summaryrefslogtreecommitdiffstats
path: root/lib/libssl/src/ssl
diff options
context:
space:
mode:
authordjm <djm@openbsd.org>2008-09-06 12:17:47 +0000
committerdjm <djm@openbsd.org>2008-09-06 12:17:47 +0000
commit4fcf65c5c59fcf6124cf9f1fd81aa546850f974c (patch)
tree3c0b4c46d91bcb87c8eef7a1e84711159b17f71b /lib/libssl/src/ssl
parentimport of OpenSSL 0.9.8h (diff)
downloadwireguard-openbsd-4fcf65c5c59fcf6124cf9f1fd81aa546850f974c.tar.xz
wireguard-openbsd-4fcf65c5c59fcf6124cf9f1fd81aa546850f974c.zip
resolve conflicts
Diffstat (limited to 'lib/libssl/src/ssl')
-rw-r--r--lib/libssl/src/ssl/bio_ssl.c6
-rw-r--r--lib/libssl/src/ssl/install.com2
-rw-r--r--lib/libssl/src/ssl/kssl.c56
-rw-r--r--lib/libssl/src/ssl/s23_clnt.c63
-rw-r--r--lib/libssl/src/ssl/s23_lib.c62
-rw-r--r--lib/libssl/src/ssl/s23_meth.c39
-rw-r--r--lib/libssl/src/ssl/s23_srvr.c36
-rw-r--r--lib/libssl/src/ssl/s2_clnt.c46
-rw-r--r--lib/libssl/src/ssl/s2_enc.c11
-rw-r--r--lib/libssl/src/ssl/s2_lib.c131
-rw-r--r--lib/libssl/src/ssl/s2_meth.c26
-rw-r--r--lib/libssl/src/ssl/s2_srvr.c46
-rw-r--r--lib/libssl/src/ssl/s3_both.c41
-rw-r--r--lib/libssl/src/ssl/s3_clnt.c1021
-rw-r--r--lib/libssl/src/ssl/s3_enc.c43
-rw-r--r--lib/libssl/src/ssl/s3_lib.c1498
-rw-r--r--lib/libssl/src/ssl/s3_meth.c26
-rw-r--r--lib/libssl/src/ssl/s3_pkt.c49
-rw-r--r--lib/libssl/src/ssl/s3_srvr.c937
-rw-r--r--lib/libssl/src/ssl/ssl-lib.com2
-rw-r--r--lib/libssl/src/ssl/ssl.h330
-rw-r--r--lib/libssl/src/ssl/ssl3.h41
-rw-r--r--lib/libssl/src/ssl/ssl_algs.c21
-rw-r--r--lib/libssl/src/ssl/ssl_asn1.c124
-rw-r--r--lib/libssl/src/ssl/ssl_cert.c243
-rw-r--r--lib/libssl/src/ssl/ssl_ciph.c379
-rw-r--r--lib/libssl/src/ssl/ssl_err.c67
-rw-r--r--lib/libssl/src/ssl/ssl_lib.c388
-rw-r--r--lib/libssl/src/ssl/ssl_locl.h441
-rw-r--r--lib/libssl/src/ssl/ssl_rsa.c112
-rw-r--r--lib/libssl/src/ssl/ssl_sess.c189
-rw-r--r--lib/libssl/src/ssl/ssl_stat.c4
-rw-r--r--lib/libssl/src/ssl/ssl_txt.c21
-rw-r--r--lib/libssl/src/ssl/ssltest.c256
-rw-r--r--lib/libssl/src/ssl/t1_clnt.c26
-rw-r--r--lib/libssl/src/ssl/t1_enc.c80
-rw-r--r--lib/libssl/src/ssl/t1_lib.c799
-rw-r--r--lib/libssl/src/ssl/t1_meth.c28
-rw-r--r--lib/libssl/src/ssl/t1_srvr.c26
-rw-r--r--lib/libssl/src/ssl/tls1.h216
40 files changed, 6260 insertions, 1672 deletions
diff --git a/lib/libssl/src/ssl/bio_ssl.c b/lib/libssl/src/ssl/bio_ssl.c
index d683ee43e19..420deb7fc96 100644
--- a/lib/libssl/src/ssl/bio_ssl.c
+++ b/lib/libssl/src/ssl/bio_ssl.c
@@ -456,7 +456,7 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_CTRL_SET_CALLBACK:
{
#if 0 /* FIXME: Should this be used? -- Richard Levitte */
- BIOerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
ret = -1;
#else
ret=0;
@@ -465,9 +465,9 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
break;
case BIO_CTRL_GET_CALLBACK:
{
- void (**fptr)();
+ void (**fptr)(const SSL *xssl,int type,int val);
- fptr=(void (**)())ptr;
+ fptr=(void (**)(const SSL *xssl,int type,int val))ptr;
*fptr=SSL_get_info_callback(ssl);
}
break;
diff --git a/lib/libssl/src/ssl/install.com b/lib/libssl/src/ssl/install.com
index 7fc008f91a5..fce8c667371 100644
--- a/lib/libssl/src/ssl/install.com
+++ b/lib/libssl/src/ssl/install.com
@@ -38,7 +38,7 @@ $ IF F$PARSE("WRK_SSLVEXE:") .EQS. "" THEN -
$ IF F$PARSE("WRK_SSLAEXE:") .EQS. "" THEN -
CREATE/DIR/LOG WRK_SSLAEXE:
$
-$ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,kssl.h
+$ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,dtls1.h,kssl.h
$ E_EXE := ssl_task
$ LIBS := LIBSSL
$
diff --git a/lib/libssl/src/ssl/kssl.c b/lib/libssl/src/ssl/kssl.c
index 926db44b80b..019030ae3c4 100644
--- a/lib/libssl/src/ssl/kssl.c
+++ b/lib/libssl/src/ssl/kssl.c
@@ -70,7 +70,7 @@
#define _XOPEN_SOURCE 500 /* glibc2 needs this to declare strptime() */
#include <time.h>
-#if 0 /* Experimental */
+#if 0 /* experimental */
#undef _XOPEN_SOURCE /* To avoid clashes with anything else... */
#endif
#include <string.h>
@@ -784,6 +784,25 @@ kssl_krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,
}
#endif /* OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32 */
+
+/* memory allocation functions for non-temporary storage
+ * (e.g. stuff that gets saved into the kssl context) */
+static void* kssl_calloc(size_t nmemb, size_t size)
+{
+ void* p;
+
+ p=OPENSSL_malloc(nmemb*size);
+ if (p){
+ memset(p, 0, nmemb*size);
+ }
+ return p;
+}
+
+#define kssl_malloc(size) OPENSSL_malloc((size))
+#define kssl_realloc(ptr, size) OPENSSL_realloc(ptr, size)
+#define kssl_free(ptr) OPENSSL_free((ptr))
+
+
char
*kstring(char *string)
{
@@ -1132,7 +1151,7 @@ kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
if (authenp)
{
krb5_data krb5in_data;
- unsigned char *p;
+ const unsigned char *p;
long arlen;
KRB5_APREQBODY *ap_req;
@@ -1301,7 +1320,7 @@ kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
static krb5_auth_context krb5auth_context = NULL;
krb5_ticket *krb5ticket = NULL;
KRB5_TKTBODY *asn1ticket = NULL;
- unsigned char *p;
+ const unsigned char *p;
krb5_keytab krb5keytab = NULL;
krb5_keytab_entry kt_entry;
krb5_principal krb5server;
@@ -1548,7 +1567,7 @@ kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
KSSL_CTX *
kssl_ctx_new(void)
{
- return ((KSSL_CTX *) calloc(1, sizeof(KSSL_CTX)));
+ return ((KSSL_CTX *) kssl_calloc(1, sizeof(KSSL_CTX)));
}
@@ -1562,13 +1581,13 @@ kssl_ctx_free(KSSL_CTX *kssl_ctx)
if (kssl_ctx->key) OPENSSL_cleanse(kssl_ctx->key,
kssl_ctx->length);
- if (kssl_ctx->key) free(kssl_ctx->key);
- if (kssl_ctx->client_princ) free(kssl_ctx->client_princ);
- if (kssl_ctx->service_host) free(kssl_ctx->service_host);
- if (kssl_ctx->service_name) free(kssl_ctx->service_name);
- if (kssl_ctx->keytab_file) free(kssl_ctx->keytab_file);
+ if (kssl_ctx->key) kssl_free(kssl_ctx->key);
+ if (kssl_ctx->client_princ) kssl_free(kssl_ctx->client_princ);
+ if (kssl_ctx->service_host) kssl_free(kssl_ctx->service_host);
+ if (kssl_ctx->service_name) kssl_free(kssl_ctx->service_name);
+ if (kssl_ctx->keytab_file) kssl_free(kssl_ctx->keytab_file);
- free(kssl_ctx);
+ kssl_free(kssl_ctx);
return (KSSL_CTX *) NULL;
}
@@ -1593,7 +1612,7 @@ kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
case KSSL_SERVER: princ = &kssl_ctx->service_host; break;
default: return KSSL_CTX_ERR; break;
}
- if (*princ) free(*princ);
+ if (*princ) kssl_free(*princ);
/* Add up all the entity->lengths */
length = 0;
@@ -1606,7 +1625,7 @@ kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
/* Space for the ('@'+realm+NULL | NULL) */
length += ((realm)? realm->length + 2: 1);
- if ((*princ = calloc(1, length)) == NULL)
+ if ((*princ = kssl_calloc(1, length)) == NULL)
return KSSL_CTX_ERR;
else
{
@@ -1649,7 +1668,7 @@ kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text)
case KSSL_KEYTAB: string = &kssl_ctx->keytab_file; break;
default: return KSSL_CTX_ERR; break;
}
- if (*string) free(*string);
+ if (*string) kssl_free(*string);
if (!text)
{
@@ -1657,7 +1676,7 @@ kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text)
return KSSL_CTX_OK;
}
- if ((*string = calloc(1, strlen(text) + 1)) == NULL)
+ if ((*string = kssl_calloc(1, strlen(text) + 1)) == NULL)
return KSSL_CTX_ERR;
else
strcpy(*string, text);
@@ -1681,7 +1700,7 @@ kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session)
if (kssl_ctx->key)
{
OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length);
- free(kssl_ctx->key);
+ kssl_free(kssl_ctx->key);
}
if (session)
@@ -1707,7 +1726,7 @@ kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session)
}
if ((kssl_ctx->key =
- (krb5_octet FAR *) calloc(1, kssl_ctx->length)) == NULL)
+ (krb5_octet FAR *) kssl_calloc(1, kssl_ctx->length)) == NULL)
{
kssl_ctx->length = 0;
return KSSL_CTX_ERR;
@@ -1986,7 +2005,8 @@ krb5_error_code kssl_check_authent(
EVP_CIPHER_CTX ciph_ctx;
const EVP_CIPHER *enc = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
- unsigned char *p, *unenc_authent;
+ const unsigned char *p;
+ unsigned char *unenc_authent;
int outl, unencbufsize;
struct tm tm_time, *tm_l, *tm_g;
time_t now, tl, tg, tr, tz_offset;
@@ -2176,7 +2196,7 @@ krb5_error_code kssl_build_principal_2(
#else /* !OPENSSL_NO_KRB5 */
#if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS)
-static int dummy=(int)&dummy;
+static void *dummy=&dummy;
#endif
#endif /* !OPENSSL_NO_KRB5 */
diff --git a/lib/libssl/src/ssl/s23_clnt.c b/lib/libssl/src/ssl/s23_clnt.c
index 86356731ea6..c45a8e0a04c 100644
--- a/lib/libssl/src/ssl/s23_clnt.c
+++ b/lib/libssl/src/ssl/s23_clnt.c
@@ -80,28 +80,10 @@ static SSL_METHOD *ssl23_get_client_method(int ver)
return(NULL);
}
-SSL_METHOD *SSLv23_client_method(void)
- {
- static int init=1;
- static SSL_METHOD SSLv23_client_data;
-
- if (init)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
- if (init)
- {
- memcpy((char *)&SSLv23_client_data,
- (char *)sslv23_base_method(),sizeof(SSL_METHOD));
- SSLv23_client_data.ssl_connect=ssl23_connect;
- SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
- init=0;
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
- }
- return(&SSLv23_client_data);
- }
+IMPLEMENT_ssl23_meth_func(SSLv23_client_method,
+ ssl_undefined_function,
+ ssl23_connect,
+ ssl23_get_client_method)
int ssl23_connect(SSL *s)
{
@@ -241,6 +223,17 @@ static int ssl23_client_hello(SSL *s)
{
version = SSL2_VERSION;
}
+#ifndef OPENSSL_NO_TLSEXT
+ if (version != SSL2_VERSION)
+ {
+ /* have to disable SSL 2.0 compatibility if we need TLS extensions */
+
+ if (s->tlsext_hostname != NULL)
+ ssl2_compat = 0;
+ if (s->tlsext_status_type != -1)
+ ssl2_compat = 0;
+ }
+#endif
buf=(unsigned char *)s->init_buf->data;
if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
@@ -254,7 +247,7 @@ static int ssl23_client_hello(SSL *s)
#endif
p=s->s3->client_random;
- Time=(unsigned long)time(NULL); /* Time */
+ Time=(unsigned long)time(NULL); /* Time */
l2n(Time,p);
if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
return -1;
@@ -264,14 +257,6 @@ static int ssl23_client_hello(SSL *s)
version_major = TLS1_VERSION_MAJOR;
version_minor = TLS1_VERSION_MINOR;
}
-#ifdef OPENSSL_FIPS
- else if(FIPS_mode())
- {
- SSLerr(SSL_F_SSL23_CLIENT_HELLO,
- SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
- return -1;
- }
-#endif
else if (version == SSL3_VERSION)
{
version_major = SSL3_VERSION_MAJOR;
@@ -386,6 +371,13 @@ static int ssl23_client_hello(SSL *s)
*(p++)=comp->id;
}
*(p++)=0; /* Add the NULL method */
+#ifndef OPENSSL_NO_TLSEXT
+ if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
+ {
+ SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+#endif
l = p-d;
*p = 42;
@@ -544,14 +536,6 @@ static int ssl23_get_server_hello(SSL *s)
if ((p[2] == SSL3_VERSION_MINOR) &&
!(s->options & SSL_OP_NO_SSLv3))
{
-#ifdef OPENSSL_FIPS
- if(FIPS_mode())
- {
- SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
- SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
- goto err;
- }
-#endif
s->version=SSL3_VERSION;
s->method=SSLv3_client_method();
}
@@ -608,7 +592,6 @@ static int ssl23_get_server_hello(SSL *s)
if (!ssl_get_new_session(s,0))
goto err;
- s->first_packet=1;
return(SSL_connect(s));
err:
return(-1);
diff --git a/lib/libssl/src/ssl/s23_lib.c b/lib/libssl/src/ssl/s23_lib.c
index 8d7dbcf569c..fc2981308d5 100644
--- a/lib/libssl/src/ssl/s23_lib.c
+++ b/lib/libssl/src/ssl/s23_lib.c
@@ -60,55 +60,17 @@
#include <openssl/objects.h>
#include "ssl_locl.h"
-static int ssl23_num_ciphers(void );
-static SSL_CIPHER *ssl23_get_cipher(unsigned int u);
-static int ssl23_read(SSL *s, void *buf, int len);
-static int ssl23_peek(SSL *s, void *buf, int len);
-static int ssl23_write(SSL *s, const void *buf, int len);
-static long ssl23_default_timeout(void );
-static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
-static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
-const char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT;
-
-static SSL_METHOD SSLv23_data= {
- TLS1_VERSION,
- tls1_new,
- tls1_clear,
- tls1_free,
- ssl_undefined_function,
- ssl_undefined_function,
- ssl23_read,
- ssl23_peek,
- ssl23_write,
- ssl_undefined_function,
- ssl_undefined_function,
- ssl_ok,
- ssl3_ctrl,
- ssl3_ctx_ctrl,
- ssl23_get_cipher_by_char,
- ssl23_put_cipher_by_char,
- ssl_undefined_const_function,
- ssl23_num_ciphers,
- ssl23_get_cipher,
- ssl_bad_method,
- ssl23_default_timeout,
- &ssl3_undef_enc_method,
- ssl_undefined_function,
- ssl3_callback_ctrl,
- ssl3_ctx_callback_ctrl,
- };
-
-static long ssl23_default_timeout(void)
+long ssl23_default_timeout(void)
{
return(300);
}
-SSL_METHOD *sslv23_base_method(void)
- {
- return(&SSLv23_data);
- }
+IMPLEMENT_ssl23_meth_func(sslv23_base_method,
+ ssl_undefined_function,
+ ssl_undefined_function,
+ ssl_bad_method)
-static int ssl23_num_ciphers(void)
+int ssl23_num_ciphers(void)
{
return(ssl3_num_ciphers()
#ifndef OPENSSL_NO_SSL2
@@ -117,7 +79,7 @@ static int ssl23_num_ciphers(void)
);
}
-static SSL_CIPHER *ssl23_get_cipher(unsigned int u)
+SSL_CIPHER *ssl23_get_cipher(unsigned int u)
{
unsigned int uu=ssl3_num_ciphers();
@@ -133,7 +95,7 @@ static SSL_CIPHER *ssl23_get_cipher(unsigned int u)
/* This function needs to check if the ciphers required are actually
* available */
-static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
+SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
{
SSL_CIPHER c,*cp;
unsigned long id;
@@ -151,7 +113,7 @@ static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
return(cp);
}
-static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
+int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
{
long l;
@@ -166,7 +128,7 @@ static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
return(3);
}
-static int ssl23_read(SSL *s, void *buf, int len)
+int ssl23_read(SSL *s, void *buf, int len)
{
int n;
@@ -189,7 +151,7 @@ static int ssl23_read(SSL *s, void *buf, int len)
}
}
-static int ssl23_peek(SSL *s, void *buf, int len)
+int ssl23_peek(SSL *s, void *buf, int len)
{
int n;
@@ -212,7 +174,7 @@ static int ssl23_peek(SSL *s, void *buf, int len)
}
}
-static int ssl23_write(SSL *s, const void *buf, int len)
+int ssl23_write(SSL *s, const void *buf, int len)
{
int n;
diff --git a/lib/libssl/src/ssl/s23_meth.c b/lib/libssl/src/ssl/s23_meth.c
index f207140835f..950d9aab3d9 100644
--- a/lib/libssl/src/ssl/s23_meth.c
+++ b/lib/libssl/src/ssl/s23_meth.c
@@ -63,37 +63,26 @@
static SSL_METHOD *ssl23_get_method(int ver);
static SSL_METHOD *ssl23_get_method(int ver)
{
+#ifndef OPENSSL_NO_SSL2
if (ver == SSL2_VERSION)
return(SSLv2_method());
- else if (ver == SSL3_VERSION)
+ else
+#endif
+#ifndef OPENSSL_NO_SSL3
+ if (ver == SSL3_VERSION)
return(SSLv3_method());
- else if (ver == TLS1_VERSION)
+ else
+#endif
+#ifndef OPENSSL_NO_TLS1
+ if (ver == TLS1_VERSION)
return(TLSv1_method());
else
+#endif
return(NULL);
}
-SSL_METHOD *SSLv23_method(void)
- {
- static int init=1;
- static SSL_METHOD SSLv23_data;
-
- if (init)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
- if (init)
- {
- memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(),
- sizeof(SSL_METHOD));
- SSLv23_data.ssl_connect=ssl23_connect;
- SSLv23_data.ssl_accept=ssl23_accept;
- SSLv23_data.get_ssl_method=ssl23_get_method;
- init=0;
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
- }
- return(&SSLv23_data);
- }
+IMPLEMENT_ssl23_meth_func(SSLv23_method,
+ ssl23_accept,
+ ssl23_connect,
+ ssl23_get_method)
diff --git a/lib/libssl/src/ssl/s23_srvr.c b/lib/libssl/src/ssl/s23_srvr.c
index b73abc448f8..6637bb95490 100644
--- a/lib/libssl/src/ssl/s23_srvr.c
+++ b/lib/libssl/src/ssl/s23_srvr.c
@@ -132,28 +132,10 @@ static SSL_METHOD *ssl23_get_server_method(int ver)
return(NULL);
}
-SSL_METHOD *SSLv23_server_method(void)
- {
- static int init=1;
- static SSL_METHOD SSLv23_server_data;
-
- if (init)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
- if (init)
- {
- memcpy((char *)&SSLv23_server_data,
- (char *)sslv23_base_method(),sizeof(SSL_METHOD));
- SSLv23_server_data.ssl_accept=ssl23_accept;
- SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
- init=0;
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
- }
- return(&SSLv23_server_data);
- }
+IMPLEMENT_ssl23_meth_func(SSLv23_server_method,
+ ssl23_accept,
+ ssl_undefined_function,
+ ssl23_get_server_method)
int ssl23_accept(SSL *s)
{
@@ -404,15 +386,6 @@ int ssl23_get_client_hello(SSL *s)
}
}
-#ifdef OPENSSL_FIPS
- if (FIPS_mode() && (s->version < TLS1_VERSION))
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
- SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
- goto err;
- }
-#endif
-
if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
{
/* we have SSLv3/TLSv1 in an SSLv2 header
@@ -592,7 +565,6 @@ int ssl23_get_client_hello(SSL *s)
s->init_num=0;
if (buf != buf_space) OPENSSL_free(buf);
- s->first_packet=1;
return(SSL_accept(s));
err:
if (buf != buf_space) OPENSSL_free(buf);
diff --git a/lib/libssl/src/ssl/s2_clnt.c b/lib/libssl/src/ssl/s2_clnt.c
index 003809271be..e2a90a3ca26 100644
--- a/lib/libssl/src/ssl/s2_clnt.c
+++ b/lib/libssl/src/ssl/s2_clnt.c
@@ -137,28 +137,10 @@ static SSL_METHOD *ssl2_get_client_method(int ver)
return(NULL);
}
-SSL_METHOD *SSLv2_client_method(void)
- {
- static int init=1;
- static SSL_METHOD SSLv2_client_data;
-
- if (init)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
- if (init)
- {
- memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
- sizeof(SSL_METHOD));
- SSLv2_client_data.ssl_connect=ssl2_connect;
- SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
- init=0;
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
- }
- return(&SSLv2_client_data);
- }
+IMPLEMENT_ssl2_meth_func(SSLv2_client_method,
+ ssl_undefined_function,
+ ssl2_connect,
+ ssl2_get_client_method)
int ssl2_connect(SSL *s)
{
@@ -484,11 +466,11 @@ static int get_server_hello(SSL *s)
return(-1);
}
- sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp);
+ (void)sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp);
/* get the array of ciphers we will accept */
cl=SSL_get_ciphers(s);
- sk_SSL_CIPHER_set_cmp_func(cl,ssl_cipher_ptr_id_cmp);
+ (void)sk_SSL_CIPHER_set_cmp_func(cl,ssl_cipher_ptr_id_cmp);
/*
* If server preference flag set, choose the first
@@ -538,8 +520,8 @@ static int get_server_hello(SSL *s)
CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
}
- if (s->session->sess_cert == NULL ||
- s->session->peer != s->session->sess_cert->peer_key->x509)
+ if (s->session->sess_cert == NULL
+ || s->session->peer != s->session->sess_cert->peer_key->x509)
/* can't happen */
{
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
@@ -613,7 +595,7 @@ static int client_hello(SSL *s)
s->s2->challenge_length=SSL2_CHALLENGE_LENGTH;
s2n(SSL2_CHALLENGE_LENGTH,p); /* challenge length */
/*challenge id data*/
- if(RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH) <= 0)
+ if (RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH) <= 0)
return -1;
memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH);
d+=SSL2_CHALLENGE_LENGTH;
@@ -663,7 +645,7 @@ static int client_master_key(SSL *s)
return -1;
}
if (i > 0)
- if(RAND_pseudo_bytes(sess->key_arg,i) <= 0)
+ if (RAND_pseudo_bytes(sess->key_arg,i) <= 0)
return -1;
/* make a master key */
@@ -671,7 +653,7 @@ static int client_master_key(SSL *s)
sess->master_key_length=i;
if (i > 0)
{
- if (i > sizeof sess->master_key)
+ if (i > (int)sizeof(sess->master_key))
{
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
@@ -691,7 +673,7 @@ static int client_master_key(SSL *s)
else
enc=i;
- if (i < enc)
+ if ((int)i < enc)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_CIPHER_TABLE_SRC_ERROR);
@@ -720,7 +702,7 @@ static int client_master_key(SSL *s)
d+=enc;
karg=sess->key_arg_length;
s2n(karg,p); /* key arg size */
- if (karg > sizeof sess->key_arg)
+ if (karg > (int)sizeof(sess->key_arg))
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
@@ -1038,7 +1020,7 @@ static int get_server_finished(SSL *s)
}
/* loads in the certificate from the server */
-int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data)
+int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data)
{
STACK_OF(X509) *sk=NULL;
EVP_PKEY *pkey=NULL;
diff --git a/lib/libssl/src/ssl/s2_enc.c b/lib/libssl/src/ssl/s2_enc.c
index 21a06f76cb0..1f62acd5b1e 100644
--- a/lib/libssl/src/ssl/s2_enc.c
+++ b/lib/libssl/src/ssl/s2_enc.c
@@ -82,15 +82,18 @@ int ssl2_enc_init(SSL *s, int client)
((s->enc_read_ctx=(EVP_CIPHER_CTX *)
OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
goto err;
+
+ /* make sure it's intialized in case the malloc for enc_write_ctx fails
+ * and we exit with an error */
+ rs= s->enc_read_ctx;
+ EVP_CIPHER_CTX_init(rs);
+
if ((s->enc_write_ctx == NULL) &&
((s->enc_write_ctx=(EVP_CIPHER_CTX *)
OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
goto err;
- rs= s->enc_read_ctx;
ws= s->enc_write_ctx;
-
- EVP_CIPHER_CTX_init(rs);
EVP_CIPHER_CTX_init(ws);
num=c->key_len;
@@ -100,7 +103,7 @@ int ssl2_enc_init(SSL *s, int client)
if (ssl2_generate_key_material(s) <= 0)
return 0;
- OPENSSL_assert(c->iv_len <= sizeof s->session->key_arg);
+ OPENSSL_assert(c->iv_len <= (int)sizeof(s->session->key_arg));
EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),
s->session->key_arg);
EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]),
diff --git a/lib/libssl/src/ssl/s2_lib.c b/lib/libssl/src/ssl/s2_lib.c
index 26ce8c8d98e..10751b22baf 100644
--- a/lib/libssl/src/ssl/s2_lib.c
+++ b/lib/libssl/src/ssl/s2_lib.c
@@ -59,16 +59,15 @@
#include "ssl_locl.h"
#ifndef OPENSSL_NO_SSL2
#include <stdio.h>
-#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
-static long ssl2_default_timeout(void );
-const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
+const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT;
#define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
+/* list of available SSLv2 ciphers (sorted by id) */
OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
/* NULL_WITH_MD5 v3 */
#if 0
@@ -85,19 +84,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
SSL_ALL_STRENGTHS,
},
#endif
-/* RC4_128_EXPORT40_WITH_MD5 */
- {
- 1,
- SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
- SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
- SSL_EXPORT|SSL_EXP40,
- SSL2_CF_5_BYTE_ENC,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
/* RC4_128_WITH_MD5 */
{
1,
@@ -111,12 +97,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
-/* RC2_128_CBC_EXPORT40_WITH_MD5 */
+/* RC4_128_EXPORT40_WITH_MD5 */
{
1,
- SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
- SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
+ SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
+ SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
+ SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
SSL_EXPORT|SSL_EXP40,
SSL2_CF_5_BYTE_ENC,
40,
@@ -137,6 +123,19 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
+/* RC2_128_CBC_EXPORT40_WITH_MD5 */
+ {
+ 1,
+ SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
+ SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
+ SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
+ SSL_EXPORT|SSL_EXP40,
+ SSL2_CF_5_BYTE_ENC,
+ 40,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
/* IDEA_128_CBC_WITH_MD5 */
#ifndef OPENSSL_NO_IDEA
{
@@ -179,7 +178,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
SSL_ALL_STRENGTHS,
},
/* RC4_64_WITH_MD5 */
-#if 1
+#if 0
{
1,
SSL2_TXT_RC4_64_WITH_MD5,
@@ -212,43 +211,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
/* end of list :-) */
};
-static SSL_METHOD SSLv2_data= {
- SSL2_VERSION,
- ssl2_new, /* local */
- ssl2_clear, /* local */
- ssl2_free, /* local */
- ssl_undefined_function,
- ssl_undefined_function,
- ssl2_read,
- ssl2_peek,
- ssl2_write,
- ssl2_shutdown,
- ssl_ok, /* NULL - renegotiate */
- ssl_ok, /* NULL - check renegotiate */
- ssl2_ctrl, /* local */
- ssl2_ctx_ctrl, /* local */
- ssl2_get_cipher_by_char,
- ssl2_put_cipher_by_char,
- ssl2_pending,
- ssl2_num_ciphers,
- ssl2_get_cipher,
- ssl_bad_method,
- ssl2_default_timeout,
- &ssl3_undef_enc_method,
- ssl_undefined_function,
- ssl2_callback_ctrl, /* local */
- ssl2_ctx_callback_ctrl, /* local */
- };
-
-static long ssl2_default_timeout(void)
+long ssl2_default_timeout(void)
{
return(300);
}
-SSL_METHOD *sslv2_base_method(void)
- {
- return(&SSLv2_data);
- }
+IMPLEMENT_ssl2_meth_func(sslv2_base_method,
+ ssl_undefined_function,
+ ssl_undefined_function,
+ ssl_bad_method)
int ssl2_num_ciphers(void)
{
@@ -349,7 +320,7 @@ long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)
return(ret);
}
-long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)())
+long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
{
return(0);
}
@@ -359,7 +330,7 @@ long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
return(0);
}
-long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
+long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
{
return(0);
}
@@ -368,42 +339,20 @@ long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
* available */
SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
{
- static int init=1;
- static SSL_CIPHER *sorted[SSL2_NUM_CIPHERS];
- SSL_CIPHER c,*cp= &c,**cpp;
+ SSL_CIPHER c,*cp;
unsigned long id;
- int i;
-
- if (init)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-
- if (init)
- {
- for (i=0; i<SSL2_NUM_CIPHERS; i++)
- sorted[i]= &(ssl2_ciphers[i]);
-
- qsort((char *)sorted,
- SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
- FP_ICC ssl_cipher_ptr_id_cmp);
-
- init=0;
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
- }
id=0x02000000L|((unsigned long)p[0]<<16L)|
((unsigned long)p[1]<<8L)|(unsigned long)p[2];
c.id=id;
- cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
- (char *)sorted,
- SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
- FP_ICC ssl_cipher_ptr_id_cmp);
- if ((cpp == NULL) || !(*cpp)->valid)
- return(NULL);
+ cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
+ (char *)ssl2_ciphers,
+ SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER),
+ FP_ICC ssl_cipher_id_cmp);
+ if ((cp == NULL) || (cp->valid == 0))
+ return NULL;
else
- return(*cpp);
+ return cp;
}
int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
@@ -438,7 +387,8 @@ int ssl2_generate_key_material(SSL *s)
EVP_MD_CTX_init(&ctx);
km=s->s2->key_material;
- if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key)
+ if (s->session->master_key_length < 0 ||
+ s->session->master_key_length > (int)sizeof(s->session->master_key))
{
SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
return 0;
@@ -446,7 +396,8 @@ int ssl2_generate_key_material(SSL *s)
for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5))
{
- if (((km - s->s2->key_material) + EVP_MD_size(md5)) > sizeof s->s2->key_material)
+ if (((km - s->s2->key_material) + EVP_MD_size(md5)) >
+ (int)sizeof(s->s2->key_material))
{
/* EVP_DigestFinal_ex() below would write beyond buffer */
SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
@@ -457,7 +408,7 @@ int ssl2_generate_key_material(SSL *s)
OPENSSL_assert(s->session->master_key_length >= 0
&& s->session->master_key_length
- < sizeof s->session->master_key);
+ < (int)sizeof(s->session->master_key));
EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
EVP_DigestUpdate(&ctx,&c,1);
c++;
@@ -496,7 +447,7 @@ void ssl2_write_error(SSL *s)
error=s->error; /* number of bytes left to write */
s->error=0;
- OPENSSL_assert(error >= 0 && error <= sizeof buf);
+ OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf));
i=ssl2_write(s,&(buf[3-error]),error);
/* if (i == error) s->rwstate=state; */
diff --git a/lib/libssl/src/ssl/s2_meth.c b/lib/libssl/src/ssl/s2_meth.c
index 8b6cbd086e2..a35e435b713 100644
--- a/lib/libssl/src/ssl/s2_meth.c
+++ b/lib/libssl/src/ssl/s2_meth.c
@@ -70,29 +70,11 @@ static SSL_METHOD *ssl2_get_method(int ver)
return(NULL);
}
-SSL_METHOD *SSLv2_method(void)
- {
- static int init=1;
- static SSL_METHOD SSLv2_data;
+IMPLEMENT_ssl2_meth_func(SSLv2_method,
+ ssl2_accept,
+ ssl2_connect,
+ ssl2_get_method)
- if (init)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
- if (init)
- {
- memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
- sizeof(SSL_METHOD));
- SSLv2_data.ssl_connect=ssl2_connect;
- SSLv2_data.ssl_accept=ssl2_accept;
- SSLv2_data.get_ssl_method=ssl2_get_method;
- init=0;
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
- }
- return(&SSLv2_data);
- }
#else /* !OPENSSL_NO_SSL2 */
# if PEDANTIC
diff --git a/lib/libssl/src/ssl/s2_srvr.c b/lib/libssl/src/ssl/s2_srvr.c
index 7a4992b7aac..0daf2b129df 100644
--- a/lib/libssl/src/ssl/s2_srvr.c
+++ b/lib/libssl/src/ssl/s2_srvr.c
@@ -137,28 +137,10 @@ static SSL_METHOD *ssl2_get_server_method(int ver)
return(NULL);
}
-SSL_METHOD *SSLv2_server_method(void)
- {
- static int init=1;
- static SSL_METHOD SSLv2_server_data;
-
- if (init)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
- if (init)
- {
- memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
- sizeof(SSL_METHOD));
- SSLv2_server_data.ssl_accept=ssl2_accept;
- SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
- init=0;
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
- }
- return(&SSLv2_server_data);
- }
+IMPLEMENT_ssl2_meth_func(SSLv2_server_method,
+ ssl2_accept,
+ ssl_undefined_function,
+ ssl2_get_server_method)
int ssl2_accept(SSL *s)
{
@@ -498,8 +480,8 @@ static int get_client_master_key(SSL *s)
i=ek;
else
i=EVP_CIPHER_key_length(c);
- if(RAND_pseudo_bytes(p,i) <= 0)
- return 0;
+ if (RAND_pseudo_bytes(p,i) <= 0)
+ return 0;
}
#else
if (i < 0)
@@ -625,7 +607,7 @@ static int get_client_hello(SSL *s)
else
{
i=ssl_get_prev_session(s,&(p[s->s2->tmp.cipher_spec_length]),
- s->s2->tmp.session_id_length);
+ s->s2->tmp.session_id_length, NULL);
if (i == 1)
{ /* previous session */
s->hit=1;
@@ -675,7 +657,7 @@ static int get_client_hello(SSL *s)
{
if (sk_SSL_CIPHER_find(allow,sk_SSL_CIPHER_value(prio,z)) < 0)
{
- sk_SSL_CIPHER_delete(prio,z);
+ (void)sk_SSL_CIPHER_delete(prio,z);
z--;
}
}
@@ -805,8 +787,8 @@ static int server_hello(SSL *s)
/* make and send conn_id */
s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */
s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;
- if(RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length) <= 0)
- return -1;
+ if (RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length) <= 0)
+ return -1;
memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH);
d+=SSL2_CONNECTION_ID_LENGTH;
@@ -938,6 +920,7 @@ static int server_finish(SSL *s)
/* send the request and check the response */
static int request_certificate(SSL *s)
{
+ const unsigned char *cp;
unsigned char *p,*p2,*buf2;
unsigned char *ccd;
int i,j,ctype,ret= -1;
@@ -951,7 +934,7 @@ static int request_certificate(SSL *s)
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_REQUEST_CERTIFICATE;
*(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
- if(RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0)
+ if (RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0)
return -1;
memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
@@ -1055,7 +1038,8 @@ static int request_certificate(SSL *s)
s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-CERTIFICATE */
p += 6;
- x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen);
+ cp = p;
+ x509=(X509 *)d2i_X509(NULL,&cp,(long)s->s2->tmp.clen);
if (x509 == NULL)
{
SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_X509_LIB);
@@ -1095,7 +1079,7 @@ static int request_certificate(SSL *s)
pkey=X509_get_pubkey(x509);
if (pkey == NULL) goto end;
- i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey);
+ i=EVP_VerifyFinal(&ctx,cp,s->s2->tmp.rlen,pkey);
EVP_PKEY_free(pkey);
EVP_MD_CTX_cleanup(&ctx);
diff --git a/lib/libssl/src/ssl/s3_both.c b/lib/libssl/src/ssl/s3_both.c
index 64d317b7ac3..2ecfbb77cb1 100644
--- a/lib/libssl/src/ssl/s3_both.c
+++ b/lib/libssl/src/ssl/s3_both.c
@@ -108,6 +108,11 @@
* Hudson (tjh@cryptsoft.com).
*
*/
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
#include <limits.h>
#include <string.h>
@@ -192,7 +197,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
* change cipher spec message and is in s->s3->tmp.peer_finish_md
*/
- n=ssl3_get_message(s,
+ n=s->method->ssl_get_message(s,
a,
b,
SSL3_MT_FINISHED,
@@ -386,8 +391,8 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
{
while (s->init_num < 4)
{
- i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
- 4 - s->init_num, 0);
+ i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
+ &p[s->init_num],4 - s->init_num, 0);
if (i <= 0)
{
s->rwstate=SSL_READING;
@@ -467,7 +472,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
n = s->s3->tmp.message_size - s->init_num;
while (n > 0)
{
- i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
+ i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
if (i <= 0)
{
s->rwstate=SSL_READING;
@@ -492,7 +497,7 @@ err:
int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
{
EVP_PKEY *pk;
- int ret= -1,i,j;
+ int ret= -1,i;
if (pkey == NULL)
pk=X509_get_pubkey(x);
@@ -504,35 +509,17 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
if (i == EVP_PKEY_RSA)
{
ret=SSL_PKEY_RSA_ENC;
- if (x != NULL)
- {
- j=X509_get_ext_count(x);
- /* check to see if this is a signing only certificate */
- /* EAY EAY EAY EAY */
- }
}
else if (i == EVP_PKEY_DSA)
{
ret=SSL_PKEY_DSA_SIGN;
}
- else if (i == EVP_PKEY_DH)
+#ifndef OPENSSL_NO_EC
+ else if (i == EVP_PKEY_EC)
{
- /* if we just have a key, we needs to be guess */
-
- if (x == NULL)
- ret=SSL_PKEY_DH_DSA;
- else
- {
- j=X509_get_signature_type(x);
- if (j == EVP_PKEY_RSA)
- ret=SSL_PKEY_DH_RSA;
- else if (j== EVP_PKEY_DSA)
- ret=SSL_PKEY_DH_DSA;
- else ret= -1;
- }
+ ret = SSL_PKEY_ECC;
}
- else
- ret= -1;
+#endif
err:
if(!pkey) EVP_PKEY_free(pk);
diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c
index 4163d979443..9a87c1cfb36 100644
--- a/lib/libssl/src/ssl/s3_clnt.c
+++ b/lib/libssl/src/ssl/s3_clnt.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -108,6 +108,19 @@
* Hudson (tjh@cryptsoft.com).
*
*/
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
#include <stdio.h>
#include "ssl_locl.h"
@@ -117,20 +130,22 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
-#include <openssl/fips.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#include <openssl/bn.h>
static SSL_METHOD *ssl3_get_client_method(int ver);
-static int ssl3_client_hello(SSL *s);
-static int ssl3_get_server_hello(SSL *s);
-static int ssl3_get_certificate_request(SSL *s);
static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
-static int ssl3_get_server_done(SSL *s);
-static int ssl3_send_client_verify(SSL *s);
-static int ssl3_send_client_certificate(SSL *s);
-static int ssl3_send_client_key_exchange(SSL *s);
-static int ssl3_get_key_exchange(SSL *s);
-static int ssl3_get_server_certificate(SSL *s);
-static int ssl3_check_cert_and_algorithm(SSL *s);
+#ifndef OPENSSL_NO_TLSEXT
+static int ssl3_check_finished(SSL *s);
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+static int curve_id2nid(int curve_id);
+int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
+#endif
+
static SSL_METHOD *ssl3_get_client_method(int ver)
{
if (ver == SSL3_VERSION)
@@ -139,28 +154,10 @@ static SSL_METHOD *ssl3_get_client_method(int ver)
return(NULL);
}
-SSL_METHOD *SSLv3_client_method(void)
- {
- static int init=1;
- static SSL_METHOD SSLv3_client_data;
-
- if (init)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
- if (init)
- {
- memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
- sizeof(SSL_METHOD));
- SSLv3_client_data.ssl_connect=ssl3_connect;
- SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
- init=0;
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
- }
- return(&SSLv3_client_data);
- }
+IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
+ ssl_undefined_function,
+ ssl3_connect,
+ ssl3_get_client_method)
int ssl3_connect(SSL *s)
{
@@ -270,15 +267,43 @@ int ssl3_connect(SSL *s)
case SSL3_ST_CR_CERT_A:
case SSL3_ST_CR_CERT_B:
- /* Check if it is anon DH */
+#ifndef OPENSSL_NO_TLSEXT
+ ret=ssl3_check_finished(s);
+ if (ret <= 0) goto end;
+ if (ret == 2)
+ {
+ s->hit = 1;
+ if (s->tlsext_ticket_expected)
+ s->state=SSL3_ST_CR_SESSION_TICKET_A;
+ else
+ s->state=SSL3_ST_CR_FINISHED_A;
+ s->init_num=0;
+ break;
+ }
+#endif
+ /* Check if it is anon DH/ECDH */
if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
{
ret=ssl3_get_server_certificate(s);
if (ret <= 0) goto end;
+#ifndef OPENSSL_NO_TLSEXT
+ if (s->tlsext_status_expected)
+ s->state=SSL3_ST_CR_CERT_STATUS_A;
+ else
+ s->state=SSL3_ST_CR_KEY_EXCH_A;
+ }
+ else
+ {
+ skip = 1;
+ s->state=SSL3_ST_CR_KEY_EXCH_A;
+ }
+#else
}
else
skip=1;
+
s->state=SSL3_ST_CR_KEY_EXCH_A;
+#endif
s->init_num=0;
break;
@@ -337,6 +362,13 @@ int ssl3_connect(SSL *s)
* sent back */
/* For TLS, cert_req is set to 2, so a cert chain
* of nothing is sent, but no verify packet is sent */
+ /* XXX: For now, we do not support client
+ * authentication in ECDH cipher suites with
+ * ECDH (rather than ECDSA) certificates.
+ * We need to skip the certificate verify
+ * message when client's ECDH public key is sent
+ * inside the client certificate.
+ */
if (s->s3->tmp.cert_req == 1)
{
s->state=SSL3_ST_CW_CERT_VRFY_A;
@@ -368,11 +400,15 @@ int ssl3_connect(SSL *s)
s->init_num=0;
s->session->cipher=s->s3->tmp.new_cipher;
+#ifdef OPENSSL_NO_COMP
+ s->session->compress_meth=0;
+#else
if (s->s3->tmp.new_compression == NULL)
s->session->compress_meth=0;
else
s->session->compress_meth=
s->s3->tmp.new_compression->id;
+#endif
if (!s->method->ssl3_enc->setup_key_block(s))
{
ret= -1;
@@ -411,11 +447,36 @@ int ssl3_connect(SSL *s)
}
else
{
+#ifndef OPENSSL_NO_TLSEXT
+ /* Allow NewSessionTicket if ticket expected */
+ if (s->tlsext_ticket_expected)
+ s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
+ else
+#endif
+
s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
}
s->init_num=0;
break;
+#ifndef OPENSSL_NO_TLSEXT
+ case SSL3_ST_CR_SESSION_TICKET_A:
+ case SSL3_ST_CR_SESSION_TICKET_B:
+ ret=ssl3_get_new_session_ticket(s);
+ if (ret <= 0) goto end;
+ s->state=SSL3_ST_CR_FINISHED_A;
+ s->init_num=0;
+ break;
+
+ case SSL3_ST_CR_CERT_STATUS_A:
+ case SSL3_ST_CR_CERT_STATUS_B:
+ ret=ssl3_get_cert_status(s);
+ if (ret <= 0) goto end;
+ s->state=SSL3_ST_CR_KEY_EXCH_A;
+ s->init_num=0;
+ break;
+#endif
+
case SSL3_ST_CR_FINISHED_A:
case SSL3_ST_CR_FINISHED_B:
@@ -512,13 +573,16 @@ end:
}
-static int ssl3_client_hello(SSL *s)
+int ssl3_client_hello(SSL *s)
{
unsigned char *buf;
unsigned char *p,*d;
- int i,j;
+ int i;
unsigned long Time,l;
+#ifndef OPENSSL_NO_COMP
+ int j;
SSL_COMP *comp;
+#endif
buf=(unsigned char *)s->init_buf->data;
if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
@@ -535,8 +599,8 @@ static int ssl3_client_hello(SSL *s)
p=s->s3->client_random;
Time=(unsigned long)time(NULL); /* Time */
l2n(Time,p);
- if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
- goto err;
+ if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
+ goto err;
/* Do the message type and length last */
d=p= &(buf[4]);
@@ -557,7 +621,7 @@ static int ssl3_client_hello(SSL *s)
*(p++)=i;
if (i != 0)
{
- if (i > sizeof s->session->session_id)
+ if (i > (int)sizeof(s->session->session_id))
{
SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
goto err;
@@ -577,6 +641,9 @@ static int ssl3_client_hello(SSL *s)
p+=i;
/* COMPRESSION */
+#ifdef OPENSSL_NO_COMP
+ *(p++)=1;
+#else
if (s->ctx->comp_methods == NULL)
j=0;
else
@@ -587,8 +654,15 @@ static int ssl3_client_hello(SSL *s)
comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
*(p++)=comp->id;
}
+#endif
*(p++)=0; /* Add the NULL method */
-
+#ifndef OPENSSL_NO_TLSEXT
+ if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
+ {
+ SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+#endif
l=(p-d);
d=buf;
*(d++)=SSL3_MT_CLIENT_HELLO;
@@ -606,7 +680,7 @@ err:
return(-1);
}
-static int ssl3_get_server_hello(SSL *s)
+int ssl3_get_server_hello(SSL *s)
{
STACK_OF(SSL_CIPHER) *sk;
SSL_CIPHER *c;
@@ -614,16 +688,44 @@ static int ssl3_get_server_hello(SSL *s)
int i,al,ok;
unsigned int j;
long n;
+#ifndef OPENSSL_NO_COMP
SSL_COMP *comp;
+#endif
- n=ssl3_get_message(s,
+ n=s->method->ssl_get_message(s,
SSL3_ST_CR_SRVR_HELLO_A,
SSL3_ST_CR_SRVR_HELLO_B,
- SSL3_MT_SERVER_HELLO,
- 300, /* ?? */
+ -1,
+ 20000, /* ?? */
&ok);
if (!ok) return((int)n);
+
+ if ( SSL_version(s) == DTLS1_VERSION)
+ {
+ if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
+ {
+ if ( s->d1->send_cookie == 0)
+ {
+ s->s3->tmp.reuse_message = 1;
+ return 1;
+ }
+ else /* already sent a cookie */
+ {
+ al=SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
+ goto f_err;
+ }
+ }
+ }
+
+ if ( s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO)
+ {
+ al=SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
+ goto f_err;
+ }
+
d=p=(unsigned char *)s->init_msg;
if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
@@ -719,6 +821,14 @@ static int ssl3_get_server_hello(SSL *s)
/* lets get the compression algorithm */
/* COMPRESSION */
+#ifdef OPENSSL_NO_COMP
+ if (*(p++) != 0)
+ {
+ al=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+ goto f_err;
+ }
+#else
j= *(p++);
if (j == 0)
comp=NULL;
@@ -735,6 +845,25 @@ static int ssl3_get_server_hello(SSL *s)
{
s->s3->tmp.new_compression=comp;
}
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+ /* TLS extensions*/
+ if (s->version > SSL3_VERSION)
+ {
+ if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
+ {
+ /* 'al' set by ssl_parse_serverhello_tlsext */
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLSEXT);
+ goto f_err;
+ }
+ if (ssl_check_serverhello_tlsext(s) <= 0)
+ {
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
+ goto err;
+ }
+ }
+#endif
+
if (p != (d+n))
{
@@ -751,18 +880,19 @@ err:
return(-1);
}
-static int ssl3_get_server_certificate(SSL *s)
+int ssl3_get_server_certificate(SSL *s)
{
int al,i,ok,ret= -1;
unsigned long n,nc,llen,l;
X509 *x=NULL;
- unsigned char *p,*d,*q;
+ const unsigned char *q,*p;
+ unsigned char *d;
STACK_OF(X509) *sk=NULL;
SESS_CERT *sc;
EVP_PKEY *pkey=NULL;
- int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */
+ int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */
- n=ssl3_get_message(s,
+ n=s->method->ssl_get_message(s,
SSL3_ST_CR_CERT_A,
SSL3_ST_CR_CERT_B,
-1,
@@ -771,7 +901,9 @@ static int ssl3_get_server_certificate(SSL *s)
if (!ok) return((int)n);
- if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE)
+ if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
+ ((s->s3->tmp.new_cipher->algorithms & SSL_aKRB5) &&
+ (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)))
{
s->s3->tmp.reuse_message=1;
return(1);
@@ -783,7 +915,7 @@ static int ssl3_get_server_certificate(SSL *s)
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
goto f_err;
}
- d=p=(unsigned char *)s->init_msg;
+ p=d=(unsigned char *)s->init_msg;
if ((sk=sk_X509_new_null()) == NULL)
{
@@ -835,10 +967,10 @@ static int ssl3_get_server_certificate(SSL *s)
i=ssl_verify_cert_chain(s,sk);
if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
#ifndef OPENSSL_NO_KRB5
- && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
- != (SSL_aKRB5|SSL_kKRB5)
+ && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
+ != (SSL_aKRB5|SSL_kKRB5)
#endif /* OPENSSL_NO_KRB5 */
- )
+ )
{
al=ssl_verify_alarm_type(s->verify_result);
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
@@ -861,16 +993,16 @@ static int ssl3_get_server_certificate(SSL *s)
pkey=X509_get_pubkey(x);
- /* VRS: allow null cert if auth == KRB5 */
- need_cert = ((s->s3->tmp.new_cipher->algorithms
- & (SSL_MKEY_MASK|SSL_AUTH_MASK))
- == (SSL_aKRB5|SSL_kKRB5))? 0: 1;
+ /* VRS: allow null cert if auth == KRB5 */
+ need_cert = ((s->s3->tmp.new_cipher->algorithms
+ & (SSL_MKEY_MASK|SSL_AUTH_MASK))
+ == (SSL_aKRB5|SSL_kKRB5))? 0: 1;
#ifdef KSSL_DEBUG
printf("pkey,x = %p, %p\n", pkey,x);
printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name,
- s->s3->tmp.new_cipher->algorithms, need_cert);
+ s->s3->tmp.new_cipher->algorithms, need_cert);
#endif /* KSSL_DEBUG */
if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))
@@ -892,31 +1024,31 @@ static int ssl3_get_server_certificate(SSL *s)
goto f_err;
}
- if (need_cert)
- {
- sc->peer_cert_type=i;
- CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
- /* Why would the following ever happen?
- * We just created sc a couple of lines ago. */
- if (sc->peer_pkeys[i].x509 != NULL)
- X509_free(sc->peer_pkeys[i].x509);
- sc->peer_pkeys[i].x509=x;
- sc->peer_key= &(sc->peer_pkeys[i]);
-
- if (s->session->peer != NULL)
- X509_free(s->session->peer);
- CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
- s->session->peer=x;
- }
- else
- {
- sc->peer_cert_type=i;
- sc->peer_key= NULL;
-
- if (s->session->peer != NULL)
- X509_free(s->session->peer);
- s->session->peer=NULL;
- }
+ if (need_cert)
+ {
+ sc->peer_cert_type=i;
+ CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
+ /* Why would the following ever happen?
+ * We just created sc a couple of lines ago. */
+ if (sc->peer_pkeys[i].x509 != NULL)
+ X509_free(sc->peer_pkeys[i].x509);
+ sc->peer_pkeys[i].x509=x;
+ sc->peer_key= &(sc->peer_pkeys[i]);
+
+ if (s->session->peer != NULL)
+ X509_free(s->session->peer);
+ CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
+ s->session->peer=x;
+ }
+ else
+ {
+ sc->peer_cert_type=i;
+ sc->peer_key= NULL;
+
+ if (s->session->peer != NULL)
+ X509_free(s->session->peer);
+ s->session->peer=NULL;
+ }
s->session->verify_result = s->verify_result;
x=NULL;
@@ -934,7 +1066,7 @@ err:
return(ret);
}
-static int ssl3_get_key_exchange(SSL *s)
+int ssl3_get_key_exchange(SSL *s)
{
#ifndef OPENSSL_NO_RSA
unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];
@@ -950,10 +1082,17 @@ static int ssl3_get_key_exchange(SSL *s)
#ifndef OPENSSL_NO_DH
DH *dh=NULL;
#endif
+#ifndef OPENSSL_NO_ECDH
+ EC_KEY *ecdh = NULL;
+ BN_CTX *bn_ctx = NULL;
+ EC_POINT *srvr_ecpoint = NULL;
+ int curve_nid = 0;
+ int encoded_pt_len = 0;
+#endif
/* use same message size as in ssl3_get_certificate_request()
* as ServerKeyExchange message may be skipped */
- n=ssl3_get_message(s,
+ n=s->method->ssl_get_message(s,
SSL3_ST_CR_KEY_EXCH_A,
SSL3_ST_CR_KEY_EXCH_B,
-1,
@@ -986,6 +1125,13 @@ static int ssl3_get_key_exchange(SSL *s)
s->session->sess_cert->peer_dh_tmp=NULL;
}
#endif
+#ifndef OPENSSL_NO_ECDH
+ if (s->session->sess_cert->peer_ecdh_tmp)
+ {
+ EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
+ s->session->sess_cert->peer_ecdh_tmp=NULL;
+ }
+#endif
}
else
{
@@ -1127,6 +1273,114 @@ static int ssl3_get_key_exchange(SSL *s)
goto f_err;
}
#endif /* !OPENSSL_NO_DH */
+
+#ifndef OPENSSL_NO_ECDH
+ else if (alg & SSL_kECDHE)
+ {
+ EC_GROUP *ngroup;
+ const EC_GROUP *group;
+
+ if ((ecdh=EC_KEY_new()) == NULL)
+ {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* Extract elliptic curve parameters and the
+ * server's ephemeral ECDH public key.
+ * Keep accumulating lengths of various components in
+ * param_len and make sure it never exceeds n.
+ */
+
+ /* XXX: For now we only support named (not generic) curves
+ * and the ECParameters in this case is just three bytes.
+ */
+ param_len=3;
+ if ((param_len > n) ||
+ (*p != NAMED_CURVE_TYPE) ||
+ ((curve_nid = curve_id2nid(*(p + 2))) == 0))
+ {
+ al=SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
+ goto f_err;
+ }
+
+ ngroup = EC_GROUP_new_by_curve_name(curve_nid);
+ if (ngroup == NULL)
+ {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
+ goto err;
+ }
+ if (EC_KEY_set_group(ecdh, ngroup) == 0)
+ {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
+ goto err;
+ }
+ EC_GROUP_free(ngroup);
+
+ group = EC_KEY_get0_group(ecdh);
+
+ if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
+ (EC_GROUP_get_degree(group) > 163))
+ {
+ al=SSL_AD_EXPORT_RESTRICTION;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
+ goto f_err;
+ }
+
+ p+=3;
+
+ /* Next, get the encoded ECPoint */
+ if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
+ ((bn_ctx = BN_CTX_new()) == NULL))
+ {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ encoded_pt_len = *p; /* length of encoded point */
+ p+=1;
+ param_len += (1 + encoded_pt_len);
+ if ((param_len > n) ||
+ (EC_POINT_oct2point(group, srvr_ecpoint,
+ p, encoded_pt_len, bn_ctx) == 0))
+ {
+ al=SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT);
+ goto f_err;
+ }
+
+ n-=param_len;
+ p+=encoded_pt_len;
+
+ /* The ECC/TLS specification does not mention
+ * the use of DSA to sign ECParameters in the server
+ * key exchange message. We do support RSA and ECDSA.
+ */
+ if (0) ;
+#ifndef OPENSSL_NO_RSA
+ else if (alg & SSL_aRSA)
+ pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ else if (alg & SSL_aECDSA)
+ pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
+#endif
+ /* else anonymous ECDH, so no certificate or pkey. */
+ EC_KEY_set_public_key(ecdh, srvr_ecpoint);
+ s->session->sess_cert->peer_ecdh_tmp=ecdh;
+ ecdh=NULL;
+ BN_CTX_free(bn_ctx);
+ EC_POINT_free(srvr_ecpoint);
+ srvr_ecpoint = NULL;
+ }
+ else if (alg & SSL_kECDH)
+ {
+ al=SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+ goto f_err;
+ }
+#endif /* !OPENSSL_NO_ECDH */
if (alg & SSL_aFZA)
{
al=SSL_AD_HANDSHAKE_FAILURE;
@@ -1137,7 +1391,6 @@ static int ssl3_get_key_exchange(SSL *s)
/* p points to the next byte, there are 'n' bytes left */
-
/* if it was signed, check the signature */
if (pkey != NULL)
{
@@ -1162,14 +1415,11 @@ static int ssl3_get_key_exchange(SSL *s)
q=md_buf;
for (num=2; num > 0; num--)
{
- EVP_MD_CTX_set_flags(&md_ctx,
- EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_DigestInit_ex(&md_ctx,(num == 2)
?s->ctx->md5:s->ctx->sha1, NULL);
EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
EVP_DigestUpdate(&md_ctx,param,param_len);
-
EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
q+=i;
j+=i;
@@ -1210,6 +1460,24 @@ static int ssl3_get_key_exchange(SSL *s)
}
else
#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (pkey->type == EVP_PKEY_EC)
+ {
+ /* let's do ECDSA */
+ EVP_VerifyInit_ex(&md_ctx,EVP_ecdsa(), NULL);
+ EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+ EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+ EVP_VerifyUpdate(&md_ctx,param,param_len);
+ if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
+ {
+ /* bad signature */
+ al=SSL_AD_DECRYPT_ERROR;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
+ goto f_err;
+ }
+ }
+ else
+#endif
{
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
goto err;
@@ -1245,20 +1513,27 @@ err:
if (dh != NULL)
DH_free(dh);
#endif
+#ifndef OPENSSL_NO_ECDH
+ BN_CTX_free(bn_ctx);
+ EC_POINT_free(srvr_ecpoint);
+ if (ecdh != NULL)
+ EC_KEY_free(ecdh);
+#endif
EVP_MD_CTX_cleanup(&md_ctx);
return(-1);
}
-static int ssl3_get_certificate_request(SSL *s)
+int ssl3_get_certificate_request(SSL *s)
{
int ok,ret=0;
unsigned long n,nc,l;
unsigned int llen,ctype_num,i;
X509_NAME *xn=NULL;
- unsigned char *p,*d,*q;
+ const unsigned char *p,*q;
+ unsigned char *d;
STACK_OF(X509_NAME) *ca_sk=NULL;
- n=ssl3_get_message(s,
+ n=s->method->ssl_get_message(s,
SSL3_ST_CR_CERT_REQ_A,
SSL3_ST_CR_CERT_REQ_B,
-1,
@@ -1294,7 +1569,7 @@ static int ssl3_get_certificate_request(SSL *s)
}
}
- d=p=(unsigned char *)s->init_msg;
+ p=d=(unsigned char *)s->init_msg;
if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
{
@@ -1395,13 +1670,150 @@ static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
{
return(X509_NAME_cmp(*a,*b));
}
+#ifndef OPENSSL_NO_TLSEXT
+int ssl3_get_new_session_ticket(SSL *s)
+ {
+ int ok,al,ret=0, ticklen;
+ long n;
+ const unsigned char *p;
+ unsigned char *d;
-static int ssl3_get_server_done(SSL *s)
+ n=s->method->ssl_get_message(s,
+ SSL3_ST_CR_SESSION_TICKET_A,
+ SSL3_ST_CR_SESSION_TICKET_B,
+ -1,
+ 16384,
+ &ok);
+
+ if (!ok)
+ return((int)n);
+
+ if (s->s3->tmp.message_type == SSL3_MT_FINISHED)
+ {
+ s->s3->tmp.reuse_message=1;
+ return(1);
+ }
+ if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET)
+ {
+ al=SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE);
+ goto f_err;
+ }
+ if (n < 6)
+ {
+ /* need at least ticket_lifetime_hint + ticket length */
+ al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ p=d=(unsigned char *)s->init_msg;
+ n2l(p, s->session->tlsext_tick_lifetime_hint);
+ n2s(p, ticklen);
+ /* ticket_lifetime_hint + ticket_length + ticket */
+ if (ticklen + 6 != n)
+ {
+ al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ if (s->session->tlsext_tick)
+ {
+ OPENSSL_free(s->session->tlsext_tick);
+ s->session->tlsext_ticklen = 0;
+ }
+ s->session->tlsext_tick = OPENSSL_malloc(ticklen);
+ if (!s->session->tlsext_tick)
+ {
+ SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ memcpy(s->session->tlsext_tick, p, ticklen);
+ s->session->tlsext_ticklen = ticklen;
+
+ ret=1;
+ return(ret);
+f_err:
+ ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+ return(-1);
+ }
+
+int ssl3_get_cert_status(SSL *s)
+ {
+ int ok, al;
+ unsigned long resplen;
+ long n;
+ const unsigned char *p;
+
+ n=s->method->ssl_get_message(s,
+ SSL3_ST_CR_CERT_STATUS_A,
+ SSL3_ST_CR_CERT_STATUS_B,
+ SSL3_MT_CERTIFICATE_STATUS,
+ 16384,
+ &ok);
+
+ if (!ok) return((int)n);
+ if (n < 4)
+ {
+ /* need at least status type + length */
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ p = (unsigned char *)s->init_msg;
+ if (*p++ != TLSEXT_STATUSTYPE_ocsp)
+ {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_UNSUPPORTED_STATUS_TYPE);
+ goto f_err;
+ }
+ n2l3(p, resplen);
+ if (resplen + 4 != n)
+ {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ if (s->tlsext_ocsp_resp)
+ OPENSSL_free(s->tlsext_ocsp_resp);
+ s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
+ if (!s->tlsext_ocsp_resp)
+ {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE);
+ goto f_err;
+ }
+ s->tlsext_ocsp_resplen = resplen;
+ if (s->ctx->tlsext_status_cb)
+ {
+ int ret;
+ ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+ if (ret == 0)
+ {
+ al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
+ SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_INVALID_STATUS_RESPONSE);
+ goto f_err;
+ }
+ if (ret < 0)
+ {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE);
+ goto f_err;
+ }
+ }
+ return 1;
+f_err:
+ ssl3_send_alert(s,SSL3_AL_FATAL,al);
+ return(-1);
+ }
+#endif
+
+int ssl3_get_server_done(SSL *s)
{
int ok,ret=0;
long n;
- n=ssl3_get_message(s,
+ n=s->method->ssl_get_message(s,
SSL3_ST_CR_SRVR_DONE_A,
SSL3_ST_CR_SRVR_DONE_B,
SSL3_MT_SERVER_DONE,
@@ -1420,7 +1832,8 @@ static int ssl3_get_server_done(SSL *s)
return(ret);
}
-static int ssl3_send_client_key_exchange(SSL *s)
+
+int ssl3_send_client_key_exchange(SSL *s)
{
unsigned char *p,*d;
int n;
@@ -1430,8 +1843,16 @@ static int ssl3_send_client_key_exchange(SSL *s)
EVP_PKEY *pkey=NULL;
#endif
#ifndef OPENSSL_NO_KRB5
- KSSL_ERR kssl_err;
+ KSSL_ERR kssl_err;
#endif /* OPENSSL_NO_KRB5 */
+#ifndef OPENSSL_NO_ECDH
+ EC_KEY *clnt_ecdh = NULL;
+ const EC_POINT *srvr_ecpoint = NULL;
+ EVP_PKEY *srvr_pub_pkey = NULL;
+ unsigned char *encodedPoint = NULL;
+ int encoded_pt_len = 0;
+ BN_CTX * bn_ctx = NULL;
+#endif
if (s->state == SSL3_ST_CW_KEY_EXCH_A)
{
@@ -1440,8 +1861,8 @@ static int ssl3_send_client_key_exchange(SSL *s)
l=s->s3->tmp.new_cipher->algorithms;
- /* Fool emacs indentation */
- if (0) {}
+ /* Fool emacs indentation */
+ if (0) {}
#ifndef OPENSSL_NO_RSA
else if (l & SSL_kRSA)
{
@@ -1503,12 +1924,12 @@ static int ssl3_send_client_key_exchange(SSL *s)
#endif
#ifndef OPENSSL_NO_KRB5
else if (l & SSL_kKRB5)
- {
- krb5_error_code krb5rc;
- KSSL_CTX *kssl_ctx = s->kssl_ctx;
- /* krb5_data krb5_ap_req; */
- krb5_data *enc_ticket;
- krb5_data authenticator, *authp = NULL;
+ {
+ krb5_error_code krb5rc;
+ KSSL_CTX *kssl_ctx = s->kssl_ctx;
+ /* krb5_data krb5_ap_req; */
+ krb5_data *enc_ticket;
+ krb5_data authenticator, *authp = NULL;
EVP_CIPHER_CTX ciph_ctx;
EVP_CIPHER *enc = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
@@ -1520,8 +1941,8 @@ static int ssl3_send_client_key_exchange(SSL *s)
EVP_CIPHER_CTX_init(&ciph_ctx);
#ifdef KSSL_DEBUG
- printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
- l, SSL_kKRB5);
+ printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
+ l, SSL_kKRB5);
#endif /* KSSL_DEBUG */
authp = NULL;
@@ -1529,37 +1950,37 @@ static int ssl3_send_client_key_exchange(SSL *s)
if (KRB5SENDAUTH) authp = &authenticator;
#endif /* KRB5SENDAUTH */
- krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
+ krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
&kssl_err);
enc = kssl_map_enc(kssl_ctx->enctype);
- if (enc == NULL)
- goto err;
+ if (enc == NULL)
+ goto err;
#ifdef KSSL_DEBUG
- {
- printf("kssl_cget_tkt rtn %d\n", krb5rc);
- if (krb5rc && kssl_err.text)
+ {
+ printf("kssl_cget_tkt rtn %d\n", krb5rc);
+ if (krb5rc && kssl_err.text)
printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
- }
+ }
#endif /* KSSL_DEBUG */
- if (krb5rc)
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,
+ if (krb5rc)
+ {
+ ssl3_send_alert(s,SSL3_AL_FATAL,
SSL_AD_HANDSHAKE_FAILURE);
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
kssl_err.reason);
- goto err;
- }
+ goto err;
+ }
/* 20010406 VRS - Earlier versions used KRB5 AP_REQ
** in place of RFC 2712 KerberosWrapper, as in:
**
- ** Send ticket (copy to *p, set n = length)
- ** n = krb5_ap_req.length;
- ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
- ** if (krb5_ap_req.data)
- ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
- **
+ ** Send ticket (copy to *p, set n = length)
+ ** n = krb5_ap_req.length;
+ ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
+ ** if (krb5_ap_req.data)
+ ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
+ **
** Now using real RFC 2712 KerberosWrapper
** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
** Note: 2712 "opaque" types are here replaced
@@ -1594,8 +2015,10 @@ static int ssl3_send_client_key_exchange(SSL *s)
n+=2;
}
- if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
- goto err;
+ tmp_buf[0]=s->client_version>>8;
+ tmp_buf[1]=s->client_version&0xff;
+ if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
+ goto err;
/* 20010420 VRS. Tried it this way; failed.
** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
@@ -1624,20 +2047,27 @@ static int ssl3_send_client_key_exchange(SSL *s)
p+=outl;
n+=outl + 2;
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
+ s->session->master_key_length=
+ s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,
tmp_buf, sizeof tmp_buf);
OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
OPENSSL_cleanse(epms, outl);
- }
+ }
#endif
#ifndef OPENSSL_NO_DH
else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
{
DH *dh_srvr,*dh_clnt;
+ if (s->session->sess_cert == NULL)
+ {
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+ goto err;
+ }
+
if (s->session->sess_cert->peer_dh_tmp != NULL)
dh_srvr=s->session->sess_cert->peer_dh_tmp;
else
@@ -1689,10 +2119,198 @@ static int ssl3_send_client_key_exchange(SSL *s)
/* perhaps clean things up a bit EAY EAY EAY EAY*/
}
#endif
+
+#ifndef OPENSSL_NO_ECDH
+ else if ((l & SSL_kECDH) || (l & SSL_kECDHE))
+ {
+ const EC_GROUP *srvr_group = NULL;
+ EC_KEY *tkey;
+ int ecdh_clnt_cert = 0;
+ int field_size = 0;
+
+ /* Did we send out the client's
+ * ECDH share for use in premaster
+ * computation as part of client certificate?
+ * If so, set ecdh_clnt_cert to 1.
+ */
+ if ((l & SSL_kECDH) && (s->cert != NULL))
+ {
+ /* XXX: For now, we do not support client
+ * authentication using ECDH certificates.
+ * To add such support, one needs to add
+ * code that checks for appropriate
+ * conditions and sets ecdh_clnt_cert to 1.
+ * For example, the cert have an ECC
+ * key on the same curve as the server's
+ * and the key should be authorized for
+ * key agreement.
+ *
+ * One also needs to add code in ssl3_connect
+ * to skip sending the certificate verify
+ * message.
+ *
+ * if ((s->cert->key->privatekey != NULL) &&
+ * (s->cert->key->privatekey->type ==
+ * EVP_PKEY_EC) && ...)
+ * ecdh_clnt_cert = 1;
+ */
+ }
+
+ if (s->session->sess_cert->peer_ecdh_tmp != NULL)
+ {
+ tkey = s->session->sess_cert->peer_ecdh_tmp;
+ }
+ else
+ {
+ /* Get the Server Public Key from Cert */
+ srvr_pub_pkey = X509_get_pubkey(s->session-> \
+ sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
+ if ((srvr_pub_pkey == NULL) ||
+ (srvr_pub_pkey->type != EVP_PKEY_EC) ||
+ (srvr_pub_pkey->pkey.ec == NULL))
+ {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ tkey = srvr_pub_pkey->pkey.ec;
+ }
+
+ srvr_group = EC_KEY_get0_group(tkey);
+ srvr_ecpoint = EC_KEY_get0_public_key(tkey);
+
+ if ((srvr_group == NULL) || (srvr_ecpoint == NULL))
+ {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ if ((clnt_ecdh=EC_KEY_new()) == NULL)
+ {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!EC_KEY_set_group(clnt_ecdh, srvr_group))
+ {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
+ goto err;
+ }
+ if (ecdh_clnt_cert)
+ {
+ /* Reuse key info from our certificate
+ * We only need our private key to perform
+ * the ECDH computation.
+ */
+ const BIGNUM *priv_key;
+ tkey = s->cert->key->privatekey->pkey.ec;
+ priv_key = EC_KEY_get0_private_key(tkey);
+ if (priv_key == NULL)
+ {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!EC_KEY_set_private_key(clnt_ecdh, priv_key))
+ {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+ else
+ {
+ /* Generate a new ECDH key pair */
+ if (!(EC_KEY_generate_key(clnt_ecdh)))
+ {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+ goto err;
+ }
+ }
+
+ /* use the 'p' output buffer for the ECDH key, but
+ * make sure to clear it out afterwards
+ */
+
+ field_size = EC_GROUP_get_degree(srvr_group);
+ if (field_size <= 0)
+ {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_ECDH_LIB);
+ goto err;
+ }
+ n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
+ if (n <= 0)
+ {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_ECDH_LIB);
+ goto err;
+ }
+
+ /* generate master key from the result */
+ s->session->master_key_length = s->method->ssl3_enc \
+ -> generate_master_secret(s,
+ s->session->master_key,
+ p, n);
+
+ memset(p, 0, n); /* clean up */
+
+ if (ecdh_clnt_cert)
+ {
+ /* Send empty client key exch message */
+ n = 0;
+ }
+ else
+ {
+ /* First check the size of encoding and
+ * allocate memory accordingly.
+ */
+ encoded_pt_len =
+ EC_POINT_point2oct(srvr_group,
+ EC_KEY_get0_public_key(clnt_ecdh),
+ POINT_CONVERSION_UNCOMPRESSED,
+ NULL, 0, NULL);
+
+ encodedPoint = (unsigned char *)
+ OPENSSL_malloc(encoded_pt_len *
+ sizeof(unsigned char));
+ bn_ctx = BN_CTX_new();
+ if ((encodedPoint == NULL) ||
+ (bn_ctx == NULL))
+ {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* Encode the public key */
+ n = EC_POINT_point2oct(srvr_group,
+ EC_KEY_get0_public_key(clnt_ecdh),
+ POINT_CONVERSION_UNCOMPRESSED,
+ encodedPoint, encoded_pt_len, bn_ctx);
+
+ *p = n; /* length of encoded point */
+ /* Encoded point will be copied here */
+ p += 1;
+ /* copy the point */
+ memcpy((unsigned char *)p, encodedPoint, n);
+ /* increment n to account for length field */
+ n += 1;
+ }
+
+ /* Free allocated memory */
+ BN_CTX_free(bn_ctx);
+ if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
+ if (clnt_ecdh != NULL)
+ EC_KEY_free(clnt_ecdh);
+ EVP_PKEY_free(srvr_pub_pkey);
+ }
+#endif /* !OPENSSL_NO_ECDH */
else
{
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+ ssl3_send_alert(s, SSL3_AL_FATAL,
+ SSL_AD_HANDSHAKE_FAILURE);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -1708,10 +2326,17 @@ static int ssl3_send_client_key_exchange(SSL *s)
/* SSL3_ST_CW_KEY_EXCH_B */
return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
err:
+#ifndef OPENSSL_NO_ECDH
+ BN_CTX_free(bn_ctx);
+ if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
+ if (clnt_ecdh != NULL)
+ EC_KEY_free(clnt_ecdh);
+ EVP_PKEY_free(srvr_pub_pkey);
+#endif
return(-1);
}
-static int ssl3_send_client_verify(SSL *s)
+int ssl3_send_client_verify(SSL *s)
{
unsigned char *p,*d;
unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
@@ -1720,7 +2345,7 @@ static int ssl3_send_client_verify(SSL *s)
unsigned u=0;
#endif
unsigned long n;
-#ifndef OPENSSL_NO_DSA
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
int j;
#endif
@@ -1766,6 +2391,23 @@ static int ssl3_send_client_verify(SSL *s)
}
else
#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (pkey->type == EVP_PKEY_EC)
+ {
+ if (!ECDSA_sign(pkey->save_type,
+ &(data[MD5_DIGEST_LENGTH]),
+ SHA_DIGEST_LENGTH,&(p[2]),
+ (unsigned int *)&j,pkey->pkey.ec))
+ {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
+ ERR_R_ECDSA_LIB);
+ goto err;
+ }
+ s2n(j,p);
+ n=j+2;
+ }
+ else
+#endif
{
SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
goto err;
@@ -1782,7 +2424,7 @@ err:
return(-1);
}
-static int ssl3_send_client_certificate(SSL *s)
+int ssl3_send_client_certificate(SSL *s)
{
X509 *x509=NULL;
EVP_PKEY *pkey=NULL;
@@ -1861,7 +2503,7 @@ static int ssl3_send_client_certificate(SSL *s)
#define has_bits(i,m) (((i)&(m)) == (m))
-static int ssl3_check_cert_and_algorithm(SSL *s)
+int ssl3_check_cert_and_algorithm(SSL *s)
{
int i,idx;
long algs;
@@ -1876,18 +2518,18 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
sc=s->session->sess_cert;
- if (sc == NULL)
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
algs=s->s3->tmp.new_cipher->algorithms;
/* we don't have a certificate */
if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5))
return(1);
+ if (sc == NULL)
+ {
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
#ifndef OPENSSL_NO_RSA
rsa=s->session->sess_cert->peer_rsa_tmp;
#endif
@@ -1898,6 +2540,21 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
/* This is the passed certificate */
idx=sc->peer_cert_type;
+#ifndef OPENSSL_NO_ECDH
+ if (idx == SSL_PKEY_ECC)
+ {
+ if (check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
+ s->s3->tmp.new_cipher) == 0)
+ { /* check failed */
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);
+ goto f_err;
+ }
+ else
+ {
+ return 1;
+ }
+ }
+#endif
pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);
i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);
EVP_PKEY_free(pkey);
@@ -1983,3 +2640,79 @@ err:
return(0);
}
+
+#ifndef OPENSSL_NO_ECDH
+/* This is the complement of nid2curve_id in s3_srvr.c. */
+static int curve_id2nid(int curve_id)
+{
+ /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)
+ * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */
+ static int nid_list[26] =
+ {
+ 0,
+ NID_sect163k1, /* sect163k1 (1) */
+ NID_sect163r1, /* sect163r1 (2) */
+ NID_sect163r2, /* sect163r2 (3) */
+ NID_sect193r1, /* sect193r1 (4) */
+ NID_sect193r2, /* sect193r2 (5) */
+ NID_sect233k1, /* sect233k1 (6) */
+ NID_sect233r1, /* sect233r1 (7) */
+ NID_sect239k1, /* sect239k1 (8) */
+ NID_sect283k1, /* sect283k1 (9) */
+ NID_sect283r1, /* sect283r1 (10) */
+ NID_sect409k1, /* sect409k1 (11) */
+ NID_sect409r1, /* sect409r1 (12) */
+ NID_sect571k1, /* sect571k1 (13) */
+ NID_sect571r1, /* sect571r1 (14) */
+ NID_secp160k1, /* secp160k1 (15) */
+ NID_secp160r1, /* secp160r1 (16) */
+ NID_secp160r2, /* secp160r2 (17) */
+ NID_secp192k1, /* secp192k1 (18) */
+ NID_X9_62_prime192v1, /* secp192r1 (19) */
+ NID_secp224k1, /* secp224k1 (20) */
+ NID_secp224r1, /* secp224r1 (21) */
+ NID_secp256k1, /* secp256k1 (22) */
+ NID_X9_62_prime256v1, /* secp256r1 (23) */
+ NID_secp384r1, /* secp384r1 (24) */
+ NID_secp521r1 /* secp521r1 (25) */
+ };
+
+ if ((curve_id < 1) || (curve_id > 25)) return 0;
+
+ return nid_list[curve_id];
+}
+#endif
+
+/* Check to see if handshake is full or resumed. Usually this is just a
+ * case of checking to see if a cache hit has occurred. In the case of
+ * session tickets we have to check the next message to be sure.
+ */
+
+#ifndef OPENSSL_NO_TLSEXT
+static int ssl3_check_finished(SSL *s)
+ {
+ int ok;
+ long n;
+ /* If we have no ticket or session ID is non-zero length (a match of
+ * a non-zero session length would never reach here) it cannot be a
+ * resumed session.
+ */
+ if (!s->session->tlsext_tick || s->session->session_id_length)
+ return 1;
+ /* this function is called when we really expect a Certificate
+ * message, so permit appropriate message length */
+ n=s->method->ssl_get_message(s,
+ SSL3_ST_CR_CERT_A,
+ SSL3_ST_CR_CERT_B,
+ -1,
+ s->max_cert_list,
+ &ok);
+ if (!ok) return((int)n);
+ s->s3->tmp.reuse_message = 1;
+ if ((s->s3->tmp.message_type == SSL3_MT_FINISHED)
+ || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
+ return 2;
+
+ return 1;
+ }
+#endif
diff --git a/lib/libssl/src/ssl/s3_enc.c b/lib/libssl/src/ssl/s3_enc.c
index a012d3f2b5e..2859351b001 100644
--- a/lib/libssl/src/ssl/s3_enc.c
+++ b/lib/libssl/src/ssl/s3_enc.c
@@ -139,16 +139,15 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
EVP_MD_CTX s1;
unsigned char buf[16],smd[SHA_DIGEST_LENGTH];
unsigned char c='A';
- int i,j,k;
+ unsigned int i,j,k;
#ifdef CHARSET_EBCDIC
c = os_toascii[c]; /*'A' in ASCII */
#endif
k=0;
EVP_MD_CTX_init(&m5);
- EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_MD_CTX_init(&s1);
- for (i=0; i<num; i+=MD5_DIGEST_LENGTH)
+ for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH)
{
k++;
if (k > sizeof buf)
@@ -173,7 +172,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
EVP_DigestUpdate(&m5,s->session->master_key,
s->session->master_key_length);
EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH);
- if ((i+MD5_DIGEST_LENGTH) > num)
+ if ((int)(i+MD5_DIGEST_LENGTH) > num)
{
EVP_DigestFinal_ex(&m5,smd,NULL);
memcpy(km,smd,(num-i));
@@ -197,7 +196,9 @@ int ssl3_change_cipher_state(SSL *s, int which)
unsigned char *ms,*key,*iv,*er1,*er2;
EVP_CIPHER_CTX *dd;
const EVP_CIPHER *c;
+#ifndef OPENSSL_NO_COMP
COMP_METHOD *comp;
+#endif
const EVP_MD *m;
EVP_MD_CTX md;
int is_exp,n,i,j,k,cl;
@@ -206,10 +207,12 @@ int ssl3_change_cipher_state(SSL *s, int which)
is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
c=s->s3->tmp.new_sym_enc;
m=s->s3->tmp.new_hash;
+#ifndef OPENSSL_NO_COMP
if (s->s3->tmp.new_compression == NULL)
comp=NULL;
else
comp=s->s3->tmp.new_compression->method;
+#endif
key_block=s->s3->tmp.key_block;
if (which & SSL3_CC_READ)
@@ -218,8 +221,12 @@ int ssl3_change_cipher_state(SSL *s, int which)
reuse_dd = 1;
else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
goto err;
+ else
+ /* make sure it's intialized in case we exit later with an error */
+ EVP_CIPHER_CTX_init(s->enc_read_ctx);
dd= s->enc_read_ctx;
s->read_hash=m;
+#ifndef OPENSSL_NO_COMP
/* COMPRESS */
if (s->expand != NULL)
{
@@ -240,6 +247,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
if (s->s3->rrec.comp == NULL)
goto err;
}
+#endif
memset(&(s->s3->read_sequence[0]),0,8);
mac_secret= &(s->s3->read_mac_secret[0]);
}
@@ -249,8 +257,12 @@ int ssl3_change_cipher_state(SSL *s, int which)
reuse_dd = 1;
else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
goto err;
+ else
+ /* make sure it's intialized in case we exit later with an error */
+ EVP_CIPHER_CTX_init(s->enc_write_ctx);
dd= s->enc_write_ctx;
s->write_hash=m;
+#ifndef OPENSSL_NO_COMP
/* COMPRESS */
if (s->compress != NULL)
{
@@ -266,19 +278,19 @@ int ssl3_change_cipher_state(SSL *s, int which)
goto err2;
}
}
+#endif
memset(&(s->s3->write_sequence[0]),0,8);
mac_secret= &(s->s3->write_mac_secret[0]);
}
if (reuse_dd)
EVP_CIPHER_CTX_cleanup(dd);
- EVP_CIPHER_CTX_init(dd);
p=s->s3->tmp.key_block;
i=EVP_MD_size(m);
cl=EVP_CIPHER_key_length(c);
j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
- cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+ cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
/* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
k=EVP_CIPHER_iv_length(c);
if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
@@ -364,7 +376,11 @@ int ssl3_setup_key_block(SSL *s)
s->s3->tmp.new_sym_enc=c;
s->s3->tmp.new_hash=hash;
+#ifdef OPENSSL_NO_COMP
+ s->s3->tmp.new_compression=NULL;
+#else
s->s3->tmp.new_compression=comp;
+#endif
num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
num*=2;
@@ -502,8 +518,6 @@ int ssl3_enc(SSL *s, int send)
void ssl3_init_finished_mac(SSL *s)
{
- EVP_MD_CTX_set_flags(&(s->s3->finish_dgst1),
- EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL);
EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL);
}
@@ -572,7 +586,7 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send)
const EVP_MD *hash;
unsigned char *p,rec_char;
unsigned int md_size;
- int npad,i;
+ int npad;
if (send)
{
@@ -615,13 +629,19 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send)
EVP_MD_CTX_cleanup(&md_ctx);
+ ssl3_record_sequence_update(seq);
+ return(md_size);
+ }
+
+void ssl3_record_sequence_update(unsigned char *seq)
+ {
+ int i;
+
for (i=7; i>=0; i--)
{
++seq[i];
if (seq[i] != 0) break;
}
-
- return(md_size);
}
int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
@@ -644,7 +664,6 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
unsigned int n;
EVP_MD_CTX_init(&ctx);
- EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
for (i=0; i<3; i++)
{
EVP_DigestInit_ex(&ctx,s->ctx->sha1, NULL);
diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c
index a77588e7257..bdbcd44f271 100644
--- a/lib/libssl/src/ssl/s3_lib.c
+++ b/lib/libssl/src/ssl/s3_lib.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -108,19 +108,35 @@
* Hudson (tjh@cryptsoft.com).
*
*/
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
#include <stdio.h>
#include <openssl/objects.h>
#include "ssl_locl.h"
#include "kssl_lcl.h"
#include <openssl/md5.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#include <openssl/pq_compat.h>
-const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
+const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
-static long ssl3_default_timeout(void );
-
+/* list of available SSLv3 ciphers (sorted by id) */
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
/* The RSA ciphers */
/* Cipher 01 */
@@ -142,82 +158,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_RSA_NULL_SHA,
SSL3_CK_RSA_NULL_SHA,
SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* anon DH */
-/* Cipher 17 */
- {
- 1,
- SSL3_TXT_ADH_RC4_40_MD5,
- SSL3_CK_ADH_RC4_40_MD5,
- SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 18 */
- {
- 1,
- SSL3_TXT_ADH_RC4_128_MD5,
- SSL3_CK_ADH_RC4_128_MD5,
- SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 19 */
- {
- 1,
- SSL3_TXT_ADH_DES_40_CBC_SHA,
- SSL3_CK_ADH_DES_40_CBC_SHA,
- SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40|SSL_FIPS,
+ SSL_NOT_EXP|SSL_STRONG_NONE,
0,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 1A */
- {
- 1,
- SSL3_TXT_ADH_DES_64_CBC_SHA,
- SSL3_CK_ADH_DES_64_CBC_SHA,
- SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 1B */
- {
- 1,
- SSL3_TXT_ADH_DES_192_CBC_SHA,
- SSL3_CK_ADH_DES_192_CBC_SHA,
- SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
0,
- 168,
- 168,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
-
-/* RSA again */
/* Cipher 03 */
{
1,
@@ -291,7 +238,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_RSA_DES_40_CBC_SHA,
SSL3_CK_RSA_DES_40_CBC_SHA,
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40|SSL_FIPS,
+ SSL_EXPORT|SSL_EXP40,
0,
40,
56,
@@ -304,7 +251,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_RSA_DES_64_CBC_SHA,
SSL3_CK_RSA_DES_64_CBC_SHA,
SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
+ SSL_NOT_EXP|SSL_LOW,
0,
56,
56,
@@ -317,22 +264,21 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_RSA_DES_192_CBC3_SHA,
SSL3_CK_RSA_DES_192_CBC3_SHA,
SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_NOT_EXP|SSL_HIGH,
0,
168,
168,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
-
-/* The DH ciphers */
+/* The DH ciphers */
/* Cipher 0B */
{
0,
SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
SSL3_CK_DH_DSS_DES_40_CBC_SHA,
SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40|SSL_FIPS,
+ SSL_EXPORT|SSL_EXP40,
0,
40,
56,
@@ -345,7 +291,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
SSL3_CK_DH_DSS_DES_64_CBC_SHA,
SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
+ SSL_NOT_EXP|SSL_LOW,
0,
56,
56,
@@ -358,7 +304,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_NOT_EXP|SSL_HIGH,
0,
168,
168,
@@ -371,7 +317,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
SSL3_CK_DH_RSA_DES_40_CBC_SHA,
SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40|SSL_FIPS,
+ SSL_EXPORT|SSL_EXP40,
0,
40,
56,
@@ -384,7 +330,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
SSL3_CK_DH_RSA_DES_64_CBC_SHA,
SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
+ SSL_NOT_EXP|SSL_LOW,
0,
56,
56,
@@ -397,7 +343,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_NOT_EXP|SSL_HIGH,
0,
168,
168,
@@ -412,7 +358,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40|SSL_FIPS,
+ SSL_EXPORT|SSL_EXP40,
0,
40,
56,
@@ -425,7 +371,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
+ SSL_NOT_EXP|SSL_LOW,
0,
56,
56,
@@ -438,7 +384,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_NOT_EXP|SSL_HIGH,
0,
168,
168,
@@ -451,7 +397,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40|SSL_FIPS,
+ SSL_EXPORT|SSL_EXP40,
0,
40,
56,
@@ -464,7 +410,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
+ SSL_NOT_EXP|SSL_LOW,
0,
56,
56,
@@ -477,7 +423,72 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 168,
+ 168,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 17 */
+ {
+ 1,
+ SSL3_TXT_ADH_RC4_40_MD5,
+ SSL3_CK_ADH_RC4_40_MD5,
+ SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
+ SSL_EXPORT|SSL_EXP40,
+ 0,
+ 40,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 18 */
+ {
+ 1,
+ SSL3_TXT_ADH_RC4_128_MD5,
+ SSL3_CK_ADH_RC4_128_MD5,
+ SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
+ SSL_NOT_EXP|SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 19 */
+ {
+ 1,
+ SSL3_TXT_ADH_DES_40_CBC_SHA,
+ SSL3_CK_ADH_DES_40_CBC_SHA,
+ SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
+ SSL_EXPORT|SSL_EXP40,
+ 0,
+ 40,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 1A */
+ {
+ 1,
+ SSL3_TXT_ADH_DES_64_CBC_SHA,
+ SSL3_CK_ADH_DES_64_CBC_SHA,
+ SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3,
+ SSL_NOT_EXP|SSL_LOW,
+ 0,
+ 56,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 1B */
+ {
+ 1,
+ SSL3_TXT_ADH_DES_192_CBC_SHA,
+ SSL3_CK_ADH_DES_192_CBC_SHA,
+ SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+ SSL_NOT_EXP|SSL_HIGH,
0,
168,
168,
@@ -531,17 +542,14 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
#endif
#ifndef OPENSSL_NO_KRB5
-/* The Kerberos ciphers
-** 20000107 VRS: And the first shall be last,
-** in hopes of avoiding the lynx ssl renegotiation problem.
-*/
-/* Cipher 1E VRS */
+/* The Kerberos ciphers */
+/* Cipher 1E */
{
1,
SSL3_TXT_KRB5_DES_64_CBC_SHA,
SSL3_CK_KRB5_DES_64_CBC_SHA,
SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
+ SSL_NOT_EXP|SSL_LOW,
0,
56,
56,
@@ -549,21 +557,21 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS,
},
-/* Cipher 1F VRS */
+/* Cipher 1F */
{
1,
SSL3_TXT_KRB5_DES_192_CBC3_SHA,
SSL3_CK_KRB5_DES_192_CBC3_SHA,
SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_NOT_EXP|SSL_HIGH,
0,
- 112,
+ 168,
168,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
-/* Cipher 20 VRS */
+/* Cipher 20 */
{
1,
SSL3_TXT_KRB5_RC4_128_SHA,
@@ -577,7 +585,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS,
},
-/* Cipher 21 VRS */
+/* Cipher 21 */
{
1,
SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
@@ -591,7 +599,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS,
},
-/* Cipher 22 VRS */
+/* Cipher 22 */
{
1,
SSL3_TXT_KRB5_DES_64_CBC_MD5,
@@ -605,7 +613,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS,
},
-/* Cipher 23 VRS */
+/* Cipher 23 */
{
1,
SSL3_TXT_KRB5_DES_192_CBC3_MD5,
@@ -613,13 +621,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH,
0,
- 112,
+ 168,
168,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
-/* Cipher 24 VRS */
+/* Cipher 24 */
{
1,
SSL3_TXT_KRB5_RC4_128_MD5,
@@ -633,7 +641,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS,
},
-/* Cipher 25 VRS */
+/* Cipher 25 */
{
1,
SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
@@ -647,13 +655,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS,
},
-/* Cipher 26 VRS */
+/* Cipher 26 */
{
1,
SSL3_TXT_KRB5_DES_40_CBC_SHA,
SSL3_CK_KRB5_DES_40_CBC_SHA,
SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40|SSL_FIPS,
+ SSL_EXPORT|SSL_EXP40,
0,
40,
56,
@@ -661,7 +669,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS,
},
-/* Cipher 27 VRS */
+/* Cipher 27 */
{
1,
SSL3_TXT_KRB5_RC2_40_CBC_SHA,
@@ -675,7 +683,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS,
},
-/* Cipher 28 VRS */
+/* Cipher 28 */
{
1,
SSL3_TXT_KRB5_RC4_40_SHA,
@@ -683,13 +691,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
- 128,
+ 40,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
-/* Cipher 29 VRS */
+/* Cipher 29 */
{
1,
SSL3_TXT_KRB5_DES_40_CBC_MD5,
@@ -703,7 +711,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS,
},
-/* Cipher 2A VRS */
+/* Cipher 2A */
{
1,
SSL3_TXT_KRB5_RC2_40_CBC_MD5,
@@ -717,7 +725,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS,
},
-/* Cipher 2B VRS */
+/* Cipher 2B */
{
1,
SSL3_TXT_KRB5_RC4_40_MD5,
@@ -725,16 +733,258 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
- 128,
+ 40,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
#endif /* OPENSSL_NO_KRB5 */
+/* New AES ciphersuites */
+/* Cipher 2F */
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_AES_128_SHA,
+ TLS1_CK_RSA_WITH_AES_128_SHA,
+ SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 30 */
+ {
+ 0,
+ TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
+ TLS1_CK_DH_DSS_WITH_AES_128_SHA,
+ SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 31 */
+ {
+ 0,
+ TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
+ TLS1_CK_DH_RSA_WITH_AES_128_SHA,
+ SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 32 */
+ {
+ 1,
+ TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
+ TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
+ SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 33 */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
+ TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
+ SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 34 */
+ {
+ 1,
+ TLS1_TXT_ADH_WITH_AES_128_SHA,
+ TLS1_CK_ADH_WITH_AES_128_SHA,
+ SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 35 */
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_AES_256_SHA,
+ TLS1_CK_RSA_WITH_AES_256_SHA,
+ SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 36 */
+ {
+ 0,
+ TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
+ TLS1_CK_DH_DSS_WITH_AES_256_SHA,
+ SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 37 */
+ {
+ 0,
+ TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
+ TLS1_CK_DH_RSA_WITH_AES_256_SHA,
+ SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 38 */
+ {
+ 1,
+ TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
+ TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
+ SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 39 */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
+ TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
+ SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+ /* Cipher 3A */
+ {
+ 1,
+ TLS1_TXT_ADH_WITH_AES_256_SHA,
+ TLS1_CK_ADH_WITH_AES_256_SHA,
+ SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+#ifndef OPENSSL_NO_CAMELLIA
+ /* Camellia ciphersuites from RFC4132 (128-bit portion) */
+
+ /* Cipher 41 */
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS
+ },
+ /* Cipher 42 */
+ {
+ 0, /* not implemented (non-ephemeral DH) */
+ TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
+ SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS
+ },
+ /* Cipher 43 */
+ {
+ 0, /* not implemented (non-ephemeral DH) */
+ TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS
+ },
+ /* Cipher 44 */
+ {
+ 1,
+ TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+ SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS
+ },
+ /* Cipher 45 */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS
+ },
+ /* Cipher 46 */
+ {
+ 1,
+ TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
+ SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS
+ },
+#endif /* OPENSSL_NO_CAMELLIA */
#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
- /* New TLS Export CipherSuites */
+ /* New TLS Export CipherSuites from expired ID */
+#if 0
/* Cipher 60 */
{
1,
@@ -761,13 +1011,14 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
+#endif
/* Cipher 62 */
{
1,
TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56|SSL_FIPS,
+ SSL_EXPORT|SSL_EXP56,
0,
56,
56,
@@ -780,7 +1031,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56|SSL_FIPS,
+ SSL_EXPORT|SSL_EXP56,
0,
56,
56,
@@ -827,170 +1078,536 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS
},
#endif
- /* New AES ciphersuites */
- /* Cipher 2F */
+#ifndef OPENSSL_NO_CAMELLIA
+ /* Camellia ciphersuites from RFC4132 (256-bit portion) */
+
+ /* Cipher 84 */
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS
+ },
+ /* Cipher 85 */
+ {
+ 0, /* not implemented (non-ephemeral DH) */
+ TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
+ SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS
+ },
+ /* Cipher 86 */
+ {
+ 0, /* not implemented (non-ephemeral DH) */
+ TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS
+ },
+ /* Cipher 87 */
+ {
+ 1,
+ TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+ SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS
+ },
+ /* Cipher 88 */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS
+ },
+ /* Cipher 89 */
+ {
+ 1,
+ TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
+ SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS
+ },
+#endif /* OPENSSL_NO_CAMELLIA */
+
+#ifndef OPENSSL_NO_SEED
+ /* SEED ciphersuites from RFC4162 */
+
+ /* Cipher 96 */
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_SEED_SHA,
+ TLS1_CK_RSA_WITH_SEED_SHA,
+ SSL_kRSA|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher 97 */
+ {
+ 0, /* not implemented (non-ephemeral DH) */
+ TLS1_TXT_DH_DSS_WITH_SEED_SHA,
+ TLS1_CK_DH_DSS_WITH_SEED_SHA,
+ SSL_kDHd|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher 98 */
+ {
+ 0, /* not implemented (non-ephemeral DH) */
+ TLS1_TXT_DH_RSA_WITH_SEED_SHA,
+ TLS1_CK_DH_RSA_WITH_SEED_SHA,
+ SSL_kDHr|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher 99 */
+ {
+ 1,
+ TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
+ TLS1_CK_DHE_DSS_WITH_SEED_SHA,
+ SSL_kEDH|SSL_aDSS|SSL_SEED|SSL_SHA1|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher 9A */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
+ TLS1_CK_DHE_RSA_WITH_SEED_SHA,
+ SSL_kEDH|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher 9B */
+ {
+ 1,
+ TLS1_TXT_ADH_WITH_SEED_SHA,
+ TLS1_CK_ADH_WITH_SEED_SHA,
+ SSL_kEDH|SSL_aNULL|SSL_SEED|SSL_SHA1|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+#endif /* OPENSSL_NO_SEED */
+
+#ifndef OPENSSL_NO_ECDH
+ /* Cipher C001 */
{
- 1,
- TLS1_TXT_RSA_WITH_AES_128_SHA,
- TLS1_CK_RSA_WITH_AES_128_SHA,
- SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 30 */
+ 1,
+ TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
+ TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
+ SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP,
+ 0,
+ 0,
+ 0,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C002 */
{
- 0,
- TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
- TLS1_CK_DH_DSS_WITH_AES_128_SHA,
- SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 31 */
+ 1,
+ TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
+ TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
+ SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C003 */
{
- 0,
- TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
- TLS1_CK_DH_RSA_WITH_AES_128_SHA,
- SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 32 */
+ 1,
+ TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
+ TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
+ SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 168,
+ 168,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C004 */
{
- 1,
- TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
- TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
- SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 33 */
+ 1,
+ TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+ SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C005 */
{
- 1,
- TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
- TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
- SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 34 */
+ 1,
+ TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+ SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C006 */
{
- 1,
- TLS1_TXT_ADH_WITH_AES_128_SHA,
- TLS1_CK_ADH_WITH_AES_128_SHA,
- SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher 35 */
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
+ TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
+ SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP,
+ 0,
+ 0,
+ 0,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C007 */
{
- 1,
- TLS1_TXT_RSA_WITH_AES_256_SHA,
- TLS1_CK_RSA_WITH_AES_256_SHA,
- SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 36 */
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
+ TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
+ SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C008 */
{
- 0,
- TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
- TLS1_CK_DH_DSS_WITH_AES_256_SHA,
- SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 37 */
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+ TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+ SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 168,
+ 168,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C009 */
{
- 0,
- TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
- TLS1_CK_DH_RSA_WITH_AES_256_SHA,
- SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 38 */
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C00A */
{
- 1,
- TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
- TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
- SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 39 */
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C00B */
{
- 1,
- TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
- TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
- SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 3A */
+ 1,
+ TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
+ TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
+ SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP,
+ 0,
+ 0,
+ 0,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C00C */
{
- 1,
- TLS1_TXT_ADH_WITH_AES_256_SHA,
- TLS1_CK_ADH_WITH_AES_256_SHA,
- SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
+ 1,
+ TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
+ TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
+ SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C00D */
+ {
+ 1,
+ TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
+ TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
+ SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 168,
+ 168,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C00E */
+ {
+ 1,
+ TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
+ TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
+ SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C00F */
+ {
+ 1,
+ TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
+ TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
+ SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C010 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
+ TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
+ SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP,
+ 0,
+ 0,
+ 0,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C011 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
+ TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
+ SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C012 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+ TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+ SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 168,
+ 168,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C013 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C014 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C015 */
+ {
+ 1,
+ TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
+ TLS1_CK_ECDH_anon_WITH_NULL_SHA,
+ SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP,
+ 0,
+ 0,
+ 0,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
},
+ /* Cipher C016 */
+ {
+ 1,
+ TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
+ TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
+ SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C017 */
+ {
+ 1,
+ TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
+ TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
+ SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 168,
+ 168,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C018 */
+ {
+ 1,
+ TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
+ TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
+ SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C019 */
+ {
+ 1,
+ TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
+ TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
+ SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+#endif /* OPENSSL_NO_ECDH */
+
+
/* end of list */
};
-static SSL3_ENC_METHOD SSLv3_enc_data={
+SSL3_ENC_METHOD SSLv3_enc_data={
ssl3_enc,
ssl3_mac,
ssl3_setup_key_block,
@@ -1004,45 +1621,17 @@ static SSL3_ENC_METHOD SSLv3_enc_data={
ssl3_alert_code,
};
-static SSL_METHOD SSLv3_data= {
- SSL3_VERSION,
- ssl3_new,
- ssl3_clear,
- ssl3_free,
- ssl_undefined_function,
- ssl_undefined_function,
- ssl3_read,
- ssl3_peek,
- ssl3_write,
- ssl3_shutdown,
- ssl3_renegotiate,
- ssl3_renegotiate_check,
- ssl3_ctrl,
- ssl3_ctx_ctrl,
- ssl3_get_cipher_by_char,
- ssl3_put_cipher_by_char,
- ssl3_pending,
- ssl3_num_ciphers,
- ssl3_get_cipher,
- ssl_bad_method,
- ssl3_default_timeout,
- &SSLv3_enc_data,
- ssl_undefined_function,
- ssl3_callback_ctrl,
- ssl3_ctx_callback_ctrl,
- };
-
-static long ssl3_default_timeout(void)
+long ssl3_default_timeout(void)
{
/* 2 hours, the 24 hours mentioned in the SSLv3 spec
* is way too long for http, the cache would over fill */
return(60*60*2);
}
-SSL_METHOD *sslv3_base_method(void)
- {
- return(&SSLv3_data);
- }
+IMPLEMENT_ssl3_meth_func(sslv3_base_method,
+ ssl_undefined_function,
+ ssl_undefined_function,
+ ssl_bad_method)
int ssl3_num_ciphers(void)
{
@@ -1073,6 +1662,8 @@ int ssl3_new(SSL *s)
memset(s3,0,sizeof *s3);
EVP_MD_CTX_init(&s3->finish_dgst1);
EVP_MD_CTX_init(&s3->finish_dgst2);
+ pq_64bit_init(&(s3->rrec.seq_num));
+ pq_64bit_init(&(s3->wrec.seq_num));
s->s3=s3;
@@ -1098,10 +1689,18 @@ void ssl3_free(SSL *s)
if (s->s3->tmp.dh != NULL)
DH_free(s->s3->tmp.dh);
#endif
+#ifndef OPENSSL_NO_ECDH
+ if (s->s3->tmp.ecdh != NULL)
+ EC_KEY_free(s->s3->tmp.ecdh);
+#endif
+
if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
+ pq_64bit_free(&(s->s3->rrec.seq_num));
+ pq_64bit_free(&(s->s3->wrec.seq_num));
+
OPENSSL_cleanse(s->s3,sizeof *s->s3);
OPENSSL_free(s->s3);
s->s3=NULL;
@@ -1125,6 +1724,10 @@ void ssl3_clear(SSL *s)
if (s->s3->tmp.dh != NULL)
DH_free(s->s3->tmp.dh);
#endif
+#ifndef OPENSSL_NO_ECDH
+ if (s->s3->tmp.ecdh != NULL)
+ EC_KEY_free(s->s3->tmp.ecdh);
+#endif
rp = s->s3->rbuf.buf;
wp = s->s3->wbuf.buf;
@@ -1263,13 +1866,122 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
}
break;
#endif
+#ifndef OPENSSL_NO_ECDH
+ case SSL_CTRL_SET_TMP_ECDH:
+ {
+ EC_KEY *ecdh = NULL;
+
+ if (parg == NULL)
+ {
+ SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return(ret);
+ }
+ if (!EC_KEY_up_ref((EC_KEY *)parg))
+ {
+ SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
+ return(ret);
+ }
+ ecdh = (EC_KEY *)parg;
+ if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
+ {
+ if (!EC_KEY_generate_key(ecdh))
+ {
+ EC_KEY_free(ecdh);
+ SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
+ return(ret);
+ }
+ }
+ if (s->cert->ecdh_tmp != NULL)
+ EC_KEY_free(s->cert->ecdh_tmp);
+ s->cert->ecdh_tmp = ecdh;
+ ret = 1;
+ }
+ break;
+ case SSL_CTRL_SET_TMP_ECDH_CB:
+ {
+ SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return(ret);
+ }
+ break;
+#endif /* !OPENSSL_NO_ECDH */
+#ifndef OPENSSL_NO_TLSEXT
+ case SSL_CTRL_SET_TLSEXT_HOSTNAME:
+ if (larg == TLSEXT_NAMETYPE_host_name)
+ {
+ if (s->tlsext_hostname != NULL)
+ OPENSSL_free(s->tlsext_hostname);
+ s->tlsext_hostname = NULL;
+
+ ret = 1;
+ if (parg == NULL)
+ break;
+ if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
+ {
+ SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
+ return 0;
+ }
+ if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
+ {
+ SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ }
+ else
+ {
+ SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
+ return 0;
+ }
+ break;
+ case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
+ s->tlsext_debug_arg=parg;
+ ret = 1;
+ break;
+
+ case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
+ s->tlsext_status_type=larg;
+ ret = 1;
+ break;
+
+ case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
+ *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
+ ret = 1;
+ break;
+
+ case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
+ s->tlsext_ocsp_exts = parg;
+ ret = 1;
+ break;
+
+ case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
+ *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
+ ret = 1;
+ break;
+
+ case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
+ s->tlsext_ocsp_ids = parg;
+ ret = 1;
+ break;
+
+ case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
+ *(unsigned char **)parg = s->tlsext_ocsp_resp;
+ return s->tlsext_ocsp_resplen;
+
+ case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
+ if (s->tlsext_ocsp_resp)
+ OPENSSL_free(s->tlsext_ocsp_resp);
+ s->tlsext_ocsp_resp = parg;
+ s->tlsext_ocsp_resplen = larg;
+ ret = 1;
+ break;
+
+#endif /* !OPENSSL_NO_TLSEXT */
default:
break;
}
return(ret);
}
-long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
+long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
{
int ret=0;
@@ -1307,6 +2019,19 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
}
break;
#endif
+#ifndef OPENSSL_NO_ECDH
+ case SSL_CTRL_SET_TMP_ECDH_CB:
+ {
+ s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
+ }
+ break;
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+ case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
+ s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
+ unsigned char *, int, void *))fp;
+ break;
+#endif
default:
break;
}
@@ -1399,6 +2124,83 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
}
break;
#endif
+#ifndef OPENSSL_NO_ECDH
+ case SSL_CTRL_SET_TMP_ECDH:
+ {
+ EC_KEY *ecdh = NULL;
+
+ if (parg == NULL)
+ {
+ SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
+ return 0;
+ }
+ ecdh = EC_KEY_dup((EC_KEY *)parg);
+ if (ecdh == NULL)
+ {
+ SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
+ return 0;
+ }
+ if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
+ {
+ if (!EC_KEY_generate_key(ecdh))
+ {
+ EC_KEY_free(ecdh);
+ SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
+ return 0;
+ }
+ }
+
+ if (cert->ecdh_tmp != NULL)
+ {
+ EC_KEY_free(cert->ecdh_tmp);
+ }
+ cert->ecdh_tmp = ecdh;
+ return 1;
+ }
+ /* break; */
+ case SSL_CTRL_SET_TMP_ECDH_CB:
+ {
+ SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return(0);
+ }
+ break;
+#endif /* !OPENSSL_NO_ECDH */
+#ifndef OPENSSL_NO_TLSEXT
+ case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
+ ctx->tlsext_servername_arg=parg;
+ break;
+ case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
+ case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
+ {
+ unsigned char *keys = parg;
+ if (!keys)
+ return 48;
+ if (larg != 48)
+ {
+ SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
+ return 0;
+ }
+ if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
+ {
+ memcpy(ctx->tlsext_tick_key_name, keys, 16);
+ memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
+ memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
+ }
+ else
+ {
+ memcpy(keys, ctx->tlsext_tick_key_name, 16);
+ memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
+ memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
+ }
+ return 1;
+ }
+
+ case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
+ ctx->tlsext_status_arg=parg;
+ return 1;
+ break;
+
+#endif /* !OPENSSL_NO_TLSEXT */
/* A Thawte special :-) */
case SSL_CTRL_EXTRA_CHAIN_CERT:
if (ctx->extra_certs == NULL)
@@ -1415,7 +2217,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
return(1);
}
-long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
+long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
{
CERT *cert;
@@ -1437,6 +2239,30 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
}
break;
#endif
+#ifndef OPENSSL_NO_ECDH
+ case SSL_CTRL_SET_TMP_ECDH_CB:
+ {
+ cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
+ }
+ break;
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+ case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
+ ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
+ break;
+
+ case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
+ ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
+ break;
+
+ case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
+ ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *,
+ unsigned char *,
+ EVP_CIPHER_CTX *,
+ HMAC_CTX *, int))fp;
+ break;
+
+#endif
default:
return(0);
}
@@ -1447,41 +2273,19 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
* available */
SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
{
- static int init=1;
- static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
- SSL_CIPHER c,*cp= &c,**cpp;
+ SSL_CIPHER c,*cp;
unsigned long id;
- int i;
-
- if (init)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-
- if (init)
- {
- for (i=0; i<SSL3_NUM_CIPHERS; i++)
- sorted[i]= &(ssl3_ciphers[i]);
-
- qsort(sorted,
- SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
- FP_ICC ssl_cipher_ptr_id_cmp);
-
- init=0;
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
- }
id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
c.id=id;
- cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
- (char *)sorted,
- SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
- FP_ICC ssl_cipher_ptr_id_cmp);
- if ((cpp == NULL) || !(*cpp)->valid)
- return(NULL);
+ cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
+ (char *)ssl3_ciphers,
+ SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),
+ FP_ICC ssl_cipher_id_cmp);
+ if (cp == NULL || cp->valid == 0)
+ return NULL;
else
- return(*cpp);
+ return cp;
}
int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
@@ -1504,6 +2308,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
SSL_CIPHER *c,*ret=NULL;
STACK_OF(SSL_CIPHER) *prio, *allow;
int i,j,ok;
+
CERT *cert;
unsigned long alg,mask,emask;
@@ -1584,7 +2389,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
}
if (!ok) continue;
-
j=sk_SSL_CIPHER_find(allow,c);
if (j >= 0)
{
@@ -1629,6 +2433,26 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
#ifndef OPENSSL_NO_DSA
p[ret++]=SSL3_CT_DSS_SIGN;
#endif
+#ifndef OPENSSL_NO_ECDH
+ /* We should ask for fixed ECDH certificates only
+ * for SSL_kECDH (and not SSL_kECDHE)
+ */
+ if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION))
+ {
+ p[ret++]=TLS_CT_RSA_FIXED_ECDH;
+ p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
+ }
+#endif
+
+#ifndef OPENSSL_NO_ECDSA
+ /* ECDSA certs can be used with RSA cipher suites as well
+ * so we don't need to check for SSL_kECDH or SSL_kECDHE
+ */
+ if (s->version >= TLS1_VERSION)
+ {
+ p[ret++]=TLS_CT_ECDSA_SIGN;
+ }
+#endif
return(ret);
}
@@ -1656,13 +2480,13 @@ int ssl3_shutdown(SSL *s)
{
/* resend it if not sent */
#if 1
- ssl3_dispatch_alert(s);
+ s->method->ssl_dispatch_alert(s);
#endif
}
else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
{
/* If we are waiting for a close from our peer, we are closed */
- ssl3_read_bytes(s,0,NULL,0,0);
+ s->method->ssl_read_bytes(s,0,NULL,0,0);
}
if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
@@ -1717,8 +2541,8 @@ int ssl3_write(SSL *s, const void *buf, int len)
}
else
{
- ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
- buf,len);
+ ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
+ buf,len);
if (ret <= 0) return(ret);
}
@@ -1732,7 +2556,7 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
clear_sys_error();
if (s->s3->renegotiate) ssl3_renegotiate_check(s);
s->s3->in_read_app_data=1;
- ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
+ ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
if ((ret == -1) && (s->s3->in_read_app_data == 2))
{
/* ssl3_read_bytes decided to call s->handshake_func, which
@@ -1741,7 +2565,7 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
* and thinks that application data makes sense here; so disable
* handshake processing and try to read application data again. */
s->in_handshake++;
- ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
+ ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
s->in_handshake--;
}
else
diff --git a/lib/libssl/src/ssl/s3_meth.c b/lib/libssl/src/ssl/s3_meth.c
index 1fd7a96f87b..6a6eb1c58f8 100644
--- a/lib/libssl/src/ssl/s3_meth.c
+++ b/lib/libssl/src/ssl/s3_meth.c
@@ -69,27 +69,9 @@ static SSL_METHOD *ssl3_get_method(int ver)
return(NULL);
}
-SSL_METHOD *SSLv3_method(void)
- {
- static int init=1;
- static SSL_METHOD SSLv3_data;
-
- if (init)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
- if (init)
- {
- memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(),
- sizeof(SSL_METHOD));
- SSLv3_data.ssl_connect=ssl3_connect;
- SSLv3_data.ssl_accept=ssl3_accept;
- SSLv3_data.get_ssl_method=ssl3_get_method;
- init=0;
- }
+IMPLEMENT_ssl3_meth_func(SSLv3_method,
+ ssl3_accept,
+ ssl3_connect,
+ ssl3_get_method)
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
- }
- return(&SSLv3_data);
- }
diff --git a/lib/libssl/src/ssl/s3_pkt.c b/lib/libssl/src/ssl/s3_pkt.c
index cb0b12b4006..44c7c143fe7 100644
--- a/lib/libssl/src/ssl/s3_pkt.c
+++ b/lib/libssl/src/ssl/s3_pkt.c
@@ -118,15 +118,9 @@
static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
unsigned int len, int create_empty_fragment);
-static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
- unsigned int len);
static int ssl3_get_record(SSL *s);
-static int do_compress(SSL *ssl);
-static int do_uncompress(SSL *ssl);
-static int do_change_cipher_spec(SSL *ssl);
-/* used only by ssl3_get_record */
-static int ssl3_read_n(SSL *s, int n, int max, int extend)
+int ssl3_read_n(SSL *s, int n, int max, int extend)
{
/* If extend == 0, obtain new n-byte packet; if extend == 1, increase
* packet by another n bytes.
@@ -147,6 +141,14 @@ static int ssl3_read_n(SSL *s, int n, int max, int extend)
/* ... now we can act as if 'extend' was set */
}
+ /* extend reads should not span multiple packets for DTLS */
+ if ( SSL_version(s) == DTLS1_VERSION &&
+ extend)
+ {
+ if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left)
+ n = s->s3->rbuf.left;
+ }
+
/* if there is enough in the buffer from a previous read, take some */
if (s->s3->rbuf.left >= (int)n)
{
@@ -275,11 +277,7 @@ again:
n2s(p,rr->length);
/* Lets check version */
- if (s->first_packet)
- {
- s->first_packet=0;
- }
- else
+ if (!s->first_packet)
{
if (version != s->version)
{
@@ -434,7 +432,7 @@ printf("\n");
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
goto f_err;
}
- if (!do_uncompress(s))
+ if (!ssl3_do_uncompress(s))
{
al=SSL_AD_DECOMPRESSION_FAILURE;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
@@ -472,8 +470,9 @@ err:
return(ret);
}
-static int do_uncompress(SSL *ssl)
+int ssl3_do_uncompress(SSL *ssl)
{
+#ifndef OPENSSL_NO_COMP
int i;
SSL3_RECORD *rr;
@@ -485,12 +484,13 @@ static int do_uncompress(SSL *ssl)
else
rr->length=i;
rr->data=rr->comp;
-
+#endif
return(1);
}
-static int do_compress(SSL *ssl)
+int ssl3_do_compress(SSL *ssl)
{
+#ifndef OPENSSL_NO_COMP
int i;
SSL3_RECORD *wr;
@@ -504,6 +504,7 @@ static int do_compress(SSL *ssl)
wr->length=i;
wr->input=wr->data;
+#endif
return(1);
}
@@ -580,7 +581,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/* If we have an alert to send, lets send it */
if (s->s3->alert_dispatch)
{
- i=ssl3_dispatch_alert(s);
+ i=s->method->ssl_dispatch_alert(s);
if (i <= 0)
return(i);
/* if it went, fall through and send more stuff */
@@ -655,7 +656,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/* first we compress */
if (s->compress != NULL)
{
- if (!do_compress(s))
+ if (!ssl3_do_compress(s))
{
SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
goto err;
@@ -716,8 +717,8 @@ err:
}
/* if s->s3->wbuf.left != 0, we need to call this */
-static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
- unsigned int len)
+int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+ unsigned int len)
{
int i;
@@ -1089,7 +1090,7 @@ start:
if (s->s3->tmp.new_cipher == NULL)
{
al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
+ SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
goto f_err;
}
@@ -1099,7 +1100,7 @@ start:
s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);
s->s3->change_cipher_spec=1;
- if (!do_change_cipher_spec(s))
+ if (!ssl3_do_change_cipher_spec(s))
goto err;
else
goto start;
@@ -1211,7 +1212,7 @@ err:
return(-1);
}
-static int do_change_cipher_spec(SSL *s)
+int ssl3_do_change_cipher_spec(SSL *s)
{
int i;
const char *sender;
@@ -1268,7 +1269,7 @@ void ssl3_send_alert(SSL *s, int level, int desc)
s->s3->send_alert[0]=level;
s->s3->send_alert[1]=desc;
if (s->s3->wbuf.left == 0) /* data still being written out? */
- ssl3_dispatch_alert(s);
+ s->method->ssl_dispatch_alert(s);
/* else data is still being written out, we will get written
* some time in the future */
}
diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index 36fc39d7f82..903522ab599 100644
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -108,11 +108,23 @@
* Hudson (tjh@cryptsoft.com).
*
*/
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
#define REUSE_CIPHER_BUG
#define NETSCAPE_HANG_BUG
-
#include <stdio.h>
#include "ssl_locl.h"
#include "kssl_lcl.h"
@@ -120,24 +132,21 @@
#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include <openssl/hmac.h>
#include <openssl/x509.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#include <openssl/bn.h>
#ifndef OPENSSL_NO_KRB5
#include <openssl/krb5_asn.h>
#endif
#include <openssl/md5.h>
-#include <openssl/fips.h>
static SSL_METHOD *ssl3_get_server_method(int ver);
-static int ssl3_get_client_hello(SSL *s);
-static int ssl3_check_client_hello(SSL *s);
-static int ssl3_send_server_hello(SSL *s);
-static int ssl3_send_server_key_exchange(SSL *s);
-static int ssl3_send_certificate_request(SSL *s);
-static int ssl3_send_server_done(SSL *s);
-static int ssl3_get_client_key_exchange(SSL *s);
-static int ssl3_get_client_certificate(SSL *s);
-static int ssl3_get_cert_verify(SSL *s);
-static int ssl3_send_hello_request(SSL *s);
+#ifndef OPENSSL_NO_ECDH
+static int nid2curve_id(int nid);
+#endif
static SSL_METHOD *ssl3_get_server_method(int ver)
{
@@ -147,28 +156,10 @@ static SSL_METHOD *ssl3_get_server_method(int ver)
return(NULL);
}
-SSL_METHOD *SSLv3_server_method(void)
- {
- static int init=1;
- static SSL_METHOD SSLv3_server_data;
-
- if (init)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
- if (init)
- {
- memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
- sizeof(SSL_METHOD));
- SSLv3_server_data.ssl_accept=ssl3_accept;
- SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
- init=0;
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
- }
- return(&SSLv3_server_data);
- }
+IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
+ ssl3_accept,
+ ssl_undefined_function,
+ ssl3_get_server_method)
int ssl3_accept(SSL *s)
{
@@ -299,9 +290,18 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SW_SRVR_HELLO_B:
ret=ssl3_send_server_hello(s);
if (ret <= 0) goto end;
-
+#ifndef OPENSSL_NO_TLSEXT
if (s->hit)
- s->state=SSL3_ST_SW_CHANGE_A;
+ {
+ if (s->tlsext_ticket_expected)
+ s->state=SSL3_ST_SW_SESSION_TICKET_A;
+ else
+ s->state=SSL3_ST_SW_CHANGE_A;
+ }
+#else
+ if (s->hit)
+ s->state=SSL3_ST_SW_CHANGE_A;
+#endif
else
s->state=SSL3_ST_SW_CERT_A;
s->init_num=0;
@@ -309,15 +309,30 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SW_CERT_A:
case SSL3_ST_SW_CERT_B:
- /* Check if it is anon DH */
- if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
+ /* Check if it is anon DH or anon ECDH or KRB5 */
+ if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)
+ && !(s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
{
ret=ssl3_send_server_certificate(s);
if (ret <= 0) goto end;
+#ifndef OPENSSL_NO_TLSEXT
+ if (s->tlsext_status_expected)
+ s->state=SSL3_ST_SW_CERT_STATUS_A;
+ else
+ s->state=SSL3_ST_SW_KEY_EXCH_A;
+ }
+ else
+ {
+ skip = 1;
+ s->state=SSL3_ST_SW_KEY_EXCH_A;
+ }
+#else
}
else
skip=1;
+
s->state=SSL3_ST_SW_KEY_EXCH_A;
+#endif
s->init_num=0;
break;
@@ -340,9 +355,18 @@ int ssl3_accept(SSL *s)
else
s->s3->tmp.use_rsa_tmp=0;
+
/* only send if a DH key exchange, fortezza or
- * RSA but we have a sign only certificate */
+ * RSA but we have a sign only certificate
+ *
+ * For ECC ciphersuites, we send a serverKeyExchange
+ * message only if the cipher suite is either
+ * ECDH-anon or ECDHE. In other cases, the
+ * server certificate contains the server's
+ * public key for key exchange.
+ */
if (s->s3->tmp.use_rsa_tmp
+ || (l & SSL_kECDHE)
|| (l & (SSL_DH|SSL_kFZA))
|| ((l & SSL_kRSA)
&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
@@ -446,19 +470,33 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SR_KEY_EXCH_A:
case SSL3_ST_SR_KEY_EXCH_B:
ret=ssl3_get_client_key_exchange(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SR_CERT_VRFY_A;
- s->init_num=0;
-
- /* We need to get hashes here so if there is
- * a client cert, it can be verified */
- s->method->ssl3_enc->cert_verify_mac(s,
- &(s->s3->finish_dgst1),
- &(s->s3->tmp.cert_verify_md[0]));
- s->method->ssl3_enc->cert_verify_mac(s,
- &(s->s3->finish_dgst2),
- &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
+ if (ret <= 0)
+ goto end;
+ if (ret == 2)
+ {
+ /* For the ECDH ciphersuites when
+ * the client sends its ECDH pub key in
+ * a certificate, the CertificateVerify
+ * message is not sent.
+ */
+ s->state=SSL3_ST_SR_FINISHED_A;
+ s->init_num = 0;
+ }
+ else
+ {
+ s->state=SSL3_ST_SR_CERT_VRFY_A;
+ s->init_num=0;
+ /* We need to get hashes here so if there is
+ * a client cert, it can be verified
+ */
+ s->method->ssl3_enc->cert_verify_mac(s,
+ &(s->s3->finish_dgst1),
+ &(s->s3->tmp.cert_verify_md[0]));
+ s->method->ssl3_enc->cert_verify_mac(s,
+ &(s->s3->finish_dgst2),
+ &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
+ }
break;
case SSL3_ST_SR_CERT_VRFY_A:
@@ -479,11 +517,34 @@ int ssl3_accept(SSL *s)
if (ret <= 0) goto end;
if (s->hit)
s->state=SSL_ST_OK;
+#ifndef OPENSSL_NO_TLSEXT
+ else if (s->tlsext_ticket_expected)
+ s->state=SSL3_ST_SW_SESSION_TICKET_A;
+#endif
else
s->state=SSL3_ST_SW_CHANGE_A;
s->init_num=0;
break;
+#ifndef OPENSSL_NO_TLSEXT
+ case SSL3_ST_SW_SESSION_TICKET_A:
+ case SSL3_ST_SW_SESSION_TICKET_B:
+ ret=ssl3_send_newsession_ticket(s);
+ if (ret <= 0) goto end;
+ s->state=SSL3_ST_SW_CHANGE_A;
+ s->init_num=0;
+ break;
+
+ case SSL3_ST_SW_CERT_STATUS_A:
+ case SSL3_ST_SW_CERT_STATUS_B:
+ ret=ssl3_send_cert_status(s);
+ if (ret <= 0) goto end;
+ s->state=SSL3_ST_SW_KEY_EXCH_A;
+ s->init_num=0;
+ break;
+
+#endif
+
case SSL3_ST_SW_CHANGE_A:
case SSL3_ST_SW_CHANGE_B:
@@ -589,7 +650,7 @@ end:
return(ret);
}
-static int ssl3_send_hello_request(SSL *s)
+int ssl3_send_hello_request(SSL *s)
{
unsigned char *p;
@@ -611,14 +672,14 @@ static int ssl3_send_hello_request(SSL *s)
return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
}
-static int ssl3_check_client_hello(SSL *s)
+int ssl3_check_client_hello(SSL *s)
{
int ok;
long n;
/* this function is called when we really expect a Certificate message,
* so permit appropriate message length */
- n=ssl3_get_message(s,
+ n=s->method->ssl_get_message(s,
SSL3_ST_SR_CERT_A,
SSL3_ST_SR_CERT_B,
-1,
@@ -644,14 +705,17 @@ static int ssl3_check_client_hello(SSL *s)
return 1;
}
-static int ssl3_get_client_hello(SSL *s)
+int ssl3_get_client_hello(SSL *s)
{
int i,j,ok,al,ret= -1;
+ unsigned int cookie_len;
long n;
unsigned long id;
unsigned char *p,*d,*q;
SSL_CIPHER *c;
+#ifndef OPENSSL_NO_COMP
SSL_COMP *comp=NULL;
+#endif
STACK_OF(SSL_CIPHER) *ciphers=NULL;
/* We do this so that we will respond with our native type.
@@ -662,10 +726,10 @@ static int ssl3_get_client_hello(SSL *s)
*/
if (s->state == SSL3_ST_SR_CLNT_HELLO_A)
{
- s->first_packet=1;
s->state=SSL3_ST_SR_CLNT_HELLO_B;
}
- n=ssl3_get_message(s,
+ s->first_packet=1;
+ n=s->method->ssl_get_message(s,
SSL3_ST_SR_CLNT_HELLO_B,
SSL3_ST_SR_CLNT_HELLO_C,
SSL3_MT_CLIENT_HELLO,
@@ -673,6 +737,7 @@ static int ssl3_get_client_hello(SSL *s)
&ok);
if (!ok) return((int)n);
+ s->first_packet=0;
d=p=(unsigned char *)s->init_msg;
/* use version from inside client hello, not from record header
@@ -680,7 +745,8 @@ static int ssl3_get_client_hello(SSL *s)
s->client_version=(((int)p[0])<<8)|(int)p[1];
p+=2;
- if (s->client_version < s->version)
+ if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
+ (s->version != DTLS1_VERSION && s->client_version < s->version))
{
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
@@ -708,14 +774,14 @@ static int ssl3_get_client_hello(SSL *s)
* might be written that become totally unsecure when compiled with
* an earlier library version)
*/
- if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
+ if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
{
if (!ssl_get_new_session(s,1))
goto err;
}
else
{
- i=ssl_get_prev_session(s,p,j);
+ i=ssl_get_prev_session(s, p, j, d + n);
if (i == 1)
{ /* previous session */
s->hit=1;
@@ -730,6 +796,68 @@ static int ssl3_get_client_hello(SSL *s)
}
p+=j;
+
+ if (s->version == DTLS1_VERSION)
+ {
+ /* cookie stuff */
+ cookie_len = *(p++);
+
+ if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
+ s->d1->send_cookie == 0)
+ {
+ /* HelloVerifyMessage has already been sent */
+ if ( cookie_len != s->d1->cookie_len)
+ {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
+ goto f_err;
+ }
+ }
+
+ /*
+ * The ClientHello may contain a cookie even if the
+ * HelloVerify message has not been sent--make sure that it
+ * does not cause an overflow.
+ */
+ if ( cookie_len > sizeof(s->d1->rcvd_cookie))
+ {
+ /* too much data */
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
+ goto f_err;
+ }
+
+ /* verify the cookie if appropriate option is set. */
+ if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
+ cookie_len > 0)
+ {
+ memcpy(s->d1->rcvd_cookie, p, cookie_len);
+
+ if ( s->ctx->app_verify_cookie_cb != NULL)
+ {
+ if ( s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,
+ cookie_len) == 0)
+ {
+ al=SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+ SSL_R_COOKIE_MISMATCH);
+ goto f_err;
+ }
+ /* else cookie verification succeeded */
+ }
+ else if ( memcmp(s->d1->rcvd_cookie, s->d1->cookie,
+ s->d1->cookie_len) != 0) /* default verification */
+ {
+ al=SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+ SSL_R_COOKIE_MISMATCH);
+ goto f_err;
+ }
+ }
+
+ p += cookie_len;
+ }
+
n2s(p,i);
if ((i == 0) && (j != 0))
{
@@ -779,8 +907,7 @@ static int ssl3_get_client_hello(SSL *s)
if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
{
/* Very bad for multi-threading.... */
- s->session->cipher=sk_SSL_CIPHER_value(ciphers,
- 0);
+ s->session->cipher=sk_SSL_CIPHER_value(ciphers, 0);
}
else
{
@@ -817,10 +944,27 @@ static int ssl3_get_client_hello(SSL *s)
goto f_err;
}
+#ifndef OPENSSL_NO_TLSEXT
+ /* TLS extensions*/
+ if (s->version > SSL3_VERSION)
+ {
+ if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))
+ {
+ /* 'al' set by ssl_parse_clienthello_tlsext */
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT);
+ goto f_err;
+ }
+ }
+ if (ssl_check_clienthello_tlsext(s) <= 0) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
+ goto err;
+ }
+#endif
/* Worst case, we will use the NULL compression, but if we have other
* options, we will now look for them. We have i-1 compression
* algorithms from the client, starting at q. */
s->s3->tmp.new_compression=NULL;
+#ifndef OPENSSL_NO_COMP
if (s->ctx->comp_methods != NULL)
{ /* See if we have a match */
int m,nn,o,v,done=0;
@@ -845,6 +989,7 @@ static int ssl3_get_client_hello(SSL *s)
else
comp=NULL;
}
+#endif
/* TLS does not mind if there is extra stuff */
#if 0 /* SSL 3.0 does not mind either, so we should disable this test
@@ -868,7 +1013,11 @@ static int ssl3_get_client_hello(SSL *s)
if (!s->hit)
{
+#ifdef OPENSSL_NO_COMP
+ s->session->compress_meth=0;
+#else
s->session->compress_meth=(comp == NULL)?0:comp->id;
+#endif
if (s->session->ciphers != NULL)
sk_SSL_CIPHER_free(s->session->ciphers);
s->session->ciphers=ciphers;
@@ -943,7 +1092,7 @@ err:
return(ret);
}
-static int ssl3_send_server_hello(SSL *s)
+int ssl3_send_server_hello(SSL *s)
{
unsigned char *buf;
unsigned char *p,*d;
@@ -956,7 +1105,7 @@ static int ssl3_send_server_hello(SSL *s)
p=s->s3->server_random;
Time=(unsigned long)time(NULL); /* Time */
l2n(Time,p);
- if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
+ if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
return -1;
/* Do the message type and length last */
d=p= &(buf[4]);
@@ -975,12 +1124,20 @@ static int ssl3_send_server_hello(SSL *s)
* session-id if we want it to be single use.
* Currently I will not implement the '0' length session-id
* 12-Jan-98 - I'll now support the '0' length stuff.
+ *
+ * We also have an additional case where stateless session
+ * resumption is successful: we always send back the old
+ * session id. In this case s->hit is non zero: this can
+ * only happen if stateless session resumption is succesful
+ * if session caching is disabled so existing functionality
+ * is unaffected.
*/
- if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
+ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
+ && !s->hit)
s->session->session_id_length=0;
sl=s->session->session_id_length;
- if (sl > sizeof s->session->session_id)
+ if (sl > (int)sizeof(s->session->session_id))
{
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
return -1;
@@ -994,11 +1151,21 @@ static int ssl3_send_server_hello(SSL *s)
p+=i;
/* put the compression method */
+#ifdef OPENSSL_NO_COMP
+ *(p++)=0;
+#else
if (s->s3->tmp.new_compression == NULL)
*(p++)=0;
else
*(p++)=s->s3->tmp.new_compression->id;
-
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+ if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
+ {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+#endif
/* do the header */
l=(p-d);
d=buf;
@@ -1015,7 +1182,7 @@ static int ssl3_send_server_hello(SSL *s)
return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
}
-static int ssl3_send_server_done(SSL *s)
+int ssl3_send_server_done(SSL *s)
{
unsigned char *p;
@@ -1039,7 +1206,7 @@ static int ssl3_send_server_done(SSL *s)
return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
}
-static int ssl3_send_server_key_exchange(SSL *s)
+int ssl3_send_server_key_exchange(SSL *s)
{
#ifndef OPENSSL_NO_RSA
unsigned char *q;
@@ -1051,6 +1218,13 @@ static int ssl3_send_server_key_exchange(SSL *s)
#ifndef OPENSSL_NO_DH
DH *dh=NULL,*dhp;
#endif
+#ifndef OPENSSL_NO_ECDH
+ EC_KEY *ecdh=NULL, *ecdhp;
+ unsigned char *encodedPoint = NULL;
+ int encodedlen = 0;
+ int curve_id = 0;
+ BN_CTX *bn_ctx = NULL;
+#endif
EVP_PKEY *pkey;
unsigned char *p,*d;
int al,i;
@@ -1159,6 +1333,134 @@ static int ssl3_send_server_key_exchange(SSL *s)
}
else
#endif
+#ifndef OPENSSL_NO_ECDH
+ if (type & SSL_kECDHE)
+ {
+ const EC_GROUP *group;
+
+ ecdhp=cert->ecdh_tmp;
+ if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL))
+ {
+ ecdhp=s->cert->ecdh_tmp_cb(s,
+ SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+ SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
+ }
+ if (ecdhp == NULL)
+ {
+ al=SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
+ goto f_err;
+ }
+
+ if (s->s3->tmp.ecdh != NULL)
+ {
+ EC_KEY_free(s->s3->tmp.ecdh);
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ /* Duplicate the ECDH structure. */
+ if (ecdhp == NULL)
+ {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
+ goto err;
+ }
+ if (!EC_KEY_up_ref(ecdhp))
+ {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
+ goto err;
+ }
+ ecdh = ecdhp;
+
+ s->s3->tmp.ecdh=ecdh;
+ if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
+ (EC_KEY_get0_private_key(ecdh) == NULL) ||
+ (s->options & SSL_OP_SINGLE_ECDH_USE))
+ {
+ if(!EC_KEY_generate_key(ecdh))
+ {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
+ goto err;
+ }
+ }
+
+ if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
+ (EC_KEY_get0_public_key(ecdh) == NULL) ||
+ (EC_KEY_get0_private_key(ecdh) == NULL))
+ {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
+ goto err;
+ }
+
+ if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
+ (EC_GROUP_get_degree(group) > 163))
+ {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
+ goto err;
+ }
+
+ /* XXX: For now, we only support ephemeral ECDH
+ * keys over named (not generic) curves. For
+ * supported named curves, curve_id is non-zero.
+ */
+ if ((curve_id =
+ nid2curve_id(EC_GROUP_get_curve_name(group)))
+ == 0)
+ {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
+ goto err;
+ }
+
+ /* Encode the public key.
+ * First check the size of encoding and
+ * allocate memory accordingly.
+ */
+ encodedlen = EC_POINT_point2oct(group,
+ EC_KEY_get0_public_key(ecdh),
+ POINT_CONVERSION_UNCOMPRESSED,
+ NULL, 0, NULL);
+
+ encodedPoint = (unsigned char *)
+ OPENSSL_malloc(encodedlen*sizeof(unsigned char));
+ bn_ctx = BN_CTX_new();
+ if ((encodedPoint == NULL) || (bn_ctx == NULL))
+ {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+
+ encodedlen = EC_POINT_point2oct(group,
+ EC_KEY_get0_public_key(ecdh),
+ POINT_CONVERSION_UNCOMPRESSED,
+ encodedPoint, encodedlen, bn_ctx);
+
+ if (encodedlen == 0)
+ {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
+ goto err;
+ }
+
+ BN_CTX_free(bn_ctx); bn_ctx=NULL;
+
+ /* XXX: For now, we only support named (not
+ * generic) curves in ECDH ephemeral key exchanges.
+ * In this situation, we need four additional bytes
+ * to encode the entire ServerECDHParams
+ * structure.
+ */
+ n = 4 + encodedlen;
+
+ /* We'll generate the serverKeyExchange message
+ * explicitly so we can set these to NULLs
+ */
+ r[0]=NULL;
+ r[1]=NULL;
+ r[2]=NULL;
+ r[3]=NULL;
+ }
+ else
+#endif /* !OPENSSL_NO_ECDH */
{
al=SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
@@ -1201,6 +1503,31 @@ static int ssl3_send_server_key_exchange(SSL *s)
p+=nr[i];
}
+#ifndef OPENSSL_NO_ECDH
+ if (type & SSL_kECDHE)
+ {
+ /* XXX: For now, we only support named (not generic) curves.
+ * In this situation, the serverKeyExchange message has:
+ * [1 byte CurveType], [2 byte CurveName]
+ * [1 byte length of encoded point], followed by
+ * the actual encoded point itself
+ */
+ *p = NAMED_CURVE_TYPE;
+ p += 1;
+ *p = 0;
+ p += 1;
+ *p = curve_id;
+ p += 1;
+ *p = encodedlen;
+ p += 1;
+ memcpy((unsigned char*)p,
+ (unsigned char *)encodedPoint,
+ encodedlen);
+ OPENSSL_free(encodedPoint);
+ p += encodedlen;
+ }
+#endif
+
/* not anonymous */
if (pkey != NULL)
{
@@ -1213,8 +1540,6 @@ static int ssl3_send_server_key_exchange(SSL *s)
j=0;
for (num=2; num > 0; num--)
{
- EVP_MD_CTX_set_flags(&md_ctx,
- EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_DigestInit_ex(&md_ctx,(num == 2)
?s->ctx->md5:s->ctx->sha1, NULL);
EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
@@ -1255,6 +1580,25 @@ static int ssl3_send_server_key_exchange(SSL *s)
}
else
#endif
+#if !defined(OPENSSL_NO_ECDSA)
+ if (pkey->type == EVP_PKEY_EC)
+ {
+ /* let's do ECDSA */
+ EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
+ EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+ EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+ EVP_SignUpdate(&md_ctx,&(d[4]),n);
+ if (!EVP_SignFinal(&md_ctx,&(p[2]),
+ (unsigned int *)&i,pkey))
+ {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
+ goto err;
+ }
+ s2n(i,p);
+ n+=i+2;
+ }
+ else
+#endif
{
/* Is this error check actually needed? */
al=SSL_AD_HANDSHAKE_FAILURE;
@@ -1278,11 +1622,15 @@ static int ssl3_send_server_key_exchange(SSL *s)
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
err:
+#ifndef OPENSSL_NO_ECDH
+ if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
+ BN_CTX_free(bn_ctx);
+#endif
EVP_MD_CTX_cleanup(&md_ctx);
return(-1);
}
-static int ssl3_send_certificate_request(SSL *s)
+int ssl3_send_certificate_request(SSL *s)
{
unsigned char *p,*d;
int i,j,nl,off,n;
@@ -1371,7 +1719,7 @@ err:
return(-1);
}
-static int ssl3_get_client_key_exchange(SSL *s)
+int ssl3_get_client_key_exchange(SSL *s)
{
int i,al,ok;
long n;
@@ -1389,7 +1737,14 @@ static int ssl3_get_client_key_exchange(SSL *s)
KSSL_ERR kssl_err;
#endif /* OPENSSL_NO_KRB5 */
- n=ssl3_get_message(s,
+#ifndef OPENSSL_NO_ECDH
+ EC_KEY *srvr_ecdh = NULL;
+ EVP_PKEY *clnt_pub_pkey = NULL;
+ EC_POINT *clnt_ecpoint = NULL;
+ BN_CTX *bn_ctx = NULL;
+#endif
+
+ n=s->method->ssl_get_message(s,
SSL3_ST_SR_KEY_EXCH_A,
SSL3_ST_SR_KEY_EXCH_B,
SSL3_MT_CLIENT_KEY_EXCHANGE,
@@ -1433,8 +1788,9 @@ static int ssl3_get_client_key_exchange(SSL *s)
rsa=pkey->pkey.rsa;
}
- /* TLS */
- if (s->version > SSL3_VERSION)
+ /* TLS and [incidentally] DTLS, including pre-0.9.8f */
+ if (s->version > SSL3_VERSION &&
+ s->client_version != DTLS1_BAD_VER)
{
n2s(p,i);
if (n != i+2)
@@ -1495,7 +1851,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
i = SSL_MAX_MASTER_KEY_LENGTH;
p[0] = s->client_version >> 8;
p[1] = s->client_version & 0xff;
- if(RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */
+ if (RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */
goto err;
}
@@ -1594,7 +1950,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
n2s(p,i);
enc_ticket.length = i;
- if (n < (long)enc_ticket.length + 6)
+ if (n < (int)enc_ticket.length + 6)
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG);
@@ -1607,7 +1963,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
n2s(p,i);
authenticator.length = i;
- if (n < (long)(enc_ticket.length + authenticator.length + 6))
+ if (n < (int)(enc_ticket.length + authenticator.length) + 6)
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG);
@@ -1649,7 +2005,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
if (kssl_err.text)
printf("kssl_err text= %s\n", kssl_err.text);
#endif /* KSSL_DEBUG */
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
kssl_err.reason);
goto err;
}
@@ -1666,14 +2022,14 @@ static int ssl3_get_client_key_exchange(SSL *s)
if (kssl_err.text)
printf("kssl_err text= %s\n", kssl_err.text);
#endif /* KSSL_DEBUG */
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
kssl_err.reason);
goto err;
}
if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0)
{
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, krb5rc);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc);
goto err;
}
@@ -1719,6 +2075,24 @@ static int ssl3_get_client_key_exchange(SSL *s)
SSL_R_DATA_LENGTH_TOO_LONG);
goto err;
}
+ if (!((pms[0] == (s->client_version>>8)) && (pms[1] == (s->client_version & 0xff))))
+ {
+ /* The premaster secret must contain the same version number as the
+ * ClientHello to detect version rollback attacks (strangely, the
+ * protocol does not offer such protection for DH ciphersuites).
+ * However, buggy clients exist that send random bytes instead of
+ * the protocol version.
+ * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients.
+ * (Perhaps we should have a separate BUG value for the Kerberos cipher)
+ */
+ if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG))
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_AD_DECODE_ERROR);
+ goto err;
+ }
+ }
+
EVP_CIPHER_CTX_cleanup(&ciph_ctx);
s->session->master_key_length=
@@ -1727,7 +2101,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
if (kssl_ctx->client_princ)
{
- int len = strlen(kssl_ctx->client_princ);
+ size_t len = strlen(kssl_ctx->client_princ);
if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH )
{
s->session->krb5_client_princ_len = len;
@@ -1744,6 +2118,156 @@ static int ssl3_get_client_key_exchange(SSL *s)
}
else
#endif /* OPENSSL_NO_KRB5 */
+
+#ifndef OPENSSL_NO_ECDH
+ if ((l & SSL_kECDH) || (l & SSL_kECDHE))
+ {
+ int ret = 1;
+ int field_size = 0;
+ const EC_KEY *tkey;
+ const EC_GROUP *group;
+ const BIGNUM *priv_key;
+
+ /* initialize structures for server's ECDH key pair */
+ if ((srvr_ecdh = EC_KEY_new()) == NULL)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* Let's get server private key and group information */
+ if (l & SSL_kECDH)
+ {
+ /* use the certificate */
+ tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
+ }
+ else
+ {
+ /* use the ephermeral values we saved when
+ * generating the ServerKeyExchange msg.
+ */
+ tkey = s->s3->tmp.ecdh;
+ }
+
+ group = EC_KEY_get0_group(tkey);
+ priv_key = EC_KEY_get0_private_key(tkey);
+
+ if (!EC_KEY_set_group(srvr_ecdh, group) ||
+ !EC_KEY_set_private_key(srvr_ecdh, priv_key))
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_EC_LIB);
+ goto err;
+ }
+
+ /* Let's get client's public key */
+ if ((clnt_ecpoint = EC_POINT_new(group)) == NULL)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (n == 0L)
+ {
+ /* Client Publickey was in Client Certificate */
+
+ if (l & SSL_kECDHE)
+ {
+ al=SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
+ goto f_err;
+ }
+ if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer))
+ == NULL) ||
+ (clnt_pub_pkey->type != EVP_PKEY_EC))
+ {
+ /* XXX: For now, we do not support client
+ * authentication using ECDH certificates
+ * so this branch (n == 0L) of the code is
+ * never executed. When that support is
+ * added, we ought to ensure the key
+ * received in the certificate is
+ * authorized for key agreement.
+ * ECDH_compute_key implicitly checks that
+ * the two ECDH shares are for the same
+ * group.
+ */
+ al=SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
+ goto f_err;
+ }
+
+ if (EC_POINT_copy(clnt_ecpoint,
+ EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) == 0)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_EC_LIB);
+ goto err;
+ }
+ ret = 2; /* Skip certificate verify processing */
+ }
+ else
+ {
+ /* Get client's public key from encoded point
+ * in the ClientKeyExchange message.
+ */
+ if ((bn_ctx = BN_CTX_new()) == NULL)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* Get encoded point length */
+ i = *p;
+ p += 1;
+ if (EC_POINT_oct2point(group,
+ clnt_ecpoint, p, i, bn_ctx) == 0)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_EC_LIB);
+ goto err;
+ }
+ /* p is pointing to somewhere in the buffer
+ * currently, so set it to the start
+ */
+ p=(unsigned char *)s->init_buf->data;
+ }
+
+ /* Compute the shared pre-master secret */
+ field_size = EC_GROUP_get_degree(group);
+ if (field_size <= 0)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_ECDH_LIB);
+ goto err;
+ }
+ i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL);
+ if (i <= 0)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_ECDH_LIB);
+ goto err;
+ }
+
+ EVP_PKEY_free(clnt_pub_pkey);
+ EC_POINT_free(clnt_ecpoint);
+ if (srvr_ecdh != NULL)
+ EC_KEY_free(srvr_ecdh);
+ BN_CTX_free(bn_ctx);
+
+ /* Compute the master secret */
+ s->session->master_key_length = s->method->ssl3_enc-> \
+ generate_master_secret(s, s->session->master_key, p, i);
+
+ OPENSSL_cleanse(p, i);
+ return (ret);
+ }
+ else
+#endif
{
al=SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
@@ -1754,13 +2278,20 @@ static int ssl3_get_client_key_exchange(SSL *s)
return(1);
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA)
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH)
err:
#endif
+#ifndef OPENSSL_NO_ECDH
+ EVP_PKEY_free(clnt_pub_pkey);
+ EC_POINT_free(clnt_ecpoint);
+ if (srvr_ecdh != NULL)
+ EC_KEY_free(srvr_ecdh);
+ BN_CTX_free(bn_ctx);
+#endif
return(-1);
}
-static int ssl3_get_cert_verify(SSL *s)
+int ssl3_get_cert_verify(SSL *s)
{
EVP_PKEY *pkey=NULL;
unsigned char *p;
@@ -1769,7 +2300,7 @@ static int ssl3_get_cert_verify(SSL *s)
int type=0,i,j;
X509 *peer;
- n=ssl3_get_message(s,
+ n=s->method->ssl_get_message(s,
SSL3_ST_SR_CERT_VRFY_A,
SSL3_ST_SR_CERT_VRFY_B,
-1,
@@ -1880,6 +2411,23 @@ static int ssl3_get_cert_verify(SSL *s)
}
else
#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (pkey->type == EVP_PKEY_EC)
+ {
+ j=ECDSA_verify(pkey->save_type,
+ &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
+ SHA_DIGEST_LENGTH,p,i,pkey->pkey.ec);
+ if (j <= 0)
+ {
+ /* bad signature */
+ al=SSL_AD_DECRYPT_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+ SSL_R_BAD_ECDSA_SIGNATURE);
+ goto f_err;
+ }
+ }
+ else
+#endif
{
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
al=SSL_AD_UNSUPPORTED_CERTIFICATE;
@@ -1898,15 +2446,16 @@ end:
return(ret);
}
-static int ssl3_get_client_certificate(SSL *s)
+int ssl3_get_client_certificate(SSL *s)
{
int i,ok,al,ret= -1;
X509 *x=NULL;
unsigned long l,nc,llen,n;
- unsigned char *p,*d,*q;
+ const unsigned char *p,*q;
+ unsigned char *d;
STACK_OF(X509) *sk=NULL;
- n=ssl3_get_message(s,
+ n=s->method->ssl_get_message(s,
SSL3_ST_SR_CERT_A,
SSL3_ST_SR_CERT_B,
-1,
@@ -1941,7 +2490,7 @@ static int ssl3_get_client_certificate(SSL *s)
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
goto f_err;
}
- d=p=(unsigned char *)s->init_msg;
+ p=d=(unsigned char *)s->init_msg;
if ((sk=sk_X509_new_null()) == NULL)
{
@@ -2080,3 +2629,209 @@ int ssl3_send_server_certificate(SSL *s)
/* SSL3_ST_SW_CERT_B */
return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
}
+
+
+#ifndef OPENSSL_NO_ECDH
+/* This is the complement of curve_id2nid in s3_clnt.c. */
+static int nid2curve_id(int nid)
+{
+ /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)
+ * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */
+ switch (nid) {
+ case NID_sect163k1: /* sect163k1 (1) */
+ return 1;
+ case NID_sect163r1: /* sect163r1 (2) */
+ return 2;
+ case NID_sect163r2: /* sect163r2 (3) */
+ return 3;
+ case NID_sect193r1: /* sect193r1 (4) */
+ return 4;
+ case NID_sect193r2: /* sect193r2 (5) */
+ return 5;
+ case NID_sect233k1: /* sect233k1 (6) */
+ return 6;
+ case NID_sect233r1: /* sect233r1 (7) */
+ return 7;
+ case NID_sect239k1: /* sect239k1 (8) */
+ return 8;
+ case NID_sect283k1: /* sect283k1 (9) */
+ return 9;
+ case NID_sect283r1: /* sect283r1 (10) */
+ return 10;
+ case NID_sect409k1: /* sect409k1 (11) */
+ return 11;
+ case NID_sect409r1: /* sect409r1 (12) */
+ return 12;
+ case NID_sect571k1: /* sect571k1 (13) */
+ return 13;
+ case NID_sect571r1: /* sect571r1 (14) */
+ return 14;
+ case NID_secp160k1: /* secp160k1 (15) */
+ return 15;
+ case NID_secp160r1: /* secp160r1 (16) */
+ return 16;
+ case NID_secp160r2: /* secp160r2 (17) */
+ return 17;
+ case NID_secp192k1: /* secp192k1 (18) */
+ return 18;
+ case NID_X9_62_prime192v1: /* secp192r1 (19) */
+ return 19;
+ case NID_secp224k1: /* secp224k1 (20) */
+ return 20;
+ case NID_secp224r1: /* secp224r1 (21) */
+ return 21;
+ case NID_secp256k1: /* secp256k1 (22) */
+ return 22;
+ case NID_X9_62_prime256v1: /* secp256r1 (23) */
+ return 23;
+ case NID_secp384r1: /* secp384r1 (24) */
+ return 24;
+ case NID_secp521r1: /* secp521r1 (25) */
+ return 25;
+ default:
+ return 0;
+ }
+}
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+int ssl3_send_newsession_ticket(SSL *s)
+ {
+ if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
+ {
+ unsigned char *p, *senc, *macstart;
+ int len, slen;
+ unsigned int hlen;
+ EVP_CIPHER_CTX ctx;
+ HMAC_CTX hctx;
+ unsigned char iv[EVP_MAX_IV_LENGTH];
+ unsigned char key_name[16];
+
+ /* get session encoding length */
+ slen = i2d_SSL_SESSION(s->session, NULL);
+ /* Some length values are 16 bits, so forget it if session is
+ * too long
+ */
+ if (slen > 0xFF00)
+ return -1;
+ /* Grow buffer if need be: the length calculation is as
+ * follows 1 (size of message name) + 3 (message length
+ * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +
+ * 16 (key name) + max_iv_len (iv length) +
+ * session_length + max_enc_block_size (max encrypted session
+ * length) + max_md_size (HMAC).
+ */
+ if (!BUF_MEM_grow(s->init_buf,
+ 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
+ EVP_MAX_MD_SIZE + slen))
+ return -1;
+ senc = OPENSSL_malloc(slen);
+ if (!senc)
+ return -1;
+ p = senc;
+ i2d_SSL_SESSION(s->session, &p);
+
+ p=(unsigned char *)s->init_buf->data;
+ /* do the header */
+ *(p++)=SSL3_MT_NEWSESSION_TICKET;
+ /* Skip message length for now */
+ p += 3;
+ EVP_CIPHER_CTX_init(&ctx);
+ HMAC_CTX_init(&hctx);
+ /* Initialize HMAC and cipher contexts. If callback present
+ * it does all the work otherwise use generated values
+ * from parent ctx.
+ */
+ if (s->ctx->tlsext_ticket_key_cb)
+ {
+ if (s->ctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
+ &hctx, 1) < 0)
+ {
+ OPENSSL_free(senc);
+ return -1;
+ }
+ }
+ else
+ {
+ RAND_pseudo_bytes(iv, 16);
+ EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+ s->ctx->tlsext_tick_aes_key, iv);
+ HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
+ tlsext_tick_md(), NULL);
+ memcpy(key_name, s->ctx->tlsext_tick_key_name, 16);
+ }
+ l2n(s->session->tlsext_tick_lifetime_hint, p);
+ /* Skip ticket length for now */
+ p += 2;
+ /* Output key name */
+ macstart = p;
+ memcpy(p, key_name, 16);
+ p += 16;
+ /* output IV */
+ memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
+ p += EVP_CIPHER_CTX_iv_length(&ctx);
+ /* Encrypt session data */
+ EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
+ p += len;
+ EVP_EncryptFinal(&ctx, p, &len);
+ p += len;
+ EVP_CIPHER_CTX_cleanup(&ctx);
+
+ HMAC_Update(&hctx, macstart, p - macstart);
+ HMAC_Final(&hctx, p, &hlen);
+ HMAC_CTX_cleanup(&hctx);
+
+ p += hlen;
+ /* Now write out lengths: p points to end of data written */
+ /* Total length */
+ len = p - (unsigned char *)s->init_buf->data;
+ p=(unsigned char *)s->init_buf->data + 1;
+ l2n3(len - 4, p); /* Message length */
+ p += 4;
+ s2n(len - 10, p); /* Ticket length */
+
+ /* number of bytes to write */
+ s->init_num= len;
+ s->state=SSL3_ST_SW_SESSION_TICKET_B;
+ s->init_off=0;
+ OPENSSL_free(senc);
+ }
+
+ /* SSL3_ST_SW_SESSION_TICKET_B */
+ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+ }
+
+int ssl3_send_cert_status(SSL *s)
+ {
+ if (s->state == SSL3_ST_SW_CERT_STATUS_A)
+ {
+ unsigned char *p;
+ /* Grow buffer if need be: the length calculation is as
+ * follows 1 (message type) + 3 (message length) +
+ * 1 (ocsp response type) + 3 (ocsp response length)
+ * + (ocsp response)
+ */
+ if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen))
+ return -1;
+
+ p=(unsigned char *)s->init_buf->data;
+
+ /* do the header */
+ *(p++)=SSL3_MT_CERTIFICATE_STATUS;
+ /* message length */
+ l2n3(s->tlsext_ocsp_resplen + 4, p);
+ /* status type */
+ *(p++)= s->tlsext_status_type;
+ /* length of OCSP response */
+ l2n3(s->tlsext_ocsp_resplen, p);
+ /* actual response */
+ memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
+ /* number of bytes to write */
+ s->init_num = 8 + s->tlsext_ocsp_resplen;
+ s->state=SSL3_ST_SW_CERT_STATUS_B;
+ s->init_off = 0;
+ }
+
+ /* SSL3_ST_SW_CERT_STATUS_B */
+ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+ }
+#endif
diff --git a/lib/libssl/src/ssl/ssl-lib.com b/lib/libssl/src/ssl/ssl-lib.com
index f0665c6b862..fcd7ff774c6 100644
--- a/lib/libssl/src/ssl/ssl-lib.com
+++ b/lib/libssl/src/ssl/ssl-lib.com
@@ -174,6 +174,8 @@ $ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -
"s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ -
"s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -
"t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ -
+ "d1_meth,d1_srvr,d1_clnt,d1_lib,d1_pkt,"+ -
+ "d1_both,d1_enc,"+ -
"ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -
"ssl_ciph,ssl_stat,ssl_rsa,"+ -
"ssl_asn1,ssl_txt,ssl_algs,"+ -
diff --git a/lib/libssl/src/ssl/ssl.h b/lib/libssl/src/ssl/ssl.h
index 99e188086b9..6df921f3c18 100644
--- a/lib/libssl/src/ssl/ssl.h
+++ b/lib/libssl/src/ssl/ssl.h
@@ -109,7 +109,7 @@
*
*/
/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -161,6 +161,11 @@
* Hudson (tjh@cryptsoft.com).
*
*/
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
#ifndef HEADER_SSL_H
#define HEADER_SSL_H
@@ -173,9 +178,17 @@
#ifndef OPENSSL_NO_BIO
#include <openssl/bio.h>
#endif
+#ifndef OPENSSL_NO_DEPRECATED
#ifndef OPENSSL_NO_X509
#include <openssl/x509.h>
#endif
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#endif
+#include <openssl/pem.h>
+#include <openssl/hmac.h>
+
#include <openssl/kssl.h>
#include <openssl/safestack.h>
#include <openssl/symhacks.h>
@@ -239,7 +252,6 @@ extern "C" {
#define SSL_TXT_LOW "LOW"
#define SSL_TXT_MEDIUM "MEDIUM"
#define SSL_TXT_HIGH "HIGH"
-#define SSL_TXT_FIPS "FIPS"
#define SSL_TXT_kFZA "kFZA"
#define SSL_TXT_aFZA "aFZA"
#define SSL_TXT_eFZA "eFZA"
@@ -270,7 +282,9 @@ extern "C" {
#define SSL_TXT_RC4 "RC4"
#define SSL_TXT_RC2 "RC2"
#define SSL_TXT_IDEA "IDEA"
+#define SSL_TXT_SEED "SEED"
#define SSL_TXT_AES "AES"
+#define SSL_TXT_CAMELLIA "CAMELLIA"
#define SSL_TXT_MD5 "MD5"
#define SSL_TXT_SHA1 "SHA1"
#define SSL_TXT_SHA "SHA"
@@ -282,6 +296,7 @@ extern "C" {
#define SSL_TXT_SSLV3 "SSLv3"
#define SSL_TXT_TLSV1 "TLSv1"
#define SSL_TXT_ALL "ALL"
+#define SSL_TXT_ECC "ECCdraft" /* ECC ciphersuites are not yet official */
/*
* COMPLEMENTOF* definitions. These identifiers are used to (de-select)
@@ -303,7 +318,7 @@ extern "C" {
/* The following cipher list is used by default.
* It also is substituted when an application-defined cipher list string
* starts with 'DEFAULT'. */
-#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */
+#define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
#define SSL_SENT_SHUTDOWN 1
@@ -313,11 +328,6 @@ extern "C" {
}
#endif
-#include <openssl/crypto.h>
-#include <openssl/lhash.h>
-#include <openssl/buffer.h>
-#include <openssl/pem.h>
-
#ifdef __cplusplus
extern "C" {
#endif
@@ -369,6 +379,12 @@ typedef struct ssl_method_st
int (*ssl_shutdown)(SSL *s);
int (*ssl_renegotiate)(SSL *s);
int (*ssl_renegotiate_check)(SSL *s);
+ long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long
+ max, int *ok);
+ int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len,
+ int peek);
+ int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
+ int (*ssl_dispatch_alert)(SSL *s);
long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
@@ -379,9 +395,9 @@ typedef struct ssl_method_st
struct ssl_method_st *(*get_ssl_method)(int version);
long (*get_timeout)(void);
struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
- int (*ssl_version)();
- long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)());
- long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)());
+ int (*ssl_version)(void);
+ long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
+ long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
} SSL_METHOD;
/* Lets make this into an ASN.1 type structure as follows
@@ -459,6 +475,13 @@ typedef struct ssl_session_st
/* These are used to make removal of session-ids more
* efficient and to implement a maximum cache size. */
struct ssl_session_st *prev,*next;
+#ifndef OPENSSL_NO_TLSEXT
+ char *tlsext_hostname;
+ /* RFC4507 info */
+ unsigned char *tlsext_tick; /* Session ticket */
+ size_t tlsext_ticklen; /* Session ticket length */
+ long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
+#endif
} SSL_SESSION;
@@ -483,8 +506,17 @@ typedef struct ssl_session_st
* This used to be 0x000FFFFFL before 0.9.7. */
#define SSL_OP_ALL 0x00000FFFL
+/* DTLS options */
+#define SSL_OP_NO_QUERY_MTU 0x00001000L
+/* Turn on Cookie Exchange (on relevant for servers) */
+#define SSL_OP_COOKIE_EXCHANGE 0x00002000L
+/* Don't use RFC4507 ticket extension */
+#define SSL_OP_NO_TICKET 0x00004000L
+
/* As server, disallow session resumption on renegotiation */
#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
+/* If set, always create a new key when using tmp_ecdh parameters */
+#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
/* If set, always create a new key when using tmp_dh parameters */
#define SSL_OP_SINGLE_DH_USE 0x00100000L
/* Set to always use the tmp_rsa key when doing RSA operations,
@@ -546,6 +578,8 @@ typedef struct ssl_session_st
SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
#define SSL_get_mode(ssl) \
SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
+#define SSL_set_mtu(ssl, mtu) \
+ SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
@@ -582,7 +616,7 @@ typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
typedef struct ssl_comp_st
{
int id;
- char *name;
+ const char *name;
#ifndef OPENSSL_NO_COMP
COMP_METHOD *method;
#else
@@ -670,6 +704,14 @@ struct ssl_ctx_st
/* get client cert callback */
int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+ /* cookie generate callback */
+ int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
+ unsigned int *cookie_len);
+
+ /* verify cookie callback */
+ int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
+ unsigned int cookie_len);
+
CRYPTO_EX_DATA ex_data;
const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
@@ -702,7 +744,6 @@ struct ssl_ctx_st
void *msg_callback_arg;
int verify_mode;
- int verify_depth;
unsigned int sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
@@ -710,10 +751,35 @@ struct ssl_ctx_st
/* Default generate session ID callback. */
GEN_SESSION_CB generate_session_id;
+ X509_VERIFY_PARAM *param;
+
+#if 0
int purpose; /* Purpose setting */
int trust; /* Trust setting */
+#endif
int quiet_shutdown;
+
+#ifndef OPENSSL_NO_TLSEXT
+ /* TLS extensions servername callback */
+ int (*tlsext_servername_callback)(SSL*, int *, void *);
+ void *tlsext_servername_arg;
+ /* RFC 4507 session ticket keys */
+ unsigned char tlsext_tick_key_name[16];
+ unsigned char tlsext_tick_hmac_key[16];
+ unsigned char tlsext_tick_aes_key[16];
+ /* Callback to support customisation of ticket key setting */
+ int (*tlsext_ticket_key_cb)(SSL *ssl,
+ unsigned char *name, unsigned char *iv,
+ EVP_CIPHER_CTX *ectx,
+ HMAC_CTX *hctx, int enc);
+
+ /* certificate status request info */
+ /* Callback for status request */
+ int (*tlsext_status_cb)(SSL *ssl, void *arg);
+ void *tlsext_status_arg;
+#endif
+
};
#define SSL_SESS_CACHE_OFF 0x0000
@@ -753,16 +819,18 @@ struct ssl_ctx_st
#define SSL_CTX_sess_cache_full(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
-#define SSL_CTX_sess_set_new_cb(ctx,cb) ((ctx)->new_session_cb=(cb))
-#define SSL_CTX_sess_get_new_cb(ctx) ((ctx)->new_session_cb)
-#define SSL_CTX_sess_set_remove_cb(ctx,cb) ((ctx)->remove_session_cb=(cb))
-#define SSL_CTX_sess_get_remove_cb(ctx) ((ctx)->remove_session_cb)
-#define SSL_CTX_sess_set_get_cb(ctx,cb) ((ctx)->get_session_cb=(cb))
-#define SSL_CTX_sess_get_get_cb(ctx) ((ctx)->get_session_cb)
-#define SSL_CTX_set_info_callback(ctx,cb) ((ctx)->info_callback=(cb))
-#define SSL_CTX_get_info_callback(ctx) ((ctx)->info_callback)
-#define SSL_CTX_set_client_cert_cb(ctx,cb) ((ctx)->client_cert_cb=(cb))
-#define SSL_CTX_get_client_cert_cb(ctx) ((ctx)->client_cert_cb)
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess));
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy));
+SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy);
+void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val));
+void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
#define SSL_NOTHING 1
#define SSL_WRITING 2
@@ -778,7 +846,7 @@ struct ssl_ctx_st
struct ssl_st
{
/* protocol version
- * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION)
+ * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
*/
int version;
int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
@@ -807,7 +875,7 @@ struct ssl_st
/* true when we are actually in SSL_accept() or SSL_connect() */
int in_handshake;
- int (*handshake_func)();
+ int (*handshake_func)(SSL *);
/* Imagine that here's a boolean member "init" that is
* switched as soon as SSL_set_{accept/connect}_state
@@ -842,6 +910,7 @@ struct ssl_st
struct ssl2_state_st *s2; /* SSLv2 variables */
struct ssl3_state_st *s3; /* SSLv3 variables */
+ struct dtls1_state_st *d1; /* DTLSv1 variables */
int read_ahead; /* Read as many input bytes as possible
* (for non-blocking reads) */
@@ -852,8 +921,12 @@ struct ssl_st
int hit; /* reusing a previous session */
+ X509_VERIFY_PARAM *param;
+
+#if 0
int purpose; /* Purpose setting */
int trust; /* Trust setting */
+#endif
/* crypto */
STACK_OF(SSL_CIPHER) *cipher_list;
@@ -898,7 +971,6 @@ struct ssl_st
/* Used in SSL2 and SSL3 */
int verify_mode; /* 0 don't care about verify failure.
* 1 fail if verify fails */
- int verify_depth;
int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
@@ -929,6 +1001,37 @@ struct ssl_st
int first_packet;
int client_version; /* what was passed, used for
* SSLv3/TLS rollback check */
+#ifndef OPENSSL_NO_TLSEXT
+ /* TLS extension debug callback */
+ void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
+ unsigned char *data, int len,
+ void *arg);
+ void *tlsext_debug_arg;
+ char *tlsext_hostname;
+ int servername_done; /* no further mod of servername
+ 0 : call the servername extension callback.
+ 1 : prepare 2, allow last ack just after in server callback.
+ 2 : don't call servername callback, no ack in server hello
+ */
+ /* certificate status request info */
+ /* Status type or -1 if no status type */
+ int tlsext_status_type;
+ /* Expect OCSP CertificateStatus message */
+ int tlsext_status_expected;
+ /* OCSP status request only */
+ STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
+ X509_EXTENSIONS *tlsext_ocsp_exts;
+ /* OCSP response received or to be sent */
+ unsigned char *tlsext_ocsp_resp;
+ int tlsext_ocsp_resplen;
+
+ /* RFC4507 session ticket expected to be received or sent */
+ int tlsext_ticket_expected;
+ SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
+#define session_ctx initial_ctx
+#else
+#define session_ctx ctx
+#endif
};
#ifdef __cplusplus
@@ -938,6 +1041,7 @@ struct ssl_st
#include <openssl/ssl2.h>
#include <openssl/ssl3.h>
#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
+#include <openssl/dtls1.h> /* Datagram TLS */
#include <openssl/ssl23.h>
#ifdef __cplusplus
@@ -1035,21 +1139,16 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b))
#if 1 /*SSLEAY_MACROS*/
-#define d2i_SSL_SESSION_bio(bp,s_id) (SSL_SESSION *)ASN1_d2i_bio( \
- (char *(*)())SSL_SESSION_new,(char *(*)())d2i_SSL_SESSION, \
- (bp),(unsigned char **)(s_id))
-#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio(i2d_SSL_SESSION, \
- bp,(unsigned char *)s_id)
+#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
+#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
-#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \
- (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u)
+#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u)
#define PEM_write_SSL_SESSION(fp,x) \
PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
#define PEM_write_bio_SSL_SESSION(bp,x) \
- PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
- PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL)
+ PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL)
#endif
#define SSL_AD_REASON_OFFSET 1000
@@ -1078,6 +1177,10 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */
#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
+#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION
+#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
+#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
+#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
#define SSL_ERROR_NONE 0
#define SSL_ERROR_SSL 1
@@ -1092,20 +1195,24 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
#define SSL_CTRL_NEED_TMP_RSA 1
#define SSL_CTRL_SET_TMP_RSA 2
#define SSL_CTRL_SET_TMP_DH 3
-#define SSL_CTRL_SET_TMP_RSA_CB 4
-#define SSL_CTRL_SET_TMP_DH_CB 5
-
-#define SSL_CTRL_GET_SESSION_REUSED 6
-#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 7
-#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 8
-#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 9
-#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 10
-#define SSL_CTRL_GET_FLAGS 11
-#define SSL_CTRL_EXTRA_CHAIN_CERT 12
-
-#define SSL_CTRL_SET_MSG_CALLBACK 13
-#define SSL_CTRL_SET_MSG_CALLBACK_ARG 14
-
+#define SSL_CTRL_SET_TMP_ECDH 4
+#define SSL_CTRL_SET_TMP_RSA_CB 5
+#define SSL_CTRL_SET_TMP_DH_CB 6
+#define SSL_CTRL_SET_TMP_ECDH_CB 7
+
+#define SSL_CTRL_GET_SESSION_REUSED 8
+#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9
+#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10
+#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11
+#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12
+#define SSL_CTRL_GET_FLAGS 13
+#define SSL_CTRL_EXTRA_CHAIN_CERT 14
+
+#define SSL_CTRL_SET_MSG_CALLBACK 15
+#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16
+
+/* only applies to datagram connections */
+#define SSL_CTRL_SET_MTU 17
/* Stats */
#define SSL_CTRL_SESS_NUMBER 20
#define SSL_CTRL_SESS_CONNECT 21
@@ -1132,6 +1239,29 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
#define SSL_CTRL_GET_MAX_CERT_LIST 50
#define SSL_CTRL_SET_MAX_CERT_LIST 51
+/* see tls1.h for macros based on these */
+#ifndef OPENSSL_NO_TLSEXT
+#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
+#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
+#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
+#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56
+#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
+#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
+#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
+
+#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
+#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
+#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
+#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66
+#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67
+#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68
+#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69
+#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70
+#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71
+
+#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
+#endif
+
#define SSL_session_reused(ssl) \
SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
#define SSL_num_renegotiations(ssl) \
@@ -1147,6 +1277,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
#define SSL_CTX_set_tmp_dh(ctx,dh) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
+#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
#define SSL_need_tmp_RSA(ssl) \
SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
@@ -1154,6 +1286,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
#define SSL_set_tmp_dh(ssl,dh) \
SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
+#define SSL_set_tmp_ecdh(ssl,ecdh) \
+ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
@@ -1215,9 +1349,9 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
#endif
int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
-int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
+int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
int SSL_use_certificate(SSL *ssl, X509 *x);
-int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
+int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
#ifndef OPENSSL_NO_STDIO
int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
@@ -1253,6 +1387,7 @@ void SSL_copy_session_id(SSL *to,const SSL *from);
SSL_SESSION *SSL_SESSION_new(void);
unsigned long SSL_SESSION_hash(const SSL_SESSION *a);
int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b);
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len);
#ifndef OPENSSL_NO_FP_API
int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
#endif
@@ -1268,7 +1403,7 @@ int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
unsigned int id_len);
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char * const *pp,
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp,
long length);
#ifdef HEADER_X509_H
@@ -1287,12 +1422,12 @@ void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,v
#ifndef OPENSSL_NO_RSA
int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
#endif
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
- unsigned char *d, long len);
+ const unsigned char *d, long len);
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
@@ -1319,9 +1454,9 @@ int SSL_read(SSL *ssl,void *buf,int num);
int SSL_peek(SSL *ssl,void *buf,int num);
int SSL_write(SSL *ssl,const void *buf,int num);
long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
-long SSL_callback_ctrl(SSL *, int, void (*)());
+long SSL_callback_ctrl(SSL *, int, void (*)(void));
long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);
-long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)());
+long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
int SSL_get_error(const SSL *s,int ret_code);
const char *SSL_get_version(const SSL *s);
@@ -1345,6 +1480,10 @@ SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */
+SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
+SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
+SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
+
STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
int SSL_do_handshake(SSL *s);
@@ -1395,6 +1534,7 @@ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
SSL_SESSION *SSL_get_session(const SSL *ssl);
SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
+SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);
void SSL_set_info_callback(SSL *ssl,
void (*cb)(const SSL *ssl,int type,int val));
void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
@@ -1462,11 +1602,27 @@ void SSL_set_tmp_dh_callback(SSL *ssl,
DH *(*dh)(SSL *ssl,int is_export,
int keylength));
#endif
+#ifndef OPENSSL_NO_ECDH
+void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
+ EC_KEY *(*ecdh)(SSL *ssl,int is_export,
+ int keylength));
+void SSL_set_tmp_ecdh_callback(SSL *ssl,
+ EC_KEY *(*ecdh)(SSL *ssl,int is_export,
+ int keylength));
+#endif
#ifndef OPENSSL_NO_COMP
+const COMP_METHOD *SSL_get_current_compression(SSL *s);
+const COMP_METHOD *SSL_get_current_expansion(SSL *s);
+const char *SSL_COMP_get_name(const COMP_METHOD *comp);
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
#else
-int SSL_COMP_add_compression_method(int id,char *cm);
+const void *SSL_get_current_compression(SSL *s);
+const void *SSL_get_current_expansion(SSL *s);
+const char *SSL_COMP_get_name(const void *comp);
+void *SSL_COMP_get_compression_methods(void);
+int SSL_COMP_add_compression_method(int id,void *cm);
#endif
/* BEGIN ERROR CODES */
@@ -1479,11 +1635,36 @@ void ERR_load_SSL_strings(void);
/* Function codes. */
#define SSL_F_CLIENT_CERTIFICATE 100
-#define SSL_F_CLIENT_FINISHED 238
+#define SSL_F_CLIENT_FINISHED 167
#define SSL_F_CLIENT_HELLO 101
#define SSL_F_CLIENT_MASTER_KEY 102
#define SSL_F_D2I_SSL_SESSION 103
+#define SSL_F_DO_DTLS1_WRITE 245
#define SSL_F_DO_SSL3_WRITE 104
+#define SSL_F_DTLS1_ACCEPT 246
+#define SSL_F_DTLS1_BUFFER_RECORD 247
+#define SSL_F_DTLS1_CLIENT_HELLO 248
+#define SSL_F_DTLS1_CONNECT 249
+#define SSL_F_DTLS1_ENC 250
+#define SSL_F_DTLS1_GET_HELLO_VERIFY 251
+#define SSL_F_DTLS1_GET_MESSAGE 252
+#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253
+#define SSL_F_DTLS1_GET_RECORD 254
+#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
+#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 277
+#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
+#define SSL_F_DTLS1_PROCESS_RECORD 257
+#define SSL_F_DTLS1_READ_BYTES 258
+#define SSL_F_DTLS1_READ_FAILED 259
+#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260
+#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261
+#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262
+#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263
+#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264
+#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265
+#define SSL_F_DTLS1_SEND_SERVER_HELLO 266
+#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267
+#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268
#define SSL_F_GET_CLIENT_FINISHED 105
#define SSL_F_GET_CLIENT_HELLO 106
#define SSL_F_GET_CLIENT_MASTER_KEY 107
@@ -1524,6 +1705,7 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL3_ENC 134
#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
+#define SSL_F_SSL3_GET_CERT_STATUS 288
#define SSL_F_SSL3_GET_CERT_VERIFY 136
#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137
#define SSL_F_SSL3_GET_CLIENT_HELLO 138
@@ -1531,10 +1713,12 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL3_GET_FINISHED 140
#define SSL_F_SSL3_GET_KEY_EXCHANGE 141
#define SSL_F_SSL3_GET_MESSAGE 142
+#define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283
#define SSL_F_SSL3_GET_RECORD 143
#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144
#define SSL_F_SSL3_GET_SERVER_DONE 145
#define SSL_F_SSL3_GET_SERVER_HELLO 146
+#define SSL_F_SSL3_NEW_SESSION_TICKET 284
#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147
#define SSL_F_SSL3_PEEK 235
#define SSL_F_SSL3_READ_BYTES 148
@@ -1550,8 +1734,10 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL3_SETUP_KEY_BLOCK 157
#define SSL_F_SSL3_WRITE_BYTES 158
#define SSL_F_SSL3_WRITE_PENDING 159
+#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 272
#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215
#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216
+#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 273
#define SSL_F_SSL_BAD_METHOD 160
#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
#define SSL_F_SSL_CERT_DUP 221
@@ -1559,6 +1745,7 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL_CERT_INSTANTIATE 214
#define SSL_F_SSL_CERT_NEW 162
#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
+#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 274
#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230
#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231
#define SSL_F_SSL_CLEAR 164
@@ -1590,6 +1777,9 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL_INIT_WBIO_BUFFER 184
#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
#define SSL_F_SSL_NEW 186
+#define SSL_F_SSL_PEEK 270
+#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 275
+#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 276
#define SSL_F_SSL_READ 223
#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
@@ -1609,6 +1799,7 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL_SHUTDOWN 224
#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243
#define SSL_F_SSL_UNDEFINED_FUNCTION 197
+#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244
#define SSL_F_SSL_USE_CERTIFICATE 198
#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199
#define SSL_F_SSL_USE_CERTIFICATE_FILE 200
@@ -1639,6 +1830,9 @@ void ERR_load_SSL_strings(void);
#define SSL_R_BAD_DH_P_LENGTH 110
#define SSL_R_BAD_DIGEST_LENGTH 111
#define SSL_R_BAD_DSA_SIGNATURE 112
+#define SSL_R_BAD_ECC_CERT 304
+#define SSL_R_BAD_ECDSA_SIGNATURE 305
+#define SSL_R_BAD_ECPOINT 306
#define SSL_R_BAD_HELLO_REQUEST 105
#define SSL_R_BAD_LENGTH 271
#define SSL_R_BAD_MAC_DECODE 113
@@ -1668,17 +1862,22 @@ void ERR_load_SSL_strings(void);
#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137
#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138
#define SSL_R_CIPHER_TABLE_SRC_ERROR 139
+#define SSL_R_CLIENTHELLO_TLSEXT 157
#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140
#define SSL_R_COMPRESSION_FAILURE 141
+#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307
#define SSL_R_COMPRESSION_LIBRARY_ERROR 142
#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143
#define SSL_R_CONNECTION_TYPE_NOT_SET 144
+#define SSL_R_COOKIE_MISMATCH 308
#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
#define SSL_R_DATA_LENGTH_TOO_LONG 146
#define SSL_R_DECRYPTION_FAILED 147
#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
#define SSL_R_DIGEST_CHECK_FAILED 149
+#define SSL_R_DUPLICATE_COMPRESSION_ID 309
+#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310
#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
@@ -1691,6 +1890,8 @@ void ERR_load_SSL_strings(void);
#define SSL_R_INVALID_CHALLENGE_LENGTH 158
#define SSL_R_INVALID_COMMAND 280
#define SSL_R_INVALID_PURPOSE 278
+#define SSL_R_INVALID_STATUS_RESPONSE 316
+#define SSL_R_INVALID_TICKET_KEYS_LENGTH 275
#define SSL_R_INVALID_TRUST 279
#define SSL_R_KEY_ARG_TOO_LONG 284
#define SSL_R_KRB5 285
@@ -1719,6 +1920,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
#define SSL_R_MISSING_RSA_SIGNING_CERT 170
#define SSL_R_MISSING_TMP_DH_KEY 171
+#define SSL_R_MISSING_TMP_ECDH_KEY 311
#define SSL_R_MISSING_TMP_RSA_KEY 172
#define SSL_R_MISSING_TMP_RSA_PKEY 173
#define SSL_R_MISSING_VERIFY_MESSAGE 174
@@ -1747,6 +1949,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297
#define SSL_R_PACKET_LENGTH_TOO_LONG 198
+#define SSL_R_PARSE_TLSEXT 223
#define SSL_R_PATH_TOO_LONG 270
#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
#define SSL_R_PEER_ERROR 200
@@ -1761,6 +1964,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209
#define SSL_R_PUBLIC_KEY_NOT_RSA 210
#define SSL_R_READ_BIO_NOT_SET 211
+#define SSL_R_READ_TIMEOUT_EXPIRED 312
#define SSL_R_READ_WRONG_PACKET_TYPE 212
#define SSL_R_RECORD_LENGTH_MISMATCH 213
#define SSL_R_RECORD_TOO_LARGE 214
@@ -1769,11 +1973,14 @@ void ERR_load_SSL_strings(void);
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
+#define SSL_R_SERVERHELLO_TLSEXT 224
#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
#define SSL_R_SHORT_READ 219
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299
+#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 225
+#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 226
#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
@@ -1808,12 +2015,15 @@ void ERR_load_SSL_strings(void);
#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
+#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227
#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
+#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313
#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237
#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238
+#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314
#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240
#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241
@@ -1834,8 +2044,10 @@ void ERR_load_SSL_strings(void);
#define SSL_R_UNKNOWN_STATE 255
#define SSL_R_UNSUPPORTED_CIPHER 256
#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
+#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315
#define SSL_R_UNSUPPORTED_PROTOCOL 258
#define SSL_R_UNSUPPORTED_SSL_VERSION 259
+#define SSL_R_UNSUPPORTED_STATUS_TYPE 329
#define SSL_R_WRITE_BIO_NOT_SET 260
#define SSL_R_WRONG_CIPHER_RETURNED 261
#define SSL_R_WRONG_MESSAGE_TYPE 262
diff --git a/lib/libssl/src/ssl/ssl3.h b/lib/libssl/src/ssl/ssl3.h
index 1153aeda748..4b1e2e98347 100644
--- a/lib/libssl/src/ssl/ssl3.h
+++ b/lib/libssl/src/ssl/ssl3.h
@@ -108,6 +108,11 @@
* Hudson (tjh@cryptsoft.com).
*
*/
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
#ifndef HEADER_SSL3_H
#define HEADER_SSL3_H
@@ -118,6 +123,7 @@
#include <openssl/buffer.h>
#include <openssl/evp.h>
#include <openssl/ssl.h>
+#include <openssl/pq_compat.h>
#ifdef __cplusplus
extern "C" {
@@ -248,7 +254,11 @@ extern "C" {
#endif
#define SSL3_RT_MAX_PLAIN_LENGTH 16384
+#ifdef OPENSSL_NO_COMP
+#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
+#else
#define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH)
+#endif
#define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
#define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
#define SSL3_RT_MAX_DATA_SIZE (1024*1024)
@@ -289,6 +299,8 @@ typedef struct ssl3_record_st
/*rw*/ unsigned char *data; /* pointer to the record data */
/*rw*/ unsigned char *input; /* where the decode bytes are */
/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */
+/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */
+/*r */ PQ_64BIT seq_num; /* sequence number, needed by DTLS1 */
} SSL3_RECORD;
typedef struct ssl3_buffer_st
@@ -307,7 +319,12 @@ typedef struct ssl3_buffer_st
#define SSL3_CT_RSA_EPHEMERAL_DH 5
#define SSL3_CT_DSS_EPHEMERAL_DH 6
#define SSL3_CT_FORTEZZA_DMS 20
-#define SSL3_CT_NUMBER 7
+/* SSL3_CT_NUMBER is used to size arrays and it must be large
+ * enough to contain all of the cert types defined either for
+ * SSLv3 and TLSv1.
+ */
+#define SSL3_CT_NUMBER 7
+
#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
@@ -392,6 +409,11 @@ typedef struct ssl3_state_st
#ifndef OPENSSL_NO_DH
DH *dh;
#endif
+
+#ifndef OPENSSL_NO_ECDH
+ EC_KEY *ecdh; /* holds short lived ECDH key */
+#endif
+
/* used when SSL_ST_FLUSH_DATA is entered */
int next_state;
@@ -420,6 +442,7 @@ typedef struct ssl3_state_st
} SSL3_STATE;
+
/* SSLv3 */
/*client */
/* extra state */
@@ -430,6 +453,8 @@ typedef struct ssl3_state_st
/* read from server */
#define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT)
#define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT)
+#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)
+#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)
#define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT)
#define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT)
#define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT)
@@ -456,6 +481,10 @@ typedef struct ssl3_state_st
#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT)
#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT)
#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT)
/* server */
/* extra state */
@@ -466,6 +495,8 @@ typedef struct ssl3_state_st
#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT)
/* write to client */
+#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
+#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT)
#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT)
#define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT)
@@ -495,10 +526,15 @@ typedef struct ssl3_state_st
#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT)
#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT)
#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT)
#define SSL3_MT_HELLO_REQUEST 0
#define SSL3_MT_CLIENT_HELLO 1
#define SSL3_MT_SERVER_HELLO 2
+#define SSL3_MT_NEWSESSION_TICKET 4
#define SSL3_MT_CERTIFICATE 11
#define SSL3_MT_SERVER_KEY_EXCHANGE 12
#define SSL3_MT_CERTIFICATE_REQUEST 13
@@ -506,6 +542,9 @@ typedef struct ssl3_state_st
#define SSL3_MT_CERTIFICATE_VERIFY 15
#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
#define SSL3_MT_FINISHED 20
+#define SSL3_MT_CERTIFICATE_STATUS 22
+#define DTLS1_MT_HELLO_VERIFY_REQUEST 3
+
#define SSL3_MT_CCS 1
diff --git a/lib/libssl/src/ssl/ssl_algs.c b/lib/libssl/src/ssl/ssl_algs.c
index 3d1299ee7b9..4717c0e6e1d 100644
--- a/lib/libssl/src/ssl/ssl_algs.c
+++ b/lib/libssl/src/ssl/ssl_algs.c
@@ -82,6 +82,16 @@ int SSL_library_init(void)
EVP_add_cipher(EVP_aes_192_cbc());
EVP_add_cipher(EVP_aes_256_cbc());
#endif
+
+#ifndef OPENSSL_NO_CAMELLIA
+ EVP_add_cipher(EVP_camellia_128_cbc());
+ EVP_add_cipher(EVP_camellia_256_cbc());
+#endif
+
+#ifndef OPENSSL_NO_SEED
+ EVP_add_cipher(EVP_seed_cbc());
+#endif
+
#ifndef OPENSSL_NO_MD2
EVP_add_digest(EVP_md2());
#endif
@@ -101,11 +111,22 @@ int SSL_library_init(void)
EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
#endif
+#ifndef OPENSSL_NO_ECDSA
+ EVP_add_digest(EVP_ecdsa());
+#endif
/* If you want support for phased out ciphers, add the following */
#if 0
EVP_add_digest(EVP_sha());
EVP_add_digest(EVP_dss());
#endif
+#ifndef OPENSSL_NO_COMP
+ /* This will initialise the built-in compression algorithms.
+ The value returned is a STACK_OF(SSL_COMP), but that can
+ be discarded safely */
+ (void)SSL_COMP_get_compression_methods();
+#endif
+ /* initialize cipher/digest methods table */
+ ssl_load_ciphers();
return(1);
}
diff --git a/lib/libssl/src/ssl/ssl_asn1.c b/lib/libssl/src/ssl/ssl_asn1.c
index fc5fcce108f..6e14f4d834d 100644
--- a/lib/libssl/src/ssl/ssl_asn1.c
+++ b/lib/libssl/src/ssl/ssl_asn1.c
@@ -78,6 +78,11 @@ typedef struct ssl_session_asn1_st
ASN1_INTEGER time;
ASN1_INTEGER timeout;
ASN1_INTEGER verify_result;
+#ifndef OPENSSL_NO_TLSEXT
+ ASN1_OCTET_STRING tlsext_hostname;
+ ASN1_INTEGER tlsext_tick_lifetime;
+ ASN1_OCTET_STRING tlsext_tick;
+#endif /* OPENSSL_NO_TLSEXT */
} SSL_SESSION_ASN1;
int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
@@ -86,6 +91,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
int v1=0,v2=0,v3=0,v4=0,v5=0;
unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
+#ifndef OPENSSL_NO_TLSEXT
+ int v6=0,v9=0,v10=0;
+ unsigned char ibuf6[LSIZE2];
+#endif
long l;
SSL_SESSION_ASN1 a;
M_ASN1_I2D_vars(in);
@@ -178,7 +187,33 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
ASN1_INTEGER_set(&a.verify_result,in->verify_result);
}
-
+#ifndef OPENSSL_NO_TLSEXT
+ if (in->tlsext_hostname)
+ {
+ a.tlsext_hostname.length=strlen(in->tlsext_hostname);
+ a.tlsext_hostname.type=V_ASN1_OCTET_STRING;
+ a.tlsext_hostname.data=(unsigned char *)in->tlsext_hostname;
+ }
+ if (in->tlsext_tick)
+ {
+ a.tlsext_tick.length= in->tlsext_ticklen;
+ a.tlsext_tick.type=V_ASN1_OCTET_STRING;
+ a.tlsext_tick.data=(unsigned char *)in->tlsext_tick;
+ /* If we have a ticket set session ID to empty because
+ * it will be bogus. If liftime hint is -1 treat as a special
+ * case because the session is being used as a container
+ */
+ if (in->tlsext_ticklen && (in->tlsext_tick_lifetime_hint != -1))
+ a.session_id.length=0;
+ }
+ if (in->tlsext_tick_lifetime_hint > 0)
+ {
+ a.tlsext_tick_lifetime.length=LSIZE2;
+ a.tlsext_tick_lifetime.type=V_ASN1_INTEGER;
+ a.tlsext_tick_lifetime.data=ibuf6;
+ ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint);
+ }
+#endif /* OPENSSL_NO_TLSEXT */
M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
@@ -200,6 +235,14 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
if (in->verify_result != X509_V_OK)
M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
+#ifndef OPENSSL_NO_TLSEXT
+ if (in->tlsext_tick_lifetime_hint > 0)
+ M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
+ if (in->tlsext_tick)
+ M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
+ if (in->tlsext_hostname)
+ M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
+#endif /* OPENSSL_NO_TLSEXT */
M_ASN1_I2D_seq_total();
M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
@@ -223,10 +266,18 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
v4);
if (in->verify_result != X509_V_OK)
M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
+#ifndef OPENSSL_NO_TLSEXT
+ if (in->tlsext_hostname)
+ M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
+ if (in->tlsext_tick_lifetime_hint > 0)
+ M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
+ if (in->tlsext_tick)
+ M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
+#endif /* OPENSSL_NO_TLSEXT */
M_ASN1_I2D_finish();
}
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp,
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
long length)
{
int version,ssl_version=0,i;
@@ -242,18 +293,18 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp,
M_ASN1_D2I_start_sequence();
ai.data=NULL; ai.length=0;
- M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
+ M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
version=(int)ASN1_INTEGER_get(aip);
if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
/* we don't care about the version right now :-) */
- M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
+ M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
ssl_version=(int)ASN1_INTEGER_get(aip);
ret->ssl_version=ssl_version;
if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
os.data=NULL; os.length=0;
- M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
+ M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
if (ssl_version == SSL2_VERSION)
{
if (os.length != 3)
@@ -286,22 +337,22 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp,
ret->cipher=NULL;
ret->cipher_id=id;
- M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
+ M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
if ((ssl_version>>8) == SSL3_VERSION_MAJOR)
i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
- else /* if (ssl_version == SSL2_VERSION_MAJOR) */
+ else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
if (os.length > i)
os.length = i;
- if (os.length > sizeof ret->session_id) /* can't happen */
- os.length = sizeof ret->session_id;
+ if (os.length > (int)sizeof(ret->session_id)) /* can't happen */
+ os.length = sizeof(ret->session_id);
ret->session_id_length=os.length;
- OPENSSL_assert(os.length <= sizeof ret->session_id);
+ OPENSSL_assert(os.length <= (int)sizeof(ret->session_id));
memcpy(ret->session_id,os.data,os.length);
- M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
+ M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH)
ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
else
@@ -394,5 +445,56 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp,
else
ret->verify_result=X509_V_OK;
+#ifndef OPENSSL_NO_TLSEXT
+ os.length=0;
+ os.data=NULL;
+ M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6);
+ if (os.data)
+ {
+ ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length);
+ OPENSSL_free(os.data);
+ os.data = NULL;
+ os.length = 0;
+ }
+ else
+ ret->tlsext_hostname=NULL;
+ ai.length=0;
+ M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9);
+ if (ai.data != NULL)
+ {
+ ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip);
+ OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
+ }
+ else if (ret->tlsext_ticklen && ret->session_id_length)
+ ret->tlsext_tick_lifetime_hint = -1;
+ else
+ ret->tlsext_tick_lifetime_hint = 0;
+ os.length=0;
+ os.data=NULL;
+ M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10);
+ if (os.data)
+ {
+ ret->tlsext_tick = os.data;
+ ret->tlsext_ticklen = os.length;
+ os.data = NULL;
+ os.length = 0;
+#if 0
+ /* There are two ways to detect a resumed ticket sesion.
+ * One is to set a random session ID and then the server
+ * must return a match in ServerHello. This allows the normal
+ * client session ID matching to work.
+ */
+ if (ret->session_id_length == 0)
+ {
+ ret->session_id_length=SSL3_MAX_SSL_SESSION_ID_LENGTH;
+ RAND_pseudo_bytes(ret->session_id,
+ ret->session_id_length);
+ }
+#endif
+ }
+ else
+ ret->tlsext_tick=NULL;
+#endif /* OPENSSL_NO_TLSEXT */
+
M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
}
diff --git a/lib/libssl/src/ssl/ssl_cert.c b/lib/libssl/src/ssl/ssl_cert.c
index b779e6bb4da..a32b2d44464 100644
--- a/lib/libssl/src/ssl/ssl_cert.c
+++ b/lib/libssl/src/ssl/ssl_cert.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -73,12 +73,12 @@
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
+ * openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
@@ -87,7 +87,7 @@
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -102,6 +102,16 @@
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#include <stdio.h>
@@ -111,45 +121,42 @@
# include <sys/types.h>
#endif
-#if !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS) && !defined(NeXT) && !defined(MAC_OS_pre_X)
-#include <dirent.h>
-#endif
-
-#if defined(WIN32)
-#include <windows.h>
-#include <tchar.h>
-#endif
-
-#ifdef NeXT
-#include <sys/dir.h>
-#define dirent direct
-#endif
-
+#include "o_dir.h"
#include <openssl/objects.h>
#include <openssl/bio.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#include <openssl/bn.h>
#include "ssl_locl.h"
-#include <openssl/fips.h>
int SSL_get_ex_data_X509_STORE_CTX_idx(void)
{
static volatile int ssl_x509_store_ctx_idx= -1;
+ int got_write_lock = 0;
+
+ CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
if (ssl_x509_store_ctx_idx < 0)
{
- /* any write lock will do; usually this branch
- * will only be taken once anyway */
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+ got_write_lock = 1;
if (ssl_x509_store_ctx_idx < 0)
{
ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
0,"SSL for verify callback",NULL,NULL,NULL);
}
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
}
+
+ if (got_write_lock)
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+ else
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+
return ssl_x509_store_ctx_idx;
}
@@ -205,7 +212,6 @@ CERT *ssl_cert_dup(CERT *cert)
#ifndef OPENSSL_NO_DH
if (cert->dh_tmp != NULL)
{
- /* DH parameters don't have a reference count */
ret->dh_tmp = DHparams_dup(cert->dh_tmp);
if (ret->dh_tmp == NULL)
{
@@ -236,6 +242,19 @@ CERT *ssl_cert_dup(CERT *cert)
ret->dh_tmp_cb = cert->dh_tmp_cb;
#endif
+#ifndef OPENSSL_NO_ECDH
+ if (cert->ecdh_tmp)
+ {
+ ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
+ if (ret->ecdh_tmp == NULL)
+ {
+ SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+ ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
+#endif
+
for (i = 0; i < SSL_PKEY_NUM; i++)
{
if (cert->pkeys[i].x509 != NULL)
@@ -270,7 +289,11 @@ CERT *ssl_cert_dup(CERT *cert)
case SSL_PKEY_DH_DSA:
/* We have a DH key. */
break;
-
+
+ case SSL_PKEY_ECC:
+ /* We have an ECC key */
+ break;
+
default:
/* Can't happen. */
SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
@@ -285,7 +308,7 @@ CERT *ssl_cert_dup(CERT *cert)
return(ret);
-#ifndef OPENSSL_NO_DH /* avoid 'unreferenced label' warning if OPENSSL_NO_DH is defined */
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
err:
#endif
#ifndef OPENSSL_NO_RSA
@@ -296,6 +319,10 @@ err:
if (ret->dh_tmp != NULL)
DH_free(ret->dh_tmp);
#endif
+#ifndef OPENSSL_NO_ECDH
+ if (ret->ecdh_tmp != NULL)
+ EC_KEY_free(ret->ecdh_tmp);
+#endif
for (i = 0; i < SSL_PKEY_NUM; i++)
{
@@ -335,6 +362,9 @@ void ssl_cert_free(CERT *c)
#ifndef OPENSSL_NO_DH
if (c->dh_tmp) DH_free(c->dh_tmp);
#endif
+#ifndef OPENSSL_NO_ECDH
+ if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp);
+#endif
for (i=0; i<SSL_PKEY_NUM; i++)
{
@@ -441,6 +471,10 @@ void ssl_sess_cert_free(SESS_CERT *sc)
if (sc->peer_dh_tmp != NULL)
DH_free(sc->peer_dh_tmp);
#endif
+#ifndef OPENSSL_NO_ECDH
+ if (sc->peer_ecdh_tmp != NULL)
+ EC_KEY_free(sc->peer_ecdh_tmp);
+#endif
OPENSSL_free(sc);
}
@@ -466,20 +500,22 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
return(0);
}
+ if (s->param)
+ X509_VERIFY_PARAM_inherit(X509_STORE_CTX_get0_param(&ctx),
+ s->param);
+#if 0
if (SSL_get_verify_depth(s) >= 0)
X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
+#endif
X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
- /* We need to set the verify purpose. The purpose can be determined by
+ /* We need to inherit the verify parameters. These can be determined by
* the context: if its a server it will verify SSL client certificates
* or vice versa.
*/
- if (s->server)
- i = X509_PURPOSE_SSL_CLIENT;
- else
- i = X509_PURPOSE_SSL_SERVER;
- X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust);
+ X509_STORE_CTX_set_default(&ctx,
+ s->server ? "ssl_client" : "ssl_server");
if (s->verify_callback)
X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
@@ -726,7 +762,7 @@ err:
if(x != NULL)
X509_free(x);
- sk_X509_NAME_set_cmp_func(stack,oldcmp);
+ (void)sk_X509_NAME_set_cmp_func(stack,oldcmp);
return ret;
}
@@ -742,157 +778,52 @@ err:
* certs may have been added to \c stack.
*/
-#ifndef OPENSSL_SYS_WIN32
-#ifndef OPENSSL_SYS_VMS /* XXXX This may be fixed in the future */
-#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! */
-
int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
const char *dir)
{
- DIR *d;
- struct dirent *dstruct;
+ OPENSSL_DIR_CTX *d = NULL;
+ const char *filename;
int ret = 0;
CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
- d = opendir(dir);
/* Note that a side effect is that the CAs will be sorted by name */
- if(!d)
- {
- SYSerr(SYS_F_OPENDIR, get_last_sys_error());
- ERR_add_error_data(3, "opendir('", dir, "')");
- SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
- goto err;
- }
-
- while((dstruct=readdir(d)))
+
+ while((filename = OPENSSL_DIR_read(&d, dir)))
{
char buf[1024];
int r;
-
- if(strlen(dir)+strlen(dstruct->d_name)+2 > sizeof buf)
+
+ if(strlen(dir)+strlen(filename)+2 > sizeof buf)
{
SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
goto err;
}
-
- r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,dstruct->d_name);
- if (r <= 0 || r >= sizeof buf)
+
+#ifdef OPENSSL_SYS_VMS
+ r = BIO_snprintf(buf,sizeof buf,"%s%s",dir,filename);
+#else
+ r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,filename);
+#endif
+ if (r <= 0 || r >= (int)sizeof(buf))
goto err;
if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
goto err;
}
- ret = 1;
-
-err:
- if (d) closedir(d);
- CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
- return ret;
- }
-
-#endif
-#endif
-
-#else /* OPENSSL_SYS_WIN32 */
-
-#if defined(_WIN32_WCE)
-# ifndef UNICODE
-# error "WinCE comes in UNICODE flavor only..."
-# endif
-# if _WIN32_WCE<101 && !defined(OPENSSL_NO_MULTIBYTE)
-# define OPENSSL_NO_MULTIBYTE
-# endif
-# ifndef FindFirstFile
-# define FindFirstFile FindFirstFileW
-# endif
-# ifndef FindNextFile
-# define FindNextFile FindNextFileW
-# endif
-#endif
-
-int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
- const char *dir)
- {
- WIN32_FIND_DATA FindFileData;
- HANDLE hFind;
- int ret = 0;
- TCHAR *wdir = NULL;
- size_t i,len_0 = strlen(dir)+1; /* len_0 accounts for trailing 0 */
- char buf[1024],*slash;
-
- if (len_0 > (sizeof(buf)-14)) /* 14 is just some value... */
- {
- SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
- return ret;
- }
-
- CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
-
- if (sizeof(TCHAR) != sizeof(char))
- {
- wdir = (TCHAR *)malloc(len_0*sizeof(TCHAR));
- if (wdir == NULL)
- goto err_noclose;
-#ifndef OPENSSL_NO_MULTIBYTE
- if (!MultiByteToWideChar(CP_ACP,0,dir,len_0,
- (WCHAR *)wdir,len_0))
-#endif
- for (i=0;i<len_0;i++) wdir[i]=(TCHAR)dir[i];
-
- hFind = FindFirstFile(wdir, &FindFileData);
- }
- else hFind = FindFirstFile((const TCHAR *)dir, &FindFileData);
- /* Note that a side effect is that the CAs will be sorted by name */
- if(hFind == INVALID_HANDLE_VALUE)
+ if (errno)
{
SYSerr(SYS_F_OPENDIR, get_last_sys_error());
- ERR_add_error_data(3, "opendir('", dir, "')");
+ ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')");
SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
- goto err_noclose;
+ goto err;
}
- strncpy(buf,dir,sizeof(buf)); /* strcpy is safe too... */
- buf[len_0-1]='/'; /* no trailing zero! */
- slash=buf+len_0;
-
- do {
- const TCHAR *fnam=FindFileData.cFileName;
- size_t flen_0=_tcslen(fnam)+1;
-
- if (flen_0 > (sizeof(buf)-len_0))
- {
- SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
- goto err;
- }
- /* else strcpy would be safe too... */
-
- if (sizeof(TCHAR) != sizeof(char))
- {
-#ifndef OPENSSL_NO_MULTIBYTE
- if (!WideCharToMultiByte(CP_ACP,0,
- (WCHAR *)fnam,flen_0,
- slash,sizeof(buf)-len_0,
- NULL,0))
-#endif
- for (i=0;i<flen_0;i++) slash[i]=(char)fnam[i];
- }
- else strncpy(slash,(const char *)fnam,sizeof(buf)-len_0);
-
- if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
- goto err;
- }
- while (FindNextFile(hFind, &FindFileData) != FALSE);
ret = 1;
-err:
- FindClose(hFind);
-err_noclose:
- if (wdir != NULL)
- free(wdir);
-
+err:
+ if (d) OPENSSL_DIR_end(&d);
CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
return ret;
}
-#endif
diff --git a/lib/libssl/src/ssl/ssl_ciph.c b/lib/libssl/src/ssl/ssl_ciph.c
index f622180c697..71b645da14d 100644
--- a/lib/libssl/src/ssl/ssl_ciph.c
+++ b/lib/libssl/src/ssl/ssl_ciph.c
@@ -55,11 +55,67 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
-
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
#include <stdio.h>
#include <openssl/objects.h>
#include <openssl/comp.h>
-#include <openssl/fips.h>
#include "ssl_locl.h"
#define SSL_ENC_DES_IDX 0
@@ -71,12 +127,20 @@
#define SSL_ENC_NULL_IDX 6
#define SSL_ENC_AES128_IDX 7
#define SSL_ENC_AES256_IDX 8
-#define SSL_ENC_NUM_IDX 9
+#define SSL_ENC_CAMELLIA128_IDX 9
+#define SSL_ENC_CAMELLIA256_IDX 10
+#define SSL_ENC_SEED_IDX 11
+#define SSL_ENC_NUM_IDX 12
+
static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
};
+#define SSL_COMP_NULL_IDX 0
+#define SSL_COMP_ZLIB_IDX 1
+#define SSL_COMP_NUM_IDX 2
+
static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
#define SSL_MD_MD5_IDX 0
@@ -102,18 +166,20 @@ typedef struct cipher_order_st
static const SSL_CIPHER cipher_aliases[]={
/* Don't include eNULL unless specifically enabled. */
- {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
- {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */
+ /* Don't include ECC in ALL because these ciphers are not yet official. */
+ {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
+ /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */
+ {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */
{0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0},
- {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */
+ {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */
{0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0},
+ {0,SSL_TXT_ECC, 0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
-
{0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */
{0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0},
{0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0},
@@ -129,9 +195,11 @@ static const SSL_CIPHER cipher_aliases[]={
#ifndef OPENSSL_NO_IDEA
{0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0},
#endif
+ {0,SSL_TXT_SEED,0,SSL_SEED, 0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0},
+ {0,SSL_TXT_CAMELLIA,0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0},
{0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0},
@@ -154,12 +222,9 @@ static const SSL_CIPHER cipher_aliases[]={
{0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK},
{0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK},
{0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK},
- {0,SSL_TXT_FIPS, 0, 0, SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE},
};
-static int init_ciphers=1;
-
-static void load_ciphers(void)
+void ssl_load_ciphers(void)
{
ssl_cipher_methods[SSL_ENC_DES_IDX]=
EVP_get_cipherbyname(SN_des_cbc);
@@ -179,14 +244,73 @@ static void load_ciphers(void)
EVP_get_cipherbyname(SN_aes_128_cbc);
ssl_cipher_methods[SSL_ENC_AES256_IDX]=
EVP_get_cipherbyname(SN_aes_256_cbc);
+ ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=
+ EVP_get_cipherbyname(SN_camellia_128_cbc);
+ ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
+ EVP_get_cipherbyname(SN_camellia_256_cbc);
+ ssl_cipher_methods[SSL_ENC_SEED_IDX]=
+ EVP_get_cipherbyname(SN_seed_cbc);
ssl_digest_methods[SSL_MD_MD5_IDX]=
EVP_get_digestbyname(SN_md5);
ssl_digest_methods[SSL_MD_SHA1_IDX]=
EVP_get_digestbyname(SN_sha1);
- init_ciphers=0;
}
+
+#ifndef OPENSSL_NO_COMP
+
+static int sk_comp_cmp(const SSL_COMP * const *a,
+ const SSL_COMP * const *b)
+ {
+ return((*a)->id-(*b)->id);
+ }
+
+static void load_builtin_compressions(void)
+ {
+ int got_write_lock = 0;
+
+ CRYPTO_r_lock(CRYPTO_LOCK_SSL);
+ if (ssl_comp_methods == NULL)
+ {
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+ got_write_lock = 1;
+
+ if (ssl_comp_methods == NULL)
+ {
+ SSL_COMP *comp = NULL;
+
+ MemCheck_off();
+ ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
+ if (ssl_comp_methods != NULL)
+ {
+ comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
+ if (comp != NULL)
+ {
+ comp->method=COMP_zlib();
+ if (comp->method
+ && comp->method->type == NID_undef)
+ OPENSSL_free(comp);
+ else
+ {
+ comp->id=SSL_COMP_ZLIB_IDX;
+ comp->name=comp->method->name;
+ sk_SSL_COMP_push(ssl_comp_methods,comp);
+ }
+ }
+ }
+ MemCheck_on();
+ }
+ }
+
+ if (got_write_lock)
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+ else
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
+ }
+#endif
+
int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
const EVP_MD **md, SSL_COMP **comp)
{
@@ -198,18 +322,14 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
if (comp != NULL)
{
SSL_COMP ctmp;
+#ifndef OPENSSL_NO_COMP
+ load_builtin_compressions();
+#endif
- if (s->compress_meth == 0)
- *comp=NULL;
- else if (ssl_comp_methods == NULL)
+ *comp=NULL;
+ ctmp.id=s->compress_meth;
+ if (ssl_comp_methods != NULL)
{
- /* bad */
- *comp=NULL;
- }
- else
- {
-
- ctmp.id=s->compress_meth;
i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
if (i >= 0)
*comp=sk_SSL_COMP_value(ssl_comp_methods,i);
@@ -248,6 +368,18 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
default: i=-1; break;
}
break;
+ case SSL_CAMELLIA:
+ switch(c->alg_bits)
+ {
+ case 128: i=SSL_ENC_CAMELLIA128_IDX; break;
+ case 256: i=SSL_ENC_CAMELLIA256_IDX; break;
+ default: i=-1; break;
+ }
+ break;
+ case SSL_SEED:
+ i=SSL_ENC_SEED_IDX;
+ break;
+
default:
i= -1;
break;
@@ -305,9 +437,18 @@ static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
*tail=curr;
}
-static unsigned long ssl_cipher_get_disabled(void)
+struct disabled_masks { /* This is a kludge no longer needed with OpenSSL 0.9.9,
+ * where 128-bit and 256-bit algorithms simply will get
+ * separate bits. */
+ unsigned long mask; /* everything except m256 */
+ unsigned long m256; /* applies to 256-bit algorithms only */
+};
+
+static struct disabled_masks ssl_cipher_get_disabled(void)
{
unsigned long mask;
+ unsigned long m256;
+ struct disabled_masks ret;
mask = SSL_kFZA;
#ifdef OPENSSL_NO_RSA
@@ -322,7 +463,9 @@ static unsigned long ssl_cipher_get_disabled(void)
#ifdef OPENSSL_NO_KRB5
mask |= SSL_kKRB5|SSL_aKRB5;
#endif
-
+#ifdef OPENSSL_NO_ECDH
+ mask |= SSL_kECDH|SSL_kECDHE;
+#endif
#ifdef SSL_FORBID_ENULL
mask |= SSL_eNULL;
#endif
@@ -333,17 +476,27 @@ static unsigned long ssl_cipher_get_disabled(void)
mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
- mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
+ mask |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
- return(mask);
+ /* finally consider algorithms where mask and m256 differ */
+ m256 = mask;
+ mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
+ mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0;
+ m256 |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES:0;
+ m256 |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA:0;
+
+ ret.mask = mask;
+ ret.m256 = m256;
+ return ret;
}
static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
- int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list,
- CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
+ int num_of_ciphers, unsigned long mask, unsigned long m256,
+ CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
+ CIPHER_ORDER **tail_p)
{
int i, co_list_num;
SSL_CIPHER *c;
@@ -360,13 +513,9 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
for (i = 0; i < num_of_ciphers; i++)
{
c = ssl_method->get_cipher(i);
+#define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask))
/* drop those that use any of that is not available */
-#ifdef OPENSSL_FIPS
- if ((c != NULL) && c->valid && !(c->algorithms & mask)
- && (!FIPS_mode() || (c->algo_strength & SSL_FIPS)))
-#else
- if ((c != NULL) && c->valid && !(c->algorithms & mask))
-#endif
+ if ((c != NULL) && c->valid && !IS_MASKED(c))
{
co_list[co_list_num].cipher = c;
co_list[co_list_num].next = NULL;
@@ -440,7 +589,8 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
*ca_curr = NULL; /* end of list */
}
-static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
+static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_version,
+ unsigned long algorithms, unsigned long mask,
unsigned long algo_strength, unsigned long mask_strength,
int rule, int strength_bits, CIPHER_ORDER *co_list,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
@@ -466,11 +616,20 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
cp = curr->cipher;
+ /* If explicit cipher suite, match only that one for its own protocol version.
+ * Usual selection criteria will be used for similar ciphersuites from other version! */
+
+ if (cipher_id && (cp->algorithms & SSL_SSL_MASK) == ssl_version)
+ {
+ if (cp->id != cipher_id)
+ continue;
+ }
+
/*
* Selection criteria is either the number of strength_bits
* or the algorithm used.
*/
- if (strength_bits == -1)
+ else if (strength_bits == -1)
{
ma = mask & cp->algorithms;
ma_s = mask_strength & cp->algo_strength;
@@ -501,8 +660,22 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
{
if (!curr->active)
{
- ll_append_tail(&head, curr, &tail);
- curr->active = 1;
+ int add_this_cipher = 1;
+
+ if (((cp->algorithms & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0))
+ {
+ /* Make sure "ECCdraft" ciphersuites are activated only if
+ * *explicitly* requested, but not implicitly (such as
+ * as part of the "AES" alias). */
+
+ add_this_cipher = (mask & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0 || cipher_id != 0;
+ }
+
+ if (add_this_cipher)
+ {
+ ll_append_tail(&head, curr, &tail);
+ curr->active = 1;
+ }
}
}
/* Move the added cipher to this location */
@@ -583,7 +756,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
*/
for (i = max_strength_bits; i >= 0; i--)
if (number_uses[i] > 0)
- ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
+ ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i,
co_list, head_p, tail_p);
OPENSSL_free(number_uses);
@@ -597,6 +770,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
unsigned long algorithms, mask, algo_strength, mask_strength;
const char *l, *start, *buf;
int j, multi, found, rule, retval, ok, buflen;
+ unsigned long cipher_id = 0, ssl_version = 0;
char ch;
retval = 1;
@@ -686,6 +860,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
* use strcmp(), because buf is not '\0' terminated.)
*/
j = found = 0;
+ cipher_id = 0;
+ ssl_version = 0;
while (ca_list[j])
{
if (!strncmp(buf, ca_list[j]->name, buflen) &&
@@ -714,6 +890,14 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
(algo_strength & ca_list[j]->algo_strength);
mask_strength |= ca_list[j]->mask_strength;
+ /* explicit ciphersuite found */
+ if (ca_list[j]->valid)
+ {
+ cipher_id = ca_list[j]->id;
+ ssl_version = ca_list[j]->algorithms & SSL_SSL_MASK;
+ break;
+ }
+
if (!multi) break;
}
@@ -738,18 +922,18 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
* rest of the command, if any left, until
* end or ':' is found.
*/
- while ((*l != '\0') && ITEM_SEP(*l))
+ while ((*l != '\0') && !ITEM_SEP(*l))
l++;
}
else if (found)
{
- ssl_cipher_apply_rule(algorithms, mask,
+ ssl_cipher_apply_rule(cipher_id, ssl_version, algorithms, mask,
algo_strength, mask_strength, rule, -1,
co_list, head_p, tail_p);
}
else
{
- while ((*l != '\0') && ITEM_SEP(*l))
+ while ((*l != '\0') && !ITEM_SEP(*l))
l++;
}
if (*l == '\0') break; /* done */
@@ -765,6 +949,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
{
int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
unsigned long disabled_mask;
+ unsigned long disabled_m256;
STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
const char *rule_p;
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
@@ -776,18 +961,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
return NULL;
- if (init_ciphers)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL);
- if (init_ciphers) load_ciphers();
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
- }
-
/*
* To reduce the work to do we only want to process the compiled
* in algorithms, so we first get the mask of disabled ciphers.
*/
- disabled_mask = ssl_cipher_get_disabled();
+ {
+ struct disabled_masks d;
+ d = ssl_cipher_get_disabled();
+ disabled_mask = d.mask;
+ disabled_m256 = d.m256;
+ }
/*
* Now we have to collect the available ciphers from the compiled
@@ -806,7 +989,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
}
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
- co_list, &head, &tail);
+ disabled_m256, co_list, &head, &tail);
/*
* We also need cipher aliases for selecting based on the rule_str.
@@ -826,8 +1009,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
return(NULL); /* Failure */
}
- ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mask,
- head);
+ ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
+ (disabled_mask & disabled_m256), head);
/*
* If the rule_string begins with DEFAULT, apply the default rule
@@ -871,11 +1054,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
*/
for (curr = head; curr != NULL; curr = curr->next)
{
-#ifdef OPENSSL_FIPS
- if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
-#else
if (curr->active)
-#endif
{
sk_SSL_CIPHER_push(cipherstack, curr->cipher);
#ifdef CIPHER_DEBUG
@@ -897,7 +1076,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
if (*cipher_list_by_id != NULL)
sk_SSL_CIPHER_free(*cipher_list_by_id);
*cipher_list_by_id = tmp_cipher_list;
- sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
+ (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
return(cipherstack);
}
@@ -905,13 +1084,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
{
int is_export,pkl,kl;
- char *ver,*exp_str;
- char *kx,*au,*enc,*mac;
+ const char *ver,*exp_str;
+ const char *kx,*au,*enc,*mac;
unsigned long alg,alg2,alg_s;
#ifdef KSSL_DEBUG
- static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
+ static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
#else
- static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
+ static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
#endif /* KSSL_DEBUG */
alg=cipher->algorithms;
@@ -922,7 +1101,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
kl=SSL_C_EXPORT_KEYLENGTH(cipher);
exp_str=is_export?" export":"";
-
+
if (alg & SSL_SSLV2)
ver="SSLv2";
else if (alg & SSL_SSLV3)
@@ -951,6 +1130,10 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
case SSL_kEDH:
kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
break;
+ case SSL_kECDH:
+ case SSL_kECDHE:
+ kx=is_export?"ECDH(<=163)":"ECDH";
+ break;
default:
kx="unknown";
}
@@ -974,6 +1157,9 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
case SSL_aNULL:
au="None";
break;
+ case SSL_aECDSA:
+ au="ECDSA";
+ break;
default:
au="unknown";
break;
@@ -1012,6 +1198,18 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
default: enc="AES(?""?""?)"; break;
}
break;
+ case SSL_CAMELLIA:
+ switch(cipher->strength_bits)
+ {
+ case 128: enc="Camellia(128)"; break;
+ case 256: enc="Camellia(256)"; break;
+ default: enc="Camellia(?""?""?)"; break;
+ }
+ break;
+ case SSL_SEED:
+ enc="SEED(128)";
+ break;
+
default:
enc="unknown";
break;
@@ -1098,35 +1296,63 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
return(NULL);
}
-static int sk_comp_cmp(const SSL_COMP * const *a,
- const SSL_COMP * const *b)
+#ifdef OPENSSL_NO_COMP
+void *SSL_COMP_get_compression_methods(void)
{
- return((*a)->id-(*b)->id);
+ return NULL;
+ }
+int SSL_COMP_add_compression_method(int id, void *cm)
+ {
+ return 1;
}
+const char *SSL_COMP_get_name(const void *comp)
+ {
+ return NULL;
+ }
+#else
STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
{
+ load_builtin_compressions();
return(ssl_comp_methods);
}
int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
{
SSL_COMP *comp;
- STACK_OF(SSL_COMP) *sk;
if (cm == NULL || cm->type == NID_undef)
return 1;
+ /* According to draft-ietf-tls-compression-04.txt, the
+ compression number ranges should be the following:
+
+ 0 to 63: methods defined by the IETF
+ 64 to 192: external party methods assigned by IANA
+ 193 to 255: reserved for private use */
+ if (id < 193 || id > 255)
+ {
+ SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
+ return 0;
+ }
+
MemCheck_off();
comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
comp->id=id;
comp->method=cm;
- if (ssl_comp_methods == NULL)
- sk=ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
- else
- sk=ssl_comp_methods;
- if ((sk == NULL) || !sk_SSL_COMP_push(sk,comp))
+ load_builtin_compressions();
+ if (ssl_comp_methods
+ && !sk_SSL_COMP_find(ssl_comp_methods,comp))
{
+ OPENSSL_free(comp);
+ MemCheck_on();
+ SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);
+ return(1);
+ }
+ else if ((ssl_comp_methods == NULL)
+ || !sk_SSL_COMP_push(ssl_comp_methods,comp))
+ {
+ OPENSSL_free(comp);
MemCheck_on();
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
return(1);
@@ -1137,3 +1363,12 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
return(0);
}
}
+
+const char *SSL_COMP_get_name(const COMP_METHOD *comp)
+ {
+ if (comp)
+ return comp->name;
+ return NULL;
+ }
+
+#endif
diff --git a/lib/libssl/src/ssl/ssl_err.c b/lib/libssl/src/ssl/ssl_err.c
index 4bcf591298b..50779c16325 100644
--- a/lib/libssl/src/ssl/ssl_err.c
+++ b/lib/libssl/src/ssl/ssl_err.c
@@ -1,6 +1,6 @@
/* ssl/ssl_err.c */
/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -75,7 +75,32 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
{ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"},
{ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"},
+{ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"},
{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
+{ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"},
+{ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"},
+{ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"},
+{ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"},
+{ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"},
+{ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"},
+{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"},
+{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"},
+{ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"},
+{ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"},
+{ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"},
+{ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
+{ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"},
+{ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"},
+{ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"},
+{ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"},
{ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"},
{ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"},
{ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"},
@@ -116,6 +141,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"},
{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"},
+{ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"},
{ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"},
{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"},
{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"},
@@ -123,10 +149,12 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"},
{ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"},
{ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"},
+{ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"},
{ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"},
{ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"},
{ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"},
{ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"},
+{ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"},
{ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"},
{ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"},
{ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"},
@@ -142,8 +170,10 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"},
{ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"},
{ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"},
+{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"},
{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"},
{ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"},
+{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"},
{ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"},
{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"},
{ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"},
@@ -151,6 +181,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"},
{ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"},
{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
+{ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"},
{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"},
{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
@@ -182,6 +213,9 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"},
{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
{ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"},
+{ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
+{ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"},
+{ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"},
{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
@@ -201,6 +235,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
{ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"},
{ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"},
+{ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"},
{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"},
{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"},
{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"},
@@ -234,6 +269,9 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"},
{ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"},
{ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"},
+{ERR_REASON(SSL_R_BAD_ECC_CERT) ,"bad ecc cert"},
+{ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) ,"bad ecdsa signature"},
+{ERR_REASON(SSL_R_BAD_ECPOINT) ,"bad ecpoint"},
{ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"},
{ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"},
{ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"},
@@ -263,17 +301,22 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},
{ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"},
{ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},
+{ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) ,"clienthello tlsext"},
{ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"},
{ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"},
+{ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"},
{ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"},
{ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"},
{ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"},
+{ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"},
{ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"},
{ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"},
{ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"},
{ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"},
{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},
{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"},
+{ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"},
+{ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"},
{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},
{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},
{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"},
@@ -286,6 +329,8 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
{ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"},
{ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"},
+{ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"},
+{ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"},
{ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"},
{ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"},
{ERR_REASON(SSL_R_KRB5) ,"krb5"},
@@ -314,6 +359,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"},
{ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"},
{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"},
+{ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) ,"missing tmp ecdh key"},
{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"},
{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"},
{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
@@ -342,6 +388,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"},
{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"},
{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"},
+{ERR_REASON(SSL_R_PARSE_TLSEXT) ,"parse tlsext"},
{ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"},
{ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"},
{ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"},
@@ -356,6 +403,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"},
{ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
{ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"},
+{ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) ,"read timeout expired"},
{ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"},
{ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"},
{ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"},
@@ -364,11 +412,14 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"},
{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"},
{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"},
+{ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"},
{ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
{ERR_REASON(SSL_R_SHORT_READ) ,"short read"},
{ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},
{ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},
{ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"},
+{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"},
+{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"},
{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"},
{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"},
{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"},
@@ -403,12 +454,15 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"},
{ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"},
{ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"},
+{ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"},
{ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"},
{ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"},
{ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"},
{ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"},
+{ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),"unable to decode ecdh certs"},
{ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"},
{ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"},
+{ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),"unable to find ecdh parameters"},
{ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"},
{ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"},
{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"},
@@ -429,8 +483,10 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"},
{ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
{ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
+{ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"},
{ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"},
{ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"},
+{ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE),"unsupported status type"},
{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"},
{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"},
{ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"},
@@ -448,15 +504,12 @@ static ERR_STRING_DATA SSL_str_reasons[]=
void ERR_load_SSL_strings(void)
{
- static int init=1;
+#ifndef OPENSSL_NO_ERR
- if (init)
+ if (ERR_func_error_string(SSL_str_functs[0].error) == NULL)
{
- init=0;
-#ifndef OPENSSL_NO_ERR
ERR_load_strings(0,SSL_str_functs);
ERR_load_strings(0,SSL_str_reasons);
-#endif
-
}
+#endif
}
diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c
index 0f4b7a475b7..31f63183575 100644
--- a/lib/libssl/src/ssl/ssl_lib.c
+++ b/lib/libssl/src/ssl/ssl_lib.c
@@ -110,7 +110,11 @@
* Hudson (tjh@cryptsoft.com).
*
*/
-
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
#ifdef REF_CHECK
# include <assert.h>
@@ -121,7 +125,11 @@
#include <openssl/objects.h>
#include <openssl/lhash.h>
#include <openssl/x509v3.h>
-#include <openssl/fips.h>
+#include <openssl/rand.h>
+#include <openssl/ocsp.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
const char *SSL_version_str=OPENSSL_VERSION_TEXT;
@@ -132,7 +140,14 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={
ssl_undefined_function,
(int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
(int (*)(SSL*, int))ssl_undefined_function,
- (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function
+ (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function,
+ 0, /* finish_mac_length */
+ (int (*)(SSL *, EVP_MD_CTX *, unsigned char *))ssl_undefined_function,
+ NULL, /* client_finished_label */
+ 0, /* client_finished_label_len */
+ NULL, /* server_finished_label */
+ 0, /* server_finished_label_len */
+ (int (*)(int))ssl_undefined_function
};
int SSL_clear(SSL *s)
@@ -272,19 +287,40 @@ SSL *SSL_new(SSL_CTX *ctx)
s->msg_callback=ctx->msg_callback;
s->msg_callback_arg=ctx->msg_callback_arg;
s->verify_mode=ctx->verify_mode;
+#if 0
s->verify_depth=ctx->verify_depth;
+#endif
s->sid_ctx_length=ctx->sid_ctx_length;
OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
s->verify_callback=ctx->default_verify_callback;
s->generate_session_id=ctx->generate_session_id;
+
+ s->param = X509_VERIFY_PARAM_new();
+ if (!s->param)
+ goto err;
+ X509_VERIFY_PARAM_inherit(s->param, ctx->param);
+#if 0
s->purpose = ctx->purpose;
s->trust = ctx->trust;
+#endif
s->quiet_shutdown=ctx->quiet_shutdown;
CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
s->ctx=ctx;
-
+#ifndef OPENSSL_NO_TLSEXT
+ s->tlsext_debug_cb = 0;
+ s->tlsext_debug_arg = NULL;
+ s->tlsext_ticket_expected = 0;
+ s->tlsext_status_type = -1;
+ s->tlsext_status_expected = 0;
+ s->tlsext_ocsp_ids = NULL;
+ s->tlsext_ocsp_exts = NULL;
+ s->tlsext_ocsp_resp = NULL;
+ s->tlsext_ocsp_resplen = -1;
+ CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
+ s->initial_ctx=ctx;
+#endif
s->verify_result=X509_V_OK;
s->method=ctx->method;
@@ -393,22 +429,22 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
{
- return X509_PURPOSE_set(&s->purpose, purpose);
+ return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
}
int SSL_set_purpose(SSL *s, int purpose)
{
- return X509_PURPOSE_set(&s->purpose, purpose);
+ return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
}
int SSL_CTX_set_trust(SSL_CTX *s, int trust)
{
- return X509_TRUST_set(&s->trust, trust);
+ return X509_VERIFY_PARAM_set_trust(s->param, trust);
}
int SSL_set_trust(SSL *s, int trust)
{
- return X509_TRUST_set(&s->trust, trust);
+ return X509_VERIFY_PARAM_set_trust(s->param, trust);
}
void SSL_free(SSL *s)
@@ -431,6 +467,9 @@ void SSL_free(SSL *s)
}
#endif
+ if (s->param)
+ X509_VERIFY_PARAM_free(s->param);
+
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
if (s->bbio != NULL)
@@ -467,7 +506,16 @@ void SSL_free(SSL *s)
/* Free up if allocated */
if (s->ctx) SSL_CTX_free(s->ctx);
-
+#ifndef OPENSSL_NO_TLSEXT
+ if (s->initial_ctx) SSL_CTX_free(s->initial_ctx);
+ if (s->tlsext_ocsp_exts)
+ sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
+ X509_EXTENSION_free);
+ if (s->tlsext_ocsp_ids)
+ sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
+ if (s->tlsext_ocsp_resp)
+ OPENSSL_free(s->tlsext_ocsp_resp);
+#endif
if (s->client_CA != NULL)
sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
@@ -643,7 +691,7 @@ int SSL_get_verify_mode(const SSL *s)
int SSL_get_verify_depth(const SSL *s)
{
- return(s->verify_depth);
+ return X509_VERIFY_PARAM_get_depth(s->param);
}
int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *)
@@ -658,7 +706,7 @@ int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
{
- return(ctx->verify_depth);
+ return X509_VERIFY_PARAM_get_depth(ctx->param);
}
int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *)
@@ -676,7 +724,7 @@ void SSL_set_verify(SSL *s,int mode,
void SSL_set_verify_depth(SSL *s,int depth)
{
- s->verify_depth=depth;
+ X509_VERIFY_PARAM_set_depth(s->param, depth);
}
void SSL_set_read_ahead(SSL *s,int yes)
@@ -850,7 +898,7 @@ int SSL_peek(SSL *s,void *buf,int num)
{
if (s->handshake_func == 0)
{
- SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
+ SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
return -1;
}
@@ -941,12 +989,19 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
l=s->max_cert_list;
s->max_cert_list=larg;
return(l);
+ case SSL_CTRL_SET_MTU:
+ if (SSL_version(s) == DTLS1_VERSION)
+ {
+ s->d1->mtu = larg;
+ return larg;
+ }
+ return 0;
default:
return(s->method->ssl_ctrl(s,cmd,larg,parg));
}
}
-long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)())
+long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
{
switch(cmd)
{
@@ -1034,7 +1089,7 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
}
}
-long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
+long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
{
switch(cmd)
{
@@ -1269,6 +1324,29 @@ err:
return(NULL);
}
+#ifndef OPENSSL_NO_TLSEXT
+/** return a servername extension value if provided in Client Hello, or NULL.
+ * So far, only host_name types are defined (RFC 3546).
+ */
+
+const char *SSL_get_servername(const SSL *s, const int type)
+ {
+ if (type != TLSEXT_NAMETYPE_host_name)
+ return NULL;
+
+ return s->session && !s->tlsext_hostname ?
+ s->session->tlsext_hostname :
+ s->tlsext_hostname;
+ }
+
+int SSL_get_servername_type(const SSL *s)
+ {
+ if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname))
+ return TLSEXT_NAMETYPE_host_name;
+ return -1;
+ }
+#endif
+
unsigned long SSL_SESSION_hash(const SSL_SESSION *a)
{
unsigned long l;
@@ -1312,14 +1390,6 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
return(NULL);
}
-#ifdef OPENSSL_FIPS
- if (FIPS_mode() && (meth->version < TLS1_VERSION))
- {
- SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
- return NULL;
- }
-#endif
-
if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
{
SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
@@ -1368,7 +1438,9 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
ret->msg_callback=0;
ret->msg_callback_arg=NULL;
ret->verify_mode=SSL_VERIFY_NONE;
+#if 0
ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
+#endif
ret->sid_ctx_length=0;
ret->default_verify_callback=NULL;
if ((ret->cert=ssl_cert_new()) == NULL)
@@ -1377,6 +1449,8 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
ret->default_passwd_callback=0;
ret->default_passwd_callback_userdata=NULL;
ret->client_cert_cb=0;
+ ret->app_gen_cookie_cb=0;
+ ret->app_verify_cookie_cb=0;
ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash),
LHASH_COMP_FN(SSL_SESSION_cmp));
@@ -1394,6 +1468,10 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
goto err2;
}
+ ret->param = X509_VERIFY_PARAM_new();
+ if (!ret->param)
+ goto err;
+
if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
{
SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
@@ -1418,6 +1496,20 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
ret->extra_certs=NULL;
ret->comp_methods=SSL_COMP_get_compression_methods();
+#ifndef OPENSSL_NO_TLSEXT
+ ret->tlsext_servername_callback = 0;
+ ret->tlsext_servername_arg = NULL;
+ /* Setup RFC4507 ticket keys */
+ if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
+ || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
+ || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
+ ret->options |= SSL_OP_NO_TICKET;
+
+ ret->tlsext_status_cb = 0;
+ ret->tlsext_status_arg = NULL;
+
+#endif
+
return(ret);
err:
SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
@@ -1450,6 +1542,9 @@ void SSL_CTX_free(SSL_CTX *a)
}
#endif
+ if (a->param)
+ X509_VERIFY_PARAM_free(a->param);
+
/*
* Free internal session cache. However: the remove_cb() may reference
* the ex_data of SSL_CTX, thus the ex_data store can only be removed
@@ -1512,7 +1607,7 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
{
- ctx->verify_depth=depth;
+ X509_VERIFY_PARAM_set_depth(ctx->param, depth);
}
void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
@@ -1522,6 +1617,13 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
int rsa_enc_export,dh_rsa_export,dh_dsa_export;
int rsa_tmp_export,dh_tmp_export,kl;
unsigned long mask,emask;
+ int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
+#ifndef OPENSSL_NO_ECDH
+ int have_ecdh_tmp;
+#endif
+ X509 *x = NULL;
+ EVP_PKEY *ecc_pkey = NULL;
+ int signature_nid = 0;
if (c == NULL) return;
@@ -1542,6 +1644,9 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
dh_tmp=dh_tmp_export=0;
#endif
+#ifndef OPENSSL_NO_ECDH
+ have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
+#endif
cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
@@ -1556,7 +1661,8 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
/* FIX THIS EAY EAY EAY */
dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
-
+ cpk= &(c->pkeys[SSL_PKEY_ECC]);
+ have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL);
mask=0;
emask=0;
@@ -1613,11 +1719,127 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
emask|=SSL_kKRB5|SSL_aKRB5;
#endif
+ /* An ECC certificate may be usable for ECDH and/or
+ * ECDSA cipher suites depending on the key usage extension.
+ */
+ if (have_ecc_cert)
+ {
+ /* This call populates extension flags (ex_flags) */
+ x = (c->pkeys[SSL_PKEY_ECC]).x509;
+ X509_check_purpose(x, -1, 0);
+ ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
+ (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
+ ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
+ (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
+ ecc_pkey = X509_get_pubkey(x);
+ ecc_pkey_size = (ecc_pkey != NULL) ?
+ EVP_PKEY_bits(ecc_pkey) : 0;
+ EVP_PKEY_free(ecc_pkey);
+ if ((x->sig_alg) && (x->sig_alg->algorithm))
+ signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
+#ifndef OPENSSL_NO_ECDH
+ if (ecdh_ok)
+ {
+ if ((signature_nid == NID_md5WithRSAEncryption) ||
+ (signature_nid == NID_md4WithRSAEncryption) ||
+ (signature_nid == NID_md2WithRSAEncryption))
+ {
+ mask|=SSL_kECDH|SSL_aRSA;
+ if (ecc_pkey_size <= 163)
+ emask|=SSL_kECDH|SSL_aRSA;
+ }
+ if (signature_nid == NID_ecdsa_with_SHA1)
+ {
+ mask|=SSL_kECDH|SSL_aECDSA;
+ if (ecc_pkey_size <= 163)
+ emask|=SSL_kECDH|SSL_aECDSA;
+ }
+ }
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (ecdsa_ok)
+ {
+ mask|=SSL_aECDSA;
+ emask|=SSL_aECDSA;
+ }
+#endif
+ }
+
+#ifndef OPENSSL_NO_ECDH
+ if (have_ecdh_tmp)
+ {
+ mask|=SSL_kECDHE;
+ emask|=SSL_kECDHE;
+ }
+#endif
c->mask=mask;
c->export_mask=emask;
c->valid=1;
}
+/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
+#define ku_reject(x, usage) \
+ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
+
+int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
+ {
+ unsigned long alg = cs->algorithms;
+ EVP_PKEY *pkey = NULL;
+ int keysize = 0;
+ int signature_nid = 0;
+
+ if (SSL_C_IS_EXPORT(cs))
+ {
+ /* ECDH key length in export ciphers must be <= 163 bits */
+ pkey = X509_get_pubkey(x);
+ if (pkey == NULL) return 0;
+ keysize = EVP_PKEY_bits(pkey);
+ EVP_PKEY_free(pkey);
+ if (keysize > 163) return 0;
+ }
+
+ /* This call populates the ex_flags field correctly */
+ X509_check_purpose(x, -1, 0);
+ if ((x->sig_alg) && (x->sig_alg->algorithm))
+ signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
+ if (alg & SSL_kECDH)
+ {
+ /* key usage, if present, must allow key agreement */
+ if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))
+ {
+ return 0;
+ }
+ if (alg & SSL_aECDSA)
+ {
+ /* signature alg must be ECDSA */
+ if (signature_nid != NID_ecdsa_with_SHA1)
+ {
+ return 0;
+ }
+ }
+ if (alg & SSL_aRSA)
+ {
+ /* signature alg must be RSA */
+ if ((signature_nid != NID_md5WithRSAEncryption) &&
+ (signature_nid != NID_md4WithRSAEncryption) &&
+ (signature_nid != NID_md2WithRSAEncryption))
+ {
+ return 0;
+ }
+ }
+ }
+ else if (alg & SSL_aECDSA)
+ {
+ /* key usage, if present, must allow signing */
+ if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))
+ {
+ return 0;
+ }
+ }
+
+ return 1; /* all checks are ok */
+ }
+
/* THIS NEEDS CLEANING UP */
X509 *ssl_get_server_send_cert(SSL *s)
{
@@ -1632,7 +1854,26 @@ X509 *ssl_get_server_send_cert(SSL *s)
mask=is_export?c->export_mask:c->mask;
kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
- if (kalg & SSL_kDHr)
+ if (kalg & SSL_kECDH)
+ {
+ /* we don't need to look at SSL_kECDHE
+ * since no certificate is needed for
+ * anon ECDH and for authenticated
+ * ECDHE, the check for the auth
+ * algorithm will set i correctly
+ * NOTE: For ECDH-RSA, we need an ECC
+ * not an RSA cert but for ECDHE-RSA
+ * we need an RSA cert. Placing the
+ * checks for SSL_kECDH before RSA
+ * checks ensures the correct cert is chosen.
+ */
+ i=SSL_PKEY_ECC;
+ }
+ else if (kalg & SSL_aECDSA)
+ {
+ i=SSL_PKEY_ECC;
+ }
+ else if (kalg & SSL_kDHr)
i=SSL_PKEY_DH_RSA;
else if (kalg & SSL_kDHd)
i=SSL_PKEY_DH_DSA;
@@ -1656,6 +1897,7 @@ X509 *ssl_get_server_send_cert(SSL *s)
return(NULL);
}
if (c->pkeys[i].x509 == NULL) return(NULL);
+
return(c->pkeys[i].x509);
}
@@ -1679,6 +1921,9 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
else
return(NULL);
}
+ else if ((alg & SSL_aECDSA) &&
+ (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
+ return(c->pkeys[SSL_PKEY_ECC].privatekey);
else /* if (alg & SSL_aNULL) */
{
SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
@@ -1884,6 +2129,12 @@ int ssl_undefined_function(SSL *s)
return(0);
}
+int ssl_undefined_void_function(void)
+ {
+ SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return(0);
+ }
+
int ssl_undefined_const_function(const SSL *s)
{
SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
@@ -1999,8 +2250,8 @@ SSL *SSL_dup(SSL *s)
ret->rstate=s->rstate;
ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */
ret->hit=s->hit;
- ret->purpose=s->purpose;
- ret->trust=s->trust;
+
+ X509_VERIFY_PARAM_inherit(ret->param, s->param);
/* dup the cipher_list and cipher_list_by_id stacks */
if (s->cipher_list != NULL)
@@ -2052,6 +2303,7 @@ void ssl_clear_cipher_ctx(SSL *s)
OPENSSL_free(s->enc_write_ctx);
s->enc_write_ctx=NULL;
}
+#ifndef OPENSSL_NO_COMP
if (s->expand != NULL)
{
COMP_CTX_free(s->expand);
@@ -2062,6 +2314,7 @@ void ssl_clear_cipher_ctx(SSL *s)
COMP_CTX_free(s->compress);
s->compress=NULL;
}
+#endif
}
/* Fix this function so that it takes an optional type parameter */
@@ -2088,6 +2341,31 @@ SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
return(s->session->cipher);
return(NULL);
}
+#ifdef OPENSSL_NO_COMP
+const void *SSL_get_current_compression(SSL *s)
+ {
+ return NULL;
+ }
+const void *SSL_get_current_expansion(SSL *s)
+ {
+ return NULL;
+ }
+#else
+
+const COMP_METHOD *SSL_get_current_compression(SSL *s)
+ {
+ if (s->compress != NULL)
+ return(s->compress->meth);
+ return(NULL);
+ }
+
+const COMP_METHOD *SSL_get_current_expansion(SSL *s)
+ {
+ if (s->expand != NULL)
+ return(s->expand->meth);
+ return(NULL);
+ }
+#endif
int ssl_init_wbio_buffer(SSL *s,int push)
{
@@ -2181,6 +2459,24 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
return(ssl->ctx);
}
+SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
+ {
+ if (ssl->ctx == ctx)
+ return ssl->ctx;
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx == NULL)
+ ctx = ssl->initial_ctx;
+#endif
+ if (ssl->cert != NULL)
+ ssl_cert_free(ssl->cert);
+ ssl->cert = ssl_cert_dup(ctx->cert);
+ CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
+ if (ssl->ctx != NULL)
+ SSL_CTX_free(ssl->ctx); /* decrement reference count */
+ ssl->ctx = ctx;
+ return(ssl->ctx);
+ }
+
#ifndef OPENSSL_NO_STDIO
int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
{
@@ -2190,19 +2486,19 @@ int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
const char *CApath)
{
- int r;
- r=X509_STORE_load_locations(ctx->cert_store,CAfile,CApath);
- return r;
+ return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
}
#endif
void SSL_set_info_callback(SSL *ssl,
- void (*cb)(const SSL *ssl,int type,int val))
+ void (*cb)(const SSL *ssl,int type,int val))
{
ssl->info_callback=cb;
}
-void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val)
+/* One compiler (Diab DCC) doesn't like argument names in returned
+ function pointer. */
+void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
{
return ssl->info_callback;
}
@@ -2289,14 +2585,14 @@ void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
int is_export,
int keylength))
{
- SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb);
+ SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
}
void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
int is_export,
int keylength))
{
- SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb);
+ SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
}
#endif
@@ -2325,24 +2621,38 @@ RSA *cb(SSL *ssl,int is_export,int keylength)
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
int keylength))
{
- SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
+ SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
}
void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
int keylength))
{
- SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
+ SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
+ }
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
+ int keylength))
+ {
+ SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
+ }
+
+void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
+ int keylength))
+ {
+ SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
}
#endif
void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
{
- SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)())cb);
+ SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
}
void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
{
- SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)())cb);
+ SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
}
diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h
index 6a0b7595f44..de94c0d0c74 100644
--- a/lib/libssl/src/ssl/ssl_locl.h
+++ b/lib/libssl/src/ssl/ssl_locl.h
@@ -108,6 +108,11 @@
* Hudson (tjh@cryptsoft.com).
*
*/
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
#ifndef HEADER_SSL_LOCL_H
#define HEADER_SSL_LOCL_H
@@ -121,10 +126,13 @@
#include <openssl/buffer.h>
#include <openssl/comp.h>
#include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/evp.h>
#include <openssl/stack.h>
-#include <openssl/x509.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/symhacks.h>
@@ -172,6 +180,20 @@
*((c)++)=(unsigned char)(((l)>> 8)&0xff), \
*((c)++)=(unsigned char)(((l) )&0xff))
+#define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>32)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff))
+
+#define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \
+ l|=((BN_ULLONG)(*((c)++)))<<32, \
+ l|=((BN_ULLONG)(*((c)++)))<<24, \
+ l|=((BN_ULLONG)(*((c)++)))<<16, \
+ l|=((BN_ULLONG)(*((c)++)))<< 8, \
+ l|=((BN_ULLONG)(*((c)++))))
+
/* NOTE - c is not incremented as per l2c */
#define l2cn(l1,l2,c,n) { \
c+=n; \
@@ -227,52 +249,58 @@
* that the different entities within are mutually exclusive:
* ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
*/
-#define SSL_MKEY_MASK 0x0000003FL
+#define SSL_MKEY_MASK 0x000000FFL
#define SSL_kRSA 0x00000001L /* RSA key exchange */
#define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */
#define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */
#define SSL_kFZA 0x00000008L
#define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */
#define SSL_kKRB5 0x00000020L /* Kerberos5 key exchange */
+#define SSL_kECDH 0x00000040L /* ECDH w/ long-term keys */
+#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */
#define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL))
-#define SSL_AUTH_MASK 0x00000FC0L
-#define SSL_aRSA 0x00000040L /* Authenticate with RSA */
-#define SSL_aDSS 0x00000080L /* Authenticate with DSS */
+#define SSL_AUTH_MASK 0x00007F00L
+#define SSL_aRSA 0x00000100L /* Authenticate with RSA */
+#define SSL_aDSS 0x00000200L /* Authenticate with DSS */
#define SSL_DSS SSL_aDSS
-#define SSL_aFZA 0x00000100L
-#define SSL_aNULL 0x00000200L /* no Authenticate, ADH */
-#define SSL_aDH 0x00000400L /* no Authenticate, ADH */
-#define SSL_aKRB5 0x00000800L /* Authenticate with KRB5 */
+#define SSL_aFZA 0x00000400L
+#define SSL_aNULL 0x00000800L /* no Authenticate, ADH */
+#define SSL_aDH 0x00001000L /* no Authenticate, ADH */
+#define SSL_aKRB5 0x00002000L /* Authenticate with KRB5 */
+#define SSL_aECDSA 0x00004000L /* Authenticate with ECDSA */
#define SSL_NULL (SSL_eNULL)
#define SSL_ADH (SSL_kEDH|SSL_aNULL)
#define SSL_RSA (SSL_kRSA|SSL_aRSA)
#define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH)
+#define SSL_ECDH (SSL_kECDH|SSL_kECDHE)
#define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA)
#define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5)
-#define SSL_ENC_MASK 0x0087F000L
-#define SSL_DES 0x00001000L
-#define SSL_3DES 0x00002000L
-#define SSL_RC4 0x00004000L
-#define SSL_RC2 0x00008000L
-#define SSL_IDEA 0x00010000L
-#define SSL_eFZA 0x00020000L
-#define SSL_eNULL 0x00040000L
-#define SSL_AES 0x00800000L
-
-#define SSL_MAC_MASK 0x00180000L
-#define SSL_MD5 0x00080000L
-#define SSL_SHA1 0x00100000L
+#define SSL_ENC_MASK 0x1C3F8000L
+#define SSL_DES 0x00008000L
+#define SSL_3DES 0x00010000L
+#define SSL_RC4 0x00020000L
+#define SSL_RC2 0x00040000L
+#define SSL_IDEA 0x00080000L
+#define SSL_eFZA 0x00100000L
+#define SSL_eNULL 0x00200000L
+#define SSL_AES 0x04000000L
+#define SSL_CAMELLIA 0x08000000L
+#define SSL_SEED 0x10000000L
+
+#define SSL_MAC_MASK 0x00c00000L
+#define SSL_MD5 0x00400000L
+#define SSL_SHA1 0x00800000L
#define SSL_SHA (SSL_SHA1)
-#define SSL_SSL_MASK 0x00600000L
-#define SSL_SSLV2 0x00200000L
-#define SSL_SSLV3 0x00400000L
+#define SSL_SSL_MASK 0x03000000L
+#define SSL_SSLV2 0x01000000L
+#define SSL_SSLV3 0x02000000L
#define SSL_TLSV1 SSL_SSLV3 /* for now */
-/* we have used 007fffff - 9 bits left to go */
+/* we have used 1fffffff - 3 bits left to go. */
/*
* Export and cipher strength information. For each cipher we have to decide
@@ -302,9 +330,8 @@
#define SSL_LOW 0x00000020L
#define SSL_MEDIUM 0x00000040L
#define SSL_HIGH 0x00000080L
-#define SSL_FIPS 0x00000100L
-/* we have used 000001ff - 23 bits left to go */
+/* we have used 000000ff - 24 bits left to go */
/*
* Macros to check the export status and cipher strength for export ciphers.
@@ -345,7 +372,8 @@
#define SSL_PKEY_DSA_SIGN 2
#define SSL_PKEY_DH_RSA 3
#define SSL_PKEY_DH_DSA 4
-#define SSL_PKEY_NUM 5
+#define SSL_PKEY_ECC 5
+#define SSL_PKEY_NUM 6
/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
* <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
@@ -361,6 +389,15 @@
#define CERT_PRIVATE_KEY 2
*/
+#ifndef OPENSSL_NO_EC
+/* From ECC-TLS draft, used in encoding the curve type in
+ * ECParameters
+ */
+#define EXPLICIT_PRIME_CURVE_TYPE 1
+#define EXPLICIT_CHAR2_CURVE_TYPE 2
+#define NAMED_CURVE_TYPE 3
+#endif /* OPENSSL_NO_EC */
+
typedef struct cert_pkey_st
{
X509 *x509;
@@ -387,6 +424,11 @@ typedef struct cert_st
DH *dh_tmp;
DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
#endif
+#ifndef OPENSSL_NO_ECDH
+ EC_KEY *ecdh_tmp;
+ /* Callback for generating ephemeral ECDH keys */
+ EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize);
+#endif
CERT_PKEY pkeys[SSL_PKEY_NUM];
@@ -412,6 +454,9 @@ typedef struct sess_cert_st
#ifndef OPENSSL_NO_DH
DH *peer_dh_tmp; /* not used for SSL 2 */
#endif
+#ifndef OPENSSL_NO_ECDH
+ EC_KEY *peer_ecdh_tmp;
+#endif
int references; /* actually always 1 at the moment */
} SESS_CERT;
@@ -466,17 +511,201 @@ extern SSL3_ENC_METHOD ssl3_undef_enc_method;
OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
-#ifdef OPENSSL_SYS_VMS
-#undef SSL_COMP_get_compression_methods
-#define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods
-#endif
-
SSL_METHOD *ssl_bad_method(int ver);
SSL_METHOD *sslv2_base_method(void);
SSL_METHOD *sslv23_base_method(void);
SSL_METHOD *sslv3_base_method(void);
+extern SSL3_ENC_METHOD TLSv1_enc_data;
+extern SSL3_ENC_METHOD SSLv3_enc_data;
+extern SSL3_ENC_METHOD DTLSv1_enc_data;
+
+#define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+SSL_METHOD *func_name(void) \
+ { \
+ static SSL_METHOD func_name##_data= { \
+ TLS1_VERSION, \
+ tls1_new, \
+ tls1_clear, \
+ tls1_free, \
+ s_accept, \
+ s_connect, \
+ ssl3_read, \
+ ssl3_peek, \
+ ssl3_write, \
+ ssl3_shutdown, \
+ ssl3_renegotiate, \
+ ssl3_renegotiate_check, \
+ ssl3_get_message, \
+ ssl3_read_bytes, \
+ ssl3_write_bytes, \
+ ssl3_dispatch_alert, \
+ ssl3_ctrl, \
+ ssl3_ctx_ctrl, \
+ ssl3_get_cipher_by_char, \
+ ssl3_put_cipher_by_char, \
+ ssl3_pending, \
+ ssl3_num_ciphers, \
+ ssl3_get_cipher, \
+ s_get_meth, \
+ tls1_default_timeout, \
+ &TLSv1_enc_data, \
+ ssl_undefined_void_function, \
+ ssl3_callback_ctrl, \
+ ssl3_ctx_callback_ctrl, \
+ }; \
+ return &func_name##_data; \
+ }
+
+#define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+SSL_METHOD *func_name(void) \
+ { \
+ static SSL_METHOD func_name##_data= { \
+ SSL3_VERSION, \
+ ssl3_new, \
+ ssl3_clear, \
+ ssl3_free, \
+ s_accept, \
+ s_connect, \
+ ssl3_read, \
+ ssl3_peek, \
+ ssl3_write, \
+ ssl3_shutdown, \
+ ssl3_renegotiate, \
+ ssl3_renegotiate_check, \
+ ssl3_get_message, \
+ ssl3_read_bytes, \
+ ssl3_write_bytes, \
+ ssl3_dispatch_alert, \
+ ssl3_ctrl, \
+ ssl3_ctx_ctrl, \
+ ssl3_get_cipher_by_char, \
+ ssl3_put_cipher_by_char, \
+ ssl3_pending, \
+ ssl3_num_ciphers, \
+ ssl3_get_cipher, \
+ s_get_meth, \
+ ssl3_default_timeout, \
+ &SSLv3_enc_data, \
+ ssl_undefined_void_function, \
+ ssl3_callback_ctrl, \
+ ssl3_ctx_callback_ctrl, \
+ }; \
+ return &func_name##_data; \
+ }
+
+#define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+SSL_METHOD *func_name(void) \
+ { \
+ static SSL_METHOD func_name##_data= { \
+ TLS1_VERSION, \
+ tls1_new, \
+ tls1_clear, \
+ tls1_free, \
+ s_accept, \
+ s_connect, \
+ ssl23_read, \
+ ssl23_peek, \
+ ssl23_write, \
+ ssl_undefined_function, \
+ ssl_undefined_function, \
+ ssl_ok, \
+ ssl3_get_message, \
+ ssl3_read_bytes, \
+ ssl3_write_bytes, \
+ ssl3_dispatch_alert, \
+ ssl3_ctrl, \
+ ssl3_ctx_ctrl, \
+ ssl23_get_cipher_by_char, \
+ ssl23_put_cipher_by_char, \
+ ssl_undefined_const_function, \
+ ssl23_num_ciphers, \
+ ssl23_get_cipher, \
+ s_get_meth, \
+ ssl23_default_timeout, \
+ &ssl3_undef_enc_method, \
+ ssl_undefined_void_function, \
+ ssl3_callback_ctrl, \
+ ssl3_ctx_callback_ctrl, \
+ }; \
+ return &func_name##_data; \
+ }
+
+#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+SSL_METHOD *func_name(void) \
+ { \
+ static SSL_METHOD func_name##_data= { \
+ SSL2_VERSION, \
+ ssl2_new, /* local */ \
+ ssl2_clear, /* local */ \
+ ssl2_free, /* local */ \
+ s_accept, \
+ s_connect, \
+ ssl2_read, \
+ ssl2_peek, \
+ ssl2_write, \
+ ssl2_shutdown, \
+ ssl_ok, /* NULL - renegotiate */ \
+ ssl_ok, /* NULL - check renegotiate */ \
+ NULL, /* NULL - ssl_get_message */ \
+ NULL, /* NULL - ssl_get_record */ \
+ NULL, /* NULL - ssl_write_bytes */ \
+ NULL, /* NULL - dispatch_alert */ \
+ ssl2_ctrl, /* local */ \
+ ssl2_ctx_ctrl, /* local */ \
+ ssl2_get_cipher_by_char, \
+ ssl2_put_cipher_by_char, \
+ ssl2_pending, \
+ ssl2_num_ciphers, \
+ ssl2_get_cipher, \
+ s_get_meth, \
+ ssl2_default_timeout, \
+ &ssl3_undef_enc_method, \
+ ssl_undefined_void_function, \
+ ssl2_callback_ctrl, /* local */ \
+ ssl2_ctx_callback_ctrl, /* local */ \
+ }; \
+ return &func_name##_data; \
+ }
+
+#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+SSL_METHOD *func_name(void) \
+ { \
+ static SSL_METHOD func_name##_data= { \
+ DTLS1_VERSION, \
+ dtls1_new, \
+ dtls1_clear, \
+ dtls1_free, \
+ s_accept, \
+ s_connect, \
+ ssl3_read, \
+ ssl3_peek, \
+ ssl3_write, \
+ ssl3_shutdown, \
+ ssl3_renegotiate, \
+ ssl3_renegotiate_check, \
+ dtls1_get_message, \
+ dtls1_read_bytes, \
+ dtls1_write_app_data_bytes, \
+ dtls1_dispatch_alert, \
+ ssl3_ctrl, \
+ ssl3_ctx_ctrl, \
+ ssl3_get_cipher_by_char, \
+ ssl3_put_cipher_by_char, \
+ ssl3_pending, \
+ ssl3_num_ciphers, \
+ dtls1_get_cipher, \
+ s_get_meth, \
+ dtls1_default_timeout, \
+ &DTLSv1_enc_data, \
+ ssl_undefined_void_function, \
+ ssl3_callback_ctrl, \
+ ssl3_ctx_callback_ctrl, \
+ }; \
+ return &func_name##_data; \
+ }
+
void ssl_clear_cipher_ctx(SSL *s);
int ssl_clear_bad_session(SSL *s);
CERT *ssl_cert_new(void);
@@ -487,7 +716,7 @@ SESS_CERT *ssl_sess_cert_new(void);
void ssl_sess_cert_free(SESS_CERT *sc);
int ssl_set_peer_cert_type(SESS_CERT *c, int type);
int ssl_get_new_session(SSL *s, int session);
-int ssl_get_prev_session(SSL *s, unsigned char *session,int len);
+int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
const SSL_CIPHER * const *bp);
@@ -504,6 +733,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
const EVP_MD **md,SSL_COMP **comp);
int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
int ssl_undefined_function(SSL *s);
+int ssl_undefined_void_function(void);
int ssl_undefined_const_function(const SSL *s);
X509 *ssl_get_server_send_cert(SSL *);
EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
@@ -511,6 +741,7 @@ int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
int ssl_verify_alarm_type(long type);
+void ssl_load_ciphers(void);
int ssl2_enc_init(SSL *s, int client);
int ssl2_generate_key_material(SSL *s);
@@ -520,7 +751,7 @@ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
int ssl2_part_read(SSL *s, unsigned long f, int i);
int ssl2_do_write(SSL *s);
-int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data);
+int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data);
void ssl2_return_error(SSL *s,int reason);
void ssl2_write_error(SSL *s);
int ssl2_num_ciphers(void);
@@ -536,14 +767,17 @@ int ssl2_shutdown(SSL *s);
void ssl2_clear(SSL *s);
long ssl2_ctrl(SSL *s,int cmd, long larg, void *parg);
long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
-long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)());
-long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)());
+long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
+long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
int ssl2_pending(const SSL *s);
+long ssl2_default_timeout(void );
SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
void ssl3_init_finished_mac(SSL *s);
int ssl3_send_server_certificate(SSL *s);
+int ssl3_send_newsession_ticket(SSL *s);
+int ssl3_send_cert_status(SSL *s);
int ssl3_get_finished(SSL *s,int state_a,int state_b);
int ssl3_setup_key_block(SSL *s);
int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
@@ -584,10 +818,94 @@ int ssl3_shutdown(SSL *s);
void ssl3_clear(SSL *s);
long ssl3_ctrl(SSL *s,int cmd, long larg, void *parg);
long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
-long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)());
-long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)());
+long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
+long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
int ssl3_pending(const SSL *s);
+void ssl3_record_sequence_update(unsigned char *seq);
+int ssl3_do_change_cipher_spec(SSL *ssl);
+long ssl3_default_timeout(void );
+
+int ssl23_num_ciphers(void );
+SSL_CIPHER *ssl23_get_cipher(unsigned int u);
+int ssl23_read(SSL *s, void *buf, int len);
+int ssl23_peek(SSL *s, void *buf, int len);
+int ssl23_write(SSL *s, const void *buf, int len);
+int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
+SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
+long ssl23_default_timeout(void );
+
+long tls1_default_timeout(void);
+int dtls1_do_write(SSL *s,int type);
+int ssl3_read_n(SSL *s, int n, int max, int extend);
+int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
+int ssl3_do_compress(SSL *ssl);
+int ssl3_do_uncompress(SSL *ssl);
+int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+ unsigned int len);
+unsigned char *dtls1_set_message_header(SSL *s,
+ unsigned char *p, unsigned char mt, unsigned long len,
+ unsigned long frag_off, unsigned long frag_len);
+
+int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
+int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
+
+int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
+int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
+unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
+int dtls1_read_failed(SSL *s, int code);
+int dtls1_buffer_message(SSL *s, int ccs);
+int dtls1_retransmit_message(SSL *s, unsigned short seq,
+ unsigned long frag_off, int *found);
+void dtls1_clear_record_buffer(SSL *s);
+void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr);
+void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
+void dtls1_reset_seq_numbers(SSL *s, int rw);
+long dtls1_default_timeout(void);
+SSL_CIPHER *dtls1_get_cipher(unsigned int u);
+
+
+
+/* some client-only functions */
+int ssl3_client_hello(SSL *s);
+int ssl3_get_server_hello(SSL *s);
+int ssl3_get_certificate_request(SSL *s);
+int ssl3_get_new_session_ticket(SSL *s);
+int ssl3_get_cert_status(SSL *s);
+int ssl3_get_server_done(SSL *s);
+int ssl3_send_client_verify(SSL *s);
+int ssl3_send_client_certificate(SSL *s);
+int ssl3_send_client_key_exchange(SSL *s);
+int ssl3_get_key_exchange(SSL *s);
+int ssl3_get_server_certificate(SSL *s);
+int ssl3_check_cert_and_algorithm(SSL *s);
+
+int dtls1_client_hello(SSL *s);
+int dtls1_send_client_certificate(SSL *s);
+int dtls1_send_client_key_exchange(SSL *s);
+int dtls1_send_client_verify(SSL *s);
+
+/* some server-only functions */
+int ssl3_get_client_hello(SSL *s);
+int ssl3_send_server_hello(SSL *s);
+int ssl3_send_hello_request(SSL *s);
+int ssl3_send_server_key_exchange(SSL *s);
+int ssl3_send_certificate_request(SSL *s);
+int ssl3_send_server_done(SSL *s);
+int ssl3_check_client_hello(SSL *s);
+int ssl3_get_client_certificate(SSL *s);
+int ssl3_get_client_key_exchange(SSL *s);
+int ssl3_get_cert_verify(SSL *s);
+
+int dtls1_send_hello_request(SSL *s);
+int dtls1_send_server_hello(SSL *s);
+int dtls1_send_server_certificate(SSL *s);
+int dtls1_send_server_key_exchange(SSL *s);
+int dtls1_send_certificate_request(SSL *s);
+int dtls1_send_server_done(SSL *s);
+
+
+
int ssl23_accept(SSL *s);
int ssl23_connect(SSL *s);
int ssl23_read_bytes(SSL *s, int n);
@@ -597,9 +915,24 @@ int tls1_new(SSL *s);
void tls1_free(SSL *s);
void tls1_clear(SSL *s);
long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
-long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)());
+long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
SSL_METHOD *tlsv1_base_method(void );
+int dtls1_new(SSL *s);
+int dtls1_accept(SSL *s);
+int dtls1_connect(SSL *s);
+void dtls1_free(SSL *s);
+void dtls1_clear(SSL *s);
+long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg);
+SSL_METHOD *dtlsv1_base_method(void );
+
+long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
+int dtls1_get_record(SSL *s);
+int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
+ unsigned int len, int create_empty_fragement);
+int dtls1_dispatch_alert(SSL *s);
+int dtls1_enc(SSL *s, int snd);
+
int ssl_init_wbio_buffer(SSL *s, int push);
void ssl_free_wbio_buffer(SSL *s);
@@ -616,8 +949,28 @@ int tls1_alert_code(int code);
int ssl3_alert_code(int code);
int ssl_ok(SSL *s);
+int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
+
SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
-STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+#ifndef OPENSSL_NO_TLSEXT
+unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);
+unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);
+int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
+int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
+int ssl_prepare_clienthello_tlsext(SSL *s);
+int ssl_prepare_serverhello_tlsext(SSL *s);
+int ssl_check_clienthello_tlsext(SSL *s);
+int ssl_check_serverhello_tlsext(SSL *s);
+#ifdef OPENSSL_NO_SHA256
+#define tlsext_tick_md EVP_sha1
+#else
+#define tlsext_tick_md EVP_sha256
+#endif
+int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
+ const unsigned char *limit, SSL_SESSION **ret);
+EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
+void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
+#endif
#endif
diff --git a/lib/libssl/src/ssl/ssl_rsa.c b/lib/libssl/src/ssl/ssl_rsa.c
index fb0bd4d0452..27113eba508 100644
--- a/lib/libssl/src/ssl/ssl_rsa.c
+++ b/lib/libssl/src/ssl/ssl_rsa.c
@@ -131,7 +131,7 @@ end:
}
#endif
-int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len)
+int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
{
X509 *x;
int ret;
@@ -181,7 +181,7 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
{
- int i,ok=0,bad=0;
+ int i;
i=ssl_cert_type(NULL,pkey);
if (i < 0)
@@ -202,47 +202,18 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
/* Don't check the public/private key, this is mostly
* for smart cards. */
if ((pkey->type == EVP_PKEY_RSA) &&
- (RSA_flags(pkey->pkey.rsa) &
- RSA_METHOD_FLAG_NO_CHECK))
- ok=1;
+ (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
+ ;
else
#endif
- if (!X509_check_private_key(c->pkeys[i].x509,pkey))
+ if (!X509_check_private_key(c->pkeys[i].x509,pkey))
{
- if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
- {
- i=(i == SSL_PKEY_DH_RSA)?
- SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
-
- if (c->pkeys[i].x509 == NULL)
- ok=1;
- else
- {
- if (!X509_check_private_key(
- c->pkeys[i].x509,pkey))
- bad=1;
- else
- ok=1;
- }
- }
- else
- bad=1;
+ X509_free(c->pkeys[i].x509);
+ c->pkeys[i].x509 = NULL;
+ return 0;
}
- else
- ok=1;
- }
- else
- ok=1;
-
- if (bad)
- {
- X509_free(c->pkeys[i].x509);
- c->pkeys[i].x509=NULL;
- return(0);
}
- ERR_clear_error(); /* make sure no error from X509_check_private_key()
- * is left if we have chosen to ignore it */
if (c->pkeys[i].privatekey != NULL)
EVP_PKEY_free(c->pkeys[i].privatekey);
CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
@@ -364,6 +335,11 @@ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
pkey=PEM_read_bio_PrivateKey(in,NULL,
ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
}
+ else if (type == SSL_FILETYPE_ASN1)
+ {
+ j = ERR_R_ASN1_LIB;
+ pkey = d2i_PrivateKey_bio(in,NULL);
+ }
else
{
SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
@@ -382,10 +358,10 @@ end:
}
#endif
-int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len)
+int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
{
int ret;
- unsigned char *p;
+ const unsigned char *p;
EVP_PKEY *pkey;
p=d;
@@ -418,7 +394,7 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
static int ssl_set_cert(CERT *c, X509 *x)
{
EVP_PKEY *pkey;
- int i,ok=0,bad=0;
+ int i;
pkey=X509_get_pubkey(x);
if (pkey == NULL)
@@ -446,44 +422,23 @@ static int ssl_set_cert(CERT *c, X509 *x)
if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
(RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
RSA_METHOD_FLAG_NO_CHECK))
- ok=1;
+ ;
else
-#endif
- {
+#endif /* OPENSSL_NO_RSA */
if (!X509_check_private_key(x,c->pkeys[i].privatekey))
{
- if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
- {
- i=(i == SSL_PKEY_DH_RSA)?
- SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
-
- if (c->pkeys[i].privatekey == NULL)
- ok=1;
- else
- {
- if (!X509_check_private_key(x,
- c->pkeys[i].privatekey))
- bad=1;
- else
- ok=1;
- }
- }
- else
- bad=1;
+ /* don't fail for a cert/key mismatch, just free
+ * current private key (when switching to a different
+ * cert & key, first this function should be used,
+ * then ssl_set_pkey */
+ EVP_PKEY_free(c->pkeys[i].privatekey);
+ c->pkeys[i].privatekey=NULL;
+ /* clear error queue */
+ ERR_clear_error();
}
- else
- ok=1;
- } /* OPENSSL_NO_RSA */
}
- else
- ok=1;
EVP_PKEY_free(pkey);
- if (bad)
- {
- EVP_PKEY_free(c->pkeys[i].privatekey);
- c->pkeys[i].privatekey=NULL;
- }
if (c->pkeys[i].x509 != NULL)
X509_free(c->pkeys[i].x509);
@@ -545,7 +500,7 @@ end:
}
#endif
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d)
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
{
X509 *x;
int ret;
@@ -640,7 +595,7 @@ end:
}
#endif
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len)
+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
{
int ret;
const unsigned char *p;
@@ -699,6 +654,11 @@ int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
pkey=PEM_read_bio_PrivateKey(in,NULL,
ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
}
+ else if (type == SSL_FILETYPE_ASN1)
+ {
+ j = ERR_R_ASN1_LIB;
+ pkey = d2i_PrivateKey_bio(in,NULL);
+ }
else
{
SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
@@ -717,11 +677,11 @@ end:
}
#endif
-int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d,
+int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
long len)
{
int ret;
- unsigned char *p;
+ const unsigned char *p;
EVP_PKEY *pkey;
p=d;
@@ -748,6 +708,8 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
int ret=0;
X509 *x=NULL;
+ ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
+
in=BIO_new(BIO_s_file_internal());
if (in == NULL)
{
diff --git a/lib/libssl/src/ssl/ssl_sess.c b/lib/libssl/src/ssl/ssl_sess.c
index 2ba8b9612e4..ee88be2b88a 100644
--- a/lib/libssl/src/ssl/ssl_sess.c
+++ b/lib/libssl/src/ssl/ssl_sess.c
@@ -122,10 +122,20 @@ SSL_SESSION *SSL_SESSION_new(void)
ss->prev=NULL;
ss->next=NULL;
ss->compress_meth=0;
+#ifndef OPENSSL_NO_TLSEXT
+ ss->tlsext_hostname = NULL;
+#endif
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
return(ss);
}
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
+ {
+ if(len)
+ *len = s->session_id_length;
+ return s->session_id;
+ }
+
/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
* has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
* until we have no conflict is going to complete in one iteration pretty much
@@ -141,7 +151,7 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id,
{
unsigned int retry = 0;
do
- if(RAND_pseudo_bytes(id, *id_len) <= 0)
+ if (RAND_pseudo_bytes(id, *id_len) <= 0)
return 0;
while(SSL_has_matching_session_id(ssl, id, *id_len) &&
(++retry < MAX_SESS_ID_ATTEMPTS));
@@ -198,12 +208,25 @@ int ssl_get_new_session(SSL *s, int session)
ss->ssl_version=TLS1_VERSION;
ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
}
+ else if (s->version == DTLS1_VERSION)
+ {
+ ss->ssl_version=DTLS1_VERSION;
+ ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+ }
else
{
SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
SSL_SESSION_free(ss);
return(0);
}
+#ifndef OPENSSL_NO_TLSEXT
+ /* If RFC4507 ticket use empty session ID */
+ if (s->tlsext_ticket_expected)
+ {
+ ss->session_id_length = 0;
+ goto sess_id_done;
+ }
+#endif
/* Choose which callback will set the session ID */
CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
if(s->generate_session_id)
@@ -245,6 +268,17 @@ int ssl_get_new_session(SSL *s, int session)
SSL_SESSION_free(ss);
return(0);
}
+#ifndef OPENSSL_NO_TLSEXT
+ sess_id_done:
+ if (s->tlsext_hostname) {
+ ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
+ if (ss->tlsext_hostname == NULL) {
+ SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
+ SSL_SESSION_free(ss);
+ return 0;
+ }
+ }
+#endif
}
else
{
@@ -266,21 +300,41 @@ int ssl_get_new_session(SSL *s, int session)
return(1);
}
-int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
+int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
+ const unsigned char *limit)
{
/* This is used only by servers. */
- SSL_SESSION *ret=NULL,data;
+ SSL_SESSION *ret=NULL;
int fatal = 0;
-
- data.ssl_version=s->version;
- data.session_id_length=len;
+#ifndef OPENSSL_NO_TLSEXT
+ int r;
+#endif
+
if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
goto err;
- memcpy(data.session_id,session_id,len);
-
+#ifndef OPENSSL_NO_TLSEXT
+ r = tls1_process_ticket(s, session_id, len, limit, &ret);
+ if (r == -1)
+ {
+ fatal = 1;
+ goto err;
+ }
+ else if (r == 0 || (!ret && !len))
+ goto err;
+ else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
+#else
+ if (len == 0)
+ goto err;
if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
+#endif
{
+ SSL_SESSION data;
+ data.ssl_version=s->version;
+ data.session_id_length=len;
+ if (len == 0)
+ return 0;
+ memcpy(data.session_id,session_id,len);
CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data);
if (ret != NULL)
@@ -322,33 +376,35 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
/* Now ret is non-NULL, and we own one of its reference counts. */
- if((s->verify_mode&SSL_VERIFY_PEER)
- && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length
- || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
- {
+ if (ret->sid_ctx_length != s->sid_ctx_length
+ || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))
+ {
/* We've found the session named by the client, but we don't
* want to use it in this context. */
-
- if (s->sid_ctx_length == 0)
- {
- /* application should have used SSL[_CTX]_set_session_id_context
- * -- we could tolerate this and just pretend we never heard
- * of this session, but then applications could effectively
- * disable the session cache by accident without anyone noticing */
- SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
- fatal = 1;
- goto err;
- }
- else
- {
#if 0 /* The client cannot always know when a session is not appropriate,
- * so we shouldn't generate an error message. */
+ * so we shouldn't generate an error message. */
- SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+ SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
#endif
- goto err; /* treat like cache miss */
- }
+ goto err; /* treat like cache miss */
+ }
+
+ if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0)
+ {
+ /* We can't be sure if this session is being used out of
+ * context, which is especially important for SSL_VERIFY_PEER.
+ * The application should have used SSL[_CTX]_set_session_id_context.
+ *
+ * For this error case, we generate an error instead of treating
+ * the event like a cache miss (otherwise it would be easy for
+ * applications to effectively disable the session cache by
+ * accident without anyone noticing).
+ */
+
+ SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
+ fatal = 1;
+ goto err;
}
if (ret->cipher == NULL)
@@ -534,6 +590,10 @@ void SSL_SESSION_free(SSL_SESSION *ss)
if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
if (ss->peer != NULL) X509_free(ss->peer);
if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
+#ifndef OPENSSL_NO_TLSEXT
+ if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname);
+ if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick);
+#endif
OPENSSL_cleanse(ss,sizeof(*ss));
OPENSSL_free(ss);
}
@@ -568,7 +628,7 @@ int SSL_set_session(SSL *s, SSL_SESSION *session)
if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
session->krb5_client_princ_len > 0)
{
- s->kssl_ctx->client_princ = (char *)malloc(session->krb5_client_princ_len + 1);
+ s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);
memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ,
session->krb5_client_princ_len);
s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';
@@ -753,3 +813,72 @@ static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
}
}
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+ int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess))
+ {
+ ctx->new_session_cb=cb;
+ }
+
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess)
+ {
+ return ctx->new_session_cb;
+ }
+
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+ void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess))
+ {
+ ctx->remove_session_cb=cb;
+ }
+
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess)
+ {
+ return ctx->remove_session_cb;
+ }
+
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+ SSL_SESSION *(*cb)(struct ssl_st *ssl,
+ unsigned char *data,int len,int *copy))
+ {
+ ctx->get_session_cb=cb;
+ }
+
+SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl,
+ unsigned char *data,int len,int *copy)
+ {
+ return ctx->get_session_cb;
+ }
+
+void SSL_CTX_set_info_callback(SSL_CTX *ctx,
+ void (*cb)(const SSL *ssl,int type,int val))
+ {
+ ctx->info_callback=cb;
+ }
+
+void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val)
+ {
+ return ctx->info_callback;
+ }
+
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+ int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey))
+ {
+ ctx->client_cert_cb=cb;
+ }
+
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey)
+ {
+ return ctx->client_cert_cb;
+ }
+
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
+ int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))
+ {
+ ctx->app_gen_cookie_cb=cb;
+ }
+
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+ int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len))
+ {
+ ctx->app_verify_cookie_cb=cb;
+ }
+
diff --git a/lib/libssl/src/ssl/ssl_stat.c b/lib/libssl/src/ssl/ssl_stat.c
index b16d2530810..73b02509d44 100644
--- a/lib/libssl/src/ssl/ssl_stat.c
+++ b/lib/libssl/src/ssl/ssl_stat.c
@@ -127,6 +127,8 @@ case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break;
case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break;
case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break;
case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break;
+case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break;
+case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break;
case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break;
case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break;
case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break;
@@ -172,6 +174,8 @@ case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break;
case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break;
case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break;
case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break;
+case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break;
+case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break;
case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break;
case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break;
case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break;
diff --git a/lib/libssl/src/ssl/ssl_txt.c b/lib/libssl/src/ssl/ssl_txt.c
index 8655a313332..06b86750fdb 100644
--- a/lib/libssl/src/ssl/ssl_txt.c
+++ b/lib/libssl/src/ssl/ssl_txt.c
@@ -81,7 +81,7 @@ int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
{
unsigned int i;
- char *s;
+ const char *s;
if (x == NULL) goto err;
if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
@@ -151,9 +151,25 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err;
}
#endif /* OPENSSL_NO_KRB5 */
+#ifndef OPENSSL_NO_TLSEXT
+ if (x->tlsext_tick_lifetime_hint)
+ {
+ if (BIO_printf(bp,
+ "\n TLS session ticket lifetime hint: %ld (seconds)",
+ x->tlsext_tick_lifetime_hint) <=0)
+ goto err;
+ }
+ if (x->tlsext_tick)
+ {
+ if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err;
+ if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0)
+ goto err;
+ }
+#endif
+#ifndef OPENSSL_NO_COMP
if (x->compress_meth != 0)
{
- SSL_COMP *comp;
+ SSL_COMP *comp = NULL;
ssl_cipher_get_evp(x,NULL,NULL,&comp);
if (comp == NULL)
@@ -165,6 +181,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
}
}
+#endif
if (x->time != 0L)
{
if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err;
diff --git a/lib/libssl/src/ssl/ssltest.c b/lib/libssl/src/ssl/ssltest.c
index 9381c435d5f..e786b428cd7 100644
--- a/lib/libssl/src/ssl/ssltest.c
+++ b/lib/libssl/src/ssl/ssltest.c
@@ -108,6 +108,11 @@
* Hudson (tjh@cryptsoft.com).
*
*/
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
#define _BSD_SOURCE 1 /* Or gethostname won't be declared properly
on Linux and GNU platforms. */
@@ -140,7 +145,16 @@
#endif
#include <openssl/err.h>
#include <openssl/rand.h>
-#include <openssl/fips.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#include <openssl/bn.h>
#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly
on Compaq platforms (at least with DEC C).
@@ -160,6 +174,9 @@
#elif defined(OPENSSL_SYS_WINCE)
# define TEST_SERVER_CERT "\\OpenSSL\\server.pem"
# define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"
+#elif defined(OPENSSL_SYS_NETWARE)
+# define TEST_SERVER_CERT "\\openssl\\apps\\server.pem"
+# define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem"
#else
# define TEST_SERVER_CERT "../apps/server.pem"
# define TEST_CLIENT_CERT "../apps/client.pem"
@@ -167,8 +184,8 @@
/* There is really no standard for this, so let's assign some tentative
numbers. In any case, these numbers are only for this test */
-#define COMP_RLE 1
-#define COMP_ZLIB 2
+#define COMP_RLE 255
+#define COMP_ZLIB 1
static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#ifndef OPENSSL_NO_RSA
@@ -209,13 +226,11 @@ static const char rnd_seed[] = "string to make the random number generator think
int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time);
int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
+static int do_test_cipherlist(void);
static void sv_usage(void)
{
fprintf(stderr,"usage: ssltest [args ...]\n");
fprintf(stderr,"\n");
-#ifdef OPENSSL_FIPS
- fprintf(stderr,"-F - run test in FIPS mode\n");
-#endif
fprintf(stderr," -server_auth - check server certificate\n");
fprintf(stderr," -client_auth - do client authentication\n");
fprintf(stderr," -proxy - allow proxy certificates\n");
@@ -231,6 +246,9 @@ static void sv_usage(void)
fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
fprintf(stderr," -no_dhe - disable DHE\n");
#endif
+#ifndef OPENSSL_NO_ECDH
+ fprintf(stderr," -no_ecdhe - disable ECDHE\n");
+#endif
#ifndef OPENSSL_NO_SSL2
fprintf(stderr," -ssl2 - use SSLv2\n");
#endif
@@ -251,7 +269,13 @@ static void sv_usage(void)
fprintf(stderr," -f - Test even cases that can't work\n");
fprintf(stderr," -time - measure processor time used by client and server\n");
fprintf(stderr," -zlib - use zlib compression\n");
- fprintf(stderr," -time - use rle compression\n");
+ fprintf(stderr," -rle - use rle compression\n");
+#ifndef OPENSSL_NO_ECDH
+ fprintf(stderr," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
+ " Use \"openssl ecparam -list_curves\" for all names\n" \
+ " (default is sect163r2).\n");
+#endif
+ fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
}
static void print_details(SSL *c_ssl, const char *prefix)
@@ -361,6 +385,7 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line)
}
}
+
int main(int argc, char *argv[])
{
char *CApath=NULL,*CAfile=NULL;
@@ -376,24 +401,32 @@ int main(int argc, char *argv[])
char *server_key=NULL;
char *client_cert=TEST_CLIENT_CERT;
char *client_key=NULL;
+#ifndef OPENSSL_NO_ECDH
+ char *named_curve = NULL;
+#endif
SSL_CTX *s_ctx=NULL;
SSL_CTX *c_ctx=NULL;
SSL_METHOD *meth=NULL;
SSL *c_ssl,*s_ssl;
int number=1,reuse=0;
- long bytes=1L;
+ long bytes=256L;
#ifndef OPENSSL_NO_DH
DH *dh;
int dhe1024 = 0, dhe1024dsa = 0;
#endif
+#ifndef OPENSSL_NO_ECDH
+ EC_KEY *ecdh = NULL;
+#endif
int no_dhe = 0;
+ int no_ecdhe = 0;
int print_time = 0;
clock_t s_time = 0, c_time = 0;
int comp = 0;
+#ifndef OPENSSL_NO_COMP
COMP_METHOD *cm = NULL;
-#ifdef OPENSSL_FIPS
- int fips_mode=0;
#endif
+ STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
+ int test_cipherlist = 0;
verbose = 0;
debug = 0;
@@ -425,16 +458,7 @@ int main(int argc, char *argv[])
while (argc >= 1)
{
- if(!strcmp(*argv,"-F"))
- {
-#ifdef OPENSSL_FIPS
- fips_mode=1;
-#else
- fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
- EXIT(0);
-#endif
- }
- else if (strcmp(*argv,"-server_auth") == 0)
+ if (strcmp(*argv,"-server_auth") == 0)
server_auth=1;
else if (strcmp(*argv,"-client_auth") == 0)
client_auth=1;
@@ -472,6 +496,8 @@ int main(int argc, char *argv[])
}
else if (strcmp(*argv,"-no_dhe") == 0)
no_dhe=1;
+ else if (strcmp(*argv,"-no_ecdhe") == 0)
+ no_ecdhe=1;
else if (strcmp(*argv,"-ssl2") == 0)
ssl2=1;
else if (strcmp(*argv,"-tls1") == 0)
@@ -558,6 +584,16 @@ int main(int argc, char *argv[])
{
comp = COMP_RLE;
}
+ else if (strcmp(*argv,"-named_curve") == 0)
+ {
+ if (--argc < 1) goto bad;
+#ifndef OPENSSL_NO_ECDH
+ named_curve = *(++argv);
+#else
+ fprintf(stderr,"ignoring -named_curve, since I'm compiled without ECDH\n");
+ ++argv;
+#endif
+ }
else if (strcmp(*argv,"-app_verify") == 0)
{
app_verify_arg.app_verify = 1;
@@ -566,6 +602,10 @@ int main(int argc, char *argv[])
{
app_verify_arg.allow_proxy_certs = 1;
}
+ else if (strcmp(*argv,"-test_cipherlist") == 0)
+ {
+ test_cipherlist = 1;
+ }
else
{
fprintf(stderr,"unknown option %s\n",*argv);
@@ -582,6 +622,14 @@ bad:
goto end;
}
+ if (test_cipherlist == 1)
+ {
+ /* ensure that the cipher list are correctly sorted and exit */
+ if (do_test_cipherlist() == 0)
+ EXIT(1);
+ ret = 0;
+ goto end;
+ }
if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
{
@@ -592,20 +640,6 @@ bad:
EXIT(1);
}
-#ifdef OPENSSL_FIPS
- if(fips_mode)
- {
- if(!FIPS_mode_set(1))
- {
- ERR_load_crypto_strings();
- ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
- EXIT(1);
- }
- else
- fprintf(stderr,"*** IN FIPS MODE ***\n");
- }
-#endif
-
if (print_time)
{
if (!bio_pair)
@@ -622,6 +656,7 @@ bad:
SSL_library_init();
SSL_load_error_strings();
+#ifndef OPENSSL_NO_COMP
if (comp == COMP_ZLIB) cm = COMP_zlib();
if (comp == COMP_RLE) cm = COMP_rle();
if (cm != NULL)
@@ -645,6 +680,20 @@ bad:
ERR_print_errors_fp(stderr);
}
}
+ ssl_comp_methods = SSL_COMP_get_compression_methods();
+ fprintf(stderr, "Available compression methods:\n");
+ {
+ int j, n = sk_SSL_COMP_num(ssl_comp_methods);
+ if (n == 0)
+ fprintf(stderr, " NONE\n");
+ else
+ for (j = 0; j < n; j++)
+ {
+ SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
+ fprintf(stderr, " %d: %s\n", c->id, c->name);
+ }
+ }
+#endif
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
if (ssl2)
@@ -699,6 +748,38 @@ bad:
(void)no_dhe;
#endif
+#ifndef OPENSSL_NO_ECDH
+ if (!no_ecdhe)
+ {
+ int nid;
+
+ if (named_curve != NULL)
+ {
+ nid = OBJ_sn2nid(named_curve);
+ if (nid == 0)
+ {
+ BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
+ goto end;
+ }
+ }
+ else
+ nid = NID_sect163r2;
+
+ ecdh = EC_KEY_new_by_curve_name(nid);
+ if (ecdh == NULL)
+ {
+ BIO_printf(bio_err, "unable to create curve\n");
+ goto end;
+ }
+
+ SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
+ SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
+ EC_KEY_free(ecdh);
+ }
+#else
+ (void)no_ecdhe;
+#endif
+
#ifndef OPENSSL_NO_RSA
SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
#endif
@@ -835,6 +916,7 @@ end:
CRYPTO_mem_leaks(bio_err);
if (bio_err != NULL) BIO_free(bio_err);
EXIT(ret);
+ return ret;
}
int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
@@ -1325,8 +1407,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
{
if (c_write)
{
- j=(cw_num > (long)sizeof(cbuf))
- ?sizeof(cbuf):(int)cw_num;
+ j = (cw_num > (long)sizeof(cbuf)) ?
+ (int)sizeof(cbuf) : (int)cw_num;
i=BIO_write(c_bio,cbuf,j);
if (i < 0)
{
@@ -1456,8 +1538,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
}
else
{
- j=(sw_num > (long)sizeof(sbuf))?
- sizeof(sbuf):(int)sw_num;
+ j = (sw_num > (long)sizeof(sbuf)) ?
+ (int)sizeof(sbuf) : (int)sw_num;
i=BIO_write(s_bio,sbuf,j);
if (i < 0)
{
@@ -1644,7 +1726,7 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s);
while(i-- > 0)
{
- char c = *s++;
+ int c = *s++;
if (isascii(c) && isalpha(c))
{
if (islower(c))
@@ -1705,11 +1787,11 @@ static int process_proxy_cond_adders(unsigned int letters[26],
static int process_proxy_cond_val(unsigned int letters[26],
const char *cond, const char **cond_end, int *pos, int indent)
{
- char c;
+ int c;
int ok = 1;
int negate = 0;
- while(isspace(*cond))
+ while(isspace((int)*cond))
{
cond++; (*pos)++;
}
@@ -1724,7 +1806,7 @@ static int process_proxy_cond_val(unsigned int letters[26],
{
negate = !negate;
cond++; (*pos)++;
- while(isspace(*cond))
+ while(isspace((int)*cond))
{
cond++; (*pos)++;
}
@@ -1739,7 +1821,7 @@ static int process_proxy_cond_val(unsigned int letters[26],
cond = *cond_end;
if (ok < 0)
goto end;
- while(isspace(*cond))
+ while(isspace((int)*cond))
{
cond++; (*pos)++;
}
@@ -1799,7 +1881,7 @@ static int process_proxy_cond_multipliers(unsigned int letters[26],
while(ok >= 0)
{
- while(isspace(*cond))
+ while(isspace((int)*cond))
{
cond++; (*pos)++;
}
@@ -1866,7 +1948,7 @@ static int process_proxy_cond_adders(unsigned int letters[26],
while(ok >= 0)
{
- while(isspace(*cond))
+ while(isspace((int)*cond))
{
cond++; (*pos)++;
}
@@ -1949,7 +2031,7 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
letters[i] = 0;
for(sp = cb_arg->proxy_auth; *sp; sp++)
{
- char c = *sp;
+ int c = *sp;
if (isascii(c) && isalpha(c))
{
if (islower(c))
@@ -1979,7 +2061,15 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
}
#ifndef OPENSSL_NO_X509_VERIFY
+# ifdef OPENSSL_FIPS
+ if(s->version == TLS1_VERSION)
+ FIPS_allow_md5(1);
+# endif
ok = X509_verify_cert(ctx);
+# ifdef OPENSSL_FIPS
+ if(s->version == TLS1_VERSION)
+ FIPS_allow_md5(0);
+# endif
#endif
if (cb_arg->proxy_auth)
@@ -2014,14 +2104,29 @@ static RSA *rsa_tmp=NULL;
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
{
+ BIGNUM *bn = NULL;
if (rsa_tmp == NULL)
{
+ bn = BN_new();
+ rsa_tmp = RSA_new();
+ if(!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4))
+ {
+ BIO_printf(bio_err, "Memory error...");
+ goto end;
+ }
BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
(void)BIO_flush(bio_err);
- rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
+ if(!RSA_generate_key_ex(rsa_tmp,keylength,bn,NULL))
+ {
+ BIO_printf(bio_err, "Error generating key.");
+ RSA_free(rsa_tmp);
+ rsa_tmp = NULL;
+ }
+end:
BIO_printf(bio_err,"\n");
(void)BIO_flush(bio_err);
}
+ if(bn) BN_free(bn);
return(rsa_tmp);
}
@@ -2132,3 +2237,60 @@ static DH *get_dh1024dsa()
return(dh);
}
#endif
+
+static int do_test_cipherlist(void)
+ {
+ int i = 0;
+ const SSL_METHOD *meth;
+ SSL_CIPHER *ci, *tci = NULL;
+
+#ifndef OPENSSL_NO_SSL2
+ fprintf(stderr, "testing SSLv2 cipher list order: ");
+ meth = SSLv2_method();
+ while ((ci = meth->get_cipher(i++)) != NULL)
+ {
+ if (tci != NULL)
+ if (ci->id >= tci->id)
+ {
+ fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
+ return 0;
+ }
+ tci = ci;
+ }
+ fprintf(stderr, "ok\n");
+#endif
+#ifndef OPENSSL_NO_SSL3
+ fprintf(stderr, "testing SSLv3 cipher list order: ");
+ meth = SSLv3_method();
+ tci = NULL;
+ while ((ci = meth->get_cipher(i++)) != NULL)
+ {
+ if (tci != NULL)
+ if (ci->id >= tci->id)
+ {
+ fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
+ return 0;
+ }
+ tci = ci;
+ }
+ fprintf(stderr, "ok\n");
+#endif
+#ifndef OPENSSL_NO_TLS1
+ fprintf(stderr, "testing TLSv1 cipher list order: ");
+ meth = TLSv1_method();
+ tci = NULL;
+ while ((ci = meth->get_cipher(i++)) != NULL)
+ {
+ if (tci != NULL)
+ if (ci->id >= tci->id)
+ {
+ fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
+ return 0;
+ }
+ tci = ci;
+ }
+ fprintf(stderr, "ok\n");
+#endif
+
+ return 1;
+ }
diff --git a/lib/libssl/src/ssl/t1_clnt.c b/lib/libssl/src/ssl/t1_clnt.c
index 57205fb429a..4d1e198cdcd 100644
--- a/lib/libssl/src/ssl/t1_clnt.c
+++ b/lib/libssl/src/ssl/t1_clnt.c
@@ -72,26 +72,8 @@ static SSL_METHOD *tls1_get_client_method(int ver)
return(NULL);
}
-SSL_METHOD *TLSv1_client_method(void)
- {
- static int init=1;
- static SSL_METHOD TLSv1_client_data;
-
- if (init)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
- if (init)
- {
- memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
- sizeof(SSL_METHOD));
- TLSv1_client_data.ssl_connect=ssl3_connect;
- TLSv1_client_data.get_ssl_method=tls1_get_client_method;
- init=0;
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
- }
- return(&TLSv1_client_data);
- }
+IMPLEMENT_tls1_meth_func(TLSv1_client_method,
+ ssl_undefined_function,
+ ssl3_connect,
+ tls1_get_client_method)
diff --git a/lib/libssl/src/ssl/t1_enc.c b/lib/libssl/src/ssl/t1_enc.c
index 2c6246abf54..ed5a4a72554 100644
--- a/lib/libssl/src/ssl/t1_enc.c
+++ b/lib/libssl/src/ssl/t1_enc.c
@@ -115,7 +115,6 @@
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/md5.h>
-#include <openssl/fips.h>
static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
int sec_len, unsigned char *seed, int seed_len,
@@ -132,8 +131,6 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
HMAC_CTX_init(&ctx);
HMAC_CTX_init(&ctx_tmp);
- HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
HMAC_Update(&ctx,seed,seed_len);
@@ -180,6 +177,7 @@ static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
S2= &(sec[len]);
len+=(slen&1); /* add for odd, make longer */
+
tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
@@ -233,7 +231,9 @@ int tls1_change_cipher_state(SSL *s, int which)
int client_write;
EVP_CIPHER_CTX *dd;
const EVP_CIPHER *c;
+#ifndef OPENSSL_NO_COMP
const SSL_COMP *comp;
+#endif
const EVP_MD *m;
int is_export,n,i,j,k,exp_label_len,cl;
int reuse_dd = 0;
@@ -241,7 +241,9 @@ int tls1_change_cipher_state(SSL *s, int which)
is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
c=s->s3->tmp.new_sym_enc;
m=s->s3->tmp.new_hash;
+#ifndef OPENSSL_NO_COMP
comp=s->s3->tmp.new_compression;
+#endif
key_block=s->s3->tmp.key_block;
#ifdef KSSL_DEBUG
@@ -265,8 +267,12 @@ int tls1_change_cipher_state(SSL *s, int which)
reuse_dd = 1;
else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
goto err;
+ else
+ /* make sure it's intialized in case we exit later with an error */
+ EVP_CIPHER_CTX_init(s->enc_read_ctx);
dd= s->enc_read_ctx;
s->read_hash=m;
+#ifndef OPENSSL_NO_COMP
if (s->expand != NULL)
{
COMP_CTX_free(s->expand);
@@ -286,7 +292,10 @@ int tls1_change_cipher_state(SSL *s, int which)
if (s->s3->rrec.comp == NULL)
goto err;
}
- memset(&(s->s3->read_sequence[0]),0,8);
+#endif
+ /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
+ if (s->version != DTLS1_VERSION)
+ memset(&(s->s3->read_sequence[0]),0,8);
mac_secret= &(s->s3->read_mac_secret[0]);
}
else
@@ -295,12 +304,12 @@ int tls1_change_cipher_state(SSL *s, int which)
reuse_dd = 1;
else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
goto err;
- if ((s->enc_write_ctx == NULL) &&
- ((s->enc_write_ctx=(EVP_CIPHER_CTX *)
- OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
- goto err;
+ else
+ /* make sure it's intialized in case we exit later with an error */
+ EVP_CIPHER_CTX_init(s->enc_write_ctx);
dd= s->enc_write_ctx;
s->write_hash=m;
+#ifndef OPENSSL_NO_COMP
if (s->compress != NULL)
{
COMP_CTX_free(s->compress);
@@ -315,13 +324,15 @@ int tls1_change_cipher_state(SSL *s, int which)
goto err2;
}
}
- memset(&(s->s3->write_sequence[0]),0,8);
+#endif
+ /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
+ if (s->version != DTLS1_VERSION)
+ memset(&(s->s3->write_sequence[0]),0,8);
mac_secret= &(s->s3->write_mac_secret[0]);
}
if (reuse_dd)
EVP_CIPHER_CTX_cleanup(dd);
- EVP_CIPHER_CTX_init(dd);
p=s->s3->tmp.key_block;
i=EVP_MD_size(m);
@@ -503,7 +514,7 @@ printf("\nkey block\n");
#endif
}
}
-
+
return(1);
err:
SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
@@ -618,7 +629,15 @@ int tls1_enc(SSL *s, int send)
{
ii=i=rec->data[l-1]; /* padding_length */
i++;
- if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+ /* NB: if compression is in operation the first packet
+ * may not be of even length so the padding bug check
+ * cannot be performed. This bug workaround has been
+ * around since SSLeay so hopefully it is either fixed
+ * now or no buggy implementation supports compression
+ * [steve]
+ */
+ if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+ && !s->expand)
{
/* First packet is even in size, so check */
if ((memcmp(s->s3->read_sequence,
@@ -719,15 +738,35 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
md_size=EVP_MD_size(hash);
buf[0]=rec->type;
- buf[1]=TLS1_VERSION_MAJOR;
- buf[2]=TLS1_VERSION_MINOR;
+ if (ssl->version == DTLS1_VERSION && ssl->client_version == DTLS1_BAD_VER)
+ {
+ buf[1]=TLS1_VERSION_MAJOR;
+ buf[2]=TLS1_VERSION_MINOR;
+ }
+ else {
+ buf[1]=(unsigned char)(ssl->version>>8);
+ buf[2]=(unsigned char)(ssl->version);
+ }
+
buf[3]=rec->length>>8;
buf[4]=rec->length&0xff;
/* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
HMAC_CTX_init(&hmac);
HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
- HMAC_Update(&hmac,seq,8);
+
+ if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)
+ {
+ unsigned char dtlsseq[8],*p=dtlsseq;
+
+ s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
+ memcpy (p,&seq[2],6);
+
+ HMAC_Update(&hmac,dtlsseq,8);
+ }
+ else
+ HMAC_Update(&hmac,seq,8);
+
HMAC_Update(&hmac,buf,5);
HMAC_Update(&hmac,rec->input,rec->length);
HMAC_Final(&hmac,md,&md_size);
@@ -744,10 +783,13 @@ printf("rec=");
{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
#endif
- for (i=7; i>=0; i--)
+ if ( SSL_version(ssl) != DTLS1_VERSION)
{
- ++seq[i];
- if (seq[i] != 0) break;
+ for (i=7; i>=0; i--)
+ {
+ ++seq[i];
+ if (seq[i] != 0) break;
+ }
}
#ifdef TLS_DEBUG
@@ -810,6 +852,8 @@ int tls1_alert_code(int code)
case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR);
case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED);
case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION);
+ case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return
+ (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
default: return(-1);
}
}
diff --git a/lib/libssl/src/ssl/t1_lib.c b/lib/libssl/src/ssl/t1_lib.c
index ca6c03d5af1..35f04afa4a7 100644
--- a/lib/libssl/src/ssl/t1_lib.c
+++ b/lib/libssl/src/ssl/t1_lib.c
@@ -58,13 +58,20 @@
#include <stdio.h>
#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/ocsp.h>
#include "ssl_locl.h"
-const char *tls1_version_str="TLSv1" OPENSSL_VERSION_PTEXT;
+const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT;
-static long tls1_default_timeout(void);
+#ifndef OPENSSL_NO_TLSEXT
+static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
+ const unsigned char *sess_id, int sesslen,
+ SSL_SESSION **psess);
+#endif
-static SSL3_ENC_METHOD TLSv1_enc_data={
+SSL3_ENC_METHOD TLSv1_enc_data={
tls1_enc,
tls1_mac,
tls1_setup_key_block,
@@ -78,45 +85,17 @@ static SSL3_ENC_METHOD TLSv1_enc_data={
tls1_alert_code,
};
-static SSL_METHOD TLSv1_data= {
- TLS1_VERSION,
- tls1_new,
- tls1_clear,
- tls1_free,
- ssl_undefined_function,
- ssl_undefined_function,
- ssl3_read,
- ssl3_peek,
- ssl3_write,
- ssl3_shutdown,
- ssl3_renegotiate,
- ssl3_renegotiate_check,
- ssl3_ctrl,
- ssl3_ctx_ctrl,
- ssl3_get_cipher_by_char,
- ssl3_put_cipher_by_char,
- ssl3_pending,
- ssl3_num_ciphers,
- ssl3_get_cipher,
- ssl_bad_method,
- tls1_default_timeout,
- &TLSv1_enc_data,
- ssl_undefined_function,
- ssl3_callback_ctrl,
- ssl3_ctx_callback_ctrl,
- };
-
-static long tls1_default_timeout(void)
+long tls1_default_timeout(void)
{
/* 2 hours, the 24 hours mentioned in the TLSv1 spec
* is way too long for http, the cache would over fill */
return(60*60*2);
}
-SSL_METHOD *tlsv1_base_method(void)
- {
- return(&TLSv1_data);
- }
+IMPLEMENT_tls1_meth_func(tlsv1_base_method,
+ ssl_undefined_function,
+ ssl_undefined_function,
+ ssl_bad_method)
int tls1_new(SSL *s)
{
@@ -147,3 +126,751 @@ long tls1_callback_ctrl(SSL *s, int cmd, void *(*fp)())
return(0);
}
#endif
+
+#ifndef OPENSSL_NO_TLSEXT
+unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
+ {
+ int extdatalen=0;
+ unsigned char *ret = p;
+
+ ret+=2;
+
+ if (ret>=limit) return NULL; /* this really never occurs, but ... */
+
+ if (s->tlsext_hostname != NULL)
+ {
+ /* Add TLS extension servername to the Client Hello message */
+ unsigned long size_str;
+ long lenmax;
+
+ /* check for enough space.
+ 4 for the servername type and entension length
+ 2 for servernamelist length
+ 1 for the hostname type
+ 2 for hostname length
+ + hostname length
+ */
+
+ if ((lenmax = limit - ret - 9) < 0
+ || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax)
+ return NULL;
+
+ /* extension type and length */
+ s2n(TLSEXT_TYPE_server_name,ret);
+ s2n(size_str+5,ret);
+
+ /* length of servername list */
+ s2n(size_str+3,ret);
+
+ /* hostname type, length and hostname */
+ *(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name;
+ s2n(size_str,ret);
+ memcpy(ret, s->tlsext_hostname, size_str);
+ ret+=size_str;
+
+ }
+
+ if (!(SSL_get_options(s) & SSL_OP_NO_TICKET))
+ {
+ int ticklen;
+ if (s->session && s->session->tlsext_tick)
+ ticklen = s->session->tlsext_ticklen;
+ else
+ ticklen = 0;
+ /* Check for enough room 2 for extension type, 2 for len
+ * rest for ticket
+ */
+ if (limit - ret - 4 - ticklen < 0)
+ return NULL;
+ s2n(TLSEXT_TYPE_session_ticket,ret);
+ s2n(ticklen,ret);
+ if (ticklen)
+ {
+ memcpy(ret, s->session->tlsext_tick, ticklen);
+ ret += ticklen;
+ }
+ }
+
+ if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp)
+ {
+ int i;
+ long extlen, idlen, itmp;
+ OCSP_RESPID *id;
+
+ idlen = 0;
+ for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++)
+ {
+ id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
+ itmp = i2d_OCSP_RESPID(id, NULL);
+ if (itmp <= 0)
+ return NULL;
+ idlen += itmp + 2;
+ }
+
+ if (s->tlsext_ocsp_exts)
+ {
+ extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
+ if (extlen < 0)
+ return NULL;
+ }
+ else
+ extlen = 0;
+
+ if ((long)(limit - ret - 7 - extlen - idlen) < 0) return NULL;
+ s2n(TLSEXT_TYPE_status_request, ret);
+ if (extlen + idlen > 0xFFF0)
+ return NULL;
+ s2n(extlen + idlen + 5, ret);
+ *(ret++) = TLSEXT_STATUSTYPE_ocsp;
+ s2n(idlen, ret);
+ for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++)
+ {
+ /* save position of id len */
+ unsigned char *q = ret;
+ id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
+ /* skip over id len */
+ ret += 2;
+ itmp = i2d_OCSP_RESPID(id, &ret);
+ /* write id len */
+ s2n(itmp, q);
+ }
+ s2n(extlen, ret);
+ if (extlen > 0)
+ i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
+ }
+
+ if ((extdatalen = ret-p-2)== 0)
+ return p;
+
+ s2n(extdatalen,p);
+ return ret;
+ }
+
+unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
+ {
+ int extdatalen=0;
+ unsigned char *ret = p;
+
+ ret+=2;
+ if (ret>=limit) return NULL; /* this really never occurs, but ... */
+
+ if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL)
+ {
+ if (limit - ret - 4 < 0) return NULL;
+
+ s2n(TLSEXT_TYPE_server_name,ret);
+ s2n(0,ret);
+ }
+
+ if (s->tlsext_ticket_expected
+ && !(SSL_get_options(s) & SSL_OP_NO_TICKET))
+ {
+ if (limit - ret - 4 < 0) return NULL;
+ s2n(TLSEXT_TYPE_session_ticket,ret);
+ s2n(0,ret);
+ }
+
+ if (s->tlsext_status_expected)
+ {
+ if ((long)(limit - ret - 4) < 0) return NULL;
+ s2n(TLSEXT_TYPE_status_request,ret);
+ s2n(0,ret);
+ }
+
+ if ((extdatalen = ret-p-2)== 0)
+ return p;
+
+ s2n(extdatalen,p);
+ return ret;
+ }
+
+int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
+ {
+ unsigned short type;
+ unsigned short size;
+ unsigned short len;
+ unsigned char *data = *p;
+ s->servername_done = 0;
+ s->tlsext_status_type = -1;
+
+ if (data >= (d+n-2))
+ return 1;
+ n2s(data,len);
+
+ if (data > (d+n-len))
+ return 1;
+
+ while (data <= (d+n-4))
+ {
+ n2s(data,type);
+ n2s(data,size);
+
+ if (data+size > (d+n))
+ return 1;
+
+ if (s->tlsext_debug_cb)
+ s->tlsext_debug_cb(s, 0, type, data, size,
+ s->tlsext_debug_arg);
+/* The servername extension is treated as follows:
+
+ - Only the hostname type is supported with a maximum length of 255.
+ - The servername is rejected if too long or if it contains zeros,
+ in which case an fatal alert is generated.
+ - The servername field is maintained together with the session cache.
+ - When a session is resumed, the servername call back invoked in order
+ to allow the application to position itself to the right context.
+ - The servername is acknowledged if it is new for a session or when
+ it is identical to a previously used for the same session.
+ Applications can control the behaviour. They can at any time
+ set a 'desirable' servername for a new SSL object. This can be the
+ case for example with HTTPS when a Host: header field is received and
+ a renegotiation is requested. In this case, a possible servername
+ presented in the new client hello is only acknowledged if it matches
+ the value of the Host: field.
+ - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+ if they provide for changing an explicit servername context for the session,
+ i.e. when the session has been established with a servername extension.
+ - On session reconnect, the servername extension may be absent.
+
+*/
+
+ if (type == TLSEXT_TYPE_server_name)
+ {
+ unsigned char *sdata;
+ int servname_type;
+ int dsize;
+
+ if (size < 2)
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ n2s(data,dsize);
+ size -= 2;
+ if (dsize > size )
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+
+ sdata = data;
+ while (dsize > 3)
+ {
+ servname_type = *(sdata++);
+ n2s(sdata,len);
+ dsize -= 3;
+
+ if (len > dsize)
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ if (s->servername_done == 0)
+ switch (servname_type)
+ {
+ case TLSEXT_NAMETYPE_host_name:
+ if (s->session->tlsext_hostname == NULL)
+ {
+ if (len > TLSEXT_MAXLEN_host_name ||
+ ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL))
+ {
+ *al = TLS1_AD_UNRECOGNIZED_NAME;
+ return 0;
+ }
+ memcpy(s->session->tlsext_hostname, sdata, len);
+ s->session->tlsext_hostname[len]='\0';
+ if (strlen(s->session->tlsext_hostname) != len) {
+ OPENSSL_free(s->session->tlsext_hostname);
+ s->session->tlsext_hostname = NULL;
+ *al = TLS1_AD_UNRECOGNIZED_NAME;
+ return 0;
+ }
+ s->servername_done = 1;
+
+ }
+ else
+ s->servername_done = strlen(s->session->tlsext_hostname) == len
+ && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
+
+ break;
+
+ default:
+ break;
+ }
+
+ dsize -= len;
+ }
+ if (dsize != 0)
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+
+ }
+ else if (type == TLSEXT_TYPE_status_request
+ && s->ctx->tlsext_status_cb)
+ {
+
+ if (size < 5)
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+
+ s->tlsext_status_type = *data++;
+ size--;
+ if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp)
+ {
+ const unsigned char *sdata;
+ int dsize;
+ /* Read in responder_id_list */
+ n2s(data,dsize);
+ size -= 2;
+ if (dsize > size )
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ while (dsize > 0)
+ {
+ OCSP_RESPID *id;
+ int idsize;
+ if (dsize < 4)
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ n2s(data, idsize);
+ dsize -= 2 + idsize;
+ if (dsize < 0)
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ sdata = data;
+ data += idsize;
+ id = d2i_OCSP_RESPID(NULL,
+ &sdata, idsize);
+ if (!id)
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ if (data != sdata)
+ {
+ OCSP_RESPID_free(id);
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ if (!s->tlsext_ocsp_ids
+ && !(s->tlsext_ocsp_ids =
+ sk_OCSP_RESPID_new_null()))
+ {
+ OCSP_RESPID_free(id);
+ *al = SSL_AD_INTERNAL_ERROR;
+ return 0;
+ }
+ if (!sk_OCSP_RESPID_push(
+ s->tlsext_ocsp_ids, id))
+ {
+ OCSP_RESPID_free(id);
+ *al = SSL_AD_INTERNAL_ERROR;
+ return 0;
+ }
+ }
+
+ /* Read in request_extensions */
+ n2s(data,dsize);
+ size -= 2;
+ if (dsize > size)
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ sdata = data;
+ if (dsize > 0)
+ {
+ s->tlsext_ocsp_exts =
+ d2i_X509_EXTENSIONS(NULL,
+ &sdata, dsize);
+ if (!s->tlsext_ocsp_exts
+ || (data + dsize != sdata))
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ }
+ }
+ /* We don't know what to do with any other type
+ * so ignore it.
+ */
+ else
+ s->tlsext_status_type = -1;
+ }
+ /* session ticket processed earlier */
+
+ data+=size;
+ }
+
+ *p = data;
+ return 1;
+ }
+
+int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
+ {
+ unsigned short type;
+ unsigned short size;
+ unsigned short len;
+ unsigned char *data = *p;
+
+ int tlsext_servername = 0;
+
+ if (data >= (d+n-2))
+ return 1;
+
+ n2s(data,len);
+
+ while(data <= (d+n-4))
+ {
+ n2s(data,type);
+ n2s(data,size);
+
+ if (data+size > (d+n))
+ return 1;
+
+ if (s->tlsext_debug_cb)
+ s->tlsext_debug_cb(s, 1, type, data, size,
+ s->tlsext_debug_arg);
+
+ if (type == TLSEXT_TYPE_server_name)
+ {
+ if (s->tlsext_hostname == NULL || size > 0)
+ {
+ *al = TLS1_AD_UNRECOGNIZED_NAME;
+ return 0;
+ }
+ tlsext_servername = 1;
+ }
+ else if (type == TLSEXT_TYPE_session_ticket)
+ {
+ if ((SSL_get_options(s) & SSL_OP_NO_TICKET)
+ || (size > 0))
+ {
+ *al = TLS1_AD_UNSUPPORTED_EXTENSION;
+ return 0;
+ }
+ s->tlsext_ticket_expected = 1;
+ }
+ else if (type == TLSEXT_TYPE_status_request)
+ {
+ /* MUST be empty and only sent if we've requested
+ * a status request message.
+ */
+ if ((s->tlsext_status_type == -1) || (size > 0))
+ {
+ *al = TLS1_AD_UNSUPPORTED_EXTENSION;
+ return 0;
+ }
+ /* Set flag to expect CertificateStatus message */
+ s->tlsext_status_expected = 1;
+ }
+
+ data+=size;
+ }
+
+ if (data != d+n)
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+
+ if (!s->hit && tlsext_servername == 1)
+ {
+ if (s->tlsext_hostname)
+ {
+ if (s->session->tlsext_hostname == NULL)
+ {
+ s->session->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
+ if (!s->session->tlsext_hostname)
+ {
+ *al = SSL_AD_UNRECOGNIZED_NAME;
+ return 0;
+ }
+ }
+ else
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ }
+ }
+
+ *p = data;
+ return 1;
+ }
+
+int ssl_check_clienthello_tlsext(SSL *s)
+ {
+ int ret=SSL_TLSEXT_ERR_NOACK;
+ int al = SSL_AD_UNRECOGNIZED_NAME;
+
+ if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
+ ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
+ else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
+ ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
+
+ /* If status request then ask callback what to do.
+ * Note: this must be called after servername callbacks in case
+ * the certificate has changed.
+ */
+ if ((s->tlsext_status_type != -1) && s->ctx->tlsext_status_cb)
+ {
+ int r;
+ r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+ switch (r)
+ {
+ /* We don't want to send a status request response */
+ case SSL_TLSEXT_ERR_NOACK:
+ s->tlsext_status_expected = 0;
+ break;
+ /* status request response should be sent */
+ case SSL_TLSEXT_ERR_OK:
+ if (s->tlsext_ocsp_resp)
+ s->tlsext_status_expected = 1;
+ else
+ s->tlsext_status_expected = 0;
+ break;
+ /* something bad happened */
+ case SSL_TLSEXT_ERR_ALERT_FATAL:
+ ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+ al = SSL_AD_INTERNAL_ERROR;
+ goto err;
+ }
+ }
+ else
+ s->tlsext_status_expected = 0;
+ err:
+ switch (ret)
+ {
+ case SSL_TLSEXT_ERR_ALERT_FATAL:
+ ssl3_send_alert(s,SSL3_AL_FATAL,al);
+ return -1;
+
+ case SSL_TLSEXT_ERR_ALERT_WARNING:
+ ssl3_send_alert(s,SSL3_AL_WARNING,al);
+ return 1;
+
+ case SSL_TLSEXT_ERR_NOACK:
+ s->servername_done=0;
+ default:
+ return 1;
+ }
+ }
+
+int ssl_check_serverhello_tlsext(SSL *s)
+ {
+ int ret=SSL_TLSEXT_ERR_NOACK;
+ int al = SSL_AD_UNRECOGNIZED_NAME;
+
+ if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
+ ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
+ else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
+ ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
+
+ /* If we've requested certificate status and we wont get one
+ * tell the callback
+ */
+ if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected)
+ && s->ctx->tlsext_status_cb)
+ {
+ int r;
+ /* Set resp to NULL, resplen to -1 so callback knows
+ * there is no response.
+ */
+ if (s->tlsext_ocsp_resp)
+ {
+ OPENSSL_free(s->tlsext_ocsp_resp);
+ s->tlsext_ocsp_resp = NULL;
+ }
+ s->tlsext_ocsp_resplen = -1;
+ r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+ if (r == 0)
+ {
+ al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
+ ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+ }
+ if (r < 0)
+ {
+ al = SSL_AD_INTERNAL_ERROR;
+ ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+ }
+ }
+
+ switch (ret)
+ {
+ case SSL_TLSEXT_ERR_ALERT_FATAL:
+ ssl3_send_alert(s,SSL3_AL_FATAL,al);
+ return -1;
+
+ case SSL_TLSEXT_ERR_ALERT_WARNING:
+ ssl3_send_alert(s,SSL3_AL_WARNING,al);
+ return 1;
+
+ case SSL_TLSEXT_ERR_NOACK:
+ s->servername_done=0;
+ default:
+ return 1;
+ }
+ }
+
+/* Since the server cache lookup is done early on in the processing of client
+ * hello and other operations depend on the result we need to handle any TLS
+ * session ticket extension at the same time.
+ */
+
+int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
+ const unsigned char *limit, SSL_SESSION **ret)
+ {
+ /* Point after session ID in client hello */
+ const unsigned char *p = session_id + len;
+ unsigned short i;
+ if ((s->version <= SSL3_VERSION) || !limit)
+ return 1;
+ if (p >= limit)
+ return -1;
+ /* Skip past cipher list */
+ n2s(p, i);
+ p+= i;
+ if (p >= limit)
+ return -1;
+ /* Skip past compression algorithm list */
+ i = *(p++);
+ p += i;
+ if (p > limit)
+ return -1;
+ /* Now at start of extensions */
+ if ((p + 2) >= limit)
+ return 1;
+ n2s(p, i);
+ while ((p + 4) <= limit)
+ {
+ unsigned short type, size;
+ n2s(p, type);
+ n2s(p, size);
+ if (p + size > limit)
+ return 1;
+ if (type == TLSEXT_TYPE_session_ticket)
+ {
+ /* If tickets disabled indicate cache miss which will
+ * trigger a full handshake
+ */
+ if (SSL_get_options(s) & SSL_OP_NO_TICKET)
+ return 0;
+ /* If zero length not client will accept a ticket
+ * and indicate cache miss to trigger full handshake
+ */
+ if (size == 0)
+ {
+ s->tlsext_ticket_expected = 1;
+ return 0; /* Cache miss */
+ }
+ return tls_decrypt_ticket(s, p, size, session_id, len,
+ ret);
+ }
+ p += size;
+ }
+ return 1;
+ }
+
+static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
+ const unsigned char *sess_id, int sesslen,
+ SSL_SESSION **psess)
+ {
+ SSL_SESSION *sess;
+ unsigned char *sdec;
+ const unsigned char *p;
+ int slen, mlen, renew_ticket = 0;
+ unsigned char tick_hmac[EVP_MAX_MD_SIZE];
+ HMAC_CTX hctx;
+ EVP_CIPHER_CTX ctx;
+ /* Need at least keyname + iv + some encrypted data */
+ if (eticklen < 48)
+ goto tickerr;
+ /* Initialize session ticket encryption and HMAC contexts */
+ HMAC_CTX_init(&hctx);
+ EVP_CIPHER_CTX_init(&ctx);
+ if (s->ctx->tlsext_ticket_key_cb)
+ {
+ unsigned char *nctick = (unsigned char *)etick;
+ int rv = s->ctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
+ &ctx, &hctx, 0);
+ if (rv < 0)
+ return -1;
+ if (rv == 0)
+ goto tickerr;
+ if (rv == 2)
+ renew_ticket = 1;
+ }
+ else
+ {
+ /* Check key name matches */
+ if (memcmp(etick, s->ctx->tlsext_tick_key_name, 16))
+ goto tickerr;
+ HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
+ tlsext_tick_md(), NULL);
+ EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+ s->ctx->tlsext_tick_aes_key, etick + 16);
+ }
+ /* Attempt to process session ticket, first conduct sanity and
+ * integrity checks on ticket.
+ */
+ mlen = HMAC_size(&hctx);
+ eticklen -= mlen;
+ /* Check HMAC of encrypted ticket */
+ HMAC_Update(&hctx, etick, eticklen);
+ HMAC_Final(&hctx, tick_hmac, NULL);
+ HMAC_CTX_cleanup(&hctx);
+ if (memcmp(tick_hmac, etick + eticklen, mlen))
+ goto tickerr;
+ /* Attempt to decrypt session data */
+ /* Move p after IV to start of encrypted ticket, update length */
+ p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
+ eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
+ sdec = OPENSSL_malloc(eticklen);
+ if (!sdec)
+ {
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ return -1;
+ }
+ EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);
+ if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0)
+ goto tickerr;
+ slen += mlen;
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ p = sdec;
+
+ sess = d2i_SSL_SESSION(NULL, &p, slen);
+ OPENSSL_free(sdec);
+ if (sess)
+ {
+ /* The session ID if non-empty is used by some clients to
+ * detect that the ticket has been accepted. So we copy it to
+ * the session structure. If it is empty set length to zero
+ * as required by standard.
+ */
+ if (sesslen)
+ memcpy(sess->session_id, sess_id, sesslen);
+ sess->session_id_length = sesslen;
+ *psess = sess;
+ s->tlsext_ticket_expected = renew_ticket;
+ return 1;
+ }
+ /* If session decrypt failure indicate a cache miss and set state to
+ * send a new ticket
+ */
+ tickerr:
+ s->tlsext_ticket_expected = 1;
+ return 0;
+ }
+
+#endif
diff --git a/lib/libssl/src/ssl/t1_meth.c b/lib/libssl/src/ssl/t1_meth.c
index fcc243f7826..f5d8df634ee 100644
--- a/lib/libssl/src/ssl/t1_meth.c
+++ b/lib/libssl/src/ssl/t1_meth.c
@@ -69,28 +69,8 @@ static SSL_METHOD *tls1_get_method(int ver)
return(NULL);
}
-SSL_METHOD *TLSv1_method(void)
- {
- static int init=1;
- static SSL_METHOD TLSv1_data;
-
- if (init)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
- if (init)
- {
- memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
- sizeof(SSL_METHOD));
- TLSv1_data.ssl_connect=ssl3_connect;
- TLSv1_data.ssl_accept=ssl3_accept;
- TLSv1_data.get_ssl_method=tls1_get_method;
- init=0;
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
- }
-
- return(&TLSv1_data);
- }
+IMPLEMENT_tls1_meth_func(TLSv1_method,
+ ssl3_accept,
+ ssl3_connect,
+ tls1_get_method)
diff --git a/lib/libssl/src/ssl/t1_srvr.c b/lib/libssl/src/ssl/t1_srvr.c
index 1c1149e49fe..b75636abba9 100644
--- a/lib/libssl/src/ssl/t1_srvr.c
+++ b/lib/libssl/src/ssl/t1_srvr.c
@@ -73,26 +73,8 @@ static SSL_METHOD *tls1_get_server_method(int ver)
return(NULL);
}
-SSL_METHOD *TLSv1_server_method(void)
- {
- static int init=1;
- static SSL_METHOD TLSv1_server_data;
-
- if (init)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
- if (init)
- {
- memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
- sizeof(SSL_METHOD));
- TLSv1_server_data.ssl_accept=ssl3_accept;
- TLSv1_server_data.get_ssl_method=tls1_get_server_method;
- init=0;
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
- }
- return(&TLSv1_server_data);
- }
+IMPLEMENT_tls1_meth_func(TLSv1_server_method,
+ ssl3_accept,
+ ssl_undefined_function,
+ tls1_get_server_method)
diff --git a/lib/libssl/src/ssl/tls1.h b/lib/libssl/src/ssl/tls1.h
index 38838ea9a5d..2d1d293e1a4 100644
--- a/lib/libssl/src/ssl/tls1.h
+++ b/lib/libssl/src/ssl/tls1.h
@@ -55,6 +55,19 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
#ifndef HEADER_TLS1_H
#define HEADER_TLS1_H
@@ -65,7 +78,7 @@
extern "C" {
#endif
-#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1
+#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
#define TLS1_VERSION 0x0301
#define TLS1_VERSION_MAJOR 0x03
@@ -83,6 +96,93 @@ extern "C" {
#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */
#define TLS1_AD_USER_CANCELLED 90
#define TLS1_AD_NO_RENEGOTIATION 100
+/* codes 110-114 are from RFC3546 */
+#define TLS1_AD_UNSUPPORTED_EXTENSION 110
+#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
+#define TLS1_AD_UNRECOGNIZED_NAME 112
+#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
+#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
+#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */
+
+/* ExtensionType values from RFC 3546 */
+#define TLSEXT_TYPE_server_name 0
+#define TLSEXT_TYPE_max_fragment_length 1
+#define TLSEXT_TYPE_client_certificate_url 2
+#define TLSEXT_TYPE_trusted_ca_keys 3
+#define TLSEXT_TYPE_truncated_hmac 4
+#define TLSEXT_TYPE_status_request 5
+#define TLSEXT_TYPE_elliptic_curves 10
+#define TLSEXT_TYPE_ec_point_formats 11
+#define TLSEXT_TYPE_session_ticket 35
+
+/* NameType value from RFC 3546 */
+#define TLSEXT_NAMETYPE_host_name 0
+/* status request value from RFC 3546 */
+#define TLSEXT_STATUSTYPE_ocsp 1
+
+#ifndef OPENSSL_NO_TLSEXT
+
+#define TLSEXT_MAXLEN_host_name 255
+
+const char *SSL_get_servername(const SSL *s, const int type) ;
+int SSL_get_servername_type(const SSL *s) ;
+
+#define SSL_set_tlsext_host_name(s,name) \
+SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
+
+#define SSL_set_tlsext_debug_callback(ssl, cb) \
+SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
+
+#define SSL_set_tlsext_debug_arg(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
+
+#define SSL_set_tlsext_status_type(ssl, type) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
+
+#define SSL_get_tlsext_status_exts(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
+
+#define SSL_set_tlsext_status_exts(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
+
+#define SSL_get_tlsext_status_ids(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
+
+#define SSL_set_tlsext_status_ids(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
+
+#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg)
+
+#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
+
+#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
+SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
+
+#define SSL_TLSEXT_ERR_OK 0
+#define SSL_TLSEXT_ERR_ALERT_WARNING 1
+#define SSL_TLSEXT_ERR_ALERT_FATAL 2
+#define SSL_TLSEXT_ERR_NOACK 3
+
+#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
+SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
+
+#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
+ SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLXEXT_TICKET_KEYS,(keylen),(keys))
+#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
+ SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLXEXT_TICKET_KEYS,(keylen),(keys))
+
+#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
+SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
+
+#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
+SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
+
+#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
+SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
+
+#endif
/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
* (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
@@ -112,6 +212,60 @@ extern "C" {
#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
+/* Camellia ciphersuites from RFC4132 */
+#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041
+#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042
+#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043
+#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044
+#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045
+#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046
+
+#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084
+#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085
+#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086
+#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087
+#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088
+#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089
+
+/* SEED ciphersuites from RFC4162 */
+#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096
+#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097
+#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098
+#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099
+#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A
+#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B
+
+/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
+#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
+#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
+#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005
+
+#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006
+#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007
+#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A
+
+#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B
+#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C
+#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D
+#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E
+#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F
+
+#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010
+#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011
+#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012
+#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013
+#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014
+
+#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015
+#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016
+#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017
+#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018
+#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019
+
/* XXX
* Inconsistency alert:
* The OpenSSL names of ciphers with ephemeral DH here include the string
@@ -142,12 +296,68 @@ extern "C" {
#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"
#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"
+/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
+#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
+#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
+#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA"
+
+#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA"
+
+#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA"
+
+#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA"
+#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA"
+#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA"
+
+#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA"
+#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA"
+#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA"
+#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA"
+#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA"
+
+/* Camellia ciphersuites from RFC4132 */
+#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"
+#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"
+#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA"
+#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA"
+
+#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA"
+#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA"
+#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA"
+#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA"
+
+/* SEED ciphersuites from RFC4162 */
+#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA"
+#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA"
+#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"
+#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"
#define TLS_CT_RSA_SIGN 1
#define TLS_CT_DSS_SIGN 2
#define TLS_CT_RSA_FIXED_DH 3
#define TLS_CT_DSS_FIXED_DH 4
-#define TLS_CT_NUMBER 4
+#define TLS_CT_ECDSA_SIGN 64
+#define TLS_CT_RSA_FIXED_ECDH 65
+#define TLS_CT_ECDSA_FIXED_ECDH 66
+#define TLS_CT_NUMBER 7
#define TLS1_FINISH_MAC_LENGTH 12
@@ -193,3 +403,5 @@ extern "C" {
#endif
#endif
+
+
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.