned char decrypt_good, version_good; - size_t j; - - /* FIX THIS UP EAY EAY EAY EAY */ - if (s->s3->tmp.use_rsa_tmp) - { - if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL)) - rsa=s->cert->rsa_tmp; - /* Don't do a callback because rsa_tmp should - * be sent already */ - if (rsa == NULL) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_PKEY); - goto f_err; - - } - } - else - { - pkey=s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey; - if ( (pkey == NULL) || - (pkey->type != EVP_PKEY_RSA) || - (pkey->pkey.rsa == NULL)) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_RSA_CERTIFICATE); - goto f_err; - } - rsa=pkey->pkey.rsa; - } - - /* TLS and [incidentally] DTLS{0xFEFF} */ - if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) - { - n2s(p,i); - if (n != i+2) - { - if (!(s->options & SSL_OP_TLS_D5_BUG)) - { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG); - goto f_err; - } - else - p-=2; - } - else - n=i; - } - - /* - * Reject overly short RSA ciphertext because we want to be sure - * that the buffer size makes it safe to iterate over the entire - * size of a premaster secret (SSL_MAX_MASTER_KEY_LENGTH). The - * actual expected size is larger due to RSA padding, but the - * bound is sufficient to be safe. - */ - if (n < SSL_MAX_MASTER_KEY_LENGTH) - { - al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG); - goto f_err; - } - - /* We must not leak whether a decryption failure occurs because - * of Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see - * RFC 2246, section 7.4.7.1). The code follows that advice of - * the TLS RFC and generates a random premaster secret for the - * case that the decrypt fails. See - * https://tools.ietf.org/html/rfc5246#section-7.4.7.1 */ - - /* should be RAND_bytes, but we cannot work around a failure. */ - if (RAND_pseudo_bytes(rand_premaster_secret, - sizeof(rand_premaster_secret)) <= 0) - goto err; - decrypt_len = RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); - ERR_clear_error(); - - /* decrypt_len should be SSL_MAX_MASTER_KEY_LENGTH. - * decrypt_good will be 0xff if so and zero otherwise. */ - decrypt_good = constant_time_eq_int_8(decrypt_len, SSL_MAX_MASTER_KEY_LENGTH); - - /* If the version in the decrypted pre-master secret is correct - * then version_good will be 0xff, otherwise it'll be zero. - * The Klima-Pokorny-Rosa extension of Bleichenbacher's attack - * (http://eprint.iacr.org/2003/052/) exploits the version - * number check as a "bad version oracle". Thus version checks - * are done in constant time and are treated like any other - * decryption error. */ - version_good = constant_time_eq_8(p[0], (unsigned)(s->client_version>>8)); - version_good &= constant_time_eq_8(p[1], (unsigned)(s->client_version&0xff)); - - /* The premaster secret must contain the same version number as - * the ClientHello to detect version rollback attacks - * (strangely, the protocol does not offer such protection for - * DH ciphersuites). However, buggy clients exist that send the - * negotiated protocol version instead if the server does not - * support the requested protocol version. If - * SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */ - if (s->options & SSL_OP_TLS_ROLLBACK_BUG) - { - unsigned char workaround_good; - workaround_good = constant_time_eq_8(p[0], (unsigned)(s->version>>8)); - workaround_good &= constant_time_eq_8(p[1], (unsigned)(s->version&0xff)); - version_good |= workaround_good; - } - - /* Both decryption and version must be good for decrypt_good - * to remain non-zero (0xff). */ - decrypt_good &= version_good; - - /* - * Now copy rand_premaster_secret over from p using - * decrypt_good_mask. If decryption failed, then p does not - * contain valid plaintext, however, a check above guarantees - * it is still sufficiently large to read from. - */ - for (j = 0; j < sizeof(rand_premaster_secret); j++) - { - p[j] = constant_time_select_8(decrypt_good, p[j], - rand_premaster_secret[j]); - } - - s->session->master_key_length= - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, - p,sizeof(rand_premaster_secret)); - OPENSSL_cleanse(p,sizeof(rand_premaster_secret)); - } -#endif -#ifndef OPENSSL_NO_DH - else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) - { - n2s(p,i); - if (n != i+2) - { - if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); - goto err; - } - else - { - p-=2; - i=(int)n; - } - } - - if (n == 0L) /* the parameters are in the cert */ - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_DECODE_DH_CERTS); - goto f_err; - } - else - { - if (s->s3->tmp.dh == NULL) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY); - goto f_err; - } - else - dh_srvr=s->s3->tmp.dh; - } - - pub=BN_bin2bn(p,i,NULL); - if (pub == NULL) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BN_LIB); - goto err; - } - - i=DH_compute_key(p,pub,dh_srvr); - - if (i <= 0) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); - BN_clear_free(pub); - goto err; - } - - DH_free(s->s3->tmp.dh); - s->s3->tmp.dh=NULL; - - BN_clear_free(pub); - pub=NULL; - s->session->master_key_length= - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key,p,i); - OPENSSL_cleanse(p,i); - } -#endif -#ifndef OPENSSL_NO_KRB5 - else if (alg_k & SSL_kKRB5) - { - krb5_error_code krb5rc; - krb5_data enc_ticket; - krb5_data authenticator; - krb5_data enc_pms; - KSSL_CTX *kssl_ctx = s->kssl_ctx; - EVP_CIPHER_CTX ciph_ctx; - const EVP_CIPHER *enc = NULL; - unsigned char iv[EVP_MAX_IV_LENGTH]; - unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH - + EVP_MAX_BLOCK_LENGTH]; - int padl, outl; - krb5_timestamp authtime = 0; - krb5_ticket_times ttimes; - - EVP_CIPHER_CTX_init(&ciph_ctx); - - if (!kssl_ctx) kssl_ctx = kssl_ctx_new(); - - n2s(p,i); - enc_ticket.length = i; - - if (n < (long)(enc_ticket.length + 6)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - - enc_ticket.data = (char *)p; - p+=enc_ticket.length; - - n2s(p,i); - authenticator.length = i; - - if (n < (long)(enc_ticket.length + authenticator.length + 6)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - - authenticator.data = (char *)p; - p+=authenticator.length; - - n2s(p,i); - enc_pms.length = i; - enc_pms.data = (char *)p; - p+=enc_pms.length; - - /* Note that the length is checked again below, - ** after decryption - */ - if(enc_pms.length > sizeof pms) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - - if (n != (long)(enc_ticket.length + authenticator.length + - enc_pms.length + 6)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - - if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes, - &kssl_err)) != 0) - { -#ifdef KSSL_DEBUG - fprintf(stderr,"kssl_sget_tkt rtn %d [%d]\n", - krb5rc, kssl_err.reason); - if (kssl_err.text) - fprintf(stderr,"kssl_err text= %s\n", kssl_err.text); -#endif /* KSSL_DEBUG */ - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - kssl_err.reason); - goto err; - } - - /* Note: no authenticator is not considered an error, - ** but will return authtime == 0. - */ - if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator, - &authtime, &kssl_err)) != 0) - { -#ifdef KSSL_DEBUG - fprintf(stderr,"kssl_check_authent rtn %d [%d]\n", - krb5rc, kssl_err.reason); - if (kssl_err.text) - fprintf(stderr,"kssl_err text= %s\n", kssl_err.text); -#endif /* KSSL_DEBUG */ - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - kssl_err.reason); - goto err; - } - - if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc); - goto err; - } - -#ifdef KSSL_DEBUG - kssl_ctx_show(kssl_ctx); -#endif /* KSSL_DEBUG */ - - enc = kssl_map_enc(kssl_ctx->enctype); - if (enc == NULL) - goto err; - - memset(iv, 0, sizeof iv); /* per RFC 1510 */ - - if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DECRYPTION_FAILED); - goto err; - } - if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl, - (unsigned char *)enc_pms.data, enc_pms.length)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DECRYPTION_FAILED); - goto err; - } - if (outl > SSL_MAX_MASTER_KEY_LENGTH) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DECRYPTION_FAILED); - goto err; - } - outl += padl; - if (outl > SSL_MAX_MASTER_KEY_LENGTH) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - if (!((pms[0] == (s->client_version>>8)) && (pms[1] == (s->client_version & 0xff)))) - { - /* The premaster secret must contain the same version number as the - * ClientHello to detect version rollback attacks (strangely, the - * protocol does not offer such protection for DH ciphersuites). - * However, buggy clients exist that send random bytes instead of - * the protocol version. - * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. - * (Perhaps we should have a separate BUG value for the Kerberos cipher) - */ - if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_AD_DECODE_ERROR); - goto err; - } - } - - EVP_CIPHER_CTX_cleanup(&ciph_ctx); - - s->session->master_key_length= - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, pms, outl); - - if (kssl_ctx->client_princ) - { - size_t len = strlen(kssl_ctx->client_princ); - if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) - { - s->session->krb5_client_princ_len = len; - memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len); - } - } - - - /* Was doing kssl_ctx_free() here, - ** but it caused problems for apache. - ** kssl_ctx = kssl_ctx_free(kssl_ctx); - ** if (s->kssl_ctx) s->kssl_ctx = NULL; - */ - } -#endif /* OPENSSL_NO_KRB5 */ -#ifndef OPENSSL_NO_ECDH - else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) - { - int ret = 1; - int field_size = 0; - const EC_KEY *tkey; - const EC_GROUP *group; - const BIGNUM *priv_key; -#ifndef OPENSSL_NO_PSK - unsigned char *pre_ms; - unsigned int pre_ms_len; - unsigned char *t; -#endif /* OPENSSL_NO_PSK */ - - /* initialize structures for server's ECDH key pair */ - if ((srvr_ecdh = EC_KEY_new()) == NULL) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); - goto err; - } - - /* Let's get server private key and group information */ - if (alg_k & (SSL_kECDHr|SSL_kECDHe)) - { - /* use the certificate */ - tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec; - } - else - { - /* use the ephermeral values we saved when - * generating the ServerKeyExchange msg. - */ - tkey = s->s3->tmp.ecdh; - } - - group = EC_KEY_get0_group(tkey); - priv_key = EC_KEY_get0_private_key(tkey); - - if (!EC_KEY_set_group(srvr_ecdh, group) || - !EC_KEY_set_private_key(srvr_ecdh, priv_key)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - ERR_R_EC_LIB); - goto err; - } - - /* Let's get client's public key */ - if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); - goto err; - } - - if (n == 0L) - { - /* Client Publickey was in Client Certificate */ - - if (alg_k & SSL_kEECDH) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY); - goto f_err; - } - if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer)) - == NULL) || - (clnt_pub_pkey->type != EVP_PKEY_EC)) - { - /* XXX: For now, we do not support client - * authentication using ECDH certificates - * so this branch (n == 0L) of the code is - * never executed. When that support is - * added, we ought to ensure the key - * received in the certificate is - * authorized for key agreement. - * ECDH_compute_key implicitly checks that - * the two ECDH shares are for the same - * group. - */ - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_UNABLE_TO_DECODE_ECDH_CERTS); - goto f_err; - } - - if (EC_POINT_copy(clnt_ecpoint, - EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) == 0) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - ERR_R_EC_LIB); - goto err; - } - ret = 2; /* Skip certificate verify processing */ - } - else - { - /* Get client's public key from encoded point - * in the ClientKeyExchange message. - */ - if ((bn_ctx = BN_CTX_new()) == NULL) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); - goto err; - } - - /* Get encoded point length */ - i = *p; - p += 1; - if (n != 1 + i) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - ERR_R_EC_LIB); - goto err; - } - if (EC_POINT_oct2point(group, - clnt_ecpoint, p, i, bn_ctx) == 0) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - ERR_R_EC_LIB); - goto err; - } - /* p is pointing to somewhere in the buffer - * currently, so set it to the start - */ - p=(unsigned char *)s->init_buf->data; - } - - /* Compute the shared pre-master secret */ - field_size = EC_GROUP_get_degree(group); - if (field_size <= 0) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - ERR_R_ECDH_LIB); - goto err; - } - i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL); - if (i <= 0) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - ERR_R_ECDH_LIB); - goto err; - } - - EVP_PKEY_free(clnt_pub_pkey); - EC_POINT_free(clnt_ecpoint); - EC_KEY_free(srvr_ecdh); - BN_CTX_free(bn_ctx); - EC_KEY_free(s->s3->tmp.ecdh); - s->s3->tmp.ecdh = NULL; - -#ifndef OPENSSL_NO_PSK - /* ECDHE PSK ciphersuites from RFC 5489 */ - if ((alg_a & SSL_aPSK) && psk_len != 0) - { - pre_ms_len = 2+i+2+psk_len; - pre_ms = OPENSSL_malloc(pre_ms_len); - if (pre_ms == NULL) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); - goto err; - } - memset(pre_ms, 0, pre_ms_len); - t = pre_ms; - s2n(i, t); - memcpy(t, p, i); - t += i; - s2n(psk_len, t); - memcpy(t, psk, psk_len); - s->session->master_key_length = s->method->ssl3_enc \ - -> generate_master_secret(s, - s->session->master_key, pre_ms, pre_ms_len); - OPENSSL_cleanse(pre_ms, pre_ms_len); - OPENSSL_free(pre_ms); - } -#endif /* OPENSSL_NO_PSK */ - if (!(alg_a & SSL_aPSK)) - { - /* Compute the master secret */ - s->session->master_key_length = s->method->ssl3_enc \ - -> generate_master_secret(s, - s->session->master_key, p, i); - } - - OPENSSL_cleanse(p, i); - } -#endif -#ifndef OPENSSL_NO_SRP - else if (alg_k & SSL_kSRP) - { - int param_len; - - n2s(p,i); - param_len=i+2; - if (param_len > n) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_SRP_A_LENGTH); - goto f_err; - } - if (!(s->srp_ctx.A=BN_bin2bn(p,i,NULL))) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_BN_LIB); - goto err; - } - if (s->session->srp_username != NULL) - OPENSSL_free(s->session->srp_username); - s->session->srp_username = BUF_strdup(s->srp_ctx.login); - if (s->session->srp_username == NULL) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); - goto err; - } - - if ((s->session->master_key_length = SRP_generate_server_master_secret(s,s->session->master_key))<0) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); - goto err; - } - - p+=i; - } -#endif /* OPENSSL_NO_SRP */ - else if (alg_k & SSL_kGOST) - { - int ret = 0; - EVP_PKEY_CTX *pkey_ctx; - EVP_PKEY *client_pub_pkey = NULL, *pk = NULL; - unsigned char premaster_secret[32], *start; - size_t outlen=32, inlen; - unsigned long alg_a; - int Ttag, Tclass; - long Tlen; - - /* Get our certificate private key*/ - alg_a = s->s3->tmp.new_cipher->algorithm_auth; - if (alg_a & SSL_aGOST94) - pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey; - else if (alg_a & SSL_aGOST01) - pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; - - pkey_ctx = EVP_PKEY_CTX_new(pk,NULL); - EVP_PKEY_decrypt_init(pkey_ctx); - /* If client certificate is present and is of the same type, maybe - * use it for key exchange. Don't mind errors from - * EVP_PKEY_derive_set_peer, because it is completely valid to use - * a client certificate for authorization only. */ - client_pub_pkey = X509_get_pubkey(s->session->peer); - if (client_pub_pkey) - { - if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0) - ERR_clear_error(); - } - /* Decrypt session key */ - if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag, &Tclass, n) != V_ASN1_CONSTRUCTED || - Ttag != V_ASN1_SEQUENCE || - Tclass != V_ASN1_UNIVERSAL) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED); - goto gerr; - } - start = p; - inlen = Tlen; - if (EVP_PKEY_decrypt(pkey_ctx,premaster_secret,&outlen,start,inlen) <=0) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED); - goto gerr; - } - /* Generate master secret */ - s->session->master_key_length= - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key,premaster_secret,32); - /* Check if pubkey from client certificate was used */ - if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) - ret = 2; - else - ret = 1; - gerr: - EVP_PKEY_free(client_pub_pkey); - EVP_PKEY_CTX_free(pkey_ctx); - if (ret) - return ret; - else - goto err; - } - else if (!(alg_k & SSL_kPSK)) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_UNKNOWN_CIPHER_TYPE); - goto f_err; - } - - return(1); -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); -#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_SRP) -err: -#endif -#ifndef OPENSSL_NO_ECDH - EVP_PKEY_free(clnt_pub_pkey); - EC_POINT_free(clnt_ecpoint); - if (srvr_ecdh != NULL) - EC_KEY_free(srvr_ecdh); - BN_CTX_free(bn_ctx); -#endif - return(-1); - } - -int ssl3_get_cert_verify(SSL *s) - { - EVP_PKEY *pkey=NULL; - unsigned char *p; - int al,ok,ret=0; - long n; - int type=0,i,j; - X509 *peer; - const EVP_MD *md = NULL; - EVP_MD_CTX mctx; - EVP_MD_CTX_init(&mctx); - - n=s->method->ssl_get_message(s, - SSL3_ST_SR_CERT_VRFY_A, - SSL3_ST_SR_CERT_VRFY_B, - -1, - SSL3_RT_MAX_PLAIN_LENGTH, - &ok); - - if (!ok) return((int)n); - - if (s->session->peer != NULL) - { - peer=s->session->peer; - pkey=X509_get_pubkey(peer); - type=X509_certificate_type(peer,pkey); - } - else - { - peer=NULL; - pkey=NULL; - } - - if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) - { - s->s3->tmp.reuse_message=1; - if (peer != NULL) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE); - goto f_err; - } - ret=1; - goto end; - } - - if (peer == NULL) - { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_NO_CLIENT_CERT_RECEIVED); - al=SSL_AD_UNEXPECTED_MESSAGE; - goto f_err; - } - - if (!(type & EVP_PKT_SIGN)) - { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); - al=SSL_AD_ILLEGAL_PARAMETER; - goto f_err; - } - - if (s->s3->change_cipher_spec) - { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY); - al=SSL_AD_UNEXPECTED_MESSAGE; - goto f_err; - } - - /* we now have a signature that we need to verify */ - p=(unsigned char *)s->init_msg; - /* Check for broken implementations of GOST ciphersuites */ - /* If key is GOST and n is exactly 64, it is bare - * signature without length field */ - if (n==64 && (pkey->type==NID_id_GostR3410_94 || - pkey->type == NID_id_GostR3410_2001) ) - { - i=64; - } - else - { - if (TLS1_get_version(s) >= TLS1_2_VERSION) - { - int sigalg = tls12_get_sigid(pkey); - /* Should never happen */ - if (sigalg == -1) - { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR); - al=SSL_AD_INTERNAL_ERROR; - goto f_err; - } - /* Check key type is consistent with signature */ - if (sigalg != (int)p[1]) - { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_TYPE); - al=SSL_AD_DECODE_ERROR; - goto f_err; - } - md = tls12_get_hash(p[0]); - if (md == NULL) - { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_UNKNOWN_DIGEST); - al=SSL_AD_DECODE_ERROR; - goto f_err; - } -#ifdef SSL_DEBUG -fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); -#endif - p += 2; - n -= 2; - } - n2s(p,i); - n-=2; - if (i > n) - { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH); - al=SSL_AD_DECODE_ERROR; - goto f_err; - } - } - j=EVP_PKEY_size(pkey); - if ((i > j) || (n > j) || (n <= 0)) - { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_SIZE); - al=SSL_AD_DECODE_ERROR; - goto f_err; - } - - if (TLS1_get_version(s) >= TLS1_2_VERSION) - { - long hdatalen = 0; - void *hdata; - hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); - if (hdatalen <= 0) - { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR); - al=SSL_AD_INTERNAL_ERROR; - goto f_err; - } -#ifdef SSL_DEBUG - fprintf(stderr, "Using TLS 1.2 with client verify alg %s\n", - EVP_MD_name(md)); -#endif - if (!EVP_VerifyInit_ex(&mctx, md, NULL) - || !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) - { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_EVP_LIB); - al=SSL_AD_INTERNAL_ERROR; - goto f_err; - } - - if (EVP_VerifyFinal(&mctx, p , i, pkey) <= 0) - { - al=SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_SIGNATURE); - goto f_err; - } - } - else -#ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA) - { - i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md, - MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i, - pkey->pkey.rsa); - if (i < 0) - { - al=SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT); - goto f_err; - } - if (i == 0) - { - al=SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE); - goto f_err; - } - } - else -#endif -#ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - { - j=DSA_verify(pkey->save_type, - &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), - SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa); - if (j <= 0) - { - /* bad signature */ - al=SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_DSA_SIGNATURE); - goto f_err; - } - } - else -#endif -#ifndef OPENSSL_NO_ECDSA - if (pkey->type == EVP_PKEY_EC) - { - j=ECDSA_verify(pkey->save_type, - &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), - SHA_DIGEST_LENGTH,p,i,pkey->pkey.ec); - if (j <= 0) - { - /* bad signature */ - al=SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, - SSL_R_BAD_ECDSA_SIGNATURE); - goto f_err; - } - } - else -#endif - if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) - { unsigned char signature[64]; - int idx; - EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey,NULL); - EVP_PKEY_verify_init(pctx); - if (i!=64) { - fprintf(stderr,"GOST signature length is %d",i); - } - for (idx=0;idx<64;idx++) { - signature[63-idx]=p[idx]; - } - j=EVP_PKEY_verify(pctx,signature,64,s->s3->tmp.cert_verify_md,32); - EVP_PKEY_CTX_free(pctx); - if (j<=0) - { - al=SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, - SSL_R_BAD_ECDSA_SIGNATURE); - goto f_err; - } - } - else - { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR); - al=SSL_AD_UNSUPPORTED_CERTIFICATE; - goto f_err; - } - - - ret=1; - if (0) - { -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - } -end: - if (s->s3->handshake_buffer) - { - BIO_free(s->s3->handshake_buffer); - s->s3->handshake_buffer = NULL; - s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE; - } - EVP_MD_CTX_cleanup(&mctx); - EVP_PKEY_free(pkey); - return(ret); - } - -int ssl3_get_client_certificate(SSL *s) - { - int i,ok,al,ret= -1; - X509 *x=NULL; - unsigned long l,nc,llen,n; - const unsigned char *p,*q; - unsigned char *d; - STACK_OF(X509) *sk=NULL; - - n=s->method->ssl_get_message(s, - SSL3_ST_SR_CERT_A, - SSL3_ST_SR_CERT_B, - -1, - s->max_cert_list, - &ok); - - if (!ok) return((int)n); - - if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) - { - if ( (s->verify_mode & SSL_VERIFY_PEER) && - (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); - al=SSL_AD_HANDSHAKE_FAILURE; - goto f_err; - } - /* If tls asked for a client cert, the client must return a 0 list */ - if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST); - al=SSL_AD_UNEXPECTED_MESSAGE; - goto f_err; - } - s->s3->tmp.reuse_message=1; - return(1); - } - - if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE); - goto f_err; - } - p=d=(unsigned char *)s->init_msg; - - if ((sk=sk_X509_new_null()) == NULL) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE); - goto err; - } - - n2l3(p,llen); - if (llen+3 != n) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_LENGTH_MISMATCH); - goto f_err; - } - for (nc=0; nc<llen; ) - { - n2l3(p,l); - if ((l+nc+3) > llen) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); - goto f_err; - } - - q=p; - x=d2i_X509(NULL,&p,l); - if (x == NULL) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_ASN1_LIB); - goto err; - } - if (p != (q+l)) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); - goto f_err; - } - if (!sk_X509_push(sk,x)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE); - goto err; - } - x=NULL; - nc+=l+3; - } - - if (sk_X509_num(sk) <= 0) - { - /* TLS does not mind 0 certs returned */ - if (s->version == SSL3_VERSION) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATES_RETURNED); - goto f_err; - } - /* Fail for TLS only if we required a certificate */ - else if ((s->verify_mode & SSL_VERIFY_PEER) && - (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); - al=SSL_AD_HANDSHAKE_FAILURE; - goto f_err; - } - /* No client certificate so digest cached records */ - if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s)) - { - al=SSL_AD_INTERNAL_ERROR; - goto f_err; - } - } - else - { - i=ssl_verify_cert_chain(s,sk); - if (i <= 0) - { - al=ssl_verify_alarm_type(s->verify_result); - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED); - goto f_err; - } - } - - if (s->session->peer != NULL) /* This should not be needed */ - X509_free(s->session->peer); - s->session->peer=sk_X509_shift(sk); - s->session->verify_result = s->verify_result; - - /* With the current implementation, sess_cert will always be NULL - * when we arrive here. */ - if (s->session->sess_cert == NULL) - { - s->session->sess_cert = ssl_sess_cert_new(); - if (s->session->sess_cert == NULL) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE); - goto err; - } - } - if (s->session->sess_cert->cert_chain != NULL) - sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free); - s->session->sess_cert->cert_chain=sk; - /* Inconsistency alert: cert_chain does *not* include the - * peer's own certificate, while we do include it in s3_clnt.c */ - - sk=NULL; - - ret=1; - if (0) - { -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - } -err: - if (x != NULL) X509_free(x); - if (sk != NULL) sk_X509_pop_free(sk,X509_free); - return(ret); - } - -int ssl3_send_server_certificate(SSL *s) - { - unsigned long l; - X509 *x; - - if (s->state == SSL3_ST_SW_CERT_A) - { - x=ssl_get_server_send_cert(s); - if (x == NULL) - { - /* VRS: allow null cert if auth == KRB5 */ - if ((s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5) || - (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5)) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR); - return(0); - } - } - - l=ssl3_output_cert_chain(s,x); - if (!l) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR); - return(0); - } - s->state=SSL3_ST_SW_CERT_B; - s->init_num=(int)l; - s->init_off=0; - } - - /* SSL3_ST_SW_CERT_B */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); - } - -#ifndef OPENSSL_NO_TLSEXT -/* send a new session ticket (not necessarily for a new session) */ -int ssl3_send_newsession_ticket(SSL *s) - { - if (s->state == SSL3_ST_SW_SESSION_TICKET_A) - { - unsigned char *p, *senc, *macstart; - const unsigned char *const_p; - int len, slen_full, slen; - SSL_SESSION *sess; - unsigned int hlen; - EVP_CIPHER_CTX ctx; - HMAC_CTX hctx; - SSL_CTX *tctx = s->initial_ctx; - unsigned char iv[EVP_MAX_IV_LENGTH]; - unsigned char key_name[16]; - - /* get session encoding length */ - slen_full = i2d_SSL_SESSION(s->session, NULL); - /* Some length values are 16 bits, so forget it if session is - * too long - */ - if (slen_full > 0xFF00) - return -1; - senc = OPENSSL_malloc(slen_full); - if (!senc) - return -1; - p = senc; - i2d_SSL_SESSION(s->session, &p); - - /* create a fresh copy (not shared with other threads) to clean up */ - const_p = senc; - sess = d2i_SSL_SESSION(NULL, &const_p, slen_full); - if (sess == NULL) - { - OPENSSL_free(senc); - return -1; - } - sess->session_id_length = 0; /* ID is irrelevant for the ticket */ - - slen = i2d_SSL_SESSION(sess, NULL); - if (slen > slen_full) /* shouldn't ever happen */ - { - OPENSSL_free(senc); - return -1; - } - p = senc; - i2d_SSL_SESSION(sess, &p); - SSL_SESSION_free(sess); - - /* Grow buffer if need be: the length calculation is as - * follows 1 (size of message name) + 3 (message length - * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) + - * 16 (key name) + max_iv_len (iv length) + - * session_length + max_enc_block_size (max encrypted session - * length) + max_md_size (HMAC). - */ - if (!BUF_MEM_grow(s->init_buf, - 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + - EVP_MAX_MD_SIZE + slen)) - return -1; - - p=(unsigned char *)s->init_buf->data; - /* do the header */ - *(p++)=SSL3_MT_NEWSESSION_TICKET; - /* Skip message length for now */ - p += 3; - EVP_CIPHER_CTX_init(&ctx); - HMAC_CTX_init(&hctx); - /* Initialize HMAC and cipher contexts. If callback present - * it does all the work otherwise use generated values - * from parent ctx. - */ - if (tctx->tlsext_ticket_key_cb) - { - if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, - &hctx, 1) < 0) - { - OPENSSL_free(senc); - return -1; - } - } - else - { - RAND_pseudo_bytes(iv, 16); - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, - tctx->tlsext_tick_aes_key, iv); - HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, - tlsext_tick_md(), NULL); - memcpy(key_name, tctx->tlsext_tick_key_name, 16); - } - - /* Ticket lifetime hint (advisory only): - * We leave this unspecified for resumed session (for simplicity), - * and guess that tickets for new sessions will live as long - * as their sessions. */ - l2n(s->hit ? 0 : s->session->timeout, p); - - /* Skip ticket length for now */ - p += 2; - /* Output key name */ - macstart = p; - memcpy(p, key_name, 16); - p += 16; - /* output IV */ - memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx)); - p += EVP_CIPHER_CTX_iv_length(&ctx); - /* Encrypt session data */ - EVP_EncryptUpdate(&ctx, p, &len, senc, slen); - p += len; - EVP_EncryptFinal(&ctx, p, &len); - p += len; - EVP_CIPHER_CTX_cleanup(&ctx); - - HMAC_Update(&hctx, macstart, p - macstart); - HMAC_Final(&hctx, p, &hlen); - HMAC_CTX_cleanup(&hctx); - - p += hlen; - /* Now write out lengths: p points to end of data written */ - /* Total length */ - len = p - (unsigned char *)s->init_buf->data; - p=(unsigned char *)s->init_buf->data + 1; - l2n3(len - 4, p); /* Message length */ - p += 4; - s2n(len - 10, p); /* Ticket length */ - - /* number of bytes to write */ - s->init_num= len; - s->state=SSL3_ST_SW_SESSION_TICKET_B; - s->init_off=0; - OPENSSL_free(senc); - } - - /* SSL3_ST_SW_SESSION_TICKET_B */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); - } - -int ssl3_send_cert_status(SSL *s) - { - if (s->state == SSL3_ST_SW_CERT_STATUS_A) - { - unsigned char *p; - /* Grow buffer if need be: the length calculation is as - * follows 1 (message type) + 3 (message length) + - * 1 (ocsp response type) + 3 (ocsp response length) - * + (ocsp response) - */ - if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) - return -1; - - p=(unsigned char *)s->init_buf->data; - - /* do the header */ - *(p++)=SSL3_MT_CERTIFICATE_STATUS; - /* message length */ - l2n3(s->tlsext_ocsp_resplen + 4, p); - /* status type */ - *(p++)= s->tlsext_status_type; - /* length of OCSP response */ - l2n3(s->tlsext_ocsp_resplen, p); - /* actual response */ - memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen); - /* number of bytes to write */ - s->init_num = 8 + s->tlsext_ocsp_resplen; - s->state=SSL3_ST_SW_CERT_STATUS_B; - s->init_off = 0; - } - - /* SSL3_ST_SW_CERT_STATUS_B */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); - } - -# ifndef OPENSSL_NO_NEXTPROTONEG -/* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message. It - * sets the next_proto member in s if found */ -int ssl3_get_next_proto(SSL *s) - { - int ok; - int proto_len, padding_len; - long n; - const unsigned char *p; - - /* Clients cannot send a NextProtocol message if we didn't see the - * extension in their ClientHello */ - if (!s->s3->next_proto_neg_seen) - { - SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION); - return -1; - } - - n=s->method->ssl_get_message(s, - SSL3_ST_SR_NEXT_PROTO_A, - SSL3_ST_SR_NEXT_PROTO_B, - SSL3_MT_NEXT_PROTO, - 514, /* See the payload format below */ - &ok); - - if (!ok) - return((int)n); - - /* s->state doesn't reflect whether ChangeCipherSpec has been received - * in this handshake, but s->s3->change_cipher_spec does (will be reset - * by ssl3_get_finished). */ - if (!s->s3->change_cipher_spec) - { - SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS); - return -1; - } - - if (n < 2) - return 0; /* The body must be > 1 bytes long */ - - p=(unsigned char *)s->init_msg; - - /* The payload looks like: - * uint8 proto_len; - * uint8 proto[proto_len]; - * uint8 padding_len; - * uint8 padding[padding_len]; - */ - proto_len = p[0]; - if (proto_len + 2 > s->init_num) - return 0; - padding_len = p[proto_len + 1]; - if (proto_len + padding_len + 2 != s->init_num) - return 0; - - s->next_proto_negotiated = OPENSSL_malloc(proto_len); - if (!s->next_proto_negotiated) - { - SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(s->next_proto_negotiated, p + 1, proto_len); - s->next_proto_negotiated_len = proto_len; - - return 1; - } -# endif - -/* ssl3_get_channel_id reads and verifies a ClientID handshake message. */ -int ssl3_get_channel_id(SSL *s) - { - int ret = -1, ok; - long n; - const unsigned char *p; - unsigned short extension_type, extension_len; - EC_GROUP* p256 = NULL; - EC_KEY* key = NULL; - EC_POINT* point = NULL; - ECDSA_SIG sig; - BIGNUM x, y; - unsigned short expected_extension_type; - - if (s->state == SSL3_ST_SR_CHANNEL_ID_A && s->init_num == 0) - { - /* The first time that we're called we take the current - * handshake hash and store it. */ - EVP_MD_CTX md_ctx; - unsigned int len; - - EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit_ex(&md_ctx, EVP_sha256(), NULL); - if (!tls1_channel_id_hash(&md_ctx, s)) - return -1; - len = sizeof(s->s3->tlsext_channel_id); - EVP_DigestFinal(&md_ctx, s->s3->tlsext_channel_id, &len); - EVP_MD_CTX_cleanup(&md_ctx); - } - - n = s->method->ssl_get_message(s, - SSL3_ST_SR_CHANNEL_ID_A, - SSL3_ST_SR_CHANNEL_ID_B, - SSL3_MT_ENCRYPTED_EXTENSIONS, - 2 + 2 + TLSEXT_CHANNEL_ID_SIZE, - &ok); - - if (!ok) - return((int)n); - - ssl3_finish_mac(s, (unsigned char*)s->init_buf->data, s->init_num + 4); - - /* s->state doesn't reflect whether ChangeCipherSpec has been received - * in this handshake, but s->s3->change_cipher_spec does (will be reset - * by ssl3_get_finished). */ - if (!s->s3->change_cipher_spec) - { - SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS); - return -1; - } - - if (n != 2 + 2 + TLSEXT_CHANNEL_ID_SIZE) - { - SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_INVALID_MESSAGE); - return -1; - } - - p = (unsigned char *)s->init_msg; - - /* The payload looks like: - * uint16 extension_type - * uint16 extension_len; - * uint8 x[32]; - * uint8 y[32]; - * uint8 r[32]; - * uint8 s[32]; - */ - n2s(p, extension_type); - n2s(p, extension_len); - - expected_extension_type = TLSEXT_TYPE_channel_id; - if (s->s3->tlsext_channel_id_new) - expected_extension_type = TLSEXT_TYPE_channel_id_new; - - if (extension_type != expected_extension_type || - extension_len != TLSEXT_CHANNEL_ID_SIZE) - { - SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_INVALID_MESSAGE); - return -1; - } - - p256 = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); - if (!p256) - { - SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_NO_P256_SUPPORT); - return -1; - } - - BN_init(&x); - BN_init(&y); - sig.r = BN_new(); - sig.s = BN_new(); - - if (BN_bin2bn(p + 0, 32, &x) == NULL || - BN_bin2bn(p + 32, 32, &y) == NULL || - BN_bin2bn(p + 64, 32, sig.r) == NULL || - BN_bin2bn(p + 96, 32, sig.s) == NULL) - goto err; - - point = EC_POINT_new(p256); - if (!point || - !EC_POINT_set_affine_coordinates_GFp(p256, point, &x, &y, NULL)) - goto err; - - key = EC_KEY_new(); - if (!key || - !EC_KEY_set_group(key, p256) || - !EC_KEY_set_public_key(key, point)) - goto err; - - /* We stored the handshake hash in |tlsext_channel_id| the first time - * that we were called. */ - switch (ECDSA_do_verify(s->s3->tlsext_channel_id, SHA256_DIGEST_LENGTH, &sig, key)) { - case 1: - break; - case 0: - SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_CHANNEL_ID_SIGNATURE_INVALID); - s->s3->tlsext_channel_id_valid = 0; - goto err; - default: - s->s3->tlsext_channel_id_valid = 0; - goto err; - } - - memcpy(s->s3->tlsext_channel_id, p, 64); - ret = 1; - -err: - BN_free(&x); - BN_free(&y); - BN_free(sig.r); - BN_free(sig.s); - if (key) - EC_KEY_free(key); - if (point) - EC_POINT_free(point); - if (p256) - EC_GROUP_free(p256); - return ret; - } -#endif diff --git a/main/openssl/ssl/srtp.h b/main/openssl/ssl/srtp.h deleted file mode 100644 index 096b624d..00000000 --- a/main/openssl/ssl/srtp.h +++ /dev/null @@ -1,151 +0,0 @@ -/* ssl/srtp.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* - DTLS code by Eric Rescorla <ekr@rtfm.com> - - Copyright (C) 2006, Network Resonance, Inc. - Copyright (C) 2011, RTFM, Inc. -*/ - -#ifndef HEADER_D1_SRTP_H -#define HEADER_D1_SRTP_H - -#include <openssl/ssl.h> - -#ifdef __cplusplus -extern "C" { -#endif - - -#define SRTP_AES128_CM_SHA1_80 0x0001 -#define SRTP_AES128_CM_SHA1_32 0x0002 -#define SRTP_AES128_F8_SHA1_80 0x0003 -#define SRTP_AES128_F8_SHA1_32 0x0004 -#define SRTP_NULL_SHA1_80 0x0005 -#define SRTP_NULL_SHA1_32 0x0006 - -#ifndef OPENSSL_NO_SRTP - -int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); -int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); -SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); - -STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); -SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); - -#endif - -#ifdef __cplusplus -} -#endif - -#endif - diff --git a/main/openssl/ssl/ssl.h b/main/openssl/ssl/ssl.h deleted file mode 100644 index 90862dd6..00000000 --- a/main/openssl/ssl/ssl.h +++ /dev/null @@ -1,2766 +0,0 @@ -/* ssl/ssl.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#ifndef HEADER_SSL_H -#define HEADER_SSL_H - -#include <openssl/e_os2.h> - -#ifndef OPENSSL_NO_COMP -#include <openssl/comp.h> -#endif -#ifndef OPENSSL_NO_BIO -#include <openssl/bio.h> -#endif -#ifndef OPENSSL_NO_DEPRECATED -#ifndef OPENSSL_NO_X509 -#include <openssl/x509.h> -#endif -#include <openssl/crypto.h> -#include <openssl/lhash.h> -#include <openssl/buffer.h> -#endif -#include <openssl/pem.h> -#include <openssl/hmac.h> - -#include <openssl/kssl.h> -#include <openssl/safestack.h> -#include <openssl/symhacks.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/* SSLeay version number for ASN.1 encoding of the session information */ -/* Version 0 - initial version - * Version 1 - added the optional peer certificate - */ -#define SSL_SESSION_ASN1_VERSION 0x0001 - -/* text strings for the ciphers */ -#define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5 -#define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5 -#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 -#define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5 -#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 -#define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5 -#define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5 -#define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA -#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 -#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA - -/* VRS Additional Kerberos5 entries - */ -#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA -#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA -#define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA -#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA -#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 -#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 -#define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 -#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 - -#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA -#define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA -#define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA -#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 -#define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 -#define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 - -#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA -#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 -#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA -#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 -#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA -#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 -#define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 - -#define SSL_MAX_SSL_SESSION_ID_LENGTH 32 -#define SSL_MAX_SID_CTX_LENGTH 32 - -#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) -#define SSL_MAX_KEY_ARG_LENGTH 8 -#define SSL_MAX_MASTER_KEY_LENGTH 48 - - -/* These are used to specify which ciphers to use and not to use */ - -#define SSL_TXT_EXP40 "EXPORT40" -#define SSL_TXT_EXP56 "EXPORT56" -#define SSL_TXT_LOW "LOW" -#define SSL_TXT_MEDIUM "MEDIUM" -#define SSL_TXT_HIGH "HIGH" -#define SSL_TXT_FIPS "FIPS" - -#define SSL_TXT_kFZA "kFZA" /* unused! */ -#define SSL_TXT_aFZA "aFZA" /* unused! */ -#define SSL_TXT_eFZA "eFZA" /* unused! */ -#define SSL_TXT_FZA "FZA" /* unused! */ - -#define SSL_TXT_aNULL "aNULL" -#define SSL_TXT_eNULL "eNULL" -#define SSL_TXT_NULL "NULL" - -#define SSL_TXT_kRSA "kRSA" -#define SSL_TXT_kDHr "kDHr" /* no such ciphersuites supported! */ -#define SSL_TXT_kDHd "kDHd" /* no such ciphersuites supported! */ -#define SSL_TXT_kDH "kDH" /* no such ciphersuites supported! */ -#define SSL_TXT_kEDH "kEDH" -#define SSL_TXT_kKRB5 "kKRB5" -#define SSL_TXT_kECDHr "kECDHr" -#define SSL_TXT_kECDHe "kECDHe" -#define SSL_TXT_kECDH "kECDH" -#define SSL_TXT_kEECDH "kEECDH" -#define SSL_TXT_kPSK "kPSK" -#define SSL_TXT_kGOST "kGOST" -#define SSL_TXT_kSRP "kSRP" - -#define SSL_TXT_aRSA "aRSA" -#define SSL_TXT_aDSS "aDSS" -#define SSL_TXT_aDH "aDH" /* no such ciphersuites supported! */ -#define SSL_TXT_aECDH "aECDH" -#define SSL_TXT_aKRB5 "aKRB5" -#define SSL_TXT_aECDSA "aECDSA" -#define SSL_TXT_aPSK "aPSK" -#define SSL_TXT_aGOST94 "aGOST94" -#define SSL_TXT_aGOST01 "aGOST01" -#define SSL_TXT_aGOST "aGOST" -#define SSL_TXT_aSRP "aSRP" - -#define SSL_TXT_DSS "DSS" -#define SSL_TXT_DH "DH" -#define SSL_TXT_EDH "EDH" /* same as "kEDH:-ADH" */ -#define SSL_TXT_ADH "ADH" -#define SSL_TXT_RSA "RSA" -#define SSL_TXT_ECDH "ECDH" -#define SSL_TXT_EECDH "EECDH" /* same as "kEECDH:-AECDH" */ -#define SSL_TXT_AECDH "AECDH" -#define SSL_TXT_ECDSA "ECDSA" -#define SSL_TXT_KRB5 "KRB5" -#define SSL_TXT_PSK "PSK" -#define SSL_TXT_SRP "SRP" - -#define SSL_TXT_DES "DES" -#define SSL_TXT_3DES "3DES" -#define SSL_TXT_RC4 "RC4" -#define SSL_TXT_RC2 "RC2" -#define SSL_TXT_IDEA "IDEA" -#define SSL_TXT_SEED "SEED" -#define SSL_TXT_AES128 "AES128" -#define SSL_TXT_AES256 "AES256" -#define SSL_TXT_AES "AES" -#define SSL_TXT_AES_GCM "AESGCM" -#define SSL_TXT_CAMELLIA128 "CAMELLIA128" -#define SSL_TXT_CAMELLIA256 "CAMELLIA256" -#define SSL_TXT_CAMELLIA "CAMELLIA" - -#define SSL_TXT_MD5 "MD5" -#define SSL_TXT_SHA1 "SHA1" -#define SSL_TXT_SHA "SHA" /* same as "SHA1" */ -#define SSL_TXT_GOST94 "GOST94" -#define SSL_TXT_GOST89MAC "GOST89MAC" -#define SSL_TXT_SHA256 "SHA256" -#define SSL_TXT_SHA384 "SHA384" - -#define SSL_TXT_SSLV2 "SSLv2" -#define SSL_TXT_SSLV3 "SSLv3" -#define SSL_TXT_TLSV1 "TLSv1" -#define SSL_TXT_TLSV1_1 "TLSv1.1" -#define SSL_TXT_TLSV1_2 "TLSv1.2" - -#define SSL_TXT_EXP "EXP" -#define SSL_TXT_EXPORT "EXPORT" - -#define SSL_TXT_ALL "ALL" - -/* - * COMPLEMENTOF* definitions. These identifiers are used to (de-select) - * ciphers normally not being used. - * Example: "RC4" will activate all ciphers using RC4 including ciphers - * without authentication, which would normally disabled by DEFAULT (due - * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" - * will make sure that it is also disabled in the specific selection. - * COMPLEMENTOF* identifiers are portable between version, as adjustments - * to the default cipher setup will also be included here. - * - * COMPLEMENTOFDEFAULT does not experience the same special treatment that - * DEFAULT gets, as only selection is being done and no sorting as needed - * for DEFAULT. - */ -#define SSL_TXT_CMPALL "COMPLEMENTOFALL" -#define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" - -/* The following cipher list is used by default. - * It also is substituted when an application-defined cipher list string - * starts with 'DEFAULT'. */ -#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" -/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always - * starts with a reasonable order, and all we have to do for DEFAULT is - * throwing out anonymous and unencrypted ciphersuites! - * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable - * some of them.) - */ - -/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ -#define SSL_SENT_SHUTDOWN 1 -#define SSL_RECEIVED_SHUTDOWN 2 - -#ifdef __cplusplus -} -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2) -#define OPENSSL_NO_SSL2 -#endif - -#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 -#define SSL_FILETYPE_PEM X509_FILETYPE_PEM - -/* This is needed to stop compilers complaining about the - * 'struct ssl_st *' function parameters used to prototype callbacks - * in SSL_CTX. */ -typedef struct ssl_st *ssl_crock_st; -typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; -typedef struct ssl_method_st SSL_METHOD; -typedef struct ssl_cipher_st SSL_CIPHER; -typedef struct ssl_session_st SSL_SESSION; - -DECLARE_STACK_OF(SSL_CIPHER) - -/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ -typedef struct srtp_protection_profile_st - { - const char *name; - unsigned long id; - } SRTP_PROTECTION_PROFILE; - -DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) - -typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg); -typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg); - - -#ifndef OPENSSL_NO_SSL_INTERN - -/* used to hold info on the particular ciphers used */ -struct ssl_cipher_st - { - int valid; - const char *name; /* text name */ - unsigned long id; /* id, 4 bytes, first is version */ - - /* changed in 0.9.9: these four used to be portions of a single value 'algorithms' */ - unsigned long algorithm_mkey; /* key exchange algorithm */ - unsigned long algorithm_auth; /* server authentication */ - unsigned long algorithm_enc; /* symmetric encryption */ - unsigned long algorithm_mac; /* symmetric authentication */ - unsigned long algorithm_ssl; /* (major) protocol version */ - - unsigned long algo_strength; /* strength and export flags */ - unsigned long algorithm2; /* Extra flags */ - int strength_bits; /* Number of bits really used */ - int alg_bits; /* Number of bits for algorithm */ - }; - - -/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ -struct ssl_method_st - { - int version; - int (*ssl_new)(SSL *s); - void (*ssl_clear)(SSL *s); - void (*ssl_free)(SSL *s); - int (*ssl_accept)(SSL *s); - int (*ssl_connect)(SSL *s); - int (*ssl_read)(SSL *s,void *buf,int len); - int (*ssl_peek)(SSL *s,void *buf,int len); - int (*ssl_write)(SSL *s,const void *buf,int len); - int (*ssl_shutdown)(SSL *s); - int (*ssl_renegotiate)(SSL *s); - int (*ssl_renegotiate_check)(SSL *s); - long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long - max, int *ok); - int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, - int peek); - int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); - int (*ssl_dispatch_alert)(SSL *s); - long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); - long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); - const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); - int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr); - int (*ssl_pending)(const SSL *s); - int (*num_ciphers)(void); - const SSL_CIPHER *(*get_cipher)(unsigned ncipher); - const struct ssl_method_st *(*get_ssl_method)(int version); - long (*get_timeout)(void); - struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ - int (*ssl_version)(void); - long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); - long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); - }; - -/* Lets make this into an ASN.1 type structure as follows - * SSL_SESSION_ID ::= SEQUENCE { - * version INTEGER, -- structure version number - * SSLversion INTEGER, -- SSL version number - * Cipher OCTET STRING, -- the 3 byte cipher ID - * Session_ID OCTET STRING, -- the Session ID - * Master_key OCTET STRING, -- the master key - * KRB5_principal OCTET STRING -- optional Kerberos principal - * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument - * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time - * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds - * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate - * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context - * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer' - * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension - * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint - * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity - * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket - * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only) - * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method - * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username - * } - * Look in ssl/ssl_asn1.c for more details - * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). - */ -struct ssl_session_st - { - int ssl_version; /* what ssl version session info is - * being kept in here? */ - - /* only really used in SSLv2 */ - unsigned int key_arg_length; - unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; - int master_key_length; - unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; - /* session_id - valid? */ - unsigned int session_id_length; - unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; - /* this is used to determine whether the session is being reused in - * the appropriate context. It is up to the application to set this, - * via SSL_new */ - unsigned int sid_ctx_length; - unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; - -#ifndef OPENSSL_NO_KRB5 - unsigned int krb5_client_princ_len; - unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; -#endif /* OPENSSL_NO_KRB5 */ -#ifndef OPENSSL_NO_PSK - char *psk_identity_hint; - char *psk_identity; -#endif - /* Used to indicate that session resumption is not allowed. - * Applications can also set this bit for a new session via - * not_resumable_session_cb to disable session caching and tickets. */ - int not_resumable; - - /* The cert is the certificate used to establish this connection */ - struct sess_cert_st /* SESS_CERT */ *sess_cert; - - /* This is the cert for the other end. - * On clients, it will be the same as sess_cert->peer_key->x509 - * (the latter is not enough as sess_cert is not retained - * in the external representation of sessions, see ssl_asn1.c). */ - X509 *peer; - /* when app_verify_callback accepts a session where the peer's certificate - * is not ok, we must remember the error for session reuse: */ - long verify_result; /* only for servers */ - - int references; - long timeout; - long time; - - unsigned int compress_meth; /* Need to lookup the method */ - - const SSL_CIPHER *cipher; - unsigned long cipher_id; /* when ASN.1 loaded, this - * needs to be used to load - * the 'cipher' structure */ - - STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ - - CRYPTO_EX_DATA ex_data; /* application specific data */ - - /* These are used to make removal of session-ids more - * efficient and to implement a maximum cache size. */ - struct ssl_session_st *prev,*next; -#ifndef OPENSSL_NO_TLSEXT - char *tlsext_hostname; -#ifndef OPENSSL_NO_EC - size_t tlsext_ecpointformatlist_length; - unsigned char *tlsext_ecpointformatlist; /* peer's list */ - size_t tlsext_ellipticcurvelist_length; - unsigned char *tlsext_ellipticcurvelist; /* peer's list */ -#endif /* OPENSSL_NO_EC */ - /* RFC4507 info */ - unsigned char *tlsext_tick; /* Session ticket */ - size_t tlsext_ticklen; /* Session ticket length */ - long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ -#endif -#ifndef OPENSSL_NO_SRP - char *srp_username; -#endif - - /* original_handshake_hash contains the handshake hash (either - * SHA-1+MD5 or SHA-2, depending on TLS version) for the original, full - * handshake that created a session. This is used by Channel IDs during - * resumption. */ - unsigned char original_handshake_hash[EVP_MAX_MD_SIZE]; - unsigned int original_handshake_hash_len; - }; - -#endif - -#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L -#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L -/* Allow initial connection to servers that don't support RI */ -#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L -#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L -#define SSL_OP_TLSEXT_PADDING 0x00000010L -#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L -#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L -#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L -#define SSL_OP_TLS_D5_BUG 0x00000100L -#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L - -/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ -#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 -/* Refers to ancient SSLREF and SSLv2, retained for compatibility */ -#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 - -/* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is vestigial. Previously it disabled the - * insertion of empty records in CBC mode, but the empty records were commonly - * misinterpreted as EOF by other TLS stacks and so this was disabled by - * SSL_OP_ALL. - * - * This has been replaced by 1/n-1 record splitting, which is enabled by - * SSL_MODE_CBC_RECORD_SPLITTING in SSL_set_mode. This involves sending a - * one-byte record rather than an empty record and has much better - * compatibility. */ -#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */ - -/* SSL_OP_ALL: various bug workarounds that should be rather harmless. - * This used to be 0x000FFFFFL before 0.9.7. */ -#define SSL_OP_ALL 0x80000BFFL - -/* DTLS options */ -#define SSL_OP_NO_QUERY_MTU 0x00001000L -/* Turn on Cookie Exchange (on relevant for servers) */ -#define SSL_OP_COOKIE_EXCHANGE 0x00002000L -/* Don't use RFC4507 ticket extension */ -#define SSL_OP_NO_TICKET 0x00004000L -/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ -#define SSL_OP_CISCO_ANYCONNECT 0x00008000L - -/* As server, disallow session resumption on renegotiation */ -#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L -/* Don't use compression even if supported */ -#define SSL_OP_NO_COMPRESSION 0x00020000L -/* Permit unsafe legacy renegotiation */ -#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L -/* If set, always create a new key when using tmp_ecdh parameters */ -#define SSL_OP_SINGLE_ECDH_USE 0x00080000L -/* If set, always create a new key when using tmp_dh parameters */ -#define SSL_OP_SINGLE_DH_USE 0x00100000L -/* Does nothing: retained for compatibiity */ -#define SSL_OP_EPHEMERAL_RSA 0x0 -/* Set on servers to choose the cipher according to the server's - * preferences */ -#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L -/* If set, a server will allow a client to issue a SSLv3.0 version number - * as latest version supported in the premaster secret, even when TLSv1.0 - * (version 3.1) was announced in the client hello. Normally this is - * forbidden to prevent version rollback attacks. */ -#define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L - -#define SSL_OP_NO_SSLv2 0x01000000L -#define SSL_OP_NO_SSLv3 0x02000000L -#define SSL_OP_NO_TLSv1 0x04000000L -#define SSL_OP_NO_TLSv1_2 0x08000000L -#define SSL_OP_NO_TLSv1_1 0x10000000L - -/* These next two were never actually used for anything since SSLeay - * zap so we have some more flags. - */ -/* The next flag deliberately changes the ciphertest, this is a check - * for the PKCS#1 attack */ -#define SSL_OP_PKCS1_CHECK_1 0x0 -#define SSL_OP_PKCS1_CHECK_2 0x0 - -#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L -#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L -/* Make server add server-hello extension from early version of - * cryptopro draft, when GOST ciphersuite is negotiated. - * Required for interoperability with CryptoPro CSP 3.x - */ -#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L - -/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success - * when just a single record has been written): */ -#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L -/* Make it possible to retry SSL_write() with changed buffer location - * (buffer contents must stay the same!); this is not the default to avoid - * the misconception that non-blocking SSL_write() behaves like - * non-blocking write(): */ -#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L -/* Never bother the application with retries if the transport - * is blocking: */ -#define SSL_MODE_AUTO_RETRY 0x00000004L -/* Don't attempt to automatically build certificate chain */ -#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L -/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and - * TLS only.) "Released" buffers are put onto a free-list in the context - * or just freed (depending on the context's setting for freelist_max_len). */ -#define SSL_MODE_RELEASE_BUFFERS 0x00000010L - -/* Send the current time in the Random fields of the ClientHello and - * ServerHello records for compatibility with hypothetical implementations - * that require it. - */ -#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L -#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L -/* Send TLS_FALLBACK_SCSV in the ClientHello. - * To be set only by applications that reconnect with a downgraded protocol - * version; see draft-ietf-tls-downgrade-scsv-00 for details. - * - * DO NOT ENABLE THIS if your application attempts a normal handshake. - * Only use this in explicit fallback retries, following the guidance - * in draft-ietf-tls-downgrade-scsv-00. - */ -#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L - -/* When set, clients may send application data before receipt of CCS - * and Finished. This mode enables full-handshakes to 'complete' in - * one RTT. */ -#define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000200L - -/* When set, TLS 1.0 and SSLv3, multi-byte, CBC records will be split in two: - * the first record will contain a single byte and the second will contain the - * rest of the bytes. This effectively randomises the IV and prevents BEAST - * attacks. */ -#define SSL_MODE_CBC_RECORD_SPLITTING 0x00000100L - -/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, - * they cannot be used to clear bits. */ - -#define SSL_CTX_set_options(ctx,op) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) -#define SSL_CTX_clear_options(ctx,op) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) -#define SSL_CTX_get_options(ctx) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) -#define SSL_set_options(ssl,op) \ - SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) -#define SSL_clear_options(ssl,op) \ - SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) -#define SSL_get_options(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) - -#define SSL_CTX_set_mode(ctx,op) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) -#define SSL_CTX_clear_mode(ctx,op) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) -#define SSL_CTX_get_mode(ctx) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) -#define SSL_clear_mode(ssl,op) \ - SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) -#define SSL_set_mode(ssl,op) \ - SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) -#define SSL_get_mode(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) -#define SSL_set_mtu(ssl, mtu) \ - SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) -#define DTLS_set_link_mtu(ssl, mtu) \ - SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) -#define DTLS_get_link_min_mtu(ssl) \ - SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) - -#define SSL_get_secure_renegotiation_support(ssl) \ - SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) - -#ifndef OPENSSL_NO_HEARTBEATS -#define SSL_heartbeat(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL) -#endif - -void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); -void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); -#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) -#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) - -#ifndef OPENSSL_NO_SRP - -#ifndef OPENSSL_NO_SSL_INTERN - -typedef struct srp_ctx_st - { - /* param for all the callbacks */ - void *SRP_cb_arg; - /* set client Hello login callback */ - int (*TLS_ext_srp_username_callback)(SSL *, int *, void *); - /* set SRP N/g param callback for verification */ - int (*SRP_verify_param_callback)(SSL *, void *); - /* set SRP client passwd callback */ - char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *); - - char *login; - BIGNUM *N,*g,*s,*B,*A; - BIGNUM *a,*b,*v; - char *info; - int strength; - - unsigned long srp_Mask; - } SRP_CTX; - -#endif - -/* see tls_srp.c */ -int SSL_SRP_CTX_init(SSL *s); -int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); -int SSL_SRP_CTX_free(SSL *ctx); -int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); -int SSL_srp_server_param_with_username(SSL *s, int *ad); -int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key); -int SRP_Calc_A_param(SSL *s); -int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key); - -#endif - -#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) -#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */ -#else -#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */ -#endif - -#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) - -/* This callback type is used inside SSL_CTX, SSL, and in the functions that set - * them. It is used to override the generation of SSL/TLS session IDs in a - * server. Return value should be zero on an error, non-zero to proceed. Also, - * callbacks should themselves check if the id they generate is unique otherwise - * the SSL handshake will fail with an error - callbacks can do this using the - * 'ssl' value they're passed by; - * SSL_has_matching_session_id(ssl, id, *id_len) - * The length value passed in is set at the maximum size the session ID can be. - * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback - * can alter this length to be less if desired, but under SSLv2 session IDs are - * supposed to be fixed at 16 bytes so the id will be padded after the callback - * returns in this case. It is also an error for the callback to set the size to - * zero. */ -typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, - unsigned int *id_len); - -typedef struct ssl_comp_st SSL_COMP; - -#ifndef OPENSSL_NO_SSL_INTERN - -struct ssl_comp_st - { - int id; - const char *name; -#ifndef OPENSSL_NO_COMP - COMP_METHOD *method; -#else - char *method; -#endif - }; - -DECLARE_STACK_OF(SSL_COMP) -DECLARE_LHASH_OF(SSL_SESSION); - -struct ssl_ctx_st - { - const SSL_METHOD *method; - - STACK_OF(SSL_CIPHER) *cipher_list; - /* same as above but sorted for lookup */ - STACK_OF(SSL_CIPHER) *cipher_list_by_id; - - struct x509_store_st /* X509_STORE */ *cert_store; - LHASH_OF(SSL_SESSION) *sessions; - /* Most session-ids that will be cached, default is - * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */ - unsigned long session_cache_size; - struct ssl_session_st *session_cache_head; - struct ssl_session_st *session_cache_tail; - - /* This can have one of 2 values, ored together, - * SSL_SESS_CACHE_CLIENT, - * SSL_SESS_CACHE_SERVER, - * Default is SSL_SESSION_CACHE_SERVER, which means only - * SSL_accept which cache SSL_SESSIONS. */ - int session_cache_mode; - - /* If timeout is not 0, it is the default timeout value set - * when SSL_new() is called. This has been put in to make - * life easier to set things up */ - long session_timeout; - - /* If this callback is not null, it will be called each - * time a session id is added to the cache. If this function - * returns 1, it means that the callback will do a - * SSL_SESSION_free() when it has finished using it. Otherwise, - * on 0, it means the callback has finished with it. - * If remove_session_cb is not null, it will be called when - * a session-id is removed from the cache. After the call, - * OpenSSL will SSL_SESSION_free() it. */ - int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess); - void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess); - SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, - unsigned char *data,int len,int *copy); - - struct - { - int sess_connect; /* SSL new conn - started */ - int sess_connect_renegotiate;/* SSL reneg - requested */ - int sess_connect_good; /* SSL new conne/reneg - finished */ - int sess_accept; /* SSL new accept - started */ - int sess_accept_renegotiate;/* SSL reneg - requested */ - int sess_accept_good; /* SSL accept/reneg - finished */ - int sess_miss; /* session lookup misses */ - int sess_timeout; /* reuse attempt on timeouted session */ - int sess_cache_full; /* session removed due to full cache */ - int sess_hit; /* session reuse actually done */ - int sess_cb_hit; /* session-id that was not - * in the cache was - * passed back via the callback. This - * indicates that the application is - * supplying session-id's from other - * processes - spooky :-) */ - } stats; - - int references; - - /* if defined, these override the X509_verify_cert() calls */ - int (*app_verify_callback)(X509_STORE_CTX *, void *); - void *app_verify_arg; - /* before OpenSSL 0.9.7, 'app_verify_arg' was ignored - * ('app_verify_callback' was called with just one argument) */ - - /* Default password callback. */ - pem_password_cb *default_passwd_callback; - - /* Default password callback user data. */ - void *default_passwd_callback_userdata; - - /* get client cert callback */ - int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); - - /* get channel id callback */ - void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey); - - /* cookie generate callback */ - int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, - unsigned int *cookie_len); - - /* verify cookie callback */ - int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, - unsigned int cookie_len); - - CRYPTO_EX_DATA ex_data; - - const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */ - const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ - const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ - - STACK_OF(X509) *extra_certs; - STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ - - - /* Default values used when no per-SSL value is defined follow */ - - void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */ - - /* what we put in client cert requests */ - STACK_OF(X509_NAME) *client_CA; - - - /* Default values to use in SSL structures follow (these are copied by SSL_new) */ - - unsigned long options; - unsigned long mode; - long max_cert_list; - - struct cert_st /* CERT */ *cert; - int read_ahead; - - /* callback that allows applications to peek at protocol messages */ - void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); - void *msg_callback_arg; - - int verify_mode; - unsigned int sid_ctx_length; - unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; - int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */ - - /* Default generate session ID callback. */ - GEN_SESSION_CB generate_session_id; - - X509_VERIFY_PARAM *param; - -#if 0 - int purpose; /* Purpose setting */ - int trust; /* Trust setting */ -#endif - - int quiet_shutdown; - - /* Maximum amount of data to send in one fragment. - * actual record size can be more than this due to - * padding and MAC overheads. - */ - unsigned int max_send_fragment; - -#ifndef OPENSSL_NO_ENGINE - /* Engine to pass requests for client certs to - */ - ENGINE *client_cert_engine; -#endif - -#ifndef OPENSSL_NO_TLSEXT - /* TLS extensions servername callback */ - int (*tlsext_servername_callback)(SSL*, int *, void *); - void *tlsext_servername_arg; - /* RFC 4507 session ticket keys */ - unsigned char tlsext_tick_key_name[16]; - unsigned char tlsext_tick_hmac_key[16]; - unsigned char tlsext_tick_aes_key[16]; - /* Callback to support customisation of ticket key setting */ - int (*tlsext_ticket_key_cb)(SSL *ssl, - unsigned char *name, unsigned char *iv, - EVP_CIPHER_CTX *ectx, - HMAC_CTX *hctx, int enc); - - /* certificate status request info */ - /* Callback for status request */ - int (*tlsext_status_cb)(SSL *ssl, void *arg); - void *tlsext_status_arg; - - /* draft-rescorla-tls-opaque-prf-input-00.txt information */ - int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg); - void *tlsext_opaque_prf_input_callback_arg; -#endif - -#ifndef OPENSSL_NO_PSK - char *psk_identity_hint; - unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity, - unsigned int max_identity_len, unsigned char *psk, - unsigned int max_psk_len); - unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, - unsigned char *psk, unsigned int max_psk_len); -#endif - -#ifndef OPENSSL_NO_BUF_FREELISTS -#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 - unsigned int freelist_max_len; - struct ssl3_buf_freelist_st *wbuf_freelist; - struct ssl3_buf_freelist_st *rbuf_freelist; -#endif -#ifndef OPENSSL_NO_SRP - SRP_CTX srp_ctx; /* ctx for SRP authentication */ -#endif - -#ifndef OPENSSL_NO_TLSEXT - -# ifndef OPENSSL_NO_NEXTPROTONEG - /* Next protocol negotiation information */ - /* (for experimental NPN extension). */ - - /* For a server, this contains a callback function by which the set of - * advertised protocols can be provided. */ - int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf, - unsigned int *len, void *arg); - void *next_protos_advertised_cb_arg; - /* For a client, this contains a callback function that selects the - * next protocol from the list provided by the server. */ - int (*next_proto_select_cb)(SSL *s, unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg); - void *next_proto_select_cb_arg; -# endif - - /* ALPN information - * (we are in the process of transitioning from NPN to ALPN.) */ - - /* For a server, this contains a callback function that allows the - * server to select the protocol for the connection. - * out: on successful return, this must point to the raw protocol - * name (without the length prefix). - * outlen: on successful return, this contains the length of |*out|. - * in: points to the client's list of supported protocols in - * wire-format. - * inlen: the length of |in|. */ - int (*alpn_select_cb)(SSL *s, - const unsigned char **out, - unsigned char *outlen, - const unsigned char* in, - unsigned int inlen, - void *arg); - void *alpn_select_cb_arg; - - /* For a client, this contains the list of supported protocols in wire - * format. */ - unsigned char* alpn_client_proto_list; - unsigned alpn_client_proto_list_len; - - /* SRTP profiles we are willing to do from RFC 5764 */ - STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; - - /* If true, a client will advertise the Channel ID extension and a - * server will echo it. */ - char tlsext_channel_id_enabled; - /* tlsext_channel_id_enabled_new is a hack to support both old and new - * ChannelID signatures. It indicates that a client should advertise the - * new ChannelID extension number. */ - char tlsext_channel_id_enabled_new; - /* The client's Channel ID private key. */ - EVP_PKEY *tlsext_channel_id_private; -#endif - }; - -#endif - -#define SSL_SESS_CACHE_OFF 0x0000 -#define SSL_SESS_CACHE_CLIENT 0x0001 -#define SSL_SESS_CACHE_SERVER 0x0002 -#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) -#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 -/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ -#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 -#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 -#define SSL_SESS_CACHE_NO_INTERNAL \ - (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) - -LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); -#define SSL_CTX_sess_number(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) -#define SSL_CTX_sess_connect(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) -#define SSL_CTX_sess_connect_good(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) -#define SSL_CTX_sess_connect_renegotiate(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) -#define SSL_CTX_sess_accept(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) -#define SSL_CTX_sess_accept_renegotiate(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) -#define SSL_CTX_sess_accept_good(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) -#define SSL_CTX_sess_hits(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) -#define SSL_CTX_sess_cb_hits(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) -#define SSL_CTX_sess_misses(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) -#define SSL_CTX_sess_timeouts(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) -#define SSL_CTX_sess_cache_full(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) -/* SSL_CTX_enable_tls_channel_id configures a TLS server to accept TLS client - * IDs from clients. Returns 1 on success. */ -#define SSL_CTX_enable_tls_channel_id(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL) - -void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess)); -int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess); -void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess)); -void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess); -void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy)); -SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy); -void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val)); -void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val); -void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); -int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); -void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey)); -void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey); -#ifndef OPENSSL_NO_ENGINE -int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); -#endif -void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); -void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); -#ifndef OPENSSL_NO_NEXTPROTONEG -void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, - int (*cb) (SSL *ssl, - const unsigned char **out, - unsigned int *outlen, - void *arg), - void *arg); -void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, - int (*cb) (SSL *ssl, - unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg), - void *arg); - -int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, - const unsigned char *client, unsigned int client_len); -void SSL_get0_next_proto_negotiated(const SSL *s, - const unsigned char **data, unsigned *len); - -#define OPENSSL_NPN_UNSUPPORTED 0 -#define OPENSSL_NPN_NEGOTIATED 1 -#define OPENSSL_NPN_NO_OVERLAP 2 -#endif - -int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char* protos, - unsigned protos_len); -int SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos, - unsigned protos_len); -void SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx, - int (*cb) (SSL *ssl, - const unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg), - void *arg); -void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, - unsigned *len); - -#ifndef OPENSSL_NO_PSK -/* the maximum length of the buffer given to callbacks containing the - * resulting identity/psk */ -#define PSK_MAX_IDENTITY_LEN 128 -#define PSK_MAX_PSK_LEN 256 -void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, - unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, - char *identity, unsigned int max_identity_len, unsigned char *psk, - unsigned int max_psk_len)); -void SSL_set_psk_client_callback(SSL *ssl, - unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, - char *identity, unsigned int max_identity_len, unsigned char *psk, - unsigned int max_psk_len)); -void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, - unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, - unsigned char *psk, unsigned int max_psk_len)); -void SSL_set_psk_server_callback(SSL *ssl, - unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, - unsigned char *psk, unsigned int max_psk_len)); -int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); -int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); -const char *SSL_get_psk_identity_hint(const SSL *s); -const char *SSL_get_psk_identity(const SSL *s); -#endif - -#define SSL_NOTHING 1 -#define SSL_WRITING 2 -#define SSL_READING 3 -#define SSL_X509_LOOKUP 4 -#define SSL_CHANNEL_ID_LOOKUP 5 - -/* These will only be used when doing non-blocking IO */ -#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) -#define SSL_want_read(s) (SSL_want(s) == SSL_READING) -#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) -#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) -#define SSL_want_channel_id_lookup(s) (SSL_want(s) == SSL_CHANNEL_ID_LOOKUP) - -#define SSL_MAC_FLAG_READ_MAC_STREAM 1 -#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 - -#ifndef OPENSSL_NO_SSL_INTERN - -struct ssl_st - { - /* protocol version - * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) - */ - int version; - int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ - - const SSL_METHOD *method; /* SSLv3 */ - - /* There are 2 BIO's even though they are normally both the - * same. This is so data can be read and written to different - * handlers */ - -#ifndef OPENSSL_NO_BIO - BIO *rbio; /* used by SSL_read */ - BIO *wbio; /* used by SSL_write */ - BIO *bbio; /* used during session-id reuse to concatenate - * messages */ -#else - char *rbio; /* used by SSL_read */ - char *wbio; /* used by SSL_write */ - char *bbio; -#endif - /* This holds a variable that indicates what we were doing - * when a 0 or -1 is returned. This is needed for - * non-blocking IO so we know what request needs re-doing when - * in SSL_accept or SSL_connect */ - int rwstate; - - /* true when we are actually in SSL_accept() or SSL_connect() */ - int in_handshake; - int (*handshake_func)(SSL *); - - /* Imagine that here's a boolean member "init" that is - * switched as soon as SSL_set_{accept/connect}_state - * is called for the first time, so that "state" and - * "handshake_func" are properly initialized. But as - * handshake_func is == 0 until then, we use this - * test instead of an "init" member. - */ - - int server; /* are we the server side? - mostly used by SSL_clear*/ - - int new_session;/* Generate a new session or reuse an old one. - * NB: For servers, the 'new' session may actually be a previously - * cached session or even the previous session unless - * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ - int quiet_shutdown;/* don't send shutdown packets */ - int shutdown; /* we have shut things down, 0x01 sent, 0x02 - * for received */ - int state; /* where we are */ - int rstate; /* where we are when reading */ - - BUF_MEM *init_buf; /* buffer used during init */ - void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */ - int init_num; /* amount read/written */ - int init_off; /* amount read/written */ - - /* used internally to point at a raw packet */ - unsigned char *packet; - unsigned int packet_length; - - struct ssl2_state_st *s2; /* SSLv2 variables */ - struct ssl3_state_st *s3; /* SSLv3 variables */ - struct dtls1_state_st *d1; /* DTLSv1 variables */ - - int read_ahead; /* Read as many input bytes as possible - * (for non-blocking reads) */ - - /* callback that allows applications to peek at protocol messages */ - void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); - void *msg_callback_arg; - - int hit; /* reusing a previous session */ - - X509_VERIFY_PARAM *param; - -#if 0 - int purpose; /* Purpose setting */ - int trust; /* Trust setting */ -#endif - - /* crypto */ - STACK_OF(SSL_CIPHER) *cipher_list; - STACK_OF(SSL_CIPHER) *cipher_list_by_id; - - /* These are the ones being used, the ones in SSL_SESSION are - * the ones to be 'copied' into these ones */ - int mac_flags; - EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ - EVP_MD_CTX *read_hash; /* used for mac generation */ -#ifndef OPENSSL_NO_COMP - COMP_CTX *expand; /* uncompress */ -#else - char *expand; -#endif - - EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ - EVP_MD_CTX *write_hash; /* used for mac generation */ -#ifndef OPENSSL_NO_COMP - COMP_CTX *compress; /* compression */ -#else - char *compress; -#endif - - /* session info */ - - /* client cert? */ - /* This is used to hold the server certificate used */ - struct cert_st /* CERT */ *cert; - - /* the session_id_context is used to ensure sessions are only reused - * in the appropriate context */ - unsigned int sid_ctx_length; - unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; - - /* This can also be in the session once a session is established */ - SSL_SESSION *session; - - /* This can be disabled to prevent the use of uncached sessions */ - int session_creation_enabled; - - /* Default generate session ID callback. */ - GEN_SESSION_CB generate_session_id; - - /* Used in SSL2 and SSL3 */ - int verify_mode; /* 0 don't care about verify failure. - * 1 fail if verify fails */ - int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */ - - void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */ - - int error; /* error bytes to be written */ - int error_code; /* actual code */ - -#ifndef OPENSSL_NO_KRB5 - KSSL_CTX *kssl_ctx; /* Kerberos 5 context */ -#endif /* OPENSSL_NO_KRB5 */ - -#ifndef OPENSSL_NO_PSK - /* PSK identity hint is stored here only to enable setting a hint on an SSL object before an - * SSL_SESSION is associated with it. Once an SSL_SESSION is associated with this SSL object, - * the psk_identity_hint from the session takes precedence over this one. */ - char *psk_identity_hint; - unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity, - unsigned int max_identity_len, unsigned char *psk, - unsigned int max_psk_len); - unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, - unsigned char *psk, unsigned int max_psk_len); -#endif - - SSL_CTX *ctx; - /* set this flag to 1 and a sleep(1) is put into all SSL_read() - * and SSL_write() calls, good for nbio debuging :-) */ - int debug; - - /* extra application data */ - long verify_result; - CRYPTO_EX_DATA ex_data; - - /* for server side, keep the list of CA_dn we can use */ - STACK_OF(X509_NAME) *client_CA; - - int references; - unsigned long options; /* protocol behaviour */ - unsigned long mode; /* API behaviour */ - long max_cert_list; - int first_packet; - int client_version; /* what was passed, used for - * SSLv3/TLS rollback check */ - unsigned int max_send_fragment; -#ifndef OPENSSL_NO_TLSEXT - /* TLS extension debug callback */ - void (*tlsext_debug_cb)(SSL *s, int client_server, int type, - unsigned char *data, int len, - void *arg); - void *tlsext_debug_arg; - char *tlsext_hostname; - int servername_done; /* no further mod of servername - 0 : call the servername extension callback. - 1 : prepare 2, allow last ack just after in server callback. - 2 : don't call servername callback, no ack in server hello - */ - /* certificate status request info */ - /* Status type or -1 if no status type */ - int tlsext_status_type; - /* Expect OCSP CertificateStatus message */ - int tlsext_status_expected; - /* OCSP status request only */ - STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; - X509_EXTENSIONS *tlsext_ocsp_exts; - /* OCSP response received or to be sent */ - unsigned char *tlsext_ocsp_resp; - int tlsext_ocsp_resplen; - - /* RFC4507 session ticket expected to be received or sent */ - int tlsext_ticket_expected; -#ifndef OPENSSL_NO_EC - size_t tlsext_ecpointformatlist_length; - unsigned char *tlsext_ecpointformatlist; /* our list */ - size_t tlsext_ellipticcurvelist_length; - unsigned char *tlsext_ellipticcurvelist; /* our list */ -#endif /* OPENSSL_NO_EC */ - - /* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for handshakes */ - void *tlsext_opaque_prf_input; - size_t tlsext_opaque_prf_input_len; - - /* TLS Session Ticket extension override */ - TLS_SESSION_TICKET_EXT *tlsext_session_ticket; - - /* TLS Session Ticket extension callback */ - tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb; - void *tls_session_ticket_ext_cb_arg; - - /* TLS pre-shared secret session resumption */ - tls_session_secret_cb_fn tls_session_secret_cb; - void *tls_session_secret_cb_arg; - - SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ - -#ifndef OPENSSL_NO_NEXTPROTONEG - /* Next protocol negotiation. For the client, this is the protocol that - * we sent in NextProtocol and is set when handling ServerHello - * extensions. - * - * For a server, this is the client's selected_protocol from - * NextProtocol and is set when handling the NextProtocol message, - * before the Finished message. */ - unsigned char *next_proto_negotiated; - unsigned char next_proto_negotiated_len; -#endif - -#define session_ctx initial_ctx - - STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */ - SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */ - - unsigned int tlsext_heartbeat; /* Is use of the Heartbeat extension negotiated? - 0: disabled - 1: enabled - 2: enabled, but not allowed to send Requests - */ - unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */ - unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */ - - /* Copied from the SSL_CTX. For a server, means that we'll accept - * Channel IDs from clients. For a client, means that we'll advertise - * support. */ - char tlsext_channel_id_enabled; - /* The client's Channel ID private key. */ - EVP_PKEY *tlsext_channel_id_private; - - /* For a client, this contains the list of supported protocols in wire - * format. */ - unsigned char* alpn_client_proto_list; - unsigned alpn_client_proto_list_len; -#else -#define session_ctx ctx -#endif /* OPENSSL_NO_TLSEXT */ - - int renegotiate;/* 1 if we are renegotiating. - * 2 if we are a server and are inside a handshake - * (i.e. not just sending a HelloRequest) */ - -#ifndef OPENSSL_NO_SRP - SRP_CTX srp_ctx; /* ctx for SRP authentication */ -#endif - }; - -#endif - -#ifdef __cplusplus -} -#endif - -#include <openssl/ssl2.h> -#include <openssl/ssl3.h> -#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ -#include <openssl/dtls1.h> /* Datagram TLS */ -#include <openssl/ssl23.h> -#include <openssl/srtp.h> /* Support for the use_srtp extension */ - -#ifdef __cplusplus -extern "C" { -#endif - -/* compatibility */ -#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) -#define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) -#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a)) -#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) -#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) -#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) - -/* The following are the possible values for ssl->state are are - * used to indicate where we are up to in the SSL connection establishment. - * The macros that follow are about the only things you should need to use - * and even then, only when using non-blocking IO. - * It can also be useful to work out where you were when the connection - * failed */ - -#define SSL_ST_CONNECT 0x1000 -#define SSL_ST_ACCEPT 0x2000 -#define SSL_ST_MASK 0x0FFF -#define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT) -#define SSL_ST_BEFORE 0x4000 -#define SSL_ST_OK 0x03 -#define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) - -#define SSL_CB_LOOP 0x01 -#define SSL_CB_EXIT 0x02 -#define SSL_CB_READ 0x04 -#define SSL_CB_WRITE 0x08 -#define SSL_CB_ALERT 0x4000 /* used in callback */ -#define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) -#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) -#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) -#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) -#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) -#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) -#define SSL_CB_HANDSHAKE_START 0x10 -#define SSL_CB_HANDSHAKE_DONE 0x20 - -/* Is the SSL_connection established? */ -#define SSL_get_state(a) SSL_state(a) -#define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) -#define SSL_in_init(a) ((SSL_state(a)&SSL_ST_INIT) && \ - !SSL_cutthrough_complete(a)) -#define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE) -#define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT) -#define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT) -int SSL_cutthrough_complete(const SSL *s); - -/* The following 2 states are kept in ssl->rstate when reads fail, - * you should not need these */ -#define SSL_ST_READ_HEADER 0xF0 -#define SSL_ST_READ_BODY 0xF1 -#define SSL_ST_READ_DONE 0xF2 - -/* Obtain latest Finished message - * -- that we sent (SSL_get_finished) - * -- that we expected from peer (SSL_get_peer_finished). - * Returns length (0 == no Finished so far), copies up to 'count' bytes. */ -size_t SSL_get_finished(const SSL *s, void *buf, size_t count); -size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); - -/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options - * are 'ored' with SSL_VERIFY_PEER if they are desired */ -#define SSL_VERIFY_NONE 0x00 -#define SSL_VERIFY_PEER 0x01 -#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 -#define SSL_VERIFY_CLIENT_ONCE 0x04 - -#define OpenSSL_add_ssl_algorithms() SSL_library_init() -#define SSLeay_add_ssl_algorithms() SSL_library_init() - -/* this is for backward compatibility */ -#if 0 /* NEW_SSLEAY */ -#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c) -#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) -#define SSL_add_session(a,b) SSL_CTX_add_session((a),(b)) -#define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b)) -#define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b)) -#endif -/* More backward compatibility */ -#define SSL_get_cipher(s) \ - SSL_CIPHER_get_name(SSL_get_current_cipher(s)) -#define SSL_get_cipher_bits(s,np) \ - SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) -#define SSL_get_cipher_version(s) \ - SSL_CIPHER_get_version(SSL_get_current_cipher(s)) -#define SSL_get_cipher_name(s) \ - SSL_CIPHER_get_name(SSL_get_current_cipher(s)) -#define SSL_get_time(a) SSL_SESSION_get_time(a) -#define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) -#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) -#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) - -#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) -#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) - -DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) - -#define SSL_AD_REASON_OFFSET 1000 /* offset to get SSL_R_... value from SSL_AD_... */ - -/* These alert types are for SSLv3 and TLSv1 */ -#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY -#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */ -#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */ -#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED -#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW -#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */ -#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */ -#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */ -#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE -#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE -#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED -#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED -#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN -#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */ -#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */ -#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */ -#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */ -#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR -#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */ -#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */ -#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */ -#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ -#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED -#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION -#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION -#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE -#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME -#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE -#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE -#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ -#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */ - -#define SSL_ERROR_NONE 0 -#define SSL_ERROR_SSL 1 -#define SSL_ERROR_WANT_READ 2 -#define SSL_ERROR_WANT_WRITE 3 -#define SSL_ERROR_WANT_X509_LOOKUP 4 -#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */ -#define SSL_ERROR_ZERO_RETURN 6 -#define SSL_ERROR_WANT_CONNECT 7 -#define SSL_ERROR_WANT_ACCEPT 8 -#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9 - -#define SSL_CTRL_NEED_TMP_RSA 1 -#define SSL_CTRL_SET_TMP_RSA 2 -#define SSL_CTRL_SET_TMP_DH 3 -#define SSL_CTRL_SET_TMP_ECDH 4 -#define SSL_CTRL_SET_TMP_RSA_CB 5 -#define SSL_CTRL_SET_TMP_DH_CB 6 -#define SSL_CTRL_SET_TMP_ECDH_CB 7 - -#define SSL_CTRL_GET_SESSION_REUSED 8 -#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 -#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 -#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 -#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 -#define SSL_CTRL_GET_FLAGS 13 -#define SSL_CTRL_EXTRA_CHAIN_CERT 14 - -#define SSL_CTRL_SET_MSG_CALLBACK 15 -#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 - -/* only applies to datagram connections */ -#define SSL_CTRL_SET_MTU 17 -/* Stats */ -#define SSL_CTRL_SESS_NUMBER 20 -#define SSL_CTRL_SESS_CONNECT 21 -#define SSL_CTRL_SESS_CONNECT_GOOD 22 -#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 -#define SSL_CTRL_SESS_ACCEPT 24 -#define SSL_CTRL_SESS_ACCEPT_GOOD 25 -#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 -#define SSL_CTRL_SESS_HIT 27 -#define SSL_CTRL_SESS_CB_HIT 28 -#define SSL_CTRL_SESS_MISSES 29 -#define SSL_CTRL_SESS_TIMEOUTS 30 -#define SSL_CTRL_SESS_CACHE_FULL 31 -#define SSL_CTRL_OPTIONS 32 -#define SSL_CTRL_MODE 33 - -#define SSL_CTRL_GET_READ_AHEAD 40 -#define SSL_CTRL_SET_READ_AHEAD 41 -#define SSL_CTRL_SET_SESS_CACHE_SIZE 42 -#define SSL_CTRL_GET_SESS_CACHE_SIZE 43 -#define SSL_CTRL_SET_SESS_CACHE_MODE 44 -#define SSL_CTRL_GET_SESS_CACHE_MODE 45 - -#define SSL_CTRL_GET_MAX_CERT_LIST 50 -#define SSL_CTRL_SET_MAX_CERT_LIST 51 - -#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 - -/* see tls1.h for macros based on these */ -#ifndef OPENSSL_NO_TLSEXT -#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 -#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 -#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 -#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 -#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 -#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 -#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 -#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 -#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 -#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 -#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 -#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 -#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 -#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 -#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 -#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 -#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 -#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 -#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 - -#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 - -#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 -#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 -#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 - -#define SSL_CTRL_SET_SRP_ARG 78 -#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 -#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 -#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 -#ifndef OPENSSL_NO_HEARTBEATS -#define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85 -#define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86 -#define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87 -#endif -#define SSL_CTRL_CHANNEL_ID 88 -#define SSL_CTRL_GET_CHANNEL_ID 89 -#define SSL_CTRL_SET_CHANNEL_ID 90 -#endif - -#define DTLS_CTRL_GET_TIMEOUT 73 -#define DTLS_CTRL_HANDLE_TIMEOUT 74 -#define DTLS_CTRL_LISTEN 75 - -#define SSL_CTRL_GET_RI_SUPPORT 76 -#define SSL_CTRL_CLEAR_OPTIONS 77 -#define SSL_CTRL_CLEAR_MODE 78 - -#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 -#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 - -#define SSL_CTRL_CHECK_PROTO_VERSION 119 -#define DTLS_CTRL_SET_LINK_MTU 120 -#define DTLS_CTRL_GET_LINK_MIN_MTU 121 - -#define DTLSv1_get_timeout(ssl, arg) \ - SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) -#define DTLSv1_handle_timeout(ssl) \ - SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) -#define DTLSv1_listen(ssl, peer) \ - SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) - -#define SSL_session_reused(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) -#define SSL_num_renegotiations(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) -#define SSL_clear_num_renegotiations(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) -#define SSL_total_renegotiations(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) - -#define SSL_CTX_need_tmp_RSA(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) -#define SSL_CTX_set_tmp_rsa(ctx,rsa) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) -#define SSL_CTX_set_tmp_dh(ctx,dh) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) -#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) - -#define SSL_need_tmp_RSA(ssl) \ - SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) -#define SSL_set_tmp_rsa(ssl,rsa) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) -#define SSL_set_tmp_dh(ssl,dh) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) -#define SSL_set_tmp_ecdh(ssl,ecdh) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) - -/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS client - * IDs from clients, or configure a client to send TLS client IDs to server. - * Returns 1 on success. */ -#define SSL_enable_tls_channel_id(s) \ - SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL) -/* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to - * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on - * success. */ -#define SSL_set1_tls_channel_id(s, private_key) \ - SSL_ctrl(s,SSL_CTRL_SET_CHANNEL_ID,0,(void*)private_key) -#define SSL_CTX_set1_tls_channel_id(ctx, private_key) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHANNEL_ID,0,(void*)private_key) -/* SSL_get_tls_channel_id gets the client's TLS Channel ID from a server SSL* - * and copies up to the first |channel_id_len| bytes into |channel_id|. The - * Channel ID consists of the client's P-256 public key as an (x,y) pair where - * each is a 32-byte, big-endian field element. Returns 0 if the client didn't - * offer a Channel ID and the length of the complete Channel ID otherwise. */ -#define SSL_get_tls_channel_id(ctx, channel_id, channel_id_len) \ - SSL_ctrl(ctx,SSL_CTRL_GET_CHANNEL_ID,channel_id_len,(void*)channel_id) - -#define SSL_CTX_add_extra_chain_cert(ctx,x509) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) -#define SSL_CTX_get_extra_chain_certs(ctx,px509) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) -#define SSL_CTX_clear_extra_chain_certs(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) - -#ifndef OPENSSL_NO_BIO -BIO_METHOD *BIO_f_ssl(void); -BIO *BIO_new_ssl(SSL_CTX *ctx,int client); -BIO *BIO_new_ssl_connect(SSL_CTX *ctx); -BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); -int BIO_ssl_copy_session_id(BIO *to,BIO *from); -void BIO_ssl_shutdown(BIO *ssl_bio); - -#endif - -int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str); -SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); -void SSL_CTX_free(SSL_CTX *); -long SSL_CTX_set_timeout(SSL_CTX *ctx,long t); -long SSL_CTX_get_timeout(const SSL_CTX *ctx); -X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); -void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *); -int SSL_want(const SSL *s); -int SSL_clear(SSL *s); - -void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm); - -const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); -int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits); -char * SSL_CIPHER_get_version(const SSL_CIPHER *c); -const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); -unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); -const char * SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher); - -int SSL_get_fd(const SSL *s); -int SSL_get_rfd(const SSL *s); -int SSL_get_wfd(const SSL *s); -const char * SSL_get_cipher_list(const SSL *s,int n); -char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len); -int SSL_get_read_ahead(const SSL * s); -int SSL_pending(const SSL *s); -const char * SSL_authentication_method(const SSL *c); -#ifndef OPENSSL_NO_SOCK -int SSL_set_fd(SSL *s, int fd); -int SSL_set_rfd(SSL *s, int fd); -int SSL_set_wfd(SSL *s, int fd); -#endif -#ifndef OPENSSL_NO_BIO -void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio); -BIO * SSL_get_rbio(const SSL *s); -BIO * SSL_get_wbio(const SSL *s); -#endif -int SSL_set_cipher_list(SSL *s, const char *str); -int SSL_set_cipher_lists(SSL *s, STACK_OF(SSL_CIPHER) *sk); -void SSL_set_read_ahead(SSL *s, int yes); -int SSL_get_verify_mode(const SSL *s); -int SSL_get_verify_depth(const SSL *s); -int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *); -void SSL_set_verify(SSL *s, int mode, - int (*callback)(int ok,X509_STORE_CTX *ctx)); -void SSL_set_verify_depth(SSL *s, int depth); -#ifndef OPENSSL_NO_RSA -int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); -#endif -int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); -int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); -int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len); -int SSL_use_certificate(SSL *ssl, X509 *x); -int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); -int SSL_use_certificate_chain(SSL *ssl, STACK_OF(X509) *cert_chain); -STACK_OF(X509) * SSL_get_certificate_chain(SSL *ssl, X509 *x); - -#ifndef OPENSSL_NO_STDIO -int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); -int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); -int SSL_use_certificate_file(SSL *ssl, const char *file, int type); -int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); -int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); -int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); -int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */ -STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); -int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, - const char *file); -#ifndef OPENSSL_SYS_VMS -#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ -int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, - const char *dir); -#endif -#endif - -#endif - -void SSL_load_error_strings(void ); -const char *SSL_state_string(const SSL *s); -const char *SSL_rstate_string(const SSL *s); -const char *SSL_state_string_long(const SSL *s); -const char *SSL_rstate_string_long(const SSL *s); -long SSL_SESSION_get_time(const SSL_SESSION *s); -long SSL_SESSION_set_time(SSL_SESSION *s, long t); -long SSL_SESSION_get_timeout(const SSL_SESSION *s); -long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); -void SSL_copy_session_id(SSL *to,const SSL *from); -X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); -int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx, - unsigned int sid_ctx_len); - -SSL_SESSION *SSL_SESSION_new(void); -const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, - unsigned int *len); -const char * SSL_SESSION_get_version(const SSL_SESSION *s); -unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); -#ifndef OPENSSL_NO_FP_API -int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); -#endif -#ifndef OPENSSL_NO_BIO -int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses); -#endif -void SSL_SESSION_free(SSL_SESSION *ses); -int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); -int SSL_set_session(SSL *to, SSL_SESSION *session); -void SSL_set_session_creation_enabled(SSL *, int); -int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); -int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); -int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); -int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); -int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, - unsigned int id_len); -SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp, - long length); - -#ifdef HEADER_X509_H -X509 * SSL_get_peer_certificate(const SSL *s); -#endif - -STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); - -int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); -int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); -int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *); -void SSL_CTX_set_verify(SSL_CTX *ctx,int mode, - int (*callback)(int, X509_STORE_CTX *)); -void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); -void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg); -#ifndef OPENSSL_NO_RSA -int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); -#endif -int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); -int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); -int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx, - const unsigned char *d, long len); -int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); -int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); - -void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); -void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); - -int SSL_CTX_check_private_key(const SSL_CTX *ctx); -int SSL_check_private_key(const SSL *ctx); - -int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, - unsigned int sid_ctx_len); - -SSL * SSL_new(SSL_CTX *ctx); -int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, - unsigned int sid_ctx_len); - -int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); -int SSL_set_purpose(SSL *s, int purpose); -int SSL_CTX_set_trust(SSL_CTX *s, int trust); -int SSL_set_trust(SSL *s, int trust); - -int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); -int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); - -#ifndef OPENSSL_NO_SRP -int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name); -int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password); -int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); -int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, - char *(*cb)(SSL *,void *)); -int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, - int (*cb)(SSL *,void *)); -int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, - int (*cb)(SSL *,int *,void *)); -int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); - -int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, - BIGNUM *sa, BIGNUM *v, char *info); -int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, - const char *grp); - -BIGNUM *SSL_get_srp_g(SSL *s); -BIGNUM *SSL_get_srp_N(SSL *s); - -char *SSL_get_srp_username(SSL *s); -char *SSL_get_srp_userinfo(SSL *s); -#endif - -void SSL_free(SSL *ssl); -int SSL_accept(SSL *ssl); -int SSL_connect(SSL *ssl); -int SSL_read(SSL *ssl,void *buf,int num); -int SSL_peek(SSL *ssl,void *buf,int num); -int SSL_write(SSL *ssl,const void *buf,int num); -long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); -long SSL_callback_ctrl(SSL *, int, void (*)(void)); -long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg); -long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); - -int SSL_get_error(const SSL *s,int ret_code); -const char *SSL_get_version(const SSL *s); - -/* This sets the 'default' SSL version that SSL_new() will create */ -int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); - -#ifndef OPENSSL_NO_SSL2 -const SSL_METHOD *SSLv2_method(void); /* SSLv2 */ -const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ -const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ -#endif - -#ifndef OPENSSL_NO_SSL3_METHOD -const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ -const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ -const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ -#endif - -const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS version */ -const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available SSL/TLS version */ -const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available SSL/TLS version */ - -const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ -const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ -const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ - -const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */ -const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */ -const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */ - -const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */ -const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */ -const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */ - - -const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ -const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ -const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ - -STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); - -int SSL_do_handshake(SSL *s); -int SSL_renegotiate(SSL *s); -int SSL_renegotiate_abbreviated(SSL *s); -int SSL_renegotiate_pending(SSL *s); -int SSL_shutdown(SSL *s); - -const SSL_METHOD *SSL_get_ssl_method(SSL *s); -int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); -const char *SSL_alert_type_string_long(int value); -const char *SSL_alert_type_string(int value); -const char *SSL_alert_desc_string_long(int value); -const char *SSL_alert_desc_string(int value); - -void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); -void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); -STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); -STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); -int SSL_add_client_CA(SSL *ssl,X509 *x); -int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); - -void SSL_set_connect_state(SSL *s); -void SSL_set_accept_state(SSL *s); - -long SSL_get_default_timeout(const SSL *s); - -int SSL_library_init(void ); - -char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size); -STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); - -SSL *SSL_dup(SSL *ssl); - -X509 *SSL_get_certificate(const SSL *ssl); -/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl); - -void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode); -int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); -void SSL_set_quiet_shutdown(SSL *ssl,int mode); -int SSL_get_quiet_shutdown(const SSL *ssl); -void SSL_set_shutdown(SSL *ssl,int mode); -int SSL_get_shutdown(const SSL *ssl); -int SSL_version(const SSL *ssl); -int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); -int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, - const char *CApath); -#define SSL_get0_session SSL_get_session /* just peek at pointer */ -SSL_SESSION *SSL_get_session(const SSL *ssl); -SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ -SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); -SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx); -void SSL_set_info_callback(SSL *ssl, - void (*cb)(const SSL *ssl,int type,int val)); -void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val); -int SSL_state(const SSL *ssl); -void SSL_set_state(SSL *ssl, int state); - -void SSL_set_verify_result(SSL *ssl,long v); -long SSL_get_verify_result(const SSL *ssl); - -int SSL_set_ex_data(SSL *ssl,int idx,void *data); -void *SSL_get_ex_data(const SSL *ssl,int idx); -int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); - -int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data); -void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx); -int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); - -int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data); -void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx); -int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); - -int SSL_get_ex_data_X509_STORE_CTX_idx(void ); - -#define SSL_CTX_sess_set_cache_size(ctx,t) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) -#define SSL_CTX_sess_get_cache_size(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) -#define SSL_CTX_set_session_cache_mode(ctx,m) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) -#define SSL_CTX_get_session_cache_mode(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) - -#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) -#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) -#define SSL_CTX_get_read_ahead(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) -#define SSL_CTX_set_read_ahead(ctx,m) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) -#define SSL_CTX_get_max_cert_list(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) -#define SSL_CTX_set_max_cert_list(ctx,m) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) -#define SSL_get_max_cert_list(ssl) \ - SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) -#define SSL_set_max_cert_list(ssl,m) \ - SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) - -#define SSL_CTX_set_max_send_fragment(ctx,m) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) -#define SSL_set_max_send_fragment(ssl,m) \ - SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) - - /* NB: the keylength is only applicable when is_export is true */ -#ifndef OPENSSL_NO_RSA -void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, - RSA *(*cb)(SSL *ssl,int is_export, - int keylength)); - -void SSL_set_tmp_rsa_callback(SSL *ssl, - RSA *(*cb)(SSL *ssl,int is_export, - int keylength)); -#endif -#ifndef OPENSSL_NO_DH -void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, - DH *(*dh)(SSL *ssl,int is_export, - int keylength)); -void SSL_set_tmp_dh_callback(SSL *ssl, - DH *(*dh)(SSL *ssl,int is_export, - int keylength)); -#endif -#ifndef OPENSSL_NO_ECDH -void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, - EC_KEY *(*ecdh)(SSL *ssl,int is_export, - int keylength)); -void SSL_set_tmp_ecdh_callback(SSL *ssl, - EC_KEY *(*ecdh)(SSL *ssl,int is_export, - int keylength)); -#endif - -#ifndef OPENSSL_NO_COMP -const COMP_METHOD *SSL_get_current_compression(SSL *s); -const COMP_METHOD *SSL_get_current_expansion(SSL *s); -const char *SSL_COMP_get_name(const COMP_METHOD *comp); -STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); -int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); -#else -const void *SSL_get_current_compression(SSL *s); -const void *SSL_get_current_expansion(SSL *s); -const char *SSL_COMP_get_name(const void *comp); -void *SSL_COMP_get_compression_methods(void); -int SSL_COMP_add_compression_method(int id,void *cm); -#endif - -/* TLS extensions functions */ -int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); - -int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, - void *arg); - -/* Pre-shared secret session resumption functions */ -int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg); - -void SSL_set_debug(SSL *s, int debug); -int SSL_cache_hit(SSL *s); - -#ifndef OPENSSL_NO_UNIT_TEST -const struct openssl_ssl_test_functions *SSL_test_functions(void); -#endif - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -void ERR_load_SSL_strings(void); - -/* Error codes for the SSL functions. */ - -/* Function codes. */ -#define SSL_F_CLIENT_CERTIFICATE 100 -#define SSL_F_CLIENT_FINISHED 167 -#define SSL_F_CLIENT_HELLO 101 -#define SSL_F_CLIENT_MASTER_KEY 102 -#define SSL_F_D2I_SSL_SESSION 103 -#define SSL_F_DO_DTLS1_WRITE 245 -#define SSL_F_DO_SSL3_WRITE 104 -#define SSL_F_DTLS1_ACCEPT 246 -#define SSL_F_DTLS1_ADD_CERT_TO_BUF 295 -#define SSL_F_DTLS1_BUFFER_RECORD 247 -#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 316 -#define SSL_F_DTLS1_CLIENT_HELLO 248 -#define SSL_F_DTLS1_CONNECT 249 -#define SSL_F_DTLS1_ENC 250 -#define SSL_F_DTLS1_GET_HELLO_VERIFY 251 -#define SSL_F_DTLS1_GET_MESSAGE 252 -#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 -#define SSL_F_DTLS1_GET_RECORD 254 -#define SSL_F_DTLS1_HANDLE_TIMEOUT 297 -#define SSL_F_DTLS1_HEARTBEAT 305 -#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 -#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 -#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 -#define SSL_F_DTLS1_PROCESS_RECORD 257 -#define SSL_F_DTLS1_READ_BYTES 258 -#define SSL_F_DTLS1_READ_FAILED 259 -#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 -#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 -#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 -#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 -#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 -#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 -#define SSL_F_DTLS1_SEND_SERVER_HELLO 266 -#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 -#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 -#define SSL_F_GET_CLIENT_FINISHED 105 -#define SSL_F_GET_CLIENT_HELLO 106 -#define SSL_F_GET_CLIENT_MASTER_KEY 107 -#define SSL_F_GET_SERVER_FINISHED 108 -#define SSL_F_GET_SERVER_HELLO 109 -#define SSL_F_GET_SERVER_VERIFY 110 -#define SSL_F_I2D_SSL_SESSION 111 -#define SSL_F_READ_N 112 -#define SSL_F_REQUEST_CERTIFICATE 113 -#define SSL_F_SERVER_FINISH 239 -#define SSL_F_SERVER_HELLO 114 -#define SSL_F_SERVER_VERIFY 240 -#define SSL_F_SSL23_ACCEPT 115 -#define SSL_F_SSL23_CLIENT_HELLO 116 -#define SSL_F_SSL23_CONNECT 117 -#define SSL_F_SSL23_GET_CLIENT_HELLO 118 -#define SSL_F_SSL23_GET_SERVER_HELLO 119 -#define SSL_F_SSL23_PEEK 237 -#define SSL_F_SSL23_READ 120 -#define SSL_F_SSL23_WRITE 121 -#define SSL_F_SSL2_ACCEPT 122 -#define SSL_F_SSL2_CONNECT 123 -#define SSL_F_SSL2_ENC_INIT 124 -#define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 -#define SSL_F_SSL2_PEEK 234 -#define SSL_F_SSL2_READ 125 -#define SSL_F_SSL2_READ_INTERNAL 236 -#define SSL_F_SSL2_SET_CERTIFICATE 126 -#define SSL_F_SSL2_WRITE 127 -#define SSL_F_SSL3_ACCEPT 128 -#define SSL_F_SSL3_ADD_CERT_TO_BUF 296 -#define SSL_F_SSL3_CALLBACK_CTRL 233 -#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 -#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 -#define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 -#define SSL_F_SSL3_CLIENT_HELLO 131 -#define SSL_F_SSL3_CONNECT 132 -#define SSL_F_SSL3_CTRL 213 -#define SSL_F_SSL3_CTX_CTRL 133 -#define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 -#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 -#define SSL_F_SSL3_ENC 134 -#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 -#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 -#define SSL_F_SSL3_GET_CERT_STATUS 289 -#define SSL_F_SSL3_GET_CERT_VERIFY 136 -#define SSL_F_SSL3_GET_CHANNEL_ID 317 -#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 -#define SSL_F_SSL3_GET_CLIENT_HELLO 138 -#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 -#define SSL_F_SSL3_GET_FINISHED 140 -#define SSL_F_SSL3_GET_KEY_EXCHANGE 141 -#define SSL_F_SSL3_GET_MESSAGE 142 -#define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 -#define SSL_F_SSL3_GET_NEXT_PROTO 306 -#define SSL_F_SSL3_GET_RECORD 143 -#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 -#define SSL_F_SSL3_GET_SERVER_DONE 145 -#define SSL_F_SSL3_GET_SERVER_HELLO 146 -#define SSL_F_SSL3_HANDSHAKE_MAC 285 -#define SSL_F_SSL3_NEW_SESSION_TICKET 287 -#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 -#define SSL_F_SSL3_PEEK 235 -#define SSL_F_SSL3_READ_BYTES 148 -#define SSL_F_SSL3_READ_N 149 -#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 -#define SSL_F_SSL3_SEND_CHANNEL_ID 318 -#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 -#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 -#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 -#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 -#define SSL_F_SSL3_SEND_SERVER_HELLO 242 -#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 -#define SSL_F_SSL3_SETUP_KEY_BLOCK 157 -#define SSL_F_SSL3_SETUP_READ_BUFFER 156 -#define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 -#define SSL_F_SSL3_WRITE_BYTES 158 -#define SSL_F_SSL3_WRITE_PENDING 159 -#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 -#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 -#define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307 -#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 -#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 -#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299 -#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278 -#define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308 -#define SSL_F_SSL_BAD_METHOD 160 -#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 -#define SSL_F_SSL_CERT_DUP 221 -#define SSL_F_SSL_CERT_INST 222 -#define SSL_F_SSL_CERT_INSTANTIATE 214 -#define SSL_F_SSL_CERT_NEW 162 -#define SSL_F_SSL_CHECK_PRIVATE_KEY 163 -#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 -#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 -#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 -#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 -#define SSL_F_SSL_CLEAR 164 -#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 -#define SSL_F_SSL_CREATE_CIPHER_LIST 166 -#define SSL_F_SSL_CTRL 232 -#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 -#define SSL_F_SSL_CTX_MAKE_PROFILES 309 -#define SSL_F_SSL_CTX_NEW 169 -#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 -#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 -#define SSL_F_SSL_CTX_SET_PURPOSE 226 -#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 -#define SSL_F_SSL_CTX_SET_SSL_VERSION 170 -#define SSL_F_SSL_CTX_SET_TRUST 229 -#define SSL_F_SSL_CTX_USE_CERTIFICATE 171 -#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 -#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 -#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 -#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 -#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 -#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 -#define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 -#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 -#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 -#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 -#define SSL_F_SSL_DO_HANDSHAKE 180 -#define SSL_F_SSL_GET_NEW_SESSION 181 -#define SSL_F_SSL_GET_PREV_SESSION 217 -#define SSL_F_SSL_GET_SERVER_SEND_CERT 182 -#define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 -#define SSL_F_SSL_GET_SIGN_PKEY 183 -#define SSL_F_SSL_INIT_WBIO_BUFFER 184 -#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 -#define SSL_F_SSL_NEW 186 -#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 -#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 -#define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 -#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 -#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 -#define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 -#define SSL_F_SSL_PEEK 270 -#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 -#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 -#define SSL_F_SSL_READ 223 -#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 -#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 -#define SSL_F_SSL_SESSION_NEW 189 -#define SSL_F_SSL_SESSION_PRINT_FP 190 -#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 -#define SSL_F_SSL_SESS_CERT_NEW 225 -#define SSL_F_SSL_SET_CERT 191 -#define SSL_F_SSL_SET_CIPHER_LIST 271 -#define SSL_F_SSL_SET_FD 192 -#define SSL_F_SSL_SET_PKEY 193 -#define SSL_F_SSL_SET_PURPOSE 227 -#define SSL_F_SSL_SET_RFD 194 -#define SSL_F_SSL_SET_SESSION 195 -#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 -#define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 -#define SSL_F_SSL_SET_TRUST 228 -#define SSL_F_SSL_SET_WFD 196 -#define SSL_F_SSL_SHUTDOWN 224 -#define SSL_F_SSL_SRP_CTX_INIT 313 -#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 -#define SSL_F_SSL_UNDEFINED_FUNCTION 197 -#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 -#define SSL_F_SSL_USE_CERTIFICATE 198 -#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 -#define SSL_F_SSL_USE_CERTIFICATE_CHAIN 2000 -#define SSL_F_SSL_USE_CERTIFICATE_FILE 200 -#define SSL_F_SSL_USE_PRIVATEKEY 201 -#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 -#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 -#define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273 -#define SSL_F_SSL_USE_RSAPRIVATEKEY 204 -#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 -#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 -#define SSL_F_SSL_VERIFY_CERT_CHAIN 207 -#define SSL_F_SSL_WRITE 208 -#define SSL_F_TLS1_CERT_VERIFY_MAC 286 -#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 -#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274 -#define SSL_F_TLS1_ENC 210 -#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 -#define SSL_F_TLS1_HEARTBEAT 315 -#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275 -#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276 -#define SSL_F_TLS1_PRF 284 -#define SSL_F_TLS1_SETUP_KEY_BLOCK 211 -#define SSL_F_WRITE_PENDING 212 - -/* Reason codes. */ -#define SSL_R_APP_DATA_IN_HANDSHAKE 100 -#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 -#define SSL_R_BAD_ALERT_RECORD 101 -#define SSL_R_BAD_AUTHENTICATION_TYPE 102 -#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 -#define SSL_R_BAD_CHECKSUM 104 -#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 -#define SSL_R_BAD_DECOMPRESSION 107 -#define SSL_R_BAD_DH_G_LENGTH 108 -#define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 -#define SSL_R_BAD_DH_P_LENGTH 110 -#define SSL_R_BAD_DIGEST_LENGTH 111 -#define SSL_R_BAD_DSA_SIGNATURE 112 -#define SSL_R_BAD_ECC_CERT 304 -#define SSL_R_BAD_ECDSA_SIGNATURE 305 -#define SSL_R_BAD_ECPOINT 306 -#define SSL_R_BAD_HANDSHAKE_LENGTH 332 -#define SSL_R_BAD_HELLO_REQUEST 105 -#define SSL_R_BAD_LENGTH 271 -#define SSL_R_BAD_MAC_DECODE 113 -#define SSL_R_BAD_MAC_LENGTH 333 -#define SSL_R_BAD_MESSAGE_TYPE 114 -#define SSL_R_BAD_PACKET_LENGTH 115 -#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 -#define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316 -#define SSL_R_BAD_RESPONSE_ARGUMENT 117 -#define SSL_R_BAD_RSA_DECRYPT 118 -#define SSL_R_BAD_RSA_ENCRYPT 119 -#define SSL_R_BAD_RSA_E_LENGTH 120 -#define SSL_R_BAD_RSA_MODULUS_LENGTH 121 -#define SSL_R_BAD_RSA_SIGNATURE 122 -#define SSL_R_BAD_SIGNATURE 123 -#define SSL_R_BAD_SRP_A_LENGTH 347 -#define SSL_R_BAD_SRP_B_LENGTH 348 -#define SSL_R_BAD_SRP_G_LENGTH 349 -#define SSL_R_BAD_SRP_N_LENGTH 350 -#define SSL_R_BAD_SRP_PARAMETERS 371 -#define SSL_R_BAD_SRP_S_LENGTH 351 -#define SSL_R_BAD_SRTP_MKI_VALUE 352 -#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 -#define SSL_R_BAD_SSL_FILETYPE 124 -#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 -#define SSL_R_BAD_STATE 126 -#define SSL_R_BAD_WRITE_RETRY 127 -#define SSL_R_BIO_NOT_SET 128 -#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 -#define SSL_R_BN_LIB 130 -#define SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY 376 -#define SSL_R_CA_DN_LENGTH_MISMATCH 131 -#define SSL_R_CA_DN_TOO_LONG 132 -#define SSL_R_CCS_RECEIVED_EARLY 133 -#define SSL_R_CERTIFICATE_VERIFY_FAILED 134 -#define SSL_R_CERT_LENGTH_MISMATCH 135 -#define SSL_R_CHALLENGE_IS_DIFFERENT 136 -#define SSL_R_CHANNEL_ID_NOT_P256 375 -#define SSL_R_CHANNEL_ID_SIGNATURE_INVALID 371 -#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 -#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 -#define SSL_R_CIPHER_TABLE_SRC_ERROR 139 -#define SSL_R_CLIENTHELLO_TLSEXT 226 -#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 -#define SSL_R_COMPRESSION_DISABLED 343 -#define SSL_R_COMPRESSION_FAILURE 141 -#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 -#define SSL_R_COMPRESSION_LIBRARY_ERROR 142 -#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 -#define SSL_R_CONNECTION_TYPE_NOT_SET 144 -#define SSL_R_COOKIE_MISMATCH 308 -#define SSL_R_D2I_ECDSA_SIG 379 -#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 -#define SSL_R_DATA_LENGTH_TOO_LONG 146 -#define SSL_R_DECRYPTION_FAILED 147 -#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 -#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 -#define SSL_R_DIGEST_CHECK_FAILED 149 -#define SSL_R_DTLS_MESSAGE_TOO_BIG 334 -#define SSL_R_DUPLICATE_COMPRESSION_ID 309 -#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317 -#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 -#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322 -#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323 -#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 -#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 -#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 -#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 -#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 -#define SSL_R_EVP_DIGESTSIGNFINAL_FAILED 377 -#define SSL_R_EVP_DIGESTSIGNINIT_FAILED 378 -#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 -#define SSL_R_EXTRA_DATA_IN_MESSAGE 153 -#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 -#define SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS 372 -#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355 -#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356 -#define SSL_R_HTTPS_PROXY_REQUEST 155 -#define SSL_R_HTTP_REQUEST 156 -#define SSL_R_ILLEGAL_PADDING 283 -#define SSL_R_INAPPROPRIATE_FALLBACK 373 -#define SSL_R_INCONSISTENT_COMPRESSION 340 -#define SSL_R_INVALID_CHALLENGE_LENGTH 158 -#define SSL_R_INVALID_COMMAND 280 -#define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 -#define SSL_R_INVALID_MESSAGE 374 -#define SSL_R_INVALID_PURPOSE 278 -#define SSL_R_INVALID_SRP_USERNAME 357 -#define SSL_R_INVALID_STATUS_RESPONSE 328 -#define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 -#define SSL_R_INVALID_TRUST 279 -#define SSL_R_KEY_ARG_TOO_LONG 284 -#define SSL_R_KRB5 285 -#define SSL_R_KRB5_C_CC_PRINC 286 -#define SSL_R_KRB5_C_GET_CRED 287 -#define SSL_R_KRB5_C_INIT 288 -#define SSL_R_KRB5_C_MK_REQ 289 -#define SSL_R_KRB5_S_BAD_TICKET 290 -#define SSL_R_KRB5_S_INIT 291 -#define SSL_R_KRB5_S_RD_REQ 292 -#define SSL_R_KRB5_S_TKT_EXPIRED 293 -#define SSL_R_KRB5_S_TKT_NYV 294 -#define SSL_R_KRB5_S_TKT_SKEW 295 -#define SSL_R_LENGTH_MISMATCH 159 -#define SSL_R_LENGTH_TOO_SHORT 160 -#define SSL_R_LIBRARY_BUG 274 -#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 -#define SSL_R_MESSAGE_TOO_LONG 296 -#define SSL_R_MISSING_DH_DSA_CERT 162 -#define SSL_R_MISSING_DH_KEY 163 -#define SSL_R_MISSING_DH_RSA_CERT 164 -#define SSL_R_MISSING_DSA_SIGNING_CERT 165 -#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 -#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 -#define SSL_R_MISSING_RSA_CERTIFICATE 168 -#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 -#define SSL_R_MISSING_RSA_SIGNING_CERT 170 -#define SSL_R_MISSING_SRP_PARAM 358 -#define SSL_R_MISSING_TMP_DH_KEY 171 -#define SSL_R_MISSING_TMP_ECDH_KEY 311 -#define SSL_R_MISSING_TMP_RSA_KEY 172 -#define SSL_R_MISSING_TMP_RSA_PKEY 173 -#define SSL_R_MISSING_VERIFY_MESSAGE 174 -#define SSL_R_MULTIPLE_SGC_RESTARTS 346 -#define SSL_R_NON_SSLV2_INITIAL_PACKET 175 -#define SSL_R_NO_CERTIFICATES_RETURNED 176 -#define SSL_R_NO_CERTIFICATE_ASSIGNED 177 -#define SSL_R_NO_CERTIFICATE_RETURNED 178 -#define SSL_R_NO_CERTIFICATE_SET 179 -#define SSL_R_NO_CERTIFICATE_SPECIFIED 180 -#define SSL_R_NO_CIPHERS_AVAILABLE 181 -#define SSL_R_NO_CIPHERS_PASSED 182 -#define SSL_R_NO_CIPHERS_SPECIFIED 183 -#define SSL_R_NO_CIPHER_LIST 184 -#define SSL_R_NO_CIPHER_MATCH 185 -#define SSL_R_NO_CLIENT_CERT_METHOD 331 -#define SSL_R_NO_CLIENT_CERT_RECEIVED 186 -#define SSL_R_NO_COMPRESSION_SPECIFIED 187 -#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 -#define SSL_R_NO_METHOD_SPECIFIED 188 -#define SSL_R_NO_P256_SUPPORT 380 -#define SSL_R_NO_PRIVATEKEY 189 -#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 -#define SSL_R_NO_PROTOCOLS_AVAILABLE 191 -#define SSL_R_NO_PUBLICKEY 192 -#define SSL_R_NO_RENEGOTIATION 339 -#define SSL_R_NO_REQUIRED_DIGEST 324 -#define SSL_R_NO_SHARED_CIPHER 193 -#define SSL_R_NO_SRTP_PROFILES 359 -#define SSL_R_NO_VERIFY_CALLBACK 194 -#define SSL_R_NULL_SSL_CTX 195 -#define SSL_R_NULL_SSL_METHOD_PASSED 196 -#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 -#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 -#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 -#define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327 -#define SSL_R_PACKET_LENGTH_TOO_LONG 198 -#define SSL_R_PARSE_TLSEXT 227 -#define SSL_R_PATH_TOO_LONG 270 -#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 -#define SSL_R_PEER_ERROR 200 -#define SSL_R_PEER_ERROR_CERTIFICATE 201 -#define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 -#define SSL_R_PEER_ERROR_NO_CIPHER 203 -#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 -#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 -#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 -#define SSL_R_PROTOCOL_IS_SHUTDOWN 207 -#define SSL_R_PSK_IDENTITY_NOT_FOUND 223 -#define SSL_R_PSK_NO_CLIENT_CB 224 -#define SSL_R_PSK_NO_SERVER_CB 225 -#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 -#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 -#define SSL_R_PUBLIC_KEY_NOT_RSA 210 -#define SSL_R_READ_BIO_NOT_SET 211 -#define SSL_R_READ_TIMEOUT_EXPIRED 312 -#define SSL_R_READ_WRONG_PACKET_TYPE 212 -#define SSL_R_RECORD_LENGTH_MISMATCH 213 -#define SSL_R_RECORD_TOO_LARGE 214 -#define SSL_R_RECORD_TOO_SMALL 298 -#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 -#define SSL_R_RENEGOTIATION_ENCODING_ERR 336 -#define SSL_R_RENEGOTIATION_MISMATCH 337 -#define SSL_R_REQUIRED_CIPHER_MISSING 215 -#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342 -#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 -#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 -#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 -#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 -#define SSL_R_SERVERHELLO_TLSEXT 275 -#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 -#define SSL_R_SESSION_MAY_NOT_BE_CREATED 2000 -#define SSL_R_SHORT_READ 219 -#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 -#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 -#define SSL_R_SRP_A_CALC 361 -#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 -#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 -#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 -#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 -#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 -#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321 -#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 -#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 -#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 -#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 -#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 -#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 -#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 -#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 -#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 -#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 -#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 -#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 -#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 -#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 -#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 -#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 -#define SSL_R_SSL_HANDSHAKE_FAILURE 229 -#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 -#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 -#define SSL_R_SSL_SESSION_ID_CONFLICT 302 -#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 -#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 -#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 -#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 -#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 -#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 -#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 -#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 -#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 -#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 -#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 -#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 -#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 -#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 -#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 -#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 -#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 -#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 -#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 -#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 -#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 -#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 -#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365 -#define SSL_R_TLS_HEARTBEAT_PENDING 366 -#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 -#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 -#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 -#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 -#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 -#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 -#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 -#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 -#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 -#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 -#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 -#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 -#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 -#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 -#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 -#define SSL_R_UNEXPECTED_MESSAGE 244 -#define SSL_R_UNEXPECTED_RECORD 245 -#define SSL_R_UNINITIALIZED 276 -#define SSL_R_UNKNOWN_ALERT_TYPE 246 -#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 -#define SSL_R_UNKNOWN_CIPHER_RETURNED 248 -#define SSL_R_UNKNOWN_CIPHER_TYPE 249 -#define SSL_R_UNKNOWN_DIGEST 368 -#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 -#define SSL_R_UNKNOWN_PKEY_TYPE 251 -#define SSL_R_UNKNOWN_PROTOCOL 252 -#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 -#define SSL_R_UNKNOWN_SSL_VERSION 254 -#define SSL_R_UNKNOWN_STATE 255 -#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 -#define SSL_R_UNSUPPORTED_CIPHER 256 -#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 -#define SSL_R_UNSUPPORTED_DIGEST_TYPE 326 -#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 -#define SSL_R_UNSUPPORTED_PROTOCOL 258 -#define SSL_R_UNSUPPORTED_SSL_VERSION 259 -#define SSL_R_UNSUPPORTED_STATUS_TYPE 329 -#define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 -#define SSL_R_WRITE_BIO_NOT_SET 260 -#define SSL_R_WRONG_CIPHER_RETURNED 261 -#define SSL_R_WRONG_MESSAGE_TYPE 262 -#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 -#define SSL_R_WRONG_SIGNATURE_LENGTH 264 -#define SSL_R_WRONG_SIGNATURE_SIZE 265 -#define SSL_R_WRONG_SIGNATURE_TYPE 370 -#define SSL_R_WRONG_SSL_VERSION 266 -#define SSL_R_WRONG_VERSION_NUMBER 267 -#define SSL_R_X509_LIB 268 -#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/main/openssl/ssl/ssl2.h b/main/openssl/ssl/ssl2.h deleted file mode 100644 index eb25dcb0..00000000 --- a/main/openssl/ssl/ssl2.h +++ /dev/null @@ -1,272 +0,0 @@ -/* ssl/ssl2.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_SSL2_H -#define HEADER_SSL2_H - -#ifdef __cplusplus -extern "C" { -#endif - -/* Protocol Version Codes */ -#define SSL2_VERSION 0x0002 -#define SSL2_VERSION_MAJOR 0x00 -#define SSL2_VERSION_MINOR 0x02 -/* #define SSL2_CLIENT_VERSION 0x0002 */ -/* #define SSL2_SERVER_VERSION 0x0002 */ - -/* Protocol Message Codes */ -#define SSL2_MT_ERROR 0 -#define SSL2_MT_CLIENT_HELLO 1 -#define SSL2_MT_CLIENT_MASTER_KEY 2 -#define SSL2_MT_CLIENT_FINISHED 3 -#define SSL2_MT_SERVER_HELLO 4 -#define SSL2_MT_SERVER_VERIFY 5 -#define SSL2_MT_SERVER_FINISHED 6 -#define SSL2_MT_REQUEST_CERTIFICATE 7 -#define SSL2_MT_CLIENT_CERTIFICATE 8 - -/* Error Message Codes */ -#define SSL2_PE_UNDEFINED_ERROR 0x0000 -#define SSL2_PE_NO_CIPHER 0x0001 -#define SSL2_PE_NO_CERTIFICATE 0x0002 -#define SSL2_PE_BAD_CERTIFICATE 0x0004 -#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 - -/* Cipher Kind Values */ -#define SSL2_CK_NULL_WITH_MD5 0x02000000 /* v3 */ -#define SSL2_CK_RC4_128_WITH_MD5 0x02010080 -#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080 -#define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080 -#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080 -#define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080 -#define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040 -#define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140 /* v3 */ -#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0 -#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0 /* v3 */ -#define SSL2_CK_RC4_64_WITH_MD5 0x02080080 /* MS hack */ - -#define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800 /* SSLeay */ -#define SSL2_CK_NULL 0x02ff0810 /* SSLeay */ - -#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1" -#define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5" -#define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5" -#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5" -#define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5" -#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5" -#define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5" -#define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5" -#define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA" -#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5" -#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA" -#define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5" - -#define SSL2_TXT_NULL "NULL" - -/* Flags for the SSL_CIPHER.algorithm2 field */ -#define SSL2_CF_5_BYTE_ENC 0x01 -#define SSL2_CF_8_BYTE_ENC 0x02 - -/* Certificate Type Codes */ -#define SSL2_CT_X509_CERTIFICATE 0x01 - -/* Authentication Type Code */ -#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01 - -#define SSL2_MAX_SSL_SESSION_ID_LENGTH 32 - -/* Upper/Lower Bounds */ -#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256 -#ifdef OPENSSL_SYS_MPE -#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u -#else -#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u /* 2^15-1 */ -#endif -#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /* 2^14-1 */ - -#define SSL2_CHALLENGE_LENGTH 16 -/*#define SSL2_CHALLENGE_LENGTH 32 */ -#define SSL2_MIN_CHALLENGE_LENGTH 16 -#define SSL2_MAX_CHALLENGE_LENGTH 32 -#define SSL2_CONNECTION_ID_LENGTH 16 -#define SSL2_MAX_CONNECTION_ID_LENGTH 16 -#define SSL2_SSL_SESSION_ID_LENGTH 16 -#define SSL2_MAX_CERT_CHALLENGE_LENGTH 32 -#define SSL2_MIN_CERT_CHALLENGE_LENGTH 16 -#define SSL2_MAX_KEY_MATERIAL_LENGTH 24 - -#ifndef HEADER_SSL_LOCL_H -#define CERT char -#endif - -#ifndef OPENSSL_NO_SSL_INTERN - -typedef struct ssl2_state_st - { - int three_byte_header; - int clear_text; /* clear text */ - int escape; /* not used in SSLv2 */ - int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */ - - /* non-blocking io info, used to make sure the same - * args were passwd */ - unsigned int wnum; /* number of bytes sent so far */ - int wpend_tot; - const unsigned char *wpend_buf; - - int wpend_off; /* offset to data to write */ - int wpend_len; /* number of bytes passwd to write */ - int wpend_ret; /* number of bytes to return to caller */ - - /* buffer raw data */ - int rbuf_left; - int rbuf_offs; - unsigned char *rbuf; - unsigned char *wbuf; - - unsigned char *write_ptr;/* used to point to the start due to - * 2/3 byte header. */ - - unsigned int padding; - unsigned int rlength; /* passed to ssl2_enc */ - int ract_data_length; /* Set when things are encrypted. */ - unsigned int wlength; /* passed to ssl2_enc */ - int wact_data_length; /* Set when things are decrypted. */ - unsigned char *ract_data; - unsigned char *wact_data; - unsigned char *mac_data; - - unsigned char *read_key; - unsigned char *write_key; - - /* Stuff specifically to do with this SSL session */ - unsigned int challenge_length; - unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH]; - unsigned int conn_id_length; - unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH]; - unsigned int key_material_length; - unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2]; - - unsigned long read_sequence; - unsigned long write_sequence; - - struct { - unsigned int conn_id_length; - unsigned int cert_type; - unsigned int cert_length; - unsigned int csl; - unsigned int clear; - unsigned int enc; - unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH]; - unsigned int cipher_spec_length; - unsigned int session_id_length; - unsigned int clen; - unsigned int rlen; - } tmp; - } SSL2_STATE; - -#endif - -/* SSLv2 */ -/* client */ -#define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT) -#define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT) -#define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT) -#define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT) -#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT) -#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT) -#define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT) -#define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT) -#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT) -#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT) -#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT) -#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT) -#define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT) -#define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT) -#define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT) -#define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT) -#define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT) -#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT) -/* server */ -#define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT) -#define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT) -#define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT) -#define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT) -#define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT) -#define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT) -#define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT) -#define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT) -#define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT) -#define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT) -#define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT) -#define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT) -#define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT) -#define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT) -#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT) -#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT) -#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT) -#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT) -#define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT) -#define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT) - -#ifdef __cplusplus -} -#endif -#endif - diff --git a/main/openssl/ssl/ssl23.h b/main/openssl/ssl/ssl23.h deleted file mode 100644 index d3228983..00000000 --- a/main/openssl/ssl/ssl23.h +++ /dev/null @@ -1,83 +0,0 @@ -/* ssl/ssl23.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_SSL23_H -#define HEADER_SSL23_H - -#ifdef __cplusplus -extern "C" { -#endif - -/*client */ -/* write to server */ -#define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT) -#define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT) -/* read from server */ -#define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT) -#define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT) - -/* server */ -/* read from client */ -#define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT) -#define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT) - -#ifdef __cplusplus -} -#endif -#endif - diff --git a/main/openssl/ssl/ssl3.h b/main/openssl/ssl/ssl3.h deleted file mode 100644 index 6dc08179..00000000 --- a/main/openssl/ssl/ssl3.h +++ /dev/null @@ -1,748 +0,0 @@ -/* ssl/ssl3.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - -#ifndef HEADER_SSL3_H -#define HEADER_SSL3_H - -#ifndef OPENSSL_NO_COMP -#include <openssl/comp.h> -#endif -#include <openssl/buffer.h> -#include <openssl/evp.h> -#include <openssl/ssl.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/* Signalling cipher suite value from RFC 5746 - * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */ -#define SSL3_CK_SCSV 0x030000FF - -/* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 - * (TLS_FALLBACK_SCSV) */ -#define SSL3_CK_FALLBACK_SCSV 0x03005600 - -#define SSL3_CK_RSA_NULL_MD5 0x03000001 -#define SSL3_CK_RSA_NULL_SHA 0x03000002 -#define SSL3_CK_RSA_RC4_40_MD5 0x03000003 -#define SSL3_CK_RSA_RC4_128_MD5 0x03000004 -#define SSL3_CK_RSA_RC4_128_SHA 0x03000005 -#define SSL3_CK_RSA_RC2_40_MD5 0x03000006 -#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 -#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 -#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 -#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A - -#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B -#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C -#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D -#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E -#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F -#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 - -#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 -#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 -#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 -#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 -#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 -#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 - -#define SSL3_CK_ADH_RC4_40_MD5 0x03000017 -#define SSL3_CK_ADH_RC4_128_MD5 0x03000018 -#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 -#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A -#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B - -#if 0 - #define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C - #define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D - #if 0 /* Because it clashes with KRB5, is never used any more, and is safe - to remove according to David Hopwood <david.hopwood@zetnet.co.uk> - of the ietf-tls list */ - #define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E - #endif -#endif - -/* VRS Additional Kerberos5 entries - */ -#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E -#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F -#define SSL3_CK_KRB5_RC4_128_SHA 0x03000020 -#define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021 -#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022 -#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023 -#define SSL3_CK_KRB5_RC4_128_MD5 0x03000024 -#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025 - -#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026 -#define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027 -#define SSL3_CK_KRB5_RC4_40_SHA 0x03000028 -#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029 -#define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A -#define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B - -#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" -#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" -#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" -#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" -#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" -#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" -#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" -#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" -#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" -#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" - -#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" -#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" -#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" -#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" -#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" -#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" - -#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" -#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" -#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" -#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" -#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" -#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" - -#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" -#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" -#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" -#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" -#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" - -#if 0 - #define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" - #define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" - #define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" -#endif - -#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" -#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" -#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" -#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" -#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" -#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" -#define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" -#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" - -#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" -#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" -#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA" -#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" -#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5" -#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5" - -#define SSL3_SSL_SESSION_ID_LENGTH 32 -#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 - -#define SSL3_MASTER_SECRET_SIZE 48 -#define SSL3_RANDOM_SIZE 32 -#define SSL3_SESSION_ID_SIZE 32 -#define SSL3_RT_HEADER_LENGTH 5 - -#ifndef SSL3_ALIGN_PAYLOAD - /* Some will argue that this increases memory footprint, but it's - * not actually true. Point is that malloc has to return at least - * 64-bit aligned pointers, meaning that allocating 5 bytes wastes - * 3 bytes in either case. Suggested pre-gaping simply moves these - * wasted bytes from the end of allocated region to its front, - * but makes data payload aligned, which improves performance:-) */ -# define SSL3_ALIGN_PAYLOAD 8 -#else -# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0 -# error "insane SSL3_ALIGN_PAYLOAD" -# undef SSL3_ALIGN_PAYLOAD -# endif -#endif - -/* This is the maximum MAC (digest) size used by the SSL library. - * Currently maximum of 20 is used by SHA1, but we reserve for - * future extension for 512-bit hashes. - */ - -#define SSL3_RT_MAX_MD_SIZE 64 - -/* Maximum block size used in all ciphersuites. Currently 16 for AES. - */ - -#define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16 - -#define SSL3_RT_MAX_EXTRA (16384) - -/* Maximum plaintext length: defined by SSL/TLS standards */ -#define SSL3_RT_MAX_PLAIN_LENGTH 16384 -/* Maximum compression overhead: defined by SSL/TLS standards */ -#define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024 - -/* The standards give a maximum encryption overhead of 1024 bytes. - * In practice the value is lower than this. The overhead is the maximum - * number of padding bytes (256) plus the mac size. - */ -#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) - -/* OpenSSL currently only uses a padding length of at most one block so - * the send overhead is smaller. - */ - -#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ - (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) - -/* If compression isn't used don't include the compression overhead */ - -#ifdef OPENSSL_NO_COMP -#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH -#else -#define SSL3_RT_MAX_COMPRESSED_LENGTH \ - (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) -#endif -#define SSL3_RT_MAX_ENCRYPTED_LENGTH \ - (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) -#define SSL3_RT_MAX_PACKET_SIZE \ - (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) - -#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" -#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" - -#define SSL3_VERSION 0x0300 -#define SSL3_VERSION_MAJOR 0x03 -#define SSL3_VERSION_MINOR 0x00 - -#define SSL3_RT_CHANGE_CIPHER_SPEC 20 -#define SSL3_RT_ALERT 21 -#define SSL3_RT_HANDSHAKE 22 -#define SSL3_RT_APPLICATION_DATA 23 -#define TLS1_RT_HEARTBEAT 24 - -#define SSL3_AL_WARNING 1 -#define SSL3_AL_FATAL 2 - -#define SSL3_AD_CLOSE_NOTIFY 0 -#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */ -#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */ -#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */ -#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */ -#define SSL3_AD_NO_CERTIFICATE 41 -#define SSL3_AD_BAD_CERTIFICATE 42 -#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 -#define SSL3_AD_CERTIFICATE_REVOKED 44 -#define SSL3_AD_CERTIFICATE_EXPIRED 45 -#define SSL3_AD_CERTIFICATE_UNKNOWN 46 -#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */ - -#define TLS1_HB_REQUEST 1 -#define TLS1_HB_RESPONSE 2 - -#ifndef OPENSSL_NO_SSL_INTERN - -typedef struct ssl3_record_st - { -/*r */ int type; /* type of record */ -/*rw*/ unsigned int length; /* How many bytes available */ -/*r */ unsigned int off; /* read/write offset into 'buf' */ -/*rw*/ unsigned char *data; /* pointer to the record data */ -/*rw*/ unsigned char *input; /* where the decode bytes are */ -/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */ -/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ -/*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */ - } SSL3_RECORD; - -typedef struct ssl3_buffer_st - { - unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes, - * see ssl3_setup_buffers() */ - size_t len; /* buffer size */ - int offset; /* where to 'copy from' */ - int left; /* how many bytes left */ - } SSL3_BUFFER; - -#endif - -#define SSL3_CT_RSA_SIGN 1 -#define SSL3_CT_DSS_SIGN 2 -#define SSL3_CT_RSA_FIXED_DH 3 -#define SSL3_CT_DSS_FIXED_DH 4 -#define SSL3_CT_RSA_EPHEMERAL_DH 5 -#define SSL3_CT_DSS_EPHEMERAL_DH 6 -#define SSL3_CT_FORTEZZA_DMS 20 -/* SSL3_CT_NUMBER is used to size arrays and it must be large - * enough to contain all of the cert types defined either for - * SSLv3 and TLSv1. - */ -#define SSL3_CT_NUMBER 9 - - -#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 -#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 -#define SSL3_FLAGS_POP_BUFFER 0x0004 -#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 -#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 -#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 -/* - * Set when the handshake is ready to process peer's ChangeCipherSpec message. - * Cleared after the message has been processed. - */ -#define SSL3_FLAGS_CCS_OK 0x0080 - -/* SSL3_FLAGS_SGC_RESTART_DONE is set when we - * restart a handshake because of MS SGC and so prevents us - * from restarting the handshake in a loop. It's reset on a - * renegotiation, so effectively limits the client to one restart - * per negotiation. This limits the possibility of a DDoS - * attack where the client handshakes in a loop using SGC to - * restart. Servers which permit renegotiation can still be - * effected, but we can't prevent that. - */ -#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 - -#ifndef OPENSSL_NO_SSL_INTERN - -typedef struct ssl3_state_st - { - long flags; - int delay_buf_pop_ret; - - unsigned char read_sequence[8]; - int read_mac_secret_size; - unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; - unsigned char write_sequence[8]; - int write_mac_secret_size; - unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; - - unsigned char server_random[SSL3_RANDOM_SIZE]; - unsigned char client_random[SSL3_RANDOM_SIZE]; - - /* flags for countermeasure against known-IV weakness */ - int need_record_splitting; - int record_split_done; - - /* The value of 'extra' when the buffers were initialized */ - int init_extra; - - SSL3_BUFFER rbuf; /* read IO goes into here */ - SSL3_BUFFER wbuf; /* write IO goes into here */ - - SSL3_RECORD rrec; /* each decoded record goes in here */ - SSL3_RECORD wrec; /* goes out from here */ - - /* storage for Alert/Handshake protocol data received but not - * yet processed by ssl3_read_bytes: */ - unsigned char alert_fragment[2]; - unsigned int alert_fragment_len; - unsigned char handshake_fragment[4]; - unsigned int handshake_fragment_len; - - /* partial write - check the numbers match */ - unsigned int wnum; /* number of bytes sent so far */ - int wpend_tot; /* number bytes written */ - int wpend_type; - int wpend_ret; /* number of bytes submitted */ - const unsigned char *wpend_buf; - - /* used during startup, digest all incoming/outgoing packets */ - BIO *handshake_buffer; - /* When set of handshake digests is determined, buffer is hashed - * and freed and MD_CTX-es for all required digests are stored in - * this array */ - EVP_MD_CTX **handshake_dgst; - /* - * Set whenever an expected ChangeCipherSpec message is processed. - * Unset when the peer's Finished message is received. - * Unexpected ChangeCipherSpec messages trigger a fatal alert. - */ - int change_cipher_spec; - - int warn_alert; - int fatal_alert; - /* we allow one fatal and one warning alert to be outstanding, - * send close alert via the warning alert */ - int alert_dispatch; - unsigned char send_alert[2]; - - /* This flag is set when we should renegotiate ASAP, basically when - * there is no more data in the read or write buffers */ - int renegotiate; - int total_renegotiations; - int num_renegotiations; - - int in_read_app_data; - - /* Opaque PRF input as used for the current handshake. - * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined - * (otherwise, they are merely present to improve binary compatibility) */ - void *client_opaque_prf_input; - size_t client_opaque_prf_input_len; - void *server_opaque_prf_input; - size_t server_opaque_prf_input_len; - - struct { - /* actually only needs to be 16+20 */ - unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; - - /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ - unsigned char finish_md[EVP_MAX_MD_SIZE*2]; - int finish_md_len; - unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2]; - int peer_finish_md_len; - - unsigned long message_size; - int message_type; - - /* used to hold the new cipher we are going to use */ - const SSL_CIPHER *new_cipher; -#ifndef OPENSSL_NO_DH - DH *dh; -#endif - -#ifndef OPENSSL_NO_ECDH - EC_KEY *ecdh; /* holds short lived ECDH key */ -#endif - - /* used when SSL_ST_FLUSH_DATA is entered */ - int next_state; - - int reuse_message; - - /* used for certificate requests */ - int cert_req; - int ctype_num; - char ctype[SSL3_CT_NUMBER]; - STACK_OF(X509_NAME) *ca_names; - - int use_rsa_tmp; - - int key_block_length; - unsigned char *key_block; - - const EVP_CIPHER *new_sym_enc; - const EVP_MD *new_hash; - int new_mac_pkey_type; - int new_mac_secret_size; -#ifndef OPENSSL_NO_COMP - const SSL_COMP *new_compression; -#else - char *new_compression; -#endif - int cert_request; - } tmp; - - /* Connection binding to prevent renegotiation attacks */ - unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; - unsigned char previous_client_finished_len; - unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; - unsigned char previous_server_finished_len; - int send_connection_binding; /* TODOEKR */ - -#ifndef OPENSSL_NO_NEXTPROTONEG - /* Set if we saw the Next Protocol Negotiation extension from our peer. */ - int next_proto_neg_seen; -#endif - -#ifndef OPENSSL_NO_TLSEXT -#ifndef OPENSSL_NO_EC - /* This is set to true if we believe that this is a version of Safari - * running on OS X 10.6 or newer. We wish to know this because Safari - * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */ - char is_probably_safari; -#endif /* !OPENSSL_NO_EC */ -#endif /* !OPENSSL_NO_TLSEXT */ - - /* In a client, this means that the server supported Channel ID and that - * a Channel ID was sent. In a server it means that we echoed support - * for Channel IDs and that tlsext_channel_id will be valid after the - * handshake. */ - char tlsext_channel_id_valid; - /* tlsext_channel_id_new means that the updated Channel ID extension - * was negotiated. This is a temporary hack in the code to support both - * forms of Channel ID extension while we transition to the new format, - * which fixed a security issue. */ - char tlsext_channel_id_new; - /* For a server: - * If |tlsext_channel_id_valid| is true, then this contains the - * verified Channel ID from the client: a P256 point, (x,y), where - * each are big-endian values. */ - unsigned char tlsext_channel_id[64]; - - /* ALPN information - * (we are in the process of transitioning from NPN to ALPN.) */ - - /* In a server these point to the selected ALPN protocol after the - * ClientHello has been processed. In a client these contain the - * protocol that the server selected once the ServerHello has been - * processed. */ - unsigned char *alpn_selected; - unsigned alpn_selected_len; - - /* These point to the digest function to use for signatures made with - * each type of public key. A NULL value indicates that the default - * digest should be used, which is SHA1 as of TLS 1.2. - * - * (These should be in the tmp member, but we have to put them here to - * ensure binary compatibility with earlier OpenSSL 1.0.* releases.) */ - const EVP_MD *digest_rsa; - const EVP_MD *digest_dsa; - const EVP_MD *digest_ecdsa; - } SSL3_STATE; - -#endif - -/* SSLv3 */ -/*client */ -/* extra state */ -#define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) -#define SSL3_ST_CUTTHROUGH_COMPLETE (0x101|SSL_ST_CONNECT) -#ifndef OPENSSL_NO_SCTP -#define DTLS1_SCTP_ST_CW_WRITE_SOCK (0x310|SSL_ST_CONNECT) -#define DTLS1_SCTP_ST_CR_READ_SOCK (0x320|SSL_ST_CONNECT) -#endif -/* write to server */ -#define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) -#define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) -/* read from server */ -#define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) -#define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) -#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT) -#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT) -#define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) -#define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) -#define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) -#define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT) -#define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT) -#define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) -#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) -#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) -/* write to server */ -#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) -#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) -#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) -#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) -#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) -#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) -#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) -#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) -#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) -#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) -#ifndef OPENSSL_NO_NEXTPROTONEG -#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) -#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) -#endif -#define SSL3_ST_CW_CHANNEL_ID_A (0x210|SSL_ST_CONNECT) -#define SSL3_ST_CW_CHANNEL_ID_B (0x211|SSL_ST_CONNECT) -#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) -#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) -/* read from server */ -#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) -#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) -#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) -#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) -#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) -#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) -#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) -#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) - -/* server */ -/* extra state */ -#define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) -#ifndef OPENSSL_NO_SCTP -#define DTLS1_SCTP_ST_SW_WRITE_SOCK (0x310|SSL_ST_ACCEPT) -#define DTLS1_SCTP_ST_SR_READ_SOCK (0x320|SSL_ST_ACCEPT) -#endif -/* read from client */ -/* Do not change the number values, they do matter */ -#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) -#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) -#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) -/* write to client */ -#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) -#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) -#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) -#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) -#define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) -#define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT) -#define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT) -#define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT) -#define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT) -#define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT) -#define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT) -#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) -#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) -#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) -#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) -/* read from client */ -#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) -#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) -#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) -#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) -#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) -#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) -#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) -#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) -#ifndef OPENSSL_NO_NEXTPROTONEG -#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) -#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) -#endif -#define SSL3_ST_SR_POST_CLIENT_CERT (0x1BF|SSL_ST_ACCEPT) -#define SSL3_ST_SR_CHANNEL_ID_A (0x220|SSL_ST_ACCEPT) -#define SSL3_ST_SR_CHANNEL_ID_B (0x221|SSL_ST_ACCEPT) -#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) -#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) -/* write to client */ -#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) -#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) -#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) -#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) -#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) -#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) -#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) -#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) - -#define SSL3_MT_HELLO_REQUEST 0 -#define SSL3_MT_CLIENT_HELLO 1 -#define SSL3_MT_SERVER_HELLO 2 -#define SSL3_MT_NEWSESSION_TICKET 4 -#define SSL3_MT_CERTIFICATE 11 -#define SSL3_MT_SERVER_KEY_EXCHANGE 12 -#define SSL3_MT_CERTIFICATE_REQUEST 13 -#define SSL3_MT_SERVER_DONE 14 -#define SSL3_MT_CERTIFICATE_VERIFY 15 -#define SSL3_MT_CLIENT_KEY_EXCHANGE 16 -#define SSL3_MT_FINISHED 20 -#define SSL3_MT_CERTIFICATE_STATUS 22 -#ifndef OPENSSL_NO_NEXTPROTONEG -#define SSL3_MT_NEXT_PROTO 67 -#endif -#define SSL3_MT_ENCRYPTED_EXTENSIONS 203 -#define DTLS1_MT_HELLO_VERIFY_REQUEST 3 - - -#define SSL3_MT_CCS 1 - -/* These are used when changing over to a new cipher */ -#define SSL3_CC_READ 0x01 -#define SSL3_CC_WRITE 0x02 -#define SSL3_CC_CLIENT 0x10 -#define SSL3_CC_SERVER 0x20 -#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) -#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) -#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) -#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) - -#ifdef __cplusplus -} -#endif -#endif diff --git a/main/openssl/ssl/ssl_algs.c b/main/openssl/ssl/ssl_algs.c deleted file mode 100644 index 9c34d197..00000000 --- a/main/openssl/ssl/ssl_algs.c +++ /dev/null @@ -1,150 +0,0 @@ -/* ssl/ssl_algs.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include <openssl/objects.h> -#include <openssl/lhash.h> -#include "ssl_locl.h" - -int SSL_library_init(void) - { - -#ifndef OPENSSL_NO_DES - EVP_add_cipher(EVP_des_cbc()); - EVP_add_cipher(EVP_des_ede3_cbc()); -#endif -#ifndef OPENSSL_NO_IDEA - EVP_add_cipher(EVP_idea_cbc()); -#endif -#ifndef OPENSSL_NO_RC4 - EVP_add_cipher(EVP_rc4()); -#if !defined(OPENSSL_NO_MD5) && (defined(__x86_64) || defined(__x86_64__)) - EVP_add_cipher(EVP_rc4_hmac_md5()); -#endif -#endif -#ifndef OPENSSL_NO_RC2 - EVP_add_cipher(EVP_rc2_cbc()); - /* Not actually used for SSL/TLS but this makes PKCS#12 work - * if an application only calls SSL_library_init(). - */ - EVP_add_cipher(EVP_rc2_40_cbc()); -#endif -#ifndef OPENSSL_NO_AES - EVP_add_cipher(EVP_aes_128_cbc()); - EVP_add_cipher(EVP_aes_192_cbc()); - EVP_add_cipher(EVP_aes_256_cbc()); - EVP_add_cipher(EVP_aes_128_gcm()); - EVP_add_cipher(EVP_aes_256_gcm()); -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) - EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); - EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); -#endif - -#endif -#ifndef OPENSSL_NO_CAMELLIA - EVP_add_cipher(EVP_camellia_128_cbc()); - EVP_add_cipher(EVP_camellia_256_cbc()); -#endif - -#ifndef OPENSSL_NO_SEED - EVP_add_cipher(EVP_seed_cbc()); -#endif - -#ifndef OPENSSL_NO_MD5 - EVP_add_digest(EVP_md5()); - EVP_add_digest_alias(SN_md5,"ssl2-md5"); - EVP_add_digest_alias(SN_md5,"ssl3-md5"); -#endif -#ifndef OPENSSL_NO_SHA - EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ - EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); - EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); -#endif -#ifndef OPENSSL_NO_SHA256 - EVP_add_digest(EVP_sha224()); - EVP_add_digest(EVP_sha256()); -#endif -#ifndef OPENSSL_NO_SHA512 - EVP_add_digest(EVP_sha384()); - EVP_add_digest(EVP_sha512()); -#endif -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) - EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ - EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); - EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); - EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); -#endif -#ifndef OPENSSL_NO_ECDSA - EVP_add_digest(EVP_ecdsa()); -#endif - /* If you want support for phased out ciphers, add the following */ -#if 0 - EVP_add_digest(EVP_sha()); - EVP_add_digest(EVP_dss()); -#endif -#ifndef OPENSSL_NO_COMP - /* This will initialise the built-in compression algorithms. - The value returned is a STACK_OF(SSL_COMP), but that can - be discarded safely */ - (void)SSL_COMP_get_compression_methods(); -#endif - /* initialize cipher/digest methods table */ - ssl_load_ciphers(); - return(1); - } - diff --git a/main/openssl/ssl/ssl_asn1.c b/main/openssl/ssl/ssl_asn1.c deleted file mode 100644 index f83e18f8..00000000 --- a/main/openssl/ssl/ssl_asn1.c +++ /dev/null @@ -1,669 +0,0 @@ -/* ssl/ssl_asn1.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#include <stdio.h> -#include <stdlib.h> -#include "ssl_locl.h" -#include <openssl/asn1_mac.h> -#include <openssl/objects.h> -#include <openssl/x509.h> - -typedef struct ssl_session_asn1_st - { - ASN1_INTEGER version; - ASN1_INTEGER ssl_version; - ASN1_OCTET_STRING cipher; - ASN1_OCTET_STRING comp_id; - ASN1_OCTET_STRING master_key; - ASN1_OCTET_STRING session_id; - ASN1_OCTET_STRING session_id_context; - ASN1_OCTET_STRING key_arg; -#ifndef OPENSSL_NO_KRB5 - ASN1_OCTET_STRING krb5_princ; -#endif /* OPENSSL_NO_KRB5 */ - ASN1_INTEGER time; - ASN1_INTEGER timeout; - ASN1_INTEGER verify_result; -#ifndef OPENSSL_NO_TLSEXT - ASN1_OCTET_STRING tlsext_hostname; - ASN1_INTEGER tlsext_tick_lifetime; - ASN1_OCTET_STRING tlsext_tick; -#endif /* OPENSSL_NO_TLSEXT */ -#ifndef OPENSSL_NO_PSK - ASN1_OCTET_STRING psk_identity_hint; - ASN1_OCTET_STRING psk_identity; -#endif /* OPENSSL_NO_PSK */ -#ifndef OPENSSL_NO_SRP - ASN1_OCTET_STRING srp_username; -#endif /* OPENSSL_NO_SRP */ - ASN1_OCTET_STRING original_handshake_hash; - } SSL_SESSION_ASN1; - -int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) - { -#define LSIZE2 (sizeof(long)*2) - int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0,v14=0; - unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; - unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2]; -#ifndef OPENSSL_NO_TLSEXT - int v6=0,v9=0,v10=0; - unsigned char ibuf6[LSIZE2]; -#endif -#ifndef OPENSSL_NO_COMP - unsigned char cbuf; - int v11=0; -#endif -#ifndef OPENSSL_NO_SRP - int v12=0; -#endif - long l; - SSL_SESSION_ASN1 a; - M_ASN1_I2D_vars(in); - - if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0))) - return(0); - - /* Note that I cheat in the following 2 assignments. I know - * that if the ASN1_INTEGER passed to ASN1_INTEGER_set - * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed. - * This is a bit evil but makes things simple, no dynamic allocation - * to clean up :-) */ - a.version.length=LSIZE2; - a.version.type=V_ASN1_INTEGER; - a.version.data=ibuf1; - ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION); - - a.ssl_version.length=LSIZE2; - a.ssl_version.type=V_ASN1_INTEGER; - a.ssl_version.data=ibuf2; - ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version); - - a.cipher.type=V_ASN1_OCTET_STRING; - a.cipher.data=buf; - - if (in->cipher == NULL) - l=in->cipher_id; - else - l=in->cipher->id; - if (in->ssl_version == SSL2_VERSION) - { - a.cipher.length=3; - buf[0]=((unsigned char)(l>>16L))&0xff; - buf[1]=((unsigned char)(l>> 8L))&0xff; - buf[2]=((unsigned char)(l ))&0xff; - } - else - { - a.cipher.length=2; - buf[0]=((unsigned char)(l>>8L))&0xff; - buf[1]=((unsigned char)(l ))&0xff; - } - -#ifndef OPENSSL_NO_COMP - if (in->compress_meth) - { - cbuf = (unsigned char)in->compress_meth; - a.comp_id.length = 1; - a.comp_id.type = V_ASN1_OCTET_STRING; - a.comp_id.data = &cbuf; - } -#endif - - a.master_key.length=in->master_key_length; - a.master_key.type=V_ASN1_OCTET_STRING; - a.master_key.data=in->master_key; - - a.session_id.length=in->session_id_length; - a.session_id.type=V_ASN1_OCTET_STRING; - a.session_id.data=in->session_id; - - a.session_id_context.length=in->sid_ctx_length; - a.session_id_context.type=V_ASN1_OCTET_STRING; - a.session_id_context.data=in->sid_ctx; - - a.key_arg.length=in->key_arg_length; - a.key_arg.type=V_ASN1_OCTET_STRING; - a.key_arg.data=in->key_arg; - -#ifndef OPENSSL_NO_KRB5 - if (in->krb5_client_princ_len) - { - a.krb5_princ.length=in->krb5_client_princ_len; - a.krb5_princ.type=V_ASN1_OCTET_STRING; - a.krb5_princ.data=in->krb5_client_princ; - } -#endif /* OPENSSL_NO_KRB5 */ - - if (in->time != 0L) - { - a.time.length=LSIZE2; - a.time.type=V_ASN1_INTEGER; - a.time.data=ibuf3; - ASN1_INTEGER_set(&(a.time),in->time); - } - - if (in->timeout != 0L) - { - a.timeout.length=LSIZE2; - a.timeout.type=V_ASN1_INTEGER; - a.timeout.data=ibuf4; - ASN1_INTEGER_set(&(a.timeout),in->timeout); - } - - if (in->verify_result != X509_V_OK) - { - a.verify_result.length=LSIZE2; - a.verify_result.type=V_ASN1_INTEGER; - a.verify_result.data=ibuf5; - ASN1_INTEGER_set(&a.verify_result,in->verify_result); - } - -#ifndef OPENSSL_NO_TLSEXT - if (in->tlsext_hostname) - { - a.tlsext_hostname.length=strlen(in->tlsext_hostname); - a.tlsext_hostname.type=V_ASN1_OCTET_STRING; - a.tlsext_hostname.data=(unsigned char *)in->tlsext_hostname; - } - if (in->tlsext_tick) - { - a.tlsext_tick.length= in->tlsext_ticklen; - a.tlsext_tick.type=V_ASN1_OCTET_STRING; - a.tlsext_tick.data=(unsigned char *)in->tlsext_tick; - } - if (in->tlsext_tick_lifetime_hint > 0) - { - a.tlsext_tick_lifetime.length=LSIZE2; - a.tlsext_tick_lifetime.type=V_ASN1_INTEGER; - a.tlsext_tick_lifetime.data=ibuf6; - ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint); - } -#endif /* OPENSSL_NO_TLSEXT */ -#ifndef OPENSSL_NO_PSK - if (in->psk_identity_hint) - { - a.psk_identity_hint.length=strlen(in->psk_identity_hint); - a.psk_identity_hint.type=V_ASN1_OCTET_STRING; - a.psk_identity_hint.data=(unsigned char *)(in->psk_identity_hint); - } - if (in->psk_identity) - { - a.psk_identity.length=strlen(in->psk_identity); - a.psk_identity.type=V_ASN1_OCTET_STRING; - a.psk_identity.data=(unsigned char *)(in->psk_identity); - } - - if (in->original_handshake_hash_len > 0) - { - a.original_handshake_hash.length = in->original_handshake_hash_len; - a.original_handshake_hash.type = V_ASN1_OCTET_STRING; - a.original_handshake_hash.data = in->original_handshake_hash; - } -#endif /* OPENSSL_NO_PSK */ -#ifndef OPENSSL_NO_SRP - if (in->srp_username) - { - a.srp_username.length=strlen(in->srp_username); - a.srp_username.type=V_ASN1_OCTET_STRING; - a.srp_username.data=(unsigned char *)(in->srp_username); - } -#endif /* OPENSSL_NO_SRP */ - - M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); - M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER); - M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING); - M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING); - M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING); -#ifndef OPENSSL_NO_KRB5 - if (in->krb5_client_princ_len) - M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); -#endif /* OPENSSL_NO_KRB5 */ - if (in->key_arg_length > 0) - M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING); - if (in->time != 0L) - M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); - if (in->timeout != 0L) - M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); - if (in->peer != NULL) - M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3); - M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4); - if (in->verify_result != X509_V_OK) - M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5); - -#ifndef OPENSSL_NO_TLSEXT - if (in->tlsext_tick_lifetime_hint > 0) - M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); - if (in->tlsext_tick) - M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); - if (in->tlsext_hostname) - M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); -#ifndef OPENSSL_NO_COMP - if (in->compress_meth) - M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11); -#endif -#endif /* OPENSSL_NO_TLSEXT */ -#ifndef OPENSSL_NO_PSK - if (in->psk_identity_hint) - M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7); - if (in->psk_identity) - M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8); -#endif /* OPENSSL_NO_PSK */ -#ifndef OPENSSL_NO_SRP - if (in->srp_username) - M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12); -#endif /* OPENSSL_NO_SRP */ - if (in->original_handshake_hash_len > 0) - M_ASN1_I2D_len_EXP_opt(&(a.original_handshake_hash),i2d_ASN1_OCTET_STRING,14,v14); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER); - M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER); - M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING); - M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING); - M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING); -#ifndef OPENSSL_NO_KRB5 - if (in->krb5_client_princ_len) - M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); -#endif /* OPENSSL_NO_KRB5 */ - if (in->key_arg_length > 0) - M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0); - if (in->time != 0L) - M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); - if (in->timeout != 0L) - M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); - if (in->peer != NULL) - M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3); - M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4, - v4); - if (in->verify_result != X509_V_OK) - M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5); -#ifndef OPENSSL_NO_TLSEXT - if (in->tlsext_hostname) - M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); -#endif /* OPENSSL_NO_TLSEXT */ -#ifndef OPENSSL_NO_PSK - if (in->psk_identity_hint) - M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7); - if (in->psk_identity) - M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8); -#endif /* OPENSSL_NO_PSK */ -#ifndef OPENSSL_NO_TLSEXT - if (in->tlsext_tick_lifetime_hint > 0) - M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); - if (in->tlsext_tick) - M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); -#endif /* OPENSSL_NO_TLSEXT */ -#ifndef OPENSSL_NO_COMP - if (in->compress_meth) - M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11); -#endif -#ifndef OPENSSL_NO_SRP - if (in->srp_username) - M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12); -#endif /* OPENSSL_NO_SRP */ - if (in->original_handshake_hash_len > 0) - M_ASN1_I2D_put_EXP_opt(&(a.original_handshake_hash),i2d_ASN1_OCTET_STRING,14,v14); - M_ASN1_I2D_finish(); - } - -SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, - long length) - { - int ssl_version=0,i; - long id; - ASN1_INTEGER ai,*aip; - ASN1_OCTET_STRING os,*osp; - M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new); - - aip= &ai; - osp= &os; - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - - ai.data=NULL; ai.length=0; - M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); - if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } - - /* we don't care about the version right now :-) */ - M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); - ssl_version=(int)ASN1_INTEGER_get(aip); - ret->ssl_version=ssl_version; - if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } - - os.data=NULL; os.length=0; - M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); - if (ssl_version == SSL2_VERSION) - { - if (os.length != 3) - { - c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH; - c.line=__LINE__; - goto err; - } - id=0x02000000L| - ((unsigned long)os.data[0]<<16L)| - ((unsigned long)os.data[1]<< 8L)| - (unsigned long)os.data[2]; - } - else if ((ssl_version>>8) >= SSL3_VERSION_MAJOR) - { - if (os.length != 2) - { - c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH; - c.line=__LINE__; - goto err; - } - id=0x03000000L| - ((unsigned long)os.data[0]<<8L)| - (unsigned long)os.data[1]; - } - else - { - c.error=SSL_R_UNKNOWN_SSL_VERSION; - c.line=__LINE__; - goto err; - } - - ret->cipher=NULL; - ret->cipher_id=id; - - M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); - if ((ssl_version>>8) >= SSL3_VERSION_MAJOR) - i=SSL3_MAX_SSL_SESSION_ID_LENGTH; - else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */ - i=SSL2_MAX_SSL_SESSION_ID_LENGTH; - - if (os.length > i) - os.length = i; - if (os.length > (int)sizeof(ret->session_id)) /* can't happen */ - os.length = sizeof(ret->session_id); - - ret->session_id_length=os.length; - OPENSSL_assert(os.length <= (int)sizeof(ret->session_id)); - memcpy(ret->session_id,os.data,os.length); - - M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); - if (os.length > SSL_MAX_MASTER_KEY_LENGTH) - ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; - else - ret->master_key_length=os.length; - memcpy(ret->master_key,os.data,ret->master_key_length); - - os.length=0; - -#ifndef OPENSSL_NO_KRB5 - os.length=0; - M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING); - if (os.data) - { - if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH) - ret->krb5_client_princ_len=0; - else - ret->krb5_client_princ_len=os.length; - memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len); - OPENSSL_free(os.data); - os.data = NULL; - os.length = 0; - } - else - ret->krb5_client_princ_len=0; -#endif /* OPENSSL_NO_KRB5 */ - - M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING); - if (os.length > SSL_MAX_KEY_ARG_LENGTH) - ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH; - else - ret->key_arg_length=os.length; - memcpy(ret->key_arg,os.data,ret->key_arg_length); - if (os.data != NULL) OPENSSL_free(os.data); - - ai.length=0; - M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1); - if (ai.data != NULL) - { - ret->time=ASN1_INTEGER_get(aip); - OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; - } - else - ret->time=(unsigned long)time(NULL); - - ai.length=0; - M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2); - if (ai.data != NULL) - { - ret->timeout=ASN1_INTEGER_get(aip); - OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; - } - else - ret->timeout=3; - - if (ret->peer != NULL) - { - X509_free(ret->peer); - ret->peer=NULL; - } - M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3); - - os.length=0; - os.data=NULL; - M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4); - - if(os.data != NULL) - { - if (os.length > SSL_MAX_SID_CTX_LENGTH) - { - c.error=SSL_R_BAD_LENGTH; - c.line=__LINE__; - goto err; - } - else - { - ret->sid_ctx_length=os.length; - memcpy(ret->sid_ctx,os.data,os.length); - } - OPENSSL_free(os.data); os.data=NULL; os.length=0; - } - else - ret->sid_ctx_length=0; - - ai.length=0; - M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5); - if (ai.data != NULL) - { - ret->verify_result=ASN1_INTEGER_get(aip); - OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; - } - else - ret->verify_result=X509_V_OK; - -#ifndef OPENSSL_NO_TLSEXT - os.length=0; - os.data=NULL; - M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6); - if (os.data) - { - ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length); - OPENSSL_free(os.data); - os.data = NULL; - os.length = 0; - } - else - ret->tlsext_hostname=NULL; -#endif /* OPENSSL_NO_TLSEXT */ - -#ifndef OPENSSL_NO_PSK - os.length=0; - os.data=NULL; - M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,7); - if (os.data) - { - ret->psk_identity_hint = BUF_strndup((char *)os.data, os.length); - OPENSSL_free(os.data); - os.data = NULL; - os.length = 0; - } - else - ret->psk_identity_hint=NULL; - - os.length=0; - os.data=NULL; - M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,8); - if (os.data) - { - ret->psk_identity = BUF_strndup((char *)os.data, os.length); - OPENSSL_free(os.data); - os.data = NULL; - os.length = 0; - } - else - ret->psk_identity=NULL; -#endif /* OPENSSL_NO_PSK */ - -#ifndef OPENSSL_NO_TLSEXT - ai.length=0; - M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9); - if (ai.data != NULL) - { - ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip); - OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; - } - else if (ret->tlsext_ticklen && ret->session_id_length) - ret->tlsext_tick_lifetime_hint = -1; - else - ret->tlsext_tick_lifetime_hint=0; - os.length=0; - os.data=NULL; - M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10); - if (os.data) - { - ret->tlsext_tick = os.data; - ret->tlsext_ticklen = os.length; - os.data = NULL; - os.length = 0; - } - else - ret->tlsext_tick=NULL; -#endif /* OPENSSL_NO_TLSEXT */ -#ifndef OPENSSL_NO_COMP - os.length=0; - os.data=NULL; - M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,11); - if (os.data) - { - ret->compress_meth = os.data[0]; - OPENSSL_free(os.data); - os.data = NULL; - } -#endif - -#ifndef OPENSSL_NO_SRP - os.length=0; - os.data=NULL; - M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,12); - if (os.data) - { - ret->srp_username = BUF_strndup((char *)os.data, os.length); - OPENSSL_free(os.data); - os.data = NULL; - os.length = 0; - } - else - ret->srp_username=NULL; -#endif /* OPENSSL_NO_SRP */ - - os.length=0; - os.data=NULL; - M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,14); - if (os.data && os.length < (int)sizeof(ret->original_handshake_hash)) - { - memcpy(ret->original_handshake_hash, os.data, os.length); - ret->original_handshake_hash_len = os.length; - OPENSSL_free(os.data); - os.data = NULL; - } - - M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); - } diff --git a/main/openssl/ssl/ssl_cert.c b/main/openssl/ssl/ssl_cert.c deleted file mode 100644 index 62580201..00000000 --- a/main/openssl/ssl/ssl_cert.c +++ /dev/null @@ -1,804 +0,0 @@ -/*! \file ssl/ssl_cert.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - -#include <stdio.h> - -#include "e_os.h" -#ifndef NO_SYS_TYPES_H -# include <sys/types.h> -#endif - -#include "o_dir.h" -#include <openssl/objects.h> -#include <openssl/bio.h> -#include <openssl/pem.h> -#include <openssl/x509v3.h> -#ifndef OPENSSL_NO_DH -#include <openssl/dh.h> -#endif -#include <openssl/bn.h> -#include "ssl_locl.h" - -int SSL_get_ex_data_X509_STORE_CTX_idx(void) - { - static volatile int ssl_x509_store_ctx_idx= -1; - int got_write_lock = 0; - - CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); - - if (ssl_x509_store_ctx_idx < 0) - { - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - got_write_lock = 1; - - if (ssl_x509_store_ctx_idx < 0) - { - ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( - 0,"SSL for verify callback",NULL,NULL,NULL); - } - } - - if (got_write_lock) - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - else - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); - - return ssl_x509_store_ctx_idx; - } - -CERT *ssl_cert_new(void) - { - CERT *ret; - - ret=(CERT *)OPENSSL_malloc(sizeof(CERT)); - if (ret == NULL) - { - SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - memset(ret,0,sizeof(CERT)); - - ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]); - ret->references=1; - return(ret); - } - -CERT *ssl_cert_dup(CERT *cert) - { - CERT *ret; - int i; - - ret = (CERT *)OPENSSL_malloc(sizeof(CERT)); - if (ret == NULL) - { - SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); - return(NULL); - } - - memset(ret, 0, sizeof(CERT)); - - ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]]; - /* or ret->key = ret->pkeys + (cert->key - cert->pkeys), - * if you find that more readable */ - - ret->valid = cert->valid; - ret->mask_k = cert->mask_k; - ret->mask_a = cert->mask_a; - ret->export_mask_k = cert->export_mask_k; - ret->export_mask_a = cert->export_mask_a; - -#ifndef OPENSSL_NO_RSA - if (cert->rsa_tmp != NULL) - { - RSA_up_ref(cert->rsa_tmp); - ret->rsa_tmp = cert->rsa_tmp; - } - ret->rsa_tmp_cb = cert->rsa_tmp_cb; -#endif - -#ifndef OPENSSL_NO_DH - if (cert->dh_tmp != NULL) - { - ret->dh_tmp = DHparams_dup(cert->dh_tmp); - if (ret->dh_tmp == NULL) - { - SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB); - goto err; - } - if (cert->dh_tmp->priv_key) - { - BIGNUM *b = BN_dup(cert->dh_tmp->priv_key); - if (!b) - { - SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); - goto err; - } - ret->dh_tmp->priv_key = b; - } - if (cert->dh_tmp->pub_key) - { - BIGNUM *b = BN_dup(cert->dh_tmp->pub_key); - if (!b) - { - SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); - goto err; - } - ret->dh_tmp->pub_key = b; - } - } - ret->dh_tmp_cb = cert->dh_tmp_cb; -#endif - -#ifndef OPENSSL_NO_ECDH - if (cert->ecdh_tmp) - { - ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); - if (ret->ecdh_tmp == NULL) - { - SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB); - goto err; - } - } - ret->ecdh_tmp_cb = cert->ecdh_tmp_cb; -#endif - - for (i = 0; i < SSL_PKEY_NUM; i++) - { - if (cert->pkeys[i].x509 != NULL) - { - ret->pkeys[i].x509 = cert->pkeys[i].x509; - CRYPTO_add(&ret->pkeys[i].x509->references, 1, - CRYPTO_LOCK_X509); - } - - if (cert->pkeys[i].privatekey != NULL) - { - ret->pkeys[i].privatekey = cert->pkeys[i].privatekey; - CRYPTO_add(&ret->pkeys[i].privatekey->references, 1, - CRYPTO_LOCK_EVP_PKEY); - } - } - - /* ret->extra_certs *should* exist, but currently the own certificate - * chain is held inside SSL_CTX */ - - ret->references=1; - - return(ret); - -#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) -err: -#endif -#ifndef OPENSSL_NO_RSA - if (ret->rsa_tmp != NULL) - RSA_free(ret->rsa_tmp); -#endif -#ifndef OPENSSL_NO_DH - if (ret->dh_tmp != NULL) - DH_free(ret->dh_tmp); -#endif -#ifndef OPENSSL_NO_ECDH - if (ret->ecdh_tmp != NULL) - EC_KEY_free(ret->ecdh_tmp); -#endif - - for (i = 0; i < SSL_PKEY_NUM; i++) - { - if (ret->pkeys[i].x509 != NULL) - X509_free(ret->pkeys[i].x509); - if (ret->pkeys[i].privatekey != NULL) - EVP_PKEY_free(ret->pkeys[i].privatekey); - } - - return NULL; - } - - -void ssl_cert_free(CERT *c) - { - int i; - - if(c == NULL) - return; - - i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT); -#ifdef REF_PRINT - REF_PRINT("CERT",c); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"ssl_cert_free, bad reference count\n"); - abort(); /* ok */ - } -#endif - -#ifndef OPENSSL_NO_RSA - if (c->rsa_tmp) RSA_free(c->rsa_tmp); -#endif -#ifndef OPENSSL_NO_DH - if (c->dh_tmp) DH_free(c->dh_tmp); -#endif -#ifndef OPENSSL_NO_ECDH - if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp); -#endif - - for (i=0; i<SSL_PKEY_NUM; i++) - { - if (c->pkeys[i].x509 != NULL) - X509_free(c->pkeys[i].x509); - if (c->pkeys[i].privatekey != NULL) - EVP_PKEY_free(c->pkeys[i].privatekey); -#if 0 - if (c->pkeys[i].publickey != NULL) - EVP_PKEY_free(c->pkeys[i].publickey); -#endif - } - OPENSSL_free(c); - } - -int ssl_cert_inst(CERT **o) - { - /* Create a CERT if there isn't already one - * (which cannot really happen, as it is initially created in - * SSL_CTX_new; but the earlier code usually allows for that one - * being non-existant, so we follow that behaviour, as it might - * turn out that there actually is a reason for it -- but I'm - * not sure that *all* of the existing code could cope with - * s->cert being NULL, otherwise we could do without the - * initialization in SSL_CTX_new). - */ - - if (o == NULL) - { - SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (*o == NULL) - { - if ((*o = ssl_cert_new()) == NULL) - { - SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE); - return(0); - } - } - return(1); - } - - -SESS_CERT *ssl_sess_cert_new(void) - { - SESS_CERT *ret; - - ret = OPENSSL_malloc(sizeof *ret); - if (ret == NULL) - { - SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); - return NULL; - } - - memset(ret, 0 ,sizeof *ret); - ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); - ret->references = 1; - - return ret; - } - -void ssl_sess_cert_free(SESS_CERT *sc) - { - int i; - - if (sc == NULL) - return; - - i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT); -#ifdef REF_PRINT - REF_PRINT("SESS_CERT", sc); -#endif - if (i > 0) - return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"ssl_sess_cert_free, bad reference count\n"); - abort(); /* ok */ - } -#endif - - /* i == 0 */ - if (sc->cert_chain != NULL) - sk_X509_pop_free(sc->cert_chain, X509_free); - for (i = 0; i < SSL_PKEY_NUM; i++) - { - if (sc->peer_pkeys[i].x509 != NULL) - X509_free(sc->peer_pkeys[i].x509); -#if 0 /* We don't have the peer's private key. These lines are just - * here as a reminder that we're still using a not-quite-appropriate - * data structure. */ - if (sc->peer_pkeys[i].privatekey != NULL) - EVP_PKEY_free(sc->peer_pkeys[i].privatekey); -#endif - } - -#ifndef OPENSSL_NO_RSA - if (sc->peer_rsa_tmp != NULL) - RSA_free(sc->peer_rsa_tmp); -#endif -#ifndef OPENSSL_NO_DH - if (sc->peer_dh_tmp != NULL) - DH_free(sc->peer_dh_tmp); -#endif -#ifndef OPENSSL_NO_ECDH - if (sc->peer_ecdh_tmp != NULL) - EC_KEY_free(sc->peer_ecdh_tmp); -#endif - - OPENSSL_free(sc); - } - -int ssl_set_peer_cert_type(SESS_CERT *sc,int type) - { - sc->peer_cert_type = type; - return(1); - } - -int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) - { - X509 *x; - int i; - X509_STORE_CTX ctx; - - if ((sk == NULL) || (sk_X509_num(sk) == 0)) - return(0); - - x=sk_X509_value(sk,0); - if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk)) - { - SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB); - return(0); - } -#if 0 - if (SSL_get_verify_depth(s) >= 0) - X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); -#endif - X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s); - - /* We need to inherit the verify parameters. These can be determined by - * the context: if its a server it will verify SSL client certificates - * or vice versa. - */ - - X509_STORE_CTX_set_default(&ctx, - s->server ? "ssl_client" : "ssl_server"); - /* Anything non-default in "param" should overwrite anything in the - * ctx. - */ - X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param); - - if (s->verify_callback) - X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); - - if (s->ctx->app_verify_callback != NULL) -#if 1 /* new with OpenSSL 0.9.7 */ - i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); -#else - i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ -#endif - else - { -#ifndef OPENSSL_NO_X509_VERIFY - i=X509_verify_cert(&ctx); -#else - i=0; - ctx.error=X509_V_ERR_APPLICATION_VERIFICATION; - SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK); -#endif - } - - s->verify_result=ctx.error; - X509_STORE_CTX_cleanup(&ctx); - - return(i); - } - -static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list) - { - if (*ca_list != NULL) - sk_X509_NAME_pop_free(*ca_list,X509_NAME_free); - - *ca_list=name_list; - } - -STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) - { - int i; - STACK_OF(X509_NAME) *ret; - X509_NAME *name; - - ret=sk_X509_NAME_new_null(); - for (i=0; i<sk_X509_NAME_num(sk); i++) - { - name=X509_NAME_dup(sk_X509_NAME_value(sk,i)); - if ((name == NULL) || !sk_X509_NAME_push(ret,name)) - { - sk_X509_NAME_pop_free(ret,X509_NAME_free); - return(NULL); - } - } - return(ret); - } - -void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list) - { - set_client_CA_list(&(s->client_CA),name_list); - } - -void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list) - { - set_client_CA_list(&(ctx->client_CA),name_list); - } - -STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) - { - return(ctx->client_CA); - } - -STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s) - { - if (s->type == SSL_ST_CONNECT) - { /* we are in the client */ - if (((s->version>>8) == SSL3_VERSION_MAJOR) && - (s->s3 != NULL)) - return(s->s3->tmp.ca_names); - else - return(NULL); - } - else - { - if (s->client_CA != NULL) - return(s->client_CA); - else - return(s->ctx->client_CA); - } - } - -static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x) - { - X509_NAME *name; - - if (x == NULL) return(0); - if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL)) - return(0); - - if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL) - return(0); - - if (!sk_X509_NAME_push(*sk,name)) - { - X509_NAME_free(name); - return(0); - } - return(1); - } - -int SSL_add_client_CA(SSL *ssl,X509 *x) - { - return(add_client_CA(&(ssl->client_CA),x)); - } - -int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x) - { - return(add_client_CA(&(ctx->client_CA),x)); - } - -static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) - { - return(X509_NAME_cmp(*a,*b)); - } - -#ifndef OPENSSL_NO_STDIO -/*! - * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed; - * it doesn't really have anything to do with clients (except that a common use - * for a stack of CAs is to send it to the client). Actually, it doesn't have - * much to do with CAs, either, since it will load any old cert. - * \param file the file containing one or more certs. - * \return a ::STACK containing the certs. - */ -STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) - { - BIO *in; - X509 *x=NULL; - X509_NAME *xn=NULL; - STACK_OF(X509_NAME) *ret = NULL,*sk; - - sk=sk_X509_NAME_new(xname_cmp); - - in=BIO_new(BIO_s_file_internal()); - - if ((sk == NULL) || (in == NULL)) - { - SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!BIO_read_filename(in,file)) - goto err; - - for (;;) - { - if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) - break; - if (ret == NULL) - { - ret = sk_X509_NAME_new_null(); - if (ret == NULL) - { - SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); - goto err; - } - } - if ((xn=X509_get_subject_name(x)) == NULL) goto err; - /* check for duplicates */ - xn=X509_NAME_dup(xn); - if (xn == NULL) goto err; - if (sk_X509_NAME_find(sk,xn) >= 0) - X509_NAME_free(xn); - else - { - sk_X509_NAME_push(sk,xn); - sk_X509_NAME_push(ret,xn); - } - } - - if (0) - { -err: - if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free); - ret=NULL; - } - if (sk != NULL) sk_X509_NAME_free(sk); - if (in != NULL) BIO_free(in); - if (x != NULL) X509_free(x); - if (ret != NULL) - ERR_clear_error(); - return(ret); - } -#endif - -/*! - * Add a file of certs to a stack. - * \param stack the stack to add to. - * \param file the file to add from. All certs in this file that are not - * already in the stack will be added. - * \return 1 for success, 0 for failure. Note that in the case of failure some - * certs may have been added to \c stack. - */ - -int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, - const char *file) - { - BIO *in; - X509 *x=NULL; - X509_NAME *xn=NULL; - int ret=1; - int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b); - - oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp); - - in=BIO_new(BIO_s_file_internal()); - - if (in == NULL) - { - SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!BIO_read_filename(in,file)) - goto err; - - for (;;) - { - if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) - break; - if ((xn=X509_get_subject_name(x)) == NULL) goto err; - xn=X509_NAME_dup(xn); - if (xn == NULL) goto err; - if (sk_X509_NAME_find(stack,xn) >= 0) - X509_NAME_free(xn); - else - sk_X509_NAME_push(stack,xn); - } - - ERR_clear_error(); - - if (0) - { -err: - ret=0; - } - if(in != NULL) - BIO_free(in); - if(x != NULL) - X509_free(x); - - (void)sk_X509_NAME_set_cmp_func(stack,oldcmp); - - return ret; - } - -/*! - * Add a directory of certs to a stack. - * \param stack the stack to append to. - * \param dir the directory to append from. All files in this directory will be - * examined as potential certs. Any that are acceptable to - * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be - * included. - * \return 1 for success, 0 for failure. Note that in the case of failure some - * certs may have been added to \c stack. - */ - -int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, - const char *dir) - { - OPENSSL_DIR_CTX *d = NULL; - const char *filename; - int ret = 0; - - CRYPTO_w_lock(CRYPTO_LOCK_READDIR); - - /* Note that a side effect is that the CAs will be sorted by name */ - - while((filename = OPENSSL_DIR_read(&d, dir))) - { - char buf[1024]; - int r; - - if(strlen(dir)+strlen(filename)+2 > sizeof buf) - { - SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG); - goto err; - } - -#ifdef OPENSSL_SYS_VMS - r = BIO_snprintf(buf,sizeof buf,"%s%s",dir,filename); -#else - r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,filename); -#endif - if (r <= 0 || r >= (int)sizeof(buf)) - goto err; - if(!SSL_add_file_cert_subjects_to_stack(stack,buf)) - goto err; - } - - if (errno) - { - SYSerr(SYS_F_OPENDIR, get_last_sys_error()); - ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')"); - SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); - goto err; - } - - ret = 1; - -err: - if (d) OPENSSL_DIR_end(&d); - CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); - return ret; - } - diff --git a/main/openssl/ssl/ssl_ciph.c b/main/openssl/ssl/ssl_ciph.c deleted file mode 100644 index 6ea8444d..00000000 --- a/main/openssl/ssl/ssl_ciph.c +++ /dev/null @@ -1,1925 +0,0 @@ -/* ssl/ssl_ciph.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#include <stdio.h> -#include <openssl/objects.h> -#ifndef OPENSSL_NO_COMP -#include <openssl/comp.h> -#endif -#ifndef OPENSSL_NO_ENGINE -#include <openssl/engine.h> -#endif -#include "ssl_locl.h" - -#define SSL_ENC_DES_IDX 0 -#define SSL_ENC_3DES_IDX 1 -#define SSL_ENC_RC4_IDX 2 -#define SSL_ENC_RC2_IDX 3 -#define SSL_ENC_IDEA_IDX 4 -#define SSL_ENC_NULL_IDX 5 -#define SSL_ENC_AES128_IDX 6 -#define SSL_ENC_AES256_IDX 7 -#define SSL_ENC_CAMELLIA128_IDX 8 -#define SSL_ENC_CAMELLIA256_IDX 9 -#define SSL_ENC_GOST89_IDX 10 -#define SSL_ENC_SEED_IDX 11 -#define SSL_ENC_AES128GCM_IDX 12 -#define SSL_ENC_AES256GCM_IDX 13 -#define SSL_ENC_NUM_IDX 14 - - -static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ - NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL - }; - -#define SSL_COMP_NULL_IDX 0 -#define SSL_COMP_ZLIB_IDX 1 -#define SSL_COMP_NUM_IDX 2 - -static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; - -#define SSL_MD_MD5_IDX 0 -#define SSL_MD_SHA1_IDX 1 -#define SSL_MD_GOST94_IDX 2 -#define SSL_MD_GOST89MAC_IDX 3 -#define SSL_MD_SHA256_IDX 4 -#define SSL_MD_SHA384_IDX 5 -/*Constant SSL_MAX_DIGEST equal to size of digests array should be - * defined in the - * ssl_locl.h */ -#define SSL_MD_NUM_IDX SSL_MAX_DIGEST -static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={ - NULL,NULL,NULL,NULL,NULL,NULL - }; -/* PKEY_TYPE for GOST89MAC is known in advance, but, because - * implementation is engine-provided, we'll fill it only if - * corresponding EVP_PKEY_METHOD is found - */ -static int ssl_mac_pkey_id[SSL_MD_NUM_IDX]={ - EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef, - EVP_PKEY_HMAC,EVP_PKEY_HMAC - }; - -static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={ - 0,0,0,0,0,0 - }; - -static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={ - SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA, - SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, - SSL_HANDSHAKE_MAC_SHA384 - }; - -#define CIPHER_ADD 1 -#define CIPHER_KILL 2 -#define CIPHER_DEL 3 -#define CIPHER_ORD 4 -#define CIPHER_SPECIAL 5 - -typedef struct cipher_order_st - { - const SSL_CIPHER *cipher; - int active; - int dead; - struct cipher_order_st *next,*prev; - } CIPHER_ORDER; - -static const SSL_CIPHER cipher_aliases[]={ - /* "ALL" doesn't include eNULL (must be specifically enabled) */ - {0,SSL_TXT_ALL,0, 0,0,~SSL_eNULL,0,0,0,0,0,0}, - /* "COMPLEMENTOFALL" */ - {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0}, - - /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */ - {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0}, - - /* key exchange aliases - * (some of those using only a single bit here combine - * multiple key exchange algs according to the RFCs, - * e.g. kEDH combines DHE_DSS and DHE_RSA) */ - {0,SSL_TXT_kRSA,0, SSL_kRSA, 0,0,0,0,0,0,0,0}, - - {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ - {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ - {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ - {0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0}, - {0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0}, - - {0,SSL_TXT_kKRB5,0, SSL_kKRB5, 0,0,0,0,0,0,0,0}, - - {0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0}, - {0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0}, - {0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0}, - {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0}, - {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0}, - - {0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0}, - {0,SSL_TXT_kSRP,0, SSL_kSRP, 0,0,0,0,0,0,0,0}, - {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0}, - - /* server authentication aliases */ - {0,SSL_TXT_aRSA,0, 0,SSL_aRSA, 0,0,0,0,0,0,0}, - {0,SSL_TXT_aDSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0}, - {0,SSL_TXT_DSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0}, - {0,SSL_TXT_aKRB5,0, 0,SSL_aKRB5, 0,0,0,0,0,0,0}, - {0,SSL_TXT_aNULL,0, 0,SSL_aNULL, 0,0,0,0,0,0,0}, - {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ - {0,SSL_TXT_aECDH,0, 0,SSL_aECDH, 0,0,0,0,0,0,0}, - {0,SSL_TXT_aECDSA,0, 0,SSL_aECDSA,0,0,0,0,0,0,0}, - {0,SSL_TXT_ECDSA,0, 0,SSL_aECDSA, 0,0,0,0,0,0,0}, - {0,SSL_TXT_aPSK,0, 0,SSL_aPSK, 0,0,0,0,0,0,0}, - {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0}, - {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0}, - {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0}, - {0,SSL_TXT_aSRP,0, 0,SSL_aSRP, 0,0,0,0,0,0,0}, - - /* aliases combining key exchange and server authentication */ - {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0}, - {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0}, - {0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0}, - {0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0}, - {0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0}, - {0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0}, - {0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0}, - {0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0}, - {0,SSL_TXT_SRP,0, SSL_kSRP,0,0,0,0,0,0,0,0}, - - - /* symmetric encryption aliases */ - {0,SSL_TXT_DES,0, 0,0,SSL_DES, 0,0,0,0,0,0}, - {0,SSL_TXT_3DES,0, 0,0,SSL_3DES, 0,0,0,0,0,0}, - {0,SSL_TXT_RC4,0, 0,0,SSL_RC4, 0,0,0,0,0,0}, - {0,SSL_TXT_RC2,0, 0,0,SSL_RC2, 0,0,0,0,0,0}, - {0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0}, - {0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0}, - {0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0}, - {0,SSL_TXT_AES128,0, 0,0,SSL_AES128|SSL_AES128GCM,0,0,0,0,0,0}, - {0,SSL_TXT_AES256,0, 0,0,SSL_AES256|SSL_AES256GCM,0,0,0,0,0,0}, - {0,SSL_TXT_AES,0, 0,0,SSL_AES,0,0,0,0,0,0}, - {0,SSL_TXT_AES_GCM,0, 0,0,SSL_AES128GCM|SSL_AES256GCM,0,0,0,0,0,0}, - {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0}, - {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0}, - {0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0}, - - /* MAC aliases */ - {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0}, - {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, - {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, - {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0}, - {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0}, - {0,SSL_TXT_SHA256,0, 0,0,0,SSL_SHA256, 0,0,0,0,0}, - {0,SSL_TXT_SHA384,0, 0,0,0,SSL_SHA384, 0,0,0,0,0}, - - /* protocol version aliases */ - {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0}, - {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0}, - {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0}, - {0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0}, - - /* export flag */ - {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, - {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, - - /* strength classes */ - {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0}, - {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0}, - {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0}, - {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0}, - {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0}, - /* FIPS 140-2 approved ciphersuite */ - {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0}, - }; -/* Search for public key algorithm with given name and - * return its pkey_id if it is available. Otherwise return 0 - */ -#ifdef OPENSSL_NO_ENGINE - -static int get_optional_pkey_id(const char *pkey_name) - { - const EVP_PKEY_ASN1_METHOD *ameth; - int pkey_id=0; - ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1); - if (ameth) - { - EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth); - } - return pkey_id; - } - -#else - -static int get_optional_pkey_id(const char *pkey_name) - { - const EVP_PKEY_ASN1_METHOD *ameth; - ENGINE *tmpeng = NULL; - int pkey_id=0; - ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1); - if (ameth) - { - EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth); - } - if (tmpeng) ENGINE_finish(tmpeng); - return pkey_id; - } - -#endif - -void ssl_load_ciphers(void) - { - ssl_cipher_methods[SSL_ENC_DES_IDX]= - EVP_get_cipherbyname(SN_des_cbc); - ssl_cipher_methods[SSL_ENC_3DES_IDX]= - EVP_get_cipherbyname(SN_des_ede3_cbc); - ssl_cipher_methods[SSL_ENC_RC4_IDX]= - EVP_get_cipherbyname(SN_rc4); - ssl_cipher_methods[SSL_ENC_RC2_IDX]= - EVP_get_cipherbyname(SN_rc2_cbc); -#ifndef OPENSSL_NO_IDEA - ssl_cipher_methods[SSL_ENC_IDEA_IDX]= - EVP_get_cipherbyname(SN_idea_cbc); -#else - ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL; -#endif - ssl_cipher_methods[SSL_ENC_AES128_IDX]= - EVP_get_cipherbyname(SN_aes_128_cbc); - ssl_cipher_methods[SSL_ENC_AES256_IDX]= - EVP_get_cipherbyname(SN_aes_256_cbc); - ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]= - EVP_get_cipherbyname(SN_camellia_128_cbc); - ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= - EVP_get_cipherbyname(SN_camellia_256_cbc); - ssl_cipher_methods[SSL_ENC_GOST89_IDX]= - EVP_get_cipherbyname(SN_gost89_cnt); - ssl_cipher_methods[SSL_ENC_SEED_IDX]= - EVP_get_cipherbyname(SN_seed_cbc); - - ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]= - EVP_get_cipherbyname(SN_aes_128_gcm); - ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]= - EVP_get_cipherbyname(SN_aes_256_gcm); - - ssl_digest_methods[SSL_MD_MD5_IDX]= - EVP_get_digestbyname(SN_md5); - ssl_mac_secret_size[SSL_MD_MD5_IDX]= - EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); - OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0); - ssl_digest_methods[SSL_MD_SHA1_IDX]= - EVP_get_digestbyname(SN_sha1); - ssl_mac_secret_size[SSL_MD_SHA1_IDX]= - EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]); - OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0); - ssl_digest_methods[SSL_MD_GOST94_IDX]= - EVP_get_digestbyname(SN_id_GostR3411_94); - if (ssl_digest_methods[SSL_MD_GOST94_IDX]) - { - ssl_mac_secret_size[SSL_MD_GOST94_IDX]= - EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]); - OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0); - } - ssl_digest_methods[SSL_MD_GOST89MAC_IDX]= - EVP_get_digestbyname(SN_id_Gost28147_89_MAC); - ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); - if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { - ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32; - } - - ssl_digest_methods[SSL_MD_SHA256_IDX]= - EVP_get_digestbyname(SN_sha256); - ssl_mac_secret_size[SSL_MD_SHA256_IDX]= - EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]); - ssl_digest_methods[SSL_MD_SHA384_IDX]= - EVP_get_digestbyname(SN_sha384); - ssl_mac_secret_size[SSL_MD_SHA384_IDX]= - EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); - } -#ifndef OPENSSL_NO_COMP - -static int sk_comp_cmp(const SSL_COMP * const *a, - const SSL_COMP * const *b) - { - return((*a)->id-(*b)->id); - } - -static void load_builtin_compressions(void) - { - int got_write_lock = 0; - - CRYPTO_r_lock(CRYPTO_LOCK_SSL); - if (ssl_comp_methods == NULL) - { - CRYPTO_r_unlock(CRYPTO_LOCK_SSL); - CRYPTO_w_lock(CRYPTO_LOCK_SSL); - got_write_lock = 1; - - if (ssl_comp_methods == NULL) - { - SSL_COMP *comp = NULL; - - MemCheck_off(); - ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); - if (ssl_comp_methods != NULL) - { - comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); - if (comp != NULL) - { - comp->method=COMP_zlib(); - if (comp->method - && comp->method->type == NID_undef) - OPENSSL_free(comp); - else - { - comp->id=SSL_COMP_ZLIB_IDX; - comp->name=comp->method->name; - sk_SSL_COMP_push(ssl_comp_methods,comp); - } - } - sk_SSL_COMP_sort(ssl_comp_methods); - } - MemCheck_on(); - } - } - - if (got_write_lock) - CRYPTO_w_unlock(CRYPTO_LOCK_SSL); - else - CRYPTO_r_unlock(CRYPTO_LOCK_SSL); - } -#endif - -int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, - const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp) - { - int i; - const SSL_CIPHER *c; - - c=s->cipher; - if (c == NULL) return(0); - if (comp != NULL) - { - SSL_COMP ctmp; -#ifndef OPENSSL_NO_COMP - load_builtin_compressions(); -#endif - - *comp=NULL; - ctmp.id=s->compress_meth; - if (ssl_comp_methods != NULL) - { - i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp); - if (i >= 0) - *comp=sk_SSL_COMP_value(ssl_comp_methods,i); - else - *comp=NULL; - } - } - - if ((enc == NULL) || (md == NULL)) return(0); - - switch (c->algorithm_enc) - { - case SSL_DES: - i=SSL_ENC_DES_IDX; - break; - case SSL_3DES: - i=SSL_ENC_3DES_IDX; - break; - case SSL_RC4: - i=SSL_ENC_RC4_IDX; - break; - case SSL_RC2: - i=SSL_ENC_RC2_IDX; - break; - case SSL_IDEA: - i=SSL_ENC_IDEA_IDX; - break; - case SSL_eNULL: - i=SSL_ENC_NULL_IDX; - break; - case SSL_AES128: - i=SSL_ENC_AES128_IDX; - break; - case SSL_AES256: - i=SSL_ENC_AES256_IDX; - break; - case SSL_CAMELLIA128: - i=SSL_ENC_CAMELLIA128_IDX; - break; - case SSL_CAMELLIA256: - i=SSL_ENC_CAMELLIA256_IDX; - break; - case SSL_eGOST2814789CNT: - i=SSL_ENC_GOST89_IDX; - break; - case SSL_SEED: - i=SSL_ENC_SEED_IDX; - break; - case SSL_AES128GCM: - i=SSL_ENC_AES128GCM_IDX; - break; - case SSL_AES256GCM: - i=SSL_ENC_AES256GCM_IDX; - break; - default: - i= -1; - break; - } - - if ((i < 0) || (i >= SSL_ENC_NUM_IDX)) - *enc=NULL; - else - { - if (i == SSL_ENC_NULL_IDX) - *enc=EVP_enc_null(); - else - *enc=ssl_cipher_methods[i]; - } - - switch (c->algorithm_mac) - { - case SSL_MD5: - i=SSL_MD_MD5_IDX; - break; - case SSL_SHA1: - i=SSL_MD_SHA1_IDX; - break; - case SSL_SHA256: - i=SSL_MD_SHA256_IDX; - break; - case SSL_SHA384: - i=SSL_MD_SHA384_IDX; - break; - case SSL_GOST94: - i = SSL_MD_GOST94_IDX; - break; - case SSL_GOST89MAC: - i = SSL_MD_GOST89MAC_IDX; - break; - default: - i= -1; - break; - } - if ((i < 0) || (i >= SSL_MD_NUM_IDX)) - { - *md=NULL; - if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef; - if (mac_secret_size!=NULL) *mac_secret_size = 0; - if (c->algorithm_mac == SSL_AEAD) - mac_pkey_type = NULL; - } - else - { - *md=ssl_digest_methods[i]; - if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i]; - if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i]; - } - - if ((*enc != NULL) && - (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) && - (!mac_pkey_type||*mac_pkey_type != NID_undef)) - { - const EVP_CIPHER *evp; - - if (s->ssl_version>>8 != TLS1_VERSION_MAJOR || - s->ssl_version < TLS1_VERSION) - return 1; - -#ifdef OPENSSL_FIPS - if (FIPS_mode()) - return 1; -#endif - - if (c->algorithm_enc == SSL_RC4 && - c->algorithm_mac == SSL_MD5 && - (evp=EVP_get_cipherbyname("RC4-HMAC-MD5"))) - *enc = evp, *md = NULL; - else if (c->algorithm_enc == SSL_AES128 && - c->algorithm_mac == SSL_SHA1 && - (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) - *enc = evp, *md = NULL; - else if (c->algorithm_enc == SSL_AES256 && - c->algorithm_mac == SSL_SHA1 && - (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) - *enc = evp, *md = NULL; - return(1); - } - else - return(0); - } - -int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) -{ - if (idx <0||idx>=SSL_MD_NUM_IDX) - { - return 0; - } - *mask = ssl_handshake_digest_flag[idx]; - if (*mask) - *md = ssl_digest_methods[idx]; - else - *md = NULL; - return 1; -} - -#define ITEM_SEP(a) \ - (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) - -static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, - CIPHER_ORDER **tail) - { - if (curr == *tail) return; - if (curr == *head) - *head=curr->next; - if (curr->prev != NULL) - curr->prev->next=curr->next; - if (curr->next != NULL) - curr->next->prev=curr->prev; - (*tail)->next=curr; - curr->prev= *tail; - curr->next=NULL; - *tail=curr; - } - -static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, - CIPHER_ORDER **tail) - { - if (curr == *head) return; - if (curr == *tail) - *tail=curr->prev; - if (curr->next != NULL) - curr->next->prev=curr->prev; - if (curr->prev != NULL) - curr->prev->next=curr->next; - (*head)->prev=curr; - curr->next= *head; - curr->prev=NULL; - *head=curr; - } - -static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl) - { - *mkey = 0; - *auth = 0; - *enc = 0; - *mac = 0; - *ssl = 0; - -#ifdef OPENSSL_NO_RSA - *mkey |= SSL_kRSA; - *auth |= SSL_aRSA; -#endif -#ifdef OPENSSL_NO_DSA - *auth |= SSL_aDSS; -#endif - *mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */ - *auth |= SSL_aDH; -#ifdef OPENSSL_NO_DH - *mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH; - *auth |= SSL_aDH; -#endif -#ifdef OPENSSL_NO_KRB5 - *mkey |= SSL_kKRB5; - *auth |= SSL_aKRB5; -#endif -#ifdef OPENSSL_NO_ECDSA - *auth |= SSL_aECDSA; -#endif -#ifdef OPENSSL_NO_ECDH - *mkey |= SSL_kECDHe|SSL_kECDHr; - *auth |= SSL_aECDH; -#endif -#ifdef OPENSSL_NO_PSK - *mkey |= SSL_kPSK; - *auth |= SSL_aPSK; -#endif -#ifdef OPENSSL_NO_SRP - *mkey |= SSL_kSRP; -#endif - /* Check for presence of GOST 34.10 algorithms, and if they - * do not present, disable appropriate auth and key exchange */ - if (!get_optional_pkey_id("gost94")) { - *auth |= SSL_aGOST94; - } - if (!get_optional_pkey_id("gost2001")) { - *auth |= SSL_aGOST01; - } - /* Disable GOST key exchange if no GOST signature algs are available * */ - if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) { - *mkey |= SSL_kGOST; - } -#ifdef SSL_FORBID_ENULL - *enc |= SSL_eNULL; -#endif - - - - *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0; - *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0; - *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0; - *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0; - *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; - *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0; - *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0; - *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM:0; - *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM:0; - *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0; - *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0; - *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0; - *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0; - - *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; - *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; - *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256:0; - *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384:0; - *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0; - *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0; - - } - -static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, - int num_of_ciphers, - unsigned long disabled_mkey, unsigned long disabled_auth, - unsigned long disabled_enc, unsigned long disabled_mac, - unsigned long disabled_ssl, - CIPHER_ORDER *co_list, - CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) - { - int i, co_list_num; - const SSL_CIPHER *c; - - /* - * We have num_of_ciphers descriptions compiled in, depending on the - * method selected (SSLv2 and/or SSLv3, TLSv1 etc). - * These will later be sorted in a linked list with at most num - * entries. - */ - - /* Get the initial list of ciphers */ - co_list_num = 0; /* actual count of ciphers */ - for (i = 0; i < num_of_ciphers; i++) - { - c = ssl_method->get_cipher(i); - /* drop those that use any of that is not available */ - if ((c != NULL) && c->valid && -#ifdef OPENSSL_FIPS - (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && -#endif - !(c->algorithm_mkey & disabled_mkey) && - !(c->algorithm_auth & disabled_auth) && - !(c->algorithm_enc & disabled_enc) && - !(c->algorithm_mac & disabled_mac) && - !(c->algorithm_ssl & disabled_ssl)) - { - co_list[co_list_num].cipher = c; - co_list[co_list_num].next = NULL; - co_list[co_list_num].prev = NULL; - co_list[co_list_num].active = 0; - co_list_num++; -#ifdef KSSL_DEBUG - fprintf(stderr,"\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth); -#endif /* KSSL_DEBUG */ - /* - if (!sk_push(ca_list,(char *)c)) goto err; - */ - } - } - - /* - * Prepare linked list from list entries - */ - if (co_list_num > 0) - { - co_list[0].prev = NULL; - - if (co_list_num > 1) - { - co_list[0].next = &co_list[1]; - - for (i = 1; i < co_list_num - 1; i++) - { - co_list[i].prev = &co_list[i - 1]; - co_list[i].next = &co_list[i + 1]; - } - - co_list[co_list_num - 1].prev = &co_list[co_list_num - 2]; - } - - co_list[co_list_num - 1].next = NULL; - - *head_p = &co_list[0]; - *tail_p = &co_list[co_list_num - 1]; - } - } - -static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, - int num_of_group_aliases, - unsigned long disabled_mkey, unsigned long disabled_auth, - unsigned long disabled_enc, unsigned long disabled_mac, - unsigned long disabled_ssl, - CIPHER_ORDER *head) - { - CIPHER_ORDER *ciph_curr; - const SSL_CIPHER **ca_curr; - int i; - unsigned long mask_mkey = ~disabled_mkey; - unsigned long mask_auth = ~disabled_auth; - unsigned long mask_enc = ~disabled_enc; - unsigned long mask_mac = ~disabled_mac; - unsigned long mask_ssl = ~disabled_ssl; - - /* - * First, add the real ciphers as already collected - */ - ciph_curr = head; - ca_curr = ca_list; - while (ciph_curr != NULL) - { - *ca_curr = ciph_curr->cipher; - ca_curr++; - ciph_curr = ciph_curr->next; - } - - /* - * Now we add the available ones from the cipher_aliases[] table. - * They represent either one or more algorithms, some of which - * in any affected category must be supported (set in enabled_mask), - * or represent a cipher strength value (will be added in any case because algorithms=0). - */ - for (i = 0; i < num_of_group_aliases; i++) - { - unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; - unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; - unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; - unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac; - unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl; - - if (algorithm_mkey) - if ((algorithm_mkey & mask_mkey) == 0) - continue; - - if (algorithm_auth) - if ((algorithm_auth & mask_auth) == 0) - continue; - - if (algorithm_enc) - if ((algorithm_enc & mask_enc) == 0) - continue; - - if (algorithm_mac) - if ((algorithm_mac & mask_mac) == 0) - continue; - - if (algorithm_ssl) - if ((algorithm_ssl & mask_ssl) == 0) - continue; - - *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); - ca_curr++; - } - - *ca_curr = NULL; /* end of list */ - } - -static void ssl_cipher_apply_rule(unsigned long cipher_id, - unsigned long alg_mkey, unsigned long alg_auth, - unsigned long alg_enc, unsigned long alg_mac, - unsigned long alg_ssl, - unsigned long algo_strength, - int rule, int strength_bits, - CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) - { - CIPHER_ORDER *head, *tail, *curr, *next, *last; - const SSL_CIPHER *cp; - int reverse = 0; - -#ifdef CIPHER_DEBUG - fprintf(stderr, "Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n", - rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits); -#endif - - if (rule == CIPHER_DEL) - reverse = 1; /* needed to maintain sorting between currently deleted ciphers */ - - head = *head_p; - tail = *tail_p; - - if (reverse) - { - next = tail; - last = head; - } - else - { - next = head; - last = tail; - } - - curr = NULL; - for (;;) - { - if (curr == last) break; - - curr = next; - - if (curr == NULL) break; - - next = reverse ? curr->prev : curr->next; - - cp = curr->cipher; - - /* - * Selection criteria is either the value of strength_bits - * or the algorithms used. - */ - if (strength_bits >= 0) - { - if (strength_bits != cp->strength_bits) - continue; - } - else - { -#ifdef CIPHER_DEBUG - fprintf(stderr, "\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength); -#endif - - if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) - continue; - if (alg_auth && !(alg_auth & cp->algorithm_auth)) - continue; - if (alg_enc && !(alg_enc & cp->algorithm_enc)) - continue; - if (alg_mac && !(alg_mac & cp->algorithm_mac)) - continue; - if (alg_ssl && !(alg_ssl & cp->algorithm_ssl)) - continue; - if ((algo_strength & SSL_EXP_MASK) && !(algo_strength & SSL_EXP_MASK & cp->algo_strength)) - continue; - if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) - continue; - } - -#ifdef CIPHER_DEBUG - fprintf(stderr, "Action = %d\n", rule); -#endif - - /* add the cipher if it has not been added yet. */ - if (rule == CIPHER_ADD) - { - /* reverse == 0 */ - if (!curr->active) - { - ll_append_tail(&head, curr, &tail); - curr->active = 1; - } - } - /* Move the added cipher to this location */ - else if (rule == CIPHER_ORD) - { - /* reverse == 0 */ - if (curr->active) - { - ll_append_tail(&head, curr, &tail); - } - } - else if (rule == CIPHER_DEL) - { - /* reverse == 1 */ - if (curr->active) - { - /* most recently deleted ciphersuites get best positions - * for any future CIPHER_ADD (note that the CIPHER_DEL loop - * works in reverse to maintain the order) */ - ll_append_head(&head, curr, &tail); - curr->active = 0; - } - } - else if (rule == CIPHER_KILL) - { - /* reverse == 0 */ - if (head == curr) - head = curr->next; - else - curr->prev->next = curr->next; - if (tail == curr) - tail = curr->prev; - curr->active = 0; - if (curr->next != NULL) - curr->next->prev = curr->prev; - if (curr->prev != NULL) - curr->prev->next = curr->next; - curr->next = NULL; - curr->prev = NULL; - } - } - - *head_p = head; - *tail_p = tail; - } - -static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, - CIPHER_ORDER **tail_p) - { - int max_strength_bits, i, *number_uses; - CIPHER_ORDER *curr; - - /* - * This routine sorts the ciphers with descending strength. The sorting - * must keep the pre-sorted sequence, so we apply the normal sorting - * routine as '+' movement to the end of the list. - */ - max_strength_bits = 0; - curr = *head_p; - while (curr != NULL) - { - if (curr->active && - (curr->cipher->strength_bits > max_strength_bits)) - max_strength_bits = curr->cipher->strength_bits; - curr = curr->next; - } - - number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); - if (!number_uses) - { - SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE); - return(0); - } - memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); - - /* - * Now find the strength_bits values actually used - */ - curr = *head_p; - while (curr != NULL) - { - if (curr->active) - number_uses[curr->cipher->strength_bits]++; - curr = curr->next; - } - /* - * Go through the list of used strength_bits values in descending - * order. - */ - for (i = max_strength_bits; i >= 0; i--) - if (number_uses[i] > 0) - ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p); - - OPENSSL_free(number_uses); - return(1); - } - -static int ssl_cipher_process_rulestr(const char *rule_str, - CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, - const SSL_CIPHER **ca_list) - { - unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; - const char *l, *buf; - int j, multi, found, rule, retval, ok, buflen; - unsigned long cipher_id = 0; - char ch; - - retval = 1; - l = rule_str; - for (;;) - { - ch = *l; - - if (ch == '\0') - break; /* done */ - if (ch == '-') - { rule = CIPHER_DEL; l++; } - else if (ch == '+') - { rule = CIPHER_ORD; l++; } - else if (ch == '!') - { rule = CIPHER_KILL; l++; } - else if (ch == '@') - { rule = CIPHER_SPECIAL; l++; } - else - { rule = CIPHER_ADD; } - - if (ITEM_SEP(ch)) - { - l++; - continue; - } - - alg_mkey = 0; - alg_auth = 0; - alg_enc = 0; - alg_mac = 0; - alg_ssl = 0; - algo_strength = 0; - - for (;;) - { - ch = *l; - buf = l; - buflen = 0; -#ifndef CHARSET_EBCDIC - while ( ((ch >= 'A') && (ch <= 'Z')) || - ((ch >= '0') && (ch <= '9')) || - ((ch >= 'a') && (ch <= 'z')) || - (ch == '-') || (ch == '.')) -#else - while ( isalnum(ch) || (ch == '-') || (ch == '.')) -#endif - { - ch = *(++l); - buflen++; - } - - if (buflen == 0) - { - /* - * We hit something we cannot deal with, - * it is no command or separator nor - * alphanumeric, so we call this an error. - */ - SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, - SSL_R_INVALID_COMMAND); - retval = found = 0; - l++; - break; - } - - if (rule == CIPHER_SPECIAL) - { - found = 0; /* unused -- avoid compiler warning */ - break; /* special treatment */ - } - - /* check for multi-part specification */ - if (ch == '+') - { - multi=1; - l++; - } - else - multi=0; - - /* - * Now search for the cipher alias in the ca_list. Be careful - * with the strncmp, because the "buflen" limitation - * will make the rule "ADH:SOME" and the cipher - * "ADH-MY-CIPHER" look like a match for buflen=3. - * So additionally check whether the cipher name found - * has the correct length. We can save a strlen() call: - * just checking for the '\0' at the right place is - * sufficient, we have to strncmp() anyway. (We cannot - * use strcmp(), because buf is not '\0' terminated.) - */ - j = found = 0; - cipher_id = 0; - while (ca_list[j]) - { - if (!strncmp(buf, ca_list[j]->name, buflen) && - (ca_list[j]->name[buflen] == '\0')) - { - found = 1; - break; - } - else - j++; - } - - if (!found) - break; /* ignore this entry */ - - if (ca_list[j]->algorithm_mkey) - { - if (alg_mkey) - { - alg_mkey &= ca_list[j]->algorithm_mkey; - if (!alg_mkey) { found = 0; break; } - } - else - alg_mkey = ca_list[j]->algorithm_mkey; - } - - if (ca_list[j]->algorithm_auth) - { - if (alg_auth) - { - alg_auth &= ca_list[j]->algorithm_auth; - if (!alg_auth) { found = 0; break; } - } - else - alg_auth = ca_list[j]->algorithm_auth; - } - - if (ca_list[j]->algorithm_enc) - { - if (alg_enc) - { - alg_enc &= ca_list[j]->algorithm_enc; - if (!alg_enc) { found = 0; break; } - } - else - alg_enc = ca_list[j]->algorithm_enc; - } - - if (ca_list[j]->algorithm_mac) - { - if (alg_mac) - { - alg_mac &= ca_list[j]->algorithm_mac; - if (!alg_mac) { found = 0; break; } - } - else - alg_mac = ca_list[j]->algorithm_mac; - } - - if (ca_list[j]->algo_strength & SSL_EXP_MASK) - { - if (algo_strength & SSL_EXP_MASK) - { - algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK; - if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; } - } - else - algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK; - } - - if (ca_list[j]->algo_strength & SSL_STRONG_MASK) - { - if (algo_strength & SSL_STRONG_MASK) - { - algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK; - if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; } - } - else - algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK; - } - - if (ca_list[j]->valid) - { - /* explicit ciphersuite found; its protocol version - * does not become part of the search pattern!*/ - - cipher_id = ca_list[j]->id; - } - else - { - /* not an explicit ciphersuite; only in this case, the - * protocol version is considered part of the search pattern */ - - if (ca_list[j]->algorithm_ssl) - { - if (alg_ssl) - { - alg_ssl &= ca_list[j]->algorithm_ssl; - if (!alg_ssl) { found = 0; break; } - } - else - alg_ssl = ca_list[j]->algorithm_ssl; - } - } - - if (!multi) break; - } - - /* - * Ok, we have the rule, now apply it - */ - if (rule == CIPHER_SPECIAL) - { /* special command */ - ok = 0; - if ((buflen == 8) && - !strncmp(buf, "STRENGTH", 8)) - ok = ssl_cipher_strength_sort(head_p, tail_p); - else - SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, - SSL_R_INVALID_COMMAND); - if (ok == 0) - retval = 0; - /* - * We do not support any "multi" options - * together with "@", so throw away the - * rest of the command, if any left, until - * end or ':' is found. - */ - while ((*l != '\0') && !ITEM_SEP(*l)) - l++; - } - else if (found) - { - ssl_cipher_apply_rule(cipher_id, - alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, - rule, -1, head_p, tail_p); - } - else - { - while ((*l != '\0') && !ITEM_SEP(*l)) - l++; - } - if (*l == '\0') break; /* done */ - } - - return(retval); - } - -STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, - STACK_OF(SSL_CIPHER) **cipher_list, - STACK_OF(SSL_CIPHER) **cipher_list_by_id, - const char *rule_str) - { - int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; - unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl; - STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; - const char *rule_p; - CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; - const SSL_CIPHER **ca_list = NULL; - - /* - * Return with error if nothing to do. - */ - if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) - return NULL; - - /* - * To reduce the work to do we only want to process the compiled - * in algorithms, so we first get the mask of disabled ciphers. - */ - ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl); - - /* - * Now we have to collect the available ciphers from the compiled - * in ciphers. We cannot get more than the number compiled in, so - * it is used for allocation. - */ - num_of_ciphers = ssl_method->num_ciphers(); -#ifdef KSSL_DEBUG - fprintf(stderr,"ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); -#endif /* KSSL_DEBUG */ - co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); - if (co_list == NULL) - { - SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); - return(NULL); /* Failure */ - } - - ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, - disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, - co_list, &head, &tail); - - - /* Now arrange all ciphers by preference: */ - - /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */ - ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); - ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); - - /* AES is our preferred symmetric cipher */ - ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); - - /* Temporarily enable everything else for sorting */ - ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); - - /* Low priority for MD5 */ - ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail); - - /* Move anonymous ciphers to the end. Usually, these will remain disabled. - * (For applications that allow them, they aren't too bad, but we prefer - * authenticated ciphers.) */ - ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); - - /* Move ciphers without forward secrecy to the end */ - ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); - /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */ - ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); - ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); - ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); - - /* RC4 is sort-of broken -- move the the end */ - ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); - - /* Now sort by symmetric encryption strength. The above ordering remains - * in force within each class */ - if (!ssl_cipher_strength_sort(&head, &tail)) - { - OPENSSL_free(co_list); - return NULL; - } - - /* Now disable everything (maintaining the ordering!) */ - ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); - - - /* - * We also need cipher aliases for selecting based on the rule_str. - * There might be two types of entries in the rule_str: 1) names - * of ciphers themselves 2) aliases for groups of ciphers. - * For 1) we need the available ciphers and for 2) the cipher - * groups of cipher_aliases added together in one list (otherwise - * we would be happy with just the cipher_aliases table). - */ - num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); - num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; - ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); - if (ca_list == NULL) - { - OPENSSL_free(co_list); - SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); - return(NULL); /* Failure */ - } - ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, - disabled_mkey, disabled_auth, disabled_enc, - disabled_mac, disabled_ssl, head); - - /* - * If the rule_string begins with DEFAULT, apply the default rule - * before using the (possibly available) additional rules. - */ - ok = 1; - rule_p = rule_str; - if (strncmp(rule_str,"DEFAULT",7) == 0) - { - ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, - &head, &tail, ca_list); - rule_p += 7; - if (*rule_p == ':') - rule_p++; - } - - if (ok && (strlen(rule_p) > 0)) - ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list); - - OPENSSL_free((void *)ca_list); /* Not needed anymore */ - - if (!ok) - { /* Rule processing failure */ - OPENSSL_free(co_list); - return(NULL); - } - - /* - * Allocate new "cipherstack" for the result, return with error - * if we cannot get one. - */ - if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) - { - OPENSSL_free(co_list); - return(NULL); - } - - /* - * The cipher selection for the list is done. The ciphers are added - * to the resulting precedence to the STACK_OF(SSL_CIPHER). - */ - for (curr = head; curr != NULL; curr = curr->next) - { -#ifdef OPENSSL_FIPS - if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) -#else - if (curr->active) -#endif - { - sk_SSL_CIPHER_push(cipherstack, curr->cipher); -#ifdef CIPHER_DEBUG - fprintf(stderr, "<%s>\n",curr->cipher->name); -#endif - } - } - OPENSSL_free(co_list); /* Not needed any longer */ - - tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); - if (tmp_cipher_list == NULL) - { - sk_SSL_CIPHER_free(cipherstack); - return NULL; - } - if (*cipher_list != NULL) - sk_SSL_CIPHER_free(*cipher_list); - *cipher_list = cipherstack; - if (*cipher_list_by_id != NULL) - sk_SSL_CIPHER_free(*cipher_list_by_id); - *cipher_list_by_id = tmp_cipher_list; - (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); - - sk_SSL_CIPHER_sort(*cipher_list_by_id); - return(cipherstack); - } - -char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) - { - int is_export,pkl,kl; - const char *ver,*exp_str; - const char *kx,*au,*enc,*mac; - unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2; -#ifdef KSSL_DEBUG - static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; -#else - static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; -#endif /* KSSL_DEBUG */ - - alg_mkey = cipher->algorithm_mkey; - alg_auth = cipher->algorithm_auth; - alg_enc = cipher->algorithm_enc; - alg_mac = cipher->algorithm_mac; - alg_ssl = cipher->algorithm_ssl; - - alg2=cipher->algorithm2; - - is_export=SSL_C_IS_EXPORT(cipher); - pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); - kl=SSL_C_EXPORT_KEYLENGTH(cipher); - exp_str=is_export?" export":""; - - if (alg_ssl & SSL_SSLV2) - ver="SSLv2"; - else if (alg_ssl & SSL_SSLV3) - ver="SSLv3"; - else if (alg_ssl & SSL_TLSV1_2) - ver="TLSv1.2"; - else - ver="unknown"; - - switch (alg_mkey) - { - case SSL_kRSA: - kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; - break; - case SSL_kDHr: - kx="DH/RSA"; - break; - case SSL_kDHd: - kx="DH/DSS"; - break; - case SSL_kKRB5: - kx="KRB5"; - break; - case SSL_kEDH: - kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; - break; - case SSL_kECDHr: - kx="ECDH/RSA"; - break; - case SSL_kECDHe: - kx="ECDH/ECDSA"; - break; - case SSL_kEECDH: - kx="ECDH"; - break; - case SSL_kPSK: - kx="PSK"; - break; - case SSL_kSRP: - kx="SRP"; - break; - case SSL_kGOST: - kx="GOST"; - break; - default: - kx="unknown"; - } - - switch (alg_auth) - { - case SSL_aRSA: - au="RSA"; - break; - case SSL_aDSS: - au="DSS"; - break; - case SSL_aDH: - au="DH"; - break; - case SSL_aKRB5: - au="KRB5"; - break; - case SSL_aECDH: - au="ECDH"; - break; - case SSL_aNULL: - au="None"; - break; - case SSL_aECDSA: - au="ECDSA"; - break; - case SSL_aPSK: - au="PSK"; - break; - case SSL_aSRP: - au="SRP"; - break; - case SSL_aGOST94: - au="GOST94"; - break; - case SSL_aGOST01: - au="GOST01"; - break; - default: - au="unknown"; - break; - } - - switch (alg_enc) - { - case SSL_DES: - enc=(is_export && kl == 5)?"DES(40)":"DES(56)"; - break; - case SSL_3DES: - enc="3DES(168)"; - break; - case SSL_RC4: - enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") - :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); - break; - case SSL_RC2: - enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; - break; - case SSL_IDEA: - enc="IDEA(128)"; - break; - case SSL_eNULL: - enc="None"; - break; - case SSL_AES128: - enc="AES(128)"; - break; - case SSL_AES256: - enc="AES(256)"; - break; - case SSL_AES128GCM: - enc="AESGCM(128)"; - break; - case SSL_AES256GCM: - enc="AESGCM(256)"; - break; - case SSL_CAMELLIA128: - enc="Camellia(128)"; - break; - case SSL_CAMELLIA256: - enc="Camellia(256)"; - break; - case SSL_SEED: - enc="SEED(128)"; - break; - case SSL_eGOST2814789CNT: - enc="GOST89(256)"; - break; - default: - enc="unknown"; - break; - } - - switch (alg_mac) - { - case SSL_MD5: - mac="MD5"; - break; - case SSL_SHA1: - mac="SHA1"; - break; - case SSL_SHA256: - mac="SHA256"; - break; - case SSL_SHA384: - mac="SHA384"; - break; - case SSL_AEAD: - mac="AEAD"; - break; - case SSL_GOST89MAC: - mac="GOST89"; - break; - case SSL_GOST94: - mac="GOST94"; - break; - default: - mac="unknown"; - break; - } - - if (buf == NULL) - { - len=128; - buf=OPENSSL_malloc(len); - if (buf == NULL) return("OPENSSL_malloc Error"); - } - else if (len < 128) - return("Buffer too small"); - -#ifdef KSSL_DEBUG - BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl); -#else - BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str); -#endif /* KSSL_DEBUG */ - return(buf); - } - -char *SSL_CIPHER_get_version(const SSL_CIPHER *c) - { - int i; - - if (c == NULL) return("(NONE)"); - i=(int)(c->id>>24L); - if (i == 3) - return("TLSv1/SSLv3"); - else if (i == 2) - return("SSLv2"); - else - return("unknown"); - } - -/* return the actual cipher being used */ -const char *SSL_CIPHER_get_name(const SSL_CIPHER *c) - { - if (c != NULL) - return(c->name); - return("(NONE)"); - } - -/* number of bits for symmetric cipher */ -int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) - { - int ret=0; - - if (c != NULL) - { - if (alg_bits != NULL) *alg_bits = c->alg_bits; - ret = c->strength_bits; - } - return(ret); - } - -unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c) - { - return c->id; - } - -/* return string version of key exchange algorithm */ -const char* SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher) - { - switch (cipher->algorithm_mkey) - { - case SSL_kRSA: - return SSL_TXT_RSA; - case SSL_kDHr: - return SSL_TXT_DH "_" SSL_TXT_RSA; - case SSL_kDHd: - return SSL_TXT_DH "_" SSL_TXT_DSS; - case SSL_kEDH: - switch (cipher->algorithm_auth) - { - case SSL_aDSS: - return "DHE_" SSL_TXT_DSS; - case SSL_aRSA: - return "DHE_" SSL_TXT_RSA; - case SSL_aNULL: - return SSL_TXT_DH "_anon"; - default: - return "UNKNOWN"; - } - case SSL_kKRB5: - return SSL_TXT_KRB5; - case SSL_kECDHr: - return SSL_TXT_ECDH "_" SSL_TXT_RSA; - case SSL_kECDHe: - return SSL_TXT_ECDH "_" SSL_TXT_ECDSA; - case SSL_kEECDH: - switch (cipher->algorithm_auth) - { - case SSL_aECDSA: - return "ECDHE_" SSL_TXT_ECDSA; - case SSL_aRSA: - return "ECDHE_" SSL_TXT_RSA; - case SSL_aNULL: - return SSL_TXT_ECDH "_anon"; - default: - return "UNKNOWN"; - } - default: - return "UNKNOWN"; - } - } - -SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) - { - SSL_COMP *ctmp; - int i,nn; - - if ((n == 0) || (sk == NULL)) return(NULL); - nn=sk_SSL_COMP_num(sk); - for (i=0; i<nn; i++) - { - ctmp=sk_SSL_COMP_value(sk,i); - if (ctmp->id == n) - return(ctmp); - } - return(NULL); - } - -#ifdef OPENSSL_NO_COMP -void *SSL_COMP_get_compression_methods(void) - { - return NULL; - } -int SSL_COMP_add_compression_method(int id, void *cm) - { - return 1; - } - -const char *SSL_COMP_get_name(const void *comp) - { - return NULL; - } -#else -STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) - { - load_builtin_compressions(); - return(ssl_comp_methods); - } - -int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) - { - SSL_COMP *comp; - - if (cm == NULL || cm->type == NID_undef) - return 1; - - /* According to draft-ietf-tls-compression-04.txt, the - compression number ranges should be the following: - - 0 to 63: methods defined by the IETF - 64 to 192: external party methods assigned by IANA - 193 to 255: reserved for private use */ - if (id < 193 || id > 255) - { - SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); - return 0; - } - - MemCheck_off(); - comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); - comp->id=id; - comp->method=cm; - load_builtin_compressions(); - if (ssl_comp_methods - && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0) - { - OPENSSL_free(comp); - MemCheck_on(); - SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID); - return(1); - } - else if ((ssl_comp_methods == NULL) - || !sk_SSL_COMP_push(ssl_comp_methods,comp)) - { - OPENSSL_free(comp); - MemCheck_on(); - SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); - return(1); - } - else - { - MemCheck_on(); - return(0); - } - } - -const char *SSL_COMP_get_name(const COMP_METHOD *comp) - { - if (comp) - return comp->name; - return NULL; - } - -#endif diff --git a/main/openssl/ssl/ssl_err.c b/main/openssl/ssl/ssl_err.c deleted file mode 100644 index 0e92ccb0..00000000 --- a/main/openssl/ssl/ssl_err.c +++ /dev/null @@ -1,625 +0,0 @@ -/* ssl/ssl_err.c */ -/* ==================================================================== - * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include <stdio.h> -#include <openssl/err.h> -#include <openssl/ssl.h> - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR - -#define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0) -#define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason) - -static ERR_STRING_DATA SSL_str_functs[]= - { -{ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"}, -{ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"}, -{ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"}, -{ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, -{ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"}, -{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, -{ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"}, -{ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"}, -{ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"}, -{ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"}, -{ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"}, -{ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"}, -{ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"}, -{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"}, -{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, -{ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, -{ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"}, -{ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "DTLS1_HEARTBEAT"}, -{ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, -{ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, -{ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, -{ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"}, -{ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"}, -{ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"}, -{ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"}, -{ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"}, -{ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, -{ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"}, -{ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"}, -{ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"}, -{ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"}, -{ERR_FUNC(SSL_F_READ_N), "READ_N"}, -{ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"}, -{ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"}, -{ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"}, -{ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"}, -{ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"}, -{ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"}, -{ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"}, -{ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"}, -{ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"}, -{ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"}, -{ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"}, -{ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"}, -{ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"}, -{ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"}, -{ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"}, -{ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"}, -{ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"}, -{ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"}, -{ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"}, -{ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"}, -{ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"}, -{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, -{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, -{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, -{ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, -{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, -{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, -{ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "SSL3_DIGEST_CACHED_RECORDS"}, -{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, -{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, -{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, -{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, -{ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, -{ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, -{ERR_FUNC(SSL_F_SSL3_GET_CHANNEL_ID), "SSL3_GET_CHANNEL_ID"}, -{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, -{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, -{ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"}, -{ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, -{ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, -{ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, -{ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"}, -{ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, -{ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, -{ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, -{ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, -{ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"}, -{ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"}, -{ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, -{ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, -{ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, -{ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"}, -{ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"}, -{ERR_FUNC(SSL_F_SSL3_SEND_CHANNEL_ID), "SSL3_SEND_CHANNEL_ID"}, -{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"}, -{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, -{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"}, -{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"}, -{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"}, -{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, -{ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, -{ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"}, -{ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"}, -{ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, -{ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, -{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"}, -{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT), "SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"}, -{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, -{ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, -{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"}, -{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT), "SSL_ADD_SERVERHELLO_USE_SRTP_EXT"}, -{ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, -{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, -{ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"}, -{ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"}, -{ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, -{ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, -{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, -{ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"}, -{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, -{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, -{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, -{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"}, -{ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"}, -{ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"}, -{ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, -{ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "SSL_CTX_MAKE_PROFILES"}, -{ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, -{ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"}, -{ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"}, -{ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"}, -{ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"}, -{ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"}, -{ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"}, -{ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, -{ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, -{ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, -{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, -{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"}, -{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, -{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, -{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, -{ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, -{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, -{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"}, -{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, -{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"}, -{ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, -{ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, -{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, -{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, -{ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, -{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, -{ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"}, -{ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"}, -{ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"}, -{ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"}, -{ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"}, -{ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"}, -{ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"}, -{ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"}, -{ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"}, -{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"}, -{ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"}, -{ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"}, -{ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"}, -{ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, -{ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"}, -{ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"}, -{ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"}, -{ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"}, -{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"}, -{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"}, -{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"}, -{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"}, -{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"}, -{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"}, -{ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"}, -{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"}, -{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"}, -{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"}, -{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"}, -{ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"}, -{ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"}, -{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"}, -{ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"}, -{ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL), "TLS1_EXPORT_KEYING_MATERIAL"}, -{ERR_FUNC(SSL_F_TLS1_HEARTBEAT), "SSL_F_TLS1_HEARTBEAT"}, -{ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"}, -{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"}, -{ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"}, -{0,NULL} - }; - -static ERR_STRING_DATA SSL_str_reasons[]= - { -{ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) ,"app data in handshake"}, -{ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),"attempt to reuse session in different context"}, -{ERR_REASON(SSL_R_BAD_ALERT_RECORD) ,"bad alert record"}, -{ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"}, -{ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"}, -{ERR_REASON(SSL_R_BAD_CHECKSUM) ,"bad checksum"}, -{ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"}, -{ERR_REASON(SSL_R_BAD_DECOMPRESSION) ,"bad decompression"}, -{ERR_REASON(SSL_R_BAD_DH_G_LENGTH) ,"bad dh g length"}, -{ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) ,"bad dh pub key length"}, -{ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"}, -{ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"}, -{ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"}, -{ERR_REASON(SSL_R_BAD_ECC_CERT) ,"bad ecc cert"}, -{ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) ,"bad ecdsa signature"}, -{ERR_REASON(SSL_R_BAD_ECPOINT) ,"bad ecpoint"}, -{ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) ,"bad handshake length"}, -{ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"}, -{ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"}, -{ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"}, -{ERR_REASON(SSL_R_BAD_MAC_LENGTH) ,"bad mac length"}, -{ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) ,"bad message type"}, -{ERR_REASON(SSL_R_BAD_PACKET_LENGTH) ,"bad packet length"}, -{ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"}, -{ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH),"bad psk identity hint length"}, -{ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"}, -{ERR_REASON(SSL_R_BAD_RSA_DECRYPT) ,"bad rsa decrypt"}, -{ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) ,"bad rsa encrypt"}, -{ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) ,"bad rsa e length"}, -{ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"}, -{ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) ,"bad rsa signature"}, -{ERR_REASON(SSL_R_BAD_SIGNATURE) ,"bad signature"}, -{ERR_REASON(SSL_R_BAD_SRP_A_LENGTH) ,"bad srp a length"}, -{ERR_REASON(SSL_R_BAD_SRP_B_LENGTH) ,"bad srp b length"}, -{ERR_REASON(SSL_R_BAD_SRP_G_LENGTH) ,"bad srp g length"}, -{ERR_REASON(SSL_R_BAD_SRP_N_LENGTH) ,"bad srp n length"}, -{ERR_REASON(SSL_R_BAD_SRP_PARAMETERS) ,"bad srp parameters"}, -{ERR_REASON(SSL_R_BAD_SRP_S_LENGTH) ,"bad srp s length"}, -{ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE) ,"bad srtp mki value"}, -{ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),"bad srtp protection profile list"}, -{ERR_REASON(SSL_R_BAD_SSL_FILETYPE) ,"bad ssl filetype"}, -{ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"}, -{ERR_REASON(SSL_R_BAD_STATE) ,"bad state"}, -{ERR_REASON(SSL_R_BAD_WRITE_RETRY) ,"bad write retry"}, -{ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"}, -{ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"}, -{ERR_REASON(SSL_R_BN_LIB) ,"bn lib"}, -{ERR_REASON(SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY),"cannot serialize public key"}, -{ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"}, -{ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"}, -{ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"}, -{ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"}, -{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"}, -{ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"}, -{ERR_REASON(SSL_R_CHANNEL_ID_NOT_P256) ,"channel id not p256"}, -{ERR_REASON(SSL_R_CHANNEL_ID_SIGNATURE_INVALID),"Channel ID signature invalid"}, -{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"}, -{ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"}, -{ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"}, -{ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) ,"clienthello tlsext"}, -{ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"}, -{ERR_REASON(SSL_R_COMPRESSION_DISABLED) ,"compression disabled"}, -{ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"}, -{ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"}, -{ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"}, -{ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"}, -{ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"}, -{ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"}, -{ERR_REASON(SSL_R_D2I_ECDSA_SIG) ,"d2i ecdsa sig"}, -{ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"}, -{ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"}, -{ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"}, -{ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"}, -{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"}, -{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"}, -{ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) ,"dtls message too big"}, -{ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"}, -{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT),"ecc cert not for key agreement"}, -{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"}, -{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"}, -{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"}, -{ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"}, -{ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),"empty srtp protection profile list"}, -{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"}, -{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"}, -{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"}, -{ERR_REASON(SSL_R_EVP_DIGESTSIGNFINAL_FAILED),"evp digestsignfinal failed"}, -{ERR_REASON(SSL_R_EVP_DIGESTSIGNINIT_FAILED),"evp digestsigninit failed"}, -{ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"}, -{ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"}, -{ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"}, -{ERR_REASON(SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS),"got Channel ID before a ccs"}, -{ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),"got next proto before a ccs"}, -{ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),"got next proto without seeing extension"}, -{ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"}, -{ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"}, -{ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"}, -{ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK),"inappropriate fallback"}, -{ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"}, -{ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, -{ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, -{ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm"}, -{ERR_REASON(SSL_R_INVALID_MESSAGE) ,"invalid message"}, -{ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"}, -{ERR_REASON(SSL_R_INVALID_SRP_USERNAME) ,"invalid srp username"}, -{ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"}, -{ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"}, -{ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"}, -{ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"}, -{ERR_REASON(SSL_R_KRB5) ,"krb5"}, -{ERR_REASON(SSL_R_KRB5_C_CC_PRINC) ,"krb5 client cc principal (no tkt?)"}, -{ERR_REASON(SSL_R_KRB5_C_GET_CRED) ,"krb5 client get cred"}, -{ERR_REASON(SSL_R_KRB5_C_INIT) ,"krb5 client init"}, -{ERR_REASON(SSL_R_KRB5_C_MK_REQ) ,"krb5 client mk_req (expired tkt?)"}, -{ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) ,"krb5 server bad ticket"}, -{ERR_REASON(SSL_R_KRB5_S_INIT) ,"krb5 server init"}, -{ERR_REASON(SSL_R_KRB5_S_RD_REQ) ,"krb5 server rd_req (keytab perms?)"}, -{ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) ,"krb5 server tkt expired"}, -{ERR_REASON(SSL_R_KRB5_S_TKT_NYV) ,"krb5 server tkt not yet valid"}, -{ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) ,"krb5 server tkt skew"}, -{ERR_REASON(SSL_R_LENGTH_MISMATCH) ,"length mismatch"}, -{ERR_REASON(SSL_R_LENGTH_TOO_SHORT) ,"length too short"}, -{ERR_REASON(SSL_R_LIBRARY_BUG) ,"library bug"}, -{ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"}, -{ERR_REASON(SSL_R_MESSAGE_TOO_LONG) ,"message too long"}, -{ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) ,"missing dh dsa cert"}, -{ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"}, -{ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"}, -{ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"}, -{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"}, -{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"}, -{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"}, -{ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"}, -{ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"}, -{ERR_REASON(SSL_R_MISSING_SRP_PARAM) ,"can't find SRP server param"}, -{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"}, -{ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) ,"missing tmp ecdh key"}, -{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"}, -{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"}, -{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"}, -{ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"}, -{ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"}, -{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"}, -{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"}, -{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),"no certificate returned"}, -{ERR_REASON(SSL_R_NO_CERTIFICATE_SET) ,"no certificate set"}, -{ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED),"no certificate specified"}, -{ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) ,"no ciphers available"}, -{ERR_REASON(SSL_R_NO_CIPHERS_PASSED) ,"no ciphers passed"}, -{ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"}, -{ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"}, -{ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"}, -{ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"}, -{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"}, -{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"}, -{ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"}, -{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"}, -{ERR_REASON(SSL_R_NO_P256_SUPPORT) ,"no p256 support"}, -{ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"}, -{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"}, -{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"}, -{ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"}, -{ERR_REASON(SSL_R_NO_RENEGOTIATION) ,"no renegotiation"}, -{ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) ,"digest requred for handshake isn't computed"}, -{ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"}, -{ERR_REASON(SSL_R_NO_SRTP_PROFILES) ,"no srtp profiles"}, -{ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"}, -{ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"}, -{ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"}, -{ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"}, -{ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),"old session compression algorithm not returned"}, -{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"}, -{ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),"opaque PRF input too long"}, -{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"}, -{ERR_REASON(SSL_R_PARSE_TLSEXT) ,"parse tlsext"}, -{ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"}, -{ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"}, -{ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"}, -{ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE),"peer error certificate"}, -{ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"}, -{ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) ,"peer error no cipher"}, -{ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"}, -{ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"}, -{ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"}, -{ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) ,"protocol is shutdown"}, -{ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND),"psk identity not found"}, -{ERR_REASON(SSL_R_PSK_NO_CLIENT_CB) ,"psk no client cb"}, -{ERR_REASON(SSL_R_PSK_NO_SERVER_CB) ,"psk no server cb"}, -{ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"}, -{ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"}, -{ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, -{ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"}, -{ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) ,"read timeout expired"}, -{ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"}, -{ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"}, -{ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"}, -{ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"}, -{ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG),"renegotiate ext too long"}, -{ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),"renegotiation encoding err"}, -{ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH),"renegotiation mismatch"}, -{ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"}, -{ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING),"required compresssion algorithm missing"}, -{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"}, -{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"}, -{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"}, -{ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"}, -{ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"}, -{ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"}, -{ERR_REASON(SSL_R_SESSION_MAY_NOT_BE_CREATED),"session may not be created"}, -{ERR_REASON(SSL_R_SHORT_READ) ,"short read"}, -{ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR),"signature algorithms error"}, -{ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"}, -{ERR_REASON(SSL_R_SRP_A_CALC) ,"error with the srp params"}, -{ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES),"srtp could not allocate profiles"}, -{ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG),"srtp protection profile list too long"}, -{ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),"srtp unknown protection profile"}, -{ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"}, -{ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"}, -{ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT),"ssl3 ext invalid ecpointformat"}, -{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"}, -{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"}, -{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"}, -{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),"sslv3 alert bad record mac"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),"sslv3 alert certificate expired"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),"sslv3 alert certificate revoked"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),"sslv3 alert certificate unknown"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),"sslv3 alert decompression failure"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"}, -{ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"}, -{ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"}, -{ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"}, -{ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"}, -{ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"}, -{ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"}, -{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),"ssl session id has bad length"}, -{ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),"ssl session id is different"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),"tlsv1 alert access denied"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR),"tlsv1 alert decode error"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),"tlsv1 alert inappropriate fallback"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),"tlsv1 alert protocol version"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"}, -{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),"tlsv1 bad certificate hash value"}, -{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),"tlsv1 bad certificate status response"}, -{ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),"tlsv1 certificate unobtainable"}, -{ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME),"tlsv1 unrecognized name"}, -{ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),"tlsv1 unsupported extension"}, -{ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"}, -{ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),"peer does not accept heartbeats"}, -{ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) ,"heartbeat request already pending"}, -{ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL),"tls illegal exporter label"}, -{ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"}, -{ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"}, -{ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"}, -{ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"}, -{ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"}, -{ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),"unable to decode ecdh certs"}, -{ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"}, -{ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"}, -{ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),"unable to find ecdh parameters"}, -{ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"}, -{ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"}, -{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"}, -{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),"unable to load ssl3 md5 routines"}, -{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),"unable to load ssl3 sha1 routines"}, -{ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) ,"unexpected message"}, -{ERR_REASON(SSL_R_UNEXPECTED_RECORD) ,"unexpected record"}, -{ERR_REASON(SSL_R_UNINITIALIZED) ,"uninitialized"}, -{ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) ,"unknown alert type"}, -{ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"}, -{ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"}, -{ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) ,"unknown cipher type"}, -{ERR_REASON(SSL_R_UNKNOWN_DIGEST) ,"unknown digest"}, -{ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"}, -{ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) ,"unknown pkey type"}, -{ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) ,"unknown protocol"}, -{ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"}, -{ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"}, -{ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"}, -{ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"}, -{ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, -{ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, -{ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE),"unsupported digest type"}, -{ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"}, -{ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"}, -{ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"}, -{ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE),"unsupported status type"}, -{ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED),"use srtp not negotiated"}, -{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"}, -{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"}, -{ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"}, -{ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"}, -{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"}, -{ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) ,"wrong signature size"}, -{ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE) ,"wrong signature type"}, -{ERR_REASON(SSL_R_WRONG_SSL_VERSION) ,"wrong ssl version"}, -{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"}, -{ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"}, -{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"}, -{0,NULL} - }; - -#endif - -void ERR_load_SSL_strings(void) - { -#ifndef OPENSSL_NO_ERR - - if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) - { - ERR_load_strings(0,SSL_str_functs); - ERR_load_strings(0,SSL_str_reasons); - } -#endif - } diff --git a/main/openssl/ssl/ssl_err2.c b/main/openssl/ssl/ssl_err2.c deleted file mode 100644 index ea95a5f9..00000000 --- a/main/openssl/ssl/ssl_err2.c +++ /dev/null @@ -1,70 +0,0 @@ -/* ssl/ssl_err2.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include <openssl/err.h> -#include <openssl/ssl.h> - -void SSL_load_error_strings(void) - { -#ifndef OPENSSL_NO_ERR - ERR_load_crypto_strings(); - ERR_load_SSL_strings(); -#endif - } - diff --git a/main/openssl/ssl/ssl_lib.c b/main/openssl/ssl/ssl_lib.c deleted file mode 100644 index 3ea817ab..00000000 --- a/main/openssl/ssl/ssl_lib.c +++ /dev/null @@ -1,3543 +0,0 @@ -/*! \file ssl/ssl_lib.c - * \brief Version independent SSL functions. - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#ifdef REF_CHECK -# include <assert.h> -#endif -#include <stdio.h> -#include "ssl_locl.h" -#include "kssl_lcl.h" -#include <openssl/objects.h> -#include <openssl/lhash.h> -#include <openssl/x509v3.h> -#include <openssl/rand.h> -#include <openssl/ocsp.h> -#ifndef OPENSSL_NO_DH -#include <openssl/dh.h> -#endif -#ifndef OPENSSL_NO_ENGINE -#include <openssl/engine.h> -#endif - -const char *SSL_version_str=OPENSSL_VERSION_TEXT; - -SSL3_ENC_METHOD ssl3_undef_enc_method={ - /* evil casts, but these functions are only called if there's a library bug */ - (int (*)(SSL *,int))ssl_undefined_function, - (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, - ssl_undefined_function, - (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, - (int (*)(SSL*, int))ssl_undefined_function, - (int (*)(SSL *, const char*, int, unsigned char *))ssl_undefined_function, - 0, /* finish_mac_length */ - (int (*)(SSL *, int, unsigned char *))ssl_undefined_function, - NULL, /* client_finished_label */ - 0, /* client_finished_label_len */ - NULL, /* server_finished_label */ - 0, /* server_finished_label_len */ - (int (*)(int))ssl_undefined_function, - (int (*)(SSL *, unsigned char *, size_t, const char *, - size_t, const unsigned char *, size_t, - int use_context)) ssl_undefined_function, - }; - -int SSL_clear(SSL *s) - { - - if (s->method == NULL) - { - SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED); - return(0); - } - - if (ssl_clear_bad_session(s)) - { - SSL_SESSION_free(s->session); - s->session=NULL; - } - - s->error=0; - s->hit=0; - s->shutdown=0; - -#if 0 /* Disabled since version 1.10 of this file (early return not - * needed because SSL_clear is not called when doing renegotiation) */ - /* This is set if we are doing dynamic renegotiation so keep - * the old cipher. It is sort of a SSL_clear_lite :-) */ - if (s->renegotiate) return(1); -#else - if (s->renegotiate) - { - SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR); - return 0; - } -#endif - - s->type=0; - - s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT); - - s->version=s->method->version; - s->client_version=s->version; - s->rwstate=SSL_NOTHING; - s->rstate=SSL_ST_READ_HEADER; -#if 0 - s->read_ahead=s->ctx->read_ahead; -#endif - - if (s->init_buf != NULL) - { - BUF_MEM_free(s->init_buf); - s->init_buf=NULL; - } - - ssl_clear_cipher_ctx(s); - ssl_clear_hash_ctx(&s->read_hash); - ssl_clear_hash_ctx(&s->write_hash); - - s->first_packet=0; - -#if 1 - /* Check to see if we were changed into a different method, if - * so, revert back if we are not doing session-id reuse. */ - if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) - { - s->method->ssl_free(s); - s->method=s->ctx->method; - if (!s->method->ssl_new(s)) - return(0); - } - else -#endif - s->method->ssl_clear(s); - return(1); - } - -/** Used to change an SSL_CTXs default SSL method type */ -int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth) - { - STACK_OF(SSL_CIPHER) *sk; - - ctx->method=meth; - - sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list), - &(ctx->cipher_list_by_id), - meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); - if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) - { - SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); - return(0); - } - return(1); - } - -SSL *SSL_new(SSL_CTX *ctx) - { - SSL *s; - - if (ctx == NULL) - { - SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX); - return(NULL); - } - if (ctx->method == NULL) - { - SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); - return(NULL); - } - - s=(SSL *)OPENSSL_malloc(sizeof(SSL)); - if (s == NULL) goto err; - memset(s,0,sizeof(SSL)); - -#ifndef OPENSSL_NO_KRB5 - s->kssl_ctx = kssl_ctx_new(); -#endif /* OPENSSL_NO_KRB5 */ - - s->options=ctx->options; - s->mode=ctx->mode; - s->max_cert_list=ctx->max_cert_list; - - if (ctx->cert != NULL) - { - /* Earlier library versions used to copy the pointer to - * the CERT, not its contents; only when setting new - * parameters for the per-SSL copy, ssl_cert_new would be - * called (and the direct reference to the per-SSL_CTX - * settings would be lost, but those still were indirectly - * accessed for various purposes, and for that reason they - * used to be known as s->ctx->default_cert). - * Now we don't look at the SSL_CTX's CERT after having - * duplicated it once. */ - - s->cert = ssl_cert_dup(ctx->cert); - if (s->cert == NULL) - goto err; - } - else - s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ - - s->read_ahead=ctx->read_ahead; - s->msg_callback=ctx->msg_callback; - s->msg_callback_arg=ctx->msg_callback_arg; - s->verify_mode=ctx->verify_mode; -#if 0 - s->verify_depth=ctx->verify_depth; -#endif - s->sid_ctx_length=ctx->sid_ctx_length; - OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); - memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); - s->verify_callback=ctx->default_verify_callback; - s->session_creation_enabled=1; - s->generate_session_id=ctx->generate_session_id; - - s->param = X509_VERIFY_PARAM_new(); - if (!s->param) - goto err; - X509_VERIFY_PARAM_inherit(s->param, ctx->param); -#if 0 - s->purpose = ctx->purpose; - s->trust = ctx->trust; -#endif - s->quiet_shutdown=ctx->quiet_shutdown; - s->max_send_fragment = ctx->max_send_fragment; - - CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); - s->ctx=ctx; -#ifndef OPENSSL_NO_TLSEXT - s->tlsext_debug_cb = 0; - s->tlsext_debug_arg = NULL; - s->tlsext_ticket_expected = 0; - s->tlsext_status_type = -1; - s->tlsext_status_expected = 0; - s->tlsext_ocsp_ids = NULL; - s->tlsext_ocsp_exts = NULL; - s->tlsext_ocsp_resp = NULL; - s->tlsext_ocsp_resplen = -1; - CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); - s->initial_ctx=ctx; -# ifndef OPENSSL_NO_NEXTPROTONEG - s->next_proto_negotiated = NULL; -# endif - - if (s->ctx->alpn_client_proto_list) - { - s->alpn_client_proto_list = - OPENSSL_malloc(s->ctx->alpn_client_proto_list_len); - if (s->alpn_client_proto_list == NULL) - goto err; - memcpy(s->alpn_client_proto_list, s->ctx->alpn_client_proto_list, - s->ctx->alpn_client_proto_list_len); - s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len; - } -#endif - - s->verify_result=X509_V_OK; - - s->method=ctx->method; - - if (!s->method->ssl_new(s)) - goto err; - - s->references=1; - s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1; - - SSL_clear(s); - - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); - -#ifndef OPENSSL_NO_PSK - s->psk_identity_hint = NULL; - if (ctx->psk_identity_hint) - { - s->psk_identity_hint = BUF_strdup(ctx->psk_identity_hint); - if (s->psk_identity_hint == NULL) - goto err; - } - s->psk_client_callback=ctx->psk_client_callback; - s->psk_server_callback=ctx->psk_server_callback; -#endif - - return(s); -err: - if (s != NULL) - SSL_free(s); - SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - -int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, - unsigned int sid_ctx_len) - { - if(sid_ctx_len > sizeof ctx->sid_ctx) - { - SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); - return 0; - } - ctx->sid_ctx_length=sid_ctx_len; - memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len); - - return 1; - } - -int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, - unsigned int sid_ctx_len) - { - if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) - { - SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); - return 0; - } - ssl->sid_ctx_length=sid_ctx_len; - memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len); - - return 1; - } - -int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - ctx->generate_session_id = cb; - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - return 1; - } - -int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL); - ssl->generate_session_id = cb; - CRYPTO_w_unlock(CRYPTO_LOCK_SSL); - return 1; - } - -int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, - unsigned int id_len) - { - /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how - * we can "construct" a session to give us the desired check - ie. to - * find if there's a session in the hash table that would conflict with - * any new session built out of this id/id_len and the ssl_version in - * use by this SSL. */ - SSL_SESSION r, *p; - - if(id_len > sizeof r.session_id) - return 0; - - r.ssl_version = ssl->version; - r.session_id_length = id_len; - memcpy(r.session_id, id, id_len); - /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a - * callback is calling us to check the uniqueness of a shorter ID, it - * must be compared as a padded-out ID because that is what it will be - * converted to when the callback has finished choosing it. */ - if((r.ssl_version == SSL2_VERSION) && - (id_len < SSL2_SSL_SESSION_ID_LENGTH)) - { - memset(r.session_id + id_len, 0, - SSL2_SSL_SESSION_ID_LENGTH - id_len); - r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; - } - - CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); - p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); - return (p != NULL); - } - -int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) - { - return X509_VERIFY_PARAM_set_purpose(s->param, purpose); - } - -int SSL_set_purpose(SSL *s, int purpose) - { - return X509_VERIFY_PARAM_set_purpose(s->param, purpose); - } - -int SSL_CTX_set_trust(SSL_CTX *s, int trust) - { - return X509_VERIFY_PARAM_set_trust(s->param, trust); - } - -int SSL_set_trust(SSL *s, int trust) - { - return X509_VERIFY_PARAM_set_trust(s->param, trust); - } - -int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) - { - return X509_VERIFY_PARAM_set1(ctx->param, vpm); - } - -int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) - { - return X509_VERIFY_PARAM_set1(ssl->param, vpm); - } - -void SSL_free(SSL *s) - { - int i; - - if(s == NULL) - return; - - i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL); -#ifdef REF_PRINT - REF_PRINT("SSL",s); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"SSL_free, bad reference count\n"); - abort(); /* ok */ - } -#endif - - if (s->param) - X509_VERIFY_PARAM_free(s->param); - - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); - - if (s->bbio != NULL) - { - /* If the buffering BIO is in place, pop it off */ - if (s->bbio == s->wbio) - { - s->wbio=BIO_pop(s->wbio); - } - BIO_free(s->bbio); - s->bbio=NULL; - } - if (s->rbio != NULL) - BIO_free_all(s->rbio); - if ((s->wbio != NULL) && (s->wbio != s->rbio)) - BIO_free_all(s->wbio); - - if (s->init_buf != NULL) BUF_MEM_free(s->init_buf); - - /* add extra stuff */ - if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list); - if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id); - - /* Make the next call work :-) */ - if (s->session != NULL) - { - ssl_clear_bad_session(s); - SSL_SESSION_free(s->session); - } - - ssl_clear_cipher_ctx(s); - ssl_clear_hash_ctx(&s->read_hash); - ssl_clear_hash_ctx(&s->write_hash); - - if (s->cert != NULL) ssl_cert_free(s->cert); - /* Free up if allocated */ - -#ifndef OPENSSL_NO_TLSEXT - if (s->tlsext_hostname) - OPENSSL_free(s->tlsext_hostname); - if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); -#ifndef OPENSSL_NO_EC - if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist); - if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist); -#endif /* OPENSSL_NO_EC */ - if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input); - if (s->tlsext_ocsp_exts) - sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, - X509_EXTENSION_free); - if (s->tlsext_ocsp_ids) - sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); - if (s->tlsext_ocsp_resp) - OPENSSL_free(s->tlsext_ocsp_resp); - if (s->tlsext_channel_id_private) - EVP_PKEY_free(s->tlsext_channel_id_private); - if (s->alpn_client_proto_list) - OPENSSL_free(s->alpn_client_proto_list); -#endif - -#ifndef OPENSSL_NO_PSK - if (s->psk_identity_hint) - OPENSSL_free(s->psk_identity_hint); -#endif - - if (s->client_CA != NULL) - sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); - - if (s->method != NULL) s->method->ssl_free(s); - - if (s->ctx) SSL_CTX_free(s->ctx); - -#ifndef OPENSSL_NO_KRB5 - if (s->kssl_ctx != NULL) - kssl_ctx_free(s->kssl_ctx); -#endif /* OPENSSL_NO_KRB5 */ - -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) - if (s->next_proto_negotiated) - OPENSSL_free(s->next_proto_negotiated); -#endif - -#ifndef OPENSSL_NO_SRTP - if (s->srtp_profiles) - sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); -#endif - - OPENSSL_free(s); - } - -void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio) - { - /* If the output buffering BIO is still in place, remove it - */ - if (s->bbio != NULL) - { - if (s->wbio == s->bbio) - { - s->wbio=s->wbio->next_bio; - s->bbio->next_bio=NULL; - } - } - if ((s->rbio != NULL) && (s->rbio != rbio)) - BIO_free_all(s->rbio); - if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) - BIO_free_all(s->wbio); - s->rbio=rbio; - s->wbio=wbio; - } - -BIO *SSL_get_rbio(const SSL *s) - { return(s->rbio); } - -BIO *SSL_get_wbio(const SSL *s) - { return(s->wbio); } - -int SSL_get_fd(const SSL *s) - { - return(SSL_get_rfd(s)); - } - -int SSL_get_rfd(const SSL *s) - { - int ret= -1; - BIO *b,*r; - - b=SSL_get_rbio(s); - r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); - if (r != NULL) - BIO_get_fd(r,&ret); - return(ret); - } - -int SSL_get_wfd(const SSL *s) - { - int ret= -1; - BIO *b,*r; - - b=SSL_get_wbio(s); - r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); - if (r != NULL) - BIO_get_fd(r,&ret); - return(ret); - } - -#ifndef OPENSSL_NO_SOCK -int SSL_set_fd(SSL *s,int fd) - { - int ret=0; - BIO *bio=NULL; - - bio=BIO_new(BIO_s_socket()); - - if (bio == NULL) - { - SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB); - goto err; - } - BIO_set_fd(bio,fd,BIO_NOCLOSE); - SSL_set_bio(s,bio,bio); - ret=1; -err: - return(ret); - } - -int SSL_set_wfd(SSL *s,int fd) - { - int ret=0; - BIO *bio=NULL; - - if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) - || ((int)BIO_get_fd(s->rbio,NULL) != fd)) - { - bio=BIO_new(BIO_s_socket()); - - if (bio == NULL) - { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; } - BIO_set_fd(bio,fd,BIO_NOCLOSE); - SSL_set_bio(s,SSL_get_rbio(s),bio); - } - else - SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s)); - ret=1; -err: - return(ret); - } - -int SSL_set_rfd(SSL *s,int fd) - { - int ret=0; - BIO *bio=NULL; - - if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) - || ((int)BIO_get_fd(s->wbio,NULL) != fd)) - { - bio=BIO_new(BIO_s_socket()); - - if (bio == NULL) - { - SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB); - goto err; - } - BIO_set_fd(bio,fd,BIO_NOCLOSE); - SSL_set_bio(s,bio,SSL_get_wbio(s)); - } - else - SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s)); - ret=1; -err: - return(ret); - } -#endif - - -/* return length of latest Finished message we sent, copy to 'buf' */ -size_t SSL_get_finished(const SSL *s, void *buf, size_t count) - { - size_t ret = 0; - - if (s->s3 != NULL) - { - ret = s->s3->tmp.finish_md_len; - if (count > ret) - count = ret; - memcpy(buf, s->s3->tmp.finish_md, count); - } - return ret; - } - -/* return length of latest Finished message we expected, copy to 'buf' */ -size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) - { - size_t ret = 0; - - if (s->s3 != NULL) - { - ret = s->s3->tmp.peer_finish_md_len; - if (count > ret) - count = ret; - memcpy(buf, s->s3->tmp.peer_finish_md, count); - } - return ret; - } - - -int SSL_get_verify_mode(const SSL *s) - { - return(s->verify_mode); - } - -int SSL_get_verify_depth(const SSL *s) - { - return X509_VERIFY_PARAM_get_depth(s->param); - } - -int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *) - { - return(s->verify_callback); - } - -int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) - { - return(ctx->verify_mode); - } - -int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) - { - return X509_VERIFY_PARAM_get_depth(ctx->param); - } - -int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *) - { - return(ctx->default_verify_callback); - } - -void SSL_set_verify(SSL *s,int mode, - int (*callback)(int ok,X509_STORE_CTX *ctx)) - { - s->verify_mode=mode; - if (callback != NULL) - s->verify_callback=callback; - } - -void SSL_set_verify_depth(SSL *s,int depth) - { - X509_VERIFY_PARAM_set_depth(s->param, depth); - } - -void SSL_set_read_ahead(SSL *s,int yes) - { - s->read_ahead=yes; - } - -int SSL_get_read_ahead(const SSL *s) - { - return(s->read_ahead); - } - -int SSL_pending(const SSL *s) - { - /* SSL_pending cannot work properly if read-ahead is enabled - * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), - * and it is impossible to fix since SSL_pending cannot report - * errors that may be observed while scanning the new data. - * (Note that SSL_pending() is often used as a boolean value, - * so we'd better not return -1.) - */ - return(s->method->ssl_pending(s)); - } - -X509 *SSL_get_peer_certificate(const SSL *s) - { - X509 *r; - - if ((s == NULL) || (s->session == NULL)) - r=NULL; - else - r=s->session->peer; - - if (r == NULL) return(r); - - CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509); - - return(r); - } - -STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) - { - STACK_OF(X509) *r; - - if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL)) - r=NULL; - else - r=s->session->sess_cert->cert_chain; - - /* If we are a client, cert_chain includes the peer's own - * certificate; if we are a server, it does not. */ - - return(r); - } - -/* Now in theory, since the calling process own 't' it should be safe to - * modify. We need to be able to read f without being hassled */ -void SSL_copy_session_id(SSL *t,const SSL *f) - { - CERT *tmp; - - /* Do we need to to SSL locking? */ - SSL_set_session(t,SSL_get_session(f)); - - /* what if we are setup as SSLv2 but want to talk SSLv3 or - * vice-versa */ - if (t->method != f->method) - { - t->method->ssl_free(t); /* cleanup current */ - t->method=f->method; /* change method */ - t->method->ssl_new(t); /* setup new */ - } - - tmp=t->cert; - if (f->cert != NULL) - { - CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT); - t->cert=f->cert; - } - else - t->cert=NULL; - if (tmp != NULL) ssl_cert_free(tmp); - SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length); - } - -/* Fix this so it checks all the valid key/cert options */ -int SSL_CTX_check_private_key(const SSL_CTX *ctx) - { - if ( (ctx == NULL) || - (ctx->cert == NULL) || - (ctx->cert->key->x509 == NULL)) - { - SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); - return(0); - } - if (ctx->cert->key->privatekey == NULL) - { - SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); - return(0); - } - return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); - } - -/* Fix this function so that it takes an optional type parameter */ -int SSL_check_private_key(const SSL *ssl) - { - if (ssl == NULL) - { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (ssl->cert == NULL) - { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); - return 0; - } - if (ssl->cert->key->x509 == NULL) - { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); - return(0); - } - if (ssl->cert->key->privatekey == NULL) - { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); - return(0); - } - return(X509_check_private_key(ssl->cert->key->x509, - ssl->cert->key->privatekey)); - } - -int SSL_accept(SSL *s) - { - if (s->handshake_func == 0) - /* Not properly initialized yet */ - SSL_set_accept_state(s); - - return(s->method->ssl_accept(s)); - } - -int SSL_connect(SSL *s) - { - if (s->handshake_func == 0) - /* Not properly initialized yet */ - SSL_set_connect_state(s); - - return(s->method->ssl_connect(s)); - } - -long SSL_get_default_timeout(const SSL *s) - { - return(s->method->get_timeout()); - } - -int SSL_read(SSL *s,void *buf,int num) - { - if (s->handshake_func == 0) - { - SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); - return -1; - } - - if (s->shutdown & SSL_RECEIVED_SHUTDOWN) - { - s->rwstate=SSL_NOTHING; - return(0); - } - return(s->method->ssl_read(s,buf,num)); - } - -int SSL_peek(SSL *s,void *buf,int num) - { - if (s->handshake_func == 0) - { - SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); - return -1; - } - - if (s->shutdown & SSL_RECEIVED_SHUTDOWN) - { - return(0); - } - return(s->method->ssl_peek(s,buf,num)); - } - -int SSL_write(SSL *s,const void *buf,int num) - { - if (s->handshake_func == 0) - { - SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); - return -1; - } - - if (s->shutdown & SSL_SENT_SHUTDOWN) - { - s->rwstate=SSL_NOTHING; - SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN); - return(-1); - } - return(s->method->ssl_write(s,buf,num)); - } - -int SSL_shutdown(SSL *s) - { - /* Note that this function behaves differently from what one might - * expect. Return values are 0 for no success (yet), - * 1 for success; but calling it once is usually not enough, - * even if blocking I/O is used (see ssl3_shutdown). - */ - - if (s->handshake_func == 0) - { - SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); - return -1; - } - - if ((s != NULL) && !SSL_in_init(s)) - return(s->method->ssl_shutdown(s)); - else - return(1); - } - -int SSL_renegotiate(SSL *s) - { - if (s->renegotiate == 0) - s->renegotiate=1; - - s->new_session=1; - - return(s->method->ssl_renegotiate(s)); - } - -int SSL_renegotiate_abbreviated(SSL *s) - { - if (s->renegotiate == 0) - s->renegotiate=1; - - s->new_session=0; - - return(s->method->ssl_renegotiate(s)); - } - -int SSL_renegotiate_pending(SSL *s) - { - /* becomes true when negotiation is requested; - * false again once a handshake has finished */ - return (s->renegotiate != 0); - } - -long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) - { - long l; - - switch (cmd) - { - case SSL_CTRL_GET_READ_AHEAD: - return(s->read_ahead); - case SSL_CTRL_SET_READ_AHEAD: - l=s->read_ahead; - s->read_ahead=larg; - return(l); - - case SSL_CTRL_SET_MSG_CALLBACK_ARG: - s->msg_callback_arg = parg; - return 1; - - case SSL_CTRL_OPTIONS: - return(s->options|=larg); - case SSL_CTRL_CLEAR_OPTIONS: - return(s->options&=~larg); - case SSL_CTRL_MODE: - return(s->mode|=larg); - case SSL_CTRL_CLEAR_MODE: - return(s->mode &=~larg); - case SSL_CTRL_GET_MAX_CERT_LIST: - return(s->max_cert_list); - case SSL_CTRL_SET_MAX_CERT_LIST: - l=s->max_cert_list; - s->max_cert_list=larg; - return(l); - case SSL_CTRL_SET_MAX_SEND_FRAGMENT: - if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) - return 0; - s->max_send_fragment = larg; - return 1; - case SSL_CTRL_GET_RI_SUPPORT: - if (s->s3) - return s->s3->send_connection_binding; - else return 0; - default: - return(s->method->ssl_ctrl(s,cmd,larg,parg)); - } - } - -long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) - { - switch(cmd) - { - case SSL_CTRL_SET_MSG_CALLBACK: - s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); - return 1; - - default: - return(s->method->ssl_callback_ctrl(s,cmd,fp)); - } - } - -LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) - { - return ctx->sessions; - } - -long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg) - { - long l; - - switch (cmd) - { - case SSL_CTRL_GET_READ_AHEAD: - return(ctx->read_ahead); - case SSL_CTRL_SET_READ_AHEAD: - l=ctx->read_ahead; - ctx->read_ahead=larg; - return(l); - - case SSL_CTRL_SET_MSG_CALLBACK_ARG: - ctx->msg_callback_arg = parg; - return 1; - - case SSL_CTRL_GET_MAX_CERT_LIST: - return(ctx->max_cert_list); - case SSL_CTRL_SET_MAX_CERT_LIST: - l=ctx->max_cert_list; - ctx->max_cert_list=larg; - return(l); - - case SSL_CTRL_SET_SESS_CACHE_SIZE: - l=ctx->session_cache_size; - ctx->session_cache_size=larg; - return(l); - case SSL_CTRL_GET_SESS_CACHE_SIZE: - return(ctx->session_cache_size); - case SSL_CTRL_SET_SESS_CACHE_MODE: - l=ctx->session_cache_mode; - ctx->session_cache_mode=larg; - return(l); - case SSL_CTRL_GET_SESS_CACHE_MODE: - return(ctx->session_cache_mode); - - case SSL_CTRL_SESS_NUMBER: - return(lh_SSL_SESSION_num_items(ctx->sessions)); - case SSL_CTRL_SESS_CONNECT: - return(ctx->stats.sess_connect); - case SSL_CTRL_SESS_CONNECT_GOOD: - return(ctx->stats.sess_connect_good); - case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: - return(ctx->stats.sess_connect_renegotiate); - case SSL_CTRL_SESS_ACCEPT: - return(ctx->stats.sess_accept); - case SSL_CTRL_SESS_ACCEPT_GOOD: - return(ctx->stats.sess_accept_good); - case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: - return(ctx->stats.sess_accept_renegotiate); - case SSL_CTRL_SESS_HIT: - return(ctx->stats.sess_hit); - case SSL_CTRL_SESS_CB_HIT: - return(ctx->stats.sess_cb_hit); - case SSL_CTRL_SESS_MISSES: - return(ctx->stats.sess_miss); - case SSL_CTRL_SESS_TIMEOUTS: - return(ctx->stats.sess_timeout); - case SSL_CTRL_SESS_CACHE_FULL: - return(ctx->stats.sess_cache_full); - case SSL_CTRL_OPTIONS: - return(ctx->options|=larg); - case SSL_CTRL_CLEAR_OPTIONS: - return(ctx->options&=~larg); - case SSL_CTRL_MODE: - return(ctx->mode|=larg); - case SSL_CTRL_CLEAR_MODE: - return(ctx->mode&=~larg); - case SSL_CTRL_SET_MAX_SEND_FRAGMENT: - if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) - return 0; - ctx->max_send_fragment = larg; - return 1; - default: - return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg)); - } - } - -long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) - { - switch(cmd) - { - case SSL_CTRL_SET_MSG_CALLBACK: - ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); - return 1; - - default: - return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp)); - } - } - -int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) - { - long l; - - l=a->id-b->id; - if (l == 0L) - return(0); - else - return((l > 0)?1:-1); - } - -int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, - const SSL_CIPHER * const *bp) - { - long l; - - l=(*ap)->id-(*bp)->id; - if (l == 0L) - return(0); - else - return((l > 0)?1:-1); - } - -/** return a STACK of the ciphers available for the SSL and in order of - * preference */ -STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) - { - if (s != NULL) - { - if (s->cipher_list != NULL) - { - return(s->cipher_list); - } - else if ((s->ctx != NULL) && - (s->ctx->cipher_list != NULL)) - { - return(s->ctx->cipher_list); - } - } - return(NULL); - } - -/** return a STACK of the ciphers available for the SSL and in order of - * algorithm id */ -STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) - { - if (s != NULL) - { - if (s->cipher_list_by_id != NULL) - { - return(s->cipher_list_by_id); - } - else if ((s->ctx != NULL) && - (s->ctx->cipher_list_by_id != NULL)) - { - return(s->ctx->cipher_list_by_id); - } - } - return(NULL); - } - -/** The old interface to get the same thing as SSL_get_ciphers() */ -const char *SSL_get_cipher_list(const SSL *s,int n) - { - SSL_CIPHER *c; - STACK_OF(SSL_CIPHER) *sk; - - if (s == NULL) return(NULL); - sk=SSL_get_ciphers(s); - if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) - return(NULL); - c=sk_SSL_CIPHER_value(sk,n); - if (c == NULL) return(NULL); - return(c->name); - } - -/** specify the ciphers to be used by default by the SSL_CTX */ -int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) - { - STACK_OF(SSL_CIPHER) *sk; - - sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list, - &ctx->cipher_list_by_id,str); - /* ssl_create_cipher_list may return an empty stack if it - * was unable to find a cipher matching the given rule string - * (for example if the rule string specifies a cipher which - * has been disabled). This is not an error as far as - * ssl_create_cipher_list is concerned, and hence - * ctx->cipher_list and ctx->cipher_list_by_id has been - * updated. */ - if (sk == NULL) - return 0; - else if (sk_SSL_CIPHER_num(sk) == 0) - { - SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); - return 0; - } - return 1; - } - -/** specify the ciphers to be used by the SSL */ -int SSL_set_cipher_list(SSL *s,const char *str) - { - STACK_OF(SSL_CIPHER) *sk; - - sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list, - &s->cipher_list_by_id,str); - /* see comment in SSL_CTX_set_cipher_list */ - if (sk == NULL) - return 0; - else if (sk_SSL_CIPHER_num(sk) == 0) - { - SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); - return 0; - } - return 1; - } - -/** specify the ciphers to be used by the SSL */ -int SSL_set_cipher_lists(SSL *s,STACK_OF(SSL_CIPHER) *sk) - { - STACK_OF(SSL_CIPHER) *tmp_cipher_list; - - if (sk == NULL) - return 0; - - /* Based on end of ssl_create_cipher_list */ - tmp_cipher_list = sk_SSL_CIPHER_dup(sk); - if (tmp_cipher_list == NULL) - { - return 0; - } - if (s->cipher_list != NULL) - sk_SSL_CIPHER_free(s->cipher_list); - s->cipher_list = sk; - if (s->cipher_list_by_id != NULL) - sk_SSL_CIPHER_free(s->cipher_list_by_id); - s->cipher_list_by_id = tmp_cipher_list; - (void)sk_SSL_CIPHER_set_cmp_func(s->cipher_list_by_id,ssl_cipher_ptr_id_cmp); - - sk_SSL_CIPHER_sort(s->cipher_list_by_id); - return 1; - } - -/* works well for SSLv2, not so good for SSLv3 */ -char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) - { - char *p; - STACK_OF(SSL_CIPHER) *sk; - SSL_CIPHER *c; - int i; - - if ((s->session == NULL) || (s->session->ciphers == NULL) || - (len < 2)) - return(NULL); - - p=buf; - sk=s->session->ciphers; - - if (sk_SSL_CIPHER_num(sk) == 0) - return NULL; - - for (i=0; i<sk_SSL_CIPHER_num(sk); i++) - { - int n; - - c=sk_SSL_CIPHER_value(sk,i); - n=strlen(c->name); - if (n+1 > len) - { - if (p != buf) - --p; - *p='\0'; - return buf; - } - strcpy(p,c->name); - p+=n; - *(p++)=':'; - len-=n+1; - } - p[-1]='\0'; - return(buf); - } - -int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, - int (*put_cb)(const SSL_CIPHER *, unsigned char *)) - { - int i,j=0; - SSL_CIPHER *c; - unsigned char *q; -#ifndef OPENSSL_NO_KRB5 - int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); -#endif /* OPENSSL_NO_KRB5 */ - - if (sk == NULL) return(0); - q=p; - if (put_cb == NULL) - put_cb = s->method->put_cipher_by_char; - - for (i=0; i<sk_SSL_CIPHER_num(sk); i++) - { - c=sk_SSL_CIPHER_value(sk,i); - /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ - if ((c->algorithm_ssl & SSL_TLSV1_2) && - (TLS1_get_client_version(s) < TLS1_2_VERSION)) - continue; -#ifndef OPENSSL_NO_KRB5 - if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && - nokrb5) - continue; -#endif /* OPENSSL_NO_KRB5 */ -#ifndef OPENSSL_NO_PSK - /* with PSK there must be client callback set */ - if ((c->algorithm_auth & SSL_aPSK) && - s->psk_client_callback == NULL) - continue; -#endif /* OPENSSL_NO_PSK */ -#ifndef OPENSSL_NO_SRP - if (((c->algorithm_mkey & SSL_kSRP) || (c->algorithm_auth & SSL_aSRP)) && - !(s->srp_ctx.srp_Mask & SSL_kSRP)) - continue; -#endif /* OPENSSL_NO_SRP */ - j = put_cb(c,p); - p+=j; - } - /* If p == q, no ciphers; caller indicates an error. - * Otherwise, add applicable SCSVs. */ - if (p != q) - { - if (!s->renegotiate) - { - static SSL_CIPHER scsv = - { - 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 - }; - j = put_cb(&scsv,p); - p+=j; -#ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n"); -#endif - } - - if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) - { - static SSL_CIPHER scsv = - { - 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 - }; - j = put_cb(&scsv,p); - p+=j; - } - } - - return(p-q); - } - -STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, - STACK_OF(SSL_CIPHER) **skp) - { - const SSL_CIPHER *c; - STACK_OF(SSL_CIPHER) *sk; - int i,n; - - if (s->s3) - s->s3->send_connection_binding = 0; - - n=ssl_put_cipher_by_char(s,NULL,NULL); - if (n == 0 || (num%n) != 0) - { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); - return(NULL); - } - if ((skp == NULL) || (*skp == NULL)) - sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */ - else - { - sk= *skp; - sk_SSL_CIPHER_zero(sk); - } - - for (i=0; i<num; i+=n) - { - /* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ - if (s->s3 && (n != 3 || !p[0]) && - (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && - (p[n-1] == (SSL3_CK_SCSV & 0xff))) - { - /* SCSV fatal if renegotiating */ - if (s->renegotiate) - { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); - goto err; - } - s->s3->send_connection_binding = 1; - p += n; -#ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "SCSV received by server\n"); -#endif - continue; - } - - /* Check for TLS_FALLBACK_SCSV */ - if ((n != 3 || !p[0]) && - (p[n-2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) && - (p[n-1] == (SSL3_CK_FALLBACK_SCSV & 0xff))) - { - /* The SCSV indicates that the client previously tried a higher version. - * Fail if the current version is an unexpected downgrade. */ - if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL)) - { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_INAPPROPRIATE_FALLBACK); - if (s->s3) - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INAPPROPRIATE_FALLBACK); - goto err; - } - p += n; - continue; - } - - c=ssl_get_cipher_by_char(s,p); - p+=n; - if (c != NULL) - { - if (!sk_SSL_CIPHER_push(sk,c)) - { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE); - goto err; - } - } - } - - if (skp != NULL) - *skp=sk; - return(sk); -err: - if ((skp == NULL) || (*skp == NULL)) - sk_SSL_CIPHER_free(sk); - return(NULL); - } - - -#ifndef OPENSSL_NO_TLSEXT -/** return a servername extension value if provided in Client Hello, or NULL. - * So far, only host_name types are defined (RFC 3546). - */ - -const char *SSL_get_servername(const SSL *s, const int type) - { - if (type != TLSEXT_NAMETYPE_host_name) - return NULL; - - return s->session && !s->tlsext_hostname ? - s->session->tlsext_hostname : - s->tlsext_hostname; - } - -int SSL_get_servername_type(const SSL *s) - { - if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) - return TLSEXT_NAMETYPE_host_name; - return -1; - } - -# ifndef OPENSSL_NO_NEXTPROTONEG -/* SSL_select_next_proto implements the standard protocol selection. It is - * expected that this function is called from the callback set by - * SSL_CTX_set_next_proto_select_cb. - * - * The protocol data is assumed to be a vector of 8-bit, length prefixed byte - * strings. The length byte itself is not included in the length. A byte - * string of length 0 is invalid. No byte string may be truncated. - * - * The current, but experimental algorithm for selecting the protocol is: - * - * 1) If the server doesn't support NPN then this is indicated to the - * callback. In this case, the client application has to abort the connection - * or have a default application level protocol. - * - * 2) If the server supports NPN, but advertises an empty list then the - * client selects the first protcol in its list, but indicates via the - * API that this fallback case was enacted. - * - * 3) Otherwise, the client finds the first protocol in the server's list - * that it supports and selects this protocol. This is because it's - * assumed that the server has better information about which protocol - * a client should use. - * - * 4) If the client doesn't support any of the server's advertised - * protocols, then this is treated the same as case 2. - * - * It returns either - * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or - * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. - */ -int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len) - { - unsigned int i, j; - const unsigned char *result; - int status = OPENSSL_NPN_UNSUPPORTED; - - /* For each protocol in server preference order, see if we support it. */ - for (i = 0; i < server_len; ) - { - for (j = 0; j < client_len; ) - { - if (server[i] == client[j] && - memcmp(&server[i+1], &client[j+1], server[i]) == 0) - { - /* We found a match */ - result = &server[i]; - status = OPENSSL_NPN_NEGOTIATED; - goto found; - } - j += client[j]; - j++; - } - i += server[i]; - i++; - } - - /* There's no overlap between our protocols and the server's list. */ - result = client; - status = OPENSSL_NPN_NO_OVERLAP; - - found: - *out = (unsigned char *) result + 1; - *outlen = result[0]; - return status; - } - -/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's - * requested protocol for this connection and returns 0. If the client didn't - * request any protocol, then *data is set to NULL. - * - * Note that the client can request any protocol it chooses. The value returned - * from this function need not be a member of the list of supported protocols - * provided by the callback. - */ -void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) - { - *data = s->next_proto_negotiated; - if (!*data) { - *len = 0; - } else { - *len = s->next_proto_negotiated_len; - } -} - -/* SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a - * TLS server needs a list of supported protocols for Next Protocol - * Negotiation. The returned list must be in wire format. The list is returned - * by setting |out| to point to it and |outlen| to its length. This memory will - * not be modified, but one should assume that the SSL* keeps a reference to - * it. - * - * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no - * such extension will be included in the ServerHello. */ -void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) - { - ctx->next_protos_advertised_cb = cb; - ctx->next_protos_advertised_cb_arg = arg; - } - -/* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a - * client needs to select a protocol from the server's provided list. |out| - * must be set to point to the selected protocol (which may be within |in|). - * The length of the protocol name must be written into |outlen|. The server's - * advertised protocols are provided in |in| and |inlen|. The callback can - * assume that |in| is syntactically valid. - * - * The client must select a protocol. It is fatal to the connection if this - * callback returns a value other than SSL_TLSEXT_ERR_OK. - */ -void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) - { - ctx->next_proto_select_cb = cb; - ctx->next_proto_select_cb_arg = arg; - } -# endif - -/* SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|. - * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit - * length-prefixed strings). - * - * Returns 0 on success. */ -int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char* protos, - unsigned protos_len) - { - if (ctx->alpn_client_proto_list) - OPENSSL_free(ctx->alpn_client_proto_list); - - ctx->alpn_client_proto_list = OPENSSL_malloc(protos_len); - if (!ctx->alpn_client_proto_list) - return 1; - memcpy(ctx->alpn_client_proto_list, protos, protos_len); - ctx->alpn_client_proto_list_len = protos_len; - - return 0; - } - -/* SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|. - * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit - * length-prefixed strings). - * - * Returns 0 on success. */ -int SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos, - unsigned protos_len) - { - if (ssl->alpn_client_proto_list) - OPENSSL_free(ssl->alpn_client_proto_list); - - ssl->alpn_client_proto_list = OPENSSL_malloc(protos_len); - if (!ssl->alpn_client_proto_list) - return 1; - memcpy(ssl->alpn_client_proto_list, protos, protos_len); - ssl->alpn_client_proto_list_len = protos_len; - - return 0; - } - -/* SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is called - * during ClientHello processing in order to select an ALPN protocol from the - * client's list of offered protocols. */ -void SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx, - int (*cb) (SSL *ssl, - const unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg), - void *arg) - { - ctx->alpn_select_cb = cb; - ctx->alpn_select_cb_arg = arg; - } - -/* SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|. - * On return it sets |*data| to point to |*len| bytes of protocol name (not - * including the leading length-prefix byte). If the server didn't respond with - * a negotiated protocol then |*len| will be zero. */ -void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, - unsigned *len) - { - *data = NULL; - if (ssl->s3) - *data = ssl->s3->alpn_selected; - if (*data == NULL) - *len = 0; - else - *len = ssl->s3->alpn_selected_len; - } -#endif - -int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, const unsigned char *p, size_t plen, - int use_context) - { - if (s->version < TLS1_VERSION) - return -1; - - return s->method->ssl3_enc->export_keying_material(s, out, olen, label, - llen, p, plen, - use_context); - } - -static unsigned long ssl_session_hash(const SSL_SESSION *a) - { - unsigned long l; - - l=(unsigned long) - ((unsigned int) a->session_id[0] )| - ((unsigned int) a->session_id[1]<< 8L)| - ((unsigned long)a->session_id[2]<<16L)| - ((unsigned long)a->session_id[3]<<24L); - return(l); - } - -/* NB: If this function (or indeed the hash function which uses a sort of - * coarser function than this one) is changed, ensure - * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being - * able to construct an SSL_SESSION that will collide with any existing session - * with a matching session ID. */ -static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b) - { - if (a->ssl_version != b->ssl_version) - return(1); - if (a->session_id_length != b->session_id_length) - return(1); - return(memcmp(a->session_id,b->session_id,a->session_id_length)); - } - -/* These wrapper functions should remain rather than redeclaring - * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each - * variable. The reason is that the functions aren't static, they're exposed via - * ssl.h. */ -static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) -static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) - -SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) - { - SSL_CTX *ret=NULL; - - if (meth == NULL) - { - SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED); - return(NULL); - } - -#ifdef OPENSSL_FIPS - if (FIPS_mode() && (meth->version < TLS1_VERSION)) - { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); - return NULL; - } -#endif - - if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) - { - SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); - goto err; - } - ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); - if (ret == NULL) - goto err; - - memset(ret,0,sizeof(SSL_CTX)); - - ret->method=meth; - - ret->cert_store=NULL; - ret->session_cache_mode=SSL_SESS_CACHE_SERVER; - ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; - ret->session_cache_head=NULL; - ret->session_cache_tail=NULL; - - /* We take the system default */ - ret->session_timeout=meth->get_timeout(); - - ret->new_session_cb=0; - ret->remove_session_cb=0; - ret->get_session_cb=0; - ret->generate_session_id=0; - - memset((char *)&ret->stats,0,sizeof(ret->stats)); - - ret->references=1; - ret->quiet_shutdown=0; - -/* ret->cipher=NULL;*/ -/* ret->s2->challenge=NULL; - ret->master_key=NULL; - ret->key_arg=NULL; - ret->s2->conn_id=NULL; */ - - ret->info_callback=NULL; - - ret->app_verify_callback=0; - ret->app_verify_arg=NULL; - - ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT; - ret->read_ahead=0; - ret->msg_callback=0; - ret->msg_callback_arg=NULL; - ret->verify_mode=SSL_VERIFY_NONE; -#if 0 - ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ -#endif - ret->sid_ctx_length=0; - ret->default_verify_callback=NULL; - if ((ret->cert=ssl_cert_new()) == NULL) - goto err; - - ret->default_passwd_callback=0; - ret->default_passwd_callback_userdata=NULL; - ret->client_cert_cb=0; - ret->app_gen_cookie_cb=0; - ret->app_verify_cookie_cb=0; - - ret->sessions=lh_SSL_SESSION_new(); - if (ret->sessions == NULL) goto err; - ret->cert_store=X509_STORE_new(); - if (ret->cert_store == NULL) goto err; - - ssl_create_cipher_list(ret->method, - &ret->cipher_list,&ret->cipher_list_by_id, - meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); - if (ret->cipher_list == NULL - || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) - { - SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS); - goto err2; - } - - ret->param = X509_VERIFY_PARAM_new(); - if (!ret->param) - goto err; - - if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL) - { - SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); - goto err2; - } - if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL) - { - SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); - goto err2; - } - if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL) - { - SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); - goto err2; - } - - if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL) - goto err; - - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); - - ret->extra_certs=NULL; - /* No compression for DTLS */ - if (meth->version != DTLS1_VERSION) - ret->comp_methods=SSL_COMP_get_compression_methods(); - - ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; - -#ifndef OPENSSL_NO_TLSEXT - ret->tlsext_servername_callback = 0; - ret->tlsext_servername_arg = NULL; - /* Setup RFC4507 ticket keys */ - if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) - || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) - || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) - ret->options |= SSL_OP_NO_TICKET; - - ret->tlsext_status_cb = 0; - ret->tlsext_status_arg = NULL; - -# ifndef OPENSSL_NO_NEXTPROTONEG - ret->next_protos_advertised_cb = 0; - ret->next_proto_select_cb = 0; -# endif -#endif -#ifndef OPENSSL_NO_PSK - ret->psk_identity_hint=NULL; - ret->psk_client_callback=NULL; - ret->psk_server_callback=NULL; -#endif -#ifndef OPENSSL_NO_SRP - SSL_CTX_SRP_CTX_init(ret); -#endif -#ifndef OPENSSL_NO_BUF_FREELISTS - ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT; - ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); - if (!ret->rbuf_freelist) - goto err; - ret->rbuf_freelist->chunklen = 0; - ret->rbuf_freelist->len = 0; - ret->rbuf_freelist->head = NULL; - ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); - if (!ret->wbuf_freelist) - { - OPENSSL_free(ret->rbuf_freelist); - goto err; - } - ret->wbuf_freelist->chunklen = 0; - ret->wbuf_freelist->len = 0; - ret->wbuf_freelist->head = NULL; -#endif -#ifndef OPENSSL_NO_ENGINE - ret->client_cert_engine = NULL; -#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO -#define eng_strx(x) #x -#define eng_str(x) eng_strx(x) - /* Use specific client engine automatically... ignore errors */ - { - ENGINE *eng; - eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); - if (!eng) - { - ERR_clear_error(); - ENGINE_load_builtin_engines(); - eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); - } - if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) - ERR_clear_error(); - } -#endif -#endif - /* Default is to connect to non-RI servers. When RI is more widely - * deployed might change this. - */ - ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; - - return(ret); -err: - SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); -err2: - if (ret != NULL) SSL_CTX_free(ret); - return(NULL); - } - -#if 0 -static void SSL_COMP_free(SSL_COMP *comp) - { OPENSSL_free(comp); } -#endif - -#ifndef OPENSSL_NO_BUF_FREELISTS -static void -ssl_buf_freelist_free(SSL3_BUF_FREELIST *list) - { - SSL3_BUF_FREELIST_ENTRY *ent, *next; - for (ent = list->head; ent; ent = next) - { - next = ent->next; - OPENSSL_free(ent); - } - OPENSSL_free(list); - } -#endif - -void SSL_CTX_free(SSL_CTX *a) - { - int i; - - if (a == NULL) return; - - i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX); -#ifdef REF_PRINT - REF_PRINT("SSL_CTX",a); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"SSL_CTX_free, bad reference count\n"); - abort(); /* ok */ - } -#endif - - if (a->param) - X509_VERIFY_PARAM_free(a->param); - - /* - * Free internal session cache. However: the remove_cb() may reference - * the ex_data of SSL_CTX, thus the ex_data store can only be removed - * after the sessions were flushed. - * As the ex_data handling routines might also touch the session cache, - * the most secure solution seems to be: empty (flush) the cache, then - * free ex_data, then finally free the cache. - * (See ticket [openssl.org #212].) - */ - if (a->sessions != NULL) - SSL_CTX_flush_sessions(a,0); - - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); - - if (a->sessions != NULL) - lh_SSL_SESSION_free(a->sessions); - - if (a->cert_store != NULL) - X509_STORE_free(a->cert_store); - if (a->cipher_list != NULL) - sk_SSL_CIPHER_free(a->cipher_list); - if (a->cipher_list_by_id != NULL) - sk_SSL_CIPHER_free(a->cipher_list_by_id); - if (a->cert != NULL) - ssl_cert_free(a->cert); - if (a->client_CA != NULL) - sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free); - if (a->extra_certs != NULL) - sk_X509_pop_free(a->extra_certs,X509_free); -#if 0 /* This should never be done, since it removes a global database */ - if (a->comp_methods != NULL) - sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free); -#else - a->comp_methods = NULL; -#endif - -#ifndef OPENSSL_NO_SRTP - if (a->srtp_profiles) - sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); -#endif - -#ifndef OPENSSL_NO_PSK - if (a->psk_identity_hint) - OPENSSL_free(a->psk_identity_hint); -#endif -#ifndef OPENSSL_NO_SRP - SSL_CTX_SRP_CTX_free(a); -#endif -#ifndef OPENSSL_NO_ENGINE - if (a->client_cert_engine) - ENGINE_finish(a->client_cert_engine); -#endif - -#ifndef OPENSSL_NO_BUF_FREELISTS - if (a->wbuf_freelist) - ssl_buf_freelist_free(a->wbuf_freelist); - if (a->rbuf_freelist) - ssl_buf_freelist_free(a->rbuf_freelist); -#endif - -#ifndef OPENSSL_NO_TLSEXT - if (a->tlsext_channel_id_private) - EVP_PKEY_free(a->tlsext_channel_id_private); - if (a->alpn_client_proto_list != NULL) - OPENSSL_free(a->alpn_client_proto_list); -#endif - - OPENSSL_free(a); - } - -void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) - { - ctx->default_passwd_callback=cb; - } - -void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u) - { - ctx->default_passwd_callback_userdata=u; - } - -void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg) - { - ctx->app_verify_callback=cb; - ctx->app_verify_arg=arg; - } - -void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) - { - ctx->verify_mode=mode; - ctx->default_verify_callback=cb; - } - -void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) - { - X509_VERIFY_PARAM_set_depth(ctx->param, depth); - } - -void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) - { - CERT_PKEY *cpk; - int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; - int rsa_enc_export,dh_rsa_export,dh_dsa_export; - int rsa_tmp_export,dh_tmp_export,kl; - unsigned long mask_k,mask_a,emask_k,emask_a; - int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; -#ifndef OPENSSL_NO_ECDH - int have_ecdh_tmp; -#endif - X509 *x = NULL; - EVP_PKEY *ecc_pkey = NULL; - int signature_nid = 0, pk_nid = 0, md_nid = 0; - - if (c == NULL) return; - - kl=SSL_C_EXPORT_PKEYLENGTH(cipher); - -#ifndef OPENSSL_NO_RSA - rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); - rsa_tmp_export=(c->rsa_tmp_cb != NULL || - (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); -#else - rsa_tmp=rsa_tmp_export=0; -#endif -#ifndef OPENSSL_NO_DH - dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL); - dh_tmp_export=(c->dh_tmp_cb != NULL || - (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); -#else - dh_tmp=dh_tmp_export=0; -#endif - -#ifndef OPENSSL_NO_ECDH - have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); -#endif - cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); - rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL); - rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); - cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]); - rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); - cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]); - dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); - cpk= &(c->pkeys[SSL_PKEY_DH_RSA]); - dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL); - dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); - cpk= &(c->pkeys[SSL_PKEY_DH_DSA]); -/* FIX THIS EAY EAY EAY */ - dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL); - dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); - cpk= &(c->pkeys[SSL_PKEY_ECC]); - have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL); - mask_k=0; - mask_a=0; - emask_k=0; - emask_a=0; - - - -#ifdef CIPHER_DEBUG - fprintf(stderr,"rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", - rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp, - rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa); -#endif - - cpk = &(c->pkeys[SSL_PKEY_GOST01]); - if (cpk->x509 != NULL && cpk->privatekey !=NULL) { - mask_k |= SSL_kGOST; - mask_a |= SSL_aGOST01; - } - cpk = &(c->pkeys[SSL_PKEY_GOST94]); - if (cpk->x509 != NULL && cpk->privatekey !=NULL) { - mask_k |= SSL_kGOST; - mask_a |= SSL_aGOST94; - } - - if (rsa_enc || (rsa_tmp && rsa_sign)) - mask_k|=SSL_kRSA; - if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc))) - emask_k|=SSL_kRSA; - -#if 0 - /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ - if ( (dh_tmp || dh_rsa || dh_dsa) && - (rsa_enc || rsa_sign || dsa_sign)) - mask_k|=SSL_kEDH; - if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && - (rsa_enc || rsa_sign || dsa_sign)) - emask_k|=SSL_kEDH; -#endif - - if (dh_tmp_export) - emask_k|=SSL_kEDH; - - if (dh_tmp) - mask_k|=SSL_kEDH; - - if (dh_rsa) mask_k|=SSL_kDHr; - if (dh_rsa_export) emask_k|=SSL_kDHr; - - if (dh_dsa) mask_k|=SSL_kDHd; - if (dh_dsa_export) emask_k|=SSL_kDHd; - - if (rsa_enc || rsa_sign) - { - mask_a|=SSL_aRSA; - emask_a|=SSL_aRSA; - } - - if (dsa_sign) - { - mask_a|=SSL_aDSS; - emask_a|=SSL_aDSS; - } - - mask_a|=SSL_aNULL; - emask_a|=SSL_aNULL; - -#ifndef OPENSSL_NO_KRB5 - mask_k|=SSL_kKRB5; - mask_a|=SSL_aKRB5; - emask_k|=SSL_kKRB5; - emask_a|=SSL_aKRB5; -#endif - - /* An ECC certificate may be usable for ECDH and/or - * ECDSA cipher suites depending on the key usage extension. - */ - if (have_ecc_cert) - { - /* This call populates extension flags (ex_flags) */ - x = (c->pkeys[SSL_PKEY_ECC]).x509; - X509_check_purpose(x, -1, 0); - ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? - (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; - ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? - (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; - ecc_pkey = X509_get_pubkey(x); - ecc_pkey_size = (ecc_pkey != NULL) ? - EVP_PKEY_bits(ecc_pkey) : 0; - EVP_PKEY_free(ecc_pkey); - if ((x->sig_alg) && (x->sig_alg->algorithm)) - { - signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); - OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); - } -#ifndef OPENSSL_NO_ECDH - if (ecdh_ok) - { - - if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) - { - mask_k|=SSL_kECDHr; - mask_a|=SSL_aECDH; - if (ecc_pkey_size <= 163) - { - emask_k|=SSL_kECDHr; - emask_a|=SSL_aECDH; - } - } - - if (pk_nid == NID_X9_62_id_ecPublicKey) - { - mask_k|=SSL_kECDHe; - mask_a|=SSL_aECDH; - if (ecc_pkey_size <= 163) - { - emask_k|=SSL_kECDHe; - emask_a|=SSL_aECDH; - } - } - } -#endif -#ifndef OPENSSL_NO_ECDSA - if (ecdsa_ok) - { - mask_a|=SSL_aECDSA; - emask_a|=SSL_aECDSA; - } -#endif - } - -#ifndef OPENSSL_NO_ECDH - if (have_ecdh_tmp) - { - mask_k|=SSL_kEECDH; - emask_k|=SSL_kEECDH; - } -#endif - -#ifndef OPENSSL_NO_PSK - mask_k |= SSL_kPSK; - mask_a |= SSL_aPSK; - emask_k |= SSL_kPSK; - emask_a |= SSL_aPSK; -#endif - - c->mask_k=mask_k; - c->mask_a=mask_a; - c->export_mask_k=emask_k; - c->export_mask_a=emask_a; - c->valid=1; - } - -/* This handy macro borrowed from crypto/x509v3/v3_purp.c */ -#define ku_reject(x, usage) \ - (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) - -#ifndef OPENSSL_NO_EC - -int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) - { - unsigned long alg_k, alg_a; - EVP_PKEY *pkey = NULL; - int keysize = 0; - int signature_nid = 0, md_nid = 0, pk_nid = 0; - const SSL_CIPHER *cs = s->s3->tmp.new_cipher; - - alg_k = cs->algorithm_mkey; - alg_a = cs->algorithm_auth; - - if (SSL_C_IS_EXPORT(cs)) - { - /* ECDH key length in export ciphers must be <= 163 bits */ - pkey = X509_get_pubkey(x); - if (pkey == NULL) return 0; - keysize = EVP_PKEY_bits(pkey); - EVP_PKEY_free(pkey); - if (keysize > 163) return 0; - } - - /* This call populates the ex_flags field correctly */ - X509_check_purpose(x, -1, 0); - if ((x->sig_alg) && (x->sig_alg->algorithm)) - { - signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); - OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); - } - if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) - { - /* key usage, if present, must allow key agreement */ - if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) - { - SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); - return 0; - } - if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) - { - /* signature alg must be ECDSA */ - if (pk_nid != NID_X9_62_id_ecPublicKey) - { - SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); - return 0; - } - } - if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) - { - /* signature alg must be RSA */ - - if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) - { - SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); - return 0; - } - } - } - if (alg_a & SSL_aECDSA) - { - /* key usage, if present, must allow signing */ - if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) - { - SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING); - return 0; - } - } - - return 1; /* all checks are ok */ - } - -#endif - -/* THIS NEEDS CLEANING UP */ -CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) - { - unsigned long alg_k,alg_a; - CERT *c; - int i; - - c=s->cert; - ssl_set_cert_masks(c, s->s3->tmp.new_cipher); - - alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - alg_a = s->s3->tmp.new_cipher->algorithm_auth; - - if (alg_k & (SSL_kECDHr|SSL_kECDHe)) - { - /* we don't need to look at SSL_kEECDH - * since no certificate is needed for - * anon ECDH and for authenticated - * EECDH, the check for the auth - * algorithm will set i correctly - * NOTE: For ECDH-RSA, we need an ECC - * not an RSA cert but for EECDH-RSA - * we need an RSA cert. Placing the - * checks for SSL_kECDH before RSA - * checks ensures the correct cert is chosen. - */ - i=SSL_PKEY_ECC; - } - else if (alg_a & SSL_aECDSA) - { - i=SSL_PKEY_ECC; - } - else if (alg_k & SSL_kDHr) - i=SSL_PKEY_DH_RSA; - else if (alg_k & SSL_kDHd) - i=SSL_PKEY_DH_DSA; - else if (alg_a & SSL_aDSS) - i=SSL_PKEY_DSA_SIGN; - else if (alg_a & SSL_aRSA) - { - if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) - i=SSL_PKEY_RSA_SIGN; - else - i=SSL_PKEY_RSA_ENC; - } - else if (alg_a & SSL_aKRB5) - { - /* VRS something else here? */ - return(NULL); - } - else if (alg_a & SSL_aGOST94) - i=SSL_PKEY_GOST94; - else if (alg_a & SSL_aGOST01) - i=SSL_PKEY_GOST01; - else /* if (alg_a & SSL_aNULL) */ - { - SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR); - return(NULL); - } - - return c->pkeys + i; - } - -X509 *ssl_get_server_send_cert(const SSL *s) - { - CERT_PKEY *cpk; - cpk = ssl_get_server_send_pkey(s); - if (!cpk) - return NULL; - return cpk->x509; - } - -EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd) - { - unsigned long alg_a; - CERT *c; - - alg_a = cipher->algorithm_auth; - c=s->cert; - - /* SHA1 is the default for all signature algorithms up to TLS 1.2, - * except RSA which is handled specially in s3_srvr.c */ - if (pmd) - *pmd = EVP_sha1(); - - if ((alg_a & SSL_aDSS) && - (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) - { - if (pmd && s->s3 && s->s3->digest_dsa) - *pmd = s->s3->digest_dsa; - return c->pkeys[SSL_PKEY_DSA_SIGN].privatekey; - } - else if (alg_a & SSL_aRSA) - { - if (pmd && s->s3 && s->s3->digest_rsa) - *pmd = s->s3->digest_rsa; - if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) - return c->pkeys[SSL_PKEY_RSA_SIGN].privatekey; - if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) - return c->pkeys[SSL_PKEY_RSA_ENC].privatekey; - } - else if ((alg_a & SSL_aECDSA) && - (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) - { - if (pmd && s->s3 && s->s3->digest_ecdsa) - *pmd = s->s3->digest_ecdsa; - return c->pkeys[SSL_PKEY_ECC].privatekey; - } - - SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR); - return(NULL); - } - -void ssl_update_cache(SSL *s,int mode) - { - int i; - - /* If the session_id_length is 0, we are not supposed to cache it, - * and it would be rather hard to do anyway :-) */ - if (s->session->session_id_length == 0) return; - - i=s->session_ctx->session_cache_mode; - if ((i & mode) && (!s->hit) - && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) - || SSL_CTX_add_session(s->session_ctx,s->session)) - && (s->session_ctx->new_session_cb != NULL)) - { - CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION); - if (!s->session_ctx->new_session_cb(s,s->session)) - SSL_SESSION_free(s->session); - } - - /* auto flush every 255 connections */ - if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && - ((i & mode) == mode)) - { - if ( (((mode & SSL_SESS_CACHE_CLIENT) - ?s->session_ctx->stats.sess_connect_good - :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) - { - SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL)); - } - } - } - -const SSL_METHOD *SSL_get_ssl_method(SSL *s) - { - return(s->method); - } - -int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) - { - int conn= -1; - int ret=1; - - if (s->method != meth) - { - if (s->handshake_func != NULL) - conn=(s->handshake_func == s->method->ssl_connect); - - if (s->method->version == meth->version) - s->method=meth; - else - { - s->method->ssl_free(s); - s->method=meth; - ret=s->method->ssl_new(s); - } - - if (conn == 1) - s->handshake_func=meth->ssl_connect; - else if (conn == 0) - s->handshake_func=meth->ssl_accept; - } - return(ret); - } - -int SSL_get_error(const SSL *s,int i) - { - int reason; - unsigned long l; - BIO *bio; - - if (i > 0) return(SSL_ERROR_NONE); - - /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake - * etc, where we do encode the error */ - if ((l=ERR_peek_error()) != 0) - { - if (ERR_GET_LIB(l) == ERR_LIB_SYS) - return(SSL_ERROR_SYSCALL); - else - return(SSL_ERROR_SSL); - } - - if ((i < 0) && SSL_want_read(s)) - { - bio=SSL_get_rbio(s); - if (BIO_should_read(bio)) - return(SSL_ERROR_WANT_READ); - else if (BIO_should_write(bio)) - /* This one doesn't make too much sense ... We never try - * to write to the rbio, and an application program where - * rbio and wbio are separate couldn't even know what it - * should wait for. - * However if we ever set s->rwstate incorrectly - * (so that we have SSL_want_read(s) instead of - * SSL_want_write(s)) and rbio and wbio *are* the same, - * this test works around that bug; so it might be safer - * to keep it. */ - return(SSL_ERROR_WANT_WRITE); - else if (BIO_should_io_special(bio)) - { - reason=BIO_get_retry_reason(bio); - if (reason == BIO_RR_CONNECT) - return(SSL_ERROR_WANT_CONNECT); - else if (reason == BIO_RR_ACCEPT) - return(SSL_ERROR_WANT_ACCEPT); - else - return(SSL_ERROR_SYSCALL); /* unknown */ - } - } - - if ((i < 0) && SSL_want_write(s)) - { - bio=SSL_get_wbio(s); - if (BIO_should_write(bio)) - return(SSL_ERROR_WANT_WRITE); - else if (BIO_should_read(bio)) - /* See above (SSL_want_read(s) with BIO_should_write(bio)) */ - return(SSL_ERROR_WANT_READ); - else if (BIO_should_io_special(bio)) - { - reason=BIO_get_retry_reason(bio); - if (reason == BIO_RR_CONNECT) - return(SSL_ERROR_WANT_CONNECT); - else if (reason == BIO_RR_ACCEPT) - return(SSL_ERROR_WANT_ACCEPT); - else - return(SSL_ERROR_SYSCALL); - } - } - if ((i < 0) && SSL_want_x509_lookup(s)) - { - return(SSL_ERROR_WANT_X509_LOOKUP); - } - if ((i < 0) && SSL_want_channel_id_lookup(s)) - { - return(SSL_ERROR_WANT_CHANNEL_ID_LOOKUP); - } - - if (i == 0) - { - if (s->version == SSL2_VERSION) - { - /* assume it is the socket being closed */ - return(SSL_ERROR_ZERO_RETURN); - } - else - { - if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && - (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) - return(SSL_ERROR_ZERO_RETURN); - } - } - return(SSL_ERROR_SYSCALL); - } - -int SSL_do_handshake(SSL *s) - { - int ret=1; - - if (s->handshake_func == NULL) - { - SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET); - return(-1); - } - - s->method->ssl_renegotiate_check(s); - - if (SSL_in_init(s) || SSL_in_before(s)) - { - ret=s->handshake_func(s); - } - return(ret); - } - -/* For the next 2 functions, SSL_clear() sets shutdown and so - * one of these calls will reset it */ -void SSL_set_accept_state(SSL *s) - { - s->server=1; - s->shutdown=0; - s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE; - s->handshake_func=s->method->ssl_accept; - /* clear the current cipher */ - ssl_clear_cipher_ctx(s); - ssl_clear_hash_ctx(&s->read_hash); - ssl_clear_hash_ctx(&s->write_hash); - } - -void SSL_set_connect_state(SSL *s) - { - s->server=0; - s->shutdown=0; - s->state=SSL_ST_CONNECT|SSL_ST_BEFORE; - s->handshake_func=s->method->ssl_connect; - /* clear the current cipher */ - ssl_clear_cipher_ctx(s); - ssl_clear_hash_ctx(&s->read_hash); - ssl_clear_hash_ctx(&s->write_hash); - } - -int ssl_undefined_function(SSL *s) - { - SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(0); - } - -int ssl_undefined_void_function(void) - { - SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(0); - } - -int ssl_undefined_const_function(const SSL *s) - { - SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(0); - } - -SSL_METHOD *ssl_bad_method(int ver) - { - SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(NULL); - } - -static const char *ssl_get_version(int version) - { - if (version == TLS1_2_VERSION) - return("TLSv1.2"); - else if (version == TLS1_1_VERSION) - return("TLSv1.1"); - else if (version == TLS1_VERSION) - return("TLSv1"); - else if (version == SSL3_VERSION) - return("SSLv3"); - else if (version == SSL2_VERSION) - return("SSLv2"); - else - return("unknown"); - } - -const char *SSL_get_version(const SSL *s) - { - return ssl_get_version(s->version); - } - -const char *SSL_SESSION_get_version(const SSL_SESSION *s) - { - return ssl_get_version(s->ssl_version); - } - -const char* SSL_authentication_method(const SSL* ssl) - { - if (ssl->cert != NULL && ssl->cert->rsa_tmp != NULL) - return SSL_TXT_RSA "_" SSL_TXT_EXPORT; - switch (ssl->version) - { - case SSL2_VERSION: - return SSL_TXT_RSA; - default: - return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher); - } - } - -SSL *SSL_dup(SSL *s) - { - STACK_OF(X509_NAME) *sk; - X509_NAME *xn; - SSL *ret; - int i; - - if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) - return(NULL); - - ret->version = s->version; - ret->type = s->type; - ret->method = s->method; - - if (s->session != NULL) - { - /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ - SSL_copy_session_id(ret,s); - } - else - { - /* No session has been established yet, so we have to expect - * that s->cert or ret->cert will be changed later -- - * they should not both point to the same object, - * and thus we can't use SSL_copy_session_id. */ - - ret->method->ssl_free(ret); - ret->method = s->method; - ret->method->ssl_new(ret); - - if (s->cert != NULL) - { - if (ret->cert != NULL) - { - ssl_cert_free(ret->cert); - } - ret->cert = ssl_cert_dup(s->cert); - if (ret->cert == NULL) - goto err; - } - - SSL_set_session_id_context(ret, - s->sid_ctx, s->sid_ctx_length); - } - - ret->options=s->options; - ret->mode=s->mode; - SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s)); - SSL_set_read_ahead(ret,SSL_get_read_ahead(s)); - ret->msg_callback = s->msg_callback; - ret->msg_callback_arg = s->msg_callback_arg; - SSL_set_verify(ret,SSL_get_verify_mode(s), - SSL_get_verify_callback(s)); - SSL_set_verify_depth(ret,SSL_get_verify_depth(s)); - ret->generate_session_id = s->generate_session_id; - - SSL_set_info_callback(ret,SSL_get_info_callback(s)); - - ret->debug=s->debug; - - /* copy app data, a little dangerous perhaps */ - if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) - goto err; - - /* setup rbio, and wbio */ - if (s->rbio != NULL) - { - if (!BIO_dup_state(s->rbio,(char *)&ret->rbio)) - goto err; - } - if (s->wbio != NULL) - { - if (s->wbio != s->rbio) - { - if (!BIO_dup_state(s->wbio,(char *)&ret->wbio)) - goto err; - } - else - ret->wbio=ret->rbio; - } - ret->rwstate = s->rwstate; - ret->in_handshake = s->in_handshake; - ret->handshake_func = s->handshake_func; - ret->server = s->server; - ret->renegotiate = s->renegotiate; - ret->new_session = s->new_session; - ret->quiet_shutdown = s->quiet_shutdown; - ret->shutdown=s->shutdown; - ret->state=s->state; /* SSL_dup does not really work at any state, though */ - ret->rstate=s->rstate; - ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ - ret->hit=s->hit; - - X509_VERIFY_PARAM_inherit(ret->param, s->param); - - /* dup the cipher_list and cipher_list_by_id stacks */ - if (s->cipher_list != NULL) - { - if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) - goto err; - } - if (s->cipher_list_by_id != NULL) - if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id)) - == NULL) - goto err; - - /* Dup the client_CA list */ - if (s->client_CA != NULL) - { - if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; - ret->client_CA=sk; - for (i=0; i<sk_X509_NAME_num(sk); i++) - { - xn=sk_X509_NAME_value(sk,i); - if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL) - { - X509_NAME_free(xn); - goto err; - } - } - } - - if (0) - { -err: - if (ret != NULL) SSL_free(ret); - ret=NULL; - } - return(ret); - } - -void ssl_clear_cipher_ctx(SSL *s) - { - if (s->enc_read_ctx != NULL) - { - EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); - OPENSSL_free(s->enc_read_ctx); - s->enc_read_ctx=NULL; - } - if (s->enc_write_ctx != NULL) - { - EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); - OPENSSL_free(s->enc_write_ctx); - s->enc_write_ctx=NULL; - } -#ifndef OPENSSL_NO_COMP - if (s->expand != NULL) - { - COMP_CTX_free(s->expand); - s->expand=NULL; - } - if (s->compress != NULL) - { - COMP_CTX_free(s->compress); - s->compress=NULL; - } -#endif - } - -/* Fix this function so that it takes an optional type parameter */ -X509 *SSL_get_certificate(const SSL *s) - { - if (s->cert != NULL) - return(s->cert->key->x509); - else - return(NULL); - } - -/* Fix this function so that it takes an optional type parameter */ -EVP_PKEY *SSL_get_privatekey(SSL *s) - { - if (s->cert != NULL) - return(s->cert->key->privatekey); - else - return(NULL); - } - -const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) - { - if ((s->session != NULL) && (s->session->cipher != NULL)) - return(s->session->cipher); - return(NULL); - } -#ifdef OPENSSL_NO_COMP -const void *SSL_get_current_compression(SSL *s) - { - return NULL; - } -const void *SSL_get_current_expansion(SSL *s) - { - return NULL; - } -#else - -const COMP_METHOD *SSL_get_current_compression(SSL *s) - { - if (s->compress != NULL) - return(s->compress->meth); - return(NULL); - } - -const COMP_METHOD *SSL_get_current_expansion(SSL *s) - { - if (s->expand != NULL) - return(s->expand->meth); - return(NULL); - } -#endif - -int ssl_init_wbio_buffer(SSL *s,int push) - { - BIO *bbio; - - if (s->bbio == NULL) - { - bbio=BIO_new(BIO_f_buffer()); - if (bbio == NULL) return(0); - s->bbio=bbio; - } - else - { - bbio=s->bbio; - if (s->bbio == s->wbio) - s->wbio=BIO_pop(s->wbio); - } - (void)BIO_reset(bbio); -/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ - if (!BIO_set_read_buffer_size(bbio,1)) - { - SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB); - return(0); - } - if (push) - { - if (s->wbio != bbio) - s->wbio=BIO_push(bbio,s->wbio); - } - else - { - if (s->wbio == bbio) - s->wbio=BIO_pop(bbio); - } - return(1); - } - -void ssl_free_wbio_buffer(SSL *s) - { - if (s->bbio == NULL) return; - - if (s->bbio == s->wbio) - { - /* remove buffering */ - s->wbio=BIO_pop(s->wbio); -#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */ - assert(s->wbio != NULL); -#endif - } - BIO_free(s->bbio); - s->bbio=NULL; - } - -void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode) - { - ctx->quiet_shutdown=mode; - } - -int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) - { - return(ctx->quiet_shutdown); - } - -void SSL_set_quiet_shutdown(SSL *s,int mode) - { - s->quiet_shutdown=mode; - } - -int SSL_get_quiet_shutdown(const SSL *s) - { - return(s->quiet_shutdown); - } - -void SSL_set_shutdown(SSL *s,int mode) - { - s->shutdown=mode; - } - -int SSL_get_shutdown(const SSL *s) - { - return(s->shutdown); - } - -int SSL_version(const SSL *s) - { - return(s->version); - } - -SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) - { - return(ssl->ctx); - } - -SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) - { - if (ssl->ctx == ctx) - return ssl->ctx; -#ifndef OPENSSL_NO_TLSEXT - if (ctx == NULL) - ctx = ssl->initial_ctx; -#endif - if (ssl->cert != NULL) - ssl_cert_free(ssl->cert); - ssl->cert = ssl_cert_dup(ctx->cert); - - /* - * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH), - * so setter APIs must prevent invalid lengths from entering the system. - */ - OPENSSL_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx)); - - /* - * If the session ID context matches that of the parent SSL_CTX, - * inherit it from the new SSL_CTX as well. If however the context does - * not match (i.e., it was set per-ssl with SSL_set_session_id_context), - * leave it unchanged. - */ - if ((ssl->ctx != NULL) && - (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) && - (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) - { - ssl->sid_ctx_length = ctx->sid_ctx_length; - memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); - } - - CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); - if (ssl->ctx != NULL) - SSL_CTX_free(ssl->ctx); /* decrement reference count */ - ssl->ctx = ctx; - - return(ssl->ctx); - } - -#ifndef OPENSSL_NO_STDIO -int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) - { - return(X509_STORE_set_default_paths(ctx->cert_store)); - } - -int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, - const char *CApath) - { - return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath)); - } -#endif - -void SSL_set_info_callback(SSL *ssl, - void (*cb)(const SSL *ssl,int type,int val)) - { - ssl->info_callback=cb; - } - -/* One compiler (Diab DCC) doesn't like argument names in returned - function pointer. */ -void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) - { - return ssl->info_callback; - } - -int SSL_state(const SSL *ssl) - { - return(ssl->state); - } - -void SSL_set_state(SSL *ssl, int state) - { - ssl->state = state; - } - -void SSL_set_verify_result(SSL *ssl,long arg) - { - ssl->verify_result=arg; - } - -long SSL_get_verify_result(const SSL *ssl) - { - return(ssl->verify_result); - } - -int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) - { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, - new_func, dup_func, free_func); - } - -int SSL_set_ex_data(SSL *s,int idx,void *arg) - { - return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); - } - -void *SSL_get_ex_data(const SSL *s,int idx) - { - return(CRYPTO_get_ex_data(&s->ex_data,idx)); - } - -int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) - { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, - new_func, dup_func, free_func); - } - -int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg) - { - return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); - } - -void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx) - { - return(CRYPTO_get_ex_data(&s->ex_data,idx)); - } - -int ssl_ok(SSL *s) - { - return(1); - } - -X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) - { - return(ctx->cert_store); - } - -void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store) - { - if (ctx->cert_store != NULL) - X509_STORE_free(ctx->cert_store); - ctx->cert_store=store; - } - -int SSL_want(const SSL *s) - { - return(s->rwstate); - } - -/*! - * \brief Set the callback for generating temporary RSA keys. - * \param ctx the SSL context. - * \param cb the callback - */ - -#ifndef OPENSSL_NO_RSA -void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl, - int is_export, - int keylength)) - { - SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); - } - -void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, - int is_export, - int keylength)) - { - SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); - } -#endif - -#ifdef DOXYGEN -/*! - * \brief The RSA temporary key callback function. - * \param ssl the SSL session. - * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite. - * \param keylength if \c is_export is \c TRUE, then \c keylength is the size - * of the required key in bits. - * \return the temporary RSA key. - * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback - */ - -RSA *cb(SSL *ssl,int is_export,int keylength) - {} -#endif - -/*! - * \brief Set the callback for generating temporary DH keys. - * \param ctx the SSL context. - * \param dh the callback - */ - -#ifndef OPENSSL_NO_DH -void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export, - int keylength)) - { - SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); - } - -void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export, - int keylength)) - { - SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); - } -#endif - -#ifndef OPENSSL_NO_ECDH -void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export, - int keylength)) - { - SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); - } - -void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export, - int keylength)) - { - SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); - } -#endif - -#ifndef OPENSSL_NO_PSK -int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) - { - if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) - { - SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); - return 0; - } - if (ctx->psk_identity_hint != NULL) - OPENSSL_free(ctx->psk_identity_hint); - if (identity_hint != NULL) - { - ctx->psk_identity_hint = BUF_strdup(identity_hint); - if (ctx->psk_identity_hint == NULL) - return 0; - } - else - ctx->psk_identity_hint = NULL; - return 1; - } - -int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) - { - if (s == NULL) - return 0; - - if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) - { - SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); - return 0; - } - - /* Clear hint in SSL and associated SSL_SESSION (if any). */ - if (s->psk_identity_hint != NULL) - { - OPENSSL_free(s->psk_identity_hint); - s->psk_identity_hint = NULL; - } - if (s->session != NULL && s->session->psk_identity_hint != NULL) - { - OPENSSL_free(s->session->psk_identity_hint); - s->session->psk_identity_hint = NULL; - } - - if (identity_hint != NULL) - { - /* The hint is stored in SSL and SSL_SESSION with the one in - * SSL_SESSION taking precedence. Thus, if SSL_SESSION is avaiable, - * we store the hint there, otherwise we store it in SSL. */ - if (s->session != NULL) - { - s->session->psk_identity_hint = BUF_strdup(identity_hint); - if (s->session->psk_identity_hint == NULL) - return 0; - } - else - { - s->psk_identity_hint = BUF_strdup(identity_hint); - if (s->psk_identity_hint == NULL) - return 0; - } - } - return 1; - } - -const char *SSL_get_psk_identity_hint(const SSL *s) - { - if (s == NULL) - return NULL; - /* The hint is stored in SSL and SSL_SESSION with the one in SSL_SESSION - * taking precedence. */ - if (s->session != NULL) - return(s->session->psk_identity_hint); - return(s->psk_identity_hint); - } - -const char *SSL_get_psk_identity(const SSL *s) - { - if (s == NULL || s->session == NULL) - return NULL; - return(s->session->psk_identity); - } - -void SSL_set_psk_client_callback(SSL *s, - unsigned int (*cb)(SSL *ssl, const char *hint, - char *identity, unsigned int max_identity_len, unsigned char *psk, - unsigned int max_psk_len)) - { - s->psk_client_callback = cb; - } - -void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, - unsigned int (*cb)(SSL *ssl, const char *hint, - char *identity, unsigned int max_identity_len, unsigned char *psk, - unsigned int max_psk_len)) - { - ctx->psk_client_callback = cb; - } - -void SSL_set_psk_server_callback(SSL *s, - unsigned int (*cb)(SSL *ssl, const char *identity, - unsigned char *psk, unsigned int max_psk_len)) - { - s->psk_server_callback = cb; - } - -void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, - unsigned int (*cb)(SSL *ssl, const char *identity, - unsigned char *psk, unsigned int max_psk_len)) - { - ctx->psk_server_callback = cb; - } -#endif - -void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) - { - SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); - } -void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) - { - SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); - } - -int SSL_cutthrough_complete(const SSL *s) - { - return (!s->server && /* cutthrough only applies to clients */ - !s->hit && /* full-handshake */ - s->version >= SSL3_VERSION && - s->s3->in_read_app_data == 0 && /* cutthrough only applies to write() */ - (SSL_get_mode((SSL*)s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) && /* cutthrough enabled */ - ssl3_can_cutthrough(s) && /* cutthrough allowed */ - s->s3->previous_server_finished_len == 0 && /* not a renegotiation handshake */ - (s->state == SSL3_ST_CR_SESSION_TICKET_A || /* ready to write app-data*/ - s->state == SSL3_ST_CR_FINISHED_A)); - } - -int ssl3_can_cutthrough(const SSL *s) - { - const SSL_CIPHER *c; - - /* require a strong enough cipher */ - if (SSL_get_cipher_bits(s, NULL) < 128) - return 0; - - /* require ALPN or NPN extension */ - if (!s->s3->alpn_selected -#ifndef OPENSSL_NO_NEXTPROTONEG - && !s->s3->next_proto_neg_seen -#endif - ) - { - return 0; - } - - /* require a forward-secret cipher */ - c = SSL_get_current_cipher(s); - if (!c || (c->algorithm_mkey != SSL_kEDH && - c->algorithm_mkey != SSL_kEECDH)) - { - return 0; - } - - return 1; - } - -/* Allocates new EVP_MD_CTX and sets pointer to it into given pointer - * vairable, freeing EVP_MD_CTX previously stored in that variable, if - * any. If EVP_MD pointer is passed, initializes ctx with this md - * Returns newly allocated ctx; - */ - -EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) -{ - ssl_clear_hash_ctx(hash); - *hash = EVP_MD_CTX_create(); - if (md) EVP_DigestInit_ex(*hash,md,NULL); - return *hash; -} -void ssl_clear_hash_ctx(EVP_MD_CTX **hash) -{ - - if (*hash) EVP_MD_CTX_destroy(*hash); - *hash=NULL; -} - -void SSL_set_debug(SSL *s, int debug) - { - s->debug = debug; - } - -int SSL_cache_hit(SSL *s) - { - return s->hit; - } - -#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16) -#include "../crypto/bio/bss_file.c" -#endif - -IMPLEMENT_STACK_OF(SSL_CIPHER) -IMPLEMENT_STACK_OF(SSL_COMP) -IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, - ssl_cipher_id); diff --git a/main/openssl/ssl/ssl_locl.h b/main/openssl/ssl/ssl_locl.h deleted file mode 100644 index b07782bc..00000000 --- a/main/openssl/ssl/ssl_locl.h +++ /dev/null @@ -1,1204 +0,0 @@ -/* ssl/ssl_locl.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#ifndef HEADER_SSL_LOCL_H -#define HEADER_SSL_LOCL_H -#include <stdlib.h> -#include <time.h> -#include <string.h> -#include <errno.h> - -#include "e_os.h" - -#include <openssl/buffer.h> -#ifndef OPENSSL_NO_COMP -#include <openssl/comp.h> -#endif -#include <openssl/bio.h> -#include <openssl/stack.h> -#ifndef OPENSSL_NO_RSA -#include <openssl/rsa.h> -#endif -#ifndef OPENSSL_NO_DSA -#include <openssl/dsa.h> -#endif -#include <openssl/err.h> -#include <openssl/ssl.h> -#include <openssl/symhacks.h> - -#ifdef OPENSSL_BUILD_SHLIBSSL -# undef OPENSSL_EXTERN -# define OPENSSL_EXTERN OPENSSL_EXPORT -#endif - -#undef PKCS1_CHECK - -#define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \ - l|=(((unsigned long)(*((c)++)))<< 8), \ - l|=(((unsigned long)(*((c)++)))<<16), \ - l|=(((unsigned long)(*((c)++)))<<24)) - -/* NOTE - c is not incremented as per c2l */ -#define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c))))<<24; \ - case 7: l2|=((unsigned long)(*(--(c))))<<16; \ - case 6: l2|=((unsigned long)(*(--(c))))<< 8; \ - case 5: l2|=((unsigned long)(*(--(c)))); \ - case 4: l1 =((unsigned long)(*(--(c))))<<24; \ - case 3: l1|=((unsigned long)(*(--(c))))<<16; \ - case 2: l1|=((unsigned long)(*(--(c))))<< 8; \ - case 1: l1|=((unsigned long)(*(--(c)))); \ - } \ - } - -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff)) - -#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \ - l|=((unsigned long)(*((c)++)))<<16, \ - l|=((unsigned long)(*((c)++)))<< 8, \ - l|=((unsigned long)(*((c)++)))) - -#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -#define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \ - *((c)++)=(unsigned char)(((l)>>32)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -#define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ - *((c)++)=(unsigned char)(((l)>>48)&0xff), \ - *((c)++)=(unsigned char)(((l)>>40)&0xff), \ - *((c)++)=(unsigned char)(((l)>>32)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -#define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \ - l|=((BN_ULLONG)(*((c)++)))<<32, \ - l|=((BN_ULLONG)(*((c)++)))<<24, \ - l|=((BN_ULLONG)(*((c)++)))<<16, \ - l|=((BN_ULLONG)(*((c)++)))<< 8, \ - l|=((BN_ULLONG)(*((c)++)))) - -/* NOTE - c is not incremented as per l2c */ -#define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } - -#define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \ - (((unsigned int)(c[1])) )),c+=2) -#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \ - c[1]=(unsigned char)(((s) )&0xff)),c+=2) - -#define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \ - (((unsigned long)(c[1]))<< 8)| \ - (((unsigned long)(c[2])) )),c+=3) - -#define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \ - c[1]=(unsigned char)(((l)>> 8)&0xff), \ - c[2]=(unsigned char)(((l) )&0xff)),c+=3) - -/* LOCAL STUFF */ - -#define SSL_DECRYPT 0 -#define SSL_ENCRYPT 1 - -#define TWO_BYTE_BIT 0x80 -#define SEC_ESC_BIT 0x40 -#define TWO_BYTE_MASK 0x7fff -#define THREE_BYTE_MASK 0x3fff - -#define INC32(a) ((a)=((a)+1)&0xffffffffL) -#define DEC32(a) ((a)=((a)-1)&0xffffffffL) -#define MAX_MAC_SIZE 20 /* up from 16 for SSLv3 */ - -/* - * Define the Bitmasks for SSL_CIPHER.algorithms. - * This bits are used packed as dense as possible. If new methods/ciphers - * etc will be added, the bits a likely to change, so this information - * is for internal library use only, even though SSL_CIPHER.algorithms - * can be publicly accessed. - * Use the according functions for cipher management instead. - * - * The bit mask handling in the selection and sorting scheme in - * ssl_create_cipher_list() has only limited capabilities, reflecting - * that the different entities within are mutually exclusive: - * ONLY ONE BIT PER MASK CAN BE SET AT A TIME. - */ - -/* Bits for algorithm_mkey (key exchange algorithm) */ -#define SSL_kRSA 0x00000001L /* RSA key exchange */ -#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */ -#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */ -#define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */ -#define SSL_kKRB5 0x00000010L /* Kerberos5 key exchange */ -#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */ -#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */ -#define SSL_kEECDH 0x00000080L /* ephemeral ECDH */ -#define SSL_kPSK 0x00000100L /* PSK */ -#define SSL_kGOST 0x00000200L /* GOST key exchange */ -#define SSL_kSRP 0x00000400L /* SRP */ - -/* Bits for algorithm_auth (server authentication) */ -#define SSL_aRSA 0x00000001L /* RSA auth */ -#define SSL_aDSS 0x00000002L /* DSS auth */ -#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */ -#define SSL_aDH 0x00000008L /* Fixed DH auth (kDHd or kDHr) */ /* no such ciphersuites supported! */ -#define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */ -#define SSL_aKRB5 0x00000020L /* KRB5 auth */ -#define SSL_aECDSA 0x00000040L /* ECDSA auth*/ -#define SSL_aPSK 0x00000080L /* PSK auth */ -#define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */ -#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */ -#define SSL_aSRP 0x00000400L /* SRP auth */ - - -/* Bits for algorithm_enc (symmetric encryption) */ -#define SSL_DES 0x00000001L -#define SSL_3DES 0x00000002L -#define SSL_RC4 0x00000004L -#define SSL_RC2 0x00000008L -#define SSL_IDEA 0x00000010L -#define SSL_eNULL 0x00000020L -#define SSL_AES128 0x00000040L -#define SSL_AES256 0x00000080L -#define SSL_CAMELLIA128 0x00000100L -#define SSL_CAMELLIA256 0x00000200L -#define SSL_eGOST2814789CNT 0x00000400L -#define SSL_SEED 0x00000800L -#define SSL_AES128GCM 0x00001000L -#define SSL_AES256GCM 0x00002000L - -#define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM) -#define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) - - -/* Bits for algorithm_mac (symmetric authentication) */ - -#define SSL_MD5 0x00000001L -#define SSL_SHA1 0x00000002L -#define SSL_GOST94 0x00000004L -#define SSL_GOST89MAC 0x00000008L -#define SSL_SHA256 0x00000010L -#define SSL_SHA384 0x00000020L -/* Not a real MAC, just an indication it is part of cipher */ -#define SSL_AEAD 0x00000040L - -/* Bits for algorithm_ssl (protocol version) */ -#define SSL_SSLV2 0x00000001L -#define SSL_SSLV3 0x00000002L -#define SSL_TLSV1 SSL_SSLV3 /* for now */ -#define SSL_TLSV1_2 0x00000004L - - -/* Bits for algorithm2 (handshake digests and other extra flags) */ - -#define SSL_HANDSHAKE_MAC_MD5 0x10 -#define SSL_HANDSHAKE_MAC_SHA 0x20 -#define SSL_HANDSHAKE_MAC_GOST94 0x40 -#define SSL_HANDSHAKE_MAC_SHA256 0x80 -#define SSL_HANDSHAKE_MAC_SHA384 0x100 -#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA) - -/* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX - * make sure to update this constant too */ -#define SSL_MAX_DIGEST 6 - -#define TLS1_PRF_DGST_MASK (0xff << TLS1_PRF_DGST_SHIFT) - -#define TLS1_PRF_DGST_SHIFT 10 -#define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT) -#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT) -#define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT) -#define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT) -#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT) -#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) - -/* Stream MAC for GOST ciphersuites from cryptopro draft - * (currently this also goes into algorithm2) */ -#define TLS1_STREAM_MAC 0x04 - -#define TLSEXT_CHANNEL_ID_SIZE 128 - - -/* - * Export and cipher strength information. For each cipher we have to decide - * whether it is exportable or not. This information is likely to change - * over time, since the export control rules are no static technical issue. - * - * Independent of the export flag the cipher strength is sorted into classes. - * SSL_EXP40 was denoting the 40bit US export limit of past times, which now - * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change - * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more, - * since SSL_EXP64 could be similar to SSL_LOW. - * For this reason SSL_MICRO and SSL_MINI macros are included to widen the - * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed - * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would - * be possible. - */ -#define SSL_EXP_MASK 0x00000003L -#define SSL_STRONG_MASK 0x000001fcL - -#define SSL_NOT_EXP 0x00000001L -#define SSL_EXPORT 0x00000002L - -#define SSL_STRONG_NONE 0x00000004L -#define SSL_EXP40 0x00000008L -#define SSL_MICRO (SSL_EXP40) -#define SSL_EXP56 0x00000010L -#define SSL_MINI (SSL_EXP56) -#define SSL_LOW 0x00000020L -#define SSL_MEDIUM 0x00000040L -#define SSL_HIGH 0x00000080L -#define SSL_FIPS 0x00000100L - -/* we have used 000001ff - 23 bits left to go */ - -/* - * Macros to check the export status and cipher strength for export ciphers. - * Even though the macros for EXPORT and EXPORT40/56 have similar names, - * their meaning is different: - * *_EXPORT macros check the 'exportable' status. - * *_EXPORT40/56 macros are used to check whether a certain cipher strength - * is given. - * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct - * algorithm structure element to be passed (algorithms, algo_strength) and no - * typechecking can be done as they are all of type unsigned long, their - * direct usage is discouraged. - * Use the SSL_C_* macros instead. - */ -#define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT) -#define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56) -#define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40) -#define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength) -#define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength) -#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength) - -#define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \ - (a) == SSL_DES ? 8 : 7) -#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024) -#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \ - (c)->algo_strength) -#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength) - - - - -/* Mostly for SSLv3 */ -#define SSL_PKEY_RSA_ENC 0 -#define SSL_PKEY_RSA_SIGN 1 -#define SSL_PKEY_DSA_SIGN 2 -#define SSL_PKEY_DH_RSA 3 -#define SSL_PKEY_DH_DSA 4 -#define SSL_PKEY_ECC 5 -#define SSL_PKEY_GOST94 6 -#define SSL_PKEY_GOST01 7 -#define SSL_PKEY_NUM 8 - -/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | - * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) - * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) - * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN - * SSL_aRSA <- RSA_ENC | RSA_SIGN - * SSL_aDSS <- DSA_SIGN - */ - -/* -#define CERT_INVALID 0 -#define CERT_PUBLIC_KEY 1 -#define CERT_PRIVATE_KEY 2 -*/ - -#ifndef OPENSSL_NO_EC -/* From ECC-TLS draft, used in encoding the curve type in - * ECParameters - */ -#define EXPLICIT_PRIME_CURVE_TYPE 1 -#define EXPLICIT_CHAR2_CURVE_TYPE 2 -#define NAMED_CURVE_TYPE 3 -#endif /* OPENSSL_NO_EC */ - -typedef struct cert_pkey_st - { - X509 *x509; - STACK_OF(X509) *cert_chain; - EVP_PKEY *privatekey; - } CERT_PKEY; - -typedef struct cert_st - { - /* Current active set */ - CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array - * Probably it would make more sense to store - * an index, not a pointer. */ - - /* The following masks are for the key and auth - * algorithms that are supported by the certs below */ - int valid; - unsigned long mask_k; - unsigned long mask_a; - unsigned long export_mask_k; - unsigned long export_mask_a; -#ifndef OPENSSL_NO_RSA - RSA *rsa_tmp; - RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize); -#endif -#ifndef OPENSSL_NO_DH - DH *dh_tmp; - DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize); -#endif -#ifndef OPENSSL_NO_ECDH - EC_KEY *ecdh_tmp; - /* Callback for generating ephemeral ECDH keys */ - EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize); -#endif - - CERT_PKEY pkeys[SSL_PKEY_NUM]; - - int references; /* >1 only if SSL_copy_session_id is used */ - } CERT; - - -typedef struct sess_cert_st - { - STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */ - - /* The 'peer_...' members are used only by clients. */ - int peer_cert_type; - - CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */ - CERT_PKEY peer_pkeys[SSL_PKEY_NUM]; - /* Obviously we don't have the private keys of these, - * so maybe we shouldn't even use the CERT_PKEY type here. */ - -#ifndef OPENSSL_NO_RSA - RSA *peer_rsa_tmp; /* not used for SSL 2 */ -#endif -#ifndef OPENSSL_NO_DH - DH *peer_dh_tmp; /* not used for SSL 2 */ -#endif -#ifndef OPENSSL_NO_ECDH - EC_KEY *peer_ecdh_tmp; -#endif - - int references; /* actually always 1 at the moment */ - } SESS_CERT; - - -/*#define MAC_DEBUG */ - -/*#define ERR_DEBUG */ -/*#define ABORT_DEBUG */ -/*#define PKT_DEBUG 1 */ -/*#define DES_DEBUG */ -/*#define DES_OFB_DEBUG */ -/*#define SSL_DEBUG */ -/*#define RSA_DEBUG */ -/*#define IDEA_DEBUG */ - -#define FP_ICC (int (*)(const void *,const void *)) -#define ssl_put_cipher_by_char(ssl,ciph,ptr) \ - ((ssl)->method->put_cipher_by_char((ciph),(ptr))) -#define ssl_get_cipher_by_char(ssl,ptr) \ - ((ssl)->method->get_cipher_by_char(ptr)) - -/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff - * It is a bit of a mess of functions, but hell, think of it as - * an opaque structure :-) */ -typedef struct ssl3_enc_method - { - int (*enc)(SSL *, int); - int (*mac)(SSL *, unsigned char *, int); - int (*setup_key_block)(SSL *); - int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int); - int (*change_cipher_state)(SSL *, int); - int (*final_finish_mac)(SSL *, const char *, int, unsigned char *); - int finish_mac_length; - int (*cert_verify_mac)(SSL *, int, unsigned char *); - const char *client_finished_label; - int client_finished_label_len; - const char *server_finished_label; - int server_finished_label_len; - int (*alert_value)(int); - int (*export_keying_material)(SSL *, unsigned char *, size_t, - const char *, size_t, - const unsigned char *, size_t, - int use_context); - } SSL3_ENC_METHOD; - -#ifndef OPENSSL_NO_COMP -/* Used for holding the relevant compression methods loaded into SSL_CTX */ -typedef struct ssl3_comp_st - { - int comp_id; /* The identifier byte for this compression type */ - char *name; /* Text name used for the compression type */ - COMP_METHOD *method; /* The method :-) */ - } SSL3_COMP; -#endif - -#ifndef OPENSSL_NO_BUF_FREELISTS -typedef struct ssl3_buf_freelist_st - { - size_t chunklen; - unsigned int len; - struct ssl3_buf_freelist_entry_st *head; - } SSL3_BUF_FREELIST; - -typedef struct ssl3_buf_freelist_entry_st - { - struct ssl3_buf_freelist_entry_st *next; - } SSL3_BUF_FREELIST_ENTRY; -#endif - -extern SSL3_ENC_METHOD ssl3_undef_enc_method; -OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[]; -OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[]; - - -SSL_METHOD *ssl_bad_method(int ver); - -extern SSL3_ENC_METHOD TLSv1_enc_data; -extern SSL3_ENC_METHOD SSLv3_enc_data; -extern SSL3_ENC_METHOD DTLSv1_enc_data; - -#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION) - -#define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \ - s_get_meth) \ -const SSL_METHOD *func_name(void) \ - { \ - static const SSL_METHOD func_name##_data= { \ - version, \ - tls1_new, \ - tls1_clear, \ - tls1_free, \ - s_accept, \ - s_connect, \ - ssl3_read, \ - ssl3_peek, \ - ssl3_write, \ - ssl3_shutdown, \ - ssl3_renegotiate, \ - ssl3_renegotiate_check, \ - ssl3_get_message, \ - ssl3_read_bytes, \ - ssl3_write_bytes, \ - ssl3_dispatch_alert, \ - ssl3_ctrl, \ - ssl3_ctx_ctrl, \ - ssl3_get_cipher_by_char, \ - ssl3_put_cipher_by_char, \ - ssl3_pending, \ - ssl3_num_ciphers, \ - ssl3_get_cipher, \ - s_get_meth, \ - tls1_default_timeout, \ - &TLSv1_enc_data, \ - ssl_undefined_void_function, \ - ssl3_callback_ctrl, \ - ssl3_ctx_callback_ctrl, \ - }; \ - return &func_name##_data; \ - } - -#define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \ -const SSL_METHOD *func_name(void) \ - { \ - static const SSL_METHOD func_name##_data= { \ - SSL3_VERSION, \ - ssl3_new, \ - ssl3_clear, \ - ssl3_free, \ - s_accept, \ - s_connect, \ - ssl3_read, \ - ssl3_peek, \ - ssl3_write, \ - ssl3_shutdown, \ - ssl3_renegotiate, \ - ssl3_renegotiate_check, \ - ssl3_get_message, \ - ssl3_read_bytes, \ - ssl3_write_bytes, \ - ssl3_dispatch_alert, \ - ssl3_ctrl, \ - ssl3_ctx_ctrl, \ - ssl3_get_cipher_by_char, \ - ssl3_put_cipher_by_char, \ - ssl3_pending, \ - ssl3_num_ciphers, \ - ssl3_get_cipher, \ - s_get_meth, \ - ssl3_default_timeout, \ - &SSLv3_enc_data, \ - ssl_undefined_void_function, \ - ssl3_callback_ctrl, \ - ssl3_ctx_callback_ctrl, \ - }; \ - return &func_name##_data; \ - } - -#define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \ -const SSL_METHOD *func_name(void) \ - { \ - static const SSL_METHOD func_name##_data= { \ - TLS1_2_VERSION, \ - tls1_new, \ - tls1_clear, \ - tls1_free, \ - s_accept, \ - s_connect, \ - ssl23_read, \ - ssl23_peek, \ - ssl23_write, \ - ssl_undefined_function, \ - ssl_undefined_function, \ - ssl_ok, \ - ssl3_get_message, \ - ssl3_read_bytes, \ - ssl3_write_bytes, \ - ssl3_dispatch_alert, \ - ssl3_ctrl, \ - ssl3_ctx_ctrl, \ - ssl23_get_cipher_by_char, \ - ssl23_put_cipher_by_char, \ - ssl_undefined_const_function, \ - ssl23_num_ciphers, \ - ssl23_get_cipher, \ - s_get_meth, \ - ssl23_default_timeout, \ - &ssl3_undef_enc_method, \ - ssl_undefined_void_function, \ - ssl3_callback_ctrl, \ - ssl3_ctx_callback_ctrl, \ - }; \ - return &func_name##_data; \ - } - -#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \ -const SSL_METHOD *func_name(void) \ - { \ - static const SSL_METHOD func_name##_data= { \ - SSL2_VERSION, \ - ssl2_new, /* local */ \ - ssl2_clear, /* local */ \ - ssl2_free, /* local */ \ - s_accept, \ - s_connect, \ - ssl2_read, \ - ssl2_peek, \ - ssl2_write, \ - ssl2_shutdown, \ - ssl_ok, /* NULL - renegotiate */ \ - ssl_ok, /* NULL - check renegotiate */ \ - NULL, /* NULL - ssl_get_message */ \ - NULL, /* NULL - ssl_get_record */ \ - NULL, /* NULL - ssl_write_bytes */ \ - NULL, /* NULL - dispatch_alert */ \ - ssl2_ctrl, /* local */ \ - ssl2_ctx_ctrl, /* local */ \ - ssl2_get_cipher_by_char, \ - ssl2_put_cipher_by_char, \ - ssl2_pending, \ - ssl2_num_ciphers, \ - ssl2_get_cipher, \ - s_get_meth, \ - ssl2_default_timeout, \ - &ssl3_undef_enc_method, \ - ssl_undefined_void_function, \ - ssl2_callback_ctrl, /* local */ \ - ssl2_ctx_callback_ctrl, /* local */ \ - }; \ - return &func_name##_data; \ - } - -#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ -const SSL_METHOD *func_name(void) \ - { \ - static const SSL_METHOD func_name##_data= { \ - DTLS1_VERSION, \ - dtls1_new, \ - dtls1_clear, \ - dtls1_free, \ - s_accept, \ - s_connect, \ - ssl3_read, \ - ssl3_peek, \ - ssl3_write, \ - dtls1_shutdown, \ - ssl3_renegotiate, \ - ssl3_renegotiate_check, \ - dtls1_get_message, \ - dtls1_read_bytes, \ - dtls1_write_app_data_bytes, \ - dtls1_dispatch_alert, \ - dtls1_ctrl, \ - ssl3_ctx_ctrl, \ - ssl3_get_cipher_by_char, \ - ssl3_put_cipher_by_char, \ - ssl3_pending, \ - ssl3_num_ciphers, \ - dtls1_get_cipher, \ - s_get_meth, \ - dtls1_default_timeout, \ - &DTLSv1_enc_data, \ - ssl_undefined_void_function, \ - ssl3_callback_ctrl, \ - ssl3_ctx_callback_ctrl, \ - }; \ - return &func_name##_data; \ - } - -struct openssl_ssl_test_functions - { - int (*p_ssl_init_wbio_buffer)(SSL *s, int push); - int (*p_ssl3_setup_buffers)(SSL *s); - int (*p_tls1_process_heartbeat)(SSL *s); - int (*p_dtls1_process_heartbeat)(SSL *s); - }; - -#ifndef OPENSSL_UNIT_TEST - -void ssl_clear_cipher_ctx(SSL *s); -int ssl_clear_bad_session(SSL *s); -CERT *ssl_cert_new(void); -CERT *ssl_cert_dup(CERT *cert); -int ssl_cert_inst(CERT **o); -void ssl_cert_free(CERT *c); -SESS_CERT *ssl_sess_cert_new(void); -void ssl_sess_cert_free(SESS_CERT *sc); -int ssl_set_peer_cert_type(SESS_CERT *c, int type); -int ssl_get_new_session(SSL *s, int session); -int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit); -int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b); -DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, - ssl_cipher_id); -int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, - const SSL_CIPHER * const *bp); -STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, - STACK_OF(SSL_CIPHER) **skp); -int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, - int (*put_cb)(const SSL_CIPHER *, unsigned char *)); -STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, - STACK_OF(SSL_CIPHER) **pref, - STACK_OF(SSL_CIPHER) **sorted, - const char *rule_str); -void ssl_update_cache(SSL *s, int mode); -int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc, - const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp); -int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md); -int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); -int ssl_undefined_function(SSL *s); -int ssl_undefined_void_function(void); -int ssl_undefined_const_function(const SSL *s); -CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); -X509 *ssl_get_server_send_cert(const SSL *); -EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd); -int ssl_cert_type(X509 *x,EVP_PKEY *pkey); -void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); -STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); -int ssl_verify_alarm_type(long type); -void ssl_load_ciphers(void); -int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len); - -int ssl2_enc_init(SSL *s, int client); -int ssl2_generate_key_material(SSL *s); -int ssl2_enc(SSL *s,int send_data); -void ssl2_mac(SSL *s,unsigned char *mac,int send_data); -const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); -int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); -int ssl2_part_read(SSL *s, unsigned long f, int i); -int ssl2_do_write(SSL *s); -int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data); -void ssl2_return_error(SSL *s,int reason); -void ssl2_write_error(SSL *s); -int ssl2_num_ciphers(void); -const SSL_CIPHER *ssl2_get_cipher(unsigned int u); -int ssl2_new(SSL *s); -void ssl2_free(SSL *s); -int ssl2_accept(SSL *s); -int ssl2_connect(SSL *s); -int ssl2_read(SSL *s, void *buf, int len); -int ssl2_peek(SSL *s, void *buf, int len); -int ssl2_write(SSL *s, const void *buf, int len); -int ssl2_shutdown(SSL *s); -void ssl2_clear(SSL *s); -long ssl2_ctrl(SSL *s,int cmd, long larg, void *parg); -long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); -long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); -long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void)); -int ssl2_pending(const SSL *s); -long ssl2_default_timeout(void ); - -const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); -int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); -void ssl3_init_finished_mac(SSL *s); -int ssl3_send_server_certificate(SSL *s); -int ssl3_send_newsession_ticket(SSL *s); -int ssl3_send_cert_status(SSL *s); -int ssl3_get_finished(SSL *s,int state_a,int state_b); -int ssl3_setup_key_block(SSL *s); -int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b); -int ssl3_change_cipher_state(SSL *s,int which); -void ssl3_cleanup_key_block(SSL *s); -int ssl3_do_write(SSL *s,int type); -int ssl3_send_alert(SSL *s,int level, int desc); -int ssl3_generate_master_secret(SSL *s, unsigned char *out, - unsigned char *p, int len); -int ssl3_get_req_cert_type(SSL *s,unsigned char *p); -long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); -int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen); -int ssl3_num_ciphers(void); -const SSL_CIPHER *ssl3_get_cipher(unsigned int u); -int ssl3_renegotiate(SSL *ssl); -int ssl3_renegotiate_check(SSL *ssl); -int ssl3_dispatch_alert(SSL *s); -int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); -int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); -int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,unsigned char *p); -int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); -void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); -int ssl3_enc(SSL *s, int send_data); -int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data); -void ssl3_free_digest_list(SSL *s); -unsigned long ssl3_output_cert_chain(SSL *s, X509 *x); -SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt, - STACK_OF(SSL_CIPHER) *srvr); -int ssl3_setup_buffers(SSL *s); -int ssl3_setup_read_buffer(SSL *s); -int ssl3_setup_write_buffer(SSL *s); -int ssl3_release_read_buffer(SSL *s); -int ssl3_release_write_buffer(SSL *s); -int ssl3_digest_cached_records(SSL *s); -int ssl3_new(SSL *s); -void ssl3_free(SSL *s); -int ssl3_accept(SSL *s); -int ssl3_connect(SSL *s); -int ssl3_read(SSL *s, void *buf, int len); -int ssl3_peek(SSL *s, void *buf, int len); -int ssl3_write(SSL *s, const void *buf, int len); -int ssl3_shutdown(SSL *s); -void ssl3_clear(SSL *s); -long ssl3_ctrl(SSL *s,int cmd, long larg, void *parg); -long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); -long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); -long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void)); -int ssl3_pending(const SSL *s); - -void ssl3_record_sequence_update(unsigned char *seq); -int ssl3_do_change_cipher_spec(SSL *ssl); -long ssl3_default_timeout(void ); - -int ssl23_num_ciphers(void ); -const SSL_CIPHER *ssl23_get_cipher(unsigned int u); -int ssl23_read(SSL *s, void *buf, int len); -int ssl23_peek(SSL *s, void *buf, int len); -int ssl23_write(SSL *s, const void *buf, int len); -int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); -const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); -long ssl23_default_timeout(void ); - -long tls1_default_timeout(void); -int dtls1_do_write(SSL *s,int type); -int ssl3_read_n(SSL *s, int n, int max, int extend); -int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); -int ssl3_do_compress(SSL *ssl); -int ssl3_do_uncompress(SSL *ssl); -int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, - unsigned int len); -unsigned char *dtls1_set_message_header(SSL *s, - unsigned char *p, unsigned char mt, unsigned long len, - unsigned long frag_off, unsigned long frag_len); - -int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len); -int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); - -int dtls1_send_change_cipher_spec(SSL *s, int a, int b); -int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen); -unsigned long dtls1_output_cert_chain(SSL *s, X509 *x); -int dtls1_read_failed(SSL *s, int code); -int dtls1_buffer_message(SSL *s, int ccs); -int dtls1_retransmit_message(SSL *s, unsigned short seq, - unsigned long frag_off, int *found); -int dtls1_get_queue_priority(unsigned short seq, int is_ccs); -int dtls1_retransmit_buffered_messages(SSL *s); -void dtls1_clear_record_buffer(SSL *s); -void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr); -void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); -void dtls1_reset_seq_numbers(SSL *s, int rw); -long dtls1_default_timeout(void); -struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft); -int dtls1_check_timeout_num(SSL *s); -int dtls1_handle_timeout(SSL *s); -const SSL_CIPHER *dtls1_get_cipher(unsigned int u); -void dtls1_start_timer(SSL *s); -void dtls1_stop_timer(SSL *s); -int dtls1_is_timer_expired(SSL *s); -void dtls1_double_timeout(SSL *s); -int dtls1_send_newsession_ticket(SSL *s); -unsigned int dtls1_min_mtu(SSL *s); -unsigned int dtls1_link_min_mtu(void); -void dtls1_hm_fragment_free(hm_fragment *frag); - -/* some client-only functions */ -int ssl3_client_hello(SSL *s); -int ssl3_get_server_hello(SSL *s); -int ssl3_get_certificate_request(SSL *s); -int ssl3_get_new_session_ticket(SSL *s); -int ssl3_get_cert_status(SSL *s); -int ssl3_get_server_done(SSL *s); -int ssl3_send_client_verify(SSL *s); -int ssl3_send_client_certificate(SSL *s); -int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey); -int ssl3_send_client_key_exchange(SSL *s); -int ssl3_get_key_exchange(SSL *s); -int ssl3_get_server_certificate(SSL *s); -int ssl3_check_cert_and_algorithm(SSL *s); -#ifndef OPENSSL_NO_TLSEXT -# ifndef OPENSSL_NO_NEXTPROTONEG -int ssl3_send_next_proto(SSL *s); -int ssl3_send_channel_id(SSL *s); -# endif -#endif - -int dtls1_client_hello(SSL *s); -int dtls1_send_client_certificate(SSL *s); -int dtls1_send_client_key_exchange(SSL *s); -int dtls1_send_client_verify(SSL *s); - -/* some server-only functions */ -int ssl3_get_client_hello(SSL *s); -int ssl3_send_server_hello(SSL *s); -int ssl3_send_hello_request(SSL *s); -int ssl3_send_server_key_exchange(SSL *s); -int ssl3_send_certificate_request(SSL *s); -int ssl3_send_server_done(SSL *s); -int ssl3_check_client_hello(SSL *s); -int ssl3_get_client_certificate(SSL *s); -int ssl3_get_client_key_exchange(SSL *s); -int ssl3_get_cert_verify(SSL *s); -#ifndef OPENSSL_NO_NEXTPROTONEG -int ssl3_get_next_proto(SSL *s); -#endif -int ssl3_get_channel_id(SSL *s); - -int dtls1_send_hello_request(SSL *s); -int dtls1_send_server_hello(SSL *s); -int dtls1_send_server_certificate(SSL *s); -int dtls1_send_server_key_exchange(SSL *s); -int dtls1_send_certificate_request(SSL *s); -int dtls1_send_server_done(SSL *s); - - - -int ssl23_accept(SSL *s); -int ssl23_connect(SSL *s); -int ssl23_read_bytes(SSL *s, int n); -int ssl23_write_bytes(SSL *s); - -int tls1_new(SSL *s); -void tls1_free(SSL *s); -void tls1_clear(SSL *s); -long tls1_ctrl(SSL *s,int cmd, long larg, void *parg); -long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); - -int dtls1_new(SSL *s); -int dtls1_accept(SSL *s); -int dtls1_connect(SSL *s); -void dtls1_free(SSL *s); -void dtls1_clear(SSL *s); -long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg); -int dtls1_shutdown(SSL *s); - -long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); -int dtls1_get_record(SSL *s); -int dtls1_dispatch_alert(SSL *s); -int dtls1_enc(SSL *s, int snd); - -int ssl_init_wbio_buffer(SSL *s, int push); -void ssl_free_wbio_buffer(SSL *s); - -int tls1_change_cipher_state(SSL *s, int which); -int tls1_setup_key_block(SSL *s); -int tls1_enc(SSL *s, int snd); -int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len); -int tls1_final_finish_mac(SSL *s, - const char *str, int slen, unsigned char *p); -int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); -int tls1_mac(SSL *ssl, unsigned char *md, int snd); -int tls1_generate_master_secret(SSL *s, unsigned char *out, - unsigned char *p, int len); -int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, - const unsigned char *p, size_t plen, int use_context); -int tls1_alert_code(int code); -int ssl3_alert_code(int code); -int ssl_ok(SSL *s); - -#ifndef OPENSSL_NO_ECDH -int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); -#endif - -SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); - -#ifndef OPENSSL_NO_EC -int tls1_ec_curve_id2nid(int curve_id); -int tls1_ec_nid2curve_id(int nid); -#endif /* OPENSSL_NO_EC */ - -#ifndef OPENSSL_NO_TLSEXT -unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit); -unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit); -int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); -int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); -int ssl_prepare_clienthello_tlsext(SSL *s); -int ssl_prepare_serverhello_tlsext(SSL *s); -int ssl_check_clienthello_tlsext_early(SSL *s); -int ssl_check_clienthello_tlsext_late(SSL *s); -int ssl_check_serverhello_tlsext(SSL *s); - -#ifndef OPENSSL_NO_HEARTBEATS -int tls1_heartbeat(SSL *s); -int dtls1_heartbeat(SSL *s); -int tls1_process_heartbeat(SSL *s); -int dtls1_process_heartbeat(SSL *s); -#endif - -#ifdef OPENSSL_NO_SHA256 -#define tlsext_tick_md EVP_sha1 -#else -#define tlsext_tick_md EVP_sha256 -#endif -int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, - const unsigned char *limit, SSL_SESSION **ret); - -int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, - const EVP_MD *md); -int tls12_get_sigid(const EVP_PKEY *pk); -const EVP_MD *tls12_get_hash(unsigned char hash_alg); - -int tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s); -int tls1_record_handshake_hashes_for_channel_id(SSL *s); -#endif - -int ssl3_can_cutthrough(const SSL *s); -EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ; -void ssl_clear_hash_ctx(EVP_MD_CTX **hash); -int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, - int maxlen); -int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, - int *al); -int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, - int maxlen); -int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, - int *al); -long ssl_get_algorithm2(SSL *s); -void tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize); -int tls12_get_req_sig_algs(SSL *s, unsigned char *p); - -int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen); -int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al); -int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen); -int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al); - -/* s3_cbc.c */ -void ssl3_cbc_copy_mac(unsigned char* out, - const SSL3_RECORD *rec, - unsigned md_size,unsigned orig_len); -int ssl3_cbc_remove_padding(const SSL* s, - SSL3_RECORD *rec, - unsigned block_size, - unsigned mac_size); -int tls1_cbc_remove_padding(const SSL* s, - SSL3_RECORD *rec, - unsigned block_size, - unsigned mac_size); -char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); -void ssl3_cbc_digest_record( - const EVP_MD_CTX *ctx, - unsigned char* md_out, - size_t* md_out_size, - const unsigned char header[13], - const unsigned char *data, - size_t data_plus_mac_size, - size_t data_plus_mac_plus_padding_size, - const unsigned char *mac_secret, - unsigned mac_secret_length, - char is_sslv3); - -void tls_fips_digest_extra( - const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx, - const unsigned char *data, size_t data_len, size_t orig_len); - -int srp_verify_server_param(SSL *s, int *al); - -#else - -#define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer -#define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers -#define tls1_process_heartbeat SSL_test_functions()->p_tls1_process_heartbeat -#define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat - -#endif -#endif diff --git a/main/openssl/ssl/ssl_rsa.c b/main/openssl/ssl/ssl_rsa.c deleted file mode 100644 index e98e862d..00000000 --- a/main/openssl/ssl/ssl_rsa.c +++ /dev/null @@ -1,821 +0,0 @@ -/* ssl/ssl_rsa.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "ssl_locl.h" -#include <openssl/bio.h> -#include <openssl/objects.h> -#include <openssl/evp.h> -#include <openssl/x509.h> -#include <openssl/pem.h> - -static int ssl_set_cert(CERT *c, X509 *x509); -static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); -int SSL_use_certificate(SSL *ssl, X509 *x) - { - if (x == NULL) - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ssl->cert)) - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); - return(0); - } - return(ssl_set_cert(ssl->cert,x)); - } - -#ifndef OPENSSL_NO_STDIO -int SSL_use_certificate_file(SSL *ssl, const char *file, int type) - { - int j; - BIO *in; - int ret=0; - X509 *x=NULL; - - in=BIO_new(BIO_s_file_internal()); - if (in == NULL) - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in,file) <= 0) - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); - goto end; - } - if (type == SSL_FILETYPE_ASN1) - { - j=ERR_R_ASN1_LIB; - x=d2i_X509_bio(in,NULL); - } - else if (type == SSL_FILETYPE_PEM) - { - j=ERR_R_PEM_LIB; - x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); - } - else - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); - goto end; - } - - if (x == NULL) - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j); - goto end; - } - - ret=SSL_use_certificate(ssl,x); -end: - if (x != NULL) X509_free(x); - if (in != NULL) BIO_free(in); - return(ret); - } -#endif - -int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) - { - X509 *x; - int ret; - - x=d2i_X509(NULL,&d,(long)len); - if (x == NULL) - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); - return(0); - } - - ret=SSL_use_certificate(ssl,x); - X509_free(x); - return(ret); - } - -#ifndef OPENSSL_NO_RSA -int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) - { - EVP_PKEY *pkey; - int ret; - - if (rsa == NULL) - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ssl->cert)) - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); - return(0); - } - if ((pkey=EVP_PKEY_new()) == NULL) - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); - return(0); - } - - RSA_up_ref(rsa); - EVP_PKEY_assign_RSA(pkey,rsa); - - ret=ssl_set_pkey(ssl->cert,pkey); - EVP_PKEY_free(pkey); - return(ret); - } -#endif - -static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) - { - int i; - - i=ssl_cert_type(NULL,pkey); - if (i < 0) - { - SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE); - return(0); - } - - if (c->pkeys[i].x509 != NULL) - { - EVP_PKEY *pktmp; - pktmp = X509_get_pubkey(c->pkeys[i].x509); - EVP_PKEY_copy_parameters(pktmp,pkey); - EVP_PKEY_free(pktmp); - ERR_clear_error(); - -#ifndef OPENSSL_NO_RSA - /* Don't check the public/private key, this is mostly - * for smart cards. */ - if ((pkey->type == EVP_PKEY_RSA) && - (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) - ; - else -#endif - if (!X509_check_private_key(c->pkeys[i].x509,pkey)) - { - X509_free(c->pkeys[i].x509); - c->pkeys[i].x509 = NULL; - return 0; - } - } - - if (c->pkeys[i].privatekey != NULL) - EVP_PKEY_free(c->pkeys[i].privatekey); - CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); - c->pkeys[i].privatekey=pkey; - c->key= &(c->pkeys[i]); - - c->valid=0; - return(1); - } - -#ifndef OPENSSL_NO_RSA -#ifndef OPENSSL_NO_STDIO -int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) - { - int j,ret=0; - BIO *in; - RSA *rsa=NULL; - - in=BIO_new(BIO_s_file_internal()); - if (in == NULL) - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in,file) <= 0) - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); - goto end; - } - if (type == SSL_FILETYPE_ASN1) - { - j=ERR_R_ASN1_LIB; - rsa=d2i_RSAPrivateKey_bio(in,NULL); - } - else if (type == SSL_FILETYPE_PEM) - { - j=ERR_R_PEM_LIB; - rsa=PEM_read_bio_RSAPrivateKey(in,NULL, - ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); - } - else - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); - goto end; - } - if (rsa == NULL) - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j); - goto end; - } - ret=SSL_use_RSAPrivateKey(ssl,rsa); - RSA_free(rsa); -end: - if (in != NULL) BIO_free(in); - return(ret); - } -#endif - -int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) - { - int ret; - const unsigned char *p; - RSA *rsa; - - p=d; - if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); - return(0); - } - - ret=SSL_use_RSAPrivateKey(ssl,rsa); - RSA_free(rsa); - return(ret); - } -#endif /* !OPENSSL_NO_RSA */ - -int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) - { - int ret; - - if (pkey == NULL) - { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ssl->cert)) - { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); - return(0); - } - ret=ssl_set_pkey(ssl->cert,pkey); - return(ret); - } - -#ifndef OPENSSL_NO_STDIO -int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) - { - int j,ret=0; - BIO *in; - EVP_PKEY *pkey=NULL; - - in=BIO_new(BIO_s_file_internal()); - if (in == NULL) - { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in,file) <= 0) - { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); - goto end; - } - if (type == SSL_FILETYPE_PEM) - { - j=ERR_R_PEM_LIB; - pkey=PEM_read_bio_PrivateKey(in,NULL, - ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); - } - else if (type == SSL_FILETYPE_ASN1) - { - j = ERR_R_ASN1_LIB; - pkey = d2i_PrivateKey_bio(in,NULL); - } - else - { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); - goto end; - } - if (pkey == NULL) - { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j); - goto end; - } - ret=SSL_use_PrivateKey(ssl,pkey); - EVP_PKEY_free(pkey); -end: - if (in != NULL) BIO_free(in); - return(ret); - } -#endif - -int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) - { - int ret; - const unsigned char *p; - EVP_PKEY *pkey; - - p=d; - if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) - { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); - return(0); - } - - ret=SSL_use_PrivateKey(ssl,pkey); - EVP_PKEY_free(pkey); - return(ret); - } - -int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) - { - if (x == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ctx->cert)) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); - return(0); - } - return(ssl_set_cert(ctx->cert, x)); - } - -static int ssl_set_cert(CERT *c, X509 *x) - { - EVP_PKEY *pkey; - int i; - - pkey=X509_get_pubkey(x); - if (pkey == NULL) - { - SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB); - return(0); - } - - i=ssl_cert_type(x,pkey); - if (i < 0) - { - SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE); - EVP_PKEY_free(pkey); - return(0); - } - - if (c->pkeys[i].privatekey != NULL) - { - EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey); - ERR_clear_error(); - -#ifndef OPENSSL_NO_RSA - /* Don't check the public/private key, this is mostly - * for smart cards. */ - if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && - (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & - RSA_METHOD_FLAG_NO_CHECK)) - ; - else -#endif /* OPENSSL_NO_RSA */ - if (!X509_check_private_key(x,c->pkeys[i].privatekey)) - { - /* don't fail for a cert/key mismatch, just free - * current private key (when switching to a different - * cert & key, first this function should be used, - * then ssl_set_pkey */ - EVP_PKEY_free(c->pkeys[i].privatekey); - c->pkeys[i].privatekey=NULL; - /* clear error queue */ - ERR_clear_error(); - } - } - - EVP_PKEY_free(pkey); - - if (c->pkeys[i].x509 != NULL) - X509_free(c->pkeys[i].x509); - CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); - c->pkeys[i].x509=x; - c->key= &(c->pkeys[i]); - - c->valid=0; - return(1); - } - -#ifndef OPENSSL_NO_STDIO -int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) - { - int j; - BIO *in; - int ret=0; - X509 *x=NULL; - - in=BIO_new(BIO_s_file_internal()); - if (in == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in,file) <= 0) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); - goto end; - } - if (type == SSL_FILETYPE_ASN1) - { - j=ERR_R_ASN1_LIB; - x=d2i_X509_bio(in,NULL); - } - else if (type == SSL_FILETYPE_PEM) - { - j=ERR_R_PEM_LIB; - x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); - } - else - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); - goto end; - } - - if (x == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j); - goto end; - } - - ret=SSL_CTX_use_certificate(ctx,x); -end: - if (x != NULL) X509_free(x); - if (in != NULL) BIO_free(in); - return(ret); - } -#endif - -int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) - { - X509 *x; - int ret; - - x=d2i_X509(NULL,&d,(long)len); - if (x == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); - return(0); - } - - ret=SSL_CTX_use_certificate(ctx,x); - X509_free(x); - return(ret); - } - -#ifndef OPENSSL_NO_RSA -int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) - { - int ret; - EVP_PKEY *pkey; - - if (rsa == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ctx->cert)) - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); - return(0); - } - if ((pkey=EVP_PKEY_new()) == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); - return(0); - } - - RSA_up_ref(rsa); - EVP_PKEY_assign_RSA(pkey,rsa); - - ret=ssl_set_pkey(ctx->cert, pkey); - EVP_PKEY_free(pkey); - return(ret); - } - -#ifndef OPENSSL_NO_STDIO -int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) - { - int j,ret=0; - BIO *in; - RSA *rsa=NULL; - - in=BIO_new(BIO_s_file_internal()); - if (in == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in,file) <= 0) - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); - goto end; - } - if (type == SSL_FILETYPE_ASN1) - { - j=ERR_R_ASN1_LIB; - rsa=d2i_RSAPrivateKey_bio(in,NULL); - } - else if (type == SSL_FILETYPE_PEM) - { - j=ERR_R_PEM_LIB; - rsa=PEM_read_bio_RSAPrivateKey(in,NULL, - ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); - } - else - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); - goto end; - } - if (rsa == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j); - goto end; - } - ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); - RSA_free(rsa); -end: - if (in != NULL) BIO_free(in); - return(ret); - } -#endif - -int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) - { - int ret; - const unsigned char *p; - RSA *rsa; - - p=d; - if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); - return(0); - } - - ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); - RSA_free(rsa); - return(ret); - } -#endif /* !OPENSSL_NO_RSA */ - -int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) - { - if (pkey == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ctx->cert)) - { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); - return(0); - } - return(ssl_set_pkey(ctx->cert,pkey)); - } - -#ifndef OPENSSL_NO_STDIO -int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) - { - int j,ret=0; - BIO *in; - EVP_PKEY *pkey=NULL; - - in=BIO_new(BIO_s_file_internal()); - if (in == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in,file) <= 0) - { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); - goto end; - } - if (type == SSL_FILETYPE_PEM) - { - j=ERR_R_PEM_LIB; - pkey=PEM_read_bio_PrivateKey(in,NULL, - ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); - } - else if (type == SSL_FILETYPE_ASN1) - { - j = ERR_R_ASN1_LIB; - pkey = d2i_PrivateKey_bio(in,NULL); - } - else - { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); - goto end; - } - if (pkey == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j); - goto end; - } - ret=SSL_CTX_use_PrivateKey(ctx,pkey); - EVP_PKEY_free(pkey); -end: - if (in != NULL) BIO_free(in); - return(ret); - } -#endif - -int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, - long len) - { - int ret; - const unsigned char *p; - EVP_PKEY *pkey; - - p=d; - if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); - return(0); - } - - ret=SSL_CTX_use_PrivateKey(ctx,pkey); - EVP_PKEY_free(pkey); - return(ret); - } - - -int SSL_use_certificate_chain(SSL *ssl, STACK_OF(X509) *cert_chain) - { - if (ssl == NULL) - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (ssl->cert == NULL) - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,SSL_R_NO_CERTIFICATE_ASSIGNED); - return(0); - } - if (ssl->cert->key == NULL) - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,SSL_R_NO_CERTIFICATE_ASSIGNED); - return(0); - } - if (ssl->cert->key->cert_chain != NULL) - sk_X509_pop_free(ssl->cert->key->cert_chain, X509_free); - ssl->cert->key->cert_chain = cert_chain; - return(1); - } - -STACK_OF(X509) *SSL_get_certificate_chain(SSL *ssl, X509 *x) - { - int i; - if (x == NULL) - return NULL; - if (ssl == NULL) - return NULL; - if (ssl->cert == NULL) - return NULL; - for (i = 0; i < SSL_PKEY_NUM; i++) - if (ssl->cert->pkeys[i].x509 == x) - return ssl->cert->pkeys[i].cert_chain; - return NULL; - } - -#ifndef OPENSSL_NO_STDIO -/* Read a file that contains our certificate in "PEM" format, - * possibly followed by a sequence of CA certificates that should be - * sent to the peer in the Certificate message. - */ -int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) - { - BIO *in; - int ret=0; - X509 *x=NULL; - - ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ - - in = BIO_new(BIO_s_file_internal()); - if (in == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in,file) <= 0) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB); - goto end; - } - - x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); - if (x == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB); - goto end; - } - - ret = SSL_CTX_use_certificate(ctx, x); - - if (ERR_peek_error() != 0) - ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */ - if (ret) - { - /* If we could set up our certificate, now proceed to - * the CA certificates. - */ - X509 *ca; - int r; - unsigned long err; - - if (ctx->extra_certs != NULL) - { - sk_X509_pop_free(ctx->extra_certs, X509_free); - ctx->extra_certs = NULL; - } - - while ((ca = PEM_read_bio_X509(in, NULL, - ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata)) - != NULL) - { - r = SSL_CTX_add_extra_chain_cert(ctx, ca); - if (!r) - { - X509_free(ca); - ret = 0; - goto end; - } - /* Note that we must not free r if it was successfully - * added to the chain (while we must free the main - * certificate, since its reference count is increased - * by SSL_CTX_use_certificate). */ - } - /* When the while loop ends, it's usually just EOF. */ - err = ERR_peek_last_error(); - if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) - ERR_clear_error(); - else - ret = 0; /* some real error */ - } - -end: - if (x != NULL) X509_free(x); - if (in != NULL) BIO_free(in); - return(ret); - } -#endif diff --git a/main/openssl/ssl/ssl_sess.c b/main/openssl/ssl/ssl_sess.c deleted file mode 100644 index 97902cd5..00000000 --- a/main/openssl/ssl/ssl_sess.c +++ /dev/null @@ -1,1203 +0,0 @@ -/* ssl/ssl_sess.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#include <stdio.h> -#include <openssl/lhash.h> -#include <openssl/rand.h> -#ifndef OPENSSL_NO_ENGINE -#include <openssl/engine.h> -#endif -#include "ssl_locl.h" - -static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); -static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); -static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); - -SSL_SESSION *SSL_get_session(const SSL *ssl) -/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ - { - return(ssl->session); - } - -SSL_SESSION *SSL_get1_session(SSL *ssl) -/* variant of SSL_get_session: caller really gets something */ - { - SSL_SESSION *sess; - /* Need to lock this all up rather than just use CRYPTO_add so that - * somebody doesn't free ssl->session between when we check it's - * non-null and when we up the reference count. */ - CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); - sess = ssl->session; - if(sess) - sess->references++; - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); - return(sess); - } - -int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp, - new_func, dup_func, free_func); - } - -int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) - { - return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); - } - -void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) - { - return(CRYPTO_get_ex_data(&s->ex_data,idx)); - } - -SSL_SESSION *SSL_SESSION_new(void) - { - SSL_SESSION *ss; - - ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION)); - if (ss == NULL) - { - SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE); - return(0); - } - memset(ss,0,sizeof(SSL_SESSION)); - - ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ - ss->references=1; - ss->timeout=60*5+4; /* 5 minute timeout by default */ - ss->time=(unsigned long)time(NULL); - ss->prev=NULL; - ss->next=NULL; - ss->compress_meth=0; -#ifndef OPENSSL_NO_TLSEXT - ss->tlsext_hostname = NULL; -#ifndef OPENSSL_NO_EC - ss->tlsext_ecpointformatlist_length = 0; - ss->tlsext_ecpointformatlist = NULL; - ss->tlsext_ellipticcurvelist_length = 0; - ss->tlsext_ellipticcurvelist = NULL; -#endif -#endif - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); -#ifndef OPENSSL_NO_PSK - ss->psk_identity_hint=NULL; - ss->psk_identity=NULL; -#endif -#ifndef OPENSSL_NO_SRP - ss->srp_username=NULL; -#endif - return(ss); - } - -const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) - { - if(len) - *len = s->session_id_length; - return s->session_id; - } - -unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) - { - return s->compress_meth; - } - -/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 - * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly - * until we have no conflict is going to complete in one iteration pretty much - * "most" of the time (btw: understatement). So, if it takes us 10 iterations - * and we still can't avoid a conflict - well that's a reasonable point to call - * it quits. Either the RAND code is broken or someone is trying to open roughly - * very close to 2^128 (or 2^256) SSL sessions to our server. How you might - * store that many sessions is perhaps a more interesting question ... */ - -#define MAX_SESS_ID_ATTEMPTS 10 -static int def_generate_session_id(const SSL *ssl, unsigned char *id, - unsigned int *id_len) -{ - unsigned int retry = 0; - do - if (RAND_pseudo_bytes(id, *id_len) <= 0) - return 0; - while(SSL_has_matching_session_id(ssl, id, *id_len) && - (++retry < MAX_SESS_ID_ATTEMPTS)); - if(retry < MAX_SESS_ID_ATTEMPTS) - return 1; - /* else - woops a session_id match */ - /* XXX We should also check the external cache -- - * but the probability of a collision is negligible, and - * we could not prevent the concurrent creation of sessions - * with identical IDs since we currently don't have means - * to atomically check whether a session ID already exists - * and make a reservation for it if it does not - * (this problem applies to the internal cache as well). - */ - return 0; -} - -void SSL_set_session_creation_enabled (SSL *s, int creation_enabled) - { - s->session_creation_enabled = creation_enabled; - } - -int ssl_get_new_session(SSL *s, int session) - { - /* This gets used by clients and servers. */ - - unsigned int tmp; - SSL_SESSION *ss=NULL; - GEN_SESSION_CB cb = def_generate_session_id; - - /* caller should check this if they can do better error handling */ - if (!s->session_creation_enabled) return(0); - if ((ss=SSL_SESSION_new()) == NULL) return(0); - - /* If the context has a default timeout, use it */ - if (s->session_ctx->session_timeout == 0) - ss->timeout=SSL_get_default_timeout(s); - else - ss->timeout=s->session_ctx->session_timeout; - - if (s->session != NULL) - { - SSL_SESSION_free(s->session); - s->session=NULL; - } - - if (session) - { - if (s->version == SSL2_VERSION) - { - ss->ssl_version=SSL2_VERSION; - ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; - } - else if (s->version == SSL3_VERSION) - { - ss->ssl_version=SSL3_VERSION; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else if (s->version == TLS1_VERSION) - { - ss->ssl_version=TLS1_VERSION; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else if (s->version == TLS1_1_VERSION) - { - ss->ssl_version=TLS1_1_VERSION; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else if (s->version == TLS1_2_VERSION) - { - ss->ssl_version=TLS1_2_VERSION; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else if (s->version == DTLS1_BAD_VER) - { - ss->ssl_version=DTLS1_BAD_VER; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else if (s->version == DTLS1_VERSION) - { - ss->ssl_version=DTLS1_VERSION; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else - { - SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION); - SSL_SESSION_free(ss); - return(0); - } -#ifndef OPENSSL_NO_TLSEXT - /* - * If RFC5077 ticket, use empty session ID (as server). - * Note that: - * (a) ssl_get_prev_session() does lookahead into the - * ClientHello extensions to find the session ticket. - * When ssl_get_prev_session() fails, s3_srvr.c calls - * ssl_get_new_session() in ssl3_get_client_hello(). - * At that point, it has not yet parsed the extensions, - * however, because of the lookahead, it already knows - * whether a ticket is expected or not. - * - * (b) s3_clnt.c calls ssl_get_new_session() before parsing - * ServerHello extensions, and before recording the session - * ID received from the server, so this block is a noop. - */ - if (s->tlsext_ticket_expected) - { - ss->session_id_length = 0; - goto sess_id_done; - } -#endif - /* Choose which callback will set the session ID */ - CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); - if(s->generate_session_id) - cb = s->generate_session_id; - else if(s->session_ctx->generate_session_id) - cb = s->session_ctx->generate_session_id; - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); - /* Choose a session ID */ - tmp = ss->session_id_length; - if(!cb(s, ss->session_id, &tmp)) - { - /* The callback failed */ - SSLerr(SSL_F_SSL_GET_NEW_SESSION, - SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); - SSL_SESSION_free(ss); - return(0); - } - /* Don't allow the callback to set the session length to zero. - * nor set it higher than it was. */ - if(!tmp || (tmp > ss->session_id_length)) - { - /* The callback set an illegal length */ - SSLerr(SSL_F_SSL_GET_NEW_SESSION, - SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); - SSL_SESSION_free(ss); - return(0); - } - /* If the session length was shrunk and we're SSLv2, pad it */ - if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) - memset(ss->session_id + tmp, 0, ss->session_id_length - tmp); - else - ss->session_id_length = tmp; - /* Finally, check for a conflict */ - if(SSL_has_matching_session_id(s, ss->session_id, - ss->session_id_length)) - { - SSLerr(SSL_F_SSL_GET_NEW_SESSION, - SSL_R_SSL_SESSION_ID_CONFLICT); - SSL_SESSION_free(ss); - return(0); - } -#ifndef OPENSSL_NO_TLSEXT - sess_id_done: - if (s->tlsext_hostname) { - ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname); - if (ss->tlsext_hostname == NULL) { - SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); - SSL_SESSION_free(ss); - return 0; - } - } -#ifndef OPENSSL_NO_EC - if (s->tlsext_ecpointformatlist) - { - if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); - if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) - { - SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); - SSL_SESSION_free(ss); - return 0; - } - ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length; - memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); - } - if (s->tlsext_ellipticcurvelist) - { - if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); - if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) - { - SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); - SSL_SESSION_free(ss); - return 0; - } - ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length; - memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); - } -#endif -#endif -#ifndef OPENSSL_NO_PSK - if (s->psk_identity_hint) - { - ss->psk_identity_hint = BUF_strdup(s->psk_identity_hint); - if (ss->psk_identity_hint == NULL) - { - SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); - SSL_SESSION_free(ss); - return 0; - } - } -#endif - } - else - { - ss->session_id_length=0; - } - - if (s->sid_ctx_length > sizeof ss->sid_ctx) - { - SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); - SSL_SESSION_free(ss); - return 0; - } - memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); - ss->sid_ctx_length=s->sid_ctx_length; - s->session=ss; - ss->ssl_version=s->version; - ss->verify_result = X509_V_OK; - - return(1); - } - -/* ssl_get_prev attempts to find an SSL_SESSION to be used to resume this - * connection. It is only called by servers. - * - * session_id: points at the session ID in the ClientHello. This code will - * read past the end of this in order to parse out the session ticket - * extension, if any. - * len: the length of the session ID. - * limit: a pointer to the first byte after the ClientHello. - * - * Returns: - * -1: error - * 0: a session may have been found. - * - * Side effects: - * - If a session is found then s->session is pointed at it (after freeing an - * existing session if need be) and s->verify_result is set from the session. - * - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1 - * if the server should issue a new session ticket (to 0 otherwise). - */ -int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, - const unsigned char *limit) - { - /* This is used only by servers. */ - - SSL_SESSION *ret=NULL; - int fatal = 0; - int try_session_cache = 1; -#ifndef OPENSSL_NO_TLSEXT - int r; -#endif - - if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) - goto err; - - if (len == 0) - try_session_cache = 0; - -#ifndef OPENSSL_NO_TLSEXT - r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */ - switch (r) - { - case -1: /* Error during processing */ - fatal = 1; - goto err; - case 0: /* No ticket found */ - case 1: /* Zero length ticket found */ - break; /* Ok to carry on processing session id. */ - case 2: /* Ticket found but not decrypted. */ - case 3: /* Ticket decrypted, *ret has been set. */ - try_session_cache = 0; - break; - default: - abort(); - } -#endif - - if (try_session_cache && - ret == NULL && - !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) - { - SSL_SESSION data; - data.ssl_version=s->version; - data.session_id_length=len; - if (len == 0) - return 0; - memcpy(data.session_id,session_id,len); - CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); - ret=lh_SSL_SESSION_retrieve(s->session_ctx->sessions,&data); - if (ret != NULL) - { - /* don't allow other threads to steal it: */ - CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); - } - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); - if (ret == NULL) - s->session_ctx->stats.sess_miss++; - } - - if (try_session_cache && - ret == NULL && - s->session_ctx->get_session_cb != NULL) - { - int copy=1; - - if ((ret=s->session_ctx->get_session_cb(s,session_id,len,©))) - { - s->session_ctx->stats.sess_cb_hit++; - - /* Increment reference count now if the session callback - * asks us to do so (note that if the session structures - * returned by the callback are shared between threads, - * it must handle the reference count itself [i.e. copy == 0], - * or things won't be thread-safe). */ - if (copy) - CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); - - /* Add the externally cached session to the internal - * cache as well if and only if we are supposed to. */ - if(!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) - /* The following should not return 1, otherwise, - * things are very strange */ - SSL_CTX_add_session(s->session_ctx,ret); - } - } - - if (ret == NULL) - goto err; - - /* Now ret is non-NULL and we own one of its reference counts. */ - - if (ret->sid_ctx_length != s->sid_ctx_length - || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)) - { - /* We have the session requested by the client, but we don't - * want to use it in this context. */ - goto err; /* treat like cache miss */ - } - - if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) - { - /* We can't be sure if this session is being used out of - * context, which is especially important for SSL_VERIFY_PEER. - * The application should have used SSL[_CTX]_set_session_id_context. - * - * For this error case, we generate an error instead of treating - * the event like a cache miss (otherwise it would be easy for - * applications to effectively disable the session cache by - * accident without anyone noticing). - */ - - SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); - fatal = 1; - goto err; - } - - if (ret->cipher == NULL) - { - unsigned char buf[5],*p; - unsigned long l; - - p=buf; - l=ret->cipher_id; - l2n(l,p); - if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR) - ret->cipher=ssl_get_cipher_by_char(s,&(buf[2])); - else - ret->cipher=ssl_get_cipher_by_char(s,&(buf[1])); - if (ret->cipher == NULL) - goto err; - } - - if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ - { - s->session_ctx->stats.sess_timeout++; - if (try_session_cache) - { - /* session was from the cache, so remove it */ - SSL_CTX_remove_session(s->session_ctx,ret); - } - goto err; - } - - s->session_ctx->stats.sess_hit++; - - if (s->session != NULL) - SSL_SESSION_free(s->session); - s->session=ret; - s->verify_result = s->session->verify_result; - return 1; - - err: - if (ret != NULL) - { - SSL_SESSION_free(ret); -#ifndef OPENSSL_NO_TLSEXT - if (!try_session_cache) - { - /* The session was from a ticket, so we should - * issue a ticket for the new session */ - s->tlsext_ticket_expected = 1; - } -#endif - } - if (fatal) - return -1; - else - return 0; - } - -int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) - { - int ret=0; - SSL_SESSION *s; - - /* add just 1 reference count for the SSL_CTX's session cache - * even though it has two ways of access: each session is in a - * doubly linked list and an lhash */ - CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION); - /* if session c is in already in cache, we take back the increment later */ - - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - s=lh_SSL_SESSION_insert(ctx->sessions,c); - - /* s != NULL iff we already had a session with the given PID. - * In this case, s == c should hold (then we did not really modify - * ctx->sessions), or we're in trouble. */ - if (s != NULL && s != c) - { - /* We *are* in trouble ... */ - SSL_SESSION_list_remove(ctx,s); - SSL_SESSION_free(s); - /* ... so pretend the other session did not exist in cache - * (we cannot handle two SSL_SESSION structures with identical - * session ID in the same cache, which could happen e.g. when - * two threads concurrently obtain the same session from an external - * cache) */ - s = NULL; - } - - /* Put at the head of the queue unless it is already in the cache */ - if (s == NULL) - SSL_SESSION_list_add(ctx,c); - - if (s != NULL) - { - /* existing cache entry -- decrement previously incremented reference - * count because it already takes into account the cache */ - - SSL_SESSION_free(s); /* s == c */ - ret=0; - } - else - { - /* new cache entry -- remove old ones if cache has become too large */ - - ret=1; - - if (SSL_CTX_sess_get_cache_size(ctx) > 0) - { - while (SSL_CTX_sess_number(ctx) > - SSL_CTX_sess_get_cache_size(ctx)) - { - if (!remove_session_lock(ctx, - ctx->session_cache_tail, 0)) - break; - else - ctx->stats.sess_cache_full++; - } - } - } - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - return(ret); - } - -int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) -{ - return remove_session_lock(ctx, c, 1); -} - -static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) - { - SSL_SESSION *r; - int ret=0; - - if ((c != NULL) && (c->session_id_length != 0)) - { - if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - if ((r = lh_SSL_SESSION_retrieve(ctx->sessions,c)) == c) - { - ret=1; - r=lh_SSL_SESSION_delete(ctx->sessions,c); - SSL_SESSION_list_remove(ctx,c); - } - - if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - - if (ret) - { - r->not_resumable=1; - if (ctx->remove_session_cb != NULL) - ctx->remove_session_cb(ctx,r); - SSL_SESSION_free(r); - } - } - else - ret=0; - return(ret); - } - -void SSL_SESSION_free(SSL_SESSION *ss) - { - int i; - - if(ss == NULL) - return; - - i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION); -#ifdef REF_PRINT - REF_PRINT("SSL_SESSION",ss); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"SSL_SESSION_free, bad reference count\n"); - abort(); /* ok */ - } -#endif - - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); - - OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg); - OPENSSL_cleanse(ss->master_key,sizeof ss->master_key); - OPENSSL_cleanse(ss->session_id,sizeof ss->session_id); - if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); - if (ss->peer != NULL) X509_free(ss->peer); - if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); -#ifndef OPENSSL_NO_TLSEXT - if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname); - if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick); -#ifndef OPENSSL_NO_EC - ss->tlsext_ecpointformatlist_length = 0; - if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); - ss->tlsext_ellipticcurvelist_length = 0; - if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); -#endif /* OPENSSL_NO_EC */ -#endif -#ifndef OPENSSL_NO_PSK - if (ss->psk_identity_hint != NULL) - OPENSSL_free(ss->psk_identity_hint); - if (ss->psk_identity != NULL) - OPENSSL_free(ss->psk_identity); -#endif -#ifndef OPENSSL_NO_SRP - if (ss->srp_username != NULL) - OPENSSL_free(ss->srp_username); -#endif - OPENSSL_cleanse(ss,sizeof(*ss)); - OPENSSL_free(ss); - } - -int SSL_set_session(SSL *s, SSL_SESSION *session) - { - int ret=0; - const SSL_METHOD *meth; - - if (session != NULL) - { - meth=s->ctx->method->get_ssl_method(session->ssl_version); - if (meth == NULL) - meth=s->method->get_ssl_method(session->ssl_version); - if (meth == NULL) - { - SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD); - return(0); - } - - if (meth != s->method) - { - if (!SSL_set_ssl_method(s,meth)) - return(0); - } - -#ifndef OPENSSL_NO_KRB5 - if (s->kssl_ctx && !s->kssl_ctx->client_princ && - session->krb5_client_princ_len > 0) - { - s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1); - memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ, - session->krb5_client_princ_len); - s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; - } -#endif /* OPENSSL_NO_KRB5 */ - - /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ - CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION); - if (s->session != NULL) - SSL_SESSION_free(s->session); - s->session=session; - s->verify_result = s->session->verify_result; - /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ - ret=1; - } - else - { - if (s->session != NULL) - { - SSL_SESSION_free(s->session); - s->session=NULL; - } - - meth=s->ctx->method; - if (meth != s->method) - { - if (!SSL_set_ssl_method(s,meth)) - return(0); - } - ret=1; - } - return(ret); - } - -long SSL_SESSION_set_timeout(SSL_SESSION *s, long t) - { - if (s == NULL) return(0); - s->timeout=t; - return(1); - } - -long SSL_SESSION_get_timeout(const SSL_SESSION *s) - { - if (s == NULL) return(0); - return(s->timeout); - } - -long SSL_SESSION_get_time(const SSL_SESSION *s) - { - if (s == NULL) return(0); - return(s->time); - } - -long SSL_SESSION_set_time(SSL_SESSION *s, long t) - { - if (s == NULL) return(0); - s->time=t; - return(t); - } - -X509 *SSL_SESSION_get0_peer(SSL_SESSION *s) - { - return s->peer; - } - -int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx, - unsigned int sid_ctx_len) - { - if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) - { - SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); - return 0; - } - s->sid_ctx_length=sid_ctx_len; - memcpy(s->sid_ctx,sid_ctx,sid_ctx_len); - - return 1; - } - -long SSL_CTX_set_timeout(SSL_CTX *s, long t) - { - long l; - if (s == NULL) return(0); - l=s->session_timeout; - s->session_timeout=t; - return(l); - } - -long SSL_CTX_get_timeout(const SSL_CTX *s) - { - if (s == NULL) return(0); - return(s->session_timeout); - } - -#ifndef OPENSSL_NO_TLSEXT -int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, - STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) - { - if (s == NULL) return(0); - s->tls_session_secret_cb = tls_session_secret_cb; - s->tls_session_secret_cb_arg = arg; - return(1); - } - -int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, - void *arg) - { - if (s == NULL) return(0); - s->tls_session_ticket_ext_cb = cb; - s->tls_session_ticket_ext_cb_arg = arg; - return(1); - } - -int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) - { - if (s->version >= TLS1_VERSION) - { - if (s->tlsext_session_ticket) - { - OPENSSL_free(s->tlsext_session_ticket); - s->tlsext_session_ticket = NULL; - } - - s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); - if (!s->tlsext_session_ticket) - { - SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); - return 0; - } - - if (ext_data) - { - s->tlsext_session_ticket->length = ext_len; - s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1; - memcpy(s->tlsext_session_ticket->data, ext_data, ext_len); - } - else - { - s->tlsext_session_ticket->length = 0; - s->tlsext_session_ticket->data = NULL; - } - - return 1; - } - - return 0; - } -#endif /* OPENSSL_NO_TLSEXT */ - -typedef struct timeout_param_st - { - SSL_CTX *ctx; - long time; - LHASH_OF(SSL_SESSION) *cache; - } TIMEOUT_PARAM; - -static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) - { - if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ - { - /* The reason we don't call SSL_CTX_remove_session() is to - * save on locking overhead */ - (void)lh_SSL_SESSION_delete(p->cache,s); - SSL_SESSION_list_remove(p->ctx,s); - s->not_resumable=1; - if (p->ctx->remove_session_cb != NULL) - p->ctx->remove_session_cb(p->ctx,s); - SSL_SESSION_free(s); - } - } - -static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) - -void SSL_CTX_flush_sessions(SSL_CTX *s, long t) - { - unsigned long i; - TIMEOUT_PARAM tp; - - tp.ctx=s; - tp.cache=s->sessions; - if (tp.cache == NULL) return; - tp.time=t; - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - i=CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; - CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=0; - lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), - TIMEOUT_PARAM, &tp); - CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=i; - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - } - -int ssl_clear_bad_session(SSL *s) - { - if ( (s->session != NULL) && - !(s->shutdown & SSL_SENT_SHUTDOWN) && - !(SSL_in_init(s) || SSL_in_before(s))) - { - SSL_CTX_remove_session(s->ctx,s->session); - return(1); - } - else - return(0); - } - -/* locked by SSL_CTX in the calling function */ -static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) - { - if ((s->next == NULL) || (s->prev == NULL)) return; - - if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) - { /* last element in list */ - if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) - { /* only one element in list */ - ctx->session_cache_head=NULL; - ctx->session_cache_tail=NULL; - } - else - { - ctx->session_cache_tail=s->prev; - s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail); - } - } - else - { - if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) - { /* first element in list */ - ctx->session_cache_head=s->next; - s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head); - } - else - { /* middle of list */ - s->next->prev=s->prev; - s->prev->next=s->next; - } - } - s->prev=s->next=NULL; - } - -static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) - { - if ((s->next != NULL) && (s->prev != NULL)) - SSL_SESSION_list_remove(ctx,s); - - if (ctx->session_cache_head == NULL) - { - ctx->session_cache_head=s; - ctx->session_cache_tail=s; - s->prev=(SSL_SESSION *)&(ctx->session_cache_head); - s->next=(SSL_SESSION *)&(ctx->session_cache_tail); - } - else - { - s->next=ctx->session_cache_head; - s->next->prev=s; - s->prev=(SSL_SESSION *)&(ctx->session_cache_head); - ctx->session_cache_head=s; - } - } - -void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, - int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess)) - { - ctx->new_session_cb=cb; - } - -int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) - { - return ctx->new_session_cb; - } - -void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, - void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess)) - { - ctx->remove_session_cb=cb; - } - -void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess) - { - return ctx->remove_session_cb; - } - -void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, - SSL_SESSION *(*cb)(struct ssl_st *ssl, - unsigned char *data,int len,int *copy)) - { - ctx->get_session_cb=cb; - } - -SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, - unsigned char *data,int len,int *copy) - { - return ctx->get_session_cb; - } - -void SSL_CTX_set_info_callback(SSL_CTX *ctx, - void (*cb)(const SSL *ssl,int type,int val)) - { - ctx->info_callback=cb; - } - -void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val) - { - return ctx->info_callback; - } - -void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, - int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) - { - ctx->client_cert_cb=cb; - } - -int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey) - { - return ctx->client_cert_cb; - } - -void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, - void (*cb)(SSL *ssl, EVP_PKEY **pkey)) - { - ctx->channel_id_cb=cb; - } - -void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL * ssl, EVP_PKEY **pkey) - { - return ctx->channel_id_cb; - } - -#ifndef OPENSSL_NO_ENGINE -int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) - { - if (!ENGINE_init(e)) - { - SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB); - return 0; - } - if(!ENGINE_get_ssl_client_cert_function(e)) - { - SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD); - ENGINE_finish(e); - return 0; - } - ctx->client_cert_engine = e; - return 1; - } -#endif - -void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, - int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) - { - ctx->app_gen_cookie_cb=cb; - } - -void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, - int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)) - { - ctx->app_verify_cookie_cb=cb; - } - -IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION) diff --git a/main/openssl/ssl/ssl_stat.c b/main/openssl/ssl/ssl_stat.c deleted file mode 100644 index c5a15ce5..00000000 --- a/main/openssl/ssl/ssl_stat.c +++ /dev/null @@ -1,564 +0,0 @@ -/* ssl/ssl_stat.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#include <stdio.h> -#include "ssl_locl.h" - -const char *SSL_state_string_long(const SSL *s) - { - const char *str; - - switch (s->state) - { -case SSL_ST_BEFORE: str="before SSL initialization"; break; -case SSL_ST_ACCEPT: str="before accept initialization"; break; -case SSL_ST_CONNECT: str="before connect initialization"; break; -case SSL_ST_OK: str="SSL negotiation finished successfully"; break; -case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break; -case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break; -case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break; -case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break; -case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break; -#ifndef OPENSSL_NO_SSL2 -case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break; -case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break; -case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break; -case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break; -case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break; -case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break; -case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break; -case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break; -case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break; -case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break; -case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break; -case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break; -case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break; -case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break; -case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break; -case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break; -case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break; -case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break; -case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break; -case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break; -case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break; -case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break; -case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break; -case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break; -case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break; -case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break; -case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break; -case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break; -case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break; -case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break; -#endif - -#ifndef OPENSSL_NO_SSL3 -/* SSLv3 additions */ -case SSL3_ST_CW_CLNT_HELLO_A: str="SSLv3 write client hello A"; break; -case SSL3_ST_CW_CLNT_HELLO_B: str="SSLv3 write client hello B"; break; -case SSL3_ST_CR_SRVR_HELLO_A: str="SSLv3 read server hello A"; break; -case SSL3_ST_CR_SRVR_HELLO_B: str="SSLv3 read server hello B"; break; -case SSL3_ST_CR_CERT_A: str="SSLv3 read server certificate A"; break; -case SSL3_ST_CR_CERT_B: str="SSLv3 read server certificate B"; break; -case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break; -case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break; -case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break; -case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break; -case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break; -case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break; -case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break; -case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break; -case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break; -case SSL3_ST_CW_CERT_B: str="SSLv3 write client certificate B"; break; -case SSL3_ST_CW_CERT_C: str="SSLv3 write client certificate C"; break; -case SSL3_ST_CW_CERT_D: str="SSLv3 write client certificate D"; break; -case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break; -case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break; -case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break; -case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify B"; break; - -case SSL3_ST_CW_CHANGE_A: -case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break; -case SSL3_ST_CW_CHANGE_B: -case SSL3_ST_SW_CHANGE_B: str="SSLv3 write change cipher spec B"; break; -case SSL3_ST_CW_FINISHED_A: -case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break; -case SSL3_ST_CW_FINISHED_B: -case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished B"; break; -case SSL3_ST_CR_CHANGE_A: -case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break; -case SSL3_ST_CR_CHANGE_B: -case SSL3_ST_SR_CHANGE_B: str="SSLv3 read change cipher spec B"; break; -case SSL3_ST_CR_FINISHED_A: -case SSL3_ST_SR_FINISHED_A: str="SSLv3 read finished A"; break; -case SSL3_ST_CR_FINISHED_B: -case SSL3_ST_SR_FINISHED_B: str="SSLv3 read finished B"; break; - -case SSL3_ST_CW_FLUSH: -case SSL3_ST_SW_FLUSH: str="SSLv3 flush data"; break; - -case SSL3_ST_SR_CLNT_HELLO_A: str="SSLv3 read client hello A"; break; -case SSL3_ST_SR_CLNT_HELLO_B: str="SSLv3 read client hello B"; break; -case SSL3_ST_SR_CLNT_HELLO_C: str="SSLv3 read client hello C"; break; -case SSL3_ST_SW_HELLO_REQ_A: str="SSLv3 write hello request A"; break; -case SSL3_ST_SW_HELLO_REQ_B: str="SSLv3 write hello request B"; break; -case SSL3_ST_SW_HELLO_REQ_C: str="SSLv3 write hello request C"; break; -case SSL3_ST_SW_SRVR_HELLO_A: str="SSLv3 write server hello A"; break; -case SSL3_ST_SW_SRVR_HELLO_B: str="SSLv3 write server hello B"; break; -case SSL3_ST_SW_CERT_A: str="SSLv3 write certificate A"; break; -case SSL3_ST_SW_CERT_B: str="SSLv3 write certificate B"; break; -case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break; -case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break; -case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break; -case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break; -case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break; -case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break; -case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break; -case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break; -case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break; -case SSL3_ST_SR_CERT_B: str="SSLv3 read client certificate B"; break; -case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break; -case SSL3_ST_SR_KEY_EXCH_B: str="SSLv3 read client key exchange B"; break; -case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certificate verify A"; break; -case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break; -#endif - -/* SSLv2/v3 compatibility states */ -/* client */ -case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break; -case SSL23_ST_CW_CLNT_HELLO_B: str="SSLv2/v3 write client hello B"; break; -case SSL23_ST_CR_SRVR_HELLO_A: str="SSLv2/v3 read server hello A"; break; -case SSL23_ST_CR_SRVR_HELLO_B: str="SSLv2/v3 read server hello B"; break; -/* server */ -case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break; -case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break; - -/* DTLS */ -case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break; -case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DTLS1 read hello verify request B"; break; -case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DTLS1 write hello verify request A"; break; -case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DTLS1 write hello verify request B"; break; - -default: str="unknown state"; break; - } - return(str); - } - -const char *SSL_rstate_string_long(const SSL *s) - { - const char *str; - - switch (s->rstate) - { - case SSL_ST_READ_HEADER: str="read header"; break; - case SSL_ST_READ_BODY: str="read body"; break; - case SSL_ST_READ_DONE: str="read done"; break; - default: str="unknown"; break; - } - return(str); - } - -const char *SSL_state_string(const SSL *s) - { - const char *str; - - switch (s->state) - { -case SSL_ST_BEFORE: str="PINIT "; break; -case SSL_ST_ACCEPT: str="AINIT "; break; -case SSL_ST_CONNECT: str="CINIT "; break; -case SSL_ST_OK: str="SSLOK "; break; -#ifndef OPENSSL_NO_SSL2 -case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break; -case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break; -case SSL2_ST_SEND_CLIENT_HELLO_A: str="2SCH_A"; break; -case SSL2_ST_SEND_CLIENT_HELLO_B: str="2SCH_B"; break; -case SSL2_ST_GET_SERVER_HELLO_A: str="2GSH_A"; break; -case SSL2_ST_GET_SERVER_HELLO_B: str="2GSH_B"; break; -case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="2SCMKA"; break; -case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="2SCMKB"; break; -case SSL2_ST_SEND_CLIENT_FINISHED_A: str="2SCF_A"; break; -case SSL2_ST_SEND_CLIENT_FINISHED_B: str="2SCF_B"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="2SCC_A"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="2SCC_B"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="2SCC_C"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="2SCC_D"; break; -case SSL2_ST_GET_SERVER_VERIFY_A: str="2GSV_A"; break; -case SSL2_ST_GET_SERVER_VERIFY_B: str="2GSV_B"; break; -case SSL2_ST_GET_SERVER_FINISHED_A: str="2GSF_A"; break; -case SSL2_ST_GET_SERVER_FINISHED_B: str="2GSF_B"; break; -case SSL2_ST_GET_CLIENT_HELLO_A: str="2GCH_A"; break; -case SSL2_ST_GET_CLIENT_HELLO_B: str="2GCH_B"; break; -case SSL2_ST_GET_CLIENT_HELLO_C: str="2GCH_C"; break; -case SSL2_ST_SEND_SERVER_HELLO_A: str="2SSH_A"; break; -case SSL2_ST_SEND_SERVER_HELLO_B: str="2SSH_B"; break; -case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="2GCMKA"; break; -case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="2GCMKA"; break; -case SSL2_ST_SEND_SERVER_VERIFY_A: str="2SSV_A"; break; -case SSL2_ST_SEND_SERVER_VERIFY_B: str="2SSV_B"; break; -case SSL2_ST_SEND_SERVER_VERIFY_C: str="2SSV_C"; break; -case SSL2_ST_GET_CLIENT_FINISHED_A: str="2GCF_A"; break; -case SSL2_ST_GET_CLIENT_FINISHED_B: str="2GCF_B"; break; -case SSL2_ST_SEND_SERVER_FINISHED_A: str="2SSF_A"; break; -case SSL2_ST_SEND_SERVER_FINISHED_B: str="2SSF_B"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="2SRC_A"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="2SRC_B"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="2SRC_C"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="2SRC_D"; break; -case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="2X9GSC"; break; -case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="2X9GCC"; break; -#endif - -#ifndef OPENSSL_NO_SSL3 -/* SSLv3 additions */ -case SSL3_ST_SW_FLUSH: -case SSL3_ST_CW_FLUSH: str="3FLUSH"; break; -case SSL3_ST_CW_CLNT_HELLO_A: str="3WCH_A"; break; -case SSL3_ST_CW_CLNT_HELLO_B: str="3WCH_B"; break; -case SSL3_ST_CR_SRVR_HELLO_A: str="3RSH_A"; break; -case SSL3_ST_CR_SRVR_HELLO_B: str="3RSH_B"; break; -case SSL3_ST_CR_CERT_A: str="3RSC_A"; break; -case SSL3_ST_CR_CERT_B: str="3RSC_B"; break; -case SSL3_ST_CR_KEY_EXCH_A: str="3RSKEA"; break; -case SSL3_ST_CR_KEY_EXCH_B: str="3RSKEB"; break; -case SSL3_ST_CR_CERT_REQ_A: str="3RCR_A"; break; -case SSL3_ST_CR_CERT_REQ_B: str="3RCR_B"; break; -case SSL3_ST_CR_SRVR_DONE_A: str="3RSD_A"; break; -case SSL3_ST_CR_SRVR_DONE_B: str="3RSD_B"; break; -case SSL3_ST_CW_CERT_A: str="3WCC_A"; break; -case SSL3_ST_CW_CERT_B: str="3WCC_B"; break; -case SSL3_ST_CW_CERT_C: str="3WCC_C"; break; -case SSL3_ST_CW_CERT_D: str="3WCC_D"; break; -case SSL3_ST_CW_KEY_EXCH_A: str="3WCKEA"; break; -case SSL3_ST_CW_KEY_EXCH_B: str="3WCKEB"; break; -case SSL3_ST_CW_CERT_VRFY_A: str="3WCV_A"; break; -case SSL3_ST_CW_CERT_VRFY_B: str="3WCV_B"; break; - -case SSL3_ST_SW_CHANGE_A: -case SSL3_ST_CW_CHANGE_A: str="3WCCSA"; break; -case SSL3_ST_SW_CHANGE_B: -case SSL3_ST_CW_CHANGE_B: str="3WCCSB"; break; -case SSL3_ST_SW_FINISHED_A: -case SSL3_ST_CW_FINISHED_A: str="3WFINA"; break; -case SSL3_ST_SW_FINISHED_B: -case SSL3_ST_CW_FINISHED_B: str="3WFINB"; break; -case SSL3_ST_SR_CHANGE_A: -case SSL3_ST_CR_CHANGE_A: str="3RCCSA"; break; -case SSL3_ST_SR_CHANGE_B: -case SSL3_ST_CR_CHANGE_B: str="3RCCSB"; break; -case SSL3_ST_SR_FINISHED_A: -case SSL3_ST_CR_FINISHED_A: str="3RFINA"; break; -case SSL3_ST_SR_FINISHED_B: -case SSL3_ST_CR_FINISHED_B: str="3RFINB"; break; - -case SSL3_ST_SW_HELLO_REQ_A: str="3WHR_A"; break; -case SSL3_ST_SW_HELLO_REQ_B: str="3WHR_B"; break; -case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break; -case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break; -case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break; -case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break; -case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break; -case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break; -case SSL3_ST_SW_CERT_A: str="3WSC_A"; break; -case SSL3_ST_SW_CERT_B: str="3WSC_B"; break; -case SSL3_ST_SW_KEY_EXCH_A: str="3WSKEA"; break; -case SSL3_ST_SW_KEY_EXCH_B: str="3WSKEB"; break; -case SSL3_ST_SW_CERT_REQ_A: str="3WCR_A"; break; -case SSL3_ST_SW_CERT_REQ_B: str="3WCR_B"; break; -case SSL3_ST_SW_SRVR_DONE_A: str="3WSD_A"; break; -case SSL3_ST_SW_SRVR_DONE_B: str="3WSD_B"; break; -case SSL3_ST_SR_CERT_A: str="3RCC_A"; break; -case SSL3_ST_SR_CERT_B: str="3RCC_B"; break; -case SSL3_ST_SR_KEY_EXCH_A: str="3RCKEA"; break; -case SSL3_ST_SR_KEY_EXCH_B: str="3RCKEB"; break; -case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break; -case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break; -#endif - -/* SSLv2/v3 compatibility states */ -/* client */ -case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break; -case SSL23_ST_CW_CLNT_HELLO_B: str="23WCHB"; break; -case SSL23_ST_CR_SRVR_HELLO_A: str="23RSHA"; break; -case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; break; -/* server */ -case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break; -case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break; - -/* DTLS */ -case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break; -case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break; -case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DWCHVA"; break; -case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DWCHVB"; break; - -default: str="UNKWN "; break; - } - return(str); - } - -const char *SSL_alert_type_string_long(int value) - { - value>>=8; - if (value == SSL3_AL_WARNING) - return("warning"); - else if (value == SSL3_AL_FATAL) - return("fatal"); - else - return("unknown"); - } - -const char *SSL_alert_type_string(int value) - { - value>>=8; - if (value == SSL3_AL_WARNING) - return("W"); - else if (value == SSL3_AL_FATAL) - return("F"); - else - return("U"); - } - -const char *SSL_alert_desc_string(int value) - { - const char *str; - - switch (value & 0xff) - { - case SSL3_AD_CLOSE_NOTIFY: str="CN"; break; - case SSL3_AD_UNEXPECTED_MESSAGE: str="UM"; break; - case SSL3_AD_BAD_RECORD_MAC: str="BM"; break; - case SSL3_AD_DECOMPRESSION_FAILURE: str="DF"; break; - case SSL3_AD_HANDSHAKE_FAILURE: str="HF"; break; - case SSL3_AD_NO_CERTIFICATE: str="NC"; break; - case SSL3_AD_BAD_CERTIFICATE: str="BC"; break; - case SSL3_AD_UNSUPPORTED_CERTIFICATE: str="UC"; break; - case SSL3_AD_CERTIFICATE_REVOKED: str="CR"; break; - case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break; - case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break; - case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break; - case TLS1_AD_DECRYPTION_FAILED: str="DC"; break; - case TLS1_AD_RECORD_OVERFLOW: str="RO"; break; - case TLS1_AD_UNKNOWN_CA: str="CA"; break; - case TLS1_AD_ACCESS_DENIED: str="AD"; break; - case TLS1_AD_DECODE_ERROR: str="DE"; break; - case TLS1_AD_DECRYPT_ERROR: str="CY"; break; - case TLS1_AD_EXPORT_RESTRICTION: str="ER"; break; - case TLS1_AD_PROTOCOL_VERSION: str="PV"; break; - case TLS1_AD_INSUFFICIENT_SECURITY: str="IS"; break; - case TLS1_AD_INTERNAL_ERROR: str="IE"; break; - case TLS1_AD_USER_CANCELLED: str="US"; break; - case TLS1_AD_NO_RENEGOTIATION: str="NR"; break; - case TLS1_AD_UNSUPPORTED_EXTENSION: str="UE"; break; - case TLS1_AD_CERTIFICATE_UNOBTAINABLE: str="CO"; break; - case TLS1_AD_UNRECOGNIZED_NAME: str="UN"; break; - case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: str="BR"; break; - case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: str="BH"; break; - case TLS1_AD_UNKNOWN_PSK_IDENTITY: str="UP"; break; - default: str="UK"; break; - } - return(str); - } - -const char *SSL_alert_desc_string_long(int value) - { - const char *str; - - switch (value & 0xff) - { - case SSL3_AD_CLOSE_NOTIFY: - str="close notify"; - break; - case SSL3_AD_UNEXPECTED_MESSAGE: - str="unexpected_message"; - break; - case SSL3_AD_BAD_RECORD_MAC: - str="bad record mac"; - break; - case SSL3_AD_DECOMPRESSION_FAILURE: - str="decompression failure"; - break; - case SSL3_AD_HANDSHAKE_FAILURE: - str="handshake failure"; - break; - case SSL3_AD_NO_CERTIFICATE: - str="no certificate"; - break; - case SSL3_AD_BAD_CERTIFICATE: - str="bad certificate"; - break; - case SSL3_AD_UNSUPPORTED_CERTIFICATE: - str="unsupported certificate"; - break; - case SSL3_AD_CERTIFICATE_REVOKED: - str="certificate revoked"; - break; - case SSL3_AD_CERTIFICATE_EXPIRED: - str="certificate expired"; - break; - case SSL3_AD_CERTIFICATE_UNKNOWN: - str="certificate unknown"; - break; - case SSL3_AD_ILLEGAL_PARAMETER: - str="illegal parameter"; - break; - case TLS1_AD_DECRYPTION_FAILED: - str="decryption failed"; - break; - case TLS1_AD_RECORD_OVERFLOW: - str="record overflow"; - break; - case TLS1_AD_UNKNOWN_CA: - str="unknown CA"; - break; - case TLS1_AD_ACCESS_DENIED: - str="access denied"; - break; - case TLS1_AD_DECODE_ERROR: - str="decode error"; - break; - case TLS1_AD_DECRYPT_ERROR: - str="decrypt error"; - break; - case TLS1_AD_EXPORT_RESTRICTION: - str="export restriction"; - break; - case TLS1_AD_PROTOCOL_VERSION: - str="protocol version"; - break; - case TLS1_AD_INSUFFICIENT_SECURITY: - str="insufficient security"; - break; - case TLS1_AD_INTERNAL_ERROR: - str="internal error"; - break; - case TLS1_AD_USER_CANCELLED: - str="user canceled"; - break; - case TLS1_AD_NO_RENEGOTIATION: - str="no renegotiation"; - break; - case TLS1_AD_UNSUPPORTED_EXTENSION: - str="unsupported extension"; - break; - case TLS1_AD_CERTIFICATE_UNOBTAINABLE: - str="certificate unobtainable"; - break; - case TLS1_AD_UNRECOGNIZED_NAME: - str="unrecognized name"; - break; - case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: - str="bad certificate status response"; - break; - case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: - str="bad certificate hash value"; - break; - case TLS1_AD_UNKNOWN_PSK_IDENTITY: - str="unknown PSK identity"; - break; - default: str="unknown"; break; - } - return(str); - } - -const char *SSL_rstate_string(const SSL *s) - { - const char *str; - - switch (s->rstate) - { - case SSL_ST_READ_HEADER:str="RH"; break; - case SSL_ST_READ_BODY: str="RB"; break; - case SSL_ST_READ_DONE: str="RD"; break; - default: str="unknown"; break; - } - return(str); - } diff --git a/main/openssl/ssl/ssl_txt.c b/main/openssl/ssl/ssl_txt.c deleted file mode 100644 index 6479d52c..00000000 --- a/main/openssl/ssl/ssl_txt.c +++ /dev/null @@ -1,248 +0,0 @@ -/* ssl/ssl_txt.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#include <stdio.h> -#include <openssl/buffer.h> -#include "ssl_locl.h" - -#ifndef OPENSSL_NO_FP_API -int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file_internal())) == NULL) - { - SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=SSL_SESSION_print(b,x); - BIO_free(b); - return(ret); - } -#endif - -int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) - { - unsigned int i; - const char *s; - - if (x == NULL) goto err; - if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err; - if (x->ssl_version == SSL2_VERSION) - s="SSLv2"; - else if (x->ssl_version == SSL3_VERSION) - s="SSLv3"; - else if (x->ssl_version == TLS1_2_VERSION) - s="TLSv1.2"; - else if (x->ssl_version == TLS1_1_VERSION) - s="TLSv1.1"; - else if (x->ssl_version == TLS1_VERSION) - s="TLSv1"; - else if (x->ssl_version == DTLS1_VERSION) - s="DTLSv1"; - else if (x->ssl_version == DTLS1_BAD_VER) - s="DTLSv1-bad"; - else - s="unknown"; - if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err; - - if (x->cipher == NULL) - { - if (((x->cipher_id) & 0xff000000) == 0x02000000) - { - if (BIO_printf(bp," Cipher : %06lX\n",x->cipher_id&0xffffff) <= 0) - goto err; - } - else - { - if (BIO_printf(bp," Cipher : %04lX\n",x->cipher_id&0xffff) <= 0) - goto err; - } - } - else - { - if (BIO_printf(bp," Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0) - goto err; - } - if (BIO_puts(bp," Session-ID: ") <= 0) goto err; - for (i=0; i<x->session_id_length; i++) - { - if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err; - } - if (BIO_puts(bp,"\n Session-ID-ctx: ") <= 0) goto err; - for (i=0; i<x->sid_ctx_length; i++) - { - if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0) - goto err; - } - if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err; - for (i=0; i<(unsigned int)x->master_key_length; i++) - { - if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err; - } - if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err; - if (x->key_arg_length == 0) - { - if (BIO_puts(bp,"None") <= 0) goto err; - } - else - for (i=0; i<x->key_arg_length; i++) - { - if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err; - } -#ifndef OPENSSL_NO_KRB5 - if (BIO_puts(bp,"\n Krb5 Principal: ") <= 0) goto err; - if (x->krb5_client_princ_len == 0) - { - if (BIO_puts(bp,"None") <= 0) goto err; - } - else - for (i=0; i<x->krb5_client_princ_len; i++) - { - if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err; - } -#endif /* OPENSSL_NO_KRB5 */ -#ifndef OPENSSL_NO_PSK - if (BIO_puts(bp,"\n PSK identity: ") <= 0) goto err; - if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err; - if (BIO_puts(bp,"\n PSK identity hint: ") <= 0) goto err; - if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err; -#endif -#ifndef OPENSSL_NO_SRP - if (BIO_puts(bp,"\n SRP username: ") <= 0) goto err; - if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0) goto err; -#endif -#ifndef OPENSSL_NO_TLSEXT - if (x->tlsext_tick_lifetime_hint) - { - if (BIO_printf(bp, - "\n TLS session ticket lifetime hint: %ld (seconds)", - x->tlsext_tick_lifetime_hint) <=0) - goto err; - } - if (x->tlsext_tick) - { - if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err; - if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) - goto err; - } -#endif - -#ifndef OPENSSL_NO_COMP - if (x->compress_meth != 0) - { - SSL_COMP *comp = NULL; - - ssl_cipher_get_evp(x,NULL,NULL,NULL,NULL,&comp); - if (comp == NULL) - { - if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err; - } - else - { - if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err; - } - } -#endif - if (x->time != 0L) - { - if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err; - } - if (x->timeout != 0L) - { - if (BIO_printf(bp, "\n Timeout : %ld (sec)",x->timeout) <= 0) goto err; - } - if (BIO_puts(bp,"\n") <= 0) goto err; - - if (BIO_puts(bp, " Verify return code: ") <= 0) goto err; - if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, - X509_verify_cert_error_string(x->verify_result)) <= 0) goto err; - - return(1); -err: - return(0); - } - diff --git a/main/openssl/ssl/ssltest.c b/main/openssl/ssl/ssltest.c deleted file mode 100644 index 4f0abfe2..00000000 --- a/main/openssl/ssl/ssltest.c +++ /dev/null @@ -1,2634 +0,0 @@ -/* ssl/ssltest.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#define _BSD_SOURCE 1 /* Or gethostname won't be declared properly - on Linux and GNU platforms. */ - -#include <assert.h> -#include <errno.h> -#include <limits.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <time.h> - -#define USE_SOCKETS -#include "e_os.h" - -#ifdef OPENSSL_SYS_VMS -#define _XOPEN_SOURCE 500 /* Or isascii won't be declared properly on - VMS (at least with DECompHP C). */ -#endif - -#include <ctype.h> - -#include <openssl/bio.h> -#include <openssl/crypto.h> -#include <openssl/evp.h> -#include <openssl/x509.h> -#include <openssl/x509v3.h> -#include <openssl/ssl.h> -#ifndef OPENSSL_NO_ENGINE -#include <openssl/engine.h> -#endif -#include <openssl/err.h> -#include <openssl/rand.h> -#ifndef OPENSSL_NO_RSA -#include <openssl/rsa.h> -#endif -#ifndef OPENSSL_NO_DSA -#include <openssl/dsa.h> -#endif -#ifndef OPENSSL_NO_DH -#include <openssl/dh.h> -#endif -#ifndef OPENSSL_NO_SRP -#include <openssl/srp.h> -#endif -#include <openssl/bn.h> - -#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly - on Compaq platforms (at least with DEC C). - Do not try to put it earlier, or IPv6 includes - get screwed... - */ - -#ifdef OPENSSL_SYS_WINDOWS -#include <winsock.h> -#else -#include OPENSSL_UNISTD -#endif - -#ifdef OPENSSL_SYS_VMS -# define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM" -# define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM" -#elif defined(OPENSSL_SYS_WINCE) -# define TEST_SERVER_CERT "\\OpenSSL\\server.pem" -# define TEST_CLIENT_CERT "\\OpenSSL\\client.pem" -#elif defined(OPENSSL_SYS_NETWARE) -# define TEST_SERVER_CERT "\\openssl\\apps\\server.pem" -# define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem" -#else -# define TEST_SERVER_CERT "../apps/server.pem" -# define TEST_CLIENT_CERT "../apps/client.pem" -#endif - -/* There is really no standard for this, so let's assign some tentative - numbers. In any case, these numbers are only for this test */ -#define COMP_RLE 255 -#define COMP_ZLIB 1 - -static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); -#ifndef OPENSSL_NO_RSA -static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength); -static void free_tmp_rsa(void); -#endif -static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg); -#define APP_CALLBACK_STRING "Test Callback Argument" -struct app_verify_arg - { - char *string; - int app_verify; - int allow_proxy_certs; - char *proxy_auth; - char *proxy_cond; - }; - -#ifndef OPENSSL_NO_DH -static DH *get_dh512(void); -static DH *get_dh1024(void); -static DH *get_dh1024dsa(void); -#endif - - -static char *psk_key=NULL; /* by default PSK is not used */ -#ifndef OPENSSL_NO_PSK -static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identity, - unsigned int max_identity_len, unsigned char *psk, - unsigned int max_psk_len); -static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk, - unsigned int max_psk_len); -#endif - -#ifndef OPENSSL_NO_SRP -/* SRP client */ -/* This is a context that we pass to all callbacks */ -typedef struct srp_client_arg_st - { - char *srppassin; - char *srplogin; - } SRP_CLIENT_ARG; - -#define PWD_STRLEN 1024 - -static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg) - { - SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg; - return BUF_strdup((char *)srp_client_arg->srppassin); - } - -/* SRP server */ -/* This is a context that we pass to SRP server callbacks */ -typedef struct srp_server_arg_st - { - char *expected_user; - char *pass; - } SRP_SERVER_ARG; - -static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) - { - SRP_SERVER_ARG * p = (SRP_SERVER_ARG *) arg; - - if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) - { - fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s)); - return SSL3_AL_FATAL; - } - if (SSL_set_srp_server_param_pw(s,p->expected_user,p->pass,"1024")<0) - { - *ad = SSL_AD_INTERNAL_ERROR; - return SSL3_AL_FATAL; - } - return SSL_ERROR_NONE; - } -#endif - -static BIO *bio_err=NULL; -static BIO *bio_stdout=NULL; - -static char *cipher=NULL; -static int verbose=0; -static int debug=0; -#if 0 -/* Not used yet. */ -#ifdef FIONBIO -static int s_nbio=0; -#endif -#endif - -static const char rnd_seed[] = "string to make the random number generator think it has entropy"; - -int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time); -int doit(SSL *s_ssl,SSL *c_ssl,long bytes); -static int do_test_cipherlist(void); -static void sv_usage(void) - { - fprintf(stderr,"usage: ssltest [args ...]\n"); - fprintf(stderr,"\n"); -#ifdef OPENSSL_FIPS - fprintf(stderr,"-F - run test in FIPS mode\n"); -#endif - fprintf(stderr," -server_auth - check server certificate\n"); - fprintf(stderr," -client_auth - do client authentication\n"); - fprintf(stderr," -proxy - allow proxy certificates\n"); - fprintf(stderr," -proxy_auth <val> - set proxy policy rights\n"); - fprintf(stderr," -proxy_cond <val> - experssion to test proxy policy rights\n"); - fprintf(stderr," -v - more output\n"); - fprintf(stderr," -d - debug output\n"); - fprintf(stderr," -reuse - use session-id reuse\n"); - fprintf(stderr," -num <val> - number of connections to perform\n"); - fprintf(stderr," -bytes <val> - number of bytes to swap between client/server\n"); -#ifndef OPENSSL_NO_DH - fprintf(stderr," -dhe1024 - use 1024 bit key (safe prime) for DHE\n"); - fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); - fprintf(stderr," -no_dhe - disable DHE\n"); -#endif -#ifndef OPENSSL_NO_ECDH - fprintf(stderr," -no_ecdhe - disable ECDHE\n"); -#endif -#ifndef OPENSSL_NO_PSK - fprintf(stderr," -psk arg - PSK in hex (without 0x)\n"); -#endif -#ifndef OPENSSL_NO_SRP - fprintf(stderr," -srpuser user - SRP username to use\n"); - fprintf(stderr," -srppass arg - password for 'user'\n"); -#endif -#ifndef OPENSSL_NO_SSL2 - fprintf(stderr," -ssl2 - use SSLv2\n"); -#endif -#ifndef OPENSSL_NO_SSL3_METHOD - fprintf(stderr," -ssl3 - use SSLv3\n"); -#endif -#ifndef OPENSSL_NO_TLS1 - fprintf(stderr," -tls1 - use TLSv1\n"); -#endif - fprintf(stderr," -CApath arg - PEM format directory of CA's\n"); - fprintf(stderr," -CAfile arg - PEM format file of CA's\n"); - fprintf(stderr," -cert arg - Server certificate file\n"); - fprintf(stderr," -key arg - Server key file (default: same as -cert)\n"); - fprintf(stderr," -c_cert arg - Client certificate file\n"); - fprintf(stderr," -c_key arg - Client key file (default: same as -c_cert)\n"); - fprintf(stderr," -cipher arg - The cipher list\n"); - fprintf(stderr," -bio_pair - Use BIO pairs\n"); - fprintf(stderr," -f - Test even cases that can't work\n"); - fprintf(stderr," -time - measure processor time used by client and server\n"); - fprintf(stderr," -zlib - use zlib compression\n"); - fprintf(stderr," -rle - use rle compression\n"); -#ifndef OPENSSL_NO_ECDH - fprintf(stderr," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ - " Use \"openssl ecparam -list_curves\" for all names\n" \ - " (default is sect163r2).\n"); -#endif - fprintf(stderr," -test_cipherlist - Verifies the order of the ssl cipher lists.\n" - " When this option is requested, the cipherlist\n" - " tests are run instead of handshake tests.\n"); - fprintf(stderr," -cutthrough - enable 1-RTT full-handshake for strong ciphers\n"); - } - -static void print_details(SSL *c_ssl, const char *prefix) - { - const SSL_CIPHER *ciph; - X509 *cert; - - ciph=SSL_get_current_cipher(c_ssl); - BIO_printf(bio_stdout,"%s%s, cipher %s %s", - prefix, - SSL_get_version(c_ssl), - SSL_CIPHER_get_version(ciph), - SSL_CIPHER_get_name(ciph)); - cert=SSL_get_peer_certificate(c_ssl); - if (cert != NULL) - { - EVP_PKEY *pkey = X509_get_pubkey(cert); - if (pkey != NULL) - { - if (0) - ; -#ifndef OPENSSL_NO_RSA - else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL - && pkey->pkey.rsa->n != NULL) - { - BIO_printf(bio_stdout, ", %d bit RSA", - BN_num_bits(pkey->pkey.rsa->n)); - } -#endif -#ifndef OPENSSL_NO_DSA - else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL - && pkey->pkey.dsa->p != NULL) - { - BIO_printf(bio_stdout, ", %d bit DSA", - BN_num_bits(pkey->pkey.dsa->p)); - } -#endif - EVP_PKEY_free(pkey); - } - X509_free(cert); - } - /* The SSL API does not allow us to look at temporary RSA/DH keys, - * otherwise we should print their lengths too */ - BIO_printf(bio_stdout,"\n"); - } - -static void lock_dbg_cb(int mode, int type, const char *file, int line) - { - static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */ - const char *errstr = NULL; - int rw; - - rw = mode & (CRYPTO_READ|CRYPTO_WRITE); - if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) - { - errstr = "invalid mode"; - goto err; - } - - if (type < 0 || type >= CRYPTO_NUM_LOCKS) - { - errstr = "type out of bounds"; - goto err; - } - - if (mode & CRYPTO_LOCK) - { - if (modes[type]) - { - errstr = "already locked"; - /* must not happen in a single-threaded program - * (would deadlock) */ - goto err; - } - - modes[type] = rw; - } - else if (mode & CRYPTO_UNLOCK) - { - if (!modes[type]) - { - errstr = "not locked"; - goto err; - } - - if (modes[type] != rw) - { - errstr = (rw == CRYPTO_READ) ? - "CRYPTO_r_unlock on write lock" : - "CRYPTO_w_unlock on read lock"; - } - - modes[type] = 0; - } - else - { - errstr = "invalid mode"; - goto err; - } - - err: - if (errstr) - { - /* we cannot use bio_err here */ - fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n", - errstr, mode, type, file, line); - } - } - -#ifdef TLSEXT_TYPE_opaque_prf_input -struct cb_info_st { void *input; size_t len; int ret; }; -struct cb_info_st co1 = { "C", 1, 1 }; /* try to negotiate oqaque PRF input */ -struct cb_info_st co2 = { "C", 1, 2 }; /* insist on oqaque PRF input */ -struct cb_info_st so1 = { "S", 1, 1 }; /* try to negotiate oqaque PRF input */ -struct cb_info_st so2 = { "S", 1, 2 }; /* insist on oqaque PRF input */ - -int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_) - { - struct cb_info_st *arg = arg_; - - if (arg == NULL) - return 1; - - if (!SSL_set_tlsext_opaque_prf_input(ssl, arg->input, arg->len)) - return 0; - return arg->ret; - } -#endif - int cutthrough = 0; - -int main(int argc, char *argv[]) - { - char *CApath=NULL,*CAfile=NULL; - int badop=0; - int bio_pair=0; - int force=0; - int tls1=0,ssl2=0,ssl3=0,ret=1; - int client_auth=0; - int server_auth=0,i; - struct app_verify_arg app_verify_arg = - { APP_CALLBACK_STRING, 0, 0, NULL, NULL }; - char *server_cert=TEST_SERVER_CERT; - char *server_key=NULL; - char *client_cert=TEST_CLIENT_CERT; - char *client_key=NULL; -#ifndef OPENSSL_NO_ECDH - char *named_curve = NULL; -#endif - SSL_CTX *s_ctx=NULL; - SSL_CTX *c_ctx=NULL; - const SSL_METHOD *meth=NULL; - SSL *c_ssl,*s_ssl; - int number=1,reuse=0; - long bytes=256L; -#ifndef OPENSSL_NO_DH - DH *dh; - int dhe1024 = 0, dhe1024dsa = 0; -#endif -#ifndef OPENSSL_NO_ECDH - EC_KEY *ecdh = NULL; -#endif -#ifndef OPENSSL_NO_SRP - /* client */ - SRP_CLIENT_ARG srp_client_arg = {NULL,NULL}; - /* server */ - SRP_SERVER_ARG srp_server_arg = {NULL,NULL}; -#endif - int no_dhe = 0; - int no_ecdhe = 0; - int no_psk = 0; - int print_time = 0; - clock_t s_time = 0, c_time = 0; - int comp = 0; -#ifndef OPENSSL_NO_COMP - COMP_METHOD *cm = NULL; - STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; -#endif - int test_cipherlist = 0; -#ifdef OPENSSL_FIPS - int fips_mode=0; -#endif - int no_protocol = 0; - - verbose = 0; - debug = 0; - cipher = 0; - - bio_err=BIO_new_fp(stderr,BIO_NOCLOSE|BIO_FP_TEXT); - - CRYPTO_set_locking_callback(lock_dbg_cb); - - /* enable memory leak checking unless explicitly disabled */ - if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) - { - CRYPTO_malloc_debug_init(); - CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); - } - else - { - /* OPENSSL_DEBUG_MEMORY=off */ - CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); - } - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - RAND_seed(rnd_seed, sizeof rnd_seed); - - bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE|BIO_FP_TEXT); - - argc--; - argv++; - - while (argc >= 1) - { - if(!strcmp(*argv,"-F")) - { -#ifdef OPENSSL_FIPS - fips_mode=1; -#else - fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n"); - EXIT(0); -#endif - } - else if (strcmp(*argv,"-server_auth") == 0) - server_auth=1; - else if (strcmp(*argv,"-client_auth") == 0) - client_auth=1; - else if (strcmp(*argv,"-proxy_auth") == 0) - { - if (--argc < 1) goto bad; - app_verify_arg.proxy_auth= *(++argv); - } - else if (strcmp(*argv,"-proxy_cond") == 0) - { - if (--argc < 1) goto bad; - app_verify_arg.proxy_cond= *(++argv); - } - else if (strcmp(*argv,"-v") == 0) - verbose=1; - else if (strcmp(*argv,"-d") == 0) - debug=1; - else if (strcmp(*argv,"-reuse") == 0) - reuse=1; - else if (strcmp(*argv,"-dhe1024") == 0) - { -#ifndef OPENSSL_NO_DH - dhe1024=1; -#else - fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n"); -#endif - } - else if (strcmp(*argv,"-dhe1024dsa") == 0) - { -#ifndef OPENSSL_NO_DH - dhe1024dsa=1; -#else - fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n"); -#endif - } - else if (strcmp(*argv,"-no_dhe") == 0) - no_dhe=1; - else if (strcmp(*argv,"-no_ecdhe") == 0) - no_ecdhe=1; - else if (strcmp(*argv,"-psk") == 0) - { - if (--argc < 1) goto bad; - psk_key=*(++argv); -#ifndef OPENSSL_NO_PSK - if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) - { - BIO_printf(bio_err,"Not a hex number '%s'\n",*argv); - goto bad; - } -#else - no_psk=1; -#endif - } -#ifndef OPENSSL_NO_SRP - else if (strcmp(*argv,"-srpuser") == 0) - { - if (--argc < 1) goto bad; - srp_server_arg.expected_user = srp_client_arg.srplogin= *(++argv); - tls1=1; - } - else if (strcmp(*argv,"-srppass") == 0) - { - if (--argc < 1) goto bad; - srp_server_arg.pass = srp_client_arg.srppassin= *(++argv); - tls1=1; - } -#endif - else if (strcmp(*argv,"-ssl2") == 0) - { -#ifdef OPENSSL_NO_SSL2 - no_protocol = 1; -#endif - ssl2 = 1; - } - else if (strcmp(*argv,"-tls1") == 0) - { -#ifdef OPENSSL_NO_TLS1 - no_protocol = 1; -#endif - tls1 = 1; - } - else if (strcmp(*argv,"-ssl3") == 0) - { -#ifdef OPENSSL_NO_SSL3_METHOD - no_protocol = 1; -#endif - ssl3 = 1; - } - else if (strncmp(*argv,"-num",4) == 0) - { - if (--argc < 1) goto bad; - number= atoi(*(++argv)); - if (number == 0) number=1; - } - else if (strcmp(*argv,"-bytes") == 0) - { - if (--argc < 1) goto bad; - bytes= atol(*(++argv)); - if (bytes == 0L) bytes=1L; - i=strlen(argv[0]); - if (argv[0][i-1] == 'k') bytes*=1024L; - if (argv[0][i-1] == 'm') bytes*=1024L*1024L; - } - else if (strcmp(*argv,"-cert") == 0) - { - if (--argc < 1) goto bad; - server_cert= *(++argv); - } - else if (strcmp(*argv,"-s_cert") == 0) - { - if (--argc < 1) goto bad; - server_cert= *(++argv); - } - else if (strcmp(*argv,"-key") == 0) - { - if (--argc < 1) goto bad; - server_key= *(++argv); - } - else if (strcmp(*argv,"-s_key") == 0) - { - if (--argc < 1) goto bad; - server_key= *(++argv); - } - else if (strcmp(*argv,"-c_cert") == 0) - { - if (--argc < 1) goto bad; - client_cert= *(++argv); - } - else if (strcmp(*argv,"-c_key") == 0) - { - if (--argc < 1) goto bad; - client_key= *(++argv); - } - else if (strcmp(*argv,"-cipher") == 0) - { - if (--argc < 1) goto bad; - cipher= *(++argv); - } - else if (strcmp(*argv,"-CApath") == 0) - { - if (--argc < 1) goto bad; - CApath= *(++argv); - } - else if (strcmp(*argv,"-CAfile") == 0) - { - if (--argc < 1) goto bad; - CAfile= *(++argv); - } - else if (strcmp(*argv,"-bio_pair") == 0) - { - bio_pair = 1; - } - else if (strcmp(*argv,"-f") == 0) - { - force = 1; - } - else if (strcmp(*argv,"-time") == 0) - { - print_time = 1; - } - else if (strcmp(*argv,"-zlib") == 0) - { - comp = COMP_ZLIB; - } - else if (strcmp(*argv,"-rle") == 0) - { - comp = COMP_RLE; - } - else if (strcmp(*argv,"-named_curve") == 0) - { - if (--argc < 1) goto bad; -#ifndef OPENSSL_NO_ECDH - named_curve = *(++argv); -#else - fprintf(stderr,"ignoring -named_curve, since I'm compiled without ECDH\n"); - ++argv; -#endif - } - else if (strcmp(*argv,"-app_verify") == 0) - { - app_verify_arg.app_verify = 1; - } - else if (strcmp(*argv,"-proxy") == 0) - { - app_verify_arg.allow_proxy_certs = 1; - } - else if (strcmp(*argv,"-test_cipherlist") == 0) - { - test_cipherlist = 1; - } - else if (strcmp(*argv, "-cutthrough") == 0) - { - cutthrough = 1; - } - else - { - fprintf(stderr,"unknown option %s\n",*argv); - badop=1; - break; - } - argc--; - argv++; - } - if (badop) - { -bad: - sv_usage(); - goto end; - } - - /* - * test_cipherlist prevails over protocol switch: we test the cipherlist - * for all enabled protocols. - */ - if (test_cipherlist == 1) - { - /* ensure that the cipher list are correctly sorted and exit */ - fprintf(stdout, "Testing cipherlist order only. Ignoring all " - "other options.\n"); - if (do_test_cipherlist() == 0) - EXIT(1); - ret = 0; - goto end; - } - - if (ssl2 + ssl3 + tls1 > 1) - { - fprintf(stderr, "At most one of -ssl2, -ssl3, or -tls1 should " - "be requested.\n"); - EXIT(1); - } - - /* - * Testing was requested for a compiled-out protocol (e.g. SSLv2). - * Ideally, we would error out, but the generic test wrapper can't know - * when to expect failure. So we do nothing and return success. - */ - if (no_protocol) - { - fprintf(stderr, "Testing was requested for a disabled protocol. " - "Skipping tests.\n"); - ret = 0; - goto end; - } - - if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) - { - fprintf(stderr, "This case cannot work. Use -f to perform " - "the test anyway (and\n-d to see what happens), " - "or add one of -ssl2, -ssl3, -tls1, -reuse\n" - "to avoid protocol mismatch.\n"); - EXIT(1); - } - -#ifdef OPENSSL_FIPS - if(fips_mode) - { - if(!FIPS_mode_set(1)) - { - ERR_load_crypto_strings(); - ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); - EXIT(1); - } - else - fprintf(stderr,"*** IN FIPS MODE ***\n"); - } -#endif - - if (print_time) - { - if (!bio_pair) - { - fprintf(stderr, "Using BIO pair (-bio_pair)\n"); - bio_pair = 1; - } - if (number < 50 && !force) - fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n"); - } - -/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */ - - SSL_library_init(); - SSL_load_error_strings(); - -#ifndef OPENSSL_NO_COMP - if (comp == COMP_ZLIB) cm = COMP_zlib(); - if (comp == COMP_RLE) cm = COMP_rle(); - if (cm != NULL) - { - if (cm->type != NID_undef) - { - if (SSL_COMP_add_compression_method(comp, cm) != 0) - { - fprintf(stderr, - "Failed to add compression method\n"); - ERR_print_errors_fp(stderr); - } - } - else - { - fprintf(stderr, - "Warning: %s compression not supported\n", - (comp == COMP_RLE ? "rle" : - (comp == COMP_ZLIB ? "zlib" : - "unknown"))); - ERR_print_errors_fp(stderr); - } - } - ssl_comp_methods = SSL_COMP_get_compression_methods(); - fprintf(stderr, "Available compression methods:\n"); - { - int j, n = sk_SSL_COMP_num(ssl_comp_methods); - if (n == 0) - fprintf(stderr, " NONE\n"); - else - for (j = 0; j < n; j++) - { - SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); - fprintf(stderr, " %d: %s\n", c->id, c->name); - } - } -#endif - -/* At this point, ssl2/ssl3/tls1 is only set if the protocol is available. - * (Otherwise we exit early.) - * However the compiler doesn't know this, so we ifdef. */ -#ifndef OPENSSL_NO_SSL2 - if (ssl2) - meth=SSLv2_method(); - else -#endif -#ifndef OPENSSL_NO_SSL3 - if (ssl3) - meth=SSLv3_method(); - else -#endif -#ifndef OPENSSL_NO_TLS1 - if (tls1) - meth=TLSv1_method(); - else -#endif - meth=SSLv23_method(); - - c_ctx=SSL_CTX_new(meth); - s_ctx=SSL_CTX_new(meth); - if ((c_ctx == NULL) || (s_ctx == NULL)) - { - ERR_print_errors(bio_err); - goto end; - } - - if (cipher != NULL) - { - SSL_CTX_set_cipher_list(c_ctx,cipher); - SSL_CTX_set_cipher_list(s_ctx,cipher); - } - if (cutthrough) - { - int ssl_mode = SSL_CTX_get_mode(c_ctx); - ssl_mode |= SSL_MODE_HANDSHAKE_CUTTHROUGH; - SSL_CTX_set_mode(c_ctx, ssl_mode); - } - -#ifndef OPENSSL_NO_DH - if (!no_dhe) - { - if (dhe1024dsa) - { - /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */ - SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); - dh=get_dh1024dsa(); - } - else if (dhe1024) - dh=get_dh1024(); - else - dh=get_dh512(); - SSL_CTX_set_tmp_dh(s_ctx,dh); - DH_free(dh); - } -#else - (void)no_dhe; -#endif - -#ifndef OPENSSL_NO_ECDH - if (!no_ecdhe) - { - int nid; - - if (named_curve != NULL) - { - nid = OBJ_sn2nid(named_curve); - if (nid == 0) - { - BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve); - goto end; - } - } - else -#ifdef OPENSSL_NO_EC2M - nid = NID_X9_62_prime256v1; -#else - nid = NID_sect163r2; -#endif - - ecdh = EC_KEY_new_by_curve_name(nid); - if (ecdh == NULL) - { - BIO_printf(bio_err, "unable to create curve\n"); - goto end; - } - - SSL_CTX_set_tmp_ecdh(s_ctx, ecdh); - SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE); - EC_KEY_free(ecdh); - } -#else - (void)no_ecdhe; -#endif - -#ifndef OPENSSL_NO_RSA - SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb); -#endif - -#ifdef TLSEXT_TYPE_opaque_prf_input - SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb); - SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb); - SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); /* or &co2 or NULL */ - SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or &so2 or NULL */ -#endif - - if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM)) - { - ERR_print_errors(bio_err); - } - else if (!SSL_CTX_use_PrivateKey_file(s_ctx, - (server_key?server_key:server_cert), SSL_FILETYPE_PEM)) - { - ERR_print_errors(bio_err); - goto end; - } - - if (client_auth) - { - SSL_CTX_use_certificate_file(c_ctx,client_cert, - SSL_FILETYPE_PEM); - SSL_CTX_use_PrivateKey_file(c_ctx, - (client_key?client_key:client_cert), - SSL_FILETYPE_PEM); - } - - if ( (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) || - (!SSL_CTX_set_default_verify_paths(s_ctx)) || - (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) || - (!SSL_CTX_set_default_verify_paths(c_ctx))) - { - /* fprintf(stderr,"SSL_load_verify_locations\n"); */ - ERR_print_errors(bio_err); - /* goto end; */ - } - - if (client_auth) - { - BIO_printf(bio_err,"client authentication\n"); - SSL_CTX_set_verify(s_ctx, - SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, - verify_callback); - SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, &app_verify_arg); - } - if (server_auth) - { - BIO_printf(bio_err,"server authentication\n"); - SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER, - verify_callback); - SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, &app_verify_arg); - } - - { - int session_id_context = 0; - SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context); - } - - /* Use PSK only if PSK key is given */ - if (psk_key != NULL) - { - /* no_psk is used to avoid putting psk command to openssl tool */ - if (no_psk) - { - /* if PSK is not compiled in and psk key is - * given, do nothing and exit successfully */ - ret=0; - goto end; - } -#ifndef OPENSSL_NO_PSK - SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback); - SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback); - if (debug) - BIO_printf(bio_err,"setting PSK identity hint to s_ctx\n"); - if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint")) - { - BIO_printf(bio_err,"error setting PSK identity hint to s_ctx\n"); - ERR_print_errors(bio_err); - goto end; - } -#endif - } -#ifndef OPENSSL_NO_SRP - if (srp_client_arg.srplogin) - { - if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) - { - BIO_printf(bio_err,"Unable to set SRP username\n"); - goto end; - } - SSL_CTX_set_srp_cb_arg(c_ctx,&srp_client_arg); - SSL_CTX_set_srp_client_pwd_callback(c_ctx, ssl_give_srp_client_pwd_cb); - /*SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);*/ - } - - if (srp_server_arg.expected_user != NULL) - { - SSL_CTX_set_verify(s_ctx,SSL_VERIFY_NONE,verify_callback); - SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg); - SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb); - } -#endif - - c_ssl=SSL_new(c_ctx); - s_ssl=SSL_new(s_ctx); - -#ifndef OPENSSL_NO_KRB5 - if (c_ssl && c_ssl->kssl_ctx) - { - char localhost[MAXHOSTNAMELEN+2]; - - if (gethostname(localhost, sizeof localhost-1) == 0) - { - localhost[sizeof localhost-1]='\0'; - if(strlen(localhost) == sizeof localhost-1) - { - BIO_printf(bio_err,"localhost name too long\n"); - goto end; - } - kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, - localhost); - } - } -#endif /* OPENSSL_NO_KRB5 */ - - for (i=0; i<number; i++) - { - if (!reuse) SSL_set_session(c_ssl,NULL); - if (bio_pair) - ret=doit_biopair(s_ssl,c_ssl,bytes,&s_time,&c_time); - else - ret=doit(s_ssl,c_ssl,bytes); - } - - if (!verbose) - { - print_details(c_ssl, ""); - } - if ((number > 1) || (bytes > 1L)) - BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",number,bytes); - if (print_time) - { -#ifdef CLOCKS_PER_SEC - /* "To determine the time in seconds, the value returned - * by the clock function should be divided by the value - * of the macro CLOCKS_PER_SEC." - * -- ISO/IEC 9899 */ - BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n" - "Approximate total client time: %6.2f s\n", - (double)s_time/CLOCKS_PER_SEC, - (double)c_time/CLOCKS_PER_SEC); -#else - /* "`CLOCKS_PER_SEC' undeclared (first use this function)" - * -- cc on NeXTstep/OpenStep */ - BIO_printf(bio_stdout, - "Approximate total server time: %6.2f units\n" - "Approximate total client time: %6.2f units\n", - (double)s_time, - (double)c_time); -#endif - } - - SSL_free(s_ssl); - SSL_free(c_ssl); - -end: - if (s_ctx != NULL) SSL_CTX_free(s_ctx); - if (c_ctx != NULL) SSL_CTX_free(c_ctx); - - if (bio_stdout != NULL) BIO_free(bio_stdout); - -#ifndef OPENSSL_NO_RSA - free_tmp_rsa(); -#endif -#ifndef OPENSSL_NO_ENGINE - ENGINE_cleanup(); -#endif - CRYPTO_cleanup_all_ex_data(); - ERR_free_strings(); - ERR_remove_thread_state(NULL); - EVP_cleanup(); - CRYPTO_mem_leaks(bio_err); - if (bio_err != NULL) BIO_free(bio_err); - EXIT(ret); - return ret; - } - -int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, - clock_t *s_time, clock_t *c_time) - { - long cw_num = count, cr_num = count, sw_num = count, sr_num = count; - BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL; - BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL; - int ret = 1; - - size_t bufsiz = 256; /* small buffer for testing */ - - if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz)) - goto err; - if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz)) - goto err; - - s_ssl_bio = BIO_new(BIO_f_ssl()); - if (!s_ssl_bio) - goto err; - - c_ssl_bio = BIO_new(BIO_f_ssl()); - if (!c_ssl_bio) - goto err; - - SSL_set_connect_state(c_ssl); - SSL_set_bio(c_ssl, client, client); - (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE); - - SSL_set_accept_state(s_ssl); - SSL_set_bio(s_ssl, server, server); - (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE); - - do - { - /* c_ssl_bio: SSL filter BIO - * - * client: pseudo-I/O for SSL library - * - * client_io: client's SSL communication; usually to be - * relayed over some I/O facility, but in this - * test program, we're the server, too: - * - * server_io: server's SSL communication - * - * server: pseudo-I/O for SSL library - * - * s_ssl_bio: SSL filter BIO - * - * The client and the server each employ a "BIO pair": - * client + client_io, server + server_io. - * BIO pairs are symmetric. A BIO pair behaves similar - * to a non-blocking socketpair (but both endpoints must - * be handled by the same thread). - * [Here we could connect client and server to the ends - * of a single BIO pair, but then this code would be less - * suitable as an example for BIO pairs in general.] - * - * Useful functions for querying the state of BIO pair endpoints: - * - * BIO_ctrl_pending(bio) number of bytes we can read now - * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil - * other side's read attempt - * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now - * - * ..._read_request is never more than ..._write_guarantee; - * it depends on the application which one you should use. - */ - - /* We have non-blocking behaviour throughout this test program, but - * can be sure that there is *some* progress in each iteration; so - * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE - * -- we just try everything in each iteration - */ - - { - /* CLIENT */ - - MS_STATIC char cbuf[1024*8]; - int i, r; - clock_t c_clock = clock(); - - memset(cbuf, 0, sizeof(cbuf)); - - if (debug) - if (SSL_in_init(c_ssl)) - printf("client waiting in SSL_connect - %s\n", - SSL_state_string_long(c_ssl)); - - if (cw_num > 0) - { - /* Write to server. */ - - if (cw_num > (long)sizeof cbuf) - i = sizeof cbuf; - else - i = (int)cw_num; - r = BIO_write(c_ssl_bio, cbuf, i); - if (r < 0) - { - if (!BIO_should_retry(c_ssl_bio)) - { - fprintf(stderr,"ERROR in CLIENT\n"); - goto err; - } - /* BIO_should_retry(...) can just be ignored here. - * The library expects us to call BIO_write with - * the same arguments again, and that's what we will - * do in the next iteration. */ - } - else if (r == 0) - { - fprintf(stderr,"SSL CLIENT STARTUP FAILED\n"); - goto err; - } - else - { - if (debug) - printf("client wrote %d\n", r); - cw_num -= r; - } - } - - if (cr_num > 0) - { - /* Read from server. */ - - r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf)); - if (r < 0) - { - if (!BIO_should_retry(c_ssl_bio)) - { - fprintf(stderr,"ERROR in CLIENT\n"); - goto err; - } - /* Again, "BIO_should_retry" can be ignored. */ - } - else if (r == 0) - { - fprintf(stderr,"SSL CLIENT STARTUP FAILED\n"); - goto err; - } - else - { - if (debug) - printf("client read %d\n", r); - cr_num -= r; - } - } - - /* c_time and s_time increments will typically be very small - * (depending on machine speed and clock tick intervals), - * but sampling over a large number of connections should - * result in fairly accurate figures. We cannot guarantee - * a lot, however -- if each connection lasts for exactly - * one clock tick, it will be counted only for the client - * or only for the server or even not at all. - */ - *c_time += (clock() - c_clock); - } - - { - /* SERVER */ - - MS_STATIC char sbuf[1024*8]; - int i, r; - clock_t s_clock = clock(); - - memset(sbuf, 0, sizeof(sbuf)); - - if (debug) - if (SSL_in_init(s_ssl)) - printf("server waiting in SSL_accept - %s\n", - SSL_state_string_long(s_ssl)); - - if (sw_num > 0) - { - /* Write to client. */ - - if (sw_num > (long)sizeof sbuf) - i = sizeof sbuf; - else - i = (int)sw_num; - r = BIO_write(s_ssl_bio, sbuf, i); - if (r < 0) - { - if (!BIO_should_retry(s_ssl_bio)) - { - fprintf(stderr,"ERROR in SERVER\n"); - goto err; - } - /* Ignore "BIO_should_retry". */ - } - else if (r == 0) - { - fprintf(stderr,"SSL SERVER STARTUP FAILED\n"); - goto err; - } - else - { - if (debug) - printf("server wrote %d\n", r); - sw_num -= r; - } - } - - if (sr_num > 0) - { - /* Read from client. */ - - r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf)); - if (r < 0) - { - if (!BIO_should_retry(s_ssl_bio)) - { - fprintf(stderr,"ERROR in SERVER\n"); - goto err; - } - /* blah, blah */ - } - else if (r == 0) - { - fprintf(stderr,"SSL SERVER STARTUP FAILED\n"); - goto err; - } - else - { - if (debug) - printf("server read %d\n", r); - sr_num -= r; - } - } - - *s_time += (clock() - s_clock); - } - - { - /* "I/O" BETWEEN CLIENT AND SERVER. */ - - size_t r1, r2; - BIO *io1 = server_io, *io2 = client_io; - /* we use the non-copying interface for io1 - * and the standard BIO_write/BIO_read interface for io2 - */ - - static int prev_progress = 1; - int progress = 0; - - /* io1 to io2 */ - do - { - size_t num; - int r; - - r1 = BIO_ctrl_pending(io1); - r2 = BIO_ctrl_get_write_guarantee(io2); - - num = r1; - if (r2 < num) - num = r2; - if (num) - { - char *dataptr; - - if (INT_MAX < num) /* yeah, right */ - num = INT_MAX; - - r = BIO_nread(io1, &dataptr, (int)num); - assert(r > 0); - assert(r <= (int)num); - /* possibly r < num (non-contiguous data) */ - num = r; - r = BIO_write(io2, dataptr, (int)num); - if (r != (int)num) /* can't happen */ - { - fprintf(stderr, "ERROR: BIO_write could not write " - "BIO_ctrl_get_write_guarantee() bytes"); - goto err; - } - progress = 1; - - if (debug) - printf((io1 == client_io) ? - "C->S relaying: %d bytes\n" : - "S->C relaying: %d bytes\n", - (int)num); - } - } - while (r1 && r2); - - /* io2 to io1 */ - { - size_t num; - int r; - - r1 = BIO_ctrl_pending(io2); - r2 = BIO_ctrl_get_read_request(io1); - /* here we could use ..._get_write_guarantee instead of - * ..._get_read_request, but by using the latter - * we test restartability of the SSL implementation - * more thoroughly */ - num = r1; - if (r2 < num) - num = r2; - if (num) - { - char *dataptr; - - if (INT_MAX < num) - num = INT_MAX; - - if (num > 1) - --num; /* test restartability even more thoroughly */ - - r = BIO_nwrite0(io1, &dataptr); - assert(r > 0); - if (r < (int)num) - num = r; - r = BIO_read(io2, dataptr, (int)num); - if (r != (int)num) /* can't happen */ - { - fprintf(stderr, "ERROR: BIO_read could not read " - "BIO_ctrl_pending() bytes"); - goto err; - } - progress = 1; - r = BIO_nwrite(io1, &dataptr, (int)num); - if (r != (int)num) /* can't happen */ - { - fprintf(stderr, "ERROR: BIO_nwrite() did not accept " - "BIO_nwrite0() bytes"); - goto err; - } - - if (debug) - printf((io2 == client_io) ? - "C->S relaying: %d bytes\n" : - "S->C relaying: %d bytes\n", - (int)num); - } - } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */ - - if (!progress && !prev_progress) - if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) - { - fprintf(stderr, "ERROR: got stuck\n"); - if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0) - { - fprintf(stderr, "This can happen for SSL2 because " - "CLIENT-FINISHED and SERVER-VERIFY are written \n" - "concurrently ..."); - if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0 - && strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0) - { - fprintf(stderr, " ok.\n"); - goto end; - } - } - fprintf(stderr, " ERROR.\n"); - goto err; - } - prev_progress = progress; - } - } - while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0); - - if (verbose) - print_details(c_ssl, "DONE via BIO pair: "); -end: - ret = 0; - - err: - ERR_print_errors(bio_err); - - if (server) - BIO_free(server); - if (server_io) - BIO_free(server_io); - if (client) - BIO_free(client); - if (client_io) - BIO_free(client_io); - if (s_ssl_bio) - BIO_free(s_ssl_bio); - if (c_ssl_bio) - BIO_free(c_ssl_bio); - - return ret; - } - - -#define W_READ 1 -#define W_WRITE 2 -#define C_DONE 1 -#define S_DONE 2 - -int doit(SSL *s_ssl, SSL *c_ssl, long count) - { - MS_STATIC char cbuf[1024*8],sbuf[1024*8]; - long cw_num=count,cr_num=count; - long sw_num=count,sr_num=count; - int ret=1; - BIO *c_to_s=NULL; - BIO *s_to_c=NULL; - BIO *c_bio=NULL; - BIO *s_bio=NULL; - int c_r,c_w,s_r,s_w; - int i,j; - int done=0; - int c_write,s_write; - int do_server=0,do_client=0; - - memset(cbuf,0,sizeof(cbuf)); - memset(sbuf,0,sizeof(sbuf)); - - c_to_s=BIO_new(BIO_s_mem()); - s_to_c=BIO_new(BIO_s_mem()); - if ((s_to_c == NULL) || (c_to_s == NULL)) - { - ERR_print_errors(bio_err); - goto err; - } - - c_bio=BIO_new(BIO_f_ssl()); - s_bio=BIO_new(BIO_f_ssl()); - if ((c_bio == NULL) || (s_bio == NULL)) - { - ERR_print_errors(bio_err); - goto err; - } - - SSL_set_connect_state(c_ssl); - SSL_set_bio(c_ssl,s_to_c,c_to_s); - BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE); - - SSL_set_accept_state(s_ssl); - SSL_set_bio(s_ssl,c_to_s,s_to_c); - BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE); - - c_r=0; s_r=1; - c_w=1; s_w=0; - c_write=1,s_write=0; - - /* We can always do writes */ - for (;;) - { - do_server=0; - do_client=0; - - i=(int)BIO_pending(s_bio); - if ((i && s_r) || s_w) do_server=1; - - i=(int)BIO_pending(c_bio); - if ((i && c_r) || c_w) do_client=1; - - if (do_server && debug) - { - if (SSL_in_init(s_ssl)) - printf("server waiting in SSL_accept - %s\n", - SSL_state_string_long(s_ssl)); -/* else if (s_write) - printf("server:SSL_write()\n"); - else - printf("server:SSL_read()\n"); */ - } - - if (do_client && debug) - { - if (SSL_in_init(c_ssl)) - printf("client waiting in SSL_connect - %s\n", - SSL_state_string_long(c_ssl)); -/* else if (c_write) - printf("client:SSL_write()\n"); - else - printf("client:SSL_read()\n"); */ - } - - if (!do_client && !do_server) - { - fprintf(stdout,"ERROR IN STARTUP\n"); - ERR_print_errors(bio_err); - break; - } - if (do_client && !(done & C_DONE)) - { - if (c_write) - { - j = (cw_num > (long)sizeof(cbuf)) ? - (int)sizeof(cbuf) : (int)cw_num; - i=BIO_write(c_bio,cbuf,j); - if (i < 0) - { - c_r=0; - c_w=0; - if (BIO_should_retry(c_bio)) - { - if (BIO_should_read(c_bio)) - c_r=1; - if (BIO_should_write(c_bio)) - c_w=1; - } - else - { - fprintf(stderr,"ERROR in CLIENT\n"); - ERR_print_errors(bio_err); - goto err; - } - } - else if (i == 0) - { - fprintf(stderr,"SSL CLIENT STARTUP FAILED\n"); - goto err; - } - else - { - if (debug) - printf("client wrote %d\n",i); - /* ok */ - s_r=1; - c_write=0; - cw_num-=i; - } - } - else - { - i=BIO_read(c_bio,cbuf,sizeof(cbuf)); - if (i < 0) - { - c_r=0; - c_w=0; - if (BIO_should_retry(c_bio)) - { - if (BIO_should_read(c_bio)) - c_r=1; - if (BIO_should_write(c_bio)) - c_w=1; - } - else - { - fprintf(stderr,"ERROR in CLIENT\n"); - ERR_print_errors(bio_err); - goto err; - } - } - else if (i == 0) - { - fprintf(stderr,"SSL CLIENT STARTUP FAILED\n"); - goto err; - } - else - { - if (debug) - printf("client read %d\n",i); - cr_num-=i; - if (sw_num > 0) - { - s_write=1; - s_w=1; - } - if (cr_num <= 0) - { - s_write=1; - s_w=1; - done=S_DONE|C_DONE; - } - } - } - } - - if (do_server && !(done & S_DONE)) - { - if (!s_write) - { - i=BIO_read(s_bio,sbuf,sizeof(cbuf)); - if (i < 0) - { - s_r=0; - s_w=0; - if (BIO_should_retry(s_bio)) - { - if (BIO_should_read(s_bio)) - s_r=1; - if (BIO_should_write(s_bio)) - s_w=1; - } - else - { - fprintf(stderr,"ERROR in SERVER\n"); - ERR_print_errors(bio_err); - goto err; - } - } - else if (i == 0) - { - ERR_print_errors(bio_err); - fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n"); - goto err; - } - else - { - if (debug) - printf("server read %d\n",i); - sr_num-=i; - if (cw_num > 0) - { - c_write=1; - c_w=1; - } - if (sr_num <= 0) - { - s_write=1; - s_w=1; - c_write=0; - } - } - } - else - { - j = (sw_num > (long)sizeof(sbuf)) ? - (int)sizeof(sbuf) : (int)sw_num; - i=BIO_write(s_bio,sbuf,j); - if (i < 0) - { - s_r=0; - s_w=0; - if (BIO_should_retry(s_bio)) - { - if (BIO_should_read(s_bio)) - s_r=1; - if (BIO_should_write(s_bio)) - s_w=1; - } - else - { - fprintf(stderr,"ERROR in SERVER\n"); - ERR_print_errors(bio_err); - goto err; - } - } - else if (i == 0) - { - ERR_print_errors(bio_err); - fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n"); - goto err; - } - else - { - if (debug) - printf("server wrote %d\n",i); - sw_num-=i; - s_write=0; - c_r=1; - if (sw_num <= 0) - done|=S_DONE; - } - } - } - - if ((done & S_DONE) && (done & C_DONE)) break; - } - - if (verbose) - print_details(c_ssl, "DONE: "); - ret=0; -err: - /* We have to set the BIO's to NULL otherwise they will be - * OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and - * again when c_ssl is SSL_free()ed. - * This is a hack required because s_ssl and c_ssl are sharing the same - * BIO structure and SSL_set_bio() and SSL_free() automatically - * BIO_free non NULL entries. - * You should not normally do this or be required to do this */ - if (s_ssl != NULL) - { - s_ssl->rbio=NULL; - s_ssl->wbio=NULL; - } - if (c_ssl != NULL) - { - c_ssl->rbio=NULL; - c_ssl->wbio=NULL; - } - - if (c_to_s != NULL) BIO_free(c_to_s); - if (s_to_c != NULL) BIO_free(s_to_c); - if (c_bio != NULL) BIO_free_all(c_bio); - if (s_bio != NULL) BIO_free_all(s_bio); - return(ret); - } - -static int get_proxy_auth_ex_data_idx(void) - { - static volatile int idx = -1; - if (idx < 0) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - if (idx < 0) - { - idx = X509_STORE_CTX_get_ex_new_index(0, - "SSLtest for verify callback", NULL,NULL,NULL); - } - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - } - return idx; - } - -static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) - { - char *s,buf[256]; - - s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf, - sizeof buf); - if (s != NULL) - { - if (ok) - fprintf(stderr,"depth=%d %s\n", - ctx->error_depth,buf); - else - { - fprintf(stderr,"depth=%d error=%d %s\n", - ctx->error_depth,ctx->error,buf); - } - } - - if (ok == 0) - { - fprintf(stderr,"Error string: %s\n", - X509_verify_cert_error_string(ctx->error)); - switch (ctx->error) - { - case X509_V_ERR_CERT_NOT_YET_VALID: - case X509_V_ERR_CERT_HAS_EXPIRED: - case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - fprintf(stderr," ... ignored.\n"); - ok=1; - } - } - - if (ok == 1) - { - X509 *xs = ctx->current_cert; -#if 0 - X509 *xi = ctx->current_issuer; -#endif - - if (xs->ex_flags & EXFLAG_PROXY) - { - unsigned int *letters = - X509_STORE_CTX_get_ex_data(ctx, - get_proxy_auth_ex_data_idx()); - - if (letters) - { - int found_any = 0; - int i; - PROXY_CERT_INFO_EXTENSION *pci = - X509_get_ext_d2i(xs, NID_proxyCertInfo, - NULL, NULL); - - switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) - { - case NID_Independent: - /* Completely meaningless in this - program, as there's no way to - grant explicit rights to a - specific PrC. Basically, using - id-ppl-Independent is the perfect - way to grant no rights at all. */ - fprintf(stderr, " Independent proxy certificate"); - for (i = 0; i < 26; i++) - letters[i] = 0; - break; - case NID_id_ppl_inheritAll: - /* This is basically a NOP, we - simply let the current rights - stand as they are. */ - fprintf(stderr, " Proxy certificate inherits all"); - break; - default: - s = (char *) - pci->proxyPolicy->policy->data; - i = pci->proxyPolicy->policy->length; - - /* The algorithm works as follows: - it is assumed that previous - iterations or the initial granted - rights has already set some elements - of `letters'. What we need to do is - to clear those that weren't granted - by the current PrC as well. The - easiest way to do this is to add 1 - to all the elements whose letters - are given with the current policy. - That way, all elements that are set - by the current policy and were - already set by earlier policies and - through the original grant of rights - will get the value 2 or higher. - The last thing to do is to sweep - through `letters' and keep the - elements having the value 2 as set, - and clear all the others. */ - - fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s); - while(i-- > 0) - { - int c = *s++; - if (isascii(c) && isalpha(c)) - { - if (islower(c)) - c = toupper(c); - letters[c - 'A']++; - } - } - for (i = 0; i < 26; i++) - if (letters[i] < 2) - letters[i] = 0; - else - letters[i] = 1; - } - - found_any = 0; - fprintf(stderr, - ", resulting proxy rights = "); - for(i = 0; i < 26; i++) - if (letters[i]) - { - fprintf(stderr, "%c", i + 'A'); - found_any = 1; - } - if (!found_any) - fprintf(stderr, "none"); - fprintf(stderr, "\n"); - - PROXY_CERT_INFO_EXTENSION_free(pci); - } - } - } - - return(ok); - } - -static void process_proxy_debug(int indent, const char *format, ...) - { - static const char indentation[] = - ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" - ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; /* That's 80 > */ - char my_format[256]; - va_list args; - - BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s", - indent, indent, indentation, format); - - va_start(args, format); - vfprintf(stderr, my_format, args); - va_end(args); - } -/* Priority levels: - 0 [!]var, () - 1 & ^ - 2 | -*/ -static int process_proxy_cond_adders(unsigned int letters[26], - const char *cond, const char **cond_end, int *pos, int indent); -static int process_proxy_cond_val(unsigned int letters[26], - const char *cond, const char **cond_end, int *pos, int indent) - { - int c; - int ok = 1; - int negate = 0; - - while(isspace((int)*cond)) - { - cond++; (*pos)++; - } - c = *cond; - - if (debug) - process_proxy_debug(indent, - "Start process_proxy_cond_val at position %d: %s\n", - *pos, cond); - - while(c == '!') - { - negate = !negate; - cond++; (*pos)++; - while(isspace((int)*cond)) - { - cond++; (*pos)++; - } - c = *cond; - } - - if (c == '(') - { - cond++; (*pos)++; - ok = process_proxy_cond_adders(letters, cond, cond_end, pos, - indent + 1); - cond = *cond_end; - if (ok < 0) - goto end; - while(isspace((int)*cond)) - { - cond++; (*pos)++; - } - c = *cond; - if (c != ')') - { - fprintf(stderr, - "Weird condition character in position %d: " - "%c\n", *pos, c); - ok = -1; - goto end; - } - cond++; (*pos)++; - } - else if (isascii(c) && isalpha(c)) - { - if (islower(c)) - c = toupper(c); - ok = letters[c - 'A']; - cond++; (*pos)++; - } - else - { - fprintf(stderr, - "Weird condition character in position %d: " - "%c\n", *pos, c); - ok = -1; - goto end; - } - end: - *cond_end = cond; - if (ok >= 0 && negate) - ok = !ok; - - if (debug) - process_proxy_debug(indent, - "End process_proxy_cond_val at position %d: %s, returning %d\n", - *pos, cond, ok); - - return ok; - } -static int process_proxy_cond_multipliers(unsigned int letters[26], - const char *cond, const char **cond_end, int *pos, int indent) - { - int ok; - char c; - - if (debug) - process_proxy_debug(indent, - "Start process_proxy_cond_multipliers at position %d: %s\n", - *pos, cond); - - ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1); - cond = *cond_end; - if (ok < 0) - goto end; - - while(ok >= 0) - { - while(isspace((int)*cond)) - { - cond++; (*pos)++; - } - c = *cond; - - switch(c) - { - case '&': - case '^': - { - int save_ok = ok; - - cond++; (*pos)++; - ok = process_proxy_cond_val(letters, - cond, cond_end, pos, indent + 1); - cond = *cond_end; - if (ok < 0) - break; - - switch(c) - { - case '&': - ok &= save_ok; - break; - case '^': - ok ^= save_ok; - break; - default: - fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!" - " STOPPING\n"); - EXIT(1); - } - } - break; - default: - goto end; - } - } - end: - if (debug) - process_proxy_debug(indent, - "End process_proxy_cond_multipliers at position %d: %s, returning %d\n", - *pos, cond, ok); - - *cond_end = cond; - return ok; - } -static int process_proxy_cond_adders(unsigned int letters[26], - const char *cond, const char **cond_end, int *pos, int indent) - { - int ok; - char c; - - if (debug) - process_proxy_debug(indent, - "Start process_proxy_cond_adders at position %d: %s\n", - *pos, cond); - - ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos, - indent + 1); - cond = *cond_end; - if (ok < 0) - goto end; - - while(ok >= 0) - { - while(isspace((int)*cond)) - { - cond++; (*pos)++; - } - c = *cond; - - switch(c) - { - case '|': - { - int save_ok = ok; - - cond++; (*pos)++; - ok = process_proxy_cond_multipliers(letters, - cond, cond_end, pos, indent + 1); - cond = *cond_end; - if (ok < 0) - break; - - switch(c) - { - case '|': - ok |= save_ok; - break; - default: - fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!" - " STOPPING\n"); - EXIT(1); - } - } - break; - default: - goto end; - } - } - end: - if (debug) - process_proxy_debug(indent, - "End process_proxy_cond_adders at position %d: %s, returning %d\n", - *pos, cond, ok); - - *cond_end = cond; - return ok; - } - -static int process_proxy_cond(unsigned int letters[26], - const char *cond, const char **cond_end) - { - int pos = 1; - return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1); - } - -static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg) - { - int ok=1; - struct app_verify_arg *cb_arg = arg; - unsigned int letters[26]; /* only used with proxy_auth */ - - if (cb_arg->app_verify) - { - char *s = NULL,buf[256]; - - fprintf(stderr, "In app_verify_callback, allowing cert. "); - fprintf(stderr, "Arg is: %s\n", cb_arg->string); - fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n", - (void *)ctx, (void *)ctx->cert); - if (ctx->cert) - s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256); - if (s != NULL) - { - fprintf(stderr,"cert depth=%d %s\n",ctx->error_depth,buf); - } - return(1); - } - if (cb_arg->proxy_auth) - { - int found_any = 0, i; - char *sp; - - for(i = 0; i < 26; i++) - letters[i] = 0; - for(sp = cb_arg->proxy_auth; *sp; sp++) - { - int c = *sp; - if (isascii(c) && isalpha(c)) - { - if (islower(c)) - c = toupper(c); - letters[c - 'A'] = 1; - } - } - - fprintf(stderr, - " Initial proxy rights = "); - for(i = 0; i < 26; i++) - if (letters[i]) - { - fprintf(stderr, "%c", i + 'A'); - found_any = 1; - } - if (!found_any) - fprintf(stderr, "none"); - fprintf(stderr, "\n"); - - X509_STORE_CTX_set_ex_data(ctx, - get_proxy_auth_ex_data_idx(),letters); - } - if (cb_arg->allow_proxy_certs) - { - X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); - } - -#ifndef OPENSSL_NO_X509_VERIFY - ok = X509_verify_cert(ctx); -#endif - - if (cb_arg->proxy_auth) - { - if (ok > 0) - { - const char *cond_end = NULL; - - ok = process_proxy_cond(letters, - cb_arg->proxy_cond, &cond_end); - - if (ok < 0) - EXIT(3); - if (*cond_end) - { - fprintf(stderr, "Stopped processing condition before it's end.\n"); - ok = 0; - } - if (!ok) - fprintf(stderr, "Proxy rights check with condition '%s' proved invalid\n", - cb_arg->proxy_cond); - else - fprintf(stderr, "Proxy rights check with condition '%s' proved valid\n", - cb_arg->proxy_cond); - } - } - return(ok); - } - -#ifndef OPENSSL_NO_RSA -static RSA *rsa_tmp=NULL; - -static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) - { - BIGNUM *bn = NULL; - if (rsa_tmp == NULL) - { - bn = BN_new(); - rsa_tmp = RSA_new(); - if(!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) - { - BIO_printf(bio_err, "Memory error..."); - goto end; - } - BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); - (void)BIO_flush(bio_err); - if(!RSA_generate_key_ex(rsa_tmp,keylength,bn,NULL)) - { - BIO_printf(bio_err, "Error generating key."); - RSA_free(rsa_tmp); - rsa_tmp = NULL; - } -end: - BIO_printf(bio_err,"\n"); - (void)BIO_flush(bio_err); - } - if(bn) BN_free(bn); - return(rsa_tmp); - } - -static void free_tmp_rsa(void) - { - if (rsa_tmp != NULL) - { - RSA_free(rsa_tmp); - rsa_tmp = NULL; - } - } -#endif - -#ifndef OPENSSL_NO_DH -/* These DH parameters have been generated as follows: - * $ openssl dhparam -C -noout 512 - * $ openssl dhparam -C -noout 1024 - * $ openssl dhparam -C -noout -dsaparam 1024 - * (The third function has been renamed to avoid name conflicts.) - */ -static DH *get_dh512() - { - static unsigned char dh512_p[]={ - 0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6, - 0x1F,0x0D,0xAC,0xB6,0x25,0x3E,0x06,0x39,0xCA,0x72,0x04,0xB0, - 0x6E,0xDA,0xC0,0x61,0xE6,0x7A,0x77,0x25,0xE8,0x3B,0xB9,0x5F, - 0x9A,0xB6,0xB5,0xFE,0x99,0x0B,0xA1,0x93,0x4E,0x35,0x33,0xB8, - 0xE1,0xF1,0x13,0x4F,0x59,0x1A,0xD2,0x57,0xC0,0x26,0x21,0x33, - 0x02,0xC5,0xAE,0x23, - }; - static unsigned char dh512_g[]={ - 0x02, - }; - DH *dh; - - if ((dh=DH_new()) == NULL) return(NULL); - dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); - dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); - if ((dh->p == NULL) || (dh->g == NULL)) - { DH_free(dh); return(NULL); } - return(dh); - } - -static DH *get_dh1024() - { - static unsigned char dh1024_p[]={ - 0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A, - 0xE4,0x90,0xF4,0xFC,0x73,0xFB,0x34,0xB5,0xFA,0x4C,0x56,0xA2, - 0xEA,0xA7,0xE9,0xC0,0xC0,0xCE,0x89,0xE1,0xFA,0x63,0x3F,0xB0, - 0x6B,0x32,0x66,0xF1,0xD1,0x7B,0xB0,0x00,0x8F,0xCA,0x87,0xC2, - 0xAE,0x98,0x89,0x26,0x17,0xC2,0x05,0xD2,0xEC,0x08,0xD0,0x8C, - 0xFF,0x17,0x52,0x8C,0xC5,0x07,0x93,0x03,0xB1,0xF6,0x2F,0xB8, - 0x1C,0x52,0x47,0x27,0x1B,0xDB,0xD1,0x8D,0x9D,0x69,0x1D,0x52, - 0x4B,0x32,0x81,0xAA,0x7F,0x00,0xC8,0xDC,0xE6,0xD9,0xCC,0xC1, - 0x11,0x2D,0x37,0x34,0x6C,0xEA,0x02,0x97,0x4B,0x0E,0xBB,0xB1, - 0x71,0x33,0x09,0x15,0xFD,0xDD,0x23,0x87,0x07,0x5E,0x89,0xAB, - 0x6B,0x7C,0x5F,0xEC,0xA6,0x24,0xDC,0x53, - }; - static unsigned char dh1024_g[]={ - 0x02, - }; - DH *dh; - - if ((dh=DH_new()) == NULL) return(NULL); - dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); - dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); - if ((dh->p == NULL) || (dh->g == NULL)) - { DH_free(dh); return(NULL); } - return(dh); - } - -static DH *get_dh1024dsa() - { - static unsigned char dh1024_p[]={ - 0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00, - 0x21,0x1B,0xF7,0x31,0xA6,0xA2,0xDA,0x23,0x9A,0xC7,0x87,0x19, - 0x3B,0x47,0xB6,0x8C,0x04,0x6F,0xFF,0xC6,0x9B,0xB8,0x65,0xD2, - 0xC2,0x5F,0x31,0x83,0x4A,0xA7,0x5F,0x2F,0x88,0x38,0xB6,0x55, - 0xCF,0xD9,0x87,0x6D,0x6F,0x9F,0xDA,0xAC,0xA6,0x48,0xAF,0xFC, - 0x33,0x84,0x37,0x5B,0x82,0x4A,0x31,0x5D,0xE7,0xBD,0x52,0x97, - 0xA1,0x77,0xBF,0x10,0x9E,0x37,0xEA,0x64,0xFA,0xCA,0x28,0x8D, - 0x9D,0x3B,0xD2,0x6E,0x09,0x5C,0x68,0xC7,0x45,0x90,0xFD,0xBB, - 0x70,0xC9,0x3A,0xBB,0xDF,0xD4,0x21,0x0F,0xC4,0x6A,0x3C,0xF6, - 0x61,0xCF,0x3F,0xD6,0x13,0xF1,0x5F,0xBC,0xCF,0xBC,0x26,0x9E, - 0xBC,0x0B,0xBD,0xAB,0x5D,0xC9,0x54,0x39, - }; - static unsigned char dh1024_g[]={ - 0x3B,0x40,0x86,0xE7,0xF3,0x6C,0xDE,0x67,0x1C,0xCC,0x80,0x05, - 0x5A,0xDF,0xFE,0xBD,0x20,0x27,0x74,0x6C,0x24,0xC9,0x03,0xF3, - 0xE1,0x8D,0xC3,0x7D,0x98,0x27,0x40,0x08,0xB8,0x8C,0x6A,0xE9, - 0xBB,0x1A,0x3A,0xD6,0x86,0x83,0x5E,0x72,0x41,0xCE,0x85,0x3C, - 0xD2,0xB3,0xFC,0x13,0xCE,0x37,0x81,0x9E,0x4C,0x1C,0x7B,0x65, - 0xD3,0xE6,0xA6,0x00,0xF5,0x5A,0x95,0x43,0x5E,0x81,0xCF,0x60, - 0xA2,0x23,0xFC,0x36,0xA7,0x5D,0x7A,0x4C,0x06,0x91,0x6E,0xF6, - 0x57,0xEE,0x36,0xCB,0x06,0xEA,0xF5,0x3D,0x95,0x49,0xCB,0xA7, - 0xDD,0x81,0xDF,0x80,0x09,0x4A,0x97,0x4D,0xA8,0x22,0x72,0xA1, - 0x7F,0xC4,0x70,0x56,0x70,0xE8,0x20,0x10,0x18,0x8F,0x2E,0x60, - 0x07,0xE7,0x68,0x1A,0x82,0x5D,0x32,0xA2, - }; - DH *dh; - - if ((dh=DH_new()) == NULL) return(NULL); - dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); - dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); - if ((dh->p == NULL) || (dh->g == NULL)) - { DH_free(dh); return(NULL); } - dh->length = 160; - return(dh); - } -#endif - -#ifndef OPENSSL_NO_PSK -/* convert the PSK key (psk_key) in ascii to binary (psk) */ -static int psk_key2bn(const char *pskkey, unsigned char *psk, - unsigned int max_psk_len) - { - int ret; - BIGNUM *bn = NULL; - - ret = BN_hex2bn(&bn, pskkey); - if (!ret) - { - BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", pskkey); - if (bn) - BN_free(bn); - return 0; - } - if (BN_num_bytes(bn) > (int)max_psk_len) - { - BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n", - max_psk_len, BN_num_bytes(bn)); - BN_free(bn); - return 0; - } - ret = BN_bn2bin(bn, psk); - BN_free(bn); - return ret; - } - -static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identity, - unsigned int max_identity_len, unsigned char *psk, - unsigned int max_psk_len) - { - int ret; - unsigned int psk_len = 0; - - ret = BIO_snprintf(identity, max_identity_len, "Client_identity"); - if (ret < 0) - goto out_err; - if (debug) - fprintf(stderr, "client: created identity '%s' len=%d\n", identity, ret); - ret = psk_key2bn(psk_key, psk, max_psk_len); - if (ret < 0) - goto out_err; - psk_len = ret; -out_err: - return psk_len; - } - -static unsigned int psk_server_callback(SSL *ssl, const char *identity, - unsigned char *psk, unsigned int max_psk_len) - { - unsigned int psk_len=0; - - if (strcmp(identity, "Client_identity") != 0) - { - BIO_printf(bio_err, "server: PSK error: client identity not found\n"); - return 0; - } - psk_len=psk_key2bn(psk_key, psk, max_psk_len); - return psk_len; - } -#endif - -static int do_test_cipherlist(void) - { - int i = 0; - const SSL_METHOD *meth; - const SSL_CIPHER *ci, *tci = NULL; - -#ifndef OPENSSL_NO_SSL2 - fprintf(stderr, "testing SSLv2 cipher list order: "); - meth = SSLv2_method(); - while ((ci = meth->get_cipher(i++)) != NULL) - { - if (tci != NULL) - if (ci->id >= tci->id) - { - fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); - return 0; - } - tci = ci; - } - fprintf(stderr, "ok\n"); -#endif -#ifndef OPENSSL_NO_SSL3 - fprintf(stderr, "testing SSLv3 cipher list order: "); - meth = SSLv3_method(); - tci = NULL; - while ((ci = meth->get_cipher(i++)) != NULL) - { - if (tci != NULL) - if (ci->id >= tci->id) - { - fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); - return 0; - } - tci = ci; - } - fprintf(stderr, "ok\n"); -#endif -#ifndef OPENSSL_NO_TLS1 - fprintf(stderr, "testing TLSv1 cipher list order: "); - meth = TLSv1_method(); - tci = NULL; - while ((ci = meth->get_cipher(i++)) != NULL) - { - if (tci != NULL) - if (ci->id >= tci->id) - { - fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); - return 0; - } - tci = ci; - } - fprintf(stderr, "ok\n"); -#endif - - return 1; - } diff --git a/main/openssl/ssl/t1_clnt.c b/main/openssl/ssl/t1_clnt.c deleted file mode 100644 index 578617ed..00000000 --- a/main/openssl/ssl/t1_clnt.c +++ /dev/null @@ -1,92 +0,0 @@ -/* ssl/t1_clnt.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "ssl_locl.h" -#include <openssl/buffer.h> -#include <openssl/rand.h> -#include <openssl/objects.h> -#include <openssl/evp.h> - -static const SSL_METHOD *tls1_get_client_method(int ver); -static const SSL_METHOD *tls1_get_client_method(int ver) - { - if (ver == TLS1_2_VERSION) - return TLSv1_2_client_method(); - if (ver == TLS1_1_VERSION) - return TLSv1_1_client_method(); - if (ver == TLS1_VERSION) - return TLSv1_client_method(); - return NULL; - } - -IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_client_method, - ssl_undefined_function, - ssl3_connect, - tls1_get_client_method) - -IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_client_method, - ssl_undefined_function, - ssl3_connect, - tls1_get_client_method) - -IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_client_method, - ssl_undefined_function, - ssl3_connect, - tls1_get_client_method) - diff --git a/main/openssl/ssl/t1_enc.c b/main/openssl/ssl/t1_enc.c deleted file mode 100644 index 5b5bc148..00000000 --- a/main/openssl/ssl/t1_enc.c +++ /dev/null @@ -1,1276 +0,0 @@ -/* ssl/t1_enc.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#include <stdio.h> -#include "ssl_locl.h" -#ifndef OPENSSL_NO_COMP -#include <openssl/comp.h> -#endif -#include <openssl/evp.h> -#include <openssl/hmac.h> -#include <openssl/md5.h> -#include <openssl/rand.h> -#ifdef KSSL_DEBUG -#include <openssl/des.h> -#endif - -/* seed1 through seed5 are virtually concatenated */ -static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, - int sec_len, - const void *seed1, int seed1_len, - const void *seed2, int seed2_len, - const void *seed3, int seed3_len, - const void *seed4, int seed4_len, - const void *seed5, int seed5_len, - unsigned char *out, int olen) - { - int chunk; - size_t j; - EVP_MD_CTX ctx, ctx_tmp; - EVP_PKEY *mac_key; - unsigned char A1[EVP_MAX_MD_SIZE]; - size_t A1_len; - int ret = 0; - - chunk=EVP_MD_size(md); - OPENSSL_assert(chunk >= 0); - - EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_init(&ctx_tmp); - EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_MD_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len); - if (!mac_key) - goto err; - if (!EVP_DigestSignInit(&ctx,NULL,md, NULL, mac_key)) - goto err; - if (!EVP_DigestSignInit(&ctx_tmp,NULL,md, NULL, mac_key)) - goto err; - if (seed1 && !EVP_DigestSignUpdate(&ctx,seed1,seed1_len)) - goto err; - if (seed2 && !EVP_DigestSignUpdate(&ctx,seed2,seed2_len)) - goto err; - if (seed3 && !EVP_DigestSignUpdate(&ctx,seed3,seed3_len)) - goto err; - if (seed4 && !EVP_DigestSignUpdate(&ctx,seed4,seed4_len)) - goto err; - if (seed5 && !EVP_DigestSignUpdate(&ctx,seed5,seed5_len)) - goto err; - if (!EVP_DigestSignFinal(&ctx,A1,&A1_len)) - goto err; - - for (;;) - { - /* Reinit mac contexts */ - if (!EVP_DigestSignInit(&ctx,NULL,md, NULL, mac_key)) - goto err; - if (!EVP_DigestSignInit(&ctx_tmp,NULL,md, NULL, mac_key)) - goto err; - if (!EVP_DigestSignUpdate(&ctx,A1,A1_len)) - goto err; - if (!EVP_DigestSignUpdate(&ctx_tmp,A1,A1_len)) - goto err; - if (seed1 && !EVP_DigestSignUpdate(&ctx,seed1,seed1_len)) - goto err; - if (seed2 && !EVP_DigestSignUpdate(&ctx,seed2,seed2_len)) - goto err; - if (seed3 && !EVP_DigestSignUpdate(&ctx,seed3,seed3_len)) - goto err; - if (seed4 && !EVP_DigestSignUpdate(&ctx,seed4,seed4_len)) - goto err; - if (seed5 && !EVP_DigestSignUpdate(&ctx,seed5,seed5_len)) - goto err; - - if (olen > chunk) - { - if (!EVP_DigestSignFinal(&ctx,out,&j)) - goto err; - out+=j; - olen-=j; - /* calc the next A1 value */ - if (!EVP_DigestSignFinal(&ctx_tmp,A1,&A1_len)) - goto err; - } - else /* last one */ - { - if (!EVP_DigestSignFinal(&ctx,A1,&A1_len)) - goto err; - memcpy(out,A1,olen); - break; - } - } - ret = 1; -err: - EVP_PKEY_free(mac_key); - EVP_MD_CTX_cleanup(&ctx); - EVP_MD_CTX_cleanup(&ctx_tmp); - OPENSSL_cleanse(A1,sizeof(A1)); - return ret; - } - -/* seed1 through seed5 are virtually concatenated */ -static int tls1_PRF(long digest_mask, - const void *seed1, int seed1_len, - const void *seed2, int seed2_len, - const void *seed3, int seed3_len, - const void *seed4, int seed4_len, - const void *seed5, int seed5_len, - const unsigned char *sec, int slen, - unsigned char *out1, - unsigned char *out2, int olen) - { - int len,i,idx,count; - const unsigned char *S1; - long m; - const EVP_MD *md; - int ret = 0; - - /* Count number of digests and partition sec evenly */ - count=0; - for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) { - if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) count++; - } - len=slen/count; - if (count == 1) - slen = 0; - S1=sec; - memset(out1,0,olen); - for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) { - if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) { - if (!md) { - SSLerr(SSL_F_TLS1_PRF, - SSL_R_UNSUPPORTED_DIGEST_TYPE); - goto err; - } - if (!tls1_P_hash(md ,S1,len+(slen&1), - seed1,seed1_len,seed2,seed2_len,seed3,seed3_len,seed4,seed4_len,seed5,seed5_len, - out2,olen)) - goto err; - S1+=len; - for (i=0; i<olen; i++) - { - out1[i]^=out2[i]; - } - } - } - ret = 1; -err: - return ret; -} -static int tls1_generate_key_block(SSL *s, unsigned char *km, - unsigned char *tmp, int num) - { - int ret; - ret = tls1_PRF(ssl_get_algorithm2(s), - TLS_MD_KEY_EXPANSION_CONST,TLS_MD_KEY_EXPANSION_CONST_SIZE, - s->s3->server_random,SSL3_RANDOM_SIZE, - s->s3->client_random,SSL3_RANDOM_SIZE, - NULL,0,NULL,0, - s->session->master_key,s->session->master_key_length, - km,tmp,num); -#ifdef KSSL_DEBUG - fprintf(stderr,"tls1_generate_key_block() ==> %d byte master_key =\n\t", - s->session->master_key_length); - { - int i; - for (i=0; i < s->session->master_key_length; i++) - { - fprintf(stderr,"%02X", s->session->master_key[i]); - } - fprintf(stderr,"\n"); } -#endif /* KSSL_DEBUG */ - return ret; - } - -int tls1_change_cipher_state(SSL *s, int which) - { - static const unsigned char empty[]=""; - unsigned char *p,*mac_secret; - unsigned char *exp_label; - unsigned char tmp1[EVP_MAX_KEY_LENGTH]; - unsigned char tmp2[EVP_MAX_KEY_LENGTH]; - unsigned char iv1[EVP_MAX_IV_LENGTH*2]; - unsigned char iv2[EVP_MAX_IV_LENGTH*2]; - unsigned char *ms,*key,*iv; - int client_write; - EVP_CIPHER_CTX *dd; - const EVP_CIPHER *c; -#ifndef OPENSSL_NO_COMP - const SSL_COMP *comp; -#endif - const EVP_MD *m; - int mac_type; - int *mac_secret_size; - EVP_MD_CTX *mac_ctx; - EVP_PKEY *mac_key; - int is_export,n,i,j,k,exp_label_len,cl; - int reuse_dd = 0; - - is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); - c=s->s3->tmp.new_sym_enc; - m=s->s3->tmp.new_hash; - mac_type = s->s3->tmp.new_mac_pkey_type; -#ifndef OPENSSL_NO_COMP - comp=s->s3->tmp.new_compression; -#endif - -#ifdef KSSL_DEBUG - fprintf(stderr,"tls1_change_cipher_state(which= %d) w/\n", which); - fprintf(stderr,"\talg= %ld/%ld, comp= %p\n", - s->s3->tmp.new_cipher->algorithm_mkey, - s->s3->tmp.new_cipher->algorithm_auth, - comp); - fprintf(stderr,"\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c); - fprintf(stderr,"\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", - c->nid,c->block_size,c->key_len,c->iv_len); - fprintf(stderr,"\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length); - { - int i; - for (i=0; i<s->s3->tmp.key_block_length; i++) - fprintf(stderr,"%02x", s->s3->tmp.key_block[i]); fprintf(stderr,"\n"); - } -#endif /* KSSL_DEBUG */ - - if (which & SSL3_CC_READ) - { - if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) - s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; - else - s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; - - if (s->enc_read_ctx != NULL) - reuse_dd = 1; - else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) - goto err; - else - /* make sure it's intialized in case we exit later with an error */ - EVP_CIPHER_CTX_init(s->enc_read_ctx); - dd= s->enc_read_ctx; - mac_ctx=ssl_replace_hash(&s->read_hash,NULL); -#ifndef OPENSSL_NO_COMP - if (s->expand != NULL) - { - COMP_CTX_free(s->expand); - s->expand=NULL; - } - if (comp != NULL) - { - s->expand=COMP_CTX_new(comp->method); - if (s->expand == NULL) - { - SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR); - goto err2; - } - if (s->s3->rrec.comp == NULL) - s->s3->rrec.comp=(unsigned char *) - OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH); - if (s->s3->rrec.comp == NULL) - goto err; - } -#endif - /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ - if (s->version != DTLS1_VERSION) - memset(&(s->s3->read_sequence[0]),0,8); - mac_secret= &(s->s3->read_mac_secret[0]); - mac_secret_size=&(s->s3->read_mac_secret_size); - } - else - { - if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) - s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; - else - s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; - if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s)) - reuse_dd = 1; - else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL) - goto err; - dd= s->enc_write_ctx; - if (SSL_IS_DTLS(s)) - { - mac_ctx = EVP_MD_CTX_create(); - if (!mac_ctx) - goto err; - s->write_hash = mac_ctx; - } - else - mac_ctx = ssl_replace_hash(&s->write_hash,NULL); -#ifndef OPENSSL_NO_COMP - if (s->compress != NULL) - { - COMP_CTX_free(s->compress); - s->compress=NULL; - } - if (comp != NULL) - { - s->compress=COMP_CTX_new(comp->method); - if (s->compress == NULL) - { - SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR); - goto err2; - } - } -#endif - /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ - if (s->version != DTLS1_VERSION) - memset(&(s->s3->write_sequence[0]),0,8); - mac_secret= &(s->s3->write_mac_secret[0]); - mac_secret_size = &(s->s3->write_mac_secret_size); - } - - if (reuse_dd) - EVP_CIPHER_CTX_cleanup(dd); - - p=s->s3->tmp.key_block; - i=*mac_secret_size=s->s3->tmp.new_mac_secret_size; - - cl=EVP_CIPHER_key_length(c); - j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? - cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; - /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ - /* If GCM mode only part of IV comes from PRF */ - if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) - k = EVP_GCM_TLS_FIXED_IV_LEN; - else - k=EVP_CIPHER_iv_length(c); - if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || - (which == SSL3_CHANGE_CIPHER_SERVER_READ)) - { - ms= &(p[ 0]); n=i+i; - key= &(p[ n]); n+=j+j; - iv= &(p[ n]); n+=k+k; - exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST; - exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE; - client_write=1; - } - else - { - n=i; - ms= &(p[ n]); n+=i+j; - key= &(p[ n]); n+=j+k; - iv= &(p[ n]); n+=k; - exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST; - exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE; - client_write=0; - } - - if (n > s->s3->tmp.key_block_length) - { - SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR); - goto err2; - } - - memcpy(mac_secret,ms,i); - - if (!(EVP_CIPHER_flags(c)&EVP_CIPH_FLAG_AEAD_CIPHER)) - { - mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, - mac_secret,*mac_secret_size); - EVP_DigestSignInit(mac_ctx,NULL,m,NULL,mac_key); - EVP_PKEY_free(mac_key); - } -#ifdef TLS_DEBUG -printf("which = %04X\nmac key=",which); -{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); } -#endif - if (is_export) - { - /* In here I set both the read and write key/iv to the - * same value since only the correct one will be used :-). - */ - if (!tls1_PRF(ssl_get_algorithm2(s), - exp_label,exp_label_len, - s->s3->client_random,SSL3_RANDOM_SIZE, - s->s3->server_random,SSL3_RANDOM_SIZE, - NULL,0,NULL,0, - key,j,tmp1,tmp2,EVP_CIPHER_key_length(c))) - goto err2; - key=tmp1; - - if (k > 0) - { - if (!tls1_PRF(ssl_get_algorithm2(s), - TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CONST_SIZE, - s->s3->client_random,SSL3_RANDOM_SIZE, - s->s3->server_random,SSL3_RANDOM_SIZE, - NULL,0,NULL,0, - empty,0,iv1,iv2,k*2)) - goto err2; - if (client_write) - iv=iv1; - else - iv= &(iv1[k]); - } - } - - s->session->key_arg_length=0; -#ifdef KSSL_DEBUG - { - int i; - fprintf(stderr,"EVP_CipherInit_ex(dd,c,key=,iv=,which)\n"); - fprintf(stderr,"\tkey= "); for (i=0; i<c->key_len; i++) fprintf(stderr,"%02x", key[i]); - fprintf(stderr,"\n"); - fprintf(stderr,"\t iv= "); for (i=0; i<c->iv_len; i++) fprintf(stderr,"%02x", iv[i]); - fprintf(stderr,"\n"); - } -#endif /* KSSL_DEBUG */ - - if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) - { - EVP_CipherInit_ex(dd,c,NULL,key,NULL,(which & SSL3_CC_WRITE)); - EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv); - } - else - EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE)); - - /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */ - if ((EVP_CIPHER_flags(c)&EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size) - EVP_CIPHER_CTX_ctrl(dd,EVP_CTRL_AEAD_SET_MAC_KEY, - *mac_secret_size,mac_secret); - -#ifdef TLS_DEBUG -printf("which = %04X\nkey=",which); -{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); } -printf("\niv="); -{ int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); } -printf("\n"); -#endif - - OPENSSL_cleanse(tmp1,sizeof(tmp1)); - OPENSSL_cleanse(tmp2,sizeof(tmp1)); - OPENSSL_cleanse(iv1,sizeof(iv1)); - OPENSSL_cleanse(iv2,sizeof(iv2)); - return(1); -err: - SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); -err2: - return(0); - } - -int tls1_setup_key_block(SSL *s) - { - unsigned char *p1,*p2=NULL; - const EVP_CIPHER *c; - const EVP_MD *hash; - int num; - SSL_COMP *comp; - int mac_type= NID_undef,mac_secret_size=0; - int ret=0; - -#ifdef KSSL_DEBUG - fprintf(stderr,"tls1_setup_key_block()\n"); -#endif /* KSSL_DEBUG */ - - if (s->s3->tmp.key_block_length != 0) - return(1); - - if (!ssl_cipher_get_evp(s->session,&c,&hash,&mac_type,&mac_secret_size,&comp)) - { - SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE); - return(0); - } - - s->s3->tmp.new_sym_enc=c; - s->s3->tmp.new_hash=hash; - s->s3->tmp.new_mac_pkey_type = mac_type; - s->s3->tmp.new_mac_secret_size = mac_secret_size; - num=EVP_CIPHER_key_length(c)+mac_secret_size+EVP_CIPHER_iv_length(c); - num*=2; - - ssl3_cleanup_key_block(s); - - if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL) - { - SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); - goto err; - } - - s->s3->tmp.key_block_length=num; - s->s3->tmp.key_block=p1; - - if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL) - { - SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); - goto err; - } - -#ifdef TLS_DEBUG -printf("client random\n"); -{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); } -printf("server random\n"); -{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); } -printf("pre-master\n"); -{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); } -#endif - if (!tls1_generate_key_block(s,p1,p2,num)) - goto err; -#ifdef TLS_DEBUG -printf("\nkey block\n"); -{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); } -#endif - - if (s->method->version <= TLS1_VERSION && - (s->mode & SSL_MODE_CBC_RECORD_SPLITTING) != 0) - { - /* enable vulnerability countermeasure for CBC ciphers with - * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) - */ - s->s3->need_record_splitting = 1; - - if (s->session->cipher != NULL) - { - if (s->session->cipher->algorithm_enc == SSL_eNULL) - s->s3->need_record_splitting = 0; - -#ifndef OPENSSL_NO_RC4 - if (s->session->cipher->algorithm_enc == SSL_RC4) - s->s3->need_record_splitting = 0; -#endif - } - } - - ret = 1; -err: - if (p2) - { - OPENSSL_cleanse(p2,num); - OPENSSL_free(p2); - } - return(ret); - } - -/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. - * - * Returns: - * 0: (in non-constant time) if the record is publically invalid (i.e. too - * short etc). - * 1: if the record's padding is valid / the encryption was successful. - * -1: if the record's padding/AEAD-authenticator is invalid or, if sending, - * an internal error occured. - */ -int tls1_enc(SSL *s, int send) - { - SSL3_RECORD *rec; - EVP_CIPHER_CTX *ds; - unsigned long l; - int bs,i,j,k,pad=0,ret,mac_size=0; - const EVP_CIPHER *enc; - - if (send) - { - if (EVP_MD_CTX_md(s->write_hash)) - { - int n=EVP_MD_CTX_size(s->write_hash); - OPENSSL_assert(n >= 0); - } - ds=s->enc_write_ctx; - rec= &(s->s3->wrec); - if (s->enc_write_ctx == NULL) - enc=NULL; - else - { - int ivlen; - enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); - /* For TLSv1.1 and later explicit IV */ - if (s->version >= TLS1_1_VERSION - && EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE) - ivlen = EVP_CIPHER_iv_length(enc); - else - ivlen = 0; - if (ivlen > 1) - { - if ( rec->data != rec->input) - /* we can't write into the input stream: - * Can this ever happen?? (steve) - */ - fprintf(stderr, - "%s:%d: rec->data != rec->input\n", - __FILE__, __LINE__); - else if (RAND_bytes(rec->input, ivlen) <= 0) - return -1; - } - } - } - else - { - if (EVP_MD_CTX_md(s->read_hash)) - { - int n=EVP_MD_CTX_size(s->read_hash); - OPENSSL_assert(n >= 0); - } - ds=s->enc_read_ctx; - rec= &(s->s3->rrec); - if (s->enc_read_ctx == NULL) - enc=NULL; - else - enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); - } - -#ifdef KSSL_DEBUG - fprintf(stderr,"tls1_enc(%d)\n", send); -#endif /* KSSL_DEBUG */ - - if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) - { - memmove(rec->data,rec->input,rec->length); - rec->input=rec->data; - ret = 1; - } - else - { - l=rec->length; - bs=EVP_CIPHER_block_size(ds->cipher); - - if (EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER) - { - unsigned char buf[13],*seq; - - seq = send?s->s3->write_sequence:s->s3->read_sequence; - - if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) - { - unsigned char dtlsseq[9],*p=dtlsseq; - - s2n(send?s->d1->w_epoch:s->d1->r_epoch,p); - memcpy(p,&seq[2],6); - memcpy(buf,dtlsseq,8); - } - else - { - memcpy(buf,seq,8); - for (i=7; i>=0; i--) /* increment */ - { - ++seq[i]; - if (seq[i] != 0) break; - } - } - - buf[8]=rec->type; - buf[9]=(unsigned char)(s->version>>8); - buf[10]=(unsigned char)(s->version); - buf[11]=rec->length>>8; - buf[12]=rec->length&0xff; - pad=EVP_CIPHER_CTX_ctrl(ds,EVP_CTRL_AEAD_TLS1_AAD,13,buf); - if (send) - { - l+=pad; - rec->length+=pad; - } - } - else if ((bs != 1) && send) - { - i=bs-((int)l%bs); - - /* Add weird padding of upto 256 bytes */ - - /* we need to add 'i' padding bytes of value j */ - j=i-1; - if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) - { - if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) - j++; - } - for (k=(int)l; k<(int)(l+i); k++) - rec->input[k]=j; - l+=i; - rec->length+=i; - } - -#ifdef KSSL_DEBUG - { - unsigned long ui; - fprintf(stderr,"EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", - ds,rec->data,rec->input,l); - fprintf(stderr,"\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%lu %lu], %d iv_len\n", - ds->buf_len, ds->cipher->key_len, - DES_KEY_SZ, DES_SCHEDULE_SZ, - ds->cipher->iv_len); - fprintf(stderr,"\t\tIV: "); - for (i=0; i<ds->cipher->iv_len; i++) fprintf(stderr,"%02X", ds->iv[i]); - fprintf(stderr,"\n"); - fprintf(stderr,"\trec->input="); - for (ui=0; ui<l; ui++) fprintf(stderr," %02x", rec->input[ui]); - fprintf(stderr,"\n"); - } -#endif /* KSSL_DEBUG */ - - if (!send) - { - if (l == 0 || l%bs != 0) - return 0; - } - - i = EVP_Cipher(ds,rec->data,rec->input,l); - if ((EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_CUSTOM_CIPHER) - ?(i<0) - :(i==0)) - return -1; /* AEAD can fail to verify MAC */ - if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send) - { - rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN; - rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN; - rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN; - } - -#ifdef KSSL_DEBUG - { - unsigned long i; - fprintf(stderr,"\trec->data="); - for (i=0; i<l; i++) - fprintf(stderr," %02x", rec->data[i]); fprintf(stderr,"\n"); - } -#endif /* KSSL_DEBUG */ - - ret = 1; - if (EVP_MD_CTX_md(s->read_hash) != NULL) - mac_size = EVP_MD_CTX_size(s->read_hash); - if ((bs != 1) && !send) - ret = tls1_cbc_remove_padding(s, rec, bs, mac_size); - if (pad && !send) - rec->length -= pad; - } - return ret; - } - -int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) - { - unsigned int ret; - EVP_MD_CTX ctx, *d=NULL; - int i; - - if (s->s3->handshake_buffer) - if (!ssl3_digest_cached_records(s)) - return 0; - - for (i=0;i<SSL_MAX_DIGEST;i++) - { - if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid) - { - d=s->s3->handshake_dgst[i]; - break; - } - } - if (!d) { - SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC,SSL_R_NO_REQUIRED_DIGEST); - return 0; - } - - EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_copy_ex(&ctx,d); - EVP_DigestFinal_ex(&ctx,out,&ret); - EVP_MD_CTX_cleanup(&ctx); - return((int)ret); - } - -/* tls1_handshake_digest calculates the current handshake hash and writes it to - * |out|, which has space for |out_len| bytes. It returns the number of bytes - * written or -1 in the event of an error. This function works on a copy of the - * underlying digests so can be called multiple times and prior to the final - * update etc. */ -int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len) - { - const EVP_MD *md; - EVP_MD_CTX ctx; - int i, err = 0, len = 0; - long mask; - - EVP_MD_CTX_init(&ctx); - - for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) - { - int hash_size; - unsigned int digest_len; - EVP_MD_CTX *hdgst = s->s3->handshake_dgst[i]; - - if ((mask & ssl_get_algorithm2(s)) == 0) - continue; - - hash_size = EVP_MD_size(md); - if (!hdgst || hash_size < 0 || (size_t)hash_size > out_len) - { - err = 1; - break; - } - - if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) || - !EVP_DigestFinal_ex(&ctx, out, &digest_len) || - digest_len != (unsigned int)hash_size) /* internal error */ - { - err = 1; - break; - } - out += digest_len; - out_len -= digest_len; - len += digest_len; - } - - EVP_MD_CTX_cleanup(&ctx); - - if (err != 0) - return -1; - return len; - } - -int tls1_final_finish_mac(SSL *s, - const char *str, int slen, unsigned char *out) - { - unsigned char buf[2*EVP_MAX_MD_SIZE]; - unsigned char buf2[12]; - int err=0; - int digests_len; - - if (s->s3->handshake_buffer) - if (!ssl3_digest_cached_records(s)) - return 0; - - digests_len = tls1_handshake_digest(s, buf, sizeof(buf)); - if (digests_len < 0) - { - err = 1; - digests_len = 0; - } - - if (!tls1_PRF(ssl_get_algorithm2(s), - str,slen, buf, digests_len, NULL,0, NULL,0, NULL,0, - s->session->master_key,s->session->master_key_length, - out,buf2,sizeof buf2)) - err = 1; - - if (err) - return 0; - else - return sizeof buf2; - } - -int tls1_mac(SSL *ssl, unsigned char *md, int send) - { - SSL3_RECORD *rec; - unsigned char *seq; - EVP_MD_CTX *hash; - size_t md_size, orig_len; - int i; - EVP_MD_CTX hmac, *mac_ctx; - unsigned char header[13]; - int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM)); - int t; - - if (send) - { - rec= &(ssl->s3->wrec); - seq= &(ssl->s3->write_sequence[0]); - hash=ssl->write_hash; - } - else - { - rec= &(ssl->s3->rrec); - seq= &(ssl->s3->read_sequence[0]); - hash=ssl->read_hash; - } - - t=EVP_MD_CTX_size(hash); - OPENSSL_assert(t >= 0); - md_size=t; - - /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ - if (stream_mac) - { - mac_ctx = hash; - } - else - { - if (!EVP_MD_CTX_copy(&hmac,hash)) - return -1; - mac_ctx = &hmac; - } - - if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER) - { - unsigned char dtlsseq[8],*p=dtlsseq; - - s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p); - memcpy (p,&seq[2],6); - - memcpy(header, dtlsseq, 8); - } - else - memcpy(header, seq, 8); - - /* kludge: tls1_cbc_remove_padding passes padding length in rec->type */ - orig_len = rec->length+md_size+((unsigned int)rec->type>>8); - rec->type &= 0xff; - - header[8]=rec->type; - header[9]=(unsigned char)(ssl->version>>8); - header[10]=(unsigned char)(ssl->version); - header[11]=(rec->length)>>8; - header[12]=(rec->length)&0xff; - - if (!send && - EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && - ssl3_cbc_record_digest_supported(mac_ctx)) - { - /* This is a CBC-encrypted record. We must avoid leaking any - * timing-side channel information about how many blocks of - * data we are hashing because that gives an attacker a - * timing-oracle. */ - ssl3_cbc_digest_record( - mac_ctx, - md, &md_size, - header, rec->input, - rec->length + md_size, orig_len, - ssl->s3->read_mac_secret, - ssl->s3->read_mac_secret_size, - 0 /* not SSLv3 */); - } - else - { - EVP_DigestSignUpdate(mac_ctx,header,sizeof(header)); - EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length); - t=EVP_DigestSignFinal(mac_ctx,md,&md_size); - OPENSSL_assert(t > 0); -#ifdef OPENSSL_FIPS - if (!send && FIPS_mode()) - tls_fips_digest_extra( - ssl->enc_read_ctx, - mac_ctx, rec->input, - rec->length, orig_len); -#endif - } - - if (!stream_mac) - EVP_MD_CTX_cleanup(&hmac); -#ifdef TLS_DEBUG -fprintf(stderr,"seq="); -{int z; for (z=0; z<8; z++) fprintf(stderr,"%02X ",seq[z]); fprintf(stderr,"\n"); } -fprintf(stderr,"rec="); -{unsigned int z; for (z=0; z<rec->length; z++) fprintf(stderr,"%02X ",rec->data[z]); fprintf(stderr,"\n"); } -#endif - - if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER) - { - for (i=7; i>=0; i--) - { - ++seq[i]; - if (seq[i] != 0) break; - } - } - -#ifdef TLS_DEBUG -{unsigned int z; for (z=0; z<md_size; z++) fprintf(stderr,"%02X ",md[z]); fprintf(stderr,"\n"); } -#endif - return(md_size); - } - -int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, - int len) - { - unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH]; - const void *co = NULL, *so = NULL; - int col = 0, sol = 0; - - -#ifdef KSSL_DEBUG - fprintf(stderr,"tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len); -#endif /* KSSL_DEBUG */ - -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->client_opaque_prf_input != NULL && s->s3->server_opaque_prf_input != NULL && - s->s3->client_opaque_prf_input_len > 0 && - s->s3->client_opaque_prf_input_len == s->s3->server_opaque_prf_input_len) - { - co = s->s3->client_opaque_prf_input; - col = s->s3->server_opaque_prf_input_len; - so = s->s3->server_opaque_prf_input; - sol = s->s3->client_opaque_prf_input_len; /* must be same as col (see draft-rescorla-tls-opaque-prf-input-00.txt, section 3.1) */ - } -#endif - - tls1_PRF(ssl_get_algorithm2(s), - TLS_MD_MASTER_SECRET_CONST,TLS_MD_MASTER_SECRET_CONST_SIZE, - s->s3->client_random,SSL3_RANDOM_SIZE, - co, col, - s->s3->server_random,SSL3_RANDOM_SIZE, - so, sol, - p,len, - s->session->master_key,buff,sizeof buff); -#ifdef SSL_DEBUG - fprintf(stderr, "Premaster Secret:\n"); - BIO_dump_fp(stderr, (char *)p, len); - fprintf(stderr, "Client Random:\n"); - BIO_dump_fp(stderr, (char *)s->s3->client_random, SSL3_RANDOM_SIZE); - fprintf(stderr, "Server Random:\n"); - BIO_dump_fp(stderr, (char *)s->s3->server_random, SSL3_RANDOM_SIZE); - fprintf(stderr, "Master Secret:\n"); - BIO_dump_fp(stderr, (char *)s->session->master_key, SSL3_MASTER_SECRET_SIZE); -#endif - -#ifdef KSSL_DEBUG - fprintf(stderr,"tls1_generate_master_secret() complete\n"); -#endif /* KSSL_DEBUG */ - return(SSL3_MASTER_SECRET_SIZE); - } - -int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, const unsigned char *context, - size_t contextlen, int use_context) - { - unsigned char *buff; - unsigned char *val = NULL; - size_t vallen, currentvalpos; - int rv; - -#ifdef KSSL_DEBUG - fprintf(stderr,"tls1_export_keying_material(%p,%p,%lu,%s,%lu,%p,%lu)\n", s, out, olen, label, llen, context, contextlen); -#endif /* KSSL_DEBUG */ - - buff = OPENSSL_malloc(olen); - if (buff == NULL) goto err2; - - /* construct PRF arguments - * we construct the PRF argument ourself rather than passing separate - * values into the TLS PRF to ensure that the concatenation of values - * does not create a prohibited label. - */ - vallen = llen + SSL3_RANDOM_SIZE * 2; - if (use_context) - { - vallen += 2 + contextlen; - } - - val = OPENSSL_malloc(vallen); - if (val == NULL) goto err2; - currentvalpos = 0; - memcpy(val + currentvalpos, (unsigned char *) label, llen); - currentvalpos += llen; - memcpy(val + currentvalpos, s->s3->client_random, SSL3_RANDOM_SIZE); - currentvalpos += SSL3_RANDOM_SIZE; - memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE); - currentvalpos += SSL3_RANDOM_SIZE; - - if (use_context) - { - val[currentvalpos] = (contextlen >> 8) & 0xff; - currentvalpos++; - val[currentvalpos] = contextlen & 0xff; - currentvalpos++; - if ((contextlen > 0) || (context != NULL)) - { - memcpy(val + currentvalpos, context, contextlen); - } - } - - /* disallow prohibited labels - * note that SSL3_RANDOM_SIZE > max(prohibited label len) = - * 15, so size of val > max(prohibited label len) = 15 and the - * comparisons won't have buffer overflow - */ - if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST, - TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0) goto err1; - if (memcmp(val, TLS_MD_SERVER_FINISH_CONST, - TLS_MD_SERVER_FINISH_CONST_SIZE) == 0) goto err1; - if (memcmp(val, TLS_MD_MASTER_SECRET_CONST, - TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) goto err1; - if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST, - TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) goto err1; - - rv = tls1_PRF(ssl_get_algorithm2(s), - val, vallen, - NULL, 0, - NULL, 0, - NULL, 0, - NULL, 0, - s->session->master_key,s->session->master_key_length, - out,buff,olen); - -#ifdef KSSL_DEBUG - fprintf(stderr,"tls1_export_keying_material() complete\n"); -#endif /* KSSL_DEBUG */ - goto ret; -err1: - SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL); - rv = 0; - goto ret; -err2: - SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE); - rv = 0; -ret: - if (buff != NULL) OPENSSL_free(buff); - if (val != NULL) OPENSSL_free(val); - return(rv); - } - -int tls1_alert_code(int code) - { - switch (code) - { - case SSL_AD_CLOSE_NOTIFY: return(SSL3_AD_CLOSE_NOTIFY); - case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE); - case SSL_AD_BAD_RECORD_MAC: return(SSL3_AD_BAD_RECORD_MAC); - case SSL_AD_DECRYPTION_FAILED: return(TLS1_AD_DECRYPTION_FAILED); - case SSL_AD_RECORD_OVERFLOW: return(TLS1_AD_RECORD_OVERFLOW); - case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE); - case SSL_AD_HANDSHAKE_FAILURE: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_NO_CERTIFICATE: return(-1); - case SSL_AD_BAD_CERTIFICATE: return(SSL3_AD_BAD_CERTIFICATE); - case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE); - case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED); - case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED); - case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN); - case SSL_AD_ILLEGAL_PARAMETER: return(SSL3_AD_ILLEGAL_PARAMETER); - case SSL_AD_UNKNOWN_CA: return(TLS1_AD_UNKNOWN_CA); - case SSL_AD_ACCESS_DENIED: return(TLS1_AD_ACCESS_DENIED); - case SSL_AD_DECODE_ERROR: return(TLS1_AD_DECODE_ERROR); - case SSL_AD_DECRYPT_ERROR: return(TLS1_AD_DECRYPT_ERROR); - case SSL_AD_EXPORT_RESTRICTION: return(TLS1_AD_EXPORT_RESTRICTION); - case SSL_AD_PROTOCOL_VERSION: return(TLS1_AD_PROTOCOL_VERSION); - case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY); - case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR); - case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED); - case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION); - case SSL_AD_UNSUPPORTED_EXTENSION: return(TLS1_AD_UNSUPPORTED_EXTENSION); - case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(TLS1_AD_CERTIFICATE_UNOBTAINABLE); - case SSL_AD_UNRECOGNIZED_NAME: return(TLS1_AD_UNRECOGNIZED_NAME); - case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE); - case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE); - case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); - case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK); -#if 0 /* not appropriate for TLS, not used for DTLS */ - case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return - (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); -#endif - default: return(-1); - } - } diff --git a/main/openssl/ssl/t1_lib.c b/main/openssl/ssl/t1_lib.c deleted file mode 100644 index a8829207..00000000 --- a/main/openssl/ssl/t1_lib.c +++ /dev/null @@ -1,3010 +0,0 @@ -/* ssl/t1_lib.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <stdio.h> -#include <openssl/objects.h> -#include <openssl/evp.h> -#include <openssl/hmac.h> -#include <openssl/ocsp.h> -#include <openssl/rand.h> -#include "ssl_locl.h" - -const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT; - -#ifndef OPENSSL_NO_TLSEXT -static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, - const unsigned char *sess_id, int sesslen, - SSL_SESSION **psess); -#endif - -SSL3_ENC_METHOD TLSv1_enc_data={ - tls1_enc, - tls1_mac, - tls1_setup_key_block, - tls1_generate_master_secret, - tls1_change_cipher_state, - tls1_final_finish_mac, - TLS1_FINISH_MAC_LENGTH, - tls1_cert_verify_mac, - TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, - TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, - tls1_alert_code, - tls1_export_keying_material, - }; - -long tls1_default_timeout(void) - { - /* 2 hours, the 24 hours mentioned in the TLSv1 spec - * is way too long for http, the cache would over fill */ - return(60*60*2); - } - -int tls1_new(SSL *s) - { - if (!ssl3_new(s)) return(0); - s->method->ssl_clear(s); - return(1); - } - -void tls1_free(SSL *s) - { -#ifndef OPENSSL_NO_TLSEXT - if (s->tlsext_session_ticket) - { - OPENSSL_free(s->tlsext_session_ticket); - } -#endif /* OPENSSL_NO_TLSEXT */ - ssl3_free(s); - } - -void tls1_clear(SSL *s) - { - ssl3_clear(s); - s->version = s->method->version; - } - -#ifndef OPENSSL_NO_EC - -static int nid_list[] = - { - NID_sect163k1, /* sect163k1 (1) */ - NID_sect163r1, /* sect163r1 (2) */ - NID_sect163r2, /* sect163r2 (3) */ - NID_sect193r1, /* sect193r1 (4) */ - NID_sect193r2, /* sect193r2 (5) */ - NID_sect233k1, /* sect233k1 (6) */ - NID_sect233r1, /* sect233r1 (7) */ - NID_sect239k1, /* sect239k1 (8) */ - NID_sect283k1, /* sect283k1 (9) */ - NID_sect283r1, /* sect283r1 (10) */ - NID_sect409k1, /* sect409k1 (11) */ - NID_sect409r1, /* sect409r1 (12) */ - NID_sect571k1, /* sect571k1 (13) */ - NID_sect571r1, /* sect571r1 (14) */ - NID_secp160k1, /* secp160k1 (15) */ - NID_secp160r1, /* secp160r1 (16) */ - NID_secp160r2, /* secp160r2 (17) */ - NID_secp192k1, /* secp192k1 (18) */ - NID_X9_62_prime192v1, /* secp192r1 (19) */ - NID_secp224k1, /* secp224k1 (20) */ - NID_secp224r1, /* secp224r1 (21) */ - NID_secp256k1, /* secp256k1 (22) */ - NID_X9_62_prime256v1, /* secp256r1 (23) */ - NID_secp384r1, /* secp384r1 (24) */ - NID_secp521r1 /* secp521r1 (25) */ - }; - -static int pref_list[] = - { -#ifndef OPENSSL_NO_EC2M - NID_sect571r1, /* sect571r1 (14) */ - NID_sect571k1, /* sect571k1 (13) */ -#endif - NID_secp521r1, /* secp521r1 (25) */ -#ifndef OPENSSL_NO_EC2M - NID_sect409k1, /* sect409k1 (11) */ - NID_sect409r1, /* sect409r1 (12) */ -#endif - NID_secp384r1, /* secp384r1 (24) */ -#ifndef OPENSSL_NO_EC2M - NID_sect283k1, /* sect283k1 (9) */ - NID_sect283r1, /* sect283r1 (10) */ -#endif - NID_secp256k1, /* secp256k1 (22) */ - NID_X9_62_prime256v1, /* secp256r1 (23) */ -#ifndef OPENSSL_NO_EC2M - NID_sect239k1, /* sect239k1 (8) */ - NID_sect233k1, /* sect233k1 (6) */ - NID_sect233r1, /* sect233r1 (7) */ -#endif - NID_secp224k1, /* secp224k1 (20) */ - NID_secp224r1, /* secp224r1 (21) */ -#ifndef OPENSSL_NO_EC2M - NID_sect193r1, /* sect193r1 (4) */ - NID_sect193r2, /* sect193r2 (5) */ -#endif - NID_secp192k1, /* secp192k1 (18) */ - NID_X9_62_prime192v1, /* secp192r1 (19) */ -#ifndef OPENSSL_NO_EC2M - NID_sect163k1, /* sect163k1 (1) */ - NID_sect163r1, /* sect163r1 (2) */ - NID_sect163r2, /* sect163r2 (3) */ -#endif - NID_secp160k1, /* secp160k1 (15) */ - NID_secp160r1, /* secp160r1 (16) */ - NID_secp160r2, /* secp160r2 (17) */ - }; - -int tls1_ec_curve_id2nid(int curve_id) - { - /* ECC curves from RFC 4492 */ - if ((curve_id < 1) || ((unsigned int)curve_id > - sizeof(nid_list)/sizeof(nid_list[0]))) - return 0; - return nid_list[curve_id-1]; - } - -int tls1_ec_nid2curve_id(int nid) - { - /* ECC curves from RFC 4492 */ - switch (nid) - { - case NID_sect163k1: /* sect163k1 (1) */ - return 1; - case NID_sect163r1: /* sect163r1 (2) */ - return 2; - case NID_sect163r2: /* sect163r2 (3) */ - return 3; - case NID_sect193r1: /* sect193r1 (4) */ - return 4; - case NID_sect193r2: /* sect193r2 (5) */ - return 5; - case NID_sect233k1: /* sect233k1 (6) */ - return 6; - case NID_sect233r1: /* sect233r1 (7) */ - return 7; - case NID_sect239k1: /* sect239k1 (8) */ - return 8; - case NID_sect283k1: /* sect283k1 (9) */ - return 9; - case NID_sect283r1: /* sect283r1 (10) */ - return 10; - case NID_sect409k1: /* sect409k1 (11) */ - return 11; - case NID_sect409r1: /* sect409r1 (12) */ - return 12; - case NID_sect571k1: /* sect571k1 (13) */ - return 13; - case NID_sect571r1: /* sect571r1 (14) */ - return 14; - case NID_secp160k1: /* secp160k1 (15) */ - return 15; - case NID_secp160r1: /* secp160r1 (16) */ - return 16; - case NID_secp160r2: /* secp160r2 (17) */ - return 17; - case NID_secp192k1: /* secp192k1 (18) */ - return 18; - case NID_X9_62_prime192v1: /* secp192r1 (19) */ - return 19; - case NID_secp224k1: /* secp224k1 (20) */ - return 20; - case NID_secp224r1: /* secp224r1 (21) */ - return 21; - case NID_secp256k1: /* secp256k1 (22) */ - return 22; - case NID_X9_62_prime256v1: /* secp256r1 (23) */ - return 23; - case NID_secp384r1: /* secp384r1 (24) */ - return 24; - case NID_secp521r1: /* secp521r1 (25) */ - return 25; - default: - return 0; - } - } -#endif /* OPENSSL_NO_EC */ - -#ifndef OPENSSL_NO_TLSEXT - -/* List of supported signature algorithms and hashes. Should make this - * customisable at some point, for now include everything we support. - */ - -#ifdef OPENSSL_NO_RSA -#define tlsext_sigalg_rsa(md) /* */ -#else -#define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa, -#endif - -#ifdef OPENSSL_NO_DSA -#define tlsext_sigalg_dsa(md) /* */ -#else -#define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa, -#endif - -#ifdef OPENSSL_NO_ECDSA -#define tlsext_sigalg_ecdsa(md) /* */ -#else -#define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa, -#endif - -#define tlsext_sigalg(md) \ - tlsext_sigalg_rsa(md) \ - tlsext_sigalg_dsa(md) \ - tlsext_sigalg_ecdsa(md) - -static unsigned char tls12_sigalgs[] = { -#ifndef OPENSSL_NO_SHA512 - tlsext_sigalg(TLSEXT_hash_sha512) - tlsext_sigalg(TLSEXT_hash_sha384) -#endif -#ifndef OPENSSL_NO_SHA256 - tlsext_sigalg(TLSEXT_hash_sha256) - tlsext_sigalg(TLSEXT_hash_sha224) -#endif -#ifndef OPENSSL_NO_SHA - tlsext_sigalg(TLSEXT_hash_sha1) -#endif -}; - -int tls12_get_req_sig_algs(SSL *s, unsigned char *p) - { - size_t slen = sizeof(tls12_sigalgs); - if (p) - memcpy(p, tls12_sigalgs, slen); - return (int)slen; - } - -unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit) - { - int extdatalen=0; - unsigned char *orig = buf; - unsigned char *ret = buf; - - /* don't add extensions for SSLv3 unless doing secure renegotiation */ - if (s->client_version == SSL3_VERSION - && !s->s3->send_connection_binding) - return orig; - - ret+=2; - - if (ret>=limit) return NULL; /* this really never occurs, but ... */ - - if (s->tlsext_hostname != NULL) - { - /* Add TLS extension servername to the Client Hello message */ - unsigned long size_str; - long lenmax; - - /* check for enough space. - 4 for the servername type and entension length - 2 for servernamelist length - 1 for the hostname type - 2 for hostname length - + hostname length - */ - - if ((lenmax = limit - ret - 9) < 0 - || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax) - return NULL; - - /* extension type and length */ - s2n(TLSEXT_TYPE_server_name,ret); - s2n(size_str+5,ret); - - /* length of servername list */ - s2n(size_str+3,ret); - - /* hostname type, length and hostname */ - *(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name; - s2n(size_str,ret); - memcpy(ret, s->tlsext_hostname, size_str); - ret+=size_str; - } - - /* Add RI if renegotiating */ - if (s->renegotiate) - { - int el; - - if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) - { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - - if((limit - ret - 4 - el) < 0) return NULL; - - s2n(TLSEXT_TYPE_renegotiate,ret); - s2n(el,ret); - - if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) - { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - - ret += el; - } - -#ifndef OPENSSL_NO_SRP - /* Add SRP username if there is one */ - if (s->srp_ctx.login != NULL) - { /* Add TLS extension SRP username to the Client Hello message */ - - int login_len = strlen(s->srp_ctx.login); - if (login_len > 255 || login_len == 0) - { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - - /* check for enough space. - 4 for the srp type type and entension length - 1 for the srp user identity - + srp user identity length - */ - if ((limit - ret - 5 - login_len) < 0) return NULL; - - /* fill in the extension */ - s2n(TLSEXT_TYPE_srp,ret); - s2n(login_len+1,ret); - (*ret++) = (unsigned char) login_len; - memcpy(ret, s->srp_ctx.login, login_len); - ret+=login_len; - } -#endif - -#ifndef OPENSSL_NO_EC - if (s->tlsext_ecpointformatlist != NULL) - { - /* Add TLS extension ECPointFormats to the ClientHello message */ - long lenmax; - - if ((lenmax = limit - ret - 5) < 0) return NULL; - if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL; - if (s->tlsext_ecpointformatlist_length > 255) - { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - - s2n(TLSEXT_TYPE_ec_point_formats,ret); - s2n(s->tlsext_ecpointformatlist_length + 1,ret); - *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; - memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); - ret+=s->tlsext_ecpointformatlist_length; - } - if (s->tlsext_ellipticcurvelist != NULL) - { - /* Add TLS extension EllipticCurves to the ClientHello message */ - long lenmax; - - if ((lenmax = limit - ret - 6) < 0) return NULL; - if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL; - if (s->tlsext_ellipticcurvelist_length > 65532) - { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - - s2n(TLSEXT_TYPE_elliptic_curves,ret); - s2n(s->tlsext_ellipticcurvelist_length + 2, ret); - - s2n(s->tlsext_ellipticcurvelist_length, ret); - memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); - ret+=s->tlsext_ellipticcurvelist_length; - } -#endif /* OPENSSL_NO_EC */ - - if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) - { - int ticklen; - if (!s->new_session && s->session && s->session->tlsext_tick) - ticklen = s->session->tlsext_ticklen; - else if (s->session && s->tlsext_session_ticket && - s->tlsext_session_ticket->data) - { - ticklen = s->tlsext_session_ticket->length; - s->session->tlsext_tick = OPENSSL_malloc(ticklen); - if (!s->session->tlsext_tick) - return NULL; - memcpy(s->session->tlsext_tick, - s->tlsext_session_ticket->data, - ticklen); - s->session->tlsext_ticklen = ticklen; - } - else - ticklen = 0; - if (ticklen == 0 && s->tlsext_session_ticket && - s->tlsext_session_ticket->data == NULL) - goto skip_ext; - /* Check for enough room 2 for extension type, 2 for len - * rest for ticket - */ - if ((long)(limit - ret - 4 - ticklen) < 0) return NULL; - s2n(TLSEXT_TYPE_session_ticket,ret); - s2n(ticklen,ret); - if (ticklen) - { - memcpy(ret, s->session->tlsext_tick, ticklen); - ret += ticklen; - } - } - skip_ext: - - if (TLS1_get_client_version(s) >= TLS1_2_VERSION) - { - if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6) - return NULL; - s2n(TLSEXT_TYPE_signature_algorithms,ret); - s2n(sizeof(tls12_sigalgs) + 2, ret); - s2n(sizeof(tls12_sigalgs), ret); - memcpy(ret, tls12_sigalgs, sizeof(tls12_sigalgs)); - ret += sizeof(tls12_sigalgs); - } - -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->client_opaque_prf_input != NULL && - s->version != DTLS1_VERSION) - { - size_t col = s->s3->client_opaque_prf_input_len; - - if ((long)(limit - ret - 6 - col < 0)) - return NULL; - if (col > 0xFFFD) /* can't happen */ - return NULL; - - s2n(TLSEXT_TYPE_opaque_prf_input, ret); - s2n(col + 2, ret); - s2n(col, ret); - memcpy(ret, s->s3->client_opaque_prf_input, col); - ret += col; - } -#endif - - if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && - s->version != DTLS1_VERSION) - { - int i; - long extlen, idlen, itmp; - OCSP_RESPID *id; - - idlen = 0; - for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) - { - id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); - itmp = i2d_OCSP_RESPID(id, NULL); - if (itmp <= 0) - return NULL; - idlen += itmp + 2; - } - - if (s->tlsext_ocsp_exts) - { - extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL); - if (extlen < 0) - return NULL; - } - else - extlen = 0; - - if ((long)(limit - ret - 7 - extlen - idlen) < 0) return NULL; - s2n(TLSEXT_TYPE_status_request, ret); - if (extlen + idlen > 0xFFF0) - return NULL; - s2n(extlen + idlen + 5, ret); - *(ret++) = TLSEXT_STATUSTYPE_ocsp; - s2n(idlen, ret); - for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) - { - /* save position of id len */ - unsigned char *q = ret; - id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); - /* skip over id len */ - ret += 2; - itmp = i2d_OCSP_RESPID(id, &ret); - /* write id len */ - s2n(itmp, q); - } - s2n(extlen, ret); - if (extlen > 0) - i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); - } - -#ifndef OPENSSL_NO_HEARTBEATS - /* Add Heartbeat extension */ - if ((limit - ret - 4 - 1) < 0) - return NULL; - s2n(TLSEXT_TYPE_heartbeat,ret); - s2n(1,ret); - /* Set mode: - * 1: peer may send requests - * 2: peer not allowed to send requests - */ - if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS) - *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS; - else - *(ret++) = SSL_TLSEXT_HB_ENABLED; -#endif - -#ifndef OPENSSL_NO_NEXTPROTONEG - if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) - { - /* The client advertises an emtpy extension to indicate its - * support for Next Protocol Negotiation */ - if (limit - ret - 4 < 0) - return NULL; - s2n(TLSEXT_TYPE_next_proto_neg,ret); - s2n(0,ret); - } -#endif - - if (s->tlsext_channel_id_enabled) - { - /* The client advertises an emtpy extension to indicate its - * support for Channel ID. */ - if (limit - ret - 4 < 0) - return NULL; - if (s->ctx->tlsext_channel_id_enabled_new) - s2n(TLSEXT_TYPE_channel_id_new,ret); - else - s2n(TLSEXT_TYPE_channel_id,ret); - s2n(0,ret); - } - - if (s->alpn_client_proto_list && !s->s3->tmp.finish_md_len) - { - if ((size_t)(limit - ret) < 6 + s->alpn_client_proto_list_len) - return NULL; - s2n(TLSEXT_TYPE_application_layer_protocol_negotiation,ret); - s2n(2 + s->alpn_client_proto_list_len,ret); - s2n(s->alpn_client_proto_list_len,ret); - memcpy(ret, s->alpn_client_proto_list, - s->alpn_client_proto_list_len); - ret += s->alpn_client_proto_list_len; - } - -#ifndef OPENSSL_NO_SRTP - if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) - { - int el; - - ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0); - - if((limit - ret - 4 - el) < 0) return NULL; - - s2n(TLSEXT_TYPE_use_srtp,ret); - s2n(el,ret); - - if(ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) - { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - ret += el; - } -#endif - /* Add padding to workaround bugs in F5 terminators. - * See https://tools.ietf.org/html/draft-agl-tls-padding-03 - * - * NB: because this code works out the length of all existing - * extensions it MUST always appear last. - */ - if (s->options & SSL_OP_TLSEXT_PADDING) - { - int hlen = ret - (unsigned char *)s->init_buf->data; - /* The code in s23_clnt.c to build ClientHello messages - * includes the 5-byte record header in the buffer, while - * the code in s3_clnt.c does not. - */ - if (s->state == SSL23_ST_CW_CLNT_HELLO_A) - hlen -= 5; - if (hlen > 0xff && hlen < 0x200) - { - hlen = 0x200 - hlen; - if (hlen >= 4) - hlen -= 4; - else - hlen = 0; - - s2n(TLSEXT_TYPE_padding, ret); - s2n(hlen, ret); - memset(ret, 0, hlen); - ret += hlen; - } - } - - if ((extdatalen = ret-orig-2)== 0) - return orig; - - s2n(extdatalen, orig); - return ret; - } - -unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit) - { - int extdatalen=0; - unsigned char *orig = buf; - unsigned char *ret = buf; -#ifndef OPENSSL_NO_NEXTPROTONEG - int next_proto_neg_seen; -#endif - - /* don't add extensions for SSLv3, unless doing secure renegotiation */ - if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) - return orig; - - ret+=2; - if (ret>=limit) return NULL; /* this really never occurs, but ... */ - - if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL) - { - if ((long)(limit - ret - 4) < 0) return NULL; - - s2n(TLSEXT_TYPE_server_name,ret); - s2n(0,ret); - } - - if(s->s3->send_connection_binding) - { - int el; - - if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) - { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - - if((limit - ret - 4 - el) < 0) return NULL; - - s2n(TLSEXT_TYPE_renegotiate,ret); - s2n(el,ret); - - if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) - { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - - ret += el; - } - -#ifndef OPENSSL_NO_EC - if (s->tlsext_ecpointformatlist != NULL) - { - /* Add TLS extension ECPointFormats to the ServerHello message */ - long lenmax; - - if ((lenmax = limit - ret - 5) < 0) return NULL; - if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL; - if (s->tlsext_ecpointformatlist_length > 255) - { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - - s2n(TLSEXT_TYPE_ec_point_formats,ret); - s2n(s->tlsext_ecpointformatlist_length + 1,ret); - *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; - memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); - ret+=s->tlsext_ecpointformatlist_length; - - } - /* Currently the server should not respond with a SupportedCurves extension */ -#endif /* OPENSSL_NO_EC */ - - if (s->tlsext_ticket_expected - && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) - { - if ((long)(limit - ret - 4) < 0) return NULL; - s2n(TLSEXT_TYPE_session_ticket,ret); - s2n(0,ret); - } - - if (s->tlsext_status_expected) - { - if ((long)(limit - ret - 4) < 0) return NULL; - s2n(TLSEXT_TYPE_status_request,ret); - s2n(0,ret); - } - -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->server_opaque_prf_input != NULL && - s->version != DTLS1_VERSION) - { - size_t sol = s->s3->server_opaque_prf_input_len; - - if ((long)(limit - ret - 6 - sol) < 0) - return NULL; - if (sol > 0xFFFD) /* can't happen */ - return NULL; - - s2n(TLSEXT_TYPE_opaque_prf_input, ret); - s2n(sol + 2, ret); - s2n(sol, ret); - memcpy(ret, s->s3->server_opaque_prf_input, sol); - ret += sol; - } -#endif - -#ifndef OPENSSL_NO_SRTP - if(SSL_IS_DTLS(s) && s->srtp_profile) - { - int el; - - ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0); - - if((limit - ret - 4 - el) < 0) return NULL; - - s2n(TLSEXT_TYPE_use_srtp,ret); - s2n(el,ret); - - if(ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) - { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - ret+=el; - } -#endif - - if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81) - && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) - { const unsigned char cryptopro_ext[36] = { - 0xfd, 0xe8, /*65000*/ - 0x00, 0x20, /*32 bytes length*/ - 0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85, - 0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06, - 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08, - 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17}; - if (limit-ret<36) return NULL; - memcpy(ret,cryptopro_ext,36); - ret+=36; - - } - -#ifndef OPENSSL_NO_HEARTBEATS - /* Add Heartbeat extension if we've received one */ - if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) - { - if ((limit - ret - 4 - 1) < 0) - return NULL; - s2n(TLSEXT_TYPE_heartbeat,ret); - s2n(1,ret); - /* Set mode: - * 1: peer may send requests - * 2: peer not allowed to send requests - */ - if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS) - *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS; - else - *(ret++) = SSL_TLSEXT_HB_ENABLED; - - } -#endif - -#ifndef OPENSSL_NO_NEXTPROTONEG - next_proto_neg_seen = s->s3->next_proto_neg_seen; - s->s3->next_proto_neg_seen = 0; - if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) - { - const unsigned char *npa; - unsigned int npalen; - int r; - - r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, s->ctx->next_protos_advertised_cb_arg); - if (r == SSL_TLSEXT_ERR_OK) - { - if ((long)(limit - ret - 4 - npalen) < 0) return NULL; - s2n(TLSEXT_TYPE_next_proto_neg,ret); - s2n(npalen,ret); - memcpy(ret, npa, npalen); - ret += npalen; - s->s3->next_proto_neg_seen = 1; - } - } -#endif - - /* If the client advertised support for Channel ID, and we have it - * enabled, then we want to echo it back. */ - if (s->s3->tlsext_channel_id_valid) - { - if (limit - ret - 4 < 0) - return NULL; - if (s->s3->tlsext_channel_id_new) - s2n(TLSEXT_TYPE_channel_id_new,ret); - else - s2n(TLSEXT_TYPE_channel_id,ret); - s2n(0,ret); - } - - if (s->s3->alpn_selected) - { - const unsigned char *selected = s->s3->alpn_selected; - unsigned len = s->s3->alpn_selected_len; - - if ((long)(limit - ret - 4 - 2 - 1 - len) < 0) - return NULL; - s2n(TLSEXT_TYPE_application_layer_protocol_negotiation,ret); - s2n(3 + len,ret); - s2n(1 + len,ret); - *ret++ = len; - memcpy(ret, selected, len); - ret += len; - } - - if ((extdatalen = ret-orig-2)== 0) - return orig; - - s2n(extdatalen, orig); - return ret; - } - -#ifndef OPENSSL_NO_EC -/* ssl_check_for_safari attempts to fingerprint Safari using OS X - * SecureTransport using the TLS extension block in |d|, of length |n|. - * Safari, since 10.6, sends exactly these extensions, in this order: - * SNI, - * elliptic_curves - * ec_point_formats - * - * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8, - * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them. - * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from - * 10.8..10.8.3 (which don't work). - */ -static void ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d, int n) { - unsigned short type, size; - static const unsigned char kSafariExtensionsBlock[] = { - 0x00, 0x0a, /* elliptic_curves extension */ - 0x00, 0x08, /* 8 bytes */ - 0x00, 0x06, /* 6 bytes of curve ids */ - 0x00, 0x17, /* P-256 */ - 0x00, 0x18, /* P-384 */ - 0x00, 0x19, /* P-521 */ - - 0x00, 0x0b, /* ec_point_formats */ - 0x00, 0x02, /* 2 bytes */ - 0x01, /* 1 point format */ - 0x00, /* uncompressed */ - }; - - /* The following is only present in TLS 1.2 */ - static const unsigned char kSafariTLS12ExtensionsBlock[] = { - 0x00, 0x0d, /* signature_algorithms */ - 0x00, 0x0c, /* 12 bytes */ - 0x00, 0x0a, /* 10 bytes */ - 0x05, 0x01, /* SHA-384/RSA */ - 0x04, 0x01, /* SHA-256/RSA */ - 0x02, 0x01, /* SHA-1/RSA */ - 0x04, 0x03, /* SHA-256/ECDSA */ - 0x02, 0x03, /* SHA-1/ECDSA */ - }; - - if (data >= (d+n-2)) - return; - data += 2; - - if (data > (d+n-4)) - return; - n2s(data,type); - n2s(data,size); - - if (type != TLSEXT_TYPE_server_name) - return; - - if (data+size > d+n) - return; - data += size; - - if (TLS1_get_client_version(s) >= TLS1_2_VERSION) - { - const size_t len1 = sizeof(kSafariExtensionsBlock); - const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); - - if (data + len1 + len2 != d+n) - return; - if (memcmp(data, kSafariExtensionsBlock, len1) != 0) - return; - if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0) - return; - } - else - { - const size_t len = sizeof(kSafariExtensionsBlock); - - if (data + len != d+n) - return; - if (memcmp(data, kSafariExtensionsBlock, len) != 0) - return; - } - - s->s3->is_probably_safari = 1; -} -#endif /* !OPENSSL_NO_EC */ - -/* tls1_alpn_handle_client_hello is called to process the ALPN extension in a - * ClientHello. - * data: the contents of the extension, not including the type and length. - * data_len: the number of bytes in |data| - * al: a pointer to the alert value to send in the event of a non-zero - * return. - * - * returns: 0 on success. */ -static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data, - unsigned data_len, int *al) - { - unsigned i; - unsigned proto_len; - const unsigned char *selected; - unsigned char selected_len; - int r; - - if (s->ctx->alpn_select_cb == NULL) - return 0; - - if (data_len < 2) - goto parse_error; - - /* data should contain a uint16 length followed by a series of 8-bit, - * length-prefixed strings. */ - i = ((unsigned) data[0]) << 8 | - ((unsigned) data[1]); - data_len -= 2; - data += 2; - if (data_len != i) - goto parse_error; - - if (data_len < 2) - goto parse_error; - - for (i = 0; i < data_len;) - { - proto_len = data[i]; - i++; - - if (proto_len == 0) - goto parse_error; - - if (i + proto_len < i || i + proto_len > data_len) - goto parse_error; - - i += proto_len; - } - - r = s->ctx->alpn_select_cb(s, &selected, &selected_len, data, data_len, - s->ctx->alpn_select_cb_arg); - if (r == SSL_TLSEXT_ERR_OK) { - if (s->s3->alpn_selected) - OPENSSL_free(s->s3->alpn_selected); - s->s3->alpn_selected = OPENSSL_malloc(selected_len); - if (!s->s3->alpn_selected) - { - *al = SSL_AD_INTERNAL_ERROR; - return -1; - } - memcpy(s->s3->alpn_selected, selected, selected_len); - s->s3->alpn_selected_len = selected_len; - } - return 0; - -parse_error: - *al = SSL_AD_DECODE_ERROR; - return -1; - } - -int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) - { - unsigned short type; - unsigned short size; - unsigned short len; - unsigned char *data = *p; - int renegotiate_seen = 0; - int sigalg_seen = 0; - - s->servername_done = 0; - s->tlsext_status_type = -1; - - /* Reset TLS 1.2 digest functions to defaults because they don't carry - * over to a renegotiation. */ - s->s3->digest_rsa = NULL; - s->s3->digest_dsa = NULL; - s->s3->digest_ecdsa = NULL; - -#ifndef OPENSSL_NO_NEXTPROTONEG - s->s3->next_proto_neg_seen = 0; -#endif - - if (s->s3->alpn_selected) - { - OPENSSL_free(s->s3->alpn_selected); - s->s3->alpn_selected = NULL; - } - -#ifndef OPENSSL_NO_HEARTBEATS - s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED | - SSL_TLSEXT_HB_DONT_SEND_REQUESTS); -#endif - -#ifndef OPENSSL_NO_EC - if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) - ssl_check_for_safari(s, data, d, n); -#endif /* !OPENSSL_NO_EC */ - -#ifndef OPENSSL_NO_SRP - if (s->srp_ctx.login != NULL) - { - OPENSSL_free(s->srp_ctx.login); - s->srp_ctx.login = NULL; - } -#endif - - s->srtp_profile = NULL; - - if (data >= (d+n-2)) - goto ri_check; - n2s(data,len); - - if (data > (d+n-len)) - goto ri_check; - - while (data <= (d+n-4)) - { - n2s(data,type); - n2s(data,size); - - if (data+size > (d+n)) - goto ri_check; -#if 0 - fprintf(stderr,"Received extension type %d size %d\n",type,size); -#endif - if (s->tlsext_debug_cb) - s->tlsext_debug_cb(s, 0, type, data, size, - s->tlsext_debug_arg); -/* The servername extension is treated as follows: - - - Only the hostname type is supported with a maximum length of 255. - - The servername is rejected if too long or if it contains zeros, - in which case an fatal alert is generated. - - The servername field is maintained together with the session cache. - - When a session is resumed, the servername call back invoked in order - to allow the application to position itself to the right context. - - The servername is acknowledged if it is new for a session or when - it is identical to a previously used for the same session. - Applications can control the behaviour. They can at any time - set a 'desirable' servername for a new SSL object. This can be the - case for example with HTTPS when a Host: header field is received and - a renegotiation is requested. In this case, a possible servername - presented in the new client hello is only acknowledged if it matches - the value of the Host: field. - - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION - if they provide for changing an explicit servername context for the session, - i.e. when the session has been established with a servername extension. - - On session reconnect, the servername extension may be absent. - -*/ - - if (type == TLSEXT_TYPE_server_name) - { - unsigned char *sdata; - int servname_type; - int dsize; - - if (size < 2) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - n2s(data,dsize); - size -= 2; - if (dsize > size ) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - - sdata = data; - while (dsize > 3) - { - servname_type = *(sdata++); - n2s(sdata,len); - dsize -= 3; - - if (len > dsize) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - if (s->servername_done == 0) - switch (servname_type) - { - case TLSEXT_NAMETYPE_host_name: - if (!s->hit) - { - if(s->session->tlsext_hostname) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - if (len > TLSEXT_MAXLEN_host_name) - { - *al = TLS1_AD_UNRECOGNIZED_NAME; - return 0; - } - if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL) - { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - memcpy(s->session->tlsext_hostname, sdata, len); - s->session->tlsext_hostname[len]='\0'; - if (strlen(s->session->tlsext_hostname) != len) { - OPENSSL_free(s->session->tlsext_hostname); - s->session->tlsext_hostname = NULL; - *al = TLS1_AD_UNRECOGNIZED_NAME; - return 0; - } - s->servername_done = 1; - - } - else - s->servername_done = s->session->tlsext_hostname - && strlen(s->session->tlsext_hostname) == len - && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; - - break; - - default: - break; - } - - dsize -= len; - } - if (dsize != 0) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - - } -#ifndef OPENSSL_NO_SRP - else if (type == TLSEXT_TYPE_srp) - { - if (size <= 0 || ((len = data[0])) != (size -1)) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - if (s->srp_ctx.login != NULL) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - if ((s->srp_ctx.login = OPENSSL_malloc(len+1)) == NULL) - return -1; - memcpy(s->srp_ctx.login, &data[1], len); - s->srp_ctx.login[len]='\0'; - - if (strlen(s->srp_ctx.login) != len) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - } -#endif - -#ifndef OPENSSL_NO_EC - else if (type == TLSEXT_TYPE_ec_point_formats) - { - unsigned char *sdata = data; - int ecpointformatlist_length = *(sdata++); - - if (ecpointformatlist_length != size - 1) - { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } - if (!s->hit) - { - if(s->session->tlsext_ecpointformatlist) - { - OPENSSL_free(s->session->tlsext_ecpointformatlist); - s->session->tlsext_ecpointformatlist = NULL; - } - s->session->tlsext_ecpointformatlist_length = 0; - if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) - { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; - memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); - } -#if 0 - fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length); - sdata = s->session->tlsext_ecpointformatlist; - for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) - fprintf(stderr,"%i ",*(sdata++)); - fprintf(stderr,"\n"); -#endif - } - else if (type == TLSEXT_TYPE_elliptic_curves) - { - unsigned char *sdata = data; - int ellipticcurvelist_length = (*(sdata++) << 8); - ellipticcurvelist_length += (*(sdata++)); - - if (ellipticcurvelist_length != size - 2 || - ellipticcurvelist_length < 1 || - /* Each NamedCurve is 2 bytes. */ - ellipticcurvelist_length & 1) - { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } - if (!s->hit) - { - if(s->session->tlsext_ellipticcurvelist) - { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } - s->session->tlsext_ellipticcurvelist_length = 0; - if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) - { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length; - memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); - } -#if 0 - fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length); - sdata = s->session->tlsext_ellipticcurvelist; - for (i = 0; i < s->session->tlsext_ellipticcurvelist_length; i++) - fprintf(stderr,"%i ",*(sdata++)); - fprintf(stderr,"\n"); -#endif - } -#endif /* OPENSSL_NO_EC */ -#ifdef TLSEXT_TYPE_opaque_prf_input - else if (type == TLSEXT_TYPE_opaque_prf_input && - s->version != DTLS1_VERSION) - { - unsigned char *sdata = data; - - if (size < 2) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - n2s(sdata, s->s3->client_opaque_prf_input_len); - if (s->s3->client_opaque_prf_input_len != size - 2) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - - if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ - OPENSSL_free(s->s3->client_opaque_prf_input); - if (s->s3->client_opaque_prf_input_len == 0) - s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ - else - s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len); - if (s->s3->client_opaque_prf_input == NULL) - { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - } -#endif - else if (type == TLSEXT_TYPE_session_ticket) - { - if (s->tls_session_ticket_ext_cb && - !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) - { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - } - else if (type == TLSEXT_TYPE_renegotiate) - { - if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al)) - return 0; - renegotiate_seen = 1; - } - else if (type == TLSEXT_TYPE_signature_algorithms) - { - int dsize; - if (sigalg_seen || size < 2) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - sigalg_seen = 1; - n2s(data,dsize); - size -= 2; - if (dsize != size || dsize & 1) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - tls1_process_sigalgs(s, data, dsize); - } - else if (type == TLSEXT_TYPE_status_request && - s->version != DTLS1_VERSION) - { - - if (size < 5) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - - s->tlsext_status_type = *data++; - size--; - if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) - { - const unsigned char *sdata; - int dsize; - /* Read in responder_id_list */ - n2s(data,dsize); - size -= 2; - if (dsize > size ) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - while (dsize > 0) - { - OCSP_RESPID *id; - int idsize; - if (dsize < 4) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - n2s(data, idsize); - dsize -= 2 + idsize; - size -= 2 + idsize; - if (dsize < 0) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - sdata = data; - data += idsize; - id = d2i_OCSP_RESPID(NULL, - &sdata, idsize); - if (!id) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - if (data != sdata) - { - OCSP_RESPID_free(id); - *al = SSL_AD_DECODE_ERROR; - return 0; - } - if (!s->tlsext_ocsp_ids - && !(s->tlsext_ocsp_ids = - sk_OCSP_RESPID_new_null())) - { - OCSP_RESPID_free(id); - *al = SSL_AD_INTERNAL_ERROR; - return 0; - } - if (!sk_OCSP_RESPID_push( - s->tlsext_ocsp_ids, id)) - { - OCSP_RESPID_free(id); - *al = SSL_AD_INTERNAL_ERROR; - return 0; - } - } - - /* Read in request_extensions */ - if (size < 2) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - n2s(data,dsize); - size -= 2; - if (dsize != size) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - sdata = data; - if (dsize > 0) - { - if (s->tlsext_ocsp_exts) - { - sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, - X509_EXTENSION_free); - } - - s->tlsext_ocsp_exts = - d2i_X509_EXTENSIONS(NULL, - &sdata, dsize); - if (!s->tlsext_ocsp_exts - || (data + dsize != sdata)) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - } - } - /* We don't know what to do with any other type - * so ignore it. - */ - else - s->tlsext_status_type = -1; - } -#ifndef OPENSSL_NO_HEARTBEATS - else if (type == TLSEXT_TYPE_heartbeat) - { - switch(data[0]) - { - case 0x01: /* Client allows us to send HB requests */ - s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED; - break; - case 0x02: /* Client doesn't accept HB requests */ - s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED; - s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS; - break; - default: *al = SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - } -#endif -#ifndef OPENSSL_NO_NEXTPROTONEG - else if (type == TLSEXT_TYPE_next_proto_neg && - s->s3->tmp.finish_md_len == 0 && - s->s3->alpn_selected == NULL) - { - /* We shouldn't accept this extension on a - * renegotiation. - * - * s->new_session will be set on renegotiation, but we - * probably shouldn't rely that it couldn't be set on - * the initial renegotation too in certain cases (when - * there's some other reason to disallow resuming an - * earlier session -- the current code won't be doing - * anything like that, but this might change). - - * A valid sign that there's been a previous handshake - * in this connection is if s->s3->tmp.finish_md_len > - * 0. (We are talking about a check that will happen - * in the Hello protocol round, well before a new - * Finished message could have been computed.) */ - s->s3->next_proto_neg_seen = 1; - } -#endif - - else if (type == TLSEXT_TYPE_channel_id && s->tlsext_channel_id_enabled) - s->s3->tlsext_channel_id_valid = 1; - - else if (type == TLSEXT_TYPE_channel_id_new && - s->tlsext_channel_id_enabled) - { - s->s3->tlsext_channel_id_valid = 1; - s->s3->tlsext_channel_id_new = 1; - } - - else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation && - s->ctx->alpn_select_cb && - s->s3->tmp.finish_md_len == 0) - { - if (tls1_alpn_handle_client_hello(s, data, size, al) != 0) - return 0; - /* ALPN takes precedence over NPN. */ - s->s3->next_proto_neg_seen = 0; - } - - /* session ticket processed earlier */ -#ifndef OPENSSL_NO_SRTP - else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s) - && type == TLSEXT_TYPE_use_srtp) - { - if(ssl_parse_clienthello_use_srtp_ext(s, data, size, - al)) - return 0; - } -#endif - - data+=size; - } - - *p = data; - - ri_check: - - /* Need RI if renegotiating */ - - if (!renegotiate_seen && s->renegotiate && - !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - { - *al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, - SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - return 0; - } - - return 1; - } - -#ifndef OPENSSL_NO_NEXTPROTONEG -/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No - * elements of zero length are allowed and the set of elements must exactly fill - * the length of the block. */ -static char ssl_next_proto_validate(unsigned char *d, unsigned len) - { - unsigned int off = 0; - - while (off < len) - { - if (d[off] == 0) - return 0; - off += d[off]; - off++; - } - - return off == len; - } -#endif - -int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) - { - unsigned short length; - unsigned short type; - unsigned short size; - unsigned char *data = *p; - int tlsext_servername = 0; - int renegotiate_seen = 0; - -#ifndef OPENSSL_NO_NEXTPROTONEG - s->s3->next_proto_neg_seen = 0; -#endif - s->tlsext_ticket_expected = 0; - - if (s->s3->alpn_selected) - { - OPENSSL_free(s->s3->alpn_selected); - s->s3->alpn_selected = NULL; - } - -#ifndef OPENSSL_NO_HEARTBEATS - s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED | - SSL_TLSEXT_HB_DONT_SEND_REQUESTS); -#endif - - if (data >= (d+n-2)) - goto ri_check; - - n2s(data,length); - if (data+length != d+n) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - - while(data <= (d+n-4)) - { - n2s(data,type); - n2s(data,size); - - if (data+size > (d+n)) - goto ri_check; - - if (s->tlsext_debug_cb) - s->tlsext_debug_cb(s, 1, type, data, size, - s->tlsext_debug_arg); - - if (type == TLSEXT_TYPE_server_name) - { - if (s->tlsext_hostname == NULL || size > 0) - { - *al = TLS1_AD_UNRECOGNIZED_NAME; - return 0; - } - tlsext_servername = 1; - } - -#ifndef OPENSSL_NO_EC - else if (type == TLSEXT_TYPE_ec_point_formats) - { - unsigned char *sdata = data; - int ecpointformatlist_length = *(sdata++); - - if (ecpointformatlist_length != size - 1 || - ecpointformatlist_length < 1) - { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } - if (!s->hit) - { - s->session->tlsext_ecpointformatlist_length = 0; - if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); - if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) - { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; - memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); - } -#if 0 - fprintf(stderr,"ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist "); - sdata = s->session->tlsext_ecpointformatlist; - for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) - fprintf(stderr,"%i ",*(sdata++)); - fprintf(stderr,"\n"); -#endif - } -#endif /* OPENSSL_NO_EC */ - - else if (type == TLSEXT_TYPE_session_ticket) - { - if (s->tls_session_ticket_ext_cb && - !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) - { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - if ((SSL_get_options(s) & SSL_OP_NO_TICKET) - || (size > 0)) - { - *al = TLS1_AD_UNSUPPORTED_EXTENSION; - return 0; - } - s->tlsext_ticket_expected = 1; - } -#ifdef TLSEXT_TYPE_opaque_prf_input - else if (type == TLSEXT_TYPE_opaque_prf_input && - s->version != DTLS1_VERSION) - { - unsigned char *sdata = data; - - if (size < 2) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - n2s(sdata, s->s3->server_opaque_prf_input_len); - if (s->s3->server_opaque_prf_input_len != size - 2) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - - if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ - OPENSSL_free(s->s3->server_opaque_prf_input); - if (s->s3->server_opaque_prf_input_len == 0) - s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ - else - s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len); - - if (s->s3->server_opaque_prf_input == NULL) - { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - } -#endif - else if (type == TLSEXT_TYPE_status_request && - s->version != DTLS1_VERSION) - { - /* MUST be empty and only sent if we've requested - * a status request message. - */ - if ((s->tlsext_status_type == -1) || (size > 0)) - { - *al = TLS1_AD_UNSUPPORTED_EXTENSION; - return 0; - } - /* Set flag to expect CertificateStatus message */ - s->tlsext_status_expected = 1; - } -#ifndef OPENSSL_NO_NEXTPROTONEG - else if (type == TLSEXT_TYPE_next_proto_neg && - s->s3->tmp.finish_md_len == 0) - { - unsigned char *selected; - unsigned char selected_len; - - /* We must have requested it. */ - if (s->ctx->next_proto_select_cb == NULL) - { - *al = TLS1_AD_UNSUPPORTED_EXTENSION; - return 0; - } - /* The data must be valid */ - if (!ssl_next_proto_validate(data, size)) - { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } - if (s->ctx->next_proto_select_cb(s, &selected, &selected_len, data, size, s->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK) - { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - s->next_proto_negotiated = OPENSSL_malloc(selected_len); - if (!s->next_proto_negotiated) - { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - memcpy(s->next_proto_negotiated, selected, selected_len); - s->next_proto_negotiated_len = selected_len; - s->s3->next_proto_neg_seen = 1; - } -#endif - else if (type == TLSEXT_TYPE_channel_id) - s->s3->tlsext_channel_id_valid = 1; - - else if (type == TLSEXT_TYPE_channel_id_new) - { - s->s3->tlsext_channel_id_valid = 1; - s->s3->tlsext_channel_id_new = 1; - } - - else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation) - { - unsigned len; - - /* We must have requested it. */ - if (s->alpn_client_proto_list == NULL) - { - *al = TLS1_AD_UNSUPPORTED_EXTENSION; - return 0; - } - if (size < 4) - { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } - /* The extension data consists of: - * uint16 list_length - * uint8 proto_length; - * uint8 proto[proto_length]; */ - len = data[0]; - len <<= 8; - len |= data[1]; - if (len != (unsigned) size - 2) - { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } - len = data[2]; - if (len != (unsigned) size - 3) - { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } - if (s->s3->alpn_selected) - OPENSSL_free(s->s3->alpn_selected); - s->s3->alpn_selected = OPENSSL_malloc(len); - if (!s->s3->alpn_selected) - { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - memcpy(s->s3->alpn_selected, data + 3, len); - s->s3->alpn_selected_len = len; - } - - else if (type == TLSEXT_TYPE_renegotiate) - { - if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al)) - return 0; - renegotiate_seen = 1; - } -#ifndef OPENSSL_NO_HEARTBEATS - else if (type == TLSEXT_TYPE_heartbeat) - { - switch(data[0]) - { - case 0x01: /* Server allows us to send HB requests */ - s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED; - break; - case 0x02: /* Server doesn't accept HB requests */ - s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED; - s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS; - break; - default: *al = SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - } -#endif -#ifndef OPENSSL_NO_SRTP - else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) - { - if(ssl_parse_serverhello_use_srtp_ext(s, data, size, - al)) - return 0; - } -#endif - - data+=size; - } - - if (data != d+n) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - - if (!s->hit && tlsext_servername == 1) - { - if (s->tlsext_hostname) - { - if (s->session->tlsext_hostname == NULL) - { - s->session->tlsext_hostname = BUF_strdup(s->tlsext_hostname); - if (!s->session->tlsext_hostname) - { - *al = SSL_AD_UNRECOGNIZED_NAME; - return 0; - } - } - else - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - } - } - - *p = data; - - ri_check: - - /* Determine if we need to see RI. Strictly speaking if we want to - * avoid an attack we should *always* see RI even on initial server - * hello because the client doesn't see any renegotiation during an - * attack. However this would mean we could not connect to any server - * which doesn't support RI so for the immediate future tolerate RI - * absence on initial connect only. - */ - if (!renegotiate_seen - && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT) - && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - { - *al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, - SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - return 0; - } - - return 1; - } - - -int ssl_prepare_clienthello_tlsext(SSL *s) - { -#ifndef OPENSSL_NO_EC - /* If we are client and using an elliptic curve cryptography cipher suite, send the point formats - * and elliptic curves we support. - */ - int using_ecc = 0; - int i; - unsigned char *j; - unsigned long alg_k, alg_a; - STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s); - - for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) - { - SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i); - - alg_k = c->algorithm_mkey; - alg_a = c->algorithm_auth; - if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) || (alg_a & SSL_aECDSA))) - { - using_ecc = 1; - break; - } - } - using_ecc = using_ecc && (s->version >= TLS1_VERSION); - if (using_ecc) - { - if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist); - if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL) - { - SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); - return -1; - } - s->tlsext_ecpointformatlist_length = 3; - s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; - s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; - s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; - - /* we support all named elliptic curves in RFC 4492 */ - if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist); - s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2; - if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) - { - s->tlsext_ellipticcurvelist_length = 0; - SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); - return -1; - } - for (i = 0, j = s->tlsext_ellipticcurvelist; (unsigned int)i < - sizeof(pref_list)/sizeof(pref_list[0]); i++) - { - int id = tls1_ec_nid2curve_id(pref_list[i]); - s2n(id,j); - } - } -#endif /* OPENSSL_NO_EC */ - -#ifdef TLSEXT_TYPE_opaque_prf_input - { - int r = 1; - - if (s->ctx->tlsext_opaque_prf_input_callback != 0) - { - r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg); - if (!r) - return -1; - } - - if (s->tlsext_opaque_prf_input != NULL) - { - if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ - OPENSSL_free(s->s3->client_opaque_prf_input); - - if (s->tlsext_opaque_prf_input_len == 0) - s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ - else - s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len); - if (s->s3->client_opaque_prf_input == NULL) - { - SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); - return -1; - } - s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len; - } - - if (r == 2) - /* at callback's request, insist on receiving an appropriate server opaque PRF input */ - s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len; - } -#endif - - return 1; - } - -int ssl_prepare_serverhello_tlsext(SSL *s) - { -#ifndef OPENSSL_NO_EC - /* If we are server and using an ECC cipher suite, send the point formats we support - * if the client sent us an ECPointsFormat extension. Note that the server is not - * supposed to send an EllipticCurves extension. - */ - - unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; - int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA); - using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); - - if (using_ecc) - { - if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist); - if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL) - { - SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); - return -1; - } - s->tlsext_ecpointformatlist_length = 3; - s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; - s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; - s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; - } -#endif /* OPENSSL_NO_EC */ - - return 1; - } - -int ssl_check_clienthello_tlsext_early(SSL *s) - { - int ret=SSL_TLSEXT_ERR_NOACK; - int al = SSL_AD_UNRECOGNIZED_NAME; - -#ifndef OPENSSL_NO_EC - /* The handling of the ECPointFormats extension is done elsewhere, namely in - * ssl3_choose_cipher in s3_lib.c. - */ - /* The handling of the EllipticCurves extension is done elsewhere, namely in - * ssl3_choose_cipher in s3_lib.c. - */ -#endif - - if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) - ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); - else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) - ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); - -#ifdef TLSEXT_TYPE_opaque_prf_input - { - /* This sort of belongs into ssl_prepare_serverhello_tlsext(), - * but we might be sending an alert in response to the client hello, - * so this has to happen here in - * ssl_check_clienthello_tlsext_early(). */ - - int r = 1; - - if (s->ctx->tlsext_opaque_prf_input_callback != 0) - { - r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg); - if (!r) - { - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_INTERNAL_ERROR; - goto err; - } - } - - if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ - OPENSSL_free(s->s3->server_opaque_prf_input); - s->s3->server_opaque_prf_input = NULL; - - if (s->tlsext_opaque_prf_input != NULL) - { - if (s->s3->client_opaque_prf_input != NULL && - s->s3->client_opaque_prf_input_len == s->tlsext_opaque_prf_input_len) - { - /* can only use this extension if we have a server opaque PRF input - * of the same length as the client opaque PRF input! */ - - if (s->tlsext_opaque_prf_input_len == 0) - s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ - else - s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len); - if (s->s3->server_opaque_prf_input == NULL) - { - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_INTERNAL_ERROR; - goto err; - } - s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len; - } - } - - if (r == 2 && s->s3->server_opaque_prf_input == NULL) - { - /* The callback wants to enforce use of the extension, - * but we can't do that with the client opaque PRF input; - * abort the handshake. - */ - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_HANDSHAKE_FAILURE; - } - } - - err: -#endif - switch (ret) - { - case SSL_TLSEXT_ERR_ALERT_FATAL: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - return -1; - - case SSL_TLSEXT_ERR_ALERT_WARNING: - ssl3_send_alert(s,SSL3_AL_WARNING,al); - return 1; - - case SSL_TLSEXT_ERR_NOACK: - s->servername_done=0; - default: - return 1; - } - } - -int ssl_check_clienthello_tlsext_late(SSL *s) - { - int ret = SSL_TLSEXT_ERR_OK; - int al; - - /* If status request then ask callback what to do. - * Note: this must be called after servername callbacks in case - * the certificate has changed, and must be called after the cipher - * has been chosen because this may influence which certificate is sent - */ - if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) - { - int r; - CERT_PKEY *certpkey; - certpkey = ssl_get_server_send_pkey(s); - /* If no certificate can't return certificate status */ - if (certpkey == NULL) - { - s->tlsext_status_expected = 0; - return 1; - } - /* Set current certificate to one we will use so - * SSL_get_certificate et al can pick it up. - */ - s->cert->key = certpkey; - r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); - switch (r) - { - /* We don't want to send a status request response */ - case SSL_TLSEXT_ERR_NOACK: - s->tlsext_status_expected = 0; - break; - /* status request response should be sent */ - case SSL_TLSEXT_ERR_OK: - if (s->tlsext_ocsp_resp) - s->tlsext_status_expected = 1; - else - s->tlsext_status_expected = 0; - break; - /* something bad happened */ - case SSL_TLSEXT_ERR_ALERT_FATAL: - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_INTERNAL_ERROR; - goto err; - } - } - else - s->tlsext_status_expected = 0; - - err: - switch (ret) - { - case SSL_TLSEXT_ERR_ALERT_FATAL: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - return -1; - - case SSL_TLSEXT_ERR_ALERT_WARNING: - ssl3_send_alert(s,SSL3_AL_WARNING,al); - return 1; - - default: - return 1; - } - } - -int ssl_check_serverhello_tlsext(SSL *s) - { - int ret=SSL_TLSEXT_ERR_NOACK; - int al = SSL_AD_UNRECOGNIZED_NAME; - -#ifndef OPENSSL_NO_EC - /* If we are client and using an elliptic curve cryptography cipher - * suite, then if server returns an EC point formats lists extension - * it must contain uncompressed. - */ - unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; - if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && - (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) && - ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) - { - /* we are using an ECC cipher */ - size_t i; - unsigned char *list; - int found_uncompressed = 0; - list = s->session->tlsext_ecpointformatlist; - for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) - { - if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed) - { - found_uncompressed = 1; - break; - } - } - if (!found_uncompressed) - { - SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); - return -1; - } - } - ret = SSL_TLSEXT_ERR_OK; -#endif /* OPENSSL_NO_EC */ - - if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) - ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); - else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) - ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); - -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->server_opaque_prf_input_len > 0) - { - /* This case may indicate that we, as a client, want to insist on using opaque PRF inputs. - * So first verify that we really have a value from the server too. */ - - if (s->s3->server_opaque_prf_input == NULL) - { - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_HANDSHAKE_FAILURE; - } - - /* Anytime the server *has* sent an opaque PRF input, we need to check - * that we have a client opaque PRF input of the same size. */ - if (s->s3->client_opaque_prf_input == NULL || - s->s3->client_opaque_prf_input_len != s->s3->server_opaque_prf_input_len) - { - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_ILLEGAL_PARAMETER; - } - } -#endif - - /* If we've requested certificate status and we wont get one - * tell the callback - */ - if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) - && s->ctx && s->ctx->tlsext_status_cb) - { - int r; - /* Set resp to NULL, resplen to -1 so callback knows - * there is no response. - */ - if (s->tlsext_ocsp_resp) - { - OPENSSL_free(s->tlsext_ocsp_resp); - s->tlsext_ocsp_resp = NULL; - } - s->tlsext_ocsp_resplen = -1; - r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); - if (r == 0) - { - al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - } - if (r < 0) - { - al = SSL_AD_INTERNAL_ERROR; - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - } - } - - switch (ret) - { - case SSL_TLSEXT_ERR_ALERT_FATAL: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - return -1; - - case SSL_TLSEXT_ERR_ALERT_WARNING: - ssl3_send_alert(s,SSL3_AL_WARNING,al); - return 1; - - case SSL_TLSEXT_ERR_NOACK: - s->servername_done=0; - default: - return 1; - } - } - -/* Since the server cache lookup is done early on in the processing of the - * ClientHello, and other operations depend on the result, we need to handle - * any TLS session ticket extension at the same time. - * - * session_id: points at the session ID in the ClientHello. This code will - * read past the end of this in order to parse out the session ticket - * extension, if any. - * len: the length of the session ID. - * limit: a pointer to the first byte after the ClientHello. - * ret: (output) on return, if a ticket was decrypted, then this is set to - * point to the resulting session. - * - * If s->tls_session_secret_cb is set then we are expecting a pre-shared key - * ciphersuite, in which case we have no use for session tickets and one will - * never be decrypted, nor will s->tlsext_ticket_expected be set to 1. - * - * Returns: - * -1: fatal error, either from parsing or decrypting the ticket. - * 0: no ticket was found (or was ignored, based on settings). - * 1: a zero length extension was found, indicating that the client supports - * session tickets but doesn't currently have one to offer. - * 2: either s->tls_session_secret_cb was set, or a ticket was offered but - * couldn't be decrypted because of a non-fatal error. - * 3: a ticket was successfully decrypted and *ret was set. - * - * Side effects: - * Sets s->tlsext_ticket_expected to 1 if the server will have to issue - * a new session ticket to the client because the client indicated support - * (and s->tls_session_secret_cb is NULL) but the client either doesn't have - * a session ticket or we couldn't use the one it gave us, or if - * s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket. - * Otherwise, s->tlsext_ticket_expected is set to 0. - */ -int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, - const unsigned char *limit, SSL_SESSION **ret) - { - /* Point after session ID in client hello */ - const unsigned char *p = session_id + len; - unsigned short i; - - *ret = NULL; - s->tlsext_ticket_expected = 0; - - /* If tickets disabled behave as if no ticket present - * to permit stateful resumption. - */ - if (SSL_get_options(s) & SSL_OP_NO_TICKET) - return 0; - if ((s->version <= SSL3_VERSION) || !limit) - return 0; - if (p >= limit) - return -1; - /* Skip past DTLS cookie */ - if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) - { - i = *(p++); - p+= i; - if (p >= limit) - return -1; - } - /* Skip past cipher list */ - n2s(p, i); - p+= i; - if (p >= limit) - return -1; - /* Skip past compression algorithm list */ - i = *(p++); - p += i; - if (p > limit) - return -1; - /* Now at start of extensions */ - if ((p + 2) >= limit) - return 0; - n2s(p, i); - while ((p + 4) <= limit) - { - unsigned short type, size; - n2s(p, type); - n2s(p, size); - if (p + size > limit) - return 0; - if (type == TLSEXT_TYPE_session_ticket) - { - int r; - if (size == 0) - { - /* The client will accept a ticket but doesn't - * currently have one. */ - s->tlsext_ticket_expected = 1; - return 1; - } - if (s->tls_session_secret_cb) - { - /* Indicate that the ticket couldn't be - * decrypted rather than generating the session - * from ticket now, trigger abbreviated - * handshake based on external mechanism to - * calculate the master secret later. */ - return 2; - } - r = tls_decrypt_ticket(s, p, size, session_id, len, ret); - switch (r) - { - case 2: /* ticket couldn't be decrypted */ - s->tlsext_ticket_expected = 1; - return 2; - case 3: /* ticket was decrypted */ - return r; - case 4: /* ticket decrypted but need to renew */ - s->tlsext_ticket_expected = 1; - return 3; - default: /* fatal error */ - return -1; - } - } - p += size; - } - return 0; - } - -/* tls_decrypt_ticket attempts to decrypt a session ticket. - * - * etick: points to the body of the session ticket extension. - * eticklen: the length of the session tickets extenion. - * sess_id: points at the session ID. - * sesslen: the length of the session ID. - * psess: (output) on return, if a ticket was decrypted, then this is set to - * point to the resulting session. - * - * Returns: - * -1: fatal error, either from parsing or decrypting the ticket. - * 2: the ticket couldn't be decrypted. - * 3: a ticket was successfully decrypted and *psess was set. - * 4: same as 3, but the ticket needs to be renewed. - */ -static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, - const unsigned char *sess_id, int sesslen, - SSL_SESSION **psess) - { - SSL_SESSION *sess; - unsigned char *sdec; - const unsigned char *p; - int slen, mlen, renew_ticket = 0; - unsigned char tick_hmac[EVP_MAX_MD_SIZE]; - HMAC_CTX hctx; - EVP_CIPHER_CTX ctx; - SSL_CTX *tctx = s->initial_ctx; - /* Need at least keyname + iv + some encrypted data */ - if (eticklen < 48) - return 2; - /* Initialize session ticket encryption and HMAC contexts */ - HMAC_CTX_init(&hctx); - EVP_CIPHER_CTX_init(&ctx); - if (tctx->tlsext_ticket_key_cb) - { - unsigned char *nctick = (unsigned char *)etick; - int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, - &ctx, &hctx, 0); - if (rv < 0) - return -1; - if (rv == 0) - return 2; - if (rv == 2) - renew_ticket = 1; - } - else - { - /* Check key name matches */ - if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) - return 2; - HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, - tlsext_tick_md(), NULL); - EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, - tctx->tlsext_tick_aes_key, etick + 16); - } - /* Attempt to process session ticket, first conduct sanity and - * integrity checks on ticket. - */ - mlen = HMAC_size(&hctx); - if (mlen < 0) - { - EVP_CIPHER_CTX_cleanup(&ctx); - return -1; - } - eticklen -= mlen; - /* Check HMAC of encrypted ticket */ - HMAC_Update(&hctx, etick, eticklen); - HMAC_Final(&hctx, tick_hmac, NULL); - HMAC_CTX_cleanup(&hctx); - if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) - { - EVP_CIPHER_CTX_cleanup(&ctx); - return 2; - } - /* Attempt to decrypt session data */ - /* Move p after IV to start of encrypted ticket, update length */ - p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); - eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx); - sdec = OPENSSL_malloc(eticklen); - if (!sdec) - { - EVP_CIPHER_CTX_cleanup(&ctx); - return -1; - } - EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen); - if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) - { - EVP_CIPHER_CTX_cleanup(&ctx); - OPENSSL_free(sdec); - return 2; - } - slen += mlen; - EVP_CIPHER_CTX_cleanup(&ctx); - p = sdec; - - sess = d2i_SSL_SESSION(NULL, &p, slen); - OPENSSL_free(sdec); - if (sess) - { - /* The session ID, if non-empty, is used by some clients to - * detect that the ticket has been accepted. So we copy it to - * the session structure. If it is empty set length to zero - * as required by standard. - */ - if (sesslen) - memcpy(sess->session_id, sess_id, sesslen); - sess->session_id_length = sesslen; - *psess = sess; - if (renew_ticket) - return 4; - else - return 3; - } - ERR_clear_error(); - /* For session parse failure, indicate that we need to send a new - * ticket. */ - return 2; - } - -/* Tables to translate from NIDs to TLS v1.2 ids */ - -typedef struct - { - int nid; - int id; - } tls12_lookup; - -static tls12_lookup tls12_md[] = { -#ifndef OPENSSL_NO_MD5 - {NID_md5, TLSEXT_hash_md5}, -#endif -#ifndef OPENSSL_NO_SHA - {NID_sha1, TLSEXT_hash_sha1}, -#endif -#ifndef OPENSSL_NO_SHA256 - {NID_sha224, TLSEXT_hash_sha224}, - {NID_sha256, TLSEXT_hash_sha256}, -#endif -#ifndef OPENSSL_NO_SHA512 - {NID_sha384, TLSEXT_hash_sha384}, - {NID_sha512, TLSEXT_hash_sha512} -#endif -}; - -static tls12_lookup tls12_sig[] = { -#ifndef OPENSSL_NO_RSA - {EVP_PKEY_RSA, TLSEXT_signature_rsa}, -#endif -#ifndef OPENSSL_NO_DSA - {EVP_PKEY_DSA, TLSEXT_signature_dsa}, -#endif -#ifndef OPENSSL_NO_ECDSA - {EVP_PKEY_EC, TLSEXT_signature_ecdsa} -#endif -}; - -static int tls12_find_id(int nid, tls12_lookup *table, size_t tlen) - { - size_t i; - for (i = 0; i < tlen; i++) - { - if (table[i].nid == nid) - return table[i].id; - } - return -1; - } - -int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md) - { - int sig_id, md_id; - if (!md) - return 0; - md_id = tls12_find_id(EVP_MD_type(md), tls12_md, - sizeof(tls12_md)/sizeof(tls12_lookup)); - if (md_id == -1) - return 0; - sig_id = tls12_get_sigid(pk); - if (sig_id == -1) - return 0; - p[0] = (unsigned char)md_id; - p[1] = (unsigned char)sig_id; - return 1; - } - -/* tls12_get_sigid returns the TLS 1.2 SignatureAlgorithm value corresponding - * to the given public key, or -1 if not known. */ -int tls12_get_sigid(const EVP_PKEY *pk) - { - return tls12_find_id(pk->type, tls12_sig, - sizeof(tls12_sig)/sizeof(tls12_lookup)); - } - -const EVP_MD *tls12_get_hash(unsigned char hash_alg) - { - switch(hash_alg) - { -#ifndef OPENSSL_NO_SHA - case TLSEXT_hash_sha1: - return EVP_sha1(); -#endif -#ifndef OPENSSL_NO_SHA256 - case TLSEXT_hash_sha224: - return EVP_sha224(); - - case TLSEXT_hash_sha256: - return EVP_sha256(); -#endif -#ifndef OPENSSL_NO_SHA512 - case TLSEXT_hash_sha384: - return EVP_sha384(); - - case TLSEXT_hash_sha512: - return EVP_sha512(); -#endif - default: - return NULL; - - } - } - -/* tls1_process_sigalgs processes a signature_algorithms extension and sets the - * digest functions accordingly for each key type. - * - * See RFC 5246, section 7.4.1.4.1. - * - * data: points to the content of the extension, not including type and length - * headers. - * dsize: the number of bytes of |data|. Must be even. - */ -void tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) - { - int i; - const EVP_MD *md, **digest_ptr; - /* Extension ignored for TLS versions below 1.2 */ - if (TLS1_get_version(s) < TLS1_2_VERSION) - return; - - s->s3->digest_rsa = NULL; - s->s3->digest_dsa = NULL; - s->s3->digest_ecdsa = NULL; - - for (i = 0; i < dsize; i += 2) - { - unsigned char hash_alg = data[i], sig_alg = data[i+1]; - - switch(sig_alg) - { -#ifndef OPENSSL_NO_RSA - case TLSEXT_signature_rsa: - digest_ptr = &s->s3->digest_rsa; - break; -#endif -#ifndef OPENSSL_NO_DSA - case TLSEXT_signature_dsa: - digest_ptr = &s->s3->digest_dsa; - break; -#endif -#ifndef OPENSSL_NO_ECDSA - case TLSEXT_signature_ecdsa: - digest_ptr = &s->s3->digest_ecdsa; - break; -#endif - default: - continue; - } - - if (*digest_ptr == NULL) - { - md = tls12_get_hash(hash_alg); - if (md) - *digest_ptr = md; - } - - } - } - -#endif - -#ifndef OPENSSL_NO_HEARTBEATS -int -tls1_process_heartbeat(SSL *s) - { - unsigned char *p = &s->s3->rrec.data[0], *pl; - unsigned short hbtype; - unsigned int payload; - unsigned int padding = 16; /* Use minimum padding */ - - if (s->msg_callback) - s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, - &s->s3->rrec.data[0], s->s3->rrec.length, - s, s->msg_callback_arg); - - /* Read type and payload length first */ - if (1 + 2 + 16 > s->s3->rrec.length) - return 0; /* silently discard */ - hbtype = *p++; - n2s(p, payload); - if (1 + 2 + payload + 16 > s->s3->rrec.length) - return 0; /* silently discard per RFC 6520 sec. 4 */ - pl = p; - - if (hbtype == TLS1_HB_REQUEST) - { - unsigned char *buffer, *bp; - int r; - - /* Allocate memory for the response, size is 1 bytes - * message type, plus 2 bytes payload length, plus - * payload, plus padding - */ - buffer = OPENSSL_malloc(1 + 2 + payload + padding); - bp = buffer; - - /* Enter response type, length and copy payload */ - *bp++ = TLS1_HB_RESPONSE; - s2n(payload, bp); - memcpy(bp, pl, payload); - bp += payload; - /* Random padding */ - RAND_pseudo_bytes(bp, padding); - - r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); - - if (r >= 0 && s->msg_callback) - s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, - buffer, 3 + payload + padding, - s, s->msg_callback_arg); - - OPENSSL_free(buffer); - - if (r < 0) - return r; - } - else if (hbtype == TLS1_HB_RESPONSE) - { - unsigned int seq; - - /* We only send sequence numbers (2 bytes unsigned int), - * and 16 random bytes, so we just try to read the - * sequence number */ - n2s(pl, seq); - - if (payload == 18 && seq == s->tlsext_hb_seq) - { - s->tlsext_hb_seq++; - s->tlsext_hb_pending = 0; - } - } - - return 0; - } - -int -tls1_heartbeat(SSL *s) - { - unsigned char *buf, *p; - int ret; - unsigned int payload = 18; /* Sequence number + random bytes */ - unsigned int padding = 16; /* Use minimum padding */ - - /* Only send if peer supports and accepts HB requests... */ - if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) || - s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) - { - SSLerr(SSL_F_TLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT); - return -1; - } - - /* ...and there is none in flight yet... */ - if (s->tlsext_hb_pending) - { - SSLerr(SSL_F_TLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PENDING); - return -1; - } - - /* ...and no handshake in progress. */ - if (SSL_in_init(s) || s->in_handshake) - { - SSLerr(SSL_F_TLS1_HEARTBEAT,SSL_R_UNEXPECTED_MESSAGE); - return -1; - } - - /* Check if padding is too long, payload and padding - * must not exceed 2^14 - 3 = 16381 bytes in total. - */ - OPENSSL_assert(payload + padding <= 16381); - - /* Create HeartBeat message, we just use a sequence number - * as payload to distuingish different messages and add - * some random stuff. - * - Message Type, 1 byte - * - Payload Length, 2 bytes (unsigned int) - * - Payload, the sequence number (2 bytes uint) - * - Payload, random bytes (16 bytes uint) - * - Padding - */ - buf = OPENSSL_malloc(1 + 2 + payload + padding); - p = buf; - /* Message Type */ - *p++ = TLS1_HB_REQUEST; - /* Payload length (18 bytes here) */ - s2n(payload, p); - /* Sequence number */ - s2n(s->tlsext_hb_seq, p); - /* 16 random bytes */ - RAND_pseudo_bytes(p, 16); - p += 16; - /* Random padding */ - RAND_pseudo_bytes(p, padding); - - ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding); - if (ret >= 0) - { - if (s->msg_callback) - s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, - buf, 3 + payload + padding, - s, s->msg_callback_arg); - - s->tlsext_hb_pending = 1; - } - - OPENSSL_free(buf); - - return ret; - } -#endif - -#if !defined(OPENSSL_NO_TLSEXT) -/* tls1_channel_id_hash calculates the signed data for a Channel ID on the given - * SSL connection and writes it to |md|. - */ -int -tls1_channel_id_hash(EVP_MD_CTX *md, SSL *s) - { - EVP_MD_CTX ctx; - unsigned char temp_digest[EVP_MAX_MD_SIZE]; - unsigned temp_digest_len; - int i; - static const char kClientIDMagic[] = "TLS Channel ID signature"; - - if (s->s3->handshake_buffer) - if (!ssl3_digest_cached_records(s)) - return 0; - - EVP_DigestUpdate(md, kClientIDMagic, sizeof(kClientIDMagic)); - - if (s->hit && s->s3->tlsext_channel_id_new) - { - static const char kResumptionMagic[] = "Resumption"; - EVP_DigestUpdate(md, kResumptionMagic, - sizeof(kResumptionMagic)); - if (s->session->original_handshake_hash_len == 0) - return 0; - EVP_DigestUpdate(md, s->session->original_handshake_hash, - s->session->original_handshake_hash_len); - } - - EVP_MD_CTX_init(&ctx); - for (i = 0; i < SSL_MAX_DIGEST; i++) - { - if (s->s3->handshake_dgst[i] == NULL) - continue; - EVP_MD_CTX_copy_ex(&ctx, s->s3->handshake_dgst[i]); - EVP_DigestFinal_ex(&ctx, temp_digest, &temp_digest_len); - EVP_DigestUpdate(md, temp_digest, temp_digest_len); - } - EVP_MD_CTX_cleanup(&ctx); - - return 1; - } -#endif - -/* tls1_record_handshake_hashes_for_channel_id records the current handshake - * hashes in |s->session| so that Channel ID resumptions can sign that data. */ -int tls1_record_handshake_hashes_for_channel_id(SSL *s) - { - int digest_len; - /* This function should never be called for a resumed session because - * the handshake hashes that we wish to record are for the original, - * full handshake. */ - if (s->hit) - return -1; - /* It only makes sense to call this function if Channel IDs have been - * negotiated. */ - if (!s->s3->tlsext_channel_id_new) - return -1; - - digest_len = tls1_handshake_digest( - s, s->session->original_handshake_hash, - sizeof(s->session->original_handshake_hash)); - if (digest_len < 0) - return -1; - - s->session->original_handshake_hash_len = digest_len; - - return 1; - } diff --git a/main/openssl/ssl/t1_meth.c b/main/openssl/ssl/t1_meth.c deleted file mode 100644 index 53c807de..00000000 --- a/main/openssl/ssl/t1_meth.c +++ /dev/null @@ -1,88 +0,0 @@ -/* ssl/t1_meth.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include <openssl/objects.h> -#include "ssl_locl.h" - -static const SSL_METHOD *tls1_get_method(int ver) - { - if (ver == TLS1_2_VERSION) - return TLSv1_2_method(); - if (ver == TLS1_1_VERSION) - return TLSv1_1_method(); - if (ver == TLS1_VERSION) - return TLSv1_method(); - return NULL; - } - -IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_method, - ssl3_accept, - ssl3_connect, - tls1_get_method) - -IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_method, - ssl3_accept, - ssl3_connect, - tls1_get_method) - -IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_method, - ssl3_accept, - ssl3_connect, - tls1_get_method) - diff --git a/main/openssl/ssl/t1_reneg.c b/main/openssl/ssl/t1_reneg.c deleted file mode 100644 index 9c2cc3c7..00000000 --- a/main/openssl/ssl/t1_reneg.c +++ /dev/null @@ -1,292 +0,0 @@ -/* ssl/t1_reneg.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2009 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -#include <stdio.h> -#include <openssl/objects.h> -#include "ssl_locl.h" - -/* Add the client's renegotiation binding */ -int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, - int maxlen) - { - if(p) - { - if((s->s3->previous_client_finished_len+1) > maxlen) - { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG); - return 0; - } - - /* Length byte */ - *p = s->s3->previous_client_finished_len; - p++; - - memcpy(p, s->s3->previous_client_finished, - s->s3->previous_client_finished_len); -#ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "%s RI extension sent by client\n", - s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); -#endif - } - - *len=s->s3->previous_client_finished_len + 1; - - - return 1; - } - -/* Parse the client's renegotiation binding and abort if it's not - right */ -int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, - int *al) - { - int ilen; - - /* Parse the length byte */ - if(len < 1) - { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR); - *al=SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - ilen = *d; - d++; - - /* Consistency check */ - if((ilen+1) != len) - { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR); - *al=SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - - /* Check that the extension matches */ - if(ilen != s->s3->previous_client_finished_len) - { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); - *al=SSL_AD_HANDSHAKE_FAILURE; - return 0; - } - - if(memcmp(d, s->s3->previous_client_finished, - s->s3->previous_client_finished_len)) - { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); - *al=SSL_AD_HANDSHAKE_FAILURE; - return 0; - } -#ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "%s RI extension received by server\n", - ilen ? "Non-empty" : "Empty"); -#endif - - s->s3->send_connection_binding=1; - - return 1; - } - -/* Add the server's renegotiation binding */ -int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, - int maxlen) - { - if(p) - { - if((s->s3->previous_client_finished_len + - s->s3->previous_server_finished_len + 1) > maxlen) - { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG); - return 0; - } - - /* Length byte */ - *p = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len; - p++; - - memcpy(p, s->s3->previous_client_finished, - s->s3->previous_client_finished_len); - p += s->s3->previous_client_finished_len; - - memcpy(p, s->s3->previous_server_finished, - s->s3->previous_server_finished_len); -#ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "%s RI extension sent by server\n", - s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); -#endif - } - - *len=s->s3->previous_client_finished_len - + s->s3->previous_server_finished_len + 1; - - return 1; - } - -/* Parse the server's renegotiation binding and abort if it's not - right */ -int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, - int *al) - { - int expected_len=s->s3->previous_client_finished_len - + s->s3->previous_server_finished_len; - int ilen; - - /* Check for logic errors */ - OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len); - OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len); - - /* Parse the length byte */ - if(len < 1) - { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR); - *al=SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - ilen = *d; - d++; - - /* Consistency check */ - if(ilen+1 != len) - { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR); - *al=SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - - /* Check that the extension matches */ - if(ilen != expected_len) - { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); - *al=SSL_AD_HANDSHAKE_FAILURE; - return 0; - } - - if(memcmp(d, s->s3->previous_client_finished, - s->s3->previous_client_finished_len)) - { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); - *al=SSL_AD_HANDSHAKE_FAILURE; - return 0; - } - d += s->s3->previous_client_finished_len; - - if(memcmp(d, s->s3->previous_server_finished, - s->s3->previous_server_finished_len)) - { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); - *al=SSL_AD_ILLEGAL_PARAMETER; - return 0; - } -#ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "%s RI extension received by client\n", - ilen ? "Non-empty" : "Empty"); -#endif - s->s3->send_connection_binding=1; - - return 1; - } diff --git a/main/openssl/ssl/t1_srvr.c b/main/openssl/ssl/t1_srvr.c deleted file mode 100644 index f1d15657..00000000 --- a/main/openssl/ssl/t1_srvr.c +++ /dev/null @@ -1,93 +0,0 @@ -/* ssl/t1_srvr.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "ssl_locl.h" -#include <openssl/buffer.h> -#include <openssl/rand.h> -#include <openssl/objects.h> -#include <openssl/evp.h> -#include <openssl/x509.h> - -static const SSL_METHOD *tls1_get_server_method(int ver); -static const SSL_METHOD *tls1_get_server_method(int ver) - { - if (ver == TLS1_2_VERSION) - return TLSv1_2_server_method(); - if (ver == TLS1_1_VERSION) - return TLSv1_1_server_method(); - if (ver == TLS1_VERSION) - return TLSv1_server_method(); - return NULL; - } - -IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_server_method, - ssl3_accept, - ssl_undefined_function, - tls1_get_server_method) - -IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_server_method, - ssl3_accept, - ssl_undefined_function, - tls1_get_server_method) - -IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_server_method, - ssl3_accept, - ssl_undefined_function, - tls1_get_server_method) - diff --git a/main/openssl/ssl/tls1.h b/main/openssl/ssl/tls1.h deleted file mode 100644 index dc36f79f..00000000 --- a/main/openssl/ssl/tls1.h +++ /dev/null @@ -1,761 +0,0 @@ -/* ssl/tls1.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * ECC cipher suite support in OpenSSL originally written by - * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. - * - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#ifndef HEADER_TLS1_H -#define HEADER_TLS1_H - -#include <openssl/buffer.h> - -#ifdef __cplusplus -extern "C" { -#endif - -#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 - -#define TLS1_VERSION 0x0301 -#define TLS1_1_VERSION 0x0302 -#define TLS1_2_VERSION 0x0303 -#define TLS_MAX_VERSION TLS1_2_VERSION - -#define TLS1_VERSION_MAJOR 0x03 -#define TLS1_VERSION_MINOR 0x01 - -#define TLS1_1_VERSION_MAJOR 0x03 -#define TLS1_1_VERSION_MINOR 0x02 - -#define TLS1_2_VERSION_MAJOR 0x03 -#define TLS1_2_VERSION_MINOR 0x03 - -#define TLS1_get_version(s) \ - ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) - -#define TLS1_get_client_version(s) \ - ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) - -#define TLS1_AD_DECRYPTION_FAILED 21 -#define TLS1_AD_RECORD_OVERFLOW 22 -#define TLS1_AD_UNKNOWN_CA 48 /* fatal */ -#define TLS1_AD_ACCESS_DENIED 49 /* fatal */ -#define TLS1_AD_DECODE_ERROR 50 /* fatal */ -#define TLS1_AD_DECRYPT_ERROR 51 -#define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */ -#define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ -#define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ -#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ -#define TLS1_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */ -#define TLS1_AD_USER_CANCELLED 90 -#define TLS1_AD_NO_RENEGOTIATION 100 -/* codes 110-114 are from RFC3546 */ -#define TLS1_AD_UNSUPPORTED_EXTENSION 110 -#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 -#define TLS1_AD_UNRECOGNIZED_NAME 112 -#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 -#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 -#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ - -/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */ -#define TLSEXT_TYPE_server_name 0 -#define TLSEXT_TYPE_max_fragment_length 1 -#define TLSEXT_TYPE_client_certificate_url 2 -#define TLSEXT_TYPE_trusted_ca_keys 3 -#define TLSEXT_TYPE_truncated_hmac 4 -#define TLSEXT_TYPE_status_request 5 -/* ExtensionType values from RFC4681 */ -#define TLSEXT_TYPE_user_mapping 6 - -/* ExtensionType values from RFC5878 */ -#define TLSEXT_TYPE_client_authz 7 -#define TLSEXT_TYPE_server_authz 8 - -/* ExtensionType values from RFC6091 */ -#define TLSEXT_TYPE_cert_type 9 - -/* ExtensionType values from RFC4492 */ -#define TLSEXT_TYPE_elliptic_curves 10 -#define TLSEXT_TYPE_ec_point_formats 11 - -/* ExtensionType value from RFC5054 */ -#define TLSEXT_TYPE_srp 12 - -/* ExtensionType values from RFC5246 */ -#define TLSEXT_TYPE_signature_algorithms 13 - -/* ExtensionType value from RFC5764 */ -#define TLSEXT_TYPE_use_srtp 14 - -/* ExtensionType value from RFC5620 */ -#define TLSEXT_TYPE_heartbeat 15 - -/* ExtensionType value for TLS padding extension. - * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml - * http://tools.ietf.org/html/draft-agl-tls-padding-03 - */ -#define TLSEXT_TYPE_padding 21 - -/* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */ -#define TLSEXT_TYPE_application_layer_protocol_negotiation 16 - -/* ExtensionType value from RFC4507 */ -#define TLSEXT_TYPE_session_ticket 35 - -/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */ -#if 0 /* will have to be provided externally for now , - * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183 - * using whatever extension number you'd like to try */ -# define TLSEXT_TYPE_opaque_prf_input ?? */ -#endif - -/* Temporary extension type */ -#define TLSEXT_TYPE_renegotiate 0xff01 - -#ifndef OPENSSL_NO_NEXTPROTONEG -/* This is not an IANA defined extension number */ -#define TLSEXT_TYPE_next_proto_neg 13172 -#endif - -/* This is not an IANA defined extension number */ -#define TLSEXT_TYPE_channel_id 30031 -#define TLSEXT_TYPE_channel_id_new 30032 - -/* NameType value from RFC 3546 */ -#define TLSEXT_NAMETYPE_host_name 0 -/* status request value from RFC 3546 */ -#define TLSEXT_STATUSTYPE_ocsp 1 - -/* ECPointFormat values from draft-ietf-tls-ecc-12 */ -#define TLSEXT_ECPOINTFORMAT_first 0 -#define TLSEXT_ECPOINTFORMAT_uncompressed 0 -#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 -#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 -#define TLSEXT_ECPOINTFORMAT_last 2 - -/* Signature and hash algorithms from RFC 5246 */ - -#define TLSEXT_signature_anonymous 0 -#define TLSEXT_signature_rsa 1 -#define TLSEXT_signature_dsa 2 -#define TLSEXT_signature_ecdsa 3 - -#define TLSEXT_hash_none 0 -#define TLSEXT_hash_md5 1 -#define TLSEXT_hash_sha1 2 -#define TLSEXT_hash_sha224 3 -#define TLSEXT_hash_sha256 4 -#define TLSEXT_hash_sha384 5 -#define TLSEXT_hash_sha512 6 - -#ifndef OPENSSL_NO_TLSEXT - -#define TLSEXT_MAXLEN_host_name 255 - -const char *SSL_get_servername(const SSL *s, const int type); -int SSL_get_servername_type(const SSL *s); -/* SSL_export_keying_material exports a value derived from the master secret, - * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and - * optional context. (Since a zero length context is allowed, the |use_context| - * flag controls whether a context is included.) - * - * It returns 1 on success and zero otherwise. - */ -int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, const unsigned char *p, size_t plen, - int use_context); - -#define SSL_set_tlsext_host_name(s,name) \ -SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) - -#define SSL_set_tlsext_debug_callback(ssl, cb) \ -SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) - -#define SSL_set_tlsext_debug_arg(ssl, arg) \ -SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) - -#define SSL_set_tlsext_status_type(ssl, type) \ -SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) - -#define SSL_get_tlsext_status_exts(ssl, arg) \ -SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) - -#define SSL_set_tlsext_status_exts(ssl, arg) \ -SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) - -#define SSL_get_tlsext_status_ids(ssl, arg) \ -SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) - -#define SSL_set_tlsext_status_ids(ssl, arg) \ -SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) - -#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ -SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg) - -#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ -SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg) - -#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ -SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) - -#define SSL_TLSEXT_ERR_OK 0 -#define SSL_TLSEXT_ERR_ALERT_WARNING 1 -#define SSL_TLSEXT_ERR_ALERT_FATAL 2 -#define SSL_TLSEXT_ERR_NOACK 3 - -#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ -SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) - -#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys)) -#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys)) - -#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ -SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) - -#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ -SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) - -#define SSL_set_tlsext_opaque_prf_input(s, src, len) \ -SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src) -#define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \ -SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb) -#define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \ -SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg) - -#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ -SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) - -#ifndef OPENSSL_NO_HEARTBEATS -#define SSL_TLSEXT_HB_ENABLED 0x01 -#define SSL_TLSEXT_HB_DONT_SEND_REQUESTS 0x02 -#define SSL_TLSEXT_HB_DONT_RECV_REQUESTS 0x04 - -#define SSL_get_tlsext_heartbeat_pending(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL) -#define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \ - SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) -#endif -#endif - -/* PSK ciphersuites from 4279 */ -#define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A -#define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B -#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C -#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D - -/* Additional TLS ciphersuites from expired Internet Draft - * draft-ietf-tls-56-bit-ciphersuites-01.txt - * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see - * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably - * shouldn't. Note that the first two are actually not in the IDs. */ -#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 /* not in ID */ -#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 /* not in ID */ -#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 -#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 -#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 -#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 -#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 - -/* AES ciphersuites from RFC3268 */ - -#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F -#define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 -#define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 -#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 -#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 -#define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 - -#define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 -#define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 -#define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 -#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 -#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 -#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A - -/* TLS v1.2 ciphersuites */ -#define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B -#define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C -#define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D -#define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E -#define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F -#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 - -/* Camellia ciphersuites from RFC4132 */ -#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 -#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 -#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 -#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 -#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 -#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 - -/* TLS v1.2 ciphersuites */ -#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067 -#define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068 -#define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069 -#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A -#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B -#define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C -#define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D - -/* Camellia ciphersuites from RFC4132 */ -#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 -#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 -#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 -#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 -#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 -#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 - -/* SEED ciphersuites from RFC4162 */ -#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 -#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 -#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 -#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 -#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A -#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B - -/* TLS v1.2 GCM ciphersuites from RFC5288 */ -#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C -#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D -#define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E -#define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F -#define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0 -#define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1 -#define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2 -#define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3 -#define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4 -#define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5 -#define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 -#define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 - -/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */ -#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 -#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 -#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 -#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 -#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 - -#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 -#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 -#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 -#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 -#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A - -#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B -#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C -#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D -#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E -#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F - -#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 -#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 -#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 -#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 -#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 - -#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 -#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 -#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 -#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 -#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 - -/* SRP ciphersuites from RFC 5054 */ -#define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A -#define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B -#define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C -#define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D -#define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E -#define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F -#define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020 -#define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 -#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 - -/* ECDH HMAC based ciphersuites from RFC5289 */ - -#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 -#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 -#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 -#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026 -#define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027 -#define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028 -#define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 -#define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A - -/* ECDH GCM based ciphersuites from RFC5289 */ -#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B -#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C -#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D -#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E -#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F -#define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030 -#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 -#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 - -/* ECDHE PSK ciphersuites from RFC5489 - * SHA-2 cipher suites are omitted because they cannot be used safely with - * SSLv3. */ -#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035 -#define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036 - -/* XXX - * Inconsistency alert: - * The OpenSSL names of ciphers with ephemeral DH here include the string - * "DHE", while elsewhere it has always been "EDH". - * (The alias for the list of all such ciphers also is "EDH".) - * The specifications speak of "EDH"; maybe we should allow both forms - * for everything. */ -#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" -#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" -#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" -#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA" -#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA" -#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" -#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" - -/* AES ciphersuites from RFC3268 */ -#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" -#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" -#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" -#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" -#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" -#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" - -#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" -#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" -#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" -#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" -#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" -#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" - -/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ -#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" -#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" -#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" -#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" -#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" - -#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" -#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" -#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" -#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" -#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" - -#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" -#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" -#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" -#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" -#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" - -#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" -#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" -#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" -#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" -#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" - -#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" -#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" -#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" -#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" -#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" - -/* PSK ciphersuites from RFC 4279 */ -#define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" -#define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" -#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" -#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" - -/* SRP ciphersuite from RFC 5054 */ -#define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" -#define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" -#define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" -#define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA" -#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA" -#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA" -#define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA" -#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" -#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" - -/* Camellia ciphersuites from RFC4132 */ -#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" -#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" -#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" -#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" -#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" -#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" - -#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" -#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" -#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" -#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" -#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" -#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" - -/* SEED ciphersuites from RFC4162 */ -#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" -#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" -#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" -#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" -#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" -#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" - -/* TLS v1.2 ciphersuites */ -#define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" -#define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" -#define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" -#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256" -#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256" -#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256" -#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256" -#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256" -#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256" -#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256" -#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256" -#define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" -#define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" - -/* TLS v1.2 GCM ciphersuites from RFC5288 */ -#define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" -#define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" -#define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" -#define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384" -#define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256" -#define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384" -#define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256" -#define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384" -#define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256" -#define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384" -#define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" -#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" - -/* ECDH HMAC based ciphersuites from RFC5289 */ - -#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" -#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" -#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256" -#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384" -#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256" -#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384" -#define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" -#define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" - -/* ECDH GCM based ciphersuites from RFC5289 */ -#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" -#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" -#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" -#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384" -#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256" -#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384" -#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" -#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" - -/* ECDHE PSK ciphersuites from RFC5489 */ -#define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA" -#define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA" - -#define TLS_CT_RSA_SIGN 1 -#define TLS_CT_DSS_SIGN 2 -#define TLS_CT_RSA_FIXED_DH 3 -#define TLS_CT_DSS_FIXED_DH 4 -#define TLS_CT_ECDSA_SIGN 64 -#define TLS_CT_RSA_FIXED_ECDH 65 -#define TLS_CT_ECDSA_FIXED_ECDH 66 -#define TLS_CT_GOST94_SIGN 21 -#define TLS_CT_GOST01_SIGN 22 -/* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see - * comment there) */ -#define TLS_CT_NUMBER 9 - -#define TLS1_FINISH_MAC_LENGTH 12 - -#define TLS_MD_MAX_CONST_SIZE 20 -#define TLS_MD_CLIENT_FINISH_CONST "client finished" -#define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 -#define TLS_MD_SERVER_FINISH_CONST "server finished" -#define TLS_MD_SERVER_FINISH_CONST_SIZE 15 -#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" -#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 -#define TLS_MD_KEY_EXPANSION_CONST "key expansion" -#define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 -#define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" -#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 -#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" -#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 -#define TLS_MD_IV_BLOCK_CONST "IV block" -#define TLS_MD_IV_BLOCK_CONST_SIZE 8 -#define TLS_MD_MASTER_SECRET_CONST "master secret" -#define TLS_MD_MASTER_SECRET_CONST_SIZE 13 - -#ifdef CHARSET_EBCDIC -#undef TLS_MD_CLIENT_FINISH_CONST -#define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*client finished*/ -#undef TLS_MD_SERVER_FINISH_CONST -#define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*server finished*/ -#undef TLS_MD_SERVER_WRITE_KEY_CONST -#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/ -#undef TLS_MD_KEY_EXPANSION_CONST -#define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" /*key expansion*/ -#undef TLS_MD_CLIENT_WRITE_KEY_CONST -#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*client write key*/ -#undef TLS_MD_SERVER_WRITE_KEY_CONST -#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/ -#undef TLS_MD_IV_BLOCK_CONST -#define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" /*IV block*/ -#undef TLS_MD_MASTER_SECRET_CONST -#define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/ -#endif - -/* TLS Session Ticket extension struct */ -struct tls_session_ticket_ext_st - { - unsigned short length; - void *data; - }; - -#ifdef __cplusplus -} -#endif -#endif diff --git a/main/openssl/ssl/tls_srp.c b/main/openssl/ssl/tls_srp.c deleted file mode 100644 index e7368a8f..00000000 --- a/main/openssl/ssl/tls_srp.c +++ /dev/null @@ -1,533 +0,0 @@ -/* ssl/tls_srp.c */ -/* Written by Christophe Renou (christophe.renou@edelweb.fr) with - * the precious help of Peter Sylvester (peter.sylvester@edelweb.fr) - * for the EdelKey project and contributed to the OpenSSL project 2004. - */ -/* ==================================================================== - * Copyright (c) 2004-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -#include "ssl_locl.h" -#ifndef OPENSSL_NO_SRP - -#include <openssl/rand.h> -#include <openssl/srp.h> -#include <openssl/err.h> - -int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx) - { - if (ctx == NULL) - return 0; - OPENSSL_free(ctx->srp_ctx.login); - BN_free(ctx->srp_ctx.N); - BN_free(ctx->srp_ctx.g); - BN_free(ctx->srp_ctx.s); - BN_free(ctx->srp_ctx.B); - BN_free(ctx->srp_ctx.A); - BN_free(ctx->srp_ctx.a); - BN_free(ctx->srp_ctx.b); - BN_free(ctx->srp_ctx.v); - ctx->srp_ctx.TLS_ext_srp_username_callback = NULL; - ctx->srp_ctx.SRP_cb_arg = NULL; - ctx->srp_ctx.SRP_verify_param_callback = NULL; - ctx->srp_ctx.SRP_give_srp_client_pwd_callback = NULL; - ctx->srp_ctx.N = NULL; - ctx->srp_ctx.g = NULL; - ctx->srp_ctx.s = NULL; - ctx->srp_ctx.B = NULL; - ctx->srp_ctx.A = NULL; - ctx->srp_ctx.a = NULL; - ctx->srp_ctx.b = NULL; - ctx->srp_ctx.v = NULL; - ctx->srp_ctx.login = NULL; - ctx->srp_ctx.info = NULL; - ctx->srp_ctx.strength = SRP_MINIMAL_N; - ctx->srp_ctx.srp_Mask = 0; - return (1); - } - -int SSL_SRP_CTX_free(struct ssl_st *s) - { - if (s == NULL) - return 0; - OPENSSL_free(s->srp_ctx.login); - BN_free(s->srp_ctx.N); - BN_free(s->srp_ctx.g); - BN_free(s->srp_ctx.s); - BN_free(s->srp_ctx.B); - BN_free(s->srp_ctx.A); - BN_free(s->srp_ctx.a); - BN_free(s->srp_ctx.b); - BN_free(s->srp_ctx.v); - s->srp_ctx.TLS_ext_srp_username_callback = NULL; - s->srp_ctx.SRP_cb_arg = NULL; - s->srp_ctx.SRP_verify_param_callback = NULL; - s->srp_ctx.SRP_give_srp_client_pwd_callback = NULL; - s->srp_ctx.N = NULL; - s->srp_ctx.g = NULL; - s->srp_ctx.s = NULL; - s->srp_ctx.B = NULL; - s->srp_ctx.A = NULL; - s->srp_ctx.a = NULL; - s->srp_ctx.b = NULL; - s->srp_ctx.v = NULL; - s->srp_ctx.login = NULL; - s->srp_ctx.info = NULL; - s->srp_ctx.strength = SRP_MINIMAL_N; - s->srp_ctx.srp_Mask = 0; - return (1); - } - -int SSL_SRP_CTX_init(struct ssl_st *s) - { - SSL_CTX *ctx; - - if ((s == NULL) || ((ctx = s->ctx) == NULL)) - return 0; - s->srp_ctx.SRP_cb_arg = ctx->srp_ctx.SRP_cb_arg; - /* set client Hello login callback */ - s->srp_ctx.TLS_ext_srp_username_callback = ctx->srp_ctx.TLS_ext_srp_username_callback; - /* set SRP N/g param callback for verification */ - s->srp_ctx.SRP_verify_param_callback = ctx->srp_ctx.SRP_verify_param_callback; - /* set SRP client passwd callback */ - s->srp_ctx.SRP_give_srp_client_pwd_callback = ctx->srp_ctx.SRP_give_srp_client_pwd_callback; - - s->srp_ctx.N = NULL; - s->srp_ctx.g = NULL; - s->srp_ctx.s = NULL; - s->srp_ctx.B = NULL; - s->srp_ctx.A = NULL; - s->srp_ctx.a = NULL; - s->srp_ctx.b = NULL; - s->srp_ctx.v = NULL; - s->srp_ctx.login = NULL; - s->srp_ctx.info = ctx->srp_ctx.info; - s->srp_ctx.strength = ctx->srp_ctx.strength; - - if (((ctx->srp_ctx.N != NULL) && - ((s->srp_ctx.N = BN_dup(ctx->srp_ctx.N)) == NULL)) || - ((ctx->srp_ctx.g != NULL) && - ((s->srp_ctx.g = BN_dup(ctx->srp_ctx.g)) == NULL)) || - ((ctx->srp_ctx.s != NULL) && - ((s->srp_ctx.s = BN_dup(ctx->srp_ctx.s)) == NULL)) || - ((ctx->srp_ctx.B != NULL) && - ((s->srp_ctx.B = BN_dup(ctx->srp_ctx.B)) == NULL)) || - ((ctx->srp_ctx.A != NULL) && - ((s->srp_ctx.A = BN_dup(ctx->srp_ctx.A)) == NULL)) || - ((ctx->srp_ctx.a != NULL) && - ((s->srp_ctx.a = BN_dup(ctx->srp_ctx.a)) == NULL)) || - ((ctx->srp_ctx.v != NULL) && - ((s->srp_ctx.v = BN_dup(ctx->srp_ctx.v)) == NULL)) || - ((ctx->srp_ctx.b != NULL) && - ((s->srp_ctx.b = BN_dup(ctx->srp_ctx.b)) == NULL))) - { - SSLerr(SSL_F_SSL_SRP_CTX_INIT,ERR_R_BN_LIB); - goto err; - } - if ((ctx->srp_ctx.login != NULL) && - ((s->srp_ctx.login = BUF_strdup(ctx->srp_ctx.login)) == NULL)) - { - SSLerr(SSL_F_SSL_SRP_CTX_INIT,ERR_R_INTERNAL_ERROR); - goto err; - } - s->srp_ctx.srp_Mask = ctx->srp_ctx.srp_Mask; - - return (1); -err: - OPENSSL_free(s->srp_ctx.login); - BN_free(s->srp_ctx.N); - BN_free(s->srp_ctx.g); - BN_free(s->srp_ctx.s); - BN_free(s->srp_ctx.B); - BN_free(s->srp_ctx.A); - BN_free(s->srp_ctx.a); - BN_free(s->srp_ctx.b); - BN_free(s->srp_ctx.v); - return (0); - } - -int SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx) - { - if (ctx == NULL) - return 0; - - ctx->srp_ctx.SRP_cb_arg = NULL; - /* set client Hello login callback */ - ctx->srp_ctx.TLS_ext_srp_username_callback = NULL; - /* set SRP N/g param callback for verification */ - ctx->srp_ctx.SRP_verify_param_callback = NULL; - /* set SRP client passwd callback */ - ctx->srp_ctx.SRP_give_srp_client_pwd_callback = NULL; - - ctx->srp_ctx.N = NULL; - ctx->srp_ctx.g = NULL; - ctx->srp_ctx.s = NULL; - ctx->srp_ctx.B = NULL; - ctx->srp_ctx.A = NULL; - ctx->srp_ctx.a = NULL; - ctx->srp_ctx.b = NULL; - ctx->srp_ctx.v = NULL; - ctx->srp_ctx.login = NULL; - ctx->srp_ctx.srp_Mask = 0; - ctx->srp_ctx.info = NULL; - ctx->srp_ctx.strength = SRP_MINIMAL_N; - - return (1); - } - -/* server side */ -int SSL_srp_server_param_with_username(SSL *s, int *ad) - { - unsigned char b[SSL_MAX_MASTER_KEY_LENGTH]; - int al; - - *ad = SSL_AD_UNKNOWN_PSK_IDENTITY; - if ((s->srp_ctx.TLS_ext_srp_username_callback !=NULL) && - ((al = s->srp_ctx.TLS_ext_srp_username_callback(s, ad, s->srp_ctx.SRP_cb_arg))!=SSL_ERROR_NONE)) - return al; - - *ad = SSL_AD_INTERNAL_ERROR; - if ((s->srp_ctx.N == NULL) || - (s->srp_ctx.g == NULL) || - (s->srp_ctx.s == NULL) || - (s->srp_ctx.v == NULL)) - return SSL3_AL_FATAL; - - if (RAND_bytes(b, sizeof(b)) <= 0) - return SSL3_AL_FATAL; - s->srp_ctx.b = BN_bin2bn(b,sizeof(b),NULL); - OPENSSL_cleanse(b,sizeof(b)); - - /* Calculate: B = (kv + g^b) % N */ - - return ((s->srp_ctx.B = SRP_Calc_B(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g, s->srp_ctx.v)) != NULL)? - SSL_ERROR_NONE:SSL3_AL_FATAL; - } - -/* If the server just has the raw password, make up a verifier entry on the fly */ -int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, const char *grp) - { - SRP_gN *GN = SRP_get_default_gN(grp); - if(GN == NULL) return -1; - s->srp_ctx.N = BN_dup(GN->N); - s->srp_ctx.g = BN_dup(GN->g); - if(s->srp_ctx.v != NULL) - { - BN_clear_free(s->srp_ctx.v); - s->srp_ctx.v = NULL; - } - if(s->srp_ctx.s != NULL) - { - BN_clear_free(s->srp_ctx.s); - s->srp_ctx.s = NULL; - } - if(!SRP_create_verifier_BN(user, pass, &s->srp_ctx.s, &s->srp_ctx.v, GN->N, GN->g)) return -1; - - return 1; - } - -int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, - BIGNUM *sa, BIGNUM *v, char *info) - { - if (N!= NULL) - { - if (s->srp_ctx.N != NULL) - { - if (!BN_copy(s->srp_ctx.N,N)) - { - BN_free(s->srp_ctx.N); - s->srp_ctx.N = NULL; - } - } - else - s->srp_ctx.N = BN_dup(N); - } - if (g!= NULL) - { - if (s->srp_ctx.g != NULL) - { - if (!BN_copy(s->srp_ctx.g,g)) - { - BN_free(s->srp_ctx.g); - s->srp_ctx.g = NULL; - } - } - else - s->srp_ctx.g = BN_dup(g); - } - if (sa!= NULL) - { - if (s->srp_ctx.s != NULL) - { - if (!BN_copy(s->srp_ctx.s,sa)) - { - BN_free(s->srp_ctx.s); - s->srp_ctx.s = NULL; - } - } - else - s->srp_ctx.s = BN_dup(sa); - } - if (v!= NULL) - { - if (s->srp_ctx.v != NULL) - { - if (!BN_copy(s->srp_ctx.v,v)) - { - BN_free(s->srp_ctx.v); - s->srp_ctx.v = NULL; - } - } - else - s->srp_ctx.v = BN_dup(v); - } - s->srp_ctx.info = info; - - if (!(s->srp_ctx.N) || - !(s->srp_ctx.g) || - !(s->srp_ctx.s) || - !(s->srp_ctx.v)) - return -1; - - return 1; - } - -int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key) - { - BIGNUM *K = NULL, *u = NULL; - int ret = -1, tmp_len; - unsigned char *tmp = NULL; - - if (!SRP_Verify_A_mod_N(s->srp_ctx.A,s->srp_ctx.N)) - goto err; - if (!(u = SRP_Calc_u(s->srp_ctx.A,s->srp_ctx.B,s->srp_ctx.N))) - goto err; - if (!(K = SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b, s->srp_ctx.N))) - goto err; - - tmp_len = BN_num_bytes(K); - if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) - goto err; - BN_bn2bin(K, tmp); - ret = s->method->ssl3_enc->generate_master_secret(s,master_key,tmp,tmp_len); -err: - if (tmp) - { - OPENSSL_cleanse(tmp,tmp_len) ; - OPENSSL_free(tmp); - } - BN_clear_free(K); - BN_clear_free(u); - return ret; - } - -/* client side */ -int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key) - { - BIGNUM *x = NULL, *u = NULL, *K = NULL; - int ret = -1, tmp_len; - char *passwd = NULL; - unsigned char *tmp = NULL; - - /* Checks if b % n == 0 - */ - if (SRP_Verify_B_mod_N(s->srp_ctx.B,s->srp_ctx.N)==0) goto err; - if (!(u = SRP_Calc_u(s->srp_ctx.A,s->srp_ctx.B,s->srp_ctx.N))) goto err; - if (s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) goto err; - if (!(passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(s, s->srp_ctx.SRP_cb_arg))) goto err; - if (!(x = SRP_Calc_x(s->srp_ctx.s,s->srp_ctx.login,passwd))) goto err; - if (!(K = SRP_Calc_client_key(s->srp_ctx.N, s->srp_ctx.B, s->srp_ctx.g, x, s->srp_ctx.a, u))) goto err; - - tmp_len = BN_num_bytes(K); - if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) goto err; - BN_bn2bin(K, tmp); - ret = s->method->ssl3_enc->generate_master_secret(s,master_key,tmp,tmp_len); -err: - if (tmp) - { - OPENSSL_cleanse(tmp,tmp_len) ; - OPENSSL_free(tmp); - } - BN_clear_free(K); - BN_clear_free(x); - if (passwd) - { - OPENSSL_cleanse(passwd,strlen(passwd)) ; - OPENSSL_free(passwd); - } - BN_clear_free(u); - return ret; - } - -int srp_verify_server_param(SSL *s, int *al) - { - SRP_CTX *srp = &s->srp_ctx; - /* Sanity check parameters: we can quickly check B % N == 0 - * by checking B != 0 since B < N - */ - if (BN_ucmp(srp->g, srp->N) >=0 || BN_ucmp(srp->B, srp->N) >= 0 - || BN_is_zero(srp->B)) - { - *al = SSL3_AD_ILLEGAL_PARAMETER; - return 0; - } - - if (BN_num_bits(srp->N) < srp->strength) - { - *al = TLS1_AD_INSUFFICIENT_SECURITY; - return 0; - } - - if (srp->SRP_verify_param_callback) - { - if (srp->SRP_verify_param_callback(s, srp->SRP_cb_arg) <= 0) - { - *al = TLS1_AD_INSUFFICIENT_SECURITY; - return 0; - } - } - else if(!SRP_check_known_gN_param(srp->g, srp->N)) - { - *al = TLS1_AD_INSUFFICIENT_SECURITY; - return 0; - } - - return 1; - } - - -int SRP_Calc_A_param(SSL *s) - { - unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH]; - - RAND_bytes(rnd, sizeof(rnd)); - s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a); - OPENSSL_cleanse(rnd, sizeof(rnd)); - - if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a,s->srp_ctx.N,s->srp_ctx.g))) - return -1; - - return 1; - } - -BIGNUM *SSL_get_srp_g(SSL *s) - { - if (s->srp_ctx.g != NULL) - return s->srp_ctx.g; - return s->ctx->srp_ctx.g; - } - -BIGNUM *SSL_get_srp_N(SSL *s) - { - if (s->srp_ctx.N != NULL) - return s->srp_ctx.N; - return s->ctx->srp_ctx.N; - } - -char *SSL_get_srp_username(SSL *s) - { - if (s->srp_ctx.login != NULL) - return s->srp_ctx.login; - return s->ctx->srp_ctx.login; - } - -char *SSL_get_srp_userinfo(SSL *s) - { - if (s->srp_ctx.info != NULL) - return s->srp_ctx.info; - return s->ctx->srp_ctx.info; - } - -#define tls1_ctx_ctrl ssl3_ctx_ctrl -#define tls1_ctx_callback_ctrl ssl3_ctx_callback_ctrl - -int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name) - { - return tls1_ctx_ctrl(ctx,SSL_CTRL_SET_TLS_EXT_SRP_USERNAME,0,name); - } - -int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password) - { - return tls1_ctx_ctrl(ctx,SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD,0,password); - } - -int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength) - { - return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH, strength, - NULL); - } - -int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, int (*cb)(SSL *,void *)) - { - return tls1_ctx_callback_ctrl(ctx,SSL_CTRL_SET_SRP_VERIFY_PARAM_CB, - (void (*)(void))cb); - } - -int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg) - { - return tls1_ctx_ctrl(ctx,SSL_CTRL_SET_SRP_ARG,0,arg); - } - -int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, - int (*cb)(SSL *,int *,void *)) - { - return tls1_ctx_callback_ctrl(ctx,SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB, - (void (*)(void))cb); - } - -int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, char *(*cb)(SSL *,void *)) - { - return tls1_ctx_callback_ctrl(ctx,SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB, - (void (*)(void))cb); - } - -#endif |