Index: releng/8.4/UPDATING =================================================================== --- releng/8.4/UPDATING (revision 273415) +++ releng/8.4/UPDATING (revision 273416) @@ -1,1969 +1,1976 @@ Updating Information for FreeBSD current users This file is maintained and copyrighted by M. Warner Losh . See end of file for further details. For commonly done items, please see the COMMON ITEMS: section later in the file. Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.x IS SLOW ON IA64 OR SUN4V: For ia64 the INVARIANTS and INVARIANT_SUPPORT kernel options were left in the GENERIC kernel because the kernel does not work properly without them. For sun4v all of the normal kernel debugging tools present in HEAD were left in place because sun4v support still needs work to become production ready. +20141021: p17 FreeBSD-SA-14:21.routed + FreeBSD-SA-14:23.openssl + + Fix routed(8) remote denial of service vulnerability. [SA-14:21] + + Fix OpenSSL multiple vulnerabilities. [SA-14:23] + 20140916: p16 FreeBSD-SA-14:19.tcp Fix Denial of Service in TCP packet processing. [SA-14:19] 20140909: p15 FreeBSD-SA-14:18.openssl Fix OpenSSL multiple vulnerabilities. [SA-14:18] 20140708: p14 FreeBSD-SA-14:17.kmem FreeBSD-EN-14:09.jail Fix kernel memory disclosure in control messages and SCTP notifications. [SA-14:17] Fix jail fails to start if WITHOUT_INET/WITHOUT_INET6 is use. [EN-14:09] 20140624: p13 FreeBSD-SA-14:16.file FreeBSD-EN-14:08.heimdal Fix multiple vulnerabilities in file(1) and libmagic(3). [SA-14:16] Fix gss_pseudo_random interoperability issue. [EN-14:08] 20140605: p12 FreeBSD-SA-14:14.openssl Fix OpenSSL multiple vulnerabilities. [SA-14:14] 20140603: p11 FreeBSD-SA-14:11.sendmail FreeBSD-SA-14:12.ktrace FreeBSD-EN-14:06.exec Fix sendmail improper close-on-exec flag handling. [SA-14:11] Fix ktrace memory disclosure. [SA-14:12] Fix triple-fault when executing from a threaded process. [EN-14:06] 20140513: p10 FreeBSD-EN-14:03.pkg FreeBSD-EN-14:04.kldxref Add pkg bootstrapping, configuration and public keys. [EN-14:03] Improve build repeatability for kldxref(8). [EN-14:04] 20140430: p9 FreeBSD-SA-14:08.tcp Fix TCP reassembly vulnerability. [SA-14:08] 20140408: p8 FreeBSD-SA-14:05.nfsserver FreeBSD-SA-14:06.openssl Fix deadlock in the NFS server. [SA-14:05] Fix for ECDSA Cache Side-channel Attack in OpenSSL. [SA-14:06] 20140114: p7 FreeBSD-SA-14:01.bsnmpd FreeBSD-SA-14:02.ntpd FreeBSD-SA-14:04.bind FreeBSD-EN-14:01.random FreeBSD-EN-14:02.mmap Fix bsnmpd remote denial of service vulnerability. [SA-14:01] Fix ntpd distributed reflection Denial of Service vulnerability. [SA-14:02] Fix BIND remote denial of service vulnerability. [SA-14:04] Disable hardware RNGs by default. [EN-14:01] Fix incorrect coalescing of stack entry with mmap. [EN-14:02] 20131128: p6 FreeBSD-EN-13:05.freebsd-update Fix error in patch for FreeBSD-EN-13:04.freebsd-update. 20131026: p5 FreeBSD-EN-13:04.freebsd-update Fix multiple freebsd-update bugs that break upgrading to FreeBSD 10.0. 20130910: p4 FreeBSD-SA-13:12.ifioctl FreeBSD-SA-13:13.nullfs In IPv6 and NetATM, stop SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR and SIOCSIFNETMASK at the socket layer rather than pass them on to the link layer without validation or credential checks. [SA-13:12] Prevent cross-mount hardlinks between different nullfs mounts of the same underlying filesystem. [SA-13:13] 20130822: p3 FreeBSD-SA-13:09.ip_multicast FreeBSD-SA-13:10.sctp Fix an integer overflow in computing the size of a temporary buffer can result in a buffer which is too small for the requested operation. [13:09] Fix a bug that could lead to kernel memory disclosure with SCTP state cookie. [13:10] 20130726: p2 FreeBSD-SA-13:07.bind Fix Denial of Service vulnerability in named(8). 20130628: p1 FreeBSD-EN-13:01.fxp FreeBSD-EN-13:02.vtnet Fix a problem where dhclient(8) utility tries to initilaize an fxp(4) forever because the driver resets the controller chip twice upon initialization. [EN-13:01] Fix a problem where frames sent to additional MAC addresses are not forwarded to the vtnet(4) interface. [EN-13:02] 20130429: Fix a bug that allows NFS clients to issue READDIR on files. 20130225: A new compression method (lz4) has been merged. Please refer to zpool-features(7) for more information. Please refer to the "ZFS notes" section of this file for information on upgrading boot ZFS pools. 20121130: A new version of ZFS (pool version 5000) has been merged to 8-STABLE. Starting with this version the old system of ZFS pool versioning is superseded by "feature flags". This concept enables forward compatibility against certain future changes in functionality of ZFS pools. The first two read-only compatible "feature flags" for ZFS pools are "com.delphix:async_destroy" and "com.delphix:empty_bpobj". For more information read the new zpool-features(7) manual page. Please refer to the "ZFS notes" section of this file for information on upgrading boot ZFS pools. 20121018: WITH_CTF can now be specified in src.conf (not recommended, there are some problems with static executables), make.conf (would also affect ports which do not use GNU make and do not override the compile targets) or in the kernel config (via "makeoptions WITH_CTF=yes"). When WITH_CTF was specified there before this was silently ignored, so make sure that WITH_CTF is not used in places which could lead to unwanted behavior. 20120913: The random(4) support for the VIA hardware random number generator (`PADLOCK') is no longer enabled unconditionally. Add the PADLOCK_RNG option in the custom kernel config if needed. The GENERIC kernels on i386 and amd64 do include the option, so the change only affects the custom kernel configurations. 20120727: The sparc64 ZFS loader has been changed to no longer try to auto- detect ZFS providers based on diskN aliases but now requires these to be explicitly listed in the OFW boot-device environment variable. 20120411: 8.3-RELEASE. 20120106: A new VOP_ADVISE() was added to support posix_fadvise(2). All filesystem modules must be recompiled. 20111116: A new VOP_ALLOCATE() was added to support posix_fallocate(2). All filesystem modules must be recompiled. 20111101: The broken amd(4) driver has been replaced with esp(4) in the amd64, i386 and pc98 GENERIC kernel configuration files. 20110606: A new version of ZFS (version 28) has been merged. This version does not depend on a python library and the sysutils/py-zfs port is not used anymore. For upgrading your boot pool, please read "ZFS notes" in the COMMON ITEMS: section later in this file. 20110428: IPsec's HMAC_SHA256-512 support has been fixed to be RFC4868 compliant, and will now use half of hash for authentication. This will break interoperability with all stacks (including all older FreeBSD versions) who implement draft-ietf-ipsec-ciph-sha-256-00 (they use 96 bits of hash for authentication). The only workaround with such peers is to use another HMAC algorithm for IPsec ("phase 2") authentication. 20110221: 8.2-RELEASE. 20101126: New version of minidump format for amd64 architecture was introduced in r215872. To analyze vmcore files produced by kernels at or after this version you will need updated userland, libkvm actually, that is able to handle the new version. 20101022: A workaround for a fixed ld bug has been removed in kernel code, so make sure that your system ld is built from sources after revision 211583 from 2010-08-21 (r210245 from 2010-07-19 if building stable/8 kernel on head, r211584 from 2010-08-21 for stable/7). A symptom of incorrect ld version is different addresses for set_pcpu section and __start_set_pcpu symbol in kernel and/or modules. 20100915: A new version of ZFS (version 15) has been merged. This version uses a python library for the following subcommands: zfs allow, zfs unallow, zfs groupspace, zfs userspace. For full functionality of these commands the following port must be installed: sysutils/py-zfs 20100720: 8.1-RELEASE. 20100502: The config(8) command has been updated to maintain compatibility with config files from 8.0-RELEASE. You will need a new version of config to build kernels (this version can be used from 8.0-RELEASE forward). The buildworld target will generate it, so following the instructions in this file for updating will work glitch-free. Merely doing a make buildkernel without first doing a make buildworld (or kernel-toolchain), or attempting to build a kernel using traidtional methods will generate a config version warning, indicating you should update. 20100408: The rc.firewall and rc.firewall6 were unified, and rc.firewall6 and rc.d/ip6fw were removed. According to the removal of rc.d/ip6fw, ipv6_firewall_* rc variables are obsoleted. Instead, the following new rc variables are added to rc.d/ipfw: firewall_client_net_ipv6, firewall_simple_iif_ipv6, firewall_simple_inet_ipv6, firewall_simple_oif_ipv6, firewall_simple_onet_ipv6 The meanings correspond to the relevant IPv4 variables. 20100417: COMPAT_IA32 has been added as an alias for COMPAT_FREEBSD32. A new version of config(8) is required. The error message when you hit this condition is confusing (COMPAT_FREEBSD32 duplicate option), when it should really say "your config is too old to compile this new kernel." 20100406: The kernel option COMPAT_IA32 has been replaced with COMPAT_FREEBSD32 to allow 32-bit compatibility on non-x86 platforms. All kernel configurations on amd64 and ia64 platforms using these options must be modified accordingly. 20100125: Introduce the kernel thread "deadlock resolver" (which can be enabled via the DEADLKRES option, see NOTES for more details) and the sleepq_type() function for sleepqueues. 20091125: 8.0-RELEASE. 20090929: 802.11s D3.03 support was committed. This is incompatible with the previous code, which was based on D3.0. 20090915: ZFS snapshots are now mounted with MNT_IGNORE flag. Use -v option for mount(8) and -a option for df(1) to see them. 20090813: Remove the option STOP_NMI. The default action is now to use NMI only for KDB via the newly introduced function stop_cpus_hard() and maintain stop_cpus() to just use a normal IPI_STOP on ia32 and amd64. 20090803: RELENG_8 branched. 20090719: Bump the shared library version numbers for all libraries that do not use symbol versioning as part of the 8.0-RELEASE cycle. Bump __FreeBSD_version to 800105. 20090714: Due to changes in the implementation of virtual network stack support, all network-related kernel modules must be recompiled. As this change breaks the ABI, bump __FreeBSD_version to 800104. 20090713: The TOE interface to the TCP syncache has been modified to remove struct tcpopt () from the ABI of the network stack. The cxgb driver is the only TOE consumer affected by this change, and needs to be recompiled along with the kernel. As this change breaks the ABI, bump __FreeBSD_version to 800103. 20090712: Padding has been added to struct tcpcb, sackhint and tcpstat in to facilitate future MFCs and bug fixes whilst maintainig the ABI. However, this change breaks the ABI, so bump __FreeBSD_version to 800102. User space tools that rely on the size of any of these structs (e.g. sockstat) need to be recompiled. 20090630: The NFS_LEGACYRPC option has been removed along with the old kernel RPC implementation that this option selected. Kernel configurations may need to be adjusted. 20090629: The network interface device nodes at /dev/net/ have been removed. All ioctl operations can be performed the normal way using routing sockets. The kqueue functionality can generally be replaced with routing sockets. 20090628: The documentation from the FreeBSD Documentation Project (Handbook, FAQ, etc.) is now installed via packages by sysinstall(8) and under the /usr/local/share/doc/freebsd directory instead of /usr/share/doc. 20090624: The ABI of various structures related to the SYSV IPC API have been changed. As a result, the COMPAT_FREEBSD[456] and COMPAT_43 kernel options now all require COMPAT_FREEBSD7. Bump __FreeBSD_version to 800100. 20090622: Layout of struct vnet has changed as routing related variables were moved to their own Vimage module. Modules need to be recompiled. Bump __FreeBSD_version to 800099. 20090619: NGROUPS_MAX and NGROUPS have been increased from 16 to 1023 and 1024 respectively. As long as no more than 16 groups per process are used, no changes should be visible. When more than 16 groups are used, old binaries may fail if they call getgroups() or getgrouplist() with statically sized storage. Recompiling will work around this, but applications should be modified to use dynamically allocated storage for group arrays as POSIX.1-2008 does not cap an implementation's number of supported groups at NGROUPS_MAX+1 as previous versions did. NFS and portalfs mounts may also be affected as the list of groups is truncated to 16. Users of NFS who use more than 16 groups, should take care that negative group permissions are not used on the exported file systems as they will not be reliable unless a GSSAPI based authentication method is used. 20090616: The compiling option ADAPTIVE_LOCKMGRS has been introduced. This option compiles in the support for adaptive spinning for lockmgrs which want to enable it. The lockinit() function now accepts the flag LK_ADAPTIVE in order to make the lock object subject to adaptive spinning when both held in write and read mode. 20090613: The layout of the structure returned by IEEE80211_IOC_STA_INFO has changed. User applications that use this ioctl need to be rebuilt. 20090611: The layout of struct thread has changed. Kernel and modules need to be rebuilt. 20090608: The layout of structs ifnet, domain, protosw and vnet_net has changed. Kernel modules need to be rebuilt. Bump __FreeBSD_version to 800097. 20090602: window(1) has been removed from the base system. It can now be installed from ports. The port is called misc/window. 20090601: The way we are storing and accessing `routing table' entries has changed. Programs reading the FIB, like netstat, need to be re-compiled. 20090601: A new netisr implementation has been added for FreeBSD 8. Network file system modules, such as igmp, ipdivert, and others, should be rebuilt. Bump __FreeBSD_version to 800096. 20090530: Remove the tunable/sysctl debug.mpsafevfs as its initial purpose is no more valid. 20090530: Add VOP_ACCESSX(9). File system modules need to be rebuilt. Bump __FreeBSD_version to 800094. 20090529: Add mnt_xflag field to 'struct mount'. File system modules need to be rebuilt. Bump __FreeBSD_version to 800093. 20090528: The compiling option ADAPTIVE_SX has been retired while it has been introduced the option NO_ADAPTIVE_SX which handles the reversed logic. The KPI for sx_init_flags() changes as accepting flags: SX_ADAPTIVESPIN flag has been retired while the SX_NOADAPTIVE flag has been introduced in order to handle the reversed logic. Bump __FreeBSD_version to 800092. 20090527: Add support for hierarchical jails. Remove global securelevel. Bump __FreeBSD_version to 800091. 20090523: The layout of struct vnet_net has changed, therefore modules need to be rebuilt. Bump __FreeBSD_version to 800090. 20090523: The newly imported zic(8) produces a new format in the output. Please run tzsetup(8) to install the newly created data to /etc/localtime. 20090520: The sysctl tree for the usb stack has renamed from hw.usb2.* to hw.usb.* and is now consistent again with previous releases. 20090520: 802.11 monitor mode support was revised and driver api's were changed. Drivers dependent on net80211 now support DLT_IEEE802_11_RADIO instead of DLT_IEEE802_11. No user-visible data structures were changed but applications that use DLT_IEEE802_11 may require changes. Bump __FreeBSD_version to 800088. 20090430: The layout of the following structs has changed: sysctl_oid, socket, ifnet, inpcbinfo, tcpcb, syncache_head, vnet_inet, vnet_inet6 and vnet_ipfw. Most modules need to be rebuild or panics may be experienced. World rebuild is required for correctly checking networking state from userland. Bump __FreeBSD_version to 800085. 20090429: MLDv2 and Source-Specific Multicast (SSM) have been merged to the IPv6 stack. VIMAGE hooks are in but not yet used. The implementation of SSM within FreeBSD's IPv6 stack closely follows the IPv4 implementation. For kernel developers: * The most important changes are that the ip6_output() and ip6_input() paths no longer take the IN6_MULTI_LOCK, and this lock has been downgraded to a non-recursive mutex. * As with the changes to the IPv4 stack to support SSM, filtering of inbound multicast traffic must now be performed by transport protocols within the IPv6 stack. This does not apply to TCP and SCTP, however, it does apply to UDP in IPv6 and raw IPv6. * The KPIs used by IPv6 multicast are similar to those used by the IPv4 stack, with the following differences: * im6o_mc_filter() is analogous to imo_multicast_filter(). * The legacy KAME entry points in6_joingroup and in6_leavegroup() are shimmed to in6_mc_join() and in6_mc_leave() respectively. * IN6_LOOKUP_MULTI() has been deprecated and removed. * IPv6 relies on MLD for the DAD mechanism. KAME's internal KPIs for MLDv1 have an additional 'timer' argument which is used to jitter the initial membership report for the solicited-node multicast membership on-link. * This is not strictly needed for MLDv2, which already jitters its report transmissions. However, the 'timer' argument is preserved in case MLDv1 is active on the interface. * The KAME linked-list based IPv6 membership implementation has been refactored to use a vector similar to that used by the IPv4 stack. Code which maintains a list of its own multicast memberships internally, e.g. carp, has been updated to reflect the new semantics. * There is a known Lock Order Reversal (LOR) due to in6_setscope() acquiring the IF_AFDATA_LOCK and being called within ip6_output(). Whilst MLDv2 tries to avoid this otherwise benign LOR, it is an implementation constraint which needs to be addressed in HEAD. For application developers: * The changes are broadly similar to those made for the IPv4 stack. * The use of IPv4 and IPv6 multicast socket options on the same socket, using mapped addresses, HAS NOT been tested or supported. * There are a number of issues with the implementation of various IPv6 multicast APIs which need to be resolved in the API surface before the implementation is fully compatible with KAME userland use, and these are mostly to do with interface index treatment. * The literature available discusses the use of either the delta / ASM API with setsockopt(2)/getsockopt(2), or the full-state / ASM API using setsourcefilter(3)/getsourcefilter(3). For more information please refer to RFC 3768, 'Socket Interface Extensions for Multicast Source Filters'. * Applications which use the published RFC 3678 APIs should be fine. For systems administrators: * The mtest(8) utility has been refactored to support IPv6, in addition to IPv4. Interface addresses are no longer accepted as arguments, their names must be used instead. The utility will map the interface name to its first IPv4 address as returned by getifaddrs(3). * The ifmcstat(8) utility has also been updated to print the MLDv2 endpoint state and source filter lists via sysctl(3). * The net.inet6.ip6.mcast.loop sysctl may be tuned to 0 to disable loopback of IPv6 multicast datagrams by default; it defaults to 1 to preserve the existing behaviour. Disabling multicast loopback is recommended for optimal system performance. * The IPv6 MROUTING code has been changed to examine this sysctl instead of attempting to perform a group lookup before looping back forwarded datagrams. Bump __FreeBSD_version to 800084. 20090422: Implement low-level Bluetooth HCI API. Bump __FreeBSD_version to 800083. 20090419: The layout of struct malloc_type, used by modules to register new memory allocation types, has changed. Most modules will need to be rebuilt or panics may be experienced. Bump __FreeBSD_version to 800081. 20090415: Anticipate overflowing inp_flags - add inp_flags2. This changes most offsets in inpcb, so checking v4 connection state will require a world rebuild. Bump __FreeBSD_version to 800080. 20090415: Add an llentry to struct route and struct route_in6. Modules embedding a struct route will need to be recompiled. Bump __FreeBSD_version to 800079. 20090414: The size of rt_metrics_lite and by extension rtentry has changed. Networking administration apps will need to be recompiled. The route command now supports show as an alias for get, weighting of routes, sticky and nostick flags to alter the behavior of stateful load balancing. Bump __FreeBSD_version to 800078. 20090408: Do not use Giant for kbdmux(4) locking. This is wrong and apparently causing more problems than it solves. This will re-open the issue where interrupt handlers may race with kbdmux(4) in polling mode. Typical symptoms include (but not limited to) duplicated and/or missing characters when low level console functions (such as gets) are used while interrupts are enabled (for example geli password prompt, mountroot prompt etc.). Disabling kbdmux(4) may help. 20090407: The size of structs vnet_net, vnet_inet and vnet_ipfw has changed; kernel modules referencing any of the above need to be recompiled. Bump __FreeBSD_version to 800075. 20090320: GEOM_PART has become the default partition slicer for storage devices, replacing GEOM_MBR, GEOM_BSD, GEOM_PC98 and GEOM_GPT slicers. It introduces some changes: MSDOS/EBR: the devices created from MSDOS extended partition entries (EBR) can be named differently than with GEOM_MBR and are now symlinks to devices with offset-based names. fstabs may need to be modified. BSD: the "geometry does not match label" warning is harmless in most cases but it points to problems in file system misalignment with disk geometry. The "c" partition is now implicit, covers the whole top-level drive and cannot be (mis)used by users. General: Kernel dumps are now not allowed to be written to devices whose partition types indicate they are meant to be used for file systems (or, in case of MSDOS partitions, as something else than the "386BSD" type). Most of these changes date approximately from 200812. 20090319: The uscanner(4) driver has been removed from the kernel. This follows Linux removing theirs in 2.6 and making libusb the default interface (supported by sane). 20090319: The multicast forwarding code has been cleaned up. netstat(1) only relies on KVM now for printing bandwidth upcall meters. The IPv4 and IPv6 modules are split into ip_mroute_mod and ip6_mroute_mod respectively. The config(5) options for statically compiling this code remain the same, i.e. 'options MROUTING'. 20090315: Support for the IFF_NEEDSGIANT network interface flag has been removed, which means that non-MPSAFE network device drivers are no longer supported. In particular, if_ar, if_sr, and network device drivers from the old (legacy) USB stack can no longer be built or used. 20090313: POSIX.1 Native Language Support (NLS) has been enabled in libc and a bunch of new language catalog files have also been added. This means that some common libc messages are now localized and they depend on the LC_MESSAGES environmental variable. 20090313: The k8temp(4) driver has been renamed to amdtemp(4) since support for K10 and K11 CPU families was added. 20090309: IGMPv3 and Source-Specific Multicast (SSM) have been merged to the IPv4 stack. VIMAGE hooks are in but not yet used. For kernel developers, the most important changes are that the ip_output() and ip_input() paths no longer take the IN_MULTI_LOCK(), and this lock has been downgraded to a non-recursive mutex. Transport protocols (UDP, Raw IP) are now responsible for filtering inbound multicast traffic according to group membership and source filters. The imo_multicast_filter() KPI exists for this purpose. Transports which do not use multicast (SCTP, TCP) already reject multicast by default. Forwarding and receive performance may improve as a mutex acquisition is no longer needed in the ip_input() low-level input path. in_addmulti() and in_delmulti() are shimmed to new KPIs which exist to support SSM in-kernel. For application developers, it is recommended that loopback of multicast datagrams be disabled for best performance, as this will still cause the lock to be taken for each looped-back datagram transmission. The net.inet.ip.mcast.loop sysctl may be tuned to 0 to disable loopback by default; it defaults to 1 to preserve the existing behaviour. For systems administrators, to obtain best performance with multicast reception and multiple groups, it is always recommended that a card with a suitably precise hash filter is used. Hash collisions will still result in the lock being taken within the transport protocol input path to check group membership. If deploying FreeBSD in an environment with IGMP snooping switches, it is recommended that the net.inet.igmp.sendlocal sysctl remain enabled; this forces 224.0.0.0/24 group membership to be announced via IGMP. The size of 'struct igmpstat' has changed; netstat needs to be recompiled to reflect this. Bump __FreeBSD_version to 800070. 20090309: libusb20.so.1 is now installed as libusb.so.1 and the ports system updated to use it. This requires a buildworld/installworld in order to update the library and dependencies (usbconfig, etc). Its advisable to rebuild all ports which uses libusb. More specific directions are given in the ports collection UPDATING file. Any /etc/libmap.conf entries for libusb are no longer required and can be removed. 20090302: A workaround is committed to allow the creation of System V shared memory segment of size > 2 GB on the 64-bit architectures. Due to a limitation of the existing ABI, the shm_segsz member of the struct shmid_ds, returned by shmctl(IPC_STAT) call is wrong for large segments. Note that limits must be explicitly raised to allow such segments to be created. 20090301: The layout of struct ifnet has changed, requiring a rebuild of all network device driver modules. 20090227: The /dev handling for the new USB stack has changed, a buildworld/installworld is required for libusb20. 20090223: The new USB2 stack has now been permanently moved in and all kernel and module names reverted to their previous values (eg, usb, ehci, ohci, ums, ...). The old usb stack can be compiled in by prefixing the name with the letter 'o', the old usb modules have been removed. Updating entry 20090216 for xorg and 20090215 for libmap may still apply. 20090217: The rc.conf(5) option if_up_delay has been renamed to defaultroute_delay to better reflect its purpose. If you have customized this setting in /etc/rc.conf you need to update it to use the new name. 20090216: xorg 7.4 wants to configure its input devices via hald which does not yet work with USB2. If the keyboard/mouse does not work in xorg then add Option "AllowEmptyInput" "off" to your ServerLayout section. This will cause X to use the configured kbd and mouse sections from your xorg.conf. 20090215: The GENERIC kernels for all architectures now default to the new USB2 stack. No kernel config options or code have been removed so if a problem arises please report it and optionally revert to the old USB stack. If you are loading USB kernel modules or have a custom kernel that includes GENERIC then ensure that usb names are also changed over, eg uftdi -> usb2_serial_ftdi. Older programs linked against the ports libusb 0.1 need to be redirected to the new stack's libusb20. /etc/libmap.conf can be used for this: # Map old usb library to new one for usb2 stack libusb-0.1.so.8 libusb20.so.1 20090209: All USB ethernet devices now attach as interfaces under the name ueN (eg. ue0). This is to provide a predictable name as vendors often change usb chipsets in a product without notice. 20090203: The ichsmb(4) driver has been changed to require SMBus slave addresses be left-justified (xxxxxxx0b) rather than right-justified. All of the other SMBus controller drivers require left-justified slave addresses, so this change makes all the drivers provide the same interface. 20090201: INET6 statistics (struct ip6stat) was updated. netstat(1) needs to be recompiled. 20090119: NTFS has been removed from GENERIC kernel on amd64 to match GENERIC on i386. Should not cause any issues since mount_ntfs(8) will load ntfs.ko module automatically when NTFS support is actually needed, unless ntfs.ko is not installed or security level prohibits loading kernel modules. If either is the case, "options NTFS" has to be added into kernel config. 20090115: TCP Appropriate Byte Counting (RFC 3465) support added to kernel. New field in struct tcpcb breaks ABI, so bump __FreeBSD_version to 800061. User space tools that rely on the size of struct tcpcb in tcp_var.h (e.g. sockstat) need to be recompiled. 20081225: ng_tty(4) module updated to match the new TTY subsystem. Due to API change, user-level applications must be updated. New API support added to mpd5 CVS and expected to be present in next mpd5.3 release. 20081219: With __FreeBSD_version 800060 the makefs tool is part of the base system (it was a port). 20081216: The afdata and ifnet locks have been changed from mutexes to rwlocks, network modules will need to be re-compiled. 20081214: __FreeBSD_version 800059 incorporates the new arp-v2 rewrite. RTF_CLONING, RTF_LLINFO and RTF_WASCLONED flags are eliminated. The new code reduced struct rtentry{} by 16 bytes on 32-bit architecture and 40 bytes on 64-bit architecture. The userland applications "arp" and "ndp" have been updated accordingly. The output from "netstat -r" shows only routing entries and none of the L2 information. 20081130: __FreeBSD_version 800057 marks the switchover from the binary ath hal to source code. Users must add the line: options AH_SUPPORT_AR5416 to their kernel config files when specifying: device ath_hal The ath_hal module no longer exists; the code is now compiled together with the driver in the ath module. It is now possible to tailor chip support (i.e. reduce the set of chips and thereby the code size); consult ath_hal(4) for details. 20081121: __FreeBSD_version 800054 adds memory barriers to , new interfaces to ifnet to facilitate multiple hardware transmit queues for cards that support them, and a lock-less ring-buffer implementation to enable drivers to more efficiently manage queueing of packets. 20081117: A new version of ZFS (version 13) has been merged to -HEAD. This version has zpool attribute "listsnapshots" off by default, which means "zfs list" does not show snapshots, and is the same as Solaris behavior. 20081028: dummynet(4) ABI has changed. ipfw(8) needs to be recompiled. 20081009: The uhci, ohci, ehci and slhci USB Host controller drivers have been put into separate modules. If you load the usb module separately through loader.conf you will need to load the appropriate *hci module as well. E.g. for a UHCI-based USB 2.0 controller add the following to loader.conf: uhci_load="YES" ehci_load="YES" 20081009: The ABI used by the PMC toolset has changed. Please keep userland (libpmc(3)) and the kernel module (hwpmc(4)) in sync. 20081009: atapci kernel module now includes only generic PCI ATA driver. AHCI driver moved to ataahci kernel module. All vendor-specific code moved into separate kernel modules: ataacard, ataacerlabs, ataadaptec, ataamd, ataati, atacenatek, atacypress, atacyrix, atahighpoint, ataintel, ataite, atajmicron, atamarvell, atamicron, atanational, atanetcell, atanvidia, atapromise, ataserverworks, atasiliconimage, atasis, atavia 20080820: The TTY subsystem of the kernel has been replaced by a new implementation, which provides better scalability and an improved driver model. Most common drivers have been migrated to the new TTY subsystem, while others have not. The following drivers have not yet been ported to the new TTY layer: PCI/ISA: cy, digi, rc, rp, sio USB: ubser, ucycom Line disciplines: ng_h4, ng_tty, ppp, sl, snp Adding these drivers to your kernel configuration file shall cause compilation to fail. 20080818: ntpd has been upgraded to 4.2.4p5. 20080801: OpenSSH has been upgraded to 5.1p1. For many years, FreeBSD's version of OpenSSH preferred DSA over RSA for host and user authentication keys. With this upgrade, we've switched to the vendor's default of RSA over DSA. This may cause upgraded clients to warn about unknown host keys even for previously known hosts. Users should follow the usual procedure for verifying host keys before accepting the RSA key. This can be circumvented by setting the "HostKeyAlgorithms" option to "ssh-dss,ssh-rsa" in ~/.ssh/config or on the ssh command line. Please note that the sequence of keys offered for authentication has been changed as well. You may want to specify IdentityFile in a different order to revert this behavior. 20080713: The sio(4) driver has been removed from the i386 and amd64 kernel configuration files. This means uart(4) is now the default serial port driver on those platforms as well. To prevent collisions with the sio(4) driver, the uart(4) driver uses different names for its device nodes. This means the onboard serial port will now most likely be called "ttyu0" instead of "ttyd0". You may need to reconfigure applications to use the new device names. When using the serial port as a boot console, be sure to update /boot/device.hints and /etc/ttys before booting the new kernel. If you forget to do so, you can still manually specify the hints at the loader prompt: set hint.uart.0.at="isa" set hint.uart.0.port="0x3F8" set hint.uart.0.flags="0x10" set hint.uart.0.irq="4" boot -s 20080609: The gpt(8) utility has been removed. Use gpart(8) to partition disks instead. 20080603: The version that Linuxulator emulates was changed from 2.4.2 to 2.6.16. If you experience any problems with Linux binaries please try to set sysctl compat.linux.osrelease to 2.4.2 and if it fixes the problem contact emulation mailing list. 20080525: ISDN4BSD (I4B) was removed from the src tree. You may need to update a your kernel configuration and remove relevant entries. 20080509: I have checked in code to support multiple routing tables. See the man pages setfib(1) and setfib(2). This is a hopefully backwards compatible version, but to make use of it you need to compile your kernel with options ROUTETABLES=2 (or more up to 16). 20080420: The 802.11 wireless support was redone to enable multi-bss operation on devices that are capable. The underlying device is no longer used directly but instead wlanX devices are cloned with ifconfig. This requires changes to rc.conf files. For example, change: ifconfig_ath0="WPA DHCP" to wlans_ath0=wlan0 ifconfig_wlan0="WPA DHCP" see rc.conf(5) for more details. In addition, mergemaster of /etc/rc.d is highly recommended. Simultaneous update of userland and kernel wouldn't hurt either. As part of the multi-bss changes the wlan_scan_ap and wlan_scan_sta modules were merged into the base wlan module. All references to these modules (e.g. in kernel config files) must be removed. 20080408: psm(4) has gained write(2) support in native operation level. Arbitrary commands can be written to /dev/psm%d and status can be read back from it. Therefore, an application is responsible for status validation and error recovery. It is a no-op in other operation levels. 20080312: Support for KSE threading has been removed from the kernel. To run legacy applications linked against KSE libmap.conf may be used. The following libmap.conf may be used to ensure compatibility with any prior release: libpthread.so.1 libthr.so.1 libpthread.so.2 libthr.so.2 libkse.so.3 libthr.so.3 20080301: The layout of struct vmspace has changed. This affects libkvm and any executables that link against libkvm and use the kvm_getprocs() function. In particular, but not exclusively, it affects ps(1), fstat(1), pkill(1), systat(1), top(1) and w(1). The effects are minimal, but it's advisable to upgrade world nonetheless. 20080229: The latest em driver no longer has support in it for the 82575 adapter, this is now moved to the igb driver. The split was done to make new features that are incompatible with older hardware easier to do. 20080220: The new geom_lvm(4) geom class has been renamed to geom_linux_lvm(4), likewise the kernel option is now GEOM_LINUX_LVM. 20080211: The default NFS mount mode has changed from UDP to TCP for increased reliability. If you rely on (insecurely) NFS mounting across a firewall you may need to update your firewall rules. 20080208: Belatedly note the addition of m_collapse for compacting mbuf chains. 20080126: The fts(3) structures have been changed to use adequate integer types for their members and so to be able to cope with huge file trees. The old fts(3) ABI is preserved through symbol versioning in libc, so third-party binaries using fts(3) should still work, although they will not take advantage of the extended types. At the same time, some third-party software might fail to build after this change due to unportable assumptions made in its source code about fts(3) structure members. Such software should be fixed by its vendor or, in the worst case, in the ports tree. FreeBSD_version 800015 marks this change for the unlikely case that a portable fix is impossible. 20080123: To upgrade to -current after this date, you must be running FreeBSD not older than 6.0-RELEASE. Upgrading to -current from 5.x now requires a stop over at RELENG_6 or RELENG_7 systems. 20071128: The ADAPTIVE_GIANT kernel option has been retired because its functionality is the default now. 20071118: The AT keyboard emulation of sunkbd(4) has been turned on by default. In order to make the special symbols of the Sun keyboards driven by sunkbd(4) work under X these now have to be configured the same way as Sun USB keyboards driven by ukbd(4) (which also does AT keyboard emulation), f.e.: Option "XkbLayout" "us" Option "XkbRules" "xorg" Option "XkbSymbols" "pc(pc105)+sun_vndr/usb(sun_usb)+us" 20071024: It has been decided that it is desirable to provide ABI backwards compatibility to the FreeBSD 4/5/6 versions of the PCIOCGETCONF, PCIOCREAD and PCIOCWRITE IOCTLs, which was broken with the introduction of PCI domain support (see the 20070930 entry). Unfortunately, this required the ABI of PCIOCGETCONF to be broken again in order to be able to provide backwards compatibility to the old version of that IOCTL. Thus consumers of PCIOCGETCONF have to be recompiled again. As for prominent ports this affects neither pciutils nor xorg-server this time, the hal port needs to be rebuilt however. 20071020: The misnamed kthread_create() and friends have been renamed to kproc_create() etc. Many of the callers already used kproc_start().. I will return kthread_create() and friends in a while with implementations that actually create threads, not procs. Renaming corresponds with version 800002. 20071010: RELENG_7 branched. 20071009: Setting WITHOUT_LIBPTHREAD now means WITHOUT_LIBKSE and WITHOUT_LIBTHR are set. 20070930: The PCI code has been made aware of PCI domains. This means that the location strings as used by pciconf(8) etc are now in the following format: pci::[:]. It also means that consumers of potentially need to be recompiled; this includes the hal and xorg-server ports. 20070928: The caching daemon (cached) was renamed to nscd. nscd.conf configuration file should be used instead of cached.conf and nscd_enable, nscd_pidfile and nscd_flags options should be used instead of cached_enable, cached_pidfile and cached_flags in rc.conf. 20070921: The getfacl(1) utility now prints owning user and group name instead of owning uid and gid in the three line comment header. This is the same behavior as getfacl(1) on Solaris and Linux. 20070704: The new IPsec code is now compiled in using the IPSEC option. The IPSEC option now requires "device crypto" be defined in your kernel configuration. The FAST_IPSEC kernel option is now deprecated. 20070702: The packet filter (pf) code has been updated to OpenBSD 4.1 Please note the changed syntax - keep state is now on by default. Also note the fact that ftp-proxy(8) has been changed from bottom up and has been moved from libexec to usr/sbin. Changes in the ALTQ handling also affect users of IPFW's ALTQ capabilities. 20070701: Remove KAME IPsec in favor of FAST_IPSEC, which is now the only IPsec supported by FreeBSD. The new IPsec stack supports both IPv4 and IPv6. The kernel option will change after the code changes have settled in. For now the kernel option IPSEC is deprecated and FAST_IPSEC is the only option, that will change after some settling time. 20070701: The wicontrol(8) utility has been removed from the base system. wi(4) cards should be configured using ifconfig(8), see the man page for more information. 20070612: The i386/amd64 GENERIC kernel now defaults to the nfe(4) driver instead of the nve(4) driver. Please update your configuration accordingly. 20070612: By default, /etc/rc.d/sendmail no longer rebuilds the aliases database if it is missing or older than the aliases file. If desired, set the new rc.conf option sendmail_rebuild_aliases to "YES" to restore that functionality. 20070612: The IPv4 multicast socket code has been considerably modified, and moved to the file sys/netinet/in_mcast.c. Initial support for the RFC 3678 Source-Specific Multicast Socket API has been added to the IPv4 network stack. Strict multicast and broadcast reception is now the default for UDP/IPv4 sockets; the net.inet.udp.strict_mcast_mship sysctl variable has now been removed. The RFC 1724 hack for interface selection has been removed; the use of the Linux-derived ip_mreqn structure with IP_MULTICAST_IF has been added to replace it. Consumers such as routed will soon be updated to reflect this. These changes affect users who are running routed(8) or rdisc(8) from the FreeBSD base system on point-to-point or unnumbered interfaces. 20070610: The net80211 layer has changed significantly and all wireless drivers that depend on it need to be recompiled. Further these changes require that any program that interacts with the wireless support in the kernel be recompiled; this includes: ifconfig, wpa_supplicant, hostapd, and wlanstats. Users must also, for the moment, kldload the wlan_scan_sta and/or wlan_scan_ap modules if they use modules for wireless support. These modules implement scanning support for station and ap modes, respectively. Failure to load the appropriate module before marking a wireless interface up will result in a message to the console and the device not operating properly. 20070610: The pam_nologin(8) module ceases to provide an authentication function and starts providing an account management function. Consequent changes to /etc/pam.d should be brought in using mergemaster(8). Third-party files in /usr/local/etc/pam.d may need manual editing as follows. Locate this line (or similar): auth required pam_nologin.so no_warn and change it according to this example: account required pam_nologin.so no_warn That is, the first word needs to be changed from "auth" to "account". The new line can be moved to the account section within the file for clarity. Not updating pam.conf(5) files will result in nologin(5) ignored by the respective services. 20070529: The ether_ioctl() function has been synchronized with ioctl(2) and ifnet.if_ioctl. Due to that, the size of one of its arguments has changed on 64-bit architectures. All kernel modules using ether_ioctl() need to be rebuilt on such architectures. 20070516: Improved INCLUDE_CONFIG_FILE support has been introduced to the config(8) utility. In order to take advantage of this new functionality, you are expected to recompile and install src/usr.sbin/config. If you don't rebuild config(8), and your kernel configuration depends on INCLUDE_CONFIG_FILE, the kernel build will be broken because of a missing "kernconfstring" symbol. 20070513: Symbol versioning is enabled by default. To disable it, use option WITHOUT_SYMVER. It is not advisable to attempt to disable symbol versioning once it is enabled; your installworld will break because a symbol version-less libc will get installed before the install tools. As a result, the old install tools, which previously had symbol dependencies to FBSD_1.0, will fail because the freshly installed libc will not have them. The default threading library (providing "libpthread") has been changed to libthr. If you wish to have libkse as your default, use option DEFAULT_THREAD_LIB=libkse for the buildworld. 20070423: The ABI breakage in sendmail(8)'s libmilter has been repaired so it is no longer necessary to recompile mail filters (aka, milters). If you recompiled mail filters after the 20070408 note, it is not necessary to recompile them again. 20070417: The new trunk(4) driver has been renamed to lagg(4) as it better reflects its purpose. ifconfig will need to be recompiled. 20070408: sendmail(8) has been updated to version 8.14.1. Mail filters (aka, milters) compiled against the libmilter included in the base operating system should be recompiled. 20070302: Firmwares for ipw(4) and iwi(4) are now included in the base tree. In order to use them one must agree to the respective LICENSE in share/doc/legal and define legal.intel_.license_ack=1 via loader.conf(5) or kenv(1). Make sure to deinstall the now deprecated modules from the respective firmware ports. 20070228: The name resolution/mapping functions addr2ascii(3) and ascii2addr(3) were removed from FreeBSD's libc. These originally came from INRIA IPv6. Nothing in FreeBSD ever used them. They may be regarded as deprecated in previous releases. The AF_LINK support for getnameinfo(3) was merged from NetBSD to replace it as a more portable (and re-entrant) API. 20070224: To support interrupt filtering a modification to the newbus API has occurred, ABI was broken and __FreeBSD_version was bumped to 700031. Please make sure that your kernel and modules are in sync. For more info: http://docs.freebsd.org/cgi/mid.cgi?20070221233124.GA13941 20070224: The IPv6 multicast forwarding code may now be loaded into GENERIC kernels by loading the ip_mroute.ko module. This is built into the module unless WITHOUT_INET6 or WITHOUT_INET6_SUPPORT options are set; see src.conf(5) for more information. 20070214: The output of netstat -r has changed. Without -n, we now only print a "network name" without the prefix length if the network address and mask exactly match a Class A/B/C network, and an entry exists in the nsswitch "networks" map. With -n, we print the full unabbreviated CIDR network prefix in the form "a.b.c.d/p". 0.0.0.0/0 is always printed as "default". This change is in preparation for changes such as equal-cost multipath, and to more generally assist operational deployment of FreeBSD as a modern IPv4 router. 20070210: PIM has been turned on by default in the IPv4 multicast routing code. The kernel option 'PIM' has now been removed. PIM is now built by default if option 'MROUTING' is specified. It may now be loaded into GENERIC kernels by loading the ip_mroute.ko module. 20070207: Support for IPIP tunnels (VIFF_TUNNEL) in IPv4 multicast routing has been removed. Its functionality may be achieved by explicitly configuring gif(4) interfaces and using the 'phyint' keyword in mrouted.conf. XORP does not support source-routed IPv4 multicast tunnels nor the integrated IPIP tunneling, therefore it is not affected by this change. The __FreeBSD_version macro has been bumped to 700030. 20061221: Support for PCI Message Signalled Interrupts has been re-enabled in the bge driver, only for those chips which are believed to support it properly. If there are any problems, MSI can be disabled completely by setting the 'hw.pci.enable_msi' and 'hw.pci.enable_msix' tunables to 0 in the loader. 20061214: Support for PCI Message Signalled Interrupts has been disabled again in the bge driver. Many revisions of the hardware fail to support it properly. Support can be re-enabled by removing the #define of BGE_DISABLE_MSI in "src/sys/dev/bge/if_bge.c". 20061214: Support for PCI Message Signalled Interrupts has been added to the bge driver. If there are any problems, MSI can be disabled completely by setting the 'hw.pci.enable_msi' and 'hw.pci.enable_msix' tunables to 0 in the loader. 20061205: The removal of several facets of the experimental Threading system from the kernel means that the proc and thread structures have changed quite a bit. I suggest all kernel modules that might reference these structures be recompiled.. Especially the linux module. 20061126: Sound infrastructure has been updated with various fixes and improvements. Most of the changes are pretty much transparent, with exceptions of followings: 1) All sound driver specific sysctls (hw.snd.pcm%d.*) have been moved to their own dev sysctl nodes, for example: hw.snd.pcm0.vchans -> dev.pcm.0.vchans 2) /dev/dspr%d.%d has been deprecated. Each channel now has its own chardev in the form of "dsp%d.%d", where is p = playback, r = record and v = virtual, respectively. Users are encouraged to use these devs instead of (old) "/dev/dsp%d.%d". This does not affect those who are using "/dev/dsp". 20061122: geom(4)'s gmirror(8) class metadata structure has been rev'd from v3 to v4. If you update across this point and your metadata is converted for you, you will not be easily able to downgrade since the /boot/kernel.old/geom_mirror.ko kernel module will be unable to read the v4 metadata. You can resolve this by doing from the loader(8) prompt: set vfs.root.mountfrom="ufs:/dev/XXX" where XXX is the root slice of one of the disks that composed the mirror (i.e.: /dev/ad0s1a). You can then rebuild the array the same way you built it originally. 20061122: The following binaries have been disconnected from the build: mount_devfs, mount_ext2fs, mount_fdescfs, mount_procfs, mount_linprocfs, and mount_std. The functionality of these programs has been moved into the mount program. For example, to mount a devfs filesystem, instead of using mount_devfs, use: "mount -t devfs". This does not affect entries in /etc/fstab, since entries in /etc/fstab are always processed with "mount -t fstype". 20061113: Support for PCI Message Signalled Interrupts on i386 and amd64 has been added to the kernel and various drivers will soon be updated to use MSI when it is available. If there are any problems, MSI can be disabled completely by setting the 'hw.pci.enable_msi' and 'hw.pci.enable_msix' tunables to 0 in the loader. 20061110: The MUTEX_PROFILING option has been renamed to LOCK_PROFILING. The lockmgr object layout has been changed as a result of having a lock_object embedded in it. As a consequence all file system kernel modules must be re-compiled. The mutex profiling man page has not yet been updated to reflect this change. 20061026: KSE in the kernel has now been made optional and turned on by default. Use 'nooption KSE' in your kernel config to turn it off. All kernel modules *must* be recompiled after this change. There-after, modules from a KSE kernel should be compatible with modules from a NOKSE kernel due to the temporary padding fields added to 'struct proc'. 20060929: mrouted and its utilities have been removed from the base system. 20060927: Some ioctl(2) command codes have changed. Full backward ABI compatibility is provided if the "options COMPAT_FREEBSD6" is present in the kernel configuration file. Make sure to add this option to your kernel config file, or recompile X.Org and the rest of ports; otherwise they may refuse to work. 20060924: tcpslice has been removed from the base system. 20060913: The sizes of struct tcpcb (and struct xtcpcb) have changed due to the rewrite of TCP syncookies. Tools like netstat, sockstat, and systat needs to be rebuilt. 20060903: libpcap updated to v0.9.4 and tcpdump to v3.9.4 20060816: The IPFIREWALL_FORWARD_EXTENDED option is gone and the behaviour for IPFIREWALL_FORWARD is now as it was before when it was first committed and for years after. The behaviour is now ON. 20060725: enigma(1)/crypt(1) utility has been changed on 64 bit architectures. Now it can decrypt files created from different architectures. Unfortunately, it is no longer able to decrypt a cipher text generated with an older version on 64 bit architectures. If you have such a file, you need old utility to decrypt it. 20060709: The interface version of the i4b kernel part has changed. So after updating the kernel sources and compiling a new kernel, the i4b user space tools in "/usr/src/usr.sbin/i4b" must also be rebuilt, and vice versa. 20060627: The XBOX kernel now defaults to the nfe(4) driver instead of the nve(4) driver. Please update your configuration accordingly. 20060514: The i386-only lnc(4) driver for the AMD Am7900 LANCE and Am79C9xx PCnet family of NICs has been removed. The new le(4) driver serves as an equivalent but cross-platform replacement with the pcn(4) driver still providing performance-optimized support for the subset of AMD Am79C971 PCnet-FAST and greater chips as before. 20060511: The machdep.* sysctls and the adjkerntz utility have been modified a bit. The new adjkerntz utility uses the new sysctl names and sysctlbyname() calls, so it may be impossible to run an old /sbin/adjkerntz utility in single-user mode with a new kernel. Replace the `adjkerntz -i' step before `make installworld' with: /usr/obj/usr/src/sbin/adjkerntz/adjkerntz -i and proceed as usual with the rest of the installworld-stage steps. Otherwise, you risk installing binaries with their timestamp set several hours in the future, especially if you are running with local time set to GMT+X hours. 20060412: The ip6fw utility has been removed. The behavior provided by ip6fw has been in ipfw2 for a good while and the rc.d scripts have been updated to deal with it. There are some rules that might not migrate cleanly. Use rc.firewall6 as a template to rewrite rules. 20060428: The puc(4) driver has been overhauled. The ebus(4) and sbus(4) attachments have been removed. Make sure to configure scc(4) on sparc64. Note also that by default puc(4) will use uart(4) and not sio(4) for serial ports because interrupt handling has been optimized for multi-port serial cards and only uart(4) implements the interface to support it. 20060330: The scc(4) driver replaces puc(4) for Serial Communications Controllers (SCCs) like the Siemens SAB82532 and the Zilog Z8530. On sparc64, it is advised to add scc(4) to the kernel configuration to make sure that the serial ports remain functional. 20060317: Most world/kernel related NO_* build options changed names. New knobs have common prefixes WITHOUT_*/WITH_* (modelled after FreeBSD ports) and should be set in /etc/src.conf (the src.conf(5) manpage is provided). Full backwards compatibility is maintained for the time being though it's highly recommended to start moving old options out of the system-wide /etc/make.conf file into the new /etc/src.conf while also properly renaming them. More conversions will likely follow. Posting to current@: http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html 20060305: The NETSMBCRYPTO kernel option has been retired because its functionality is always included in NETSMB and smbfs.ko now. 20060303: The TDFX_LINUX kernel option was retired and replaced by the tdfx_linux device. The latter can be loaded as the 3dfx_linux.ko kernel module. Loading it alone should suffice to get 3dfx support for Linux apps because it will pull in 3dfx.ko and linux.ko through its dependencies. 20060204: The 'audit' group was added to support the new auditing functionality in the base system. Be sure to follow the directions for updating, including the requirement to run mergemaster -p. 20060201: The kernel ABI to file system modules was changed on i386. Please make sure that your kernel and modules are in sync. 20060118: This actually occured some time ago, but installing the kernel now also installs a bunch of symbol files for the kernel modules. This increases the size of /boot/kernel to about 67Mbytes. You will need twice this if you will eventually back this up to kernel.old on your next install. If you have a shortage of room in your root partition, you should add -DINSTALL_NODEBUG to your make arguments or add INSTALL_NODEBUG="yes" to your /etc/make.conf. 20060113: libc's malloc implementation has been replaced. This change has the potential to uncover application bugs that previously went unnoticed. See the malloc(3) manual page for more details. 20060112: The generic netgraph(4) cookie has been changed. If you upgrade kernel passing this point, you also need to upgrade userland and netgraph(4) utilities like ports/net/mpd or ports/net/mpd4. 20060106: si(4)'s device files now contain the unit number. Uses of {cua,tty}A[0-9a-f] should be replaced by {cua,tty}A0[0-9a-f]. 20060106: The kernel ABI was mostly destroyed due to a change in the size of struct lock_object which is nested in other structures such as mutexes which are nested in all sorts of other structures. Make sure your kernel and modules are in sync. 20051231: The page coloring algorithm in the VM subsystem was converted from tuning with kernel options to autotuning. Please remove any PQ_* option except PQ_NOOPT from your kernel config. 20051211: The net80211-related tools in the tools/tools/ath directory have been moved to tools/tools/net80211 and renamed with a "wlan" prefix. Scripts that use them should be adjusted accordingly. 20051202: Scripts in the local_startup directories (as defined in /etc/defaults/rc.conf) that have the new rc.d semantics will now be run as part of the base system rcorder. If there are errors or problems with one of these local scripts, it could cause boot problems. If you encounter such problems, boot in single user mode, remove that script from the */rc.d directory. Please report the problem to the port's maintainer, and the freebsd-ports@freebsd.org mailing list. 20051129: The nodev mount option was deprecated in RELENG_6 (where it was a no-op), and is now unsupported. If you have nodev or dev listed in /etc/fstab, remove it, otherwise it will result in a mount error. 20051129: ABI between ipfw(4) and ipfw(8) has been changed. You need to rebuild ipfw(8) when rebuilding kernel. 20051108: rp(4)'s device files now contain the unit number. Uses of {cua,tty}R[0-9a-f] should be replaced by {cua,tty}R0[0-9a-f]. 20051029: /etc/rc.d/ppp-user has been renamed to /etc/rc.d/ppp. Its /etc/rc.conf.d configuration file has been `ppp' from the beginning, and hence there is no need to touch it. 20051014: Now most modules get their build-time options from the kernel configuration file. A few modules still have fixed options due to their non-conformant implementation, but they will be corrected eventually. You may need to review the options of the modules in use, explicitly specify the non-default options in the kernel configuration file, and rebuild the kernel and modules afterwards. 20051001: kern.polling.enable sysctl MIB is now deprecated. Use ifconfig(8) to turn polling(4) on your interfaces. 20050927: The old bridge(4) implementation was retired. The new if_bridge(4) serves as a full functional replacement. 20050722: The ai_addrlen of a struct addrinfo was changed to a socklen_t to conform to POSIX-2001. This change broke an ABI compatibility on 64 bit architecture. You have to recompile userland programs that use getaddrinfo(3) on 64 bit architecture. 20050711: RELENG_6 branched here. 20050629: The pccard_ifconfig rc.conf variable has been removed and a new variable, ifconfig_DEFAULT has been introduced. Unlike pccard_ifconfig, ifconfig_DEFAULT applies to ALL interfaces that do not have ifconfig_ifn entries rather than just those in removable_interfaces. 20050616: Some previous versions of PAM have permitted the use of non-absolute paths in /etc/pam.conf or /etc/pam.d/* when referring to third party PAM modules in /usr/local/lib. A change has been made to require the use of absolute paths in order to avoid ambiguity and dependence on library path configuration, which may affect existing configurations. 20050610: Major changes to network interface API. All drivers must be recompiled. Drivers not in the base system will need to be updated to the new APIs. 20050609: Changes were made to kinfo_proc in sys/user.h. Please recompile userland, or commands like `fstat', `pkill', `ps', `top' and `w' will not behave correctly. The API and ABI for hwpmc(4) have changed with the addition of sampling support. Please recompile lib/libpmc(3) and usr.sbin/{pmcstat,pmccontrol}. 20050606: The OpenBSD dhclient was imported in place of the ISC dhclient and the network interface configuration scripts were updated accordingly. If you use DHCP to configure your interfaces, you must now run devd. Also, DNS updating was lost so you will need to find a workaround if you use this feature. The '_dhcp' user was added to support the OpenBSD dhclient. Be sure to run mergemaster -p (like you are supposed to do every time anyway). 20050605: if_bridge was added to the tree. This has changed struct ifnet. Please recompile userland and all network related modules. 20050603: The n_net of a struct netent was changed to an uint32_t, and 1st argument of getnetbyaddr() was changed to an uint32_t, to conform to POSIX-2001. These changes broke an ABI compatibility on 64 bit architecture. With these changes, shlib major of libpcap was bumped. You have to recompile userland programs that use getnetbyaddr(3), getnetbyname(3), getnetent(3) and/or libpcap on 64 bit architecture. 20050528: Kernel parsing of extra options on '#!' first lines of shell scripts has changed. Lines with multiple options likely will fail after this date. For full details, please see http://people.freebsd.org/~gad/Updating-20050528.txt 20050503: The packet filter (pf) code has been updated to OpenBSD 3.7 Please note the changed anchor syntax and the fact that authpf(8) now needs a mounted fdescfs(5) to function. 20050415: The NO_MIXED_MODE kernel option has been removed from the i386 amd64 platforms as its use has been superceded by the new local APIC timer code. Any kernel config files containing this option should be updated. 20050227: The on-disk format of LC_CTYPE files was changed to be machine independent. Please make sure NOT to use NO_CLEAN buildworld when crossing this point. Crossing this point also requires recompile or reinstall of all locale depended packages. 20050225: The ifi_epoch member of struct if_data has been changed to contain the uptime at which the interface was created or the statistics zeroed rather then the wall clock time because wallclock time may go backwards. This should have no impact unless an snmp implementation is using this value (I know of none at this point.) 20050224: The acpi_perf and acpi_throttle drivers are now part of the acpi(4) main module. They are no longer built separately. 20050223: The layout of struct image_params has changed. You have to recompile all compatibility modules (linux, svr4, etc) for use with the new kernel. 20050223: The p4tcc driver has been merged into cpufreq(4). This makes "options CPU_ENABLE_TCC" obsolete. Please load cpufreq.ko or compile in "device cpufreq" to restore this functionality. 20050220: The responsibility of recomputing the file system summary of a SoftUpdates-enabled dirty volume has been transferred to the background fsck. A rebuild of fsck(8) utility is recommended if you have updated the kernel. To get the old behavior (recompute file system summary at mount time), you can set vfs.ffs.compute_summary_at_mount=1 before mounting the new volume. 20050206: The cpufreq import is complete. As part of this, the sysctls for acpi(4) throttling have been removed. The power_profile script has been updated, so you can use performance/economy_cpu_freq in rc.conf(5) to set AC on/offline cpu frequencies. 20050206: NG_VERSION has been increased. Recompiling kernel (or ng_socket.ko) requires recompiling libnetgraph and userland netgraph utilities. 20050114: Support for abbreviated forms of a number of ipfw options is now deprecated. Warnings are printed to stderr indicating the correct full form when a match occurs. Some abbreviations may be supported at a later date based on user feedback. To be considered for support, abbreviations must be in use prior to this commit and unlikely to be confused with current key words. 20041221: By a popular demand, a lot of NOFOO options were renamed to NO_FOO (see bsd.compat.mk for a full list). The old spellings are still supported, but will cause annoying warnings on stderr. Make sure you upgrade properly (see the COMMON ITEMS: section later in this file). 20041219: Auto-loading of ancillary wlan modules such as wlan_wep has been temporarily disabled; you need to statically configure the modules you need into your kernel or explicitly load them prior to use. Specifically, if you intend to use WEP encryption with an 802.11 device load/configure wlan_wep; if you want to use WPA with the ath driver load/configure wlan_tkip, wlan_ccmp, and wlan_xauth as required. 20041213: The behaviour of ppp(8) has changed slightly. If lqr is enabled (``enable lqr''), older versions would revert to LCP ECHO mode on negotiation failure. Now, ``enable echo'' is required for this behaviour. The ppp version number has been bumped to 3.4.2 to reflect the change. 20041201: The wlan support has been updated to split the crypto support into separate modules. For static WEP you must configure the wlan_wep module in your system or build and install the module in place where it can be loaded (the kernel will auto-load the module when a wep key is configured). 20041201: The ath driver has been updated to split the tx rate control algorithm into a separate module. You need to include either ath_rate_onoe or ath_rate_amrr when configuring the kernel. 20041116: Support for systems with an 80386 CPU has been removed. Please use FreeBSD 5.x or earlier on systems with an 80386. 20041110: We have had a hack which would mount the root filesystem R/W if the device were named 'md*'. As part of the vnode work I'm doing I have had to remove this hack. People building systems which use preloaded MD root filesystems may need to insert a "/sbin/mount -u -o rw /dev/md0 /" in their /etc/rc scripts. 20041104: FreeBSD 5.3 shipped here. 20041102: The size of struct tcpcb has changed again due to the removal of RFC1644 T/TCP. You have to recompile userland programs that read kmem for tcp sockets directly (netstat, sockstat, etc.) 20041022: The size of struct tcpcb has changed. You have to recompile userland programs that read kmem for tcp sockets directly (netstat, sockstat, etc.) 20041016: RELENG_5 branched here. For older entries, please see updating in the RELENG_5 branch. COMMON ITEMS: General Notes ------------- Avoid using make -j when upgrading. From time to time in the past there have been problems using -j with buildworld and/or installworld. This is especially true when upgrading between "distant" versions (eg one that cross a major release boundary or several minor releases, or when several months have passed on the -current branch). Sometimes, obscure build problems are the result of environment poisoning. This can happen because the make utility reads its environment when searching for values for global variables. To run your build attempts in an "environmental clean room", prefix all make commands with 'env -i '. See the env(1) manual page for more details. When upgrading from one major version to another it is generally best to upgrade to the latest code in the currently installed branch first, then do an upgrade to the new branch. This is the best-tested upgrade path, and has the highest probability of being successful. Please try this approach before reporting problems with a major version upgrade. ZFS notes --------- When upgrading the boot ZFS pool to a new version, always follow these two steps: 1.) recompile and reinstall the ZFS boot loader and boot block (this is part of "make buildworld" and "make installworld") 2.) update the ZFS boot block on your boot drive The following example updates the ZFS boot block on the first partition (freebsd-boot) of a GPT partitioned drive ad0: "gpart bootcode -p /boot/gptzfsboot -i 1 ad0" Non-boot pools do not need these updates. To build a kernel ----------------- If you are updating from a prior version of FreeBSD (even one just a few days old), you should follow this procedure. It is the most failsafe as it uses a /usr/obj tree with a fresh mini-buildworld, make kernel-toolchain make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE To test a kernel once --------------------- If you just want to boot a kernel once (because you are not sure if it works, or if you want to boot a known bad kernel to provide debugging information) run make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel nextboot -k testkernel To just build a kernel when you know that it won't mess you up -------------------------------------------------------------- This assumes you are already running a 5.X system. Replace ${arch} with the architecture of your machine (e.g. "i386", "alpha", "amd64", "ia64", "pc98", "sparc64", etc). cd src/sys/${arch}/conf config KERNEL_NAME_HERE cd ../compile/KERNEL_NAME_HERE make depend make make install If this fails, go to the "To build a kernel" section. To rebuild everything and install it on the current system. ----------------------------------------------------------- # Note: sometimes if you are running current you gotta do more than # is listed here if you are upgrading from a really old current. make buildworld make kernel KERNCONF=YOUR_KERNEL_HERE [1] [3] mergemaster -p [5] make installworld mergemaster [4] make delete-old [6] To cross-install current onto a separate partition -------------------------------------------------- # In this approach we use a separate partition to hold # current's root, 'usr', and 'var' directories. A partition # holding "/", "/usr" and "/var" should be about 2GB in # size. make buildworld make buildkernel KERNCONF=YOUR_KERNEL_HERE make installworld DESTDIR=${CURRENT_ROOT} make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT} cp /etc/fstab ${CURRENT_ROOT}/etc/fstab # if newfs'd To upgrade in-place from 5.x-stable to current ---------------------------------------------- make buildworld [9] make kernel KERNCONF=YOUR_KERNEL_HERE [8] [1] [3] mergemaster -p [5] make installworld mergemaster -i [4] make delete-old [6] Make sure that you've read the UPDATING file to understand the tweaks to various things you need. At this point in the life cycle of current, things change often and you are on your own to cope. The defaults can also change, so please read ALL of the UPDATING entries. Also, if you are tracking -current, you must be subscribed to freebsd-current@freebsd.org. Make sure that before you update your sources that you have read and understood all the recent messages there. If in doubt, please track -stable which has much fewer pitfalls. [1] If you have third party modules, such as vmware, you should disable them at this point so they don't crash your system on reboot. [3] From the bootblocks, boot -s, and then do fsck -p mount -u / mount -a cd src adjkerntz -i # if CMOS is wall time Also, when doing a major release upgrade, it is required that you boot into single user mode to do the installworld. [4] Note: This step is non-optional. Failure to do this step can result in a significant reduction in the functionality of the system. Attempting to do it by hand is not recommended and those that pursue this avenue should read this file carefully, as well as the archives of freebsd-current and freebsd-hackers mailing lists for potential gotchas. [5] Usually this step is a noop. However, from time to time you may need to do this if you get unknown user in the following step. It never hurts to do it all the time. You may need to install a new mergemaster (cd src/usr.sbin/mergemaster && make install) after the buildworld before this step if you last updated from current before 20020224 or from -stable before 20020408. [6] This only deletes old files and directories. Old libraries can be deleted by "make delete-old-libs", but you have to make sure that no program is using those libraries anymore. [8] In order to have a kernel that can run the 4.x binaries needed to do an installworld, you must include the COMPAT_FREEBSD4 option in your kernel. Failure to do so may leave you with a system that is hard to boot to recover. A similar kernel option COMPAT_FREEBSD5 is required to run the 5.x binaries on more recent kernels. Make sure that you merge any new devices from GENERIC since the last time you updated your kernel config file. [9] When checking out sources, you must include the -P flag to have cvs prune empty directories. If CPUTYPE is defined in your /etc/make.conf, make sure to use the "?=" instead of the "=" assignment operator, so that buildworld can override the CPUTYPE if it needs to. MAKEOBJDIRPREFIX must be defined in an environment variable, and not on the command line, or in /etc/make.conf. buildworld will warn if it is improperly defined. FORMAT: This file contains a list, in reverse chronological order, of major breakages in tracking -current. It is not guaranteed to be a complete list of such breakages, and only contains entries since October 16, 2004. If you need to see UPDATING entries from before that date, you will need to fetch an UPDATING file from an older FreeBSD release. Copyright information: Copyright 1998-2005 M. Warner Losh. All Rights Reserved. Redistribution, publication, translation and use, with or without modification, in full or in part, in any form or format of this document are permitted without further permission from the author. THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. If you find this document useful, and you want to, you may buy the author a beer. Contact Warner Losh if you have any questions about your use of this document. $FreeBSD$ Index: releng/8.4/crypto/openssl/apps/s_cb.c =================================================================== --- releng/8.4/crypto/openssl/apps/s_cb.c (revision 273415) +++ releng/8.4/crypto/openssl/apps/s_cb.c (revision 273416) @@ -1,739 +1,757 @@ /* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* ==================================================================== * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ #include #include #define USE_SOCKETS #define NON_MAIN #include "apps.h" #undef NON_MAIN #undef USE_SOCKETS #include #include #include #include #include "s_apps.h" #define COOKIE_SECRET_LENGTH 16 int verify_depth=0; int verify_error=X509_V_OK; unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; int cookie_initialized=0; int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) { char buf[256]; X509 *err_cert; int err,depth; err_cert=X509_STORE_CTX_get_current_cert(ctx); err= X509_STORE_CTX_get_error(ctx); depth= X509_STORE_CTX_get_error_depth(ctx); X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf); BIO_printf(bio_err,"depth=%d %s\n",depth,buf); if (!ok) { BIO_printf(bio_err,"verify error:num=%d:%s\n",err, X509_verify_cert_error_string(err)); if (verify_depth >= depth) { ok=1; verify_error=X509_V_OK; } else { ok=0; verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG; } } switch (ctx->error) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf); BIO_printf(bio_err,"issuer= %s\n",buf); break; case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: BIO_printf(bio_err,"notBefore="); ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); BIO_printf(bio_err,"\n"); break; case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: BIO_printf(bio_err,"notAfter="); ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); BIO_printf(bio_err,"\n"); break; } BIO_printf(bio_err,"verify return:%d\n",ok); return(ok); } int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) { if (cert_file != NULL) { /* SSL *ssl; X509 *x509; */ if (SSL_CTX_use_certificate_file(ctx,cert_file, SSL_FILETYPE_PEM) <= 0) { BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file); ERR_print_errors(bio_err); return(0); } if (key_file == NULL) key_file=cert_file; if (SSL_CTX_use_PrivateKey_file(ctx,key_file, SSL_FILETYPE_PEM) <= 0) { BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file); ERR_print_errors(bio_err); return(0); } /* In theory this is no longer needed ssl=SSL_new(ctx); x509=SSL_get_certificate(ssl); if (x509 != NULL) { EVP_PKEY *pktmp; pktmp = X509_get_pubkey(x509); EVP_PKEY_copy_parameters(pktmp, SSL_get_privatekey(ssl)); EVP_PKEY_free(pktmp); } SSL_free(ssl); */ /* If we are using DSA, we can copy the parameters from * the private key */ /* Now we know that a key and cert have been set against * the SSL context */ if (!SSL_CTX_check_private_key(ctx)) { BIO_printf(bio_err,"Private key does not match the certificate public key\n"); return(0); } } return(1); } int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key) { if (cert == NULL) return 1; if (SSL_CTX_use_certificate(ctx,cert) <= 0) { BIO_printf(bio_err,"error setting certificate\n"); ERR_print_errors(bio_err); return 0; } if (SSL_CTX_use_PrivateKey(ctx,key) <= 0) { BIO_printf(bio_err,"error setting private key\n"); ERR_print_errors(bio_err); return 0; } /* Now we know that a key and cert have been set against * the SSL context */ if (!SSL_CTX_check_private_key(ctx)) { BIO_printf(bio_err,"Private key does not match the certificate public key\n"); return 0; } return 1; } long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret) { BIO *out; out=(BIO *)BIO_get_callback_arg(bio); if (out == NULL) return(ret); if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) { BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n", (void *)bio,argp,argi,ret,ret); BIO_dump(out,argp,(int)ret); return(ret); } else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) { BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n", (void *)bio,argp,argi,ret,ret); BIO_dump(out,argp,(int)ret); } return(ret); } void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret) { const char *str; int w; w=where& ~SSL_ST_MASK; if (w & SSL_ST_CONNECT) str="SSL_connect"; else if (w & SSL_ST_ACCEPT) str="SSL_accept"; else str="undefined"; if (where & SSL_CB_LOOP) { BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s)); } else if (where & SSL_CB_ALERT) { str=(where & SSL_CB_READ)?"read":"write"; BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n", str, SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret)); } else if (where & SSL_CB_EXIT) { if (ret == 0) BIO_printf(bio_err,"%s:failed in %s\n", str,SSL_state_string_long(s)); else if (ret < 0) { BIO_printf(bio_err,"%s:error in %s\n", str,SSL_state_string_long(s)); } } } void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) { BIO *bio = arg; const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= ""; str_write_p = write_p ? ">>>" : "<<<"; switch (version) { case SSL2_VERSION: str_version = "SSL 2.0"; break; case SSL3_VERSION: str_version = "SSL 3.0 "; break; case TLS1_VERSION: str_version = "TLS 1.0 "; break; default: str_version = "???"; case DTLS1_VERSION: str_version = "DTLS 1.0 "; break; case DTLS1_BAD_VER: str_version = "DTLS 1.0 (bad) "; break; } if (version == SSL2_VERSION) { str_details1 = "???"; if (len > 0) { switch (((const unsigned char*)buf)[0]) { case 0: str_details1 = ", ERROR:"; str_details2 = " ???"; if (len >= 3) { unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2]; switch (err) { case 0x0001: str_details2 = " NO-CIPHER-ERROR"; break; case 0x0002: str_details2 = " NO-CERTIFICATE-ERROR"; break; case 0x0004: str_details2 = " BAD-CERTIFICATE-ERROR"; break; case 0x0006: str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR"; break; } } break; case 1: str_details1 = ", CLIENT-HELLO"; break; case 2: str_details1 = ", CLIENT-MASTER-KEY"; break; case 3: str_details1 = ", CLIENT-FINISHED"; break; case 4: str_details1 = ", SERVER-HELLO"; break; case 5: str_details1 = ", SERVER-VERIFY"; break; case 6: str_details1 = ", SERVER-FINISHED"; break; case 7: str_details1 = ", REQUEST-CERTIFICATE"; break; case 8: str_details1 = ", CLIENT-CERTIFICATE"; break; } } } if (version == SSL3_VERSION || version == TLS1_VERSION || version == DTLS1_VERSION || version == DTLS1_BAD_VER) { switch (content_type) { case 20: str_content_type = "ChangeCipherSpec"; break; case 21: str_content_type = "Alert"; break; case 22: str_content_type = "Handshake"; break; } if (content_type == 21) /* Alert */ { str_details1 = ", ???"; if (len == 2) { switch (((const unsigned char*)buf)[0]) { case 1: str_details1 = ", warning"; break; case 2: str_details1 = ", fatal"; break; } str_details2 = " ???"; switch (((const unsigned char*)buf)[1]) { case 0: str_details2 = " close_notify"; break; case 10: str_details2 = " unexpected_message"; break; case 20: str_details2 = " bad_record_mac"; break; case 21: str_details2 = " decryption_failed"; break; case 22: str_details2 = " record_overflow"; break; case 30: str_details2 = " decompression_failure"; break; case 40: str_details2 = " handshake_failure"; break; case 42: str_details2 = " bad_certificate"; break; case 43: str_details2 = " unsupported_certificate"; break; case 44: str_details2 = " certificate_revoked"; break; case 45: str_details2 = " certificate_expired"; break; case 46: str_details2 = " certificate_unknown"; break; case 47: str_details2 = " illegal_parameter"; break; case 48: str_details2 = " unknown_ca"; break; case 49: str_details2 = " access_denied"; break; case 50: str_details2 = " decode_error"; break; case 51: str_details2 = " decrypt_error"; break; case 60: str_details2 = " export_restriction"; break; case 70: str_details2 = " protocol_version"; break; case 71: str_details2 = " insufficient_security"; break; case 80: str_details2 = " internal_error"; break; case 90: str_details2 = " user_canceled"; break; case 100: str_details2 = " no_renegotiation"; break; + case 110: + str_details2 = " unsupported_extension"; + break; + case 111: + str_details2 = " certificate_unobtainable"; + break; + case 112: + str_details2 = " unrecognized_name"; + break; + case 113: + str_details2 = " bad_certificate_status_response"; + break; + case 114: + str_details2 = " bad_certificate_hash_value"; + break; + case 115: + str_details2 = " unknown_psk_identity"; + break; } } } if (content_type == 22) /* Handshake */ { str_details1 = "???"; if (len > 0) { switch (((const unsigned char*)buf)[0]) { case 0: str_details1 = ", HelloRequest"; break; case 1: str_details1 = ", ClientHello"; break; case 2: str_details1 = ", ServerHello"; break; case 11: str_details1 = ", Certificate"; break; case 12: str_details1 = ", ServerKeyExchange"; break; case 13: str_details1 = ", CertificateRequest"; break; case 14: str_details1 = ", ServerHelloDone"; break; case 15: str_details1 = ", CertificateVerify"; break; case 3: str_details1 = ", HelloVerifyRequest"; break; case 16: str_details1 = ", ClientKeyExchange"; break; case 20: str_details1 = ", Finished"; break; } } } } BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2); if (len > 0) { size_t num, i; BIO_printf(bio, " "); num = len; #if 0 if (num > 16) num = 16; #endif for (i = 0; i < num; i++) { if (i % 16 == 0 && i > 0) BIO_printf(bio, "\n "); BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]); } if (i < len) BIO_printf(bio, " ..."); BIO_printf(bio, "\n"); } (void)BIO_flush(bio); } void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, unsigned char *data, int len, void *arg) { BIO *bio = arg; char *extname; switch(type) { case TLSEXT_TYPE_server_name: extname = "server name"; break; case TLSEXT_TYPE_max_fragment_length: extname = "max fragment length"; break; case TLSEXT_TYPE_client_certificate_url: extname = "client certificate URL"; break; case TLSEXT_TYPE_trusted_ca_keys: extname = "trusted CA keys"; break; case TLSEXT_TYPE_truncated_hmac: extname = "truncated HMAC"; break; case TLSEXT_TYPE_status_request: extname = "status request"; break; case TLSEXT_TYPE_elliptic_curves: extname = "elliptic curves"; break; case TLSEXT_TYPE_ec_point_formats: extname = "EC point formats"; break; case TLSEXT_TYPE_session_ticket: extname = "server ticket"; break; case TLSEXT_TYPE_renegotiate: extname = "renegotiate"; break; default: extname = "unknown"; break; } BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", client_server ? "server": "client", extname, type, len); BIO_dump(bio, (char *)data, len); (void)BIO_flush(bio); } int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) { unsigned char *buffer, result[EVP_MAX_MD_SIZE]; unsigned int length, resultlength; struct sockaddr_in peer; /* Initialize a random secret */ if (!cookie_initialized) { if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) { BIO_printf(bio_err,"error setting random cookie secret\n"); return 0; } cookie_initialized = 1; } /* Read peer information */ (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); /* Create buffer with peer's address and port */ length = sizeof(peer.sin_addr); length += sizeof(peer.sin_port); buffer = OPENSSL_malloc(length); if (buffer == NULL) { BIO_printf(bio_err,"out of memory\n"); return 0; } memcpy(buffer, &peer.sin_addr, sizeof(peer.sin_addr)); memcpy(buffer + sizeof(peer.sin_addr), &peer.sin_port, sizeof(peer.sin_port)); /* Calculate HMAC of buffer using the secret */ HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, buffer, length, result, &resultlength); OPENSSL_free(buffer); memcpy(cookie, result, resultlength); *cookie_len = resultlength; return 1; } int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len) { unsigned char *buffer, result[EVP_MAX_MD_SIZE]; unsigned int length, resultlength; struct sockaddr_in peer; /* If secret isn't initialized yet, the cookie can't be valid */ if (!cookie_initialized) return 0; /* Read peer information */ (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); /* Create buffer with peer's address and port */ length = sizeof(peer.sin_addr); length += sizeof(peer.sin_port); buffer = (unsigned char*) OPENSSL_malloc(length); if (buffer == NULL) { BIO_printf(bio_err,"out of memory\n"); return 0; } memcpy(buffer, &peer.sin_addr, sizeof(peer.sin_addr)); memcpy(buffer + sizeof(peer.sin_addr), &peer.sin_port, sizeof(peer.sin_port)); /* Calculate HMAC of buffer using the secret */ HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, buffer, length, result, &resultlength); OPENSSL_free(buffer); if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0) return 1; return 0; } Index: releng/8.4/crypto/openssl/apps/s_client.c =================================================================== --- releng/8.4/crypto/openssl/apps/s_client.c (revision 273415) +++ releng/8.4/crypto/openssl/apps/s_client.c (revision 273416) @@ -1,1574 +1,1584 @@ /* apps/s_client.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* ==================================================================== * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ #include #include #include #include #include #ifdef OPENSSL_NO_STDIO #define APPS_WIN16 #endif /* With IPv6, it looks like Digital has mixed up the proper order of recursive header file inclusion, resulting in the compiler complaining that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is needed to have fileno() declared correctly... So let's define u_int */ #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) #define __U_INT typedef unsigned int u_int; #endif #define USE_SOCKETS #include "apps.h" #include #include #include #include #include #include #include "s_apps.h" #include "timeouts.h" #ifdef OPENSSL_SYS_WINCE /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */ #ifdef fileno #undef fileno #endif #define fileno(a) (int)_fileno(a) #endif #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ #undef FIONBIO #endif #undef PROG #define PROG s_client_main /*#define SSL_HOST_NAME "www.netscape.com" */ /*#define SSL_HOST_NAME "193.118.187.102" */ #define SSL_HOST_NAME "localhost" /*#define TEST_CERT "client.pem" */ /* no default cert. */ #undef BUFSIZZ #define BUFSIZZ 1024*8 extern int verify_depth; extern int verify_error; #ifdef FIONBIO static int c_nbio=0; #endif static int c_Pause=0; static int c_debug=0; #ifndef OPENSSL_NO_TLSEXT static int c_tlsextdebug=0; static int c_status_req=0; #endif static int c_msg=0; static int c_showcerts=0; static void sc_usage(void); static void print_stuff(BIO *berr,SSL *con,int full); #ifndef OPENSSL_NO_TLSEXT static int ocsp_resp_cb(SSL *s, void *arg); #endif static BIO *bio_c_out=NULL; static int c_quiet=0; static int c_ign_eof=0; static void sc_usage(void) { BIO_printf(bio_err,"usage: s_client args\n"); BIO_printf(bio_err,"\n"); BIO_printf(bio_err," -host host - use -connect instead\n"); BIO_printf(bio_err," -port port - use -connect instead\n"); BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); BIO_printf(bio_err," -verify depth - turn on peer certificate verification\n"); BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n"); BIO_printf(bio_err," not specified but cert file is.\n"); BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default\n"); BIO_printf(bio_err," -pass arg - private key file pass phrase source\n"); BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n"); BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); BIO_printf(bio_err," -showcerts - show all certificates in the chain\n"); BIO_printf(bio_err," -debug - extra output\n"); #ifdef WATT32 BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n"); #endif BIO_printf(bio_err," -msg - Show protocol messages\n"); BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n"); BIO_printf(bio_err," -state - print the 'ssl' states\n"); #ifdef FIONBIO BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); #endif BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); BIO_printf(bio_err," -quiet - no s_client output\n"); BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n"); BIO_printf(bio_err," -no_ign_eof - don't ignore input eof\n"); BIO_printf(bio_err," -ssl2 - just use SSLv2\n"); BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); BIO_printf(bio_err," -tls1 - just use TLSv1\n"); BIO_printf(bio_err," -dtls1 - just use DTLSv1\n"); + BIO_printf(bio_err," -fallback_scsv - send TLS_FALLBACK_SCSV\n"); BIO_printf(bio_err," -mtu - set the link layer MTU\n"); BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n"); BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); BIO_printf(bio_err," command to see what is available\n"); BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n"); BIO_printf(bio_err," for those protocols that support it, where\n"); BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n"); BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); BIO_printf(bio_err," are supported.\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); #endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n"); BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n"); #ifndef OPENSSL_NO_TLSEXT BIO_printf(bio_err," -servername host - Set TLS extension servername in ClientHello\n"); BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); BIO_printf(bio_err," -status - request certificate status from server\n"); BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); #endif BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); } #ifndef OPENSSL_NO_TLSEXT /* This is a context that we pass to callbacks */ typedef struct tlsextctx_st { BIO * biodebug; int ack; } tlsextctx; static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) { tlsextctx * p = (tlsextctx *) arg; const char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); if (SSL_get_servername_type(s) != -1) p->ack = !SSL_session_reused(s) && hn != NULL; else BIO_printf(bio_err,"Can't use SSL_get_servername\n"); return SSL_TLSEXT_ERR_OK; } #endif enum { PROTO_OFF = 0, PROTO_SMTP, PROTO_POP3, PROTO_IMAP, PROTO_FTP, PROTO_XMPP }; int MAIN(int, char **); int MAIN(int argc, char **argv) { int off=0, clr = 0; SSL *con=NULL,*con2=NULL; X509_STORE *store = NULL; int s,k,width,state=0; char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; int cbuf_len,cbuf_off; int sbuf_len,sbuf_off; fd_set readfds,writefds; short port=PORT; int full_log=1; char *host=SSL_HOST_NAME; char *cert_file=NULL,*key_file=NULL; int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; char *passarg = NULL, *pass = NULL; X509 *cert = NULL; EVP_PKEY *key = NULL; char *CApath=NULL,*CAfile=NULL,*cipher=NULL; int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0; int crlf=0; int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; SSL_CTX *ctx=NULL; int ret=1,in_init=1,i,nbio_test=0; int starttls_proto = PROTO_OFF; int prexit = 0, vflags = 0; SSL_METHOD *meth=NULL; #ifdef sock_type #undef sock_type #endif int sock_type=SOCK_STREAM; BIO *sbio; char *inrand=NULL; int mbuf_len=0; struct timeval timeout, *timeoutp; #ifndef OPENSSL_NO_ENGINE char *engine_id=NULL; char *ssl_client_engine_id=NULL; ENGINE *ssl_client_engine=NULL; #endif ENGINE *e=NULL; #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) struct timeval tv; #endif #ifndef OPENSSL_NO_TLSEXT char *servername = NULL; tlsextctx tlsextcbp = {NULL,0}; #endif char *sess_in = NULL; char *sess_out = NULL; struct sockaddr peer; int peerlen = sizeof(peer); + int fallback_scsv = 0; int enable_timeouts = 0 ; long socket_mtu = 0; #ifndef OPENSSL_NO_JPAKE char *jpake_secret = NULL; #endif meth=SSLv23_client_method(); apps_startup(); c_Pause=0; c_quiet=0; c_ign_eof=0; c_debug=0; c_msg=0; c_showcerts=0; if (bio_err == NULL) bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); if (!load_config(bio_err, NULL)) goto end; if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) || ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) || ((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL)) { BIO_printf(bio_err,"out of memory\n"); goto end; } verify_depth=0; verify_error=X509_V_OK; #ifdef FIONBIO c_nbio=0; #endif argc--; argv++; while (argc >= 1) { if (strcmp(*argv,"-host") == 0) { if (--argc < 1) goto bad; host= *(++argv); } else if (strcmp(*argv,"-port") == 0) { if (--argc < 1) goto bad; port=atoi(*(++argv)); if (port == 0) goto bad; } else if (strcmp(*argv,"-connect") == 0) { if (--argc < 1) goto bad; if (!extract_host_port(*(++argv),&host,NULL,&port)) goto bad; } else if (strcmp(*argv,"-verify") == 0) { verify=SSL_VERIFY_PEER; if (--argc < 1) goto bad; verify_depth=atoi(*(++argv)); BIO_printf(bio_err,"verify depth is %d\n",verify_depth); } else if (strcmp(*argv,"-cert") == 0) { if (--argc < 1) goto bad; cert_file= *(++argv); } else if (strcmp(*argv,"-sess_out") == 0) { if (--argc < 1) goto bad; sess_out = *(++argv); } else if (strcmp(*argv,"-sess_in") == 0) { if (--argc < 1) goto bad; sess_in = *(++argv); } else if (strcmp(*argv,"-certform") == 0) { if (--argc < 1) goto bad; cert_format = str2fmt(*(++argv)); } else if (strcmp(*argv,"-crl_check") == 0) vflags |= X509_V_FLAG_CRL_CHECK; else if (strcmp(*argv,"-crl_check_all") == 0) vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; else if (strcmp(*argv,"-prexit") == 0) prexit=1; else if (strcmp(*argv,"-crlf") == 0) crlf=1; else if (strcmp(*argv,"-quiet") == 0) { c_quiet=1; c_ign_eof=1; } else if (strcmp(*argv,"-ign_eof") == 0) c_ign_eof=1; else if (strcmp(*argv,"-no_ign_eof") == 0) c_ign_eof=0; else if (strcmp(*argv,"-pause") == 0) c_Pause=1; else if (strcmp(*argv,"-debug") == 0) c_debug=1; #ifndef OPENSSL_NO_TLSEXT else if (strcmp(*argv,"-tlsextdebug") == 0) c_tlsextdebug=1; else if (strcmp(*argv,"-status") == 0) c_status_req=1; #endif #ifdef WATT32 else if (strcmp(*argv,"-wdebug") == 0) dbug_init(); #endif else if (strcmp(*argv,"-msg") == 0) c_msg=1; else if (strcmp(*argv,"-showcerts") == 0) c_showcerts=1; else if (strcmp(*argv,"-nbio_test") == 0) nbio_test=1; else if (strcmp(*argv,"-state") == 0) state=1; #ifndef OPENSSL_NO_SSL2 else if (strcmp(*argv,"-ssl2") == 0) meth=SSLv2_client_method(); #endif #ifndef OPENSSL_NO_SSL3 else if (strcmp(*argv,"-ssl3") == 0) meth=SSLv3_client_method(); #endif #ifndef OPENSSL_NO_TLS1 else if (strcmp(*argv,"-tls1") == 0) meth=TLSv1_client_method(); #endif #ifndef OPENSSL_NO_DTLS1 else if (strcmp(*argv,"-dtls1") == 0) { meth=DTLSv1_client_method(); sock_type=SOCK_DGRAM; } else if (strcmp(*argv,"-timeout") == 0) enable_timeouts=1; else if (strcmp(*argv,"-mtu") == 0) { if (--argc < 1) goto bad; socket_mtu = atol(*(++argv)); } #endif + else if (strcmp(*argv,"-fallback_scsv") == 0) + { + fallback_scsv = 1; + } else if (strcmp(*argv,"-bugs") == 0) bugs=1; else if (strcmp(*argv,"-keyform") == 0) { if (--argc < 1) goto bad; key_format = str2fmt(*(++argv)); } else if (strcmp(*argv,"-pass") == 0) { if (--argc < 1) goto bad; passarg = *(++argv); } else if (strcmp(*argv,"-key") == 0) { if (--argc < 1) goto bad; key_file= *(++argv); } else if (strcmp(*argv,"-reconnect") == 0) { reconnect=5; } else if (strcmp(*argv,"-CApath") == 0) { if (--argc < 1) goto bad; CApath= *(++argv); } else if (strcmp(*argv,"-CAfile") == 0) { if (--argc < 1) goto bad; CAfile= *(++argv); } else if (strcmp(*argv,"-no_tls1") == 0) off|=SSL_OP_NO_TLSv1; else if (strcmp(*argv,"-no_ssl3") == 0) off|=SSL_OP_NO_SSLv3; else if (strcmp(*argv,"-no_ssl2") == 0) off|=SSL_OP_NO_SSLv2; #ifndef OPENSSL_NO_TLSEXT else if (strcmp(*argv,"-no_ticket") == 0) { off|=SSL_OP_NO_TICKET; } #endif else if (strcmp(*argv,"-serverpref") == 0) off|=SSL_OP_CIPHER_SERVER_PREFERENCE; else if (strcmp(*argv,"-legacy_renegotiation") == 0) off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; else if (strcmp(*argv,"-legacy_server_connect") == 0) { off|=SSL_OP_LEGACY_SERVER_CONNECT; } else if (strcmp(*argv,"-no_legacy_server_connect") == 0) { clr|=SSL_OP_LEGACY_SERVER_CONNECT; } else if (strcmp(*argv,"-cipher") == 0) { if (--argc < 1) goto bad; cipher= *(++argv); } #ifdef FIONBIO else if (strcmp(*argv,"-nbio") == 0) { c_nbio=1; } #endif else if (strcmp(*argv,"-starttls") == 0) { if (--argc < 1) goto bad; ++argv; if (strcmp(*argv,"smtp") == 0) starttls_proto = PROTO_SMTP; else if (strcmp(*argv,"pop3") == 0) starttls_proto = PROTO_POP3; else if (strcmp(*argv,"imap") == 0) starttls_proto = PROTO_IMAP; else if (strcmp(*argv,"ftp") == 0) starttls_proto = PROTO_FTP; else if (strcmp(*argv, "xmpp") == 0) starttls_proto = PROTO_XMPP; else goto bad; } #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine_id = *(++argv); } else if (strcmp(*argv,"-ssl_client_engine") == 0) { if (--argc < 1) goto bad; ssl_client_engine_id = *(++argv); } #endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; inrand= *(++argv); } #ifndef OPENSSL_NO_TLSEXT else if (strcmp(*argv,"-servername") == 0) { if (--argc < 1) goto bad; servername= *(++argv); /* meth=TLSv1_client_method(); */ } #endif #ifndef OPENSSL_NO_JPAKE else if (strcmp(*argv,"-jpake") == 0) { if (--argc < 1) goto bad; jpake_secret = *++argv; } #endif else { BIO_printf(bio_err,"unknown option %s\n",*argv); badop=1; break; } argc--; argv++; } if (badop) { bad: sc_usage(); goto end; } OpenSSL_add_ssl_algorithms(); SSL_load_error_strings(); #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine_id, 1); if (ssl_client_engine_id) { ssl_client_engine = ENGINE_by_id(ssl_client_engine_id); if (!ssl_client_engine) { BIO_printf(bio_err, "Error getting client auth engine\n"); goto end; } } #endif if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } if (key_file == NULL) key_file = cert_file; if (key_file) { key = load_key(bio_err, key_file, key_format, 0, pass, e, "client certificate private key file"); if (!key) { ERR_print_errors(bio_err); goto end; } } if (cert_file) { cert = load_cert(bio_err,cert_file,cert_format, NULL, e, "client certificate file"); if (!cert) { ERR_print_errors(bio_err); goto end; } } if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) { BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); } if (inrand != NULL) BIO_printf(bio_err,"%ld semi-random bytes loaded\n", app_RAND_load_files(inrand)); if (bio_c_out == NULL) { if (c_quiet && !c_debug && !c_msg) { bio_c_out=BIO_new(BIO_s_null()); } else { if (bio_c_out == NULL) bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE); } } ctx=SSL_CTX_new(meth); if (ctx == NULL) { ERR_print_errors(bio_err); goto end; } #ifndef OPENSSL_NO_ENGINE if (ssl_client_engine) { if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) { BIO_puts(bio_err, "Error setting client auth engine\n"); ERR_print_errors(bio_err); ENGINE_free(ssl_client_engine); goto end; } ENGINE_free(ssl_client_engine); } #endif if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL|off); else SSL_CTX_set_options(ctx,off); if (clr) SSL_CTX_clear_options(ctx, clr); /* DTLS: partial reads end up discarding unread UDP bytes :-( * Setting read ahead solves this problem. */ if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); if (cipher != NULL) if(!SSL_CTX_set_cipher_list(ctx,cipher)) { BIO_printf(bio_err,"error setting cipher list\n"); ERR_print_errors(bio_err); goto end; } #if 0 else SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER")); #endif SSL_CTX_set_verify(ctx,verify,verify_callback); if (!set_cert_key_stuff(ctx,cert,key)) goto end; if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || (!SSL_CTX_set_default_verify_paths(ctx))) { /* BIO_printf(bio_err,"error setting default verify locations\n"); */ ERR_print_errors(bio_err); /* goto end; */ } store = SSL_CTX_get_cert_store(ctx); X509_STORE_set_flags(store, vflags); #ifndef OPENSSL_NO_TLSEXT if (servername != NULL) { tlsextcbp.biodebug = bio_err; SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); } #endif con=SSL_new(ctx); if (sess_in) { SSL_SESSION *sess; BIO *stmp = BIO_new_file(sess_in, "r"); if (!stmp) { BIO_printf(bio_err, "Can't open session file %s\n", sess_in); ERR_print_errors(bio_err); goto end; } sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL); BIO_free(stmp); if (!sess) { BIO_printf(bio_err, "Can't open session file %s\n", sess_in); ERR_print_errors(bio_err); goto end; } SSL_set_session(con, sess); SSL_SESSION_free(sess); } + + if (fallback_scsv) + SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV); + #ifndef OPENSSL_NO_TLSEXT if (servername != NULL) { if (!SSL_set_tlsext_host_name(con,servername)) { BIO_printf(bio_err,"Unable to set TLS servername extension.\n"); ERR_print_errors(bio_err); goto end; } } #endif #ifndef OPENSSL_NO_KRB5 if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL) { kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host); } #endif /* OPENSSL_NO_KRB5 */ /* SSL_set_cipher_list(con,"RC4-MD5"); */ re_start: if (init_client(&s,host,port,sock_type) == 0) { BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); SHUTDOWN(s); goto end; } BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s); #ifdef FIONBIO if (c_nbio) { unsigned long l=1; BIO_printf(bio_c_out,"turning on non blocking io\n"); if (BIO_socket_ioctl(s,FIONBIO,&l) < 0) { ERR_print_errors(bio_err); goto end; } } #endif if (c_Pause & 0x01) con->debug=1; if ( SSL_version(con) == DTLS1_VERSION) { sbio=BIO_new_dgram(s,BIO_NOCLOSE); if (getsockname(s, &peer, (void *)&peerlen) < 0) { BIO_printf(bio_err, "getsockname:errno=%d\n", get_last_socket_error()); SHUTDOWN(s); goto end; } (void)BIO_ctrl_set_connected(sbio, 1, &peer); if ( enable_timeouts) { timeout.tv_sec = 0; timeout.tv_usec = DGRAM_RCV_TIMEOUT; BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); timeout.tv_sec = 0; timeout.tv_usec = DGRAM_SND_TIMEOUT; BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); } if (socket_mtu > 28) { SSL_set_options(con, SSL_OP_NO_QUERY_MTU); SSL_set_mtu(con, socket_mtu - 28); } else /* want to do MTU discovery */ BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); } else sbio=BIO_new_socket(s,BIO_NOCLOSE); if (nbio_test) { BIO *test; test=BIO_new(BIO_f_nbio_test()); sbio=BIO_push(test,sbio); } if (c_debug) { con->debug=1; BIO_set_callback(sbio,bio_dump_callback); BIO_set_callback_arg(sbio,(char *)bio_c_out); } if (c_msg) { SSL_set_msg_callback(con, msg_cb); SSL_set_msg_callback_arg(con, bio_c_out); } #ifndef OPENSSL_NO_TLSEXT if (c_tlsextdebug) { SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_c_out); } if (c_status_req) { SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); #if 0 { STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null(); OCSP_RESPID *id = OCSP_RESPID_new(); id->value.byKey = ASN1_OCTET_STRING_new(); id->type = V_OCSP_RESPID_KEY; ASN1_STRING_set(id->value.byKey, "Hello World", -1); sk_OCSP_RESPID_push(ids, id); SSL_set_tlsext_status_ids(con, ids); } #endif } #endif #ifndef OPENSSL_NO_JPAKE if (jpake_secret) jpake_client_auth(bio_c_out, sbio, jpake_secret); #endif SSL_set_bio(con,sbio,sbio); SSL_set_connect_state(con); /* ok, lets connect */ width=SSL_get_fd(con)+1; read_tty=1; write_tty=0; tty_on=0; read_ssl=1; write_ssl=1; cbuf_len=0; cbuf_off=0; sbuf_len=0; sbuf_off=0; /* This is an ugly hack that does a lot of assumptions */ /* We do have to handle multi-line responses which may come in a single packet or not. We therefore have to use BIO_gets() which does need a buffering BIO. So during the initial chitchat we do push a buffering BIO into the chain that is removed again later on to not disturb the rest of the s_client operation. */ if (starttls_proto == PROTO_SMTP) { int foundit=0; BIO *fbio = BIO_new(BIO_f_buffer()); BIO_push(fbio, sbio); /* wait for multi-line response to end from SMTP */ do { mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ); } while (mbuf_len>3 && mbuf[3]=='-'); /* STARTTLS command requires EHLO... */ BIO_printf(fbio,"EHLO openssl.client.net\r\n"); (void)BIO_flush(fbio); /* wait for multi-line response to end EHLO SMTP response */ do { mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ); if (strstr(mbuf,"STARTTLS")) foundit=1; } while (mbuf_len>3 && mbuf[3]=='-'); (void)BIO_flush(fbio); BIO_pop(fbio); BIO_free(fbio); if (!foundit) BIO_printf(bio_err, "didn't found starttls in server response," " try anyway...\n"); BIO_printf(sbio,"STARTTLS\r\n"); BIO_read(sbio,sbuf,BUFSIZZ); } else if (starttls_proto == PROTO_POP3) { BIO_read(sbio,mbuf,BUFSIZZ); BIO_printf(sbio,"STLS\r\n"); BIO_read(sbio,sbuf,BUFSIZZ); } else if (starttls_proto == PROTO_IMAP) { int foundit=0; BIO *fbio = BIO_new(BIO_f_buffer()); BIO_push(fbio, sbio); BIO_gets(fbio,mbuf,BUFSIZZ); /* STARTTLS command requires CAPABILITY... */ BIO_printf(fbio,". CAPABILITY\r\n"); (void)BIO_flush(fbio); /* wait for multi-line CAPABILITY response */ do { mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ); if (strstr(mbuf,"STARTTLS")) foundit=1; } while (mbuf_len>3 && mbuf[0]!='.'); (void)BIO_flush(fbio); BIO_pop(fbio); BIO_free(fbio); if (!foundit) BIO_printf(bio_err, "didn't found STARTTLS in server response," " try anyway...\n"); BIO_printf(sbio,". STARTTLS\r\n"); BIO_read(sbio,sbuf,BUFSIZZ); } else if (starttls_proto == PROTO_FTP) { BIO *fbio = BIO_new(BIO_f_buffer()); BIO_push(fbio, sbio); /* wait for multi-line response to end from FTP */ do { mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ); } while (mbuf_len>3 && mbuf[3]=='-'); (void)BIO_flush(fbio); BIO_pop(fbio); BIO_free(fbio); BIO_printf(sbio,"AUTH TLS\r\n"); BIO_read(sbio,sbuf,BUFSIZZ); } if (starttls_proto == PROTO_XMPP) { int seen = 0; BIO_printf(sbio,"", host); seen = BIO_read(sbio,mbuf,BUFSIZZ); mbuf[seen] = 0; while (!strstr(mbuf, "")) goto shut; seen = BIO_read(sbio,mbuf,BUFSIZZ); mbuf[seen] = 0; } BIO_printf(sbio, ""); seen = BIO_read(sbio,sbuf,BUFSIZZ); sbuf[seen] = 0; if (!strstr(sbuf, " 0) full_log--; if (starttls_proto) { BIO_printf(bio_err,"%s",mbuf); /* We don't need to know any more */ starttls_proto = PROTO_OFF; } if (reconnect) { reconnect--; BIO_printf(bio_c_out,"drop connection and then reconnect\n"); SSL_shutdown(con); SSL_set_connect_state(con); SHUTDOWN(SSL_get_fd(con)); goto re_start; } } } ssl_pending = read_ssl && SSL_pending(con); if (!ssl_pending) { #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) if (tty_on) { if (read_tty) FD_SET(fileno(stdin),&readfds); if (write_tty) FD_SET(fileno(stdout),&writefds); } if (read_ssl) FD_SET(SSL_get_fd(con),&readfds); if (write_ssl) FD_SET(SSL_get_fd(con),&writefds); #else if(!tty_on || !write_tty) { if (read_ssl) FD_SET(SSL_get_fd(con),&readfds); if (write_ssl) FD_SET(SSL_get_fd(con),&writefds); } #endif /* printf("mode tty(%d %d%d) ssl(%d%d)\n", tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ /* Note: under VMS with SOCKETSHR the second parameter * is currently of type (int *) whereas under other * systems it is (void *) if you don't have a cast it * will choke the compiler: if you do have a cast then * you can either go for (int *) or (void *). */ #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) /* Under Windows/DOS we make the assumption that we can * always write to the tty: therefore if we need to * write to the tty we just fall through. Otherwise * we timeout the select every second and see if there * are any keypresses. Note: this is a hack, in a proper * Windows application we wouldn't do this. */ i=0; if(!write_tty) { if(read_tty) { tv.tv_sec = 1; tv.tv_usec = 0; i=select(width,(void *)&readfds,(void *)&writefds, NULL,&tv); #if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) if(!i && (!_kbhit() || !read_tty) ) continue; #else if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue; #endif } else i=select(width,(void *)&readfds,(void *)&writefds, NULL,timeoutp); } #elif defined(OPENSSL_SYS_NETWARE) if(!write_tty) { if(read_tty) { tv.tv_sec = 1; tv.tv_usec = 0; i=select(width,(void *)&readfds,(void *)&writefds, NULL,&tv); } else i=select(width,(void *)&readfds,(void *)&writefds, NULL,timeoutp); } #else i=select(width,(void *)&readfds,(void *)&writefds, NULL,timeoutp); #endif if ( i < 0) { BIO_printf(bio_err,"bad select %d\n", get_last_socket_error()); goto shut; /* goto end; */ } } if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0) { BIO_printf(bio_err,"TIMEOUT occured\n"); } if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds)) { k=SSL_write(con,&(cbuf[cbuf_off]), (unsigned int)cbuf_len); switch (SSL_get_error(con,k)) { case SSL_ERROR_NONE: cbuf_off+=k; cbuf_len-=k; if (k <= 0) goto end; /* we have done a write(con,NULL,0); */ if (cbuf_len <= 0) { read_tty=1; write_ssl=0; } else /* if (cbuf_len > 0) */ { read_tty=0; write_ssl=1; } break; case SSL_ERROR_WANT_WRITE: BIO_printf(bio_c_out,"write W BLOCK\n"); write_ssl=1; read_tty=0; break; case SSL_ERROR_WANT_READ: BIO_printf(bio_c_out,"write R BLOCK\n"); write_tty=0; read_ssl=1; write_ssl=0; break; case SSL_ERROR_WANT_X509_LOOKUP: BIO_printf(bio_c_out,"write X BLOCK\n"); break; case SSL_ERROR_ZERO_RETURN: if (cbuf_len != 0) { BIO_printf(bio_c_out,"shutdown\n"); goto shut; } else { read_tty=1; write_ssl=0; break; } case SSL_ERROR_SYSCALL: if ((k != 0) || (cbuf_len != 0)) { BIO_printf(bio_err,"write:errno=%d\n", get_last_socket_error()); goto shut; } else { read_tty=1; write_ssl=0; } break; case SSL_ERROR_SSL: ERR_print_errors(bio_err); goto shut; } } #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) /* Assume Windows/DOS can always write */ else if (!ssl_pending && write_tty) #else else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds)) #endif { #ifdef CHARSET_EBCDIC ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len); #endif i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len); if (i <= 0) { BIO_printf(bio_c_out,"DONE\n"); goto shut; /* goto end; */ } sbuf_len-=i;; sbuf_off+=i; if (sbuf_len <= 0) { read_ssl=1; write_tty=0; } } else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds)) { #ifdef RENEG { static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } } #endif #if 1 k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ ); #else /* Demo for pending and peek :-) */ k=SSL_read(con,sbuf,16); { char zbuf[10240]; printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240)); } #endif switch (SSL_get_error(con,k)) { case SSL_ERROR_NONE: if (k <= 0) goto end; sbuf_off=0; sbuf_len=k; read_ssl=0; write_tty=1; break; case SSL_ERROR_WANT_WRITE: BIO_printf(bio_c_out,"read W BLOCK\n"); write_ssl=1; read_tty=0; break; case SSL_ERROR_WANT_READ: BIO_printf(bio_c_out,"read R BLOCK\n"); write_tty=0; read_ssl=1; if ((read_tty == 0) && (write_ssl == 0)) write_ssl=1; break; case SSL_ERROR_WANT_X509_LOOKUP: BIO_printf(bio_c_out,"read X BLOCK\n"); break; case SSL_ERROR_SYSCALL: BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error()); goto shut; case SSL_ERROR_ZERO_RETURN: BIO_printf(bio_c_out,"closed\n"); goto shut; case SSL_ERROR_SSL: ERR_print_errors(bio_err); goto shut; /* break; */ } } #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) #if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) else if (_kbhit()) #else else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) #endif #elif defined (OPENSSL_SYS_NETWARE) else if (_kbhit()) #else else if (FD_ISSET(fileno(stdin),&readfds)) #endif { if (crlf) { int j, lf_num; i=read(fileno(stdin),cbuf,BUFSIZZ/2); lf_num = 0; /* both loops are skipped when i <= 0 */ for (j = 0; j < i; j++) if (cbuf[j] == '\n') lf_num++; for (j = i-1; j >= 0; j--) { cbuf[j+lf_num] = cbuf[j]; if (cbuf[j] == '\n') { lf_num--; i++; cbuf[j+lf_num] = '\r'; } } assert(lf_num == 0); } else i=read(fileno(stdin),cbuf,BUFSIZZ); if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) { BIO_printf(bio_err,"DONE\n"); goto shut; } if ((!c_ign_eof) && (cbuf[0] == 'R')) { BIO_printf(bio_err,"RENEGOTIATING\n"); SSL_renegotiate(con); cbuf_len=0; } else { cbuf_len=i; cbuf_off=0; #ifdef CHARSET_EBCDIC ebcdic2ascii(cbuf, cbuf, i); #endif } write_ssl=1; read_tty=0; } } shut: SSL_shutdown(con); SHUTDOWN(SSL_get_fd(con)); ret=0; end: if(prexit) print_stuff(bio_c_out,con,1); if (con != NULL) SSL_free(con); if (con2 != NULL) SSL_free(con2); if (ctx != NULL) SSL_CTX_free(ctx); if (cert) X509_free(cert); if (key) EVP_PKEY_free(key); if (pass) OPENSSL_free(pass); if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); } if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); } if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); } if (bio_c_out != NULL) { BIO_free(bio_c_out); bio_c_out=NULL; } apps_shutdown(); OPENSSL_EXIT(ret); } static void print_stuff(BIO *bio, SSL *s, int full) { X509 *peer=NULL; char *p; static const char *space=" "; char buf[BUFSIZ]; STACK_OF(X509) *sk; STACK_OF(X509_NAME) *sk2; SSL_CIPHER *c; X509_NAME *xn; int j,i; #ifndef OPENSSL_NO_COMP const COMP_METHOD *comp, *expansion; #endif if (full) { int got_a_chain = 0; sk=SSL_get_peer_cert_chain(s); if (sk != NULL) { got_a_chain = 1; /* we don't have it for SSL2 (yet) */ BIO_printf(bio,"---\nCertificate chain\n"); for (i=0; i 0)) { BIO_printf(bio,"---\nAcceptable client certificate CA names\n"); for (i=0; ihit)?"---\nReused, ":"---\nNew, ")); c=SSL_get_current_cipher(s); BIO_printf(bio,"%s, Cipher is %s\n", SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c)); if (peer != NULL) { EVP_PKEY *pktmp; pktmp = X509_get_pubkey(peer); BIO_printf(bio,"Server public key is %d bit\n", EVP_PKEY_bits(pktmp)); EVP_PKEY_free(pktmp); } BIO_printf(bio, "Secure Renegotiation IS%s supported\n", SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); #ifndef OPENSSL_NO_COMP comp=SSL_get_current_compression(s); expansion=SSL_get_current_expansion(s); BIO_printf(bio,"Compression: %s\n", comp ? SSL_COMP_get_name(comp) : "NONE"); BIO_printf(bio,"Expansion: %s\n", expansion ? SSL_COMP_get_name(expansion) : "NONE"); #endif SSL_SESSION_print(bio,SSL_get_session(s)); BIO_printf(bio,"---\n"); if (peer != NULL) X509_free(peer); /* flush, or debugging output gets mixed with http response */ (void)BIO_flush(bio); } #ifndef OPENSSL_NO_TLSEXT static int ocsp_resp_cb(SSL *s, void *arg) { const unsigned char *p; int len; OCSP_RESPONSE *rsp; len = SSL_get_tlsext_status_ocsp_resp(s, &p); BIO_puts(arg, "OCSP response: "); if (!p) { BIO_puts(arg, "no response sent\n"); return 1; } rsp = d2i_OCSP_RESPONSE(NULL, &p, len); if (!rsp) { BIO_puts(arg, "response parse error\n"); BIO_dump_indent(arg, (char *)p, len, 4); return 0; } BIO_puts(arg, "\n======================================\n"); OCSP_RESPONSE_print(arg, rsp, 0); BIO_puts(arg, "======================================\n"); OCSP_RESPONSE_free(rsp); return 1; } #endif /* ndef OPENSSL_NO_TLSEXT */ Index: releng/8.4/crypto/openssl/crypto/err/openssl.ec =================================================================== --- releng/8.4/crypto/openssl/crypto/err/openssl.ec (revision 273415) +++ releng/8.4/crypto/openssl/crypto/err/openssl.ec (revision 273416) @@ -1,89 +1,95 @@ # crypto/err/openssl.ec # configuration file for util/mkerr.pl # files that may have to be rewritten by util/mkerr.pl L ERR NONE NONE L BN crypto/bn/bn.h crypto/bn/bn_err.c L RSA crypto/rsa/rsa.h crypto/rsa/rsa_err.c L DH crypto/dh/dh.h crypto/dh/dh_err.c L EVP crypto/evp/evp.h crypto/evp/evp_err.c L BUF crypto/buffer/buffer.h crypto/buffer/buf_err.c L OBJ crypto/objects/objects.h crypto/objects/obj_err.c L PEM crypto/pem/pem.h crypto/pem/pem_err.c L DSA crypto/dsa/dsa.h crypto/dsa/dsa_err.c L X509 crypto/x509/x509.h crypto/x509/x509_err.c L ASN1 crypto/asn1/asn1.h crypto/asn1/asn1_err.c L CONF crypto/conf/conf.h crypto/conf/conf_err.c L CRYPTO crypto/crypto.h crypto/cpt_err.c L EC crypto/ec/ec.h crypto/ec/ec_err.c L SSL ssl/ssl.h ssl/ssl_err.c L BIO crypto/bio/bio.h crypto/bio/bio_err.c L PKCS7 crypto/pkcs7/pkcs7.h crypto/pkcs7/pkcs7err.c L X509V3 crypto/x509v3/x509v3.h crypto/x509v3/v3err.c L PKCS12 crypto/pkcs12/pkcs12.h crypto/pkcs12/pk12err.c L RAND crypto/rand/rand.h crypto/rand/rand_err.c L DSO crypto/dso/dso.h crypto/dso/dso_err.c L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c L UI crypto/ui/ui.h crypto/ui/ui_err.c L COMP crypto/comp/comp.h crypto/comp/comp_err.c L ECDSA crypto/ecdsa/ecdsa.h crypto/ecdsa/ecs_err.c L ECDH crypto/ecdh/ecdh.h crypto/ecdh/ech_err.c L STORE crypto/store/store.h crypto/store/str_err.c L FIPS fips/fips.h crypto/fips_err.h L CMS crypto/cms/cms.h crypto/cms/cms_err.c L JPAKE crypto/jpake/jpake.h crypto/jpake/jpake_err.c # additional header files to be scanned for function names L NONE crypto/x509/x509_vfy.h NONE L NONE crypto/ec/ec_lcl.h NONE L NONE crypto/cms/cms_lcl.h NONE F RSAREF_F_RSA_BN2BIN F RSAREF_F_RSA_PRIVATE_DECRYPT F RSAREF_F_RSA_PRIVATE_ENCRYPT F RSAREF_F_RSA_PUBLIC_DECRYPT F RSAREF_F_RSA_PUBLIC_ENCRYPT #F SSL_F_CLIENT_CERTIFICATE R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 R SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 R SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 R SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 R SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 R SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 R SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +R SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 R SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 +R SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 +R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 +R SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 +R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 +R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 R RSAREF_R_CONTENT_ENCODING 0x0400 R RSAREF_R_DATA 0x0401 R RSAREF_R_DIGEST_ALGORITHM 0x0402 R RSAREF_R_ENCODING 0x0403 R RSAREF_R_KEY 0x0404 R RSAREF_R_KEY_ENCODING 0x0405 R RSAREF_R_LEN 0x0406 R RSAREF_R_MODULUS_LEN 0x0407 R RSAREF_R_NEED_RANDOM 0x0408 R RSAREF_R_PRIVATE_KEY 0x0409 R RSAREF_R_PUBLIC_KEY 0x040a R RSAREF_R_SIGNATURE 0x040b R RSAREF_R_SIGNATURE_ENCODING 0x040c R RSAREF_R_ENCRYPTION_ALGORITHM 0x040d Index: releng/8.4/crypto/openssl/doc/apps/s_client.pod =================================================================== --- releng/8.4/crypto/openssl/doc/apps/s_client.pod (revision 273415) +++ releng/8.4/crypto/openssl/doc/apps/s_client.pod (revision 273416) @@ -1,297 +1,301 @@ =pod =head1 NAME s_client - SSL/TLS client program =head1 SYNOPSIS B B [B<-connect host:port>] [B<-verify depth>] [B<-cert filename>] [B<-certform DER|PEM>] [B<-key filename>] [B<-keyform DER|PEM>] [B<-pass arg>] [B<-CApath directory>] [B<-CAfile filename>] [B<-reconnect>] [B<-pause>] [B<-showcerts>] [B<-debug>] [B<-msg>] [B<-nbio_test>] [B<-state>] [B<-nbio>] [B<-crlf>] [B<-ign_eof>] [B<-quiet>] [B<-ssl2>] [B<-ssl3>] [B<-tls1>] [B<-no_ssl2>] [B<-no_ssl3>] [B<-no_tls1>] +[B<-fallback_scsv>] [B<-bugs>] [B<-cipher cipherlist>] [B<-starttls protocol>] [B<-engine id>] [B<-tlsextdebug>] [B<-no_ticket>] [B<-sess_out filename>] [B<-sess_in filename>] [B<-rand file(s)>] =head1 DESCRIPTION The B command implements a generic SSL/TLS client which connects to a remote host using SSL/TLS. It is a I useful diagnostic tool for SSL servers. =head1 OPTIONS =over 4 =item B<-connect host:port> This specifies the host and optional port to connect to. If not specified then an attempt is made to connect to the local host on port 4433. =item B<-cert certname> The certificate to use, if one is requested by the server. The default is not to use a certificate. =item B<-certform format> The certificate format to use: DER or PEM. PEM is the default. =item B<-key keyfile> The private key to use. If not specified then the certificate file will be used. =item B<-keyform format> The private format to use: DER or PEM. PEM is the default. =item B<-pass arg> the private key password source. For more information about the format of B see the B section in L. =item B<-verify depth> The verify depth to use. This specifies the maximum length of the server certificate chain and turns on server certificate verification. Currently the verify operation continues after errors so all the problems with a certificate chain can be seen. As a side effect the connection will never fail due to a server certificate verify failure. =item B<-CApath directory> The directory to use for server certificate verification. This directory must be in "hash format", see B for more information. These are also used when building the client certificate chain. =item B<-CAfile file> A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain. =item B<-reconnect> reconnects to the same server 5 times using the same session ID, this can be used as a test that session caching is working. =item B<-pause> pauses 1 second between each read and write call. =item B<-showcerts> display the whole server certificate chain: normally only the server certificate itself is displayed. =item B<-prexit> print session information when the program exits. This will always attempt to print out information even if the connection fails. Normally information will only be printed out once if the connection succeeds. This option is useful because the cipher in use may be renegotiated or the connection may fail because a client certificate is required or is requested only after an attempt is made to access a certain URL. Note: the output produced by this option is not always accurate because a connection might never have been established. =item B<-state> prints out the SSL session states. =item B<-debug> print extensive debugging information including a hex dump of all traffic. =item B<-msg> show all protocol messages with hex dump. =item B<-nbio_test> tests non-blocking I/O =item B<-nbio> turns on non-blocking I/O =item B<-crlf> this option translated a line feed from the terminal into CR+LF as required by some servers. =item B<-ign_eof> inhibit shutting down the connection when end of file is reached in the input. =item B<-quiet> inhibit printing of session and certificate information. This implicitly turns on B<-ign_eof> as well. =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> these options disable the use of certain SSL or TLS protocols. By default the initial handshake uses a method which should be compatible with all servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. -Unfortunately there are a lot of ancient and broken servers in use which +Unfortunately there are still ancient and broken servers in use which cannot handle this technique and will fail to connect. Some servers only -work if TLS is turned off with the B<-no_tls> option others will only -support SSL v2 and may need the B<-ssl2> option. +work if TLS is turned off. + +=item B<-fallback_scsv> + +Send TLS_FALLBACK_SCSV in the ClientHello. =item B<-bugs> there are several known bug in SSL and TLS implementations. Adding this option enables various workarounds. =item B<-cipher cipherlist> this allows the cipher list sent by the client to be modified. Although the server determines which cipher suite is used it should take the first supported cipher in the list sent by the client. See the B command for more information. =item B<-starttls protocol> send the protocol-specific message(s) to switch to TLS for communication. B is a keyword for the intended protocol. Currently, the only supported keywords are "smtp", "pop3", "imap", and "ftp". =item B<-tlsextdebug> print out a hex dump of any TLS extensions received from the server. Note: this option is only available if extension support is explicitly enabled at compile time =item B<-no_ticket> disable RFC4507bis session ticket support. Note: this option is only available if extension support is explicitly enabled at compile time =item B<-sess_out filename> output SSL session to B =item B<-sess_in sess.pem> load SSL session from B. The client will attempt to resume a connection from this session. =item B<-engine id> specifying an engine (by it's unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. =item B<-rand file(s)> a file or files containing random data used to seed the random number generator, or an EGD socket (see L). Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. =back =head1 CONNECTED COMMANDS If a connection is established with an SSL server then any data received from the server is displayed and any key presses will be sent to the server. When used interactively (which means neither B<-quiet> nor B<-ign_eof> have been given), the session will be renegotiated if the line begins with an B, and if the line begins with a B or if end of file is reached, the connection will be closed down. =head1 NOTES B can be used to debug SSL servers. To connect to an SSL HTTP server the command: openssl s_client -connect servername:443 would typically be used (https uses port 443). If the connection succeeds then an HTTP command can be given such as "GET /" to retrieve a web page. If the handshake fails then there are several possible causes, if it is nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> options can be tried in case it is a buggy server. In particular you should play with these options B submitting a bug report to an OpenSSL mailing list. A frequent problem when attempting to get client certificates working is that a web client complains it has no certificates or gives an empty list to choose from. This is normally because the server is not sending the clients certificate authority in its "acceptable CA list" when it requests a certificate. By using B the CA list can be viewed and checked. However some servers only request client authentication after a specific URL is requested. To obtain the list in this case it is necessary to use the B<-prexit> option and send an HTTP request for an appropriate page. If a certificate is specified on the command line using the B<-cert> option it will not be used unless the server specifically requests a client certificate. Therefor merely including a client certificate on the command line is no guarantee that the certificate works. If there are problems verifying a server certificate then the B<-showcerts> option can be used to show the whole chain. Since the SSLv23 client hello cannot include compression methods or extensions these will only be supported if its use is disabled, for example by using the B<-no_sslv2> option. TLS extensions are only supported in OpenSSL 0.9.8 if they are explictly enabled at compile time using for example the B switch. =head1 BUGS Because this program has a lot of options and also because some of the techniques used are rather old, the C source of s_client is rather hard to read and not a model of how things should be done. A typical SSL client program would be much simpler. The B<-verify> option should really exit if the server verification fails. The B<-prexit> option is a bit of a hack. We should really report information whenever a session is renegotiated. =head1 SEE ALSO L, L, L =cut Index: releng/8.4/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod =================================================================== --- releng/8.4/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod (revision 273415) +++ releng/8.4/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod (revision 273416) @@ -1,81 +1,87 @@ =pod =head1 NAME SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate SSL engine mode =head1 SYNOPSIS #include long SSL_CTX_set_mode(SSL_CTX *ctx, long mode); long SSL_set_mode(SSL *ssl, long mode); long SSL_CTX_get_mode(SSL_CTX *ctx); long SSL_get_mode(SSL *ssl); =head1 DESCRIPTION SSL_CTX_set_mode() adds the mode set via bitmask in B to B. Options already set before are not cleared. SSL_set_mode() adds the mode set via bitmask in B to B. Options already set before are not cleared. SSL_CTX_get_mode() returns the mode set for B. SSL_get_mode() returns the mode set for B. =head1 NOTES The following mode changes are available: =over 4 =item SSL_MODE_ENABLE_PARTIAL_WRITE Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success when just a single record has been written). When not set (the default), SSL_write() will only report success once the complete chunk was written. Once SSL_write() returns with r, r bytes have been successfully written and the next call to SSL_write() must only send the n-r bytes left, imitating the behaviour of write(). =item SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER Make it possible to retry SSL_write() with changed buffer location (the buffer contents must stay the same). This is not the default to avoid the misconception that non-blocking SSL_write() behaves like non-blocking write(). =item SSL_MODE_AUTO_RETRY Never bother the application with retries if the transport is blocking. If a renegotiation take place during normal operation, a L or L would return with -1 and indicate the need to retry with SSL_ERROR_WANT_READ. In a non-blocking environment applications must be prepared to handle incomplete read/write operations. In a blocking environment, applications are not always prepared to deal with read/write operations returning without success report. The flag SSL_MODE_AUTO_RETRY will cause read/write operations to only return after the handshake and successful completion. +=item SSL_MODE_FALLBACK_SCSV + +Send TLS_FALLBACK_SCSV in the ClientHello. +To be set by applications that reconnect with a downgraded protocol +version; see draft-ietf-tls-downgrade-scsv-00 for details. + =back =head1 RETURN VALUES SSL_CTX_set_mode() and SSL_set_mode() return the new mode bitmask after adding B. SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask. =head1 SEE ALSO L, L, L =head1 HISTORY SSL_MODE_AUTO_RETRY as been added in OpenSSL 0.9.6. =cut Index: releng/8.4/crypto/openssl/ssl/d1_lib.c =================================================================== --- releng/8.4/crypto/openssl/ssl/d1_lib.c (revision 273415) +++ releng/8.4/crypto/openssl/ssl/d1_lib.c (revision 273416) @@ -1,504 +1,514 @@ /* ssl/d1_lib.c */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. */ /* ==================================================================== * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@OpenSSL.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ #include #define USE_SOCKETS #include #include "ssl_locl.h" #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) #include #endif static void get_current_time(struct timeval *t); const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT; int dtls1_listen(SSL *s, struct sockaddr *client); SSL3_ENC_METHOD DTLSv1_enc_data={ dtls1_enc, tls1_mac, tls1_setup_key_block, tls1_generate_master_secret, tls1_change_cipher_state, tls1_final_finish_mac, TLS1_FINISH_MAC_LENGTH, tls1_cert_verify_mac, TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, }; long dtls1_default_timeout(void) { /* 2 hours, the 24 hours mentioned in the DTLSv1 spec * is way too long for http, the cache would over fill */ return(60*60*2); } IMPLEMENT_dtls1_meth_func(dtlsv1_base_method, ssl_undefined_function, ssl_undefined_function, ssl_bad_method) int dtls1_new(SSL *s) { DTLS1_STATE *d1; if (!ssl3_new(s)) return(0); if ((d1=OPENSSL_malloc(sizeof *d1)) == NULL) return (0); memset(d1,0, sizeof *d1); /* d1->handshake_epoch=0; */ #if defined(OPENSSL_SYS_VMS) || defined(VMS_TEST) d1->bitmap.length=64; #else d1->bitmap.length=sizeof(d1->bitmap.map) * 8; #endif pq_64bit_init(&(d1->bitmap.map)); pq_64bit_init(&(d1->bitmap.max_seq_num)); d1->next_bitmap.length = d1->bitmap.length; pq_64bit_init(&(d1->next_bitmap.map)); pq_64bit_init(&(d1->next_bitmap.max_seq_num)); d1->unprocessed_rcds.q=pqueue_new(); d1->processed_rcds.q=pqueue_new(); d1->buffered_messages = pqueue_new(); d1->sent_messages=pqueue_new(); d1->buffered_app_data.q=pqueue_new(); if ( s->server) { d1->cookie_len = sizeof(s->d1->cookie); } if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q) { if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q); if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q); if ( d1->buffered_messages) pqueue_free(d1->buffered_messages); if ( d1->sent_messages) pqueue_free(d1->sent_messages); if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q); OPENSSL_free(d1); return (0); } s->d1=d1; s->method->ssl_clear(s); return(1); } static void dtls1_clear_queues(SSL *s) { pitem *item = NULL; hm_fragment *frag = NULL; DTLS1_RECORD_DATA *rdata; while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) { rdata = (DTLS1_RECORD_DATA *) item->data; if (rdata->rbuf.buf) { OPENSSL_free(rdata->rbuf.buf); } OPENSSL_free(item->data); pitem_free(item); } while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) { rdata = (DTLS1_RECORD_DATA *) item->data; if (rdata->rbuf.buf) { OPENSSL_free(rdata->rbuf.buf); } OPENSSL_free(item->data); pitem_free(item); } while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL) { frag = (hm_fragment *)item->data; OPENSSL_free(frag->fragment); OPENSSL_free(frag); pitem_free(item); } while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL) { frag = (hm_fragment *)item->data; OPENSSL_free(frag->fragment); OPENSSL_free(frag); pitem_free(item); } while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) { frag = (hm_fragment *)item->data; OPENSSL_free(frag->fragment); OPENSSL_free(frag); pitem_free(item); } } void dtls1_free(SSL *s) { ssl3_free(s); dtls1_clear_queues(s); pqueue_free(s->d1->unprocessed_rcds.q); pqueue_free(s->d1->processed_rcds.q); pqueue_free(s->d1->buffered_messages); pqueue_free(s->d1->sent_messages); pqueue_free(s->d1->buffered_app_data.q); pq_64bit_free(&(s->d1->bitmap.map)); pq_64bit_free(&(s->d1->bitmap.max_seq_num)); pq_64bit_free(&(s->d1->next_bitmap.map)); pq_64bit_free(&(s->d1->next_bitmap.max_seq_num)); OPENSSL_free(s->d1); } void dtls1_clear(SSL *s) { pqueue unprocessed_rcds; pqueue processed_rcds; pqueue buffered_messages; pqueue sent_messages; pqueue buffered_app_data; unsigned int mtu; if (s->d1) { unprocessed_rcds = s->d1->unprocessed_rcds.q; processed_rcds = s->d1->processed_rcds.q; buffered_messages = s->d1->buffered_messages; sent_messages = s->d1->sent_messages; buffered_app_data = s->d1->buffered_app_data.q; mtu = s->d1->mtu; dtls1_clear_queues(s); pq_64bit_free(&(s->d1->bitmap.map)); pq_64bit_free(&(s->d1->bitmap.max_seq_num)); pq_64bit_free(&(s->d1->next_bitmap.map)); pq_64bit_free(&(s->d1->next_bitmap.max_seq_num)); memset(s->d1, 0, sizeof(*(s->d1))); if (s->server) { s->d1->cookie_len = sizeof(s->d1->cookie); } if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) { s->d1->mtu = mtu; } s->d1->unprocessed_rcds.q = unprocessed_rcds; s->d1->processed_rcds.q = processed_rcds; s->d1->buffered_messages = buffered_messages; s->d1->sent_messages = sent_messages; s->d1->buffered_app_data.q = buffered_app_data; #if defined(OPENSSL_SYS_VMS) || defined(VMS_TEST) s->d1->bitmap.length=64; #else s->d1->bitmap.length=sizeof(s->d1->bitmap.map) * 8; #endif pq_64bit_init(&(s->d1->bitmap.map)); pq_64bit_init(&(s->d1->bitmap.max_seq_num)); s->d1->next_bitmap.length = s->d1->bitmap.length; pq_64bit_init(&(s->d1->next_bitmap.map)); pq_64bit_init(&(s->d1->next_bitmap.max_seq_num)); } ssl3_clear(s); if (s->options & SSL_OP_CISCO_ANYCONNECT) s->version=DTLS1_BAD_VER; else s->version=DTLS1_VERSION; } long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) { int ret=0; switch (cmd) { case DTLS_CTRL_GET_TIMEOUT: if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) { ret = 1; } break; case DTLS_CTRL_HANDLE_TIMEOUT: ret = dtls1_handle_timeout(s); break; case DTLS_CTRL_LISTEN: ret = dtls1_listen(s, parg); break; + case SSL_CTRL_CHECK_PROTO_VERSION: + /* For library-internal use; checks that the current protocol + * is the highest enabled version (according to s->ctx->method, + * as version negotiation may have changed s->method). */ +#if DTLS_MAX_VERSION != DTLS1_VERSION +# error Code needs update for DTLS_method() support beyond DTLS1_VERSION. +#endif + /* Just one protocol version is supported so far; + * fail closed if the version is not as expected. */ + return s->version == DTLS_MAX_VERSION; default: ret = ssl3_ctrl(s, cmd, larg, parg); break; } return(ret); } /* * As it's impossible to use stream ciphers in "datagram" mode, this * simple filter is designed to disengage them in DTLS. Unfortunately * there is no universal way to identify stream SSL_CIPHER, so we have * to explicitly list their SSL_* codes. Currently RC4 is the only one * available, but if new ones emerge, they will have to be added... */ SSL_CIPHER *dtls1_get_cipher(unsigned int u) { SSL_CIPHER *ciph = ssl3_get_cipher(u); if (ciph != NULL) { if ((ciph->algorithms&SSL_ENC_MASK) == SSL_RC4) return NULL; } return ciph; } void dtls1_start_timer(SSL *s) { /* If timer is not set, initialize duration with 1 second */ if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) { s->d1->timeout_duration = 1; } /* Set timeout to current time */ get_current_time(&(s->d1->next_timeout)); /* Add duration to current time */ s->d1->next_timeout.tv_sec += s->d1->timeout_duration; BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); } struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft) { struct timeval timenow; /* If no timeout is set, just return NULL */ if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) { return NULL; } /* Get current time */ get_current_time(&timenow); /* If timer already expired, set remaining time to 0 */ if (s->d1->next_timeout.tv_sec < timenow.tv_sec || (s->d1->next_timeout.tv_sec == timenow.tv_sec && s->d1->next_timeout.tv_usec <= timenow.tv_usec)) { memset(timeleft, 0, sizeof(struct timeval)); return timeleft; } /* Calculate time left until timer expires */ memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval)); timeleft->tv_sec -= timenow.tv_sec; timeleft->tv_usec -= timenow.tv_usec; if (timeleft->tv_usec < 0) { timeleft->tv_sec--; timeleft->tv_usec += 1000000; } /* If remaining time is less than 15 ms, set it to 0 * to prevent issues because of small devergences with * socket timeouts. */ if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) { memset(timeleft, 0, sizeof(struct timeval)); } return timeleft; } int dtls1_is_timer_expired(SSL *s) { struct timeval timeleft; /* Get time left until timeout, return false if no timer running */ if (dtls1_get_timeout(s, &timeleft) == NULL) { return 0; } /* Return false if timer is not expired yet */ if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) { return 0; } /* Timer expired, so return true */ return 1; } void dtls1_double_timeout(SSL *s) { s->d1->timeout_duration *= 2; if (s->d1->timeout_duration > 60) s->d1->timeout_duration = 60; dtls1_start_timer(s); } void dtls1_stop_timer(SSL *s) { /* Reset everything */ memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); s->d1->timeout_duration = 1; BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); /* Clear retransmission buffer */ dtls1_clear_record_buffer(s); } int dtls1_check_timeout_num(SSL *s) { s->d1->timeout.num_alerts++; /* Reduce MTU after 2 unsuccessful retransmissions */ if (s->d1->timeout.num_alerts > 2) { s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); } if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { /* fail the connection, enough alerts have been sent */ SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM,SSL_R_READ_TIMEOUT_EXPIRED); return -1; } return 0; } int dtls1_handle_timeout(SSL *s) { /* if no timer is expired, don't do anything */ if (!dtls1_is_timer_expired(s)) { return 0; } dtls1_double_timeout(s); if (dtls1_check_timeout_num(s) < 0) return -1; s->d1->timeout.read_timeouts++; if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { s->d1->timeout.read_timeouts = 1; } dtls1_start_timer(s); return dtls1_retransmit_buffered_messages(s); } static void get_current_time(struct timeval *t) { #ifdef OPENSSL_SYS_WIN32 struct _timeb tb; _ftime(&tb); t->tv_sec = (long)tb.time; t->tv_usec = (long)tb.millitm * 1000; #elif defined(OPENSSL_SYS_VMS) struct timeb tb; ftime(&tb); t->tv_sec = (long)tb.time; t->tv_usec = (long)tb.millitm * 1000; #else gettimeofday(t, NULL); #endif } int dtls1_listen(SSL *s, struct sockaddr *client) { int ret; SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); s->d1->listen = 1; ret = SSL_accept(s); if (ret <= 0) return ret; (void) BIO_dgram_get_peer(SSL_get_rbio(s), client); return 1; } Index: releng/8.4/crypto/openssl/ssl/dtls1.h =================================================================== --- releng/8.4/crypto/openssl/ssl/dtls1.h (revision 273415) +++ releng/8.4/crypto/openssl/ssl/dtls1.h (revision 273416) @@ -1,265 +1,266 @@ /* ssl/dtls1.h */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. */ /* ==================================================================== * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@OpenSSL.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ #ifndef HEADER_DTLS1_H #define HEADER_DTLS1_H #include #include #ifdef OPENSSL_SYS_VMS #include #include #endif #ifdef OPENSSL_SYS_WIN32 /* Needed for struct timeval */ #include #elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) #include #else #include #endif #ifdef __cplusplus extern "C" { #endif #define DTLS1_VERSION 0xFEFF +#define DTLS_MAX_VERSION DTLS1_VERSION + #define DTLS1_BAD_VER 0x0100 #if 0 /* this alert description is not specified anywhere... */ #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 #endif /* lengths of messages */ #define DTLS1_COOKIE_LENGTH 256 #define DTLS1_RT_HEADER_LENGTH 13 #define DTLS1_HM_HEADER_LENGTH 12 #define DTLS1_HM_BAD_FRAGMENT -2 #define DTLS1_HM_FRAGMENT_RETRY -3 #define DTLS1_CCS_HEADER_LENGTH 1 #ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE #define DTLS1_AL_HEADER_LENGTH 7 #else #define DTLS1_AL_HEADER_LENGTH 2 #endif typedef struct dtls1_bitmap_st { PQ_64BIT map; unsigned long length; /* sizeof the bitmap in bits */ PQ_64BIT max_seq_num; /* max record number seen so far */ } DTLS1_BITMAP; struct dtls1_retransmit_state { EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ const EVP_MD *write_hash; /* used for mac generation */ #ifndef OPENSSL_NO_COMP COMP_CTX *compress; /* compression */ #else char *compress; #endif SSL_SESSION *session; unsigned short epoch; }; struct hm_header_st { unsigned char type; unsigned long msg_len; unsigned short seq; unsigned long frag_off; unsigned long frag_len; unsigned int is_ccs; struct dtls1_retransmit_state saved_retransmit_state; }; struct ccs_header_st { unsigned char type; unsigned short seq; }; struct dtls1_timeout_st { /* Number of read timeouts so far */ unsigned int read_timeouts; /* Number of write timeouts so far */ unsigned int write_timeouts; /* Number of alerts received so far */ unsigned int num_alerts; }; typedef struct record_pqueue_st { unsigned short epoch; pqueue q; } record_pqueue; typedef struct hm_fragment_st { struct hm_header_st msg_header; unsigned char *fragment; unsigned char *reassembly; } hm_fragment; typedef struct dtls1_state_st { unsigned int send_cookie; unsigned char cookie[DTLS1_COOKIE_LENGTH]; unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; unsigned int cookie_len; /* * The current data and handshake epoch. This is initially * undefined, and starts at zero once the initial handshake is * completed */ unsigned short r_epoch; unsigned short w_epoch; /* records being received in the current epoch */ DTLS1_BITMAP bitmap; /* renegotiation starts a new set of sequence numbers */ DTLS1_BITMAP next_bitmap; /* handshake message numbers */ unsigned short handshake_write_seq; unsigned short next_handshake_write_seq; unsigned short handshake_read_seq; /* save last sequence number for retransmissions */ unsigned char last_write_sequence[8]; /* Received handshake records (processed and unprocessed) */ record_pqueue unprocessed_rcds; record_pqueue processed_rcds; /* Buffered handshake messages */ pqueue buffered_messages; /* Buffered (sent) handshake records */ pqueue sent_messages; /* Buffered application records. * Only for records between CCS and Finished * to prevent either protocol violation or * unnecessary message loss. */ record_pqueue buffered_app_data; /* Is set when listening for new connections with dtls1_listen() */ unsigned int listen; unsigned int mtu; /* max DTLS packet size */ struct hm_header_st w_msg_hdr; struct hm_header_st r_msg_hdr; struct dtls1_timeout_st timeout; /* Indicates when the last handshake msg sent will timeout */ struct timeval next_timeout; /* Timeout duration */ unsigned short timeout_duration; /* storage for Alert/Handshake protocol data received but not * yet processed by ssl3_read_bytes: */ unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; unsigned int alert_fragment_len; unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; unsigned int handshake_fragment_len; unsigned int retransmitting; unsigned int change_cipher_spec_ok; } DTLS1_STATE; typedef struct dtls1_record_data_st { unsigned char *packet; unsigned int packet_length; SSL3_BUFFER rbuf; SSL3_RECORD rrec; } DTLS1_RECORD_DATA; /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ #define DTLS1_TMO_READ_COUNT 2 #define DTLS1_TMO_WRITE_COUNT 2 #define DTLS1_TMO_ALERT_COUNT 12 #ifdef __cplusplus } #endif #endif - Index: releng/8.4/crypto/openssl/ssl/s23_clnt.c =================================================================== --- releng/8.4/crypto/openssl/ssl/s23_clnt.c (revision 273415) +++ releng/8.4/crypto/openssl/ssl/s23_clnt.c (revision 273416) @@ -1,621 +1,632 @@ /* ssl/s23_clnt.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include #include "ssl_locl.h" #include #include #include #include static SSL_METHOD *ssl23_get_client_method(int ver); static int ssl23_client_hello(SSL *s); static int ssl23_get_server_hello(SSL *s); static SSL_METHOD *ssl23_get_client_method(int ver) { #ifndef OPENSSL_NO_SSL2 if (ver == SSL2_VERSION) return(SSLv2_client_method()); #endif +#ifndef OPENSSL_NO_SSL3 if (ver == SSL3_VERSION) return(SSLv3_client_method()); - else if (ver == TLS1_VERSION) +#endif + if (ver == TLS1_VERSION) return(TLSv1_client_method()); else return(NULL); } IMPLEMENT_ssl23_meth_func(SSLv23_client_method, ssl_undefined_function, ssl23_connect, ssl23_get_client_method) int ssl23_connect(SSL *s) { BUF_MEM *buf=NULL; unsigned long Time=(unsigned long)time(NULL); void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; int new_state,state; RAND_add(&Time,sizeof(Time),0); ERR_clear_error(); clear_sys_error(); if (s->info_callback != NULL) cb=s->info_callback; else if (s->ctx->info_callback != NULL) cb=s->ctx->info_callback; s->in_handshake++; if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); for (;;) { state=s->state; switch(s->state) { case SSL_ST_BEFORE: case SSL_ST_CONNECT: case SSL_ST_BEFORE|SSL_ST_CONNECT: case SSL_ST_OK|SSL_ST_CONNECT: if (s->session != NULL) { SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE); ret= -1; goto end; } s->server=0; if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); /* s->version=TLS1_VERSION; */ s->type=SSL_ST_CONNECT; if (s->init_buf == NULL) { if ((buf=BUF_MEM_new()) == NULL) { ret= -1; goto end; } if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) { ret= -1; goto end; } s->init_buf=buf; buf=NULL; } if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } ssl3_init_finished_mac(s); s->state=SSL23_ST_CW_CLNT_HELLO_A; s->ctx->stats.sess_connect++; s->init_num=0; break; case SSL23_ST_CW_CLNT_HELLO_A: case SSL23_ST_CW_CLNT_HELLO_B: s->shutdown=0; ret=ssl23_client_hello(s); if (ret <= 0) goto end; s->state=SSL23_ST_CR_SRVR_HELLO_A; s->init_num=0; break; case SSL23_ST_CR_SRVR_HELLO_A: case SSL23_ST_CR_SRVR_HELLO_B: ret=ssl23_get_server_hello(s); if (ret >= 0) cb=NULL; goto end; /* break; */ default: SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE); ret= -1; goto end; /* break; */ } if (s->debug) { (void)BIO_flush(s->wbio); } if ((cb != NULL) && (s->state != state)) { new_state=s->state; s->state=state; cb(s,SSL_CB_CONNECT_LOOP,1); s->state=new_state; } } end: s->in_handshake--; if (buf != NULL) BUF_MEM_free(buf); if (cb != NULL) cb(s,SSL_CB_CONNECT_EXIT,ret); return(ret); } static int ssl23_client_hello(SSL *s) { unsigned char *buf; unsigned char *p,*d; int i,ch_len; unsigned long Time,l; int ssl2_compat; int version = 0, version_major, version_minor; #ifndef OPENSSL_NO_COMP int j; SSL_COMP *comp; #endif int ret; ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1; if (!(s->options & SSL_OP_NO_TLSv1)) { version = TLS1_VERSION; } else if (!(s->options & SSL_OP_NO_SSLv3)) { version = SSL3_VERSION; } else if (!(s->options & SSL_OP_NO_SSLv2)) { version = SSL2_VERSION; } #ifndef OPENSSL_NO_TLSEXT if (version != SSL2_VERSION) { /* have to disable SSL 2.0 compatibility if we need TLS extensions */ if (s->tlsext_hostname != NULL) ssl2_compat = 0; if (s->tlsext_status_type != -1) ssl2_compat = 0; } #endif buf=(unsigned char *)s->init_buf->data; if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { #if 0 /* don't reuse session-id's */ if (!ssl_get_new_session(s,0)) { return(-1); } #endif p=s->s3->client_random; Time=(unsigned long)time(NULL); /* Time */ l2n(Time,p); if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) return -1; if (version == TLS1_VERSION) { version_major = TLS1_VERSION_MAJOR; version_minor = TLS1_VERSION_MINOR; } #ifdef OPENSSL_FIPS else if(FIPS_mode()) { SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); return -1; } #endif else if (version == SSL3_VERSION) { version_major = SSL3_VERSION_MAJOR; version_minor = SSL3_VERSION_MINOR; } else if (version == SSL2_VERSION) { version_major = SSL2_VERSION_MAJOR; version_minor = SSL2_VERSION_MINOR; } else { SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE); return(-1); } s->client_version = version; if (ssl2_compat) { /* create SSL 2.0 compatible Client Hello */ /* two byte record header will be written last */ d = &(buf[2]); p = d + 9; /* leave space for message type, version, individual length fields */ *(d++) = SSL2_MT_CLIENT_HELLO; *(d++) = version_major; *(d++) = version_minor; /* Ciphers supported */ i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0); if (i == 0) { /* no ciphers */ SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); return -1; } s2n(i,d); p+=i; /* put in the session-id length (zero since there is no reuse) */ #if 0 s->session->session_id_length=0; #endif s2n(0,d); if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) ch_len=SSL2_CHALLENGE_LENGTH; else ch_len=SSL2_MAX_CHALLENGE_LENGTH; /* write out sslv2 challenge */ if (SSL3_RANDOM_SIZE < ch_len) i=SSL3_RANDOM_SIZE; else i=ch_len; s2n(i,d); memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0) return -1; memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); p+=i; i= p- &(buf[2]); buf[0]=((i>>8)&0xff)|0x80; buf[1]=(i&0xff); /* number of bytes to write */ s->init_num=i+2; s->init_off=0; ssl3_finish_mac(s,&(buf[2]),i); } else { /* create Client Hello in SSL 3.0/TLS 1.0 format */ /* do the record header (5 bytes) and handshake message header (4 bytes) last */ d = p = &(buf[9]); *(p++) = version_major; *(p++) = version_minor; /* Random stuff */ memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); p += SSL3_RANDOM_SIZE; /* Session ID (zero since there is no reuse) */ *(p++) = 0; /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char); if (i == 0) { SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); return -1; } s2n(i,p); p+=i; #ifdef OPENSSL_NO_COMP *(p++)=1; #else /* COMPRESSION */ if (s->ctx->comp_methods == NULL) j=0; else j=sk_SSL_COMP_num(s->ctx->comp_methods); *(p++)=1+j; for (i=0; ictx->comp_methods,i); *(p++)=comp->id; } #endif *(p++)=0; /* Add the NULL method */ #ifndef OPENSSL_NO_TLSEXT if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); return -1; } #endif l = p-d; *p = 42; /* fill in 4-byte handshake header */ d=&(buf[5]); *(d++)=SSL3_MT_CLIENT_HELLO; l2n3(l,d); l += 4; if (l > SSL3_RT_MAX_PLAIN_LENGTH) { SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); return -1; } /* fill in 5-byte record header */ d=buf; *(d++) = SSL3_RT_HANDSHAKE; *(d++) = version_major; *(d++) = version_minor; /* arguably we should send the *lowest* suported version here * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */ s2n((int)l,d); /* number of bytes to write */ s->init_num=p-buf; s->init_off=0; ssl3_finish_mac(s,&(buf[5]), s->init_num - 5); } s->state=SSL23_ST_CW_CLNT_HELLO_B; s->init_off=0; } /* SSL3_ST_CW_CLNT_HELLO_B */ ret = ssl23_write_bytes(s); if ((ret >= 2) && s->msg_callback) { /* Client Hello has been sent; tell msg_callback */ if (ssl2_compat) s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); else s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg); } return ret; } static int ssl23_get_server_hello(SSL *s) { char buf[8]; unsigned char *p; int i; int n; n=ssl23_read_bytes(s,7); if (n != 7) return(n); p=s->packet; memcpy(buf,p,n); if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && (p[5] == 0x00) && (p[6] == 0x02)) { #ifdef OPENSSL_NO_SSL2 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); goto err; #else /* we are talking sslv2 */ /* we need to clean up the SSLv3 setup and put in the * sslv2 stuff. */ int ch_len; if (s->options & SSL_OP_NO_SSLv2) { SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); goto err; } if (s->s2 == NULL) { if (!ssl2_new(s)) goto err; } else ssl2_clear(s); if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) ch_len=SSL2_CHALLENGE_LENGTH; else ch_len=SSL2_MAX_CHALLENGE_LENGTH; /* write out sslv2 challenge */ i=(SSL3_RANDOM_SIZE < ch_len) ?SSL3_RANDOM_SIZE:ch_len; s->s2->challenge_length=i; memcpy(s->s2->challenge, &(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); if (s->s3 != NULL) ssl3_free(s); if (!BUF_MEM_grow_clean(s->init_buf, SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) { SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB); goto err; } s->state=SSL2_ST_GET_SERVER_HELLO_A; if (!(s->client_version == SSL2_VERSION)) /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */ s->s2->ssl2_rollback=1; - /* setup the 5 bytes we have read so we get them from + /* setup the 7 bytes we have read so we get them from * the sslv2 buffer */ s->rstate=SSL_ST_READ_HEADER; s->packet_length=n; s->packet= &(s->s2->rbuf[0]); memcpy(s->packet,buf,n); s->s2->rbuf_left=n; s->s2->rbuf_offs=0; /* we have already written one */ s->s2->write_sequence=1; s->method=SSLv2_client_method(); s->handshake_func=s->method->ssl_connect; #endif } - else if ((p[0] == SSL3_RT_HANDSHAKE) && - (p[1] == SSL3_VERSION_MAJOR) && - ((p[2] == SSL3_VERSION_MINOR) || - (p[2] == TLS1_VERSION_MINOR)) && - (p[5] == SSL3_MT_SERVER_HELLO)) + else if (p[1] == SSL3_VERSION_MAJOR && + ((p[2] == SSL3_VERSION_MINOR) || + (p[2] == TLS1_VERSION_MINOR)) && + ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) || + (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) { - /* we have sslv3 or tls1 */ + /* we have sslv3 or tls1 (server hello or alert) */ - if (!ssl_init_wbio_buffer(s,1)) goto err; - - /* we are in this state */ - s->state=SSL3_ST_CR_SRVR_HELLO_A; - - /* put the 5 bytes we have read into the input buffer - * for SSLv3 */ - s->rstate=SSL_ST_READ_HEADER; - s->packet_length=n; - s->packet= &(s->s3->rbuf.buf[0]); - memcpy(s->packet,buf,n); - s->s3->rbuf.left=n; - s->s3->rbuf.offset=0; - +#ifndef OPENSSL_NO_SSL3 if ((p[2] == SSL3_VERSION_MINOR) && !(s->options & SSL_OP_NO_SSLv3)) { #ifdef OPENSSL_FIPS if(FIPS_mode()) { SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); goto err; } #endif s->version=SSL3_VERSION; s->method=SSLv3_client_method(); } - else if ((p[2] == TLS1_VERSION_MINOR) && + else +#endif + if ((p[2] == TLS1_VERSION_MINOR) && !(s->options & SSL_OP_NO_TLSv1)) { s->version=TLS1_VERSION; s->method=TLSv1_client_method(); } else { SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); goto err; } - - s->handshake_func=s->method->ssl_connect; - } - else if ((p[0] == SSL3_RT_ALERT) && - (p[1] == SSL3_VERSION_MAJOR) && - ((p[2] == SSL3_VERSION_MINOR) || - (p[2] == TLS1_VERSION_MINOR)) && - (p[3] == 0) && - (p[4] == 2)) - { - void (*cb)(const SSL *ssl,int type,int val)=NULL; - int j; - /* An alert */ - if (s->info_callback != NULL) - cb=s->info_callback; - else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; - - i=p[5]; - if (cb != NULL) + /* ensure that TLS_MAX_VERSION is up-to-date */ + OPENSSL_assert(s->version <= TLS_MAX_VERSION); + + if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) { - j=(i<<8)|p[6]; - cb(s,SSL_CB_READ_ALERT,j); + /* fatal alert */ + + void (*cb)(const SSL *ssl,int type,int val)=NULL; + int j; + + if (s->info_callback != NULL) + cb=s->info_callback; + else if (s->ctx->info_callback != NULL) + cb=s->ctx->info_callback; + + i=p[5]; + if (cb != NULL) + { + j=(i<<8)|p[6]; + cb(s,SSL_CB_READ_ALERT,j); + } + + if (s->msg_callback) + s->msg_callback(0, s->version, SSL3_RT_ALERT, p+5, 2, s, s->msg_callback_arg); + + s->rwstate=SSL_NOTHING; + SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]); + goto err; } - s->rwstate=SSL_NOTHING; - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]); - goto err; + if (!ssl_init_wbio_buffer(s,1)) goto err; + + /* we are in this state */ + s->state=SSL3_ST_CR_SRVR_HELLO_A; + + /* put the 7 bytes we have read into the input buffer + * for SSLv3 */ + s->rstate=SSL_ST_READ_HEADER; + s->packet_length=n; + if (s->s3->rbuf.buf == NULL) + if (!ssl3_setup_buffers(s)) + goto err; + s->packet= &(s->s3->rbuf.buf[0]); + memcpy(s->packet,buf,n); + s->s3->rbuf.left=n; + s->s3->rbuf.offset=0; + + s->handshake_func=s->method->ssl_connect; } else { SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL); goto err; } s->init_num=0; /* Since, if we are sending a ssl23 client hello, we are not * reusing a session-id */ if (!ssl_get_new_session(s,0)) goto err; return(SSL_connect(s)); err: return(-1); } Index: releng/8.4/crypto/openssl/ssl/s23_srvr.c =================================================================== --- releng/8.4/crypto/openssl/ssl/s23_srvr.c (revision 273415) +++ releng/8.4/crypto/openssl/ssl/s23_srvr.c (revision 273416) @@ -1,604 +1,610 @@ /* ssl/s23_srvr.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* ==================================================================== * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ #include #include "ssl_locl.h" #include #include #include #include static SSL_METHOD *ssl23_get_server_method(int ver); int ssl23_get_client_hello(SSL *s); static SSL_METHOD *ssl23_get_server_method(int ver) { #ifndef OPENSSL_NO_SSL2 if (ver == SSL2_VERSION) return(SSLv2_server_method()); #endif +#ifndef OPENSSL_NO_SSL3 if (ver == SSL3_VERSION) return(SSLv3_server_method()); - else if (ver == TLS1_VERSION) +#endif + if (ver == TLS1_VERSION) return(TLSv1_server_method()); else return(NULL); } IMPLEMENT_ssl23_meth_func(SSLv23_server_method, ssl23_accept, ssl_undefined_function, ssl23_get_server_method) int ssl23_accept(SSL *s) { BUF_MEM *buf; unsigned long Time=(unsigned long)time(NULL); void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; int new_state,state; RAND_add(&Time,sizeof(Time),0); ERR_clear_error(); clear_sys_error(); if (s->info_callback != NULL) cb=s->info_callback; else if (s->ctx->info_callback != NULL) cb=s->ctx->info_callback; s->in_handshake++; if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); for (;;) { state=s->state; switch(s->state) { case SSL_ST_BEFORE: case SSL_ST_ACCEPT: case SSL_ST_BEFORE|SSL_ST_ACCEPT: case SSL_ST_OK|SSL_ST_ACCEPT: s->server=1; if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); /* s->version=SSL3_VERSION; */ s->type=SSL_ST_ACCEPT; if (s->init_buf == NULL) { if ((buf=BUF_MEM_new()) == NULL) { ret= -1; goto end; } if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) { ret= -1; goto end; } s->init_buf=buf; } ssl3_init_finished_mac(s); s->state=SSL23_ST_SR_CLNT_HELLO_A; s->ctx->stats.sess_accept++; s->init_num=0; break; case SSL23_ST_SR_CLNT_HELLO_A: case SSL23_ST_SR_CLNT_HELLO_B: s->shutdown=0; ret=ssl23_get_client_hello(s); if (ret >= 0) cb=NULL; goto end; /* break; */ default: SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE); ret= -1; goto end; /* break; */ } if ((cb != NULL) && (s->state != state)) { new_state=s->state; s->state=state; cb(s,SSL_CB_ACCEPT_LOOP,1); s->state=new_state; } } end: s->in_handshake--; if (cb != NULL) cb(s,SSL_CB_ACCEPT_EXIT,ret); return(ret); } int ssl23_get_client_hello(SSL *s) { char buf_space[11]; /* Request this many bytes in initial read. * We can detect SSL 3.0/TLS 1.0 Client Hellos * ('type == 3') correctly only when the following * is in a single record, which is not guaranteed by * the protocol specification: * Byte Content * 0 type \ * 1/2 version > record header * 3/4 length / * 5 msg_type \ * 6-8 length > Client Hello message * 9/10 client_version / */ char *buf= &(buf_space[0]); unsigned char *p,*d,*d_len,*dd; unsigned int i; unsigned int csl,sil,cl; int n=0,j; int type=0; int v[2]; if (s->state == SSL23_ST_SR_CLNT_HELLO_A) { /* read the initial header */ v[0]=v[1]=0; if (!ssl3_setup_buffers(s)) goto err; n=ssl23_read_bytes(s, sizeof buf_space); if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */ p=s->packet; memcpy(buf,p,n); if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) { /* * SSLv2 header */ if ((p[3] == 0x00) && (p[4] == 0x02)) { v[0]=p[3]; v[1]=p[4]; /* SSLv2 */ if (!(s->options & SSL_OP_NO_SSLv2)) type=1; } else if (p[3] == SSL3_VERSION_MAJOR) { v[0]=p[3]; v[1]=p[4]; /* SSLv3/TLSv1 */ if (p[4] >= TLS1_VERSION_MINOR) { if (!(s->options & SSL_OP_NO_TLSv1)) { s->version=TLS1_VERSION; /* type=2; */ /* done later to survive restarts */ s->state=SSL23_ST_SR_CLNT_HELLO_B; } else if (!(s->options & SSL_OP_NO_SSLv3)) { s->version=SSL3_VERSION; /* type=2; */ s->state=SSL23_ST_SR_CLNT_HELLO_B; } else if (!(s->options & SSL_OP_NO_SSLv2)) { type=1; } } else if (!(s->options & SSL_OP_NO_SSLv3)) { s->version=SSL3_VERSION; /* type=2; */ s->state=SSL23_ST_SR_CLNT_HELLO_B; } else if (!(s->options & SSL_OP_NO_SSLv2)) type=1; } } else if ((p[0] == SSL3_RT_HANDSHAKE) && (p[1] == SSL3_VERSION_MAJOR) && (p[5] == SSL3_MT_CLIENT_HELLO) && ((p[3] == 0 && p[4] < 5 /* silly record length? */) || (p[9] >= p[1]))) { /* * SSLv3 or tls1 header */ v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */ /* We must look at client_version inside the Client Hello message * to get the correct minor version. * However if we have only a pathologically small fragment of the * Client Hello message, this would be difficult, and we'd have * to read more records to find out. * No known SSL 3.0 client fragments ClientHello like this, * so we simply reject such connections to avoid * protocol version downgrade attacks. */ if (p[3] == 0 && p[4] < 6) { SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); goto err; } /* if major version number > 3 set minor to a value * which will use the highest version 3 we support. * If TLS 2.0 ever appears we will need to revise * this.... */ if (p[9] > SSL3_VERSION_MAJOR) v[1]=0xff; else v[1]=p[10]; /* minor version according to client_version */ if (v[1] >= TLS1_VERSION_MINOR) { if (!(s->options & SSL_OP_NO_TLSv1)) { s->version=TLS1_VERSION; type=3; } else if (!(s->options & SSL_OP_NO_SSLv3)) { s->version=SSL3_VERSION; type=3; } } else { /* client requests SSL 3.0 */ if (!(s->options & SSL_OP_NO_SSLv3)) { s->version=SSL3_VERSION; type=3; } else if (!(s->options & SSL_OP_NO_TLSv1)) { /* we won't be able to use TLS of course, * but this will send an appropriate alert */ s->version=TLS1_VERSION; type=3; } } } else if ((strncmp("GET ", (char *)p,4) == 0) || (strncmp("POST ",(char *)p,5) == 0) || (strncmp("HEAD ",(char *)p,5) == 0) || (strncmp("PUT ", (char *)p,4) == 0)) { SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST); goto err; } else if (strncmp("CONNECT",(char *)p,7) == 0) { SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST); goto err; } } #ifdef OPENSSL_FIPS if (FIPS_mode() && (s->version < TLS1_VERSION)) { SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); goto err; } #endif + /* ensure that TLS_MAX_VERSION is up-to-date */ + OPENSSL_assert(s->version <= TLS_MAX_VERSION); + if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { /* we have SSLv3/TLSv1 in an SSLv2 header * (other cases skip this state) */ type=2; p=s->packet; v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ v[1] = p[4]; /* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2 * header is sent directly on the wire, not wrapped as a TLS * record. It's format is: * Byte Content * 0-1 msg_length * 2 msg_type * 3-4 version * 5-6 cipher_spec_length * 7-8 session_id_length * 9-10 challenge_length * ... ... */ n=((p[0]&0x7f)<<8)|p[1]; if (n > (1024*4)) { SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE); goto err; } if (n < 9) { SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH); goto err; } j=ssl23_read_bytes(s,n+2); /* We previously read 11 bytes, so if j > 0, we must have * j == n+2 == s->packet_length. We have at least 11 valid * packet bytes. */ if (j <= 0) return(j); ssl3_finish_mac(s, s->packet+2, s->packet_length-2); if (s->msg_callback) s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ p=s->packet; p+=5; n2s(p,csl); n2s(p,sil); n2s(p,cl); d=(unsigned char *)s->init_buf->data; if ((csl+sil+cl+11) != s->packet_length) { SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH); goto err; } /* record header: msg_type ... */ *(d++) = SSL3_MT_CLIENT_HELLO; /* ... and length (actual value will be written later) */ d_len = d; d += 3; /* client_version */ *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */ *(d++) = v[1]; /* lets populate the random area */ /* get the challenge_length */ i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl; memset(d,0,SSL3_RANDOM_SIZE); memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i); d+=SSL3_RANDOM_SIZE; /* no session-id reuse */ *(d++)=0; /* ciphers */ j=0; dd=d; d+=2; for (i=0; iinit_buf->data) - 4; l2n3((long)i, d_len); /* get the data reused from the init_buf */ s->s3->tmp.reuse_message=1; s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO; s->s3->tmp.message_size=i; } /* imaginary new state (for program structure): */ /* s->state = SSL23_SR_CLNT_HELLO_C */ if (type == 1) { #ifdef OPENSSL_NO_SSL2 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); goto err; #else /* we are talking sslv2 */ /* we need to clean up the SSLv3/TLSv1 setup and put in the * sslv2 stuff. */ if (s->s2 == NULL) { if (!ssl2_new(s)) goto err; } else ssl2_clear(s); if (s->s3 != NULL) ssl3_free(s); if (!BUF_MEM_grow_clean(s->init_buf, SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) { goto err; } s->state=SSL2_ST_GET_CLIENT_HELLO_A; if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3) s->s2->ssl2_rollback=0; else /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 * (SSL 3.0 draft/RFC 2246, App. E.2) */ s->s2->ssl2_rollback=1; /* setup the n bytes we have read so we get them from * the sslv2 buffer */ s->rstate=SSL_ST_READ_HEADER; s->packet_length=n; s->packet= &(s->s2->rbuf[0]); memcpy(s->packet,buf,n); s->s2->rbuf_left=n; s->s2->rbuf_offs=0; s->method=SSLv2_server_method(); s->handshake_func=s->method->ssl_accept; #endif } if ((type == 2) || (type == 3)) { /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */ + s->method = ssl23_get_server_method(s->version); + if (s->method == NULL) + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); + goto err; + } if (!ssl_init_wbio_buffer(s,1)) goto err; /* we are in this state */ s->state=SSL3_ST_SR_CLNT_HELLO_A; if (type == 3) { /* put the 'n' bytes we have read into the input buffer * for SSLv3 */ s->rstate=SSL_ST_READ_HEADER; s->packet_length=n; s->packet= &(s->s3->rbuf.buf[0]); memcpy(s->packet,buf,n); s->s3->rbuf.left=n; s->s3->rbuf.offset=0; } else { s->packet_length=0; s->s3->rbuf.left=0; s->s3->rbuf.offset=0; } - - if (s->version == TLS1_VERSION) - s->method = TLSv1_server_method(); - else - s->method = SSLv3_server_method(); #if 0 /* ssl3_get_client_hello does this */ s->client_version=(v[0]<<8)|v[1]; #endif s->handshake_func=s->method->ssl_accept; } if ((type < 1) || (type > 3)) { /* bad, very bad */ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL); goto err; } s->init_num=0; if (buf != buf_space) OPENSSL_free(buf); return(SSL_accept(s)); err: if (buf != buf_space) OPENSSL_free(buf); return(-1); } Index: releng/8.4/crypto/openssl/ssl/s2_lib.c =================================================================== --- releng/8.4/crypto/openssl/ssl/s2_lib.c (revision 273415) +++ releng/8.4/crypto/openssl/ssl/s2_lib.c (revision 273416) @@ -1,478 +1,480 @@ /* ssl/s2_lib.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "ssl_locl.h" #ifndef OPENSSL_NO_SSL2 #include #include #include #include const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT; #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER)) /* list of available SSLv2 ciphers (sorted by id) */ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ /* NULL_WITH_MD5 v3 */ #if 0 { 1, SSL2_TXT_NULL_WITH_MD5, SSL2_CK_NULL_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2, SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE, 0, 0, 0, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, #endif /* RC4_128_WITH_MD5 */ { 1, SSL2_TXT_RC4_128_WITH_MD5, SSL2_CK_RC4_128_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2, SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* RC4_128_EXPORT40_WITH_MD5 */ { 1, SSL2_TXT_RC4_128_EXPORT40_WITH_MD5, SSL2_CK_RC4_128_EXPORT40_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2, SSL_EXPORT|SSL_EXP40, SSL2_CF_5_BYTE_ENC, 40, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* RC2_128_CBC_WITH_MD5 */ { 1, SSL2_TXT_RC2_128_CBC_WITH_MD5, SSL2_CK_RC2_128_CBC_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2, SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* RC2_128_CBC_EXPORT40_WITH_MD5 */ { 1, SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5, SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2, SSL_EXPORT|SSL_EXP40, SSL2_CF_5_BYTE_ENC, 40, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* IDEA_128_CBC_WITH_MD5 */ #ifndef OPENSSL_NO_IDEA { 1, SSL2_TXT_IDEA_128_CBC_WITH_MD5, SSL2_CK_IDEA_128_CBC_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_SSLV2, SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, #endif /* DES_64_CBC_WITH_MD5 */ { 1, SSL2_TXT_DES_64_CBC_WITH_MD5, SSL2_CK_DES_64_CBC_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_SSLV2, SSL_NOT_EXP|SSL_LOW, 0, 56, 56, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* DES_192_EDE3_CBC_WITH_MD5 */ { 1, SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5, SSL2_CK_DES_192_EDE3_CBC_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_SSLV2, SSL_NOT_EXP|SSL_HIGH, 0, 168, 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* RC4_64_WITH_MD5 */ #if 0 { 1, SSL2_TXT_RC4_64_WITH_MD5, SSL2_CK_RC4_64_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2, SSL_NOT_EXP|SSL_LOW, SSL2_CF_8_BYTE_ENC, 64, 64, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, #endif /* NULL SSLeay (testing) */ #if 0 { 0, SSL2_TXT_NULL, SSL2_CK_NULL, 0, SSL_STRONG_NONE, 0, 0, 0, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, #endif /* end of list :-) */ }; long ssl2_default_timeout(void) { return(300); } IMPLEMENT_ssl2_meth_func(sslv2_base_method, ssl_undefined_function, ssl_undefined_function, ssl_bad_method) int ssl2_num_ciphers(void) { return(SSL2_NUM_CIPHERS); } SSL_CIPHER *ssl2_get_cipher(unsigned int u) { if (u < SSL2_NUM_CIPHERS) return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u])); else return(NULL); } int ssl2_pending(const SSL *s) { return SSL_in_init(s) ? 0 : s->s2->ract_data_length; } int ssl2_new(SSL *s) { SSL2_STATE *s2; if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err; memset(s2,0,sizeof *s2); #if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2 # error "assertion failed" #endif if ((s2->rbuf=OPENSSL_malloc( SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err; /* wbuf needs one byte more because when using two-byte headers, * we leave the first byte unused in do_ssl_write (s2_pkt.c) */ if ((s2->wbuf=OPENSSL_malloc( SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err; s->s2=s2; ssl2_clear(s); return(1); err: if (s2 != NULL) { if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf); if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf); OPENSSL_free(s2); } return(0); } void ssl2_free(SSL *s) { SSL2_STATE *s2; if(s == NULL) return; s2=s->s2; if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf); if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf); OPENSSL_cleanse(s2,sizeof *s2); OPENSSL_free(s2); s->s2=NULL; } void ssl2_clear(SSL *s) { SSL2_STATE *s2; unsigned char *rbuf,*wbuf; s2=s->s2; rbuf=s2->rbuf; wbuf=s2->wbuf; memset(s2,0,sizeof *s2); s2->rbuf=rbuf; s2->wbuf=wbuf; s2->clear_text=1; s->packet=s2->rbuf; s->version=SSL2_VERSION; s->packet_length=0; } long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg) { int ret=0; switch(cmd) { case SSL_CTRL_GET_SESSION_REUSED: ret=s->hit; break; + case SSL_CTRL_CHECK_PROTO_VERSION: + return ssl3_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, larg, parg); default: break; } return(ret); } long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { return(0); } long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { return(0); } long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) { return(0); } /* This function needs to check if the ciphers required are actually * available */ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) { SSL_CIPHER c,*cp; unsigned long id; id=0x02000000L|((unsigned long)p[0]<<16L)| ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; c.id=id; cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c, (char *)ssl2_ciphers, SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER), FP_ICC ssl_cipher_id_cmp); if ((cp == NULL) || (cp->valid == 0)) return NULL; else return cp; } int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) { long l; if (p != NULL) { l=c->id; - if ((l & 0xff000000) != 0x02000000) return(0); + if ((l & 0xff000000) != 0x02000000 && l != SSL3_CK_FALLBACK_SCSV) return(0); p[0]=((unsigned char)(l>>16L))&0xFF; p[1]=((unsigned char)(l>> 8L))&0xFF; p[2]=((unsigned char)(l ))&0xFF; } return(3); } int ssl2_generate_key_material(SSL *s) { unsigned int i; EVP_MD_CTX ctx; unsigned char *km; unsigned char c='0'; const EVP_MD *md5; md5 = EVP_md5(); #ifdef CHARSET_EBCDIC c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0', see SSLv2 docu */ #endif EVP_MD_CTX_init(&ctx); km=s->s2->key_material; if (s->session->master_key_length < 0 || s->session->master_key_length > (int)sizeof(s->session->master_key)) { SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); return 0; } for (i=0; is2->key_material_length; i += EVP_MD_size(md5)) { if (((km - s->s2->key_material) + EVP_MD_size(md5)) > (int)sizeof(s->s2->key_material)) { /* EVP_DigestFinal_ex() below would write beyond buffer */ SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); return 0; } EVP_DigestInit_ex(&ctx, md5, NULL); OPENSSL_assert(s->session->master_key_length >= 0 && s->session->master_key_length < (int)sizeof(s->session->master_key)); EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); EVP_DigestUpdate(&ctx,&c,1); c++; EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length); EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length); EVP_DigestFinal_ex(&ctx,km,NULL); km += EVP_MD_size(md5); } EVP_MD_CTX_cleanup(&ctx); return 1; } void ssl2_return_error(SSL *s, int err) { if (!s->error) { s->error=3; s->error_code=err; ssl2_write_error(s); } } void ssl2_write_error(SSL *s) { unsigned char buf[3]; int i,error; buf[0]=SSL2_MT_ERROR; buf[1]=(s->error_code>>8)&0xff; buf[2]=(s->error_code)&0xff; /* state=s->rwstate;*/ error=s->error; /* number of bytes left to write */ s->error=0; OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf)); i=ssl2_write(s,&(buf[3-error]),error); /* if (i == error) s->rwstate=state; */ if (i < 0) s->error=error; else { s->error=error-i; if (s->error == 0) if (s->msg_callback) s->msg_callback(1, s->version, 0, buf, 3, s, s->msg_callback_arg); /* ERROR */ } } int ssl2_shutdown(SSL *s) { s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); return(1); } #else /* !OPENSSL_NO_SSL2 */ # if PEDANTIC static void *dummy=&dummy; # endif #endif Index: releng/8.4/crypto/openssl/ssl/s3_enc.c =================================================================== --- releng/8.4/crypto/openssl/ssl/s3_enc.c (revision 273415) +++ releng/8.4/crypto/openssl/ssl/s3_enc.c (revision 273416) @@ -1,764 +1,770 @@ /* ssl/s3_enc.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ #include #include "ssl_locl.h" #include #include static unsigned char ssl3_pad_1[48]={ 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36 }; static unsigned char ssl3_pad_2[48]={ 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c }; static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, const char *sender, int len, unsigned char *p); static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) { EVP_MD_CTX m5; EVP_MD_CTX s1; unsigned char buf[16],smd[SHA_DIGEST_LENGTH]; unsigned char c='A'; unsigned int i,j,k; #ifdef CHARSET_EBCDIC c = os_toascii[c]; /*'A' in ASCII */ #endif k=0; EVP_MD_CTX_init(&m5); EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_MD_CTX_init(&s1); for (i=0; (int)i sizeof buf) { /* bug: 'buf' is too small for this ciphersuite */ SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); return 0; } for (j=0; jsession->master_key, s->session->master_key_length); EVP_DigestUpdate(&s1,s->s3->server_random,SSL3_RANDOM_SIZE); EVP_DigestUpdate(&s1,s->s3->client_random,SSL3_RANDOM_SIZE); EVP_DigestFinal_ex(&s1,smd,NULL); EVP_DigestInit_ex(&m5,EVP_md5(), NULL); EVP_DigestUpdate(&m5,s->session->master_key, s->session->master_key_length); EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH); if ((int)(i+MD5_DIGEST_LENGTH) > num) { EVP_DigestFinal_ex(&m5,smd,NULL); memcpy(km,smd,(num-i)); } else EVP_DigestFinal_ex(&m5,km,NULL); km+=MD5_DIGEST_LENGTH; } OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH); EVP_MD_CTX_cleanup(&m5); EVP_MD_CTX_cleanup(&s1); return 1; } int ssl3_change_cipher_state(SSL *s, int which) { unsigned char *p,*mac_secret; unsigned char exp_key[EVP_MAX_KEY_LENGTH]; unsigned char exp_iv[EVP_MAX_IV_LENGTH]; unsigned char *ms,*key,*iv,*er1,*er2; EVP_CIPHER_CTX *dd; const EVP_CIPHER *c; #ifndef OPENSSL_NO_COMP COMP_METHOD *comp; #endif const EVP_MD *m; EVP_MD_CTX md; int is_exp,n,i,j,k,cl; int reuse_dd = 0; is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); c=s->s3->tmp.new_sym_enc; m=s->s3->tmp.new_hash; #ifndef OPENSSL_NO_COMP if (s->s3->tmp.new_compression == NULL) comp=NULL; else comp=s->s3->tmp.new_compression->method; #endif if (which & SSL3_CC_READ) { if (s->enc_read_ctx != NULL) reuse_dd = 1; else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) goto err; else /* make sure it's intialized in case we exit later with an error */ EVP_CIPHER_CTX_init(s->enc_read_ctx); dd= s->enc_read_ctx; s->read_hash=m; #ifndef OPENSSL_NO_COMP /* COMPRESS */ if (s->expand != NULL) { COMP_CTX_free(s->expand); s->expand=NULL; } if (comp != NULL) { s->expand=COMP_CTX_new(comp); if (s->expand == NULL) { SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR); goto err2; } if (s->s3->rrec.comp == NULL) s->s3->rrec.comp=(unsigned char *) OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH); if (s->s3->rrec.comp == NULL) goto err; } #endif memset(&(s->s3->read_sequence[0]),0,8); mac_secret= &(s->s3->read_mac_secret[0]); } else { if (s->enc_write_ctx != NULL) reuse_dd = 1; else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) goto err; else /* make sure it's intialized in case we exit later with an error */ EVP_CIPHER_CTX_init(s->enc_write_ctx); dd= s->enc_write_ctx; s->write_hash=m; #ifndef OPENSSL_NO_COMP /* COMPRESS */ if (s->compress != NULL) { COMP_CTX_free(s->compress); s->compress=NULL; } if (comp != NULL) { s->compress=COMP_CTX_new(comp); if (s->compress == NULL) { SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR); goto err2; } } #endif memset(&(s->s3->write_sequence[0]),0,8); mac_secret= &(s->s3->write_mac_secret[0]); } if (reuse_dd) EVP_CIPHER_CTX_cleanup(dd); p=s->s3->tmp.key_block; i=EVP_MD_size(m); cl=EVP_CIPHER_key_length(c); j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */ k=EVP_CIPHER_iv_length(c); if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { ms= &(p[ 0]); n=i+i; key= &(p[ n]); n+=j+j; iv= &(p[ n]); n+=k+k; er1= &(s->s3->client_random[0]); er2= &(s->s3->server_random[0]); } else { n=i; ms= &(p[ n]); n+=i+j; key= &(p[ n]); n+=j+k; iv= &(p[ n]); n+=k; er1= &(s->s3->server_random[0]); er2= &(s->s3->client_random[0]); } if (n > s->s3->tmp.key_block_length) { SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR); goto err2; } EVP_MD_CTX_init(&md); memcpy(mac_secret,ms,i); if (is_exp) { /* In here I set both the read and write key/iv to the * same value since only the correct one will be used :-). */ EVP_DigestInit_ex(&md,EVP_md5(), NULL); EVP_DigestUpdate(&md,key,j); EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE); EVP_DigestFinal_ex(&md,&(exp_key[0]),NULL); key= &(exp_key[0]); if (k > 0) { EVP_DigestInit_ex(&md,EVP_md5(), NULL); EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE); EVP_DigestFinal_ex(&md,&(exp_iv[0]),NULL); iv= &(exp_iv[0]); } } s->session->key_arg_length=0; EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE)); OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key)); OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv)); EVP_MD_CTX_cleanup(&md); return(1); err: SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); err2: return(0); } int ssl3_setup_key_block(SSL *s) { unsigned char *p; const EVP_CIPHER *c; const EVP_MD *hash; int num; int ret = 0; SSL_COMP *comp; if (s->s3->tmp.key_block_length != 0) return(1); if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp)) { SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE); return(0); } s->s3->tmp.new_sym_enc=c; s->s3->tmp.new_hash=hash; #ifdef OPENSSL_NO_COMP s->s3->tmp.new_compression=NULL; #else s->s3->tmp.new_compression=comp; #endif num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c); num*=2; ssl3_cleanup_key_block(s); if ((p=OPENSSL_malloc(num)) == NULL) goto err; s->s3->tmp.key_block_length=num; s->s3->tmp.key_block=p; ret = ssl3_generate_key_block(s,p,num); if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) { /* enable vulnerability countermeasure for CBC ciphers with * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */ s->s3->need_empty_fragments = 1; if (s->session->cipher != NULL) { if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL) s->s3->need_empty_fragments = 0; #ifndef OPENSSL_NO_RC4 if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4) s->s3->need_empty_fragments = 0; #endif } } return ret; err: SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); return(0); } void ssl3_cleanup_key_block(SSL *s) { if (s->s3->tmp.key_block != NULL) { OPENSSL_cleanse(s->s3->tmp.key_block, s->s3->tmp.key_block_length); OPENSSL_free(s->s3->tmp.key_block); s->s3->tmp.key_block=NULL; } s->s3->tmp.key_block_length=0; } /* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. * * Returns: * 0: (in non-constant time) if the record is publically invalid (i.e. too * short etc). * 1: if the record's padding is valid / the encryption was successful. * -1: if the record's padding is invalid or, if sending, an internal error * occured. */ int ssl3_enc(SSL *s, int send) { SSL3_RECORD *rec; EVP_CIPHER_CTX *ds; unsigned long l; int bs,i,mac_size=0; const EVP_CIPHER *enc; if (send) { ds=s->enc_write_ctx; rec= &(s->s3->wrec); if (s->enc_write_ctx == NULL) enc=NULL; else enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); } else { ds=s->enc_read_ctx; rec= &(s->s3->rrec); if (s->enc_read_ctx == NULL) enc=NULL; else enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); } if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { memmove(rec->data,rec->input,rec->length); rec->input=rec->data; } else { l=rec->length; bs=EVP_CIPHER_block_size(ds->cipher); /* COMPRESS */ if ((bs != 1) && send) { i=bs-((int)l%bs); /* we need to add 'i-1' padding bytes */ l+=i; /* the last of these zero bytes will be overwritten * with the padding length. */ memset(&rec->input[rec->length], 0, i); rec->length+=i; rec->input[l-1]=(i-1); } if (!send) { if (l == 0 || l%bs != 0) return 0; /* otherwise, rec->length >= bs */ } EVP_Cipher(ds,rec->data,rec->input,l); if (s->read_hash != NULL) mac_size = EVP_MD_size(s->read_hash); if ((bs != 1) && !send) return ssl3_cbc_remove_padding(s, rec, bs, mac_size); } return(1); } void ssl3_init_finished_mac(SSL *s) { EVP_MD_CTX_set_flags(&(s->s3->finish_dgst1), EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL); EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL); } void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) { EVP_DigestUpdate(&(s->s3->finish_dgst1),buf,len); EVP_DigestUpdate(&(s->s3->finish_dgst2),buf,len); } int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *ctx, unsigned char *p) { return(ssl3_handshake_mac(s,ctx,NULL,0,p)); } int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2, const char *sender, int len, unsigned char *p) { int ret; ret=ssl3_handshake_mac(s,ctx1,sender,len,p); p+=ret; ret+=ssl3_handshake_mac(s,ctx2,sender,len,p); return(ret); } static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, const char *sender, int len, unsigned char *p) { unsigned int ret; int npad,n; unsigned int i; unsigned char md_buf[EVP_MAX_MD_SIZE]; EVP_MD_CTX ctx; EVP_MD_CTX_init(&ctx); EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_MD_CTX_copy_ex(&ctx,in_ctx); n=EVP_MD_CTX_size(&ctx); npad=(48/n)*n; if (sender != NULL) EVP_DigestUpdate(&ctx,sender,len); EVP_DigestUpdate(&ctx,s->session->master_key, s->session->master_key_length); EVP_DigestUpdate(&ctx,ssl3_pad_1,npad); EVP_DigestFinal_ex(&ctx,md_buf,&i); EVP_DigestInit_ex(&ctx,EVP_MD_CTX_md(&ctx), NULL); EVP_DigestUpdate(&ctx,s->session->master_key, s->session->master_key_length); EVP_DigestUpdate(&ctx,ssl3_pad_2,npad); EVP_DigestUpdate(&ctx,md_buf,i); EVP_DigestFinal_ex(&ctx,p,&ret); EVP_MD_CTX_cleanup(&ctx); return((int)ret); } int ssl3_mac(SSL *ssl, unsigned char *md, int send) { SSL3_RECORD *rec; unsigned char *mac_sec,*seq; EVP_MD_CTX md_ctx; const EVP_MD *hash; unsigned char *p,rec_char; size_t md_size, orig_len; int npad; if (send) { rec= &(ssl->s3->wrec); mac_sec= &(ssl->s3->write_mac_secret[0]); seq= &(ssl->s3->write_sequence[0]); hash=ssl->write_hash; } else { rec= &(ssl->s3->rrec); mac_sec= &(ssl->s3->read_mac_secret[0]); seq= &(ssl->s3->read_sequence[0]); hash=ssl->read_hash; } md_size=EVP_MD_size(hash); npad=(48/md_size)*md_size; /* kludge: ssl3_cbc_remove_padding passes padding length in rec->type */ orig_len = rec->length+md_size+((unsigned int)rec->type>>8); rec->type &= 0xff; if (!send && EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && ssl3_cbc_record_digest_supported(hash)) { /* This is a CBC-encrypted record. We must avoid leaking any * timing-side channel information about how many blocks of * data we are hashing because that gives an attacker a * timing-oracle. */ /* npad is, at most, 48 bytes and that's with MD5: * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75. * * With SHA-1 (the largest hash speced for SSLv3) the hash size * goes up 4, but npad goes down by 8, resulting in a smaller * total size. */ unsigned char header[75]; unsigned j = 0; memcpy(header+j, mac_sec, md_size); j += md_size; memcpy(header+j, ssl3_pad_1, npad); j += npad; memcpy(header+j, seq, 8); j += 8; header[j++] = rec->type; header[j++] = rec->length >> 8; header[j++] = rec->length & 0xff; ssl3_cbc_digest_record( hash, md, &md_size, header, rec->input, rec->length + md_size, orig_len, mac_sec, md_size, 1 /* is SSLv3 */); } else { unsigned int md_size_u; /* Chop the digest off the end :-) */ EVP_MD_CTX_init(&md_ctx); EVP_DigestInit_ex( &md_ctx,hash, NULL); EVP_DigestUpdate(&md_ctx,mac_sec,md_size); EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad); EVP_DigestUpdate(&md_ctx,seq,8); rec_char=rec->type; EVP_DigestUpdate(&md_ctx,&rec_char,1); p=md; s2n(rec->length,p); EVP_DigestUpdate(&md_ctx,md,2); EVP_DigestUpdate(&md_ctx,rec->input,rec->length); EVP_DigestFinal_ex( &md_ctx,md,NULL); EVP_DigestInit_ex( &md_ctx,hash, NULL); EVP_DigestUpdate(&md_ctx,mac_sec,md_size); EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad); EVP_DigestUpdate(&md_ctx,md,md_size); EVP_DigestFinal_ex( &md_ctx,md,&md_size_u); md_size = md_size_u; EVP_MD_CTX_cleanup(&md_ctx); } ssl3_record_sequence_update(seq); return(md_size); } void ssl3_record_sequence_update(unsigned char *seq) { int i; for (i=7; i>=0; i--) { ++seq[i]; if (seq[i] != 0) break; } } int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, int len) { static const unsigned char *salt[3]={ #ifndef CHARSET_EBCDIC (const unsigned char *)"A", (const unsigned char *)"BB", (const unsigned char *)"CCC", #else (const unsigned char *)"\x41", (const unsigned char *)"\x42\x42", (const unsigned char *)"\x43\x43\x43", #endif }; unsigned char buf[EVP_MAX_MD_SIZE]; EVP_MD_CTX ctx; int i,ret=0; unsigned int n; EVP_MD_CTX_init(&ctx); for (i=0; i<3; i++) { EVP_DigestInit_ex(&ctx,s->ctx->sha1, NULL); EVP_DigestUpdate(&ctx,salt[i],strlen((const char *)salt[i])); EVP_DigestUpdate(&ctx,p,len); EVP_DigestUpdate(&ctx,&(s->s3->client_random[0]), SSL3_RANDOM_SIZE); EVP_DigestUpdate(&ctx,&(s->s3->server_random[0]), SSL3_RANDOM_SIZE); EVP_DigestFinal_ex(&ctx,buf,&n); EVP_DigestInit_ex(&ctx,s->ctx->md5, NULL); EVP_DigestUpdate(&ctx,p,len); EVP_DigestUpdate(&ctx,buf,n); EVP_DigestFinal_ex(&ctx,out,&n); out+=n; ret+=n; } EVP_MD_CTX_cleanup(&ctx); return(ret); } int ssl3_alert_code(int code) { switch (code) { case SSL_AD_CLOSE_NOTIFY: return(SSL3_AD_CLOSE_NOTIFY); case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE); case SSL_AD_BAD_RECORD_MAC: return(SSL3_AD_BAD_RECORD_MAC); case SSL_AD_DECRYPTION_FAILED: return(SSL3_AD_BAD_RECORD_MAC); case SSL_AD_RECORD_OVERFLOW: return(SSL3_AD_BAD_RECORD_MAC); case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE); case SSL_AD_HANDSHAKE_FAILURE: return(SSL3_AD_HANDSHAKE_FAILURE); case SSL_AD_NO_CERTIFICATE: return(SSL3_AD_NO_CERTIFICATE); case SSL_AD_BAD_CERTIFICATE: return(SSL3_AD_BAD_CERTIFICATE); case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE); case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED); case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED); case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN); case SSL_AD_ILLEGAL_PARAMETER: return(SSL3_AD_ILLEGAL_PARAMETER); case SSL_AD_UNKNOWN_CA: return(SSL3_AD_BAD_CERTIFICATE); case SSL_AD_ACCESS_DENIED: return(SSL3_AD_HANDSHAKE_FAILURE); case SSL_AD_DECODE_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); case SSL_AD_DECRYPT_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); case SSL_AD_EXPORT_RESTRICTION: return(SSL3_AD_HANDSHAKE_FAILURE); case SSL_AD_PROTOCOL_VERSION: return(SSL3_AD_HANDSHAKE_FAILURE); case SSL_AD_INSUFFICIENT_SECURITY:return(SSL3_AD_HANDSHAKE_FAILURE); case SSL_AD_INTERNAL_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); case SSL_AD_USER_CANCELLED: return(SSL3_AD_HANDSHAKE_FAILURE); case SSL_AD_NO_RENEGOTIATION: return(-1); /* Don't send it :-) */ + case SSL_AD_UNSUPPORTED_EXTENSION: return(SSL3_AD_HANDSHAKE_FAILURE); + case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(SSL3_AD_HANDSHAKE_FAILURE); + case SSL_AD_UNRECOGNIZED_NAME: return(SSL3_AD_HANDSHAKE_FAILURE); + case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(SSL3_AD_HANDSHAKE_FAILURE); + case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(SSL3_AD_HANDSHAKE_FAILURE); + case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); + case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK); default: return(-1); } } - Index: releng/8.4/crypto/openssl/ssl/s3_lib.c =================================================================== --- releng/8.4/crypto/openssl/ssl/s3_lib.c (revision 273415) +++ releng/8.4/crypto/openssl/ssl/s3_lib.c (revision 273416) @@ -1,2643 +1,2667 @@ /* ssl/s3_lib.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* ==================================================================== * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * * Portions of the attached software ("Contribution") are developed by * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. * * The Contribution is licensed pursuant to the OpenSSL open source * license provided above. * * ECC cipher suite support in OpenSSL originally written by * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. * */ #include #include #include "ssl_locl.h" #include "kssl_lcl.h" #include #ifndef OPENSSL_NO_DH #include #endif #include const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) /* list of available SSLv3 ciphers (sorted by id) */ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* The RSA ciphers */ /* Cipher 01 */ { 1, SSL3_TXT_RSA_NULL_MD5, SSL3_CK_RSA_NULL_MD5, SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3, SSL_NOT_EXP|SSL_STRONG_NONE, 0, 0, 0, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 02 */ { 1, SSL3_TXT_RSA_NULL_SHA, SSL3_CK_RSA_NULL_SHA, SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 0, 0, 0, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 03 */ { 1, SSL3_TXT_RSA_RC4_40_MD5, SSL3_CK_RSA_RC4_40_MD5, SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_SSLV3, SSL_EXPORT|SSL_EXP40, 0, 40, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 04 */ { 1, SSL3_TXT_RSA_RC4_128_MD5, SSL3_CK_RSA_RC4_128_MD5, SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_SSLV3, SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 05 */ { 1, SSL3_TXT_RSA_RC4_128_SHA, SSL3_CK_RSA_RC4_128_SHA, SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3, SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 06 */ { 1, SSL3_TXT_RSA_RC2_40_MD5, SSL3_CK_RSA_RC2_40_MD5, SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_SSLV3, SSL_EXPORT|SSL_EXP40, 0, 40, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 07 */ #ifndef OPENSSL_NO_IDEA { 1, SSL3_TXT_RSA_IDEA_128_SHA, SSL3_CK_RSA_IDEA_128_SHA, SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3, SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, #endif /* Cipher 08 */ { 1, SSL3_TXT_RSA_DES_40_CBC_SHA, SSL3_CK_RSA_DES_40_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, SSL_EXPORT|SSL_EXP40, 0, 40, 56, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 09 */ { 1, SSL3_TXT_RSA_DES_64_CBC_SHA, SSL3_CK_RSA_DES_64_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, SSL_NOT_EXP|SSL_LOW, 0, 56, 56, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 0A */ { 1, SSL3_TXT_RSA_DES_192_CBC3_SHA, SSL3_CK_RSA_DES_192_CBC3_SHA, SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 168, 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* The DH ciphers */ /* Cipher 0B */ { 0, SSL3_TXT_DH_DSS_DES_40_CBC_SHA, SSL3_CK_DH_DSS_DES_40_CBC_SHA, SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, SSL_EXPORT|SSL_EXP40, 0, 40, 56, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 0C */ { 0, SSL3_TXT_DH_DSS_DES_64_CBC_SHA, SSL3_CK_DH_DSS_DES_64_CBC_SHA, SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, SSL_NOT_EXP|SSL_LOW, 0, 56, 56, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 0D */ { 0, SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, SSL3_CK_DH_DSS_DES_192_CBC3_SHA, SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 168, 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 0E */ { 0, SSL3_TXT_DH_RSA_DES_40_CBC_SHA, SSL3_CK_DH_RSA_DES_40_CBC_SHA, SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, SSL_EXPORT|SSL_EXP40, 0, 40, 56, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 0F */ { 0, SSL3_TXT_DH_RSA_DES_64_CBC_SHA, SSL3_CK_DH_RSA_DES_64_CBC_SHA, SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, SSL_NOT_EXP|SSL_LOW, 0, 56, 56, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 10 */ { 0, SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, SSL3_CK_DH_RSA_DES_192_CBC3_SHA, SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 168, 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* The Ephemeral DH ciphers */ /* Cipher 11 */ { 1, SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, SSL3_CK_EDH_DSS_DES_40_CBC_SHA, SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3, SSL_EXPORT|SSL_EXP40, 0, 40, 56, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 12 */ { 1, SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, SSL3_CK_EDH_DSS_DES_64_CBC_SHA, SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3, SSL_NOT_EXP|SSL_LOW, 0, 56, 56, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 13 */ { 1, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 168, 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 14 */ { 1, SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, SSL3_CK_EDH_RSA_DES_40_CBC_SHA, SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, SSL_EXPORT|SSL_EXP40, 0, 40, 56, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 15 */ { 1, SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, SSL3_CK_EDH_RSA_DES_64_CBC_SHA, SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, SSL_NOT_EXP|SSL_LOW, 0, 56, 56, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 16 */ { 1, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 168, 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 17 */ { 1, SSL3_TXT_ADH_RC4_40_MD5, SSL3_CK_ADH_RC4_40_MD5, SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, SSL_EXPORT|SSL_EXP40, 0, 40, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 18 */ { 1, SSL3_TXT_ADH_RC4_128_MD5, SSL3_CK_ADH_RC4_128_MD5, SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 19 */ { 1, SSL3_TXT_ADH_DES_40_CBC_SHA, SSL3_CK_ADH_DES_40_CBC_SHA, SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3, SSL_EXPORT|SSL_EXP40, 0, 40, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 1A */ { 1, SSL3_TXT_ADH_DES_64_CBC_SHA, SSL3_CK_ADH_DES_64_CBC_SHA, SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3, SSL_NOT_EXP|SSL_LOW, 0, 56, 56, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 1B */ { 1, SSL3_TXT_ADH_DES_192_CBC_SHA, SSL3_CK_ADH_DES_192_CBC_SHA, SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 168, 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Fortezza */ /* Cipher 1C */ { 0, SSL3_TXT_FZA_DMS_NULL_SHA, SSL3_CK_FZA_DMS_NULL_SHA, SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3, SSL_NOT_EXP|SSL_STRONG_NONE, 0, 0, 0, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 1D */ { 0, SSL3_TXT_FZA_DMS_FZA_SHA, SSL3_CK_FZA_DMS_FZA_SHA, SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3, SSL_NOT_EXP|SSL_STRONG_NONE, 0, 0, 0, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, #if 0 /* Cipher 1E */ { 0, SSL3_TXT_FZA_DMS_RC4_SHA, SSL3_CK_FZA_DMS_RC4_SHA, SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3, SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, #endif #ifndef OPENSSL_NO_KRB5 /* The Kerberos ciphers */ /* Cipher 1E */ { 1, SSL3_TXT_KRB5_DES_64_CBC_SHA, SSL3_CK_KRB5_DES_64_CBC_SHA, SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, SSL_NOT_EXP|SSL_LOW, 0, 56, 56, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 1F */ { 1, SSL3_TXT_KRB5_DES_192_CBC3_SHA, SSL3_CK_KRB5_DES_192_CBC3_SHA, SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 168, 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 20 */ { 1, SSL3_TXT_KRB5_RC4_128_SHA, SSL3_CK_KRB5_RC4_128_SHA, SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 21 */ { 1, SSL3_TXT_KRB5_IDEA_128_CBC_SHA, SSL3_CK_KRB5_IDEA_128_CBC_SHA, SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_SHA1 |SSL_SSLV3, SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 22 */ { 1, SSL3_TXT_KRB5_DES_64_CBC_MD5, SSL3_CK_KRB5_DES_64_CBC_MD5, SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, SSL_NOT_EXP|SSL_LOW, 0, 56, 56, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 23 */ { 1, SSL3_TXT_KRB5_DES_192_CBC3_MD5, SSL3_CK_KRB5_DES_192_CBC3_MD5, SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3, SSL_NOT_EXP|SSL_HIGH, 0, 168, 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 24 */ { 1, SSL3_TXT_KRB5_RC4_128_MD5, SSL3_CK_KRB5_RC4_128_MD5, SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 25 */ { 1, SSL3_TXT_KRB5_IDEA_128_CBC_MD5, SSL3_CK_KRB5_IDEA_128_CBC_MD5, SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_MD5 |SSL_SSLV3, SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 26 */ { 1, SSL3_TXT_KRB5_DES_40_CBC_SHA, SSL3_CK_KRB5_DES_40_CBC_SHA, SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, SSL_EXPORT|SSL_EXP40, 0, 40, 56, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 27 */ { 1, SSL3_TXT_KRB5_RC2_40_CBC_SHA, SSL3_CK_KRB5_RC2_40_CBC_SHA, SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_SHA1 |SSL_SSLV3, SSL_EXPORT|SSL_EXP40, 0, 40, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 28 */ { 1, SSL3_TXT_KRB5_RC4_40_SHA, SSL3_CK_KRB5_RC4_40_SHA, SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, SSL_EXPORT|SSL_EXP40, 0, 40, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 29 */ { 1, SSL3_TXT_KRB5_DES_40_CBC_MD5, SSL3_CK_KRB5_DES_40_CBC_MD5, SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, SSL_EXPORT|SSL_EXP40, 0, 40, 56, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 2A */ { 1, SSL3_TXT_KRB5_RC2_40_CBC_MD5, SSL3_CK_KRB5_RC2_40_CBC_MD5, SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_MD5 |SSL_SSLV3, SSL_EXPORT|SSL_EXP40, 0, 40, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 2B */ { 1, SSL3_TXT_KRB5_RC4_40_MD5, SSL3_CK_KRB5_RC4_40_MD5, SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, SSL_EXPORT|SSL_EXP40, 0, 40, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, #endif /* OPENSSL_NO_KRB5 */ /* New AES ciphersuites */ /* Cipher 2F */ { 1, TLS1_TXT_RSA_WITH_AES_128_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 30 */ { 0, TLS1_TXT_DH_DSS_WITH_AES_128_SHA, TLS1_CK_DH_DSS_WITH_AES_128_SHA, SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 31 */ { 0, TLS1_TXT_DH_RSA_WITH_AES_128_SHA, TLS1_CK_DH_RSA_WITH_AES_128_SHA, SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 32 */ { 1, TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, TLS1_CK_DHE_DSS_WITH_AES_128_SHA, SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 33 */ { 1, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, TLS1_CK_DHE_RSA_WITH_AES_128_SHA, SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 34 */ { 1, TLS1_TXT_ADH_WITH_AES_128_SHA, TLS1_CK_ADH_WITH_AES_128_SHA, SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 35 */ { 1, TLS1_TXT_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_256_SHA, SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 36 */ { 0, TLS1_TXT_DH_DSS_WITH_AES_256_SHA, TLS1_CK_DH_DSS_WITH_AES_256_SHA, SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 37 */ { 0, TLS1_TXT_DH_RSA_WITH_AES_256_SHA, TLS1_CK_DH_RSA_WITH_AES_256_SHA, SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 38 */ { 1, TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, TLS1_CK_DHE_DSS_WITH_AES_256_SHA, SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 39 */ { 1, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, TLS1_CK_DHE_RSA_WITH_AES_256_SHA, SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 3A */ { 1, TLS1_TXT_ADH_WITH_AES_256_SHA, TLS1_CK_ADH_WITH_AES_256_SHA, SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, #ifndef OPENSSL_NO_CAMELLIA /* Camellia ciphersuites from RFC4132 (128-bit portion) */ /* Cipher 41 */ { 1, TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS }, /* Cipher 42 */ { 0, /* not implemented (non-ephemeral DH) */ TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS }, /* Cipher 43 */ { 0, /* not implemented (non-ephemeral DH) */ TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS }, /* Cipher 44 */ { 1, TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS }, /* Cipher 45 */ { 1, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS }, /* Cipher 46 */ { 1, TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS }, #endif /* OPENSSL_NO_CAMELLIA */ #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES /* New TLS Export CipherSuites from expired ID */ #if 0 /* Cipher 60 */ { 1, TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1, SSL_EXPORT|SSL_EXP56, 0, 56, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 61 */ { 1, TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1, SSL_EXPORT|SSL_EXP56, 0, 56, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, #endif /* Cipher 62 */ { 1, TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, SSL_EXPORT|SSL_EXP56, 0, 56, 56, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 63 */ { 1, TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1, SSL_EXPORT|SSL_EXP56, 0, 56, 56, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 64 */ { 1, TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_EXPORT|SSL_EXP56, 0, 56, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 65 */ { 1, TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_EXPORT|SSL_EXP56, 0, 56, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 66 */ { 1, TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS }, #endif #ifndef OPENSSL_NO_CAMELLIA /* Camellia ciphersuites from RFC4132 (256-bit portion) */ /* Cipher 84 */ { 1, TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS }, /* Cipher 85 */ { 0, /* not implemented (non-ephemeral DH) */ TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS }, /* Cipher 86 */ { 0, /* not implemented (non-ephemeral DH) */ TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS }, /* Cipher 87 */ { 1, TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS }, /* Cipher 88 */ { 1, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS }, /* Cipher 89 */ { 1, TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS }, #endif /* OPENSSL_NO_CAMELLIA */ #ifndef OPENSSL_NO_SEED /* SEED ciphersuites from RFC4162 */ /* Cipher 96 */ { 1, TLS1_TXT_RSA_WITH_SEED_SHA, TLS1_CK_RSA_WITH_SEED_SHA, SSL_kRSA|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1, SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 97 */ { 0, /* not implemented (non-ephemeral DH) */ TLS1_TXT_DH_DSS_WITH_SEED_SHA, TLS1_CK_DH_DSS_WITH_SEED_SHA, SSL_kDHd|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1, SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 98 */ { 0, /* not implemented (non-ephemeral DH) */ TLS1_TXT_DH_RSA_WITH_SEED_SHA, TLS1_CK_DH_RSA_WITH_SEED_SHA, SSL_kDHr|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1, SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 99 */ { 1, TLS1_TXT_DHE_DSS_WITH_SEED_SHA, TLS1_CK_DHE_DSS_WITH_SEED_SHA, SSL_kEDH|SSL_aDSS|SSL_SEED|SSL_SHA1|SSL_TLSV1, SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 9A */ { 1, TLS1_TXT_DHE_RSA_WITH_SEED_SHA, TLS1_CK_DHE_RSA_WITH_SEED_SHA, SSL_kEDH|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1, SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 9B */ { 1, TLS1_TXT_ADH_WITH_SEED_SHA, TLS1_CK_ADH_WITH_SEED_SHA, SSL_kEDH|SSL_aNULL|SSL_SEED|SSL_SHA1|SSL_TLSV1, SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, #endif /* OPENSSL_NO_SEED */ #ifndef OPENSSL_NO_ECDH /* Cipher C001 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 0, 0, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C002 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C003 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 168, 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C004 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C005 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C006 */ { 1, TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 0, 0, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C007 */ { 1, TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C008 */ { 1, TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 168, 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C009 */ { 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C00A */ { 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C00B */ { 1, TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, TLS1_CK_ECDH_RSA_WITH_NULL_SHA, SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 0, 0, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C00C */ { 1, TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C00D */ { 1, TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 168, 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C00E */ { 1, TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C00F */ { 1, TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C010 */ { 1, TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 0, 0, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C011 */ { 1, TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C012 */ { 1, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 168, 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C013 */ { 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C014 */ { 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C015 */ { 1, TLS1_TXT_ECDH_anon_WITH_NULL_SHA, TLS1_CK_ECDH_anon_WITH_NULL_SHA, SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 0, 0, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C016 */ { 1, TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C017 */ { 1, TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 168, 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C018 */ { 1, TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C019 */ { 1, TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, #endif /* OPENSSL_NO_ECDH */ /* end of list */ }; SSL3_ENC_METHOD SSLv3_enc_data={ ssl3_enc, ssl3_mac, ssl3_setup_key_block, ssl3_generate_master_secret, ssl3_change_cipher_state, ssl3_final_finish_mac, MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, ssl3_cert_verify_mac, SSL3_MD_CLIENT_FINISHED_CONST,4, SSL3_MD_SERVER_FINISHED_CONST,4, ssl3_alert_code, }; long ssl3_default_timeout(void) { /* 2 hours, the 24 hours mentioned in the SSLv3 spec * is way too long for http, the cache would over fill */ return(60*60*2); } IMPLEMENT_ssl3_meth_func(sslv3_base_method, ssl_undefined_function, ssl_undefined_function, ssl_bad_method) int ssl3_num_ciphers(void) { return(SSL3_NUM_CIPHERS); } SSL_CIPHER *ssl3_get_cipher(unsigned int u) { if (u < SSL3_NUM_CIPHERS) return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); else return(NULL); } int ssl3_pending(const SSL *s) { if (s->rstate == SSL_ST_READ_BODY) return 0; return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; } int ssl3_new(SSL *s) { SSL3_STATE *s3; if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err; memset(s3,0,sizeof *s3); EVP_MD_CTX_init(&s3->finish_dgst1); EVP_MD_CTX_init(&s3->finish_dgst2); pq_64bit_init(&(s3->rrec.seq_num)); pq_64bit_init(&(s3->wrec.seq_num)); s->s3=s3; s->method->ssl_clear(s); return(1); err: return(0); } void ssl3_free(SSL *s) { if(s == NULL) return; ssl3_cleanup_key_block(s); if (s->s3->rbuf.buf != NULL) OPENSSL_free(s->s3->rbuf.buf); if (s->s3->wbuf.buf != NULL) OPENSSL_free(s->s3->wbuf.buf); if (s->s3->rrec.comp != NULL) OPENSSL_free(s->s3->rrec.comp); #ifndef OPENSSL_NO_DH if (s->s3->tmp.dh != NULL) DH_free(s->s3->tmp.dh); #endif #ifndef OPENSSL_NO_ECDH if (s->s3->tmp.ecdh != NULL) EC_KEY_free(s->s3->tmp.ecdh); #endif if (s->s3->tmp.ca_names != NULL) sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); pq_64bit_free(&(s->s3->rrec.seq_num)); pq_64bit_free(&(s->s3->wrec.seq_num)); OPENSSL_cleanse(s->s3,sizeof *s->s3); OPENSSL_free(s->s3); s->s3=NULL; } void ssl3_clear(SSL *s) { unsigned char *rp,*wp; size_t rlen, wlen; ssl3_cleanup_key_block(s); if (s->s3->tmp.ca_names != NULL) sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); if (s->s3->rrec.comp != NULL) { OPENSSL_free(s->s3->rrec.comp); s->s3->rrec.comp=NULL; } #ifndef OPENSSL_NO_DH if (s->s3->tmp.dh != NULL) { DH_free(s->s3->tmp.dh); s->s3->tmp.dh = NULL; } #endif #ifndef OPENSSL_NO_ECDH if (s->s3->tmp.ecdh != NULL) { EC_KEY_free(s->s3->tmp.ecdh); s->s3->tmp.ecdh = NULL; } #endif rp = s->s3->rbuf.buf; wp = s->s3->wbuf.buf; rlen = s->s3->rbuf.len; wlen = s->s3->wbuf.len; EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); memset(s->s3,0,sizeof *s->s3); s->s3->rbuf.buf = rp; s->s3->wbuf.buf = wp; s->s3->rbuf.len = rlen; s->s3->wbuf.len = wlen; ssl_free_wbio_buffer(s); s->packet_length=0; s->s3->renegotiate=0; s->s3->total_renegotiations=0; s->s3->num_renegotiations=0; s->s3->in_read_app_data=0; s->version=SSL3_VERSION; } long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { int ret=0; #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) if ( #ifndef OPENSSL_NO_RSA cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB || #endif #ifndef OPENSSL_NO_DSA cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB || #endif 0) { if (!ssl_cert_inst(&s->cert)) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); return(0); } } #endif switch (cmd) { case SSL_CTRL_GET_SESSION_REUSED: ret=s->hit; break; case SSL_CTRL_GET_CLIENT_CERT_REQUEST: break; case SSL_CTRL_GET_NUM_RENEGOTIATIONS: ret=s->s3->num_renegotiations; break; case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: ret=s->s3->num_renegotiations; s->s3->num_renegotiations=0; break; case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: ret=s->s3->total_renegotiations; break; case SSL_CTRL_GET_FLAGS: ret=(int)(s->s3->flags); break; #ifndef OPENSSL_NO_RSA case SSL_CTRL_NEED_TMP_RSA: if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))) ret = 1; break; case SSL_CTRL_SET_TMP_RSA: { RSA *rsa = (RSA *)parg; if (rsa == NULL) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); return(ret); } if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); return(ret); } if (s->cert->rsa_tmp != NULL) RSA_free(s->cert->rsa_tmp); s->cert->rsa_tmp = rsa; ret = 1; } break; case SSL_CTRL_SET_TMP_RSA_CB: { SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return(ret); } break; #endif #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH: { DH *dh = (DH *)parg; if (dh == NULL) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); return(ret); } if ((dh = DHparams_dup(dh)) == NULL) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); return(ret); } if (!(s->options & SSL_OP_SINGLE_DH_USE)) { if (!DH_generate_key(dh)) { DH_free(dh); SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); return(ret); } } if (s->cert->dh_tmp != NULL) DH_free(s->cert->dh_tmp); s->cert->dh_tmp = dh; ret = 1; } break; case SSL_CTRL_SET_TMP_DH_CB: { SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return(ret); } break; #endif #ifndef OPENSSL_NO_ECDH case SSL_CTRL_SET_TMP_ECDH: { EC_KEY *ecdh = NULL; if (parg == NULL) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); return(ret); } if (!EC_KEY_up_ref((EC_KEY *)parg)) { SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB); return(ret); } ecdh = (EC_KEY *)parg; if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) { if (!EC_KEY_generate_key(ecdh)) { EC_KEY_free(ecdh); SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB); return(ret); } } if (s->cert->ecdh_tmp != NULL) EC_KEY_free(s->cert->ecdh_tmp); s->cert->ecdh_tmp = ecdh; ret = 1; } break; case SSL_CTRL_SET_TMP_ECDH_CB: { SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return(ret); } break; #endif /* !OPENSSL_NO_ECDH */ #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_HOSTNAME: if (larg == TLSEXT_NAMETYPE_host_name) { if (s->tlsext_hostname != NULL) OPENSSL_free(s->tlsext_hostname); s->tlsext_hostname = NULL; ret = 1; if (parg == NULL) break; if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); return 0; } if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR); return 0; } } else { SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); return 0; } break; case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: s->tlsext_debug_arg=parg; ret = 1; break; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: s->tlsext_status_type=larg; ret = 1; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; ret = 1; break; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: s->tlsext_ocsp_exts = parg; ret = 1; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids; ret = 1; break; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: s->tlsext_ocsp_ids = parg; ret = 1; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: *(unsigned char **)parg = s->tlsext_ocsp_resp; return s->tlsext_ocsp_resplen; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: if (s->tlsext_ocsp_resp) OPENSSL_free(s->tlsext_ocsp_resp); s->tlsext_ocsp_resp = parg; s->tlsext_ocsp_resplen = larg; ret = 1; break; #endif /* !OPENSSL_NO_TLSEXT */ + + case SSL_CTRL_CHECK_PROTO_VERSION: + /* For library-internal use; checks that the current protocol + * is the highest enabled version (according to s->ctx->method, + * as version negotiation may have changed s->method). */ + if (s->version == s->ctx->method->version) + return 1; + /* Apparently we're using a version-flexible SSL_METHOD + * (not at its highest protocol version). */ + if (s->ctx->method->version == SSLv23_method()->version) + { +#if TLS_MAX_VERSION != TLS1_VERSION +# error Code needs update for SSLv23_method() support beyond TLS1_VERSION. +#endif + if (!(s->options & SSL_OP_NO_TLSv1)) + return s->version == TLS1_VERSION; + if (!(s->options & SSL_OP_NO_SSLv3)) + return s->version == SSL3_VERSION; + if (!(s->options & SSL_OP_NO_SSLv2)) + return s->version == SSL2_VERSION; + } + return 0; /* Unexpected state; fail closed. */ + default: break; } return(ret); } long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { int ret=0; #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) if ( #ifndef OPENSSL_NO_RSA cmd == SSL_CTRL_SET_TMP_RSA_CB || #endif #ifndef OPENSSL_NO_DSA cmd == SSL_CTRL_SET_TMP_DH_CB || #endif 0) { if (!ssl_cert_inst(&s->cert)) { SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); return(0); } } #endif switch (cmd) { #ifndef OPENSSL_NO_RSA case SSL_CTRL_SET_TMP_RSA_CB: { s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; } break; #endif #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH_CB: { s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; } break; #endif #ifndef OPENSSL_NO_ECDH case SSL_CTRL_SET_TMP_ECDH_CB: { s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; } break; #endif #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_DEBUG_CB: s->tlsext_debug_cb=(void (*)(SSL *,int ,int, unsigned char *, int, void *))fp; break; #endif default: break; } return(ret); } long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { CERT *cert; cert=ctx->cert; switch (cmd) { #ifndef OPENSSL_NO_RSA case SSL_CTRL_NEED_TMP_RSA: if ( (cert->rsa_tmp == NULL) && ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))) ) return(1); else return(0); /* break; */ case SSL_CTRL_SET_TMP_RSA: { RSA *rsa; int i; rsa=(RSA *)parg; i=1; if (rsa == NULL) i=0; else { if ((rsa=RSAPrivateKey_dup(rsa)) == NULL) i=0; } if (!i) { SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB); return(0); } else { if (cert->rsa_tmp != NULL) RSA_free(cert->rsa_tmp); cert->rsa_tmp=rsa; return(1); } } /* break; */ case SSL_CTRL_SET_TMP_RSA_CB: { SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return(0); } break; #endif #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH: { DH *new=NULL,*dh; dh=(DH *)parg; if ((new=DHparams_dup(dh)) == NULL) { SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); return 0; } if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) { if (!DH_generate_key(new)) { SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); DH_free(new); return 0; } } if (cert->dh_tmp != NULL) DH_free(cert->dh_tmp); cert->dh_tmp=new; return 1; } /*break; */ case SSL_CTRL_SET_TMP_DH_CB: { SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return(0); } break; #endif #ifndef OPENSSL_NO_ECDH case SSL_CTRL_SET_TMP_ECDH: { EC_KEY *ecdh = NULL; if (parg == NULL) { SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); return 0; } ecdh = EC_KEY_dup((EC_KEY *)parg); if (ecdh == NULL) { SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB); return 0; } if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) { if (!EC_KEY_generate_key(ecdh)) { EC_KEY_free(ecdh); SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); return 0; } } if (cert->ecdh_tmp != NULL) { EC_KEY_free(cert->ecdh_tmp); } cert->ecdh_tmp = ecdh; return 1; } /* break; */ case SSL_CTRL_SET_TMP_ECDH_CB: { SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return(0); } break; #endif /* !OPENSSL_NO_ECDH */ #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: ctx->tlsext_servername_arg=parg; break; case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: { unsigned char *keys = parg; if (!keys) return 48; if (larg != 48) { SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); return 0; } if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { memcpy(ctx->tlsext_tick_key_name, keys, 16); memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16); memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); } else { memcpy(keys, ctx->tlsext_tick_key_name, 16); memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); } return 1; } case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: ctx->tlsext_status_arg=parg; return 1; break; #endif /* !OPENSSL_NO_TLSEXT */ /* A Thawte special :-) */ case SSL_CTRL_EXTRA_CHAIN_CERT: if (ctx->extra_certs == NULL) { if ((ctx->extra_certs=sk_X509_new_null()) == NULL) return(0); } sk_X509_push(ctx->extra_certs,(X509 *)parg); break; default: return(0); } return(1); } long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) { CERT *cert; cert=ctx->cert; switch (cmd) { #ifndef OPENSSL_NO_RSA case SSL_CTRL_SET_TMP_RSA_CB: { cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; } break; #endif #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH_CB: { cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; } break; #endif #ifndef OPENSSL_NO_ECDH case SSL_CTRL_SET_TMP_ECDH_CB: { cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; } break; #endif #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp; break; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp; break; case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *, unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; break; #endif + default: return(0); } return(1); } /* This function needs to check if the ciphers required are actually * available */ SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) { SSL_CIPHER c,*cp; unsigned long id; id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; c.id=id; cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c, (char *)ssl3_ciphers, SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER), FP_ICC ssl_cipher_id_cmp); if (cp == NULL || cp->valid == 0) return NULL; else return cp; } int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) { long l; if (p != NULL) { l=c->id; if ((l & 0xff000000) != 0x03000000) return(0); p[0]=((unsigned char)(l>> 8L))&0xFF; p[1]=((unsigned char)(l ))&0xFF; } return(2); } SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *srvr) { SSL_CIPHER *c,*ret=NULL; STACK_OF(SSL_CIPHER) *prio, *allow; int i,j,ok; CERT *cert; unsigned long alg,mask,emask; /* Let's see which ciphers we can support */ cert=s->cert; #if 0 /* Do not set the compare functions, because this may lead to a * reordering by "id". We want to keep the original ordering. * We may pay a price in performance during sk_SSL_CIPHER_find(), * but would have to pay with the price of sk_SSL_CIPHER_dup(). */ sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp); sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp); #endif #ifdef CIPHER_DEBUG printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr); for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i) { c=sk_SSL_CIPHER_value(srvr,i); printf("%p:%s\n",c,c->name); } printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt); for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i) { c=sk_SSL_CIPHER_value(clnt,i); printf("%p:%s\n",c,c->name); } #endif if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { prio = srvr; allow = clnt; } else { prio = clnt; allow = srvr; } for (i=0; imask; emask=cert->export_mask; #ifdef KSSL_DEBUG printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms); #endif /* KSSL_DEBUG */ alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); #ifndef OPENSSL_NO_KRB5 if (alg & SSL_KRB5) { if ( !kssl_keytab_is_available(s->kssl_ctx) ) continue; } #endif /* OPENSSL_NO_KRB5 */ if (SSL_C_IS_EXPORT(c)) { ok=((alg & emask) == alg)?1:0; #ifdef CIPHER_DEBUG printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask, c,c->name); #endif } else { ok=((alg & mask) == alg)?1:0; #ifdef CIPHER_DEBUG printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c, c->name); #endif } if (!ok) continue; j=sk_SSL_CIPHER_find(allow,c); if (j >= 0) { ret=sk_SSL_CIPHER_value(allow,j); break; } } return(ret); } int ssl3_get_req_cert_type(SSL *s, unsigned char *p) { int ret=0; unsigned long alg; alg=s->s3->tmp.new_cipher->algorithms; #ifndef OPENSSL_NO_DH if (alg & (SSL_kDHr|SSL_kEDH)) { # ifndef OPENSSL_NO_RSA p[ret++]=SSL3_CT_RSA_FIXED_DH; # endif # ifndef OPENSSL_NO_DSA p[ret++]=SSL3_CT_DSS_FIXED_DH; # endif } if ((s->version == SSL3_VERSION) && (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) { # ifndef OPENSSL_NO_RSA p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; # endif # ifndef OPENSSL_NO_DSA p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH; # endif } #endif /* !OPENSSL_NO_DH */ #ifndef OPENSSL_NO_RSA p[ret++]=SSL3_CT_RSA_SIGN; #endif #ifndef OPENSSL_NO_DSA p[ret++]=SSL3_CT_DSS_SIGN; #endif #ifndef OPENSSL_NO_ECDH /* We should ask for fixed ECDH certificates only * for SSL_kECDH (and not SSL_kECDHE) */ if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION)) { p[ret++]=TLS_CT_RSA_FIXED_ECDH; p[ret++]=TLS_CT_ECDSA_FIXED_ECDH; } #endif #ifndef OPENSSL_NO_ECDSA /* ECDSA certs can be used with RSA cipher suites as well * so we don't need to check for SSL_kECDH or SSL_kECDHE */ if (s->version >= TLS1_VERSION) { p[ret++]=TLS_CT_ECDSA_SIGN; } #endif return(ret); } int ssl3_shutdown(SSL *s) { int ret; /* Don't do anything much if we have not done the handshake or * we don't want to send messages :-) */ if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) { s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); return(1); } if (!(s->shutdown & SSL_SENT_SHUTDOWN)) { s->shutdown|=SSL_SENT_SHUTDOWN; #if 1 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY); #endif /* our shutdown alert has been sent now, and if it still needs * to be written, s->s3->alert_dispatch will be true */ if (s->s3->alert_dispatch) return(-1); /* return WANT_WRITE */ } else if (s->s3->alert_dispatch) { /* resend it if not sent */ #if 1 ret=s->method->ssl_dispatch_alert(s); if(ret == -1) { /* we only get to return -1 here the 2nd/Nth * invocation, we must have already signalled * return 0 upon a previous invoation, * return WANT_WRITE */ return(ret); } #endif } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { /* If we are waiting for a close from our peer, we are closed */ s->method->ssl_read_bytes(s,0,NULL,0,0); if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { return(-1); /* return WANT_READ */ } } if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && !s->s3->alert_dispatch) return(1); else return(0); } int ssl3_write(SSL *s, const void *buf, int len) { int ret,n; #if 0 if (s->shutdown & SSL_SEND_SHUTDOWN) { s->rwstate=SSL_NOTHING; return(0); } #endif clear_sys_error(); if (s->s3->renegotiate) ssl3_renegotiate_check(s); /* This is an experimental flag that sends the * last handshake message in the same packet as the first * use data - used to see if it helps the TCP protocol during * session-id reuse */ /* The second test is because the buffer may have been removed */ if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) { /* First time through, we write into the buffer */ if (s->s3->delay_buf_pop_ret == 0) { ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, buf,len); if (ret <= 0) return(ret); s->s3->delay_buf_pop_ret=ret; } s->rwstate=SSL_WRITING; n=BIO_flush(s->wbio); if (n <= 0) return(n); s->rwstate=SSL_NOTHING; /* We have flushed the buffer, so remove it */ ssl_free_wbio_buffer(s); s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; ret=s->s3->delay_buf_pop_ret; s->s3->delay_buf_pop_ret=0; } else { ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA, buf,len); if (ret <= 0) return(ret); } return(ret); } static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) { int ret; clear_sys_error(); if (s->s3->renegotiate) ssl3_renegotiate_check(s); s->s3->in_read_app_data=1; ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); if ((ret == -1) && (s->s3->in_read_app_data == 2)) { /* ssl3_read_bytes decided to call s->handshake_func, which * called ssl3_read_bytes to read handshake data. * However, ssl3_read_bytes actually found application data * and thinks that application data makes sense here; so disable * handshake processing and try to read application data again. */ s->in_handshake++; ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); s->in_handshake--; } else s->s3->in_read_app_data=0; return(ret); } int ssl3_read(SSL *s, void *buf, int len) { return ssl3_read_internal(s, buf, len, 0); } int ssl3_peek(SSL *s, void *buf, int len) { return ssl3_read_internal(s, buf, len, 1); } int ssl3_renegotiate(SSL *s) { if (s->handshake_func == NULL) return(1); if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) return(0); s->s3->renegotiate=1; return(1); } int ssl3_renegotiate_check(SSL *s) { int ret=0; if (s->s3->renegotiate) { if ( (s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) && !SSL_in_init(s)) { /* if we are the server, and we have sent a 'RENEGOTIATE' message, we need to go to SSL_ST_ACCEPT. */ /* SSL_ST_ACCEPT */ s->state=SSL_ST_RENEGOTIATE; s->s3->renegotiate=0; s->s3->num_renegotiations++; s->s3->total_renegotiations++; ret=1; } } return(ret); } Index: releng/8.4/crypto/openssl/ssl/ssl.h =================================================================== --- releng/8.4/crypto/openssl/ssl/ssl.h (revision 273415) +++ releng/8.4/crypto/openssl/ssl/ssl.h (revision 273416) @@ -1,2126 +1,2142 @@ /* ssl/ssl.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* ==================================================================== * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ /* ==================================================================== * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * ECC cipher suite support in OpenSSL originally developed by * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ #ifndef HEADER_SSL_H #define HEADER_SSL_H #include #ifndef OPENSSL_NO_COMP #include #endif #ifndef OPENSSL_NO_BIO #include #endif #ifndef OPENSSL_NO_DEPRECATED #ifndef OPENSSL_NO_X509 #include #endif #include #include #include #endif #include #include #include #include #include #ifdef __cplusplus extern "C" { #endif /* SSLeay version number for ASN.1 encoding of the session information */ /* Version 0 - initial version * Version 1 - added the optional peer certificate */ #define SSL_SESSION_ASN1_VERSION 0x0001 /* text strings for the ciphers */ #define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5 #define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5 #define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 #define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5 #define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 #define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5 #define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5 #define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA #define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 #define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA /* VRS Additional Kerberos5 entries */ #define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA #define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA #define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA #define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA #define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 #define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 #define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 #define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 #define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA #define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA #define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA #define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 #define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 #define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 #define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA #define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 #define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA #define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 #define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA #define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 #define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 #define SSL_MAX_SSL_SESSION_ID_LENGTH 32 #define SSL_MAX_SID_CTX_LENGTH 32 #define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) #define SSL_MAX_KEY_ARG_LENGTH 8 #define SSL_MAX_MASTER_KEY_LENGTH 48 /* These are used to specify which ciphers to use and not to use */ #define SSL_TXT_LOW "LOW" #define SSL_TXT_MEDIUM "MEDIUM" #define SSL_TXT_HIGH "HIGH" #define SSL_TXT_FIPS "FIPS" #define SSL_TXT_kFZA "kFZA" #define SSL_TXT_aFZA "aFZA" #define SSL_TXT_eFZA "eFZA" #define SSL_TXT_FZA "FZA" #define SSL_TXT_aNULL "aNULL" #define SSL_TXT_eNULL "eNULL" #define SSL_TXT_NULL "NULL" #define SSL_TXT_kKRB5 "kKRB5" #define SSL_TXT_aKRB5 "aKRB5" #define SSL_TXT_KRB5 "KRB5" #define SSL_TXT_kRSA "kRSA" #define SSL_TXT_kDHr "kDHr" #define SSL_TXT_kDHd "kDHd" #define SSL_TXT_kEDH "kEDH" #define SSL_TXT_aRSA "aRSA" #define SSL_TXT_aDSS "aDSS" #define SSL_TXT_aDH "aDH" #define SSL_TXT_DSS "DSS" #define SSL_TXT_DH "DH" #define SSL_TXT_EDH "EDH" #define SSL_TXT_ADH "ADH" #define SSL_TXT_RSA "RSA" #define SSL_TXT_DES "DES" #define SSL_TXT_3DES "3DES" #define SSL_TXT_RC4 "RC4" #define SSL_TXT_RC2 "RC2" #define SSL_TXT_IDEA "IDEA" #define SSL_TXT_SEED "SEED" #define SSL_TXT_AES "AES" #define SSL_TXT_CAMELLIA "CAMELLIA" #define SSL_TXT_MD5 "MD5" #define SSL_TXT_SHA1 "SHA1" #define SSL_TXT_SHA "SHA" #define SSL_TXT_EXP "EXP" #define SSL_TXT_EXPORT "EXPORT" #define SSL_TXT_EXP40 "EXPORT40" #define SSL_TXT_EXP56 "EXPORT56" #define SSL_TXT_SSLV2 "SSLv2" #define SSL_TXT_SSLV3 "SSLv3" #define SSL_TXT_TLSV1 "TLSv1" #define SSL_TXT_ALL "ALL" #define SSL_TXT_ECC "ECCdraft" /* ECC ciphersuites are not yet official */ /* * COMPLEMENTOF* definitions. These identifiers are used to (de-select) * ciphers normally not being used. * Example: "RC4" will activate all ciphers using RC4 including ciphers * without authentication, which would normally disabled by DEFAULT (due * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" * will make sure that it is also disabled in the specific selection. * COMPLEMENTOF* identifiers are portable between version, as adjustments * to the default cipher setup will also be included here. * * COMPLEMENTOFDEFAULT does not experience the same special treatment that * DEFAULT gets, as only selection is being done and no sorting as needed * for DEFAULT. */ #define SSL_TXT_CMPALL "COMPLEMENTOFALL" #define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" /* The following cipher list is used by default. * It also is substituted when an application-defined cipher list string * starts with 'DEFAULT'. */ #define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */ /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ #define SSL_SENT_SHUTDOWN 1 #define SSL_RECEIVED_SHUTDOWN 2 #ifdef __cplusplus } #endif #ifdef __cplusplus extern "C" { #endif #if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2) #define OPENSSL_NO_SSL2 #endif #define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 #define SSL_FILETYPE_PEM X509_FILETYPE_PEM /* This is needed to stop compilers complaining about the * 'struct ssl_st *' function parameters used to prototype callbacks * in SSL_CTX. */ typedef struct ssl_st *ssl_crock_st; /* used to hold info on the particular ciphers used */ typedef struct ssl_cipher_st { int valid; const char *name; /* text name */ unsigned long id; /* id, 4 bytes, first is version */ unsigned long algorithms; /* what ciphers are used */ unsigned long algo_strength; /* strength and export flags */ unsigned long algorithm2; /* Extra flags */ int strength_bits; /* Number of bits really used */ int alg_bits; /* Number of bits for algorithm */ unsigned long mask; /* used for matching */ unsigned long mask_strength; /* also used for matching */ } SSL_CIPHER; DECLARE_STACK_OF(SSL_CIPHER) /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ typedef struct ssl_method_st { int version; int (*ssl_new)(SSL *s); void (*ssl_clear)(SSL *s); void (*ssl_free)(SSL *s); int (*ssl_accept)(SSL *s); int (*ssl_connect)(SSL *s); int (*ssl_read)(SSL *s,void *buf,int len); int (*ssl_peek)(SSL *s,void *buf,int len); int (*ssl_write)(SSL *s,const void *buf,int len); int (*ssl_shutdown)(SSL *s); int (*ssl_renegotiate)(SSL *s); int (*ssl_renegotiate_check)(SSL *s); long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long max, int *ok); int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, int peek); int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); int (*ssl_dispatch_alert)(SSL *s); long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr); int (*ssl_pending)(const SSL *s); int (*num_ciphers)(void); SSL_CIPHER *(*get_cipher)(unsigned ncipher); struct ssl_method_st *(*get_ssl_method)(int version); long (*get_timeout)(void); struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ int (*ssl_version)(void); long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); } SSL_METHOD; /* Lets make this into an ASN.1 type structure as follows * SSL_SESSION_ID ::= SEQUENCE { * version INTEGER, -- structure version number * SSLversion INTEGER, -- SSL version number * Cipher OCTET_STRING, -- the 3 byte cipher ID * Session_ID OCTET_STRING, -- the Session ID * Master_key OCTET_STRING, -- the master key * KRB5_principal OCTET_STRING -- optional Kerberos principal * Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context * Verify_result [ 5 ] EXPLICIT INTEGER -- X509_V_... code for `Peer' * Compression [6] IMPLICIT ASN1_OBJECT -- compression OID XXXXX * } * Look in ssl/ssl_asn1.c for more details * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). */ typedef struct ssl_session_st { int ssl_version; /* what ssl version session info is * being kept in here? */ /* only really used in SSLv2 */ unsigned int key_arg_length; unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; int master_key_length; unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; /* session_id - valid? */ unsigned int session_id_length; unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* this is used to determine whether the session is being reused in * the appropriate context. It is up to the application to set this, * via SSL_new */ unsigned int sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; #ifndef OPENSSL_NO_KRB5 unsigned int krb5_client_princ_len; unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; #endif /* OPENSSL_NO_KRB5 */ int not_resumable; /* The cert is the certificate used to establish this connection */ struct sess_cert_st /* SESS_CERT */ *sess_cert; /* This is the cert for the other end. * On clients, it will be the same as sess_cert->peer_key->x509 * (the latter is not enough as sess_cert is not retained * in the external representation of sessions, see ssl_asn1.c). */ X509 *peer; /* when app_verify_callback accepts a session where the peer's certificate * is not ok, we must remember the error for session reuse: */ long verify_result; /* only for servers */ int references; long timeout; long time; int compress_meth; /* Need to lookup the method */ SSL_CIPHER *cipher; unsigned long cipher_id; /* when ASN.1 loaded, this * needs to be used to load * the 'cipher' structure */ STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ CRYPTO_EX_DATA ex_data; /* application specific data */ /* These are used to make removal of session-ids more * efficient and to implement a maximum cache size. */ struct ssl_session_st *prev,*next; #ifndef OPENSSL_NO_TLSEXT char *tlsext_hostname; /* RFC4507 info */ unsigned char *tlsext_tick; /* Session ticket */ size_t tlsext_ticklen; /* Session ticket length */ long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ #endif } SSL_SESSION; #define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L #define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L /* Allow initial connection to servers that don't support RI */ #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L #define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */ #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L #define SSL_OP_TLS_D5_BUG 0x00000100L #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added * in OpenSSL 0.9.6d. Usually (depending on the application protocol) * the workaround is not needed. Unfortunately some broken SSL/TLS * implementations cannot handle it at all, which is why we include * it in SSL_OP_ALL. */ #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */ /* SSL_OP_ALL: various bug workarounds that should be rather harmless. * This used to be 0x000FFFFFL before 0.9.7. */ #define SSL_OP_ALL 0x00000FFFL /* DTLS options */ #define SSL_OP_NO_QUERY_MTU 0x00001000L /* Turn on Cookie Exchange (on relevant for servers) */ #define SSL_OP_COOKIE_EXCHANGE 0x00002000L /* Don't use RFC4507 ticket extension */ #define SSL_OP_NO_TICKET 0x00004000L /* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ #define SSL_OP_CISCO_ANYCONNECT 0x00008000L /* As server, disallow session resumption on renegotiation */ #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L /* Permit unsafe legacy renegotiation */ #define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L /* If set, always create a new key when using tmp_ecdh parameters */ #define SSL_OP_SINGLE_ECDH_USE 0x00080000L /* If set, always create a new key when using tmp_dh parameters */ #define SSL_OP_SINGLE_DH_USE 0x00100000L /* Set to always use the tmp_rsa key when doing RSA operations, * even when this violates protocol specs */ #define SSL_OP_EPHEMERAL_RSA 0x00200000L /* Set on servers to choose the cipher according to the server's * preferences */ #define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L /* If set, a server will allow a client to issue a SSLv3.0 version number * as latest version supported in the premaster secret, even when TLSv1.0 * (version 3.1) was announced in the client hello. Normally this is * forbidden to prevent version rollback attacks. */ #define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L #define SSL_OP_NO_SSLv2 0x01000000L #define SSL_OP_NO_SSLv3 0x02000000L #define SSL_OP_NO_TLSv1 0x04000000L /* The next flag deliberately changes the ciphertest, this is a check * for the PKCS#1 attack */ #define SSL_OP_PKCS1_CHECK_1 0x08000000L #define SSL_OP_PKCS1_CHECK_2 0x10000000L #define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success * when just a single record has been written): */ #define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L /* Make it possible to retry SSL_write() with changed buffer location * (buffer contents must stay the same!); this is not the default to avoid * the misconception that non-blocking SSL_write() behaves like * non-blocking write(): */ #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L /* Never bother the application with retries if the transport * is blocking: */ #define SSL_MODE_AUTO_RETRY 0x00000004L /* Don't attempt to automatically build certificate chain */ #define SSL_MODE_NO_AUTO_CHAIN 0x00000008L +/* Send TLS_FALLBACK_SCSV in the ClientHello. + * To be set by applications that reconnect with a downgraded protocol + * version; see draft-ietf-tls-downgrade-scsv-00 for details. */ +#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, * they cannot be used to clear bits. */ #define SSL_CTX_set_options(ctx,op) \ SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) #define SSL_CTX_clear_options(ctx,op) \ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) #define SSL_CTX_get_options(ctx) \ SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) #define SSL_set_options(ssl,op) \ SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) #define SSL_clear_options(ssl,op) \ SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) #define SSL_get_options(ssl) \ SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) #define SSL_CTX_set_mode(ctx,op) \ SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) #define SSL_CTX_clear_mode(ctx,op) \ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) #define SSL_CTX_get_mode(ctx) \ SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) #define SSL_clear_mode(ssl,op) \ SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) #define SSL_set_mode(ssl,op) \ SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) #define SSL_get_mode(ssl) \ SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) #define SSL_set_mtu(ssl, mtu) \ SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) #define SSL_get_secure_renegotiation_support(ssl) \ SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); #define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) #define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) #if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) #define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */ #else #define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */ #endif #define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) /* This callback type is used inside SSL_CTX, SSL, and in the functions that set * them. It is used to override the generation of SSL/TLS session IDs in a * server. Return value should be zero on an error, non-zero to proceed. Also, * callbacks should themselves check if the id they generate is unique otherwise * the SSL handshake will fail with an error - callbacks can do this using the * 'ssl' value they're passed by; * SSL_has_matching_session_id(ssl, id, *id_len) * The length value passed in is set at the maximum size the session ID can be. * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback * can alter this length to be less if desired, but under SSLv2 session IDs are * supposed to be fixed at 16 bytes so the id will be padded after the callback * returns in this case. It is also an error for the callback to set the size to * zero. */ typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, unsigned int *id_len); typedef struct ssl_comp_st { int id; const char *name; #ifndef OPENSSL_NO_COMP COMP_METHOD *method; #else char *method; #endif } SSL_COMP; DECLARE_STACK_OF(SSL_COMP) struct ssl_ctx_st { SSL_METHOD *method; STACK_OF(SSL_CIPHER) *cipher_list; /* same as above but sorted for lookup */ STACK_OF(SSL_CIPHER) *cipher_list_by_id; struct x509_store_st /* X509_STORE */ *cert_store; struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSIONs */ /* Most session-ids that will be cached, default is * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */ unsigned long session_cache_size; struct ssl_session_st *session_cache_head; struct ssl_session_st *session_cache_tail; /* This can have one of 2 values, ored together, * SSL_SESS_CACHE_CLIENT, * SSL_SESS_CACHE_SERVER, * Default is SSL_SESSION_CACHE_SERVER, which means only * SSL_accept which cache SSL_SESSIONS. */ int session_cache_mode; /* If timeout is not 0, it is the default timeout value set * when SSL_new() is called. This has been put in to make * life easier to set things up */ long session_timeout; /* If this callback is not null, it will be called each * time a session id is added to the cache. If this function * returns 1, it means that the callback will do a * SSL_SESSION_free() when it has finished using it. Otherwise, * on 0, it means the callback has finished with it. * If remove_session_cb is not null, it will be called when * a session-id is removed from the cache. After the call, * OpenSSL will SSL_SESSION_free() it. */ int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess); void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess); SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy); struct { int sess_connect; /* SSL new conn - started */ int sess_connect_renegotiate;/* SSL reneg - requested */ int sess_connect_good; /* SSL new conne/reneg - finished */ int sess_accept; /* SSL new accept - started */ int sess_accept_renegotiate;/* SSL reneg - requested */ int sess_accept_good; /* SSL accept/reneg - finished */ int sess_miss; /* session lookup misses */ int sess_timeout; /* reuse attempt on timeouted session */ int sess_cache_full; /* session removed due to full cache */ int sess_hit; /* session reuse actually done */ int sess_cb_hit; /* session-id that was not * in the cache was * passed back via the callback. This * indicates that the application is * supplying session-id's from other * processes - spooky :-) */ } stats; int references; /* if defined, these override the X509_verify_cert() calls */ int (*app_verify_callback)(X509_STORE_CTX *, void *); void *app_verify_arg; /* before OpenSSL 0.9.7, 'app_verify_arg' was ignored * ('app_verify_callback' was called with just one argument) */ /* Default password callback. */ pem_password_cb *default_passwd_callback; /* Default password callback user data. */ void *default_passwd_callback_userdata; /* get client cert callback */ int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); /* cookie generate callback */ int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len); /* verify cookie callback */ int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len); CRYPTO_EX_DATA ex_data; const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */ const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ STACK_OF(X509) *extra_certs; STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ /* Default values used when no per-SSL value is defined follow */ void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */ /* what we put in client cert requests */ STACK_OF(X509_NAME) *client_CA; /* Default values to use in SSL structures follow (these are copied by SSL_new) */ unsigned long options; unsigned long mode; long max_cert_list; struct cert_st /* CERT */ *cert; int read_ahead; /* callback that allows applications to peek at protocol messages */ void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); void *msg_callback_arg; int verify_mode; unsigned int sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */ /* Default generate session ID callback. */ GEN_SESSION_CB generate_session_id; X509_VERIFY_PARAM *param; #if 0 int purpose; /* Purpose setting */ int trust; /* Trust setting */ #endif int quiet_shutdown; #ifndef OPENSSL_ENGINE /* Engine to pass requests for client certs to */ ENGINE *client_cert_engine; #endif #ifndef OPENSSL_NO_TLSEXT /* TLS extensions servername callback */ int (*tlsext_servername_callback)(SSL*, int *, void *); void *tlsext_servername_arg; /* RFC 4507 session ticket keys */ unsigned char tlsext_tick_key_name[16]; unsigned char tlsext_tick_hmac_key[16]; unsigned char tlsext_tick_aes_key[16]; /* Callback to support customisation of ticket key setting */ int (*tlsext_ticket_key_cb)(SSL *ssl, unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc); /* certificate status request info */ /* Callback for status request */ int (*tlsext_status_cb)(SSL *ssl, void *arg); void *tlsext_status_arg; #endif }; #define SSL_SESS_CACHE_OFF 0x0000 #define SSL_SESS_CACHE_CLIENT 0x0001 #define SSL_SESS_CACHE_SERVER 0x0002 #define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) #define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 /* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 #define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 #define SSL_SESS_CACHE_NO_INTERNAL \ (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); #define SSL_CTX_sess_number(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) #define SSL_CTX_sess_connect(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) #define SSL_CTX_sess_connect_good(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) #define SSL_CTX_sess_connect_renegotiate(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) #define SSL_CTX_sess_accept(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) #define SSL_CTX_sess_accept_renegotiate(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) #define SSL_CTX_sess_accept_good(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) #define SSL_CTX_sess_hits(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) #define SSL_CTX_sess_cb_hits(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) #define SSL_CTX_sess_misses(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) #define SSL_CTX_sess_timeouts(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) #define SSL_CTX_sess_cache_full(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess)); int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess); void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess)); void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess); void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy)); SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy); void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val)); void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val); void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); #ifndef OPENSSL_NO_ENGINE int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); #endif void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); #define SSL_NOTHING 1 #define SSL_WRITING 2 #define SSL_READING 3 #define SSL_X509_LOOKUP 4 /* These will only be used when doing non-blocking IO */ #define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) #define SSL_want_read(s) (SSL_want(s) == SSL_READING) #define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) struct ssl_st { /* protocol version * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) */ int version; int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ SSL_METHOD *method; /* SSLv3 */ /* There are 2 BIO's even though they are normally both the * same. This is so data can be read and written to different * handlers */ #ifndef OPENSSL_NO_BIO BIO *rbio; /* used by SSL_read */ BIO *wbio; /* used by SSL_write */ BIO *bbio; /* used during session-id reuse to concatenate * messages */ #else char *rbio; /* used by SSL_read */ char *wbio; /* used by SSL_write */ char *bbio; #endif /* This holds a variable that indicates what we were doing * when a 0 or -1 is returned. This is needed for * non-blocking IO so we know what request needs re-doing when * in SSL_accept or SSL_connect */ int rwstate; /* true when we are actually in SSL_accept() or SSL_connect() */ int in_handshake; int (*handshake_func)(SSL *); /* Imagine that here's a boolean member "init" that is * switched as soon as SSL_set_{accept/connect}_state * is called for the first time, so that "state" and * "handshake_func" are properly initialized. But as * handshake_func is == 0 until then, we use this * test instead of an "init" member. */ int server; /* are we the server side? - mostly used by SSL_clear*/ int new_session;/* 1 if we are to use a new session. * 2 if we are a server and are inside a handshake * (i.e. not just sending a HelloRequest) * NB: For servers, the 'new' session may actually be a previously * cached session or even the previous session unless * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ int quiet_shutdown;/* don't send shutdown packets */ int shutdown; /* we have shut things down, 0x01 sent, 0x02 * for received */ int state; /* where we are */ int rstate; /* where we are when reading */ BUF_MEM *init_buf; /* buffer used during init */ void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */ int init_num; /* amount read/written */ int init_off; /* amount read/written */ /* used internally to point at a raw packet */ unsigned char *packet; unsigned int packet_length; struct ssl2_state_st *s2; /* SSLv2 variables */ struct ssl3_state_st *s3; /* SSLv3 variables */ struct dtls1_state_st *d1; /* DTLSv1 variables */ int read_ahead; /* Read as many input bytes as possible * (for non-blocking reads) */ /* callback that allows applications to peek at protocol messages */ void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); void *msg_callback_arg; int hit; /* reusing a previous session */ X509_VERIFY_PARAM *param; #if 0 int purpose; /* Purpose setting */ int trust; /* Trust setting */ #endif /* crypto */ STACK_OF(SSL_CIPHER) *cipher_list; STACK_OF(SSL_CIPHER) *cipher_list_by_id; /* These are the ones being used, the ones in SSL_SESSION are * the ones to be 'copied' into these ones */ EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ const EVP_MD *read_hash; /* used for mac generation */ #ifndef OPENSSL_NO_COMP COMP_CTX *expand; /* uncompress */ #else char *expand; #endif EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ const EVP_MD *write_hash; /* used for mac generation */ #ifndef OPENSSL_NO_COMP COMP_CTX *compress; /* compression */ #else char *compress; #endif /* session info */ /* client cert? */ /* This is used to hold the server certificate used */ struct cert_st /* CERT */ *cert; /* the session_id_context is used to ensure sessions are only reused * in the appropriate context */ unsigned int sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; /* This can also be in the session once a session is established */ SSL_SESSION *session; /* Default generate session ID callback. */ GEN_SESSION_CB generate_session_id; /* Used in SSL2 and SSL3 */ int verify_mode; /* 0 don't care about verify failure. * 1 fail if verify fails */ int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */ void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */ int error; /* error bytes to be written */ int error_code; /* actual code */ #ifndef OPENSSL_NO_KRB5 KSSL_CTX *kssl_ctx; /* Kerberos 5 context */ #endif /* OPENSSL_NO_KRB5 */ SSL_CTX *ctx; /* set this flag to 1 and a sleep(1) is put into all SSL_read() * and SSL_write() calls, good for nbio debuging :-) */ int debug; /* extra application data */ long verify_result; CRYPTO_EX_DATA ex_data; /* for server side, keep the list of CA_dn we can use */ STACK_OF(X509_NAME) *client_CA; int references; unsigned long options; /* protocol behaviour */ unsigned long mode; /* API behaviour */ long max_cert_list; int first_packet; int client_version; /* what was passed, used for * SSLv3/TLS rollback check */ #ifndef OPENSSL_NO_TLSEXT /* TLS extension debug callback */ void (*tlsext_debug_cb)(SSL *s, int client_server, int type, unsigned char *data, int len, void *arg); void *tlsext_debug_arg; char *tlsext_hostname; int servername_done; /* no further mod of servername 0 : call the servername extension callback. 1 : prepare 2, allow last ack just after in server callback. 2 : don't call servername callback, no ack in server hello */ /* certificate status request info */ /* Status type or -1 if no status type */ int tlsext_status_type; /* Expect OCSP CertificateStatus message */ int tlsext_status_expected; /* OCSP status request only */ STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; X509_EXTENSIONS *tlsext_ocsp_exts; /* OCSP response received or to be sent */ unsigned char *tlsext_ocsp_resp; int tlsext_ocsp_resplen; /* RFC4507 session ticket expected to be received or sent */ int tlsext_ticket_expected; SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ #define session_ctx initial_ctx #else #define session_ctx ctx #endif }; #ifdef __cplusplus } #endif #include #include #include /* This is mostly sslv3 with a few tweaks */ #include /* Datagram TLS */ #include #ifdef __cplusplus extern "C" { #endif /* compatibility */ #define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) #define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) #define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a)) #define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) #define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) #define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) /* The following are the possible values for ssl->state are are * used to indicate where we are up to in the SSL connection establishment. * The macros that follow are about the only things you should need to use * and even then, only when using non-blocking IO. * It can also be useful to work out where you were when the connection * failed */ #define SSL_ST_CONNECT 0x1000 #define SSL_ST_ACCEPT 0x2000 #define SSL_ST_MASK 0x0FFF #define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT) #define SSL_ST_BEFORE 0x4000 #define SSL_ST_OK 0x03 #define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) #define SSL_CB_LOOP 0x01 #define SSL_CB_EXIT 0x02 #define SSL_CB_READ 0x04 #define SSL_CB_WRITE 0x08 #define SSL_CB_ALERT 0x4000 /* used in callback */ #define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) #define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) #define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) #define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) #define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) #define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) #define SSL_CB_HANDSHAKE_START 0x10 #define SSL_CB_HANDSHAKE_DONE 0x20 /* Is the SSL_connection established? */ #define SSL_get_state(a) SSL_state(a) #define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) #define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT) #define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE) #define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT) #define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT) /* The following 2 states are kept in ssl->rstate when reads fail, * you should not need these */ #define SSL_ST_READ_HEADER 0xF0 #define SSL_ST_READ_BODY 0xF1 #define SSL_ST_READ_DONE 0xF2 /* Obtain latest Finished message * -- that we sent (SSL_get_finished) * -- that we expected from peer (SSL_get_peer_finished). * Returns length (0 == no Finished so far), copies up to 'count' bytes. */ size_t SSL_get_finished(const SSL *s, void *buf, size_t count); size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); /* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options * are 'ored' with SSL_VERIFY_PEER if they are desired */ #define SSL_VERIFY_NONE 0x00 #define SSL_VERIFY_PEER 0x01 #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 #define SSL_VERIFY_CLIENT_ONCE 0x04 #define OpenSSL_add_ssl_algorithms() SSL_library_init() #define SSLeay_add_ssl_algorithms() SSL_library_init() /* this is for backward compatibility */ #if 0 /* NEW_SSLEAY */ #define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c) #define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) #define SSL_add_session(a,b) SSL_CTX_add_session((a),(b)) #define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b)) #define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b)) #endif /* More backward compatibility */ #define SSL_get_cipher(s) \ SSL_CIPHER_get_name(SSL_get_current_cipher(s)) #define SSL_get_cipher_bits(s,np) \ SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) #define SSL_get_cipher_version(s) \ SSL_CIPHER_get_version(SSL_get_current_cipher(s)) #define SSL_get_cipher_name(s) \ SSL_CIPHER_get_name(SSL_get_current_cipher(s)) #define SSL_get_time(a) SSL_SESSION_get_time(a) #define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) #define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) #define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) #if 1 /*SSLEAY_MACROS*/ #define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) #define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) #define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) #define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u) #define PEM_write_SSL_SESSION(fp,x) \ PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) #define PEM_write_bio_SSL_SESSION(bp,x) \ PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL) #endif #define SSL_AD_REASON_OFFSET 1000 /* These alert types are for SSLv3 and TLSv1 */ #define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY #define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */ #define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */ #define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED #define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW #define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */ #define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */ #define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */ #define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE #define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE #define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED #define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED #define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN #define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */ #define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */ #define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */ #define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */ #define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR #define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */ #define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */ #define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */ #define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ #define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED #define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION #define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION #define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE #define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE +#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE +#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ +#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */ #define SSL_ERROR_NONE 0 #define SSL_ERROR_SSL 1 #define SSL_ERROR_WANT_READ 2 #define SSL_ERROR_WANT_WRITE 3 #define SSL_ERROR_WANT_X509_LOOKUP 4 #define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */ #define SSL_ERROR_ZERO_RETURN 6 #define SSL_ERROR_WANT_CONNECT 7 #define SSL_ERROR_WANT_ACCEPT 8 #define SSL_CTRL_NEED_TMP_RSA 1 #define SSL_CTRL_SET_TMP_RSA 2 #define SSL_CTRL_SET_TMP_DH 3 #define SSL_CTRL_SET_TMP_ECDH 4 #define SSL_CTRL_SET_TMP_RSA_CB 5 #define SSL_CTRL_SET_TMP_DH_CB 6 #define SSL_CTRL_SET_TMP_ECDH_CB 7 #define SSL_CTRL_GET_SESSION_REUSED 8 #define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 #define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 #define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 #define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 #define SSL_CTRL_GET_FLAGS 13 #define SSL_CTRL_EXTRA_CHAIN_CERT 14 #define SSL_CTRL_SET_MSG_CALLBACK 15 #define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 /* only applies to datagram connections */ #define SSL_CTRL_SET_MTU 17 /* Stats */ #define SSL_CTRL_SESS_NUMBER 20 #define SSL_CTRL_SESS_CONNECT 21 #define SSL_CTRL_SESS_CONNECT_GOOD 22 #define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 #define SSL_CTRL_SESS_ACCEPT 24 #define SSL_CTRL_SESS_ACCEPT_GOOD 25 #define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 #define SSL_CTRL_SESS_HIT 27 #define SSL_CTRL_SESS_CB_HIT 28 #define SSL_CTRL_SESS_MISSES 29 #define SSL_CTRL_SESS_TIMEOUTS 30 #define SSL_CTRL_SESS_CACHE_FULL 31 #define SSL_CTRL_OPTIONS 32 #define SSL_CTRL_MODE 33 #define SSL_CTRL_GET_READ_AHEAD 40 #define SSL_CTRL_SET_READ_AHEAD 41 #define SSL_CTRL_SET_SESS_CACHE_SIZE 42 #define SSL_CTRL_GET_SESS_CACHE_SIZE 43 #define SSL_CTRL_SET_SESS_CACHE_MODE 44 #define SSL_CTRL_GET_SESS_CACHE_MODE 45 #define SSL_CTRL_GET_MAX_CERT_LIST 50 #define SSL_CTRL_SET_MAX_CERT_LIST 51 /* see tls1.h for macros based on these */ #ifndef OPENSSL_NO_TLSEXT #define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 #define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 #define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 #define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 #define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 #define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 #endif #define DTLS_CTRL_GET_TIMEOUT 73 #define DTLS_CTRL_HANDLE_TIMEOUT 74 #define DTLS_CTRL_LISTEN 75 #define SSL_CTRL_GET_RI_SUPPORT 76 #define SSL_CTRL_CLEAR_OPTIONS 77 #define SSL_CTRL_CLEAR_MODE 78 +#define SSL_CTRL_CHECK_PROTO_VERSION 119 + #define DTLSv1_get_timeout(ssl, arg) \ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) #define DTLSv1_handle_timeout(ssl) \ SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) #define DTLSv1_listen(ssl, peer) \ SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) #define SSL_session_reused(ssl) \ SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) #define SSL_num_renegotiations(ssl) \ SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) #define SSL_clear_num_renegotiations(ssl) \ SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) #define SSL_total_renegotiations(ssl) \ SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) #define SSL_CTX_need_tmp_RSA(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) #define SSL_CTX_set_tmp_rsa(ctx,rsa) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) #define SSL_CTX_set_tmp_dh(ctx,dh) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) #define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) #define SSL_need_tmp_RSA(ssl) \ SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) #define SSL_set_tmp_rsa(ssl,rsa) \ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) #define SSL_set_tmp_dh(ssl,dh) \ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) #define SSL_set_tmp_ecdh(ssl,ecdh) \ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) #ifndef OPENSSL_NO_BIO BIO_METHOD *BIO_f_ssl(void); BIO *BIO_new_ssl(SSL_CTX *ctx,int client); BIO *BIO_new_ssl_connect(SSL_CTX *ctx); BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); int BIO_ssl_copy_session_id(BIO *to,BIO *from); void BIO_ssl_shutdown(BIO *ssl_bio); #endif int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str); SSL_CTX *SSL_CTX_new(SSL_METHOD *meth); void SSL_CTX_free(SSL_CTX *); long SSL_CTX_set_timeout(SSL_CTX *ctx,long t); long SSL_CTX_get_timeout(const SSL_CTX *ctx); X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *); int SSL_want(const SSL *s); int SSL_clear(SSL *s); void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm); SSL_CIPHER *SSL_get_current_cipher(const SSL *s); int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits); char * SSL_CIPHER_get_version(const SSL_CIPHER *c); const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); int SSL_get_fd(const SSL *s); int SSL_get_rfd(const SSL *s); int SSL_get_wfd(const SSL *s); const char * SSL_get_cipher_list(const SSL *s,int n); char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len); int SSL_get_read_ahead(const SSL * s); int SSL_pending(const SSL *s); #ifndef OPENSSL_NO_SOCK int SSL_set_fd(SSL *s, int fd); int SSL_set_rfd(SSL *s, int fd); int SSL_set_wfd(SSL *s, int fd); #endif #ifndef OPENSSL_NO_BIO void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio); BIO * SSL_get_rbio(const SSL *s); BIO * SSL_get_wbio(const SSL *s); #endif int SSL_set_cipher_list(SSL *s, const char *str); void SSL_set_read_ahead(SSL *s, int yes); int SSL_get_verify_mode(const SSL *s); int SSL_get_verify_depth(const SSL *s); int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *); void SSL_set_verify(SSL *s, int mode, int (*callback)(int ok,X509_STORE_CTX *ctx)); void SSL_set_verify_depth(SSL *s, int depth); #ifndef OPENSSL_NO_RSA int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); #endif int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len); int SSL_use_certificate(SSL *ssl, X509 *x); int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); #ifndef OPENSSL_NO_STDIO int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); int SSL_use_certificate_file(SSL *ssl, const char *file, int type); int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *file); #ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *dir); #endif #endif #endif void SSL_load_error_strings(void ); const char *SSL_state_string(const SSL *s); const char *SSL_rstate_string(const SSL *s); const char *SSL_state_string_long(const SSL *s); const char *SSL_rstate_string_long(const SSL *s); long SSL_SESSION_get_time(const SSL_SESSION *s); long SSL_SESSION_set_time(SSL_SESSION *s, long t); long SSL_SESSION_get_timeout(const SSL_SESSION *s); long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); void SSL_copy_session_id(SSL *to,const SSL *from); SSL_SESSION *SSL_SESSION_new(void); unsigned long SSL_SESSION_hash(const SSL_SESSION *a); int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b); const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); #ifndef OPENSSL_NO_FP_API int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); #endif #ifndef OPENSSL_NO_BIO int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses); #endif void SSL_SESSION_free(SSL_SESSION *ses); int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); int SSL_set_session(SSL *to, SSL_SESSION *session); int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, unsigned int id_len); SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp, long length); #ifdef HEADER_X509_H X509 * SSL_get_peer_certificate(const SSL *s); #endif STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *); void SSL_CTX_set_verify(SSL_CTX *ctx,int mode, int (*callback)(int, X509_STORE_CTX *)); void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg); #ifndef OPENSSL_NO_RSA int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); #endif int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx, const unsigned char *d, long len); int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); int SSL_CTX_check_private_key(const SSL_CTX *ctx); int SSL_check_private_key(const SSL *ctx); int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, unsigned int sid_ctx_len); SSL * SSL_new(SSL_CTX *ctx); int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, unsigned int sid_ctx_len); int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); int SSL_set_purpose(SSL *s, int purpose); int SSL_CTX_set_trust(SSL_CTX *s, int trust); int SSL_set_trust(SSL *s, int trust); void SSL_free(SSL *ssl); int SSL_accept(SSL *ssl); int SSL_connect(SSL *ssl); int SSL_read(SSL *ssl,void *buf,int num); int SSL_peek(SSL *ssl,void *buf,int num); int SSL_write(SSL *ssl,const void *buf,int num); long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); long SSL_callback_ctrl(SSL *, int, void (*)(void)); long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg); long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); int SSL_get_error(const SSL *s,int ret_code); const char *SSL_get_version(const SSL *s); /* This sets the 'default' SSL version that SSL_new() will create */ int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth); SSL_METHOD *SSLv2_method(void); /* SSLv2 */ SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ SSL_METHOD *SSLv3_method(void); /* SSLv3 */ SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */ SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */ SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); int SSL_do_handshake(SSL *s); int SSL_renegotiate(SSL *s); int SSL_renegotiate_pending(SSL *s); int SSL_shutdown(SSL *s); SSL_METHOD *SSL_get_ssl_method(SSL *s); int SSL_set_ssl_method(SSL *s,SSL_METHOD *method); const char *SSL_alert_type_string_long(int value); const char *SSL_alert_type_string(int value); const char *SSL_alert_desc_string_long(int value); const char *SSL_alert_desc_string(int value); void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); int SSL_add_client_CA(SSL *ssl,X509 *x); int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); void SSL_set_connect_state(SSL *s); void SSL_set_accept_state(SSL *s); long SSL_get_default_timeout(const SSL *s); int SSL_library_init(void ); char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size); STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); SSL *SSL_dup(SSL *ssl); X509 *SSL_get_certificate(const SSL *ssl); /* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl); void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode); int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); void SSL_set_quiet_shutdown(SSL *ssl,int mode); int SSL_get_quiet_shutdown(const SSL *ssl); void SSL_set_shutdown(SSL *ssl,int mode); int SSL_get_shutdown(const SSL *ssl); int SSL_version(const SSL *ssl); int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); #define SSL_get0_session SSL_get_session /* just peek at pointer */ SSL_SESSION *SSL_get_session(const SSL *ssl); SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx); void SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl,int type,int val)); void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val); int SSL_state(const SSL *ssl); void SSL_set_verify_result(SSL *ssl,long v); long SSL_get_verify_result(const SSL *ssl); int SSL_set_ex_data(SSL *ssl,int idx,void *data); void *SSL_get_ex_data(const SSL *ssl,int idx); int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data); void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx); int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data); void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx); int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int SSL_get_ex_data_X509_STORE_CTX_idx(void ); #define SSL_CTX_sess_set_cache_size(ctx,t) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) #define SSL_CTX_sess_get_cache_size(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) #define SSL_CTX_set_session_cache_mode(ctx,m) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) #define SSL_CTX_get_session_cache_mode(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) #define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) #define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) #define SSL_CTX_get_read_ahead(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) #define SSL_CTX_set_read_ahead(ctx,m) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) #define SSL_CTX_get_max_cert_list(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) #define SSL_CTX_set_max_cert_list(ctx,m) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) #define SSL_get_max_cert_list(ssl) \ SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) #define SSL_set_max_cert_list(ssl,m) \ SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) /* NB: the keylength is only applicable when is_export is true */ #ifndef OPENSSL_NO_RSA void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl,int is_export, int keylength)); void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl,int is_export, int keylength)); #endif #ifndef OPENSSL_NO_DH void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl,int is_export, int keylength)); void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl,int is_export, int keylength)); #endif #ifndef OPENSSL_NO_ECDH void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl,int is_export, int keylength)); void SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl,int is_export, int keylength)); #endif #ifndef OPENSSL_NO_COMP const COMP_METHOD *SSL_get_current_compression(SSL *s); const COMP_METHOD *SSL_get_current_expansion(SSL *s); const char *SSL_COMP_get_name(const COMP_METHOD *comp); STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); #else const void *SSL_get_current_compression(SSL *s); const void *SSL_get_current_expansion(SSL *s); const char *SSL_COMP_get_name(const void *comp); void *SSL_COMP_get_compression_methods(void); int SSL_COMP_add_compression_method(int id,void *cm); #endif /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ void ERR_load_SSL_strings(void); /* Error codes for the SSL functions. */ /* Function codes. */ #define SSL_F_CLIENT_CERTIFICATE 100 #define SSL_F_CLIENT_FINISHED 167 #define SSL_F_CLIENT_HELLO 101 #define SSL_F_CLIENT_MASTER_KEY 102 #define SSL_F_D2I_SSL_SESSION 103 #define SSL_F_DO_DTLS1_WRITE 245 #define SSL_F_DO_SSL3_WRITE 104 #define SSL_F_DTLS1_ACCEPT 246 #define SSL_F_DTLS1_ADD_CERT_TO_BUF 280 #define SSL_F_DTLS1_BUFFER_RECORD 247 #define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 293 #define SSL_F_DTLS1_CLIENT_HELLO 248 #define SSL_F_DTLS1_CONNECT 249 #define SSL_F_DTLS1_ENC 250 #define SSL_F_DTLS1_GET_HELLO_VERIFY 251 #define SSL_F_DTLS1_GET_MESSAGE 252 #define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 #define SSL_F_DTLS1_GET_RECORD 254 #define SSL_F_DTLS1_HANDLE_TIMEOUT 282 #define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 #define SSL_F_DTLS1_PREPROCESS_FRAGMENT 277 #define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 #define SSL_F_DTLS1_PROCESS_RECORD 257 #define SSL_F_DTLS1_READ_BYTES 258 #define SSL_F_DTLS1_READ_FAILED 259 #define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 #define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 #define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 #define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 #define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 #define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 #define SSL_F_DTLS1_SEND_SERVER_HELLO 266 #define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 #define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 #define SSL_F_GET_CLIENT_FINISHED 105 #define SSL_F_GET_CLIENT_HELLO 106 #define SSL_F_GET_CLIENT_MASTER_KEY 107 #define SSL_F_GET_SERVER_FINISHED 108 #define SSL_F_GET_SERVER_HELLO 109 #define SSL_F_GET_SERVER_VERIFY 110 #define SSL_F_I2D_SSL_SESSION 111 #define SSL_F_READ_N 112 #define SSL_F_REQUEST_CERTIFICATE 113 #define SSL_F_SERVER_FINISH 239 #define SSL_F_SERVER_HELLO 114 #define SSL_F_SERVER_VERIFY 240 #define SSL_F_SSL23_ACCEPT 115 #define SSL_F_SSL23_CLIENT_HELLO 116 #define SSL_F_SSL23_CONNECT 117 #define SSL_F_SSL23_GET_CLIENT_HELLO 118 #define SSL_F_SSL23_GET_SERVER_HELLO 119 #define SSL_F_SSL23_PEEK 237 #define SSL_F_SSL23_READ 120 #define SSL_F_SSL23_WRITE 121 #define SSL_F_SSL2_ACCEPT 122 #define SSL_F_SSL2_CONNECT 123 #define SSL_F_SSL2_ENC_INIT 124 #define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 #define SSL_F_SSL2_PEEK 234 #define SSL_F_SSL2_READ 125 #define SSL_F_SSL2_READ_INTERNAL 236 #define SSL_F_SSL2_SET_CERTIFICATE 126 #define SSL_F_SSL2_WRITE 127 #define SSL_F_SSL3_ACCEPT 128 #define SSL_F_SSL3_ADD_CERT_TO_BUF 281 #define SSL_F_SSL3_CALLBACK_CTRL 233 #define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 #define SSL_F_SSL3_CHECK_CLIENT_HELLO 292 #define SSL_F_SSL3_CLIENT_HELLO 131 #define SSL_F_SSL3_CONNECT 132 #define SSL_F_SSL3_CTRL 213 #define SSL_F_SSL3_CTX_CTRL 133 #define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 279 #define SSL_F_SSL3_ENC 134 #define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 #define SSL_F_SSL3_GET_CERT_STATUS 288 #define SSL_F_SSL3_GET_CERT_VERIFY 136 #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 #define SSL_F_SSL3_GET_CLIENT_HELLO 138 #define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 #define SSL_F_SSL3_GET_FINISHED 140 #define SSL_F_SSL3_GET_KEY_EXCHANGE 141 #define SSL_F_SSL3_GET_MESSAGE 142 #define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 #define SSL_F_SSL3_GET_RECORD 143 #define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 #define SSL_F_SSL3_GET_SERVER_DONE 145 #define SSL_F_SSL3_GET_SERVER_HELLO 146 #define SSL_F_SSL3_NEW_SESSION_TICKET 284 #define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 #define SSL_F_SSL3_PEEK 235 #define SSL_F_SSL3_READ_BYTES 148 #define SSL_F_SSL3_READ_N 149 #define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 #define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 #define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 #define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 #define SSL_F_SSL3_SEND_SERVER_HELLO 242 #define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 #define SSL_F_SSL3_SETUP_BUFFERS 156 #define SSL_F_SSL3_SETUP_KEY_BLOCK 157 #define SSL_F_SSL3_WRITE_BYTES 158 #define SSL_F_SSL3_WRITE_PENDING 159 #define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 285 #define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 272 #define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 #define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 286 #define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 273 #define SSL_F_SSL_BAD_METHOD 160 #define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 #define SSL_F_SSL_CERT_DUP 221 #define SSL_F_SSL_CERT_INST 222 #define SSL_F_SSL_CERT_INSTANTIATE 214 #define SSL_F_SSL_CERT_NEW 162 #define SSL_F_SSL_CHECK_PRIVATE_KEY 163 #define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 274 #define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 #define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 #define SSL_F_SSL_CLEAR 164 #define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 #define SSL_F_SSL_CREATE_CIPHER_LIST 166 #define SSL_F_SSL_CTRL 232 #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 #define SSL_F_SSL_CTX_NEW 169 #define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 #define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 278 #define SSL_F_SSL_CTX_SET_PURPOSE 226 #define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 #define SSL_F_SSL_CTX_SET_SSL_VERSION 170 #define SSL_F_SSL_CTX_SET_TRUST 229 #define SSL_F_SSL_CTX_USE_CERTIFICATE 171 #define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 #define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 #define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 #define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 #define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 #define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 #define SSL_F_SSL_DO_HANDSHAKE 180 #define SSL_F_SSL_GET_NEW_SESSION 181 #define SSL_F_SSL_GET_PREV_SESSION 217 #define SSL_F_SSL_GET_SERVER_SEND_CERT 182 #define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 #define SSL_F_SSL_GET_SIGN_PKEY 183 #define SSL_F_SSL_INIT_WBIO_BUFFER 184 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 #define SSL_F_SSL_NEW 186 #define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 287 #define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 290 #define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 289 #define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 291 #define SSL_F_SSL_PEEK 270 #define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 275 #define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 276 #define SSL_F_SSL_READ 223 #define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 #define SSL_F_SSL_SESSION_NEW 189 #define SSL_F_SSL_SESSION_PRINT_FP 190 #define SSL_F_SSL_SESS_CERT_NEW 225 #define SSL_F_SSL_SET_CERT 191 #define SSL_F_SSL_SET_CIPHER_LIST 271 #define SSL_F_SSL_SET_FD 192 #define SSL_F_SSL_SET_PKEY 193 #define SSL_F_SSL_SET_PURPOSE 227 #define SSL_F_SSL_SET_RFD 194 #define SSL_F_SSL_SET_SESSION 195 #define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 #define SSL_F_SSL_SET_TRUST 228 #define SSL_F_SSL_SET_WFD 196 #define SSL_F_SSL_SHUTDOWN 224 #define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 #define SSL_F_SSL_UNDEFINED_FUNCTION 197 #define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 #define SSL_F_SSL_USE_CERTIFICATE 198 #define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 #define SSL_F_SSL_USE_CERTIFICATE_FILE 200 #define SSL_F_SSL_USE_PRIVATEKEY 201 #define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 #define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 #define SSL_F_SSL_USE_RSAPRIVATEKEY 204 #define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 #define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 #define SSL_F_SSL_VERIFY_CERT_CHAIN 207 #define SSL_F_SSL_WRITE 208 #define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 #define SSL_F_TLS1_ENC 210 #define SSL_F_TLS1_SETUP_KEY_BLOCK 211 #define SSL_F_WRITE_PENDING 212 /* Reason codes. */ #define SSL_R_APP_DATA_IN_HANDSHAKE 100 #define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 #define SSL_R_BAD_ALERT_RECORD 101 #define SSL_R_BAD_AUTHENTICATION_TYPE 102 #define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 #define SSL_R_BAD_CHECKSUM 104 #define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 #define SSL_R_BAD_DECOMPRESSION 107 #define SSL_R_BAD_DH_G_LENGTH 108 #define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 #define SSL_R_BAD_DH_P_LENGTH 110 #define SSL_R_BAD_DIGEST_LENGTH 111 #define SSL_R_BAD_DSA_SIGNATURE 112 #define SSL_R_BAD_ECC_CERT 304 #define SSL_R_BAD_ECDSA_SIGNATURE 305 #define SSL_R_BAD_ECPOINT 306 #define SSL_R_BAD_HELLO_REQUEST 105 #define SSL_R_BAD_LENGTH 271 #define SSL_R_BAD_MAC_DECODE 113 #define SSL_R_BAD_MESSAGE_TYPE 114 #define SSL_R_BAD_PACKET_LENGTH 115 #define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 #define SSL_R_BAD_RESPONSE_ARGUMENT 117 #define SSL_R_BAD_RSA_DECRYPT 118 #define SSL_R_BAD_RSA_ENCRYPT 119 #define SSL_R_BAD_RSA_E_LENGTH 120 #define SSL_R_BAD_RSA_MODULUS_LENGTH 121 #define SSL_R_BAD_RSA_SIGNATURE 122 #define SSL_R_BAD_SIGNATURE 123 #define SSL_R_BAD_SSL_FILETYPE 124 #define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 #define SSL_R_BAD_STATE 126 #define SSL_R_BAD_WRITE_RETRY 127 #define SSL_R_BIO_NOT_SET 128 #define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 #define SSL_R_BN_LIB 130 #define SSL_R_CA_DN_LENGTH_MISMATCH 131 #define SSL_R_CA_DN_TOO_LONG 132 #define SSL_R_CCS_RECEIVED_EARLY 133 #define SSL_R_CERTIFICATE_VERIFY_FAILED 134 #define SSL_R_CERT_LENGTH_MISMATCH 135 #define SSL_R_CHALLENGE_IS_DIFFERENT 136 #define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 #define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 #define SSL_R_CIPHER_TABLE_SRC_ERROR 139 #define SSL_R_CLIENTHELLO_TLSEXT 157 #define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 #define SSL_R_COMPRESSION_FAILURE 141 #define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 #define SSL_R_COMPRESSION_LIBRARY_ERROR 142 #define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 #define SSL_R_CONNECTION_TYPE_NOT_SET 144 #define SSL_R_COOKIE_MISMATCH 308 #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 #define SSL_R_DATA_LENGTH_TOO_LONG 146 #define SSL_R_DECRYPTION_FAILED 147 #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 #define SSL_R_DIGEST_CHECK_FAILED 149 #define SSL_R_DTLS_MESSAGE_TOO_BIG 318 #define SSL_R_DUPLICATE_COMPRESSION_ID 309 #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 #define SSL_R_EXTRA_DATA_IN_MESSAGE 153 #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 #define SSL_R_HTTPS_PROXY_REQUEST 155 #define SSL_R_HTTP_REQUEST 156 #define SSL_R_ILLEGAL_PADDING 283 +#define SSL_R_INAPPROPRIATE_FALLBACK 373 #define SSL_R_INVALID_CHALLENGE_LENGTH 158 #define SSL_R_INVALID_COMMAND 280 #define SSL_R_INVALID_PURPOSE 278 #define SSL_R_INVALID_STATUS_RESPONSE 316 #define SSL_R_INVALID_TICKET_KEYS_LENGTH 275 #define SSL_R_INVALID_TRUST 279 #define SSL_R_KEY_ARG_TOO_LONG 284 #define SSL_R_KRB5 285 #define SSL_R_KRB5_C_CC_PRINC 286 #define SSL_R_KRB5_C_GET_CRED 287 #define SSL_R_KRB5_C_INIT 288 #define SSL_R_KRB5_C_MK_REQ 289 #define SSL_R_KRB5_S_BAD_TICKET 290 #define SSL_R_KRB5_S_INIT 291 #define SSL_R_KRB5_S_RD_REQ 292 #define SSL_R_KRB5_S_TKT_EXPIRED 293 #define SSL_R_KRB5_S_TKT_NYV 294 #define SSL_R_KRB5_S_TKT_SKEW 295 #define SSL_R_LENGTH_MISMATCH 159 #define SSL_R_LENGTH_TOO_SHORT 160 #define SSL_R_LIBRARY_BUG 274 #define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 #define SSL_R_MESSAGE_TOO_LONG 296 #define SSL_R_MISSING_DH_DSA_CERT 162 #define SSL_R_MISSING_DH_KEY 163 #define SSL_R_MISSING_DH_RSA_CERT 164 #define SSL_R_MISSING_DSA_SIGNING_CERT 165 #define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 #define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 #define SSL_R_MISSING_RSA_CERTIFICATE 168 #define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 #define SSL_R_MISSING_RSA_SIGNING_CERT 170 #define SSL_R_MISSING_TMP_DH_KEY 171 #define SSL_R_MISSING_TMP_ECDH_KEY 311 #define SSL_R_MISSING_TMP_RSA_KEY 172 #define SSL_R_MISSING_TMP_RSA_PKEY 173 #define SSL_R_MISSING_VERIFY_MESSAGE 174 #define SSL_R_MULTIPLE_SGC_RESTARTS 325 #define SSL_R_NON_SSLV2_INITIAL_PACKET 175 #define SSL_R_NO_CERTIFICATES_RETURNED 176 #define SSL_R_NO_CERTIFICATE_ASSIGNED 177 #define SSL_R_NO_CERTIFICATE_RETURNED 178 #define SSL_R_NO_CERTIFICATE_SET 179 #define SSL_R_NO_CERTIFICATE_SPECIFIED 180 #define SSL_R_NO_CIPHERS_AVAILABLE 181 #define SSL_R_NO_CIPHERS_PASSED 182 #define SSL_R_NO_CIPHERS_SPECIFIED 183 #define SSL_R_NO_CIPHER_LIST 184 #define SSL_R_NO_CIPHER_MATCH 185 #define SSL_R_NO_CLIENT_CERT_METHOD 317 #define SSL_R_NO_CLIENT_CERT_RECEIVED 186 #define SSL_R_NO_COMPRESSION_SPECIFIED 187 #define SSL_R_NO_METHOD_SPECIFIED 188 #define SSL_R_NO_PRIVATEKEY 189 #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 #define SSL_R_NO_PROTOCOLS_AVAILABLE 191 #define SSL_R_NO_PUBLICKEY 192 #define SSL_R_NO_RENEGOTIATION 319 #define SSL_R_NO_SHARED_CIPHER 193 #define SSL_R_NO_VERIFY_CALLBACK 194 #define SSL_R_NULL_SSL_CTX 195 #define SSL_R_NULL_SSL_METHOD_PASSED 196 #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 #define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 #define SSL_R_PACKET_LENGTH_TOO_LONG 198 #define SSL_R_PARSE_TLSEXT 223 #define SSL_R_PATH_TOO_LONG 270 #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 #define SSL_R_PEER_ERROR 200 #define SSL_R_PEER_ERROR_CERTIFICATE 201 #define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 #define SSL_R_PEER_ERROR_NO_CIPHER 203 #define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 #define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 #define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 #define SSL_R_PROTOCOL_IS_SHUTDOWN 207 #define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 #define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 #define SSL_R_PUBLIC_KEY_NOT_RSA 210 #define SSL_R_READ_BIO_NOT_SET 211 #define SSL_R_READ_TIMEOUT_EXPIRED 312 #define SSL_R_READ_WRONG_PACKET_TYPE 212 #define SSL_R_RECORD_LENGTH_MISMATCH 213 #define SSL_R_RECORD_TOO_LARGE 214 #define SSL_R_RECORD_TOO_SMALL 298 #define SSL_R_RENEGOTIATE_EXT_TOO_LONG 320 #define SSL_R_RENEGOTIATION_ENCODING_ERR 321 #define SSL_R_RENEGOTIATION_MISMATCH 322 #define SSL_R_REQUIRED_CIPHER_MISSING 215 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 #define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 324 #define SSL_R_SERVERHELLO_TLSEXT 224 #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 #define SSL_R_SHORT_READ 219 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 #define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 #define SSL_R_SSL3_EXT_INVALID_SERVERNAME 225 #define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 226 #define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 #define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 #define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 #define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 #define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 #define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 #define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 #define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 #define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 #define SSL_R_SSL_HANDSHAKE_FAILURE 229 #define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 #define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 #define SSL_R_SSL_SESSION_ID_CONFLICT 302 #define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 #define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 #define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 #define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 #define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 #define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 #define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 #define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 #define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 #define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 #define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 #define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 #define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 #define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 +#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 +#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 +#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 +#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 +#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 #define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227 #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 #define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 #define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 #define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 #define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 #define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 #define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 #define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 #define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 #define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 #define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 #define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 #define SSL_R_UNEXPECTED_MESSAGE 244 #define SSL_R_UNEXPECTED_RECORD 245 #define SSL_R_UNINITIALIZED 276 #define SSL_R_UNKNOWN_ALERT_TYPE 246 #define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 #define SSL_R_UNKNOWN_CIPHER_RETURNED 248 #define SSL_R_UNKNOWN_CIPHER_TYPE 249 #define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 #define SSL_R_UNKNOWN_PKEY_TYPE 251 #define SSL_R_UNKNOWN_PROTOCOL 252 #define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 #define SSL_R_UNKNOWN_SSL_VERSION 254 #define SSL_R_UNKNOWN_STATE 255 #define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 323 #define SSL_R_UNSUPPORTED_CIPHER 256 #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 #define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 #define SSL_R_UNSUPPORTED_PROTOCOL 258 #define SSL_R_UNSUPPORTED_SSL_VERSION 259 #define SSL_R_UNSUPPORTED_STATUS_TYPE 329 #define SSL_R_WRITE_BIO_NOT_SET 260 #define SSL_R_WRONG_CIPHER_RETURNED 261 #define SSL_R_WRONG_MESSAGE_TYPE 262 #define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 #define SSL_R_WRONG_SIGNATURE_LENGTH 264 #define SSL_R_WRONG_SIGNATURE_SIZE 265 #define SSL_R_WRONG_SSL_VERSION 266 #define SSL_R_WRONG_VERSION_NUMBER 267 #define SSL_R_X509_LIB 268 #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 #ifdef __cplusplus } #endif #endif Index: releng/8.4/crypto/openssl/ssl/ssl3.h =================================================================== --- releng/8.4/crypto/openssl/ssl/ssl3.h (revision 273415) +++ releng/8.4/crypto/openssl/ssl/ssl3.h (revision 273416) @@ -1,586 +1,591 @@ /* ssl/ssl3.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * ECC cipher suite support in OpenSSL originally developed by * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ #ifndef HEADER_SSL3_H #define HEADER_SSL3_H #ifndef OPENSSL_NO_COMP #include #endif #include #include #include #include #ifdef __cplusplus extern "C" { #endif -/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */ +/* Signalling cipher suite value from RFC 5746 + * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */ #define SSL3_CK_SCSV 0x030000FF + +/* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 + * (TLS_FALLBACK_SCSV) */ +#define SSL3_CK_FALLBACK_SCSV 0x03005600 #define SSL3_CK_RSA_NULL_MD5 0x03000001 #define SSL3_CK_RSA_NULL_SHA 0x03000002 #define SSL3_CK_RSA_RC4_40_MD5 0x03000003 #define SSL3_CK_RSA_RC4_128_MD5 0x03000004 #define SSL3_CK_RSA_RC4_128_SHA 0x03000005 #define SSL3_CK_RSA_RC2_40_MD5 0x03000006 #define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 #define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 #define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 #define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A #define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B #define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C #define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D #define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E #define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F #define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 #define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 #define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 #define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 #define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 #define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 #define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 #define SSL3_CK_ADH_RC4_40_MD5 0x03000017 #define SSL3_CK_ADH_RC4_128_MD5 0x03000018 #define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 #define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A #define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B #define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C #define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D #if 0 /* Because it clashes with KRB5, is never used any more, and is safe to remove according to David Hopwood of the ietf-tls list */ #define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E #endif /* VRS Additional Kerberos5 entries */ #define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E #define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F #define SSL3_CK_KRB5_RC4_128_SHA 0x03000020 #define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021 #define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022 #define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023 #define SSL3_CK_KRB5_RC4_128_MD5 0x03000024 #define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025 #define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026 #define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027 #define SSL3_CK_KRB5_RC4_40_SHA 0x03000028 #define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029 #define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A #define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B #define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" #define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" #define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" #define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" #define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" #define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" #define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" #define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" #define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" #define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" #define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" #define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" #define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" #define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" #define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" #define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" #define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" #define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" #define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" #define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" #define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" #define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" #define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" #define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" #define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" #define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" #define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" #define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" #define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" #define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" #define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" #define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" #define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" #define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" #define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" #define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" #define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" #define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" #define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" #define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" #define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA" #define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" #define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5" #define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5" #define SSL3_SSL_SESSION_ID_LENGTH 32 #define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 #define SSL3_MASTER_SECRET_SIZE 48 #define SSL3_RANDOM_SIZE 32 #define SSL3_SESSION_ID_SIZE 32 #define SSL3_RT_HEADER_LENGTH 5 /* Due to MS stuffing up, this can change.... */ #if defined(OPENSSL_SYS_WIN16) || \ (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)) #define SSL3_RT_MAX_EXTRA (14000) #else #define SSL3_RT_MAX_EXTRA (16384) #endif #define SSL3_RT_MAX_PLAIN_LENGTH 16384 #ifdef OPENSSL_NO_COMP #define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH #else #define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH) #endif #define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH) #define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) #define SSL3_RT_MAX_DATA_SIZE (1024*1024) #define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" #define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" #define SSL3_VERSION 0x0300 #define SSL3_VERSION_MAJOR 0x03 #define SSL3_VERSION_MINOR 0x00 #define SSL3_RT_CHANGE_CIPHER_SPEC 20 #define SSL3_RT_ALERT 21 #define SSL3_RT_HANDSHAKE 22 #define SSL3_RT_APPLICATION_DATA 23 #define SSL3_AL_WARNING 1 #define SSL3_AL_FATAL 2 #define SSL3_AD_CLOSE_NOTIFY 0 #define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */ #define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */ #define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */ #define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */ #define SSL3_AD_NO_CERTIFICATE 41 #define SSL3_AD_BAD_CERTIFICATE 42 #define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 #define SSL3_AD_CERTIFICATE_REVOKED 44 #define SSL3_AD_CERTIFICATE_EXPIRED 45 #define SSL3_AD_CERTIFICATE_UNKNOWN 46 #define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */ typedef struct ssl3_record_st { /*r */ int type; /* type of record */ /*rw*/ unsigned int length; /* How many bytes available */ /*r */ unsigned int off; /* read/write offset into 'buf' */ /*rw*/ unsigned char *data; /* pointer to the record data */ /*rw*/ unsigned char *input; /* where the decode bytes are */ /*r */ unsigned char *comp; /* only used with decompression - malloc()ed */ /*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ /*r */ PQ_64BIT seq_num; /* sequence number, needed by DTLS1 */ } SSL3_RECORD; typedef struct ssl3_buffer_st { unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes, * see ssl3_setup_buffers() */ size_t len; /* buffer size */ int offset; /* where to 'copy from' */ int left; /* how many bytes left */ } SSL3_BUFFER; #define SSL3_CT_RSA_SIGN 1 #define SSL3_CT_DSS_SIGN 2 #define SSL3_CT_RSA_FIXED_DH 3 #define SSL3_CT_DSS_FIXED_DH 4 #define SSL3_CT_RSA_EPHEMERAL_DH 5 #define SSL3_CT_DSS_EPHEMERAL_DH 6 #define SSL3_CT_FORTEZZA_DMS 20 /* SSL3_CT_NUMBER is used to size arrays and it must be large * enough to contain all of the cert types defined either for * SSLv3 and TLSv1. */ #define SSL3_CT_NUMBER 7 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 #define SSL3_FLAGS_POP_BUFFER 0x0004 #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 /* SSL3_FLAGS_SGC_RESTART_DONE is set when we * restart a handshake because of MS SGC and so prevents us * from restarting the handshake in a loop. It's reset on a * renegotiation, so effectively limits the client to one restart * per negotiation. This limits the possibility of a DDoS * attack where the client handshakes in a loop using SGC to * restart. Servers which permit renegotiation can still be * effected, but we can't prevent that. */ #define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 #define SSL3_FLAGS_CCS_OK 0x0080 typedef struct ssl3_state_st { long flags; int delay_buf_pop_ret; unsigned char read_sequence[8]; unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; unsigned char write_sequence[8]; unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; unsigned char server_random[SSL3_RANDOM_SIZE]; unsigned char client_random[SSL3_RANDOM_SIZE]; /* flags for countermeasure against known-IV weakness */ int need_empty_fragments; int empty_fragment_done; SSL3_BUFFER rbuf; /* read IO goes into here */ SSL3_BUFFER wbuf; /* write IO goes into here */ SSL3_RECORD rrec; /* each decoded record goes in here */ SSL3_RECORD wrec; /* goes out from here */ /* storage for Alert/Handshake protocol data received but not * yet processed by ssl3_read_bytes: */ unsigned char alert_fragment[2]; unsigned int alert_fragment_len; unsigned char handshake_fragment[4]; unsigned int handshake_fragment_len; /* partial write - check the numbers match */ unsigned int wnum; /* number of bytes sent so far */ int wpend_tot; /* number bytes written */ int wpend_type; int wpend_ret; /* number of bytes submitted */ const unsigned char *wpend_buf; /* used during startup, digest all incoming/outgoing packets */ EVP_MD_CTX finish_dgst1; EVP_MD_CTX finish_dgst2; /* this is set whenerver we see a change_cipher_spec message * come in when we are not looking for one */ int change_cipher_spec; int warn_alert; int fatal_alert; /* we allow one fatal and one warning alert to be outstanding, * send close alert via the warning alert */ int alert_dispatch; unsigned char send_alert[2]; /* This flag is set when we should renegotiate ASAP, basically when * there is no more data in the read or write buffers */ int renegotiate; int total_renegotiations; int num_renegotiations; int in_read_app_data; struct { /* actually only needs to be 16+20 */ unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ unsigned char finish_md[EVP_MAX_MD_SIZE*2]; int finish_md_len; unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2]; int peer_finish_md_len; unsigned long message_size; int message_type; /* used to hold the new cipher we are going to use */ SSL_CIPHER *new_cipher; #ifndef OPENSSL_NO_DH DH *dh; #endif #ifndef OPENSSL_NO_ECDH EC_KEY *ecdh; /* holds short lived ECDH key */ #endif /* used when SSL_ST_FLUSH_DATA is entered */ int next_state; int reuse_message; /* used for certificate requests */ int cert_req; int ctype_num; char ctype[SSL3_CT_NUMBER]; STACK_OF(X509_NAME) *ca_names; int use_rsa_tmp; int key_block_length; unsigned char *key_block; const EVP_CIPHER *new_sym_enc; const EVP_MD *new_hash; #ifndef OPENSSL_NO_COMP const SSL_COMP *new_compression; #else char *new_compression; #endif int cert_request; } tmp; /* Connection binding to prevent renegotiation attacks */ unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; unsigned char previous_client_finished_len; unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; unsigned char previous_server_finished_len; int send_connection_binding; /* TODOEKR */ } SSL3_STATE; /* SSLv3 */ /*client */ /* extra state */ #define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) /* write to server */ #define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) #define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) /* read from server */ #define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) #define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) #define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT) #define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT) #define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) #define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) #define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) #define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT) #define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT) #define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) #define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) #define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) /* write to server */ #define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) #define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) #define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) #define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) #define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) #define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) #define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) #define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) #define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) /* read from server */ #define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) #define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) #define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) #define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) #define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) #define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) #define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) #define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) /* server */ /* extra state */ #define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) /* read from client */ /* Do not change the number values, they do matter */ #define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) #define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) #define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) /* write to client */ #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) #define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) #define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) #define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) #define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT) #define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT) #define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT) #define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT) #define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT) #define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT) #define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) #define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) #define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) #define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) /* read from client */ #define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) #define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) #define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) #define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) #define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) /* write to client */ #define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) #define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) #define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) #define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) #define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) #define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) #define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) #define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) #define SSL3_MT_HELLO_REQUEST 0 #define SSL3_MT_CLIENT_HELLO 1 #define SSL3_MT_SERVER_HELLO 2 #define SSL3_MT_NEWSESSION_TICKET 4 #define SSL3_MT_CERTIFICATE 11 #define SSL3_MT_SERVER_KEY_EXCHANGE 12 #define SSL3_MT_CERTIFICATE_REQUEST 13 #define SSL3_MT_SERVER_DONE 14 #define SSL3_MT_CERTIFICATE_VERIFY 15 #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 #define SSL3_MT_FINISHED 20 #define SSL3_MT_CERTIFICATE_STATUS 22 #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 #define SSL3_MT_CCS 1 /* These are used when changing over to a new cipher */ #define SSL3_CC_READ 0x01 #define SSL3_CC_WRITE 0x02 #define SSL3_CC_CLIENT 0x10 #define SSL3_CC_SERVER 0x20 #define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) #define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) #define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) #define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) #ifdef __cplusplus } #endif #endif Index: releng/8.4/crypto/openssl/ssl/ssl_err.c =================================================================== --- releng/8.4/crypto/openssl/ssl/ssl_err.c (revision 273415) +++ releng/8.4/crypto/openssl/ssl/ssl_err.c (revision 273416) @@ -1,538 +1,545 @@ /* ssl/ssl_err.c */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@OpenSSL.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ /* NOTE: this file was auto generated by the mkerr.pl script: any changes * made to it will be overwritten when the script next updates this file, * only reason strings will be preserved. */ #include #include #include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0) #define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason) static ERR_STRING_DATA SSL_str_functs[]= { {ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"}, {ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"}, {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"}, {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"}, {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"}, {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"}, {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"}, {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"}, {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"}, {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"}, {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"}, {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"}, {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"}, {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"}, {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"}, {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"}, {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"}, {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"}, {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"}, {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"}, {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"}, {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"}, {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"}, {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"}, {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"}, {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"}, {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"}, {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"}, {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"}, {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, {ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"}, {ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"}, {ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"}, {ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"}, {ERR_FUNC(SSL_F_READ_N), "READ_N"}, {ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"}, {ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"}, {ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"}, {ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"}, {ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"}, {ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"}, {ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"}, {ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"}, {ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"}, {ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"}, {ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"}, {ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"}, {ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"}, {ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"}, {ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"}, {ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"}, {ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"}, {ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"}, {ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"}, {ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"}, {ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"}, {ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"}, {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"}, {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, {ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"}, {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"}, {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"}, {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"}, {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"}, {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"}, {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"}, {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"}, {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, {ERR_FUNC(SSL_F_SSL3_SETUP_BUFFERS), "SSL3_SETUP_BUFFERS"}, {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"}, {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"}, {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"}, {ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"}, {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"}, {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"}, {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"}, {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"}, {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"}, {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"}, {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"}, {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"}, {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"}, {ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"}, {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"}, {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"}, {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"}, {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"}, {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"}, {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"}, {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"}, {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"}, {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"}, {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"}, {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"}, {ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"}, {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"}, {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"}, {ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"}, {ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"}, {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"}, {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"}, {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"}, {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"}, {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"}, {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"}, {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"}, {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"}, {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"}, {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"}, {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"}, {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"}, {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"}, {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"}, {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"}, {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"}, {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"}, {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"}, {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"}, {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"}, {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"}, {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"}, {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"}, {0,NULL} }; static ERR_STRING_DATA SSL_str_reasons[]= { {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) ,"app data in handshake"}, {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),"attempt to reuse session in different context"}, {ERR_REASON(SSL_R_BAD_ALERT_RECORD) ,"bad alert record"}, {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"}, {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"}, {ERR_REASON(SSL_R_BAD_CHECKSUM) ,"bad checksum"}, {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"}, {ERR_REASON(SSL_R_BAD_DECOMPRESSION) ,"bad decompression"}, {ERR_REASON(SSL_R_BAD_DH_G_LENGTH) ,"bad dh g length"}, {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) ,"bad dh pub key length"}, {ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"}, {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"}, {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"}, {ERR_REASON(SSL_R_BAD_ECC_CERT) ,"bad ecc cert"}, {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) ,"bad ecdsa signature"}, {ERR_REASON(SSL_R_BAD_ECPOINT) ,"bad ecpoint"}, {ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"}, {ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"}, {ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"}, {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) ,"bad message type"}, {ERR_REASON(SSL_R_BAD_PACKET_LENGTH) ,"bad packet length"}, {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"}, {ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"}, {ERR_REASON(SSL_R_BAD_RSA_DECRYPT) ,"bad rsa decrypt"}, {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) ,"bad rsa encrypt"}, {ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) ,"bad rsa e length"}, {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"}, {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) ,"bad rsa signature"}, {ERR_REASON(SSL_R_BAD_SIGNATURE) ,"bad signature"}, {ERR_REASON(SSL_R_BAD_SSL_FILETYPE) ,"bad ssl filetype"}, {ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"}, {ERR_REASON(SSL_R_BAD_STATE) ,"bad state"}, {ERR_REASON(SSL_R_BAD_WRITE_RETRY) ,"bad write retry"}, {ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"}, {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"}, {ERR_REASON(SSL_R_BN_LIB) ,"bn lib"}, {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"}, {ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"}, {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"}, {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"}, {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"}, {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"}, {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"}, {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"}, {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"}, {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) ,"clienthello tlsext"}, {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"}, {ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"}, {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"}, {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"}, {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"}, {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"}, {ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"}, {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"}, {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"}, {ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"}, {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"}, {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"}, {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"}, {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) ,"dtls message too big"}, {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"}, {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"}, {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"}, {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"}, {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"}, {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"}, {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"}, {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"}, {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"}, {ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"}, {ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"}, +{ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK),"inappropriate fallback"}, {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, {ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, {ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"}, {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"}, {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"}, {ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"}, {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"}, {ERR_REASON(SSL_R_KRB5) ,"krb5"}, {ERR_REASON(SSL_R_KRB5_C_CC_PRINC) ,"krb5 client cc principal (no tkt?)"}, {ERR_REASON(SSL_R_KRB5_C_GET_CRED) ,"krb5 client get cred"}, {ERR_REASON(SSL_R_KRB5_C_INIT) ,"krb5 client init"}, {ERR_REASON(SSL_R_KRB5_C_MK_REQ) ,"krb5 client mk_req (expired tkt?)"}, {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) ,"krb5 server bad ticket"}, {ERR_REASON(SSL_R_KRB5_S_INIT) ,"krb5 server init"}, {ERR_REASON(SSL_R_KRB5_S_RD_REQ) ,"krb5 server rd_req (keytab perms?)"}, {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) ,"krb5 server tkt expired"}, {ERR_REASON(SSL_R_KRB5_S_TKT_NYV) ,"krb5 server tkt not yet valid"}, {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) ,"krb5 server tkt skew"}, {ERR_REASON(SSL_R_LENGTH_MISMATCH) ,"length mismatch"}, {ERR_REASON(SSL_R_LENGTH_TOO_SHORT) ,"length too short"}, {ERR_REASON(SSL_R_LIBRARY_BUG) ,"library bug"}, {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"}, {ERR_REASON(SSL_R_MESSAGE_TOO_LONG) ,"message too long"}, {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) ,"missing dh dsa cert"}, {ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"}, {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"}, {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"}, {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"}, {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"}, {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"}, {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"}, {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"}, {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"}, {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) ,"missing tmp ecdh key"}, {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"}, {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"}, {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"}, {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"}, {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"}, {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"}, {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"}, {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),"no certificate returned"}, {ERR_REASON(SSL_R_NO_CERTIFICATE_SET) ,"no certificate set"}, {ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED),"no certificate specified"}, {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) ,"no ciphers available"}, {ERR_REASON(SSL_R_NO_CIPHERS_PASSED) ,"no ciphers passed"}, {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"}, {ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"}, {ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"}, {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"}, {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"}, {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"}, {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"}, {ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"}, {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"}, {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"}, {ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"}, {ERR_REASON(SSL_R_NO_RENEGOTIATION) ,"no renegotiation"}, {ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"}, {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"}, {ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"}, {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"}, {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"}, {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"}, {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"}, {ERR_REASON(SSL_R_PARSE_TLSEXT) ,"parse tlsext"}, {ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"}, {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"}, {ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"}, {ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE),"peer error certificate"}, {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"}, {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) ,"peer error no cipher"}, {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"}, {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"}, {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"}, {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) ,"protocol is shutdown"}, {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"}, {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"}, {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, {ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"}, {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) ,"read timeout expired"}, {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"}, {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"}, {ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"}, {ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"}, {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG),"renegotiate ext too long"}, {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),"renegotiation encoding err"}, {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH),"renegotiation mismatch"}, {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"}, {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"}, {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"}, {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"}, {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"}, {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"}, {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"}, {ERR_REASON(SSL_R_SHORT_READ) ,"short read"}, {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"}, {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"}, {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"}, {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"}, {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"}, {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"}, {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"}, {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"}, {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),"sslv3 alert bad record mac"}, {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),"sslv3 alert certificate expired"}, {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),"sslv3 alert certificate revoked"}, {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),"sslv3 alert certificate unknown"}, {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),"sslv3 alert decompression failure"}, {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"}, {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"}, {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"}, {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"}, {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"}, {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"}, {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"}, {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"}, {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"}, {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"}, {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"}, {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),"ssl session id has bad length"}, {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),"ssl session id is different"}, {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),"tlsv1 alert access denied"}, {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR),"tlsv1 alert decode error"}, {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"}, {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"}, {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"}, +{ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),"tlsv1 alert inappropriate fallback"}, {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"}, {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"}, {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"}, {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),"tlsv1 alert protocol version"}, {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"}, {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"}, {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"}, +{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),"tlsv1 bad certificate hash value"}, +{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),"tlsv1 bad certificate status response"}, +{ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),"tlsv1 certificate unobtainable"}, +{ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME),"tlsv1 unrecognized name"}, +{ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),"tlsv1 unsupported extension"}, {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"}, {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"}, {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"}, {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"}, {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"}, {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"}, {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),"unable to decode ecdh certs"}, {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"}, {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"}, {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),"unable to find ecdh parameters"}, {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"}, {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"}, {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"}, {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),"unable to load ssl3 md5 routines"}, {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),"unable to load ssl3 sha1 routines"}, {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) ,"unexpected message"}, {ERR_REASON(SSL_R_UNEXPECTED_RECORD) ,"unexpected record"}, {ERR_REASON(SSL_R_UNINITIALIZED) ,"uninitialized"}, {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) ,"unknown alert type"}, {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"}, {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"}, {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) ,"unknown cipher type"}, {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"}, {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) ,"unknown pkey type"}, {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) ,"unknown protocol"}, {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"}, {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"}, {ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"}, {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"}, {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"}, {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"}, {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"}, {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE),"unsupported status type"}, {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"}, {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"}, {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"}, {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"}, {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"}, {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) ,"wrong signature size"}, {ERR_REASON(SSL_R_WRONG_SSL_VERSION) ,"wrong ssl version"}, {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"}, {ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"}, {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"}, {0,NULL} }; #endif void ERR_load_SSL_strings(void) { #ifndef OPENSSL_NO_ERR if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) { ERR_load_strings(0,SSL_str_functs); ERR_load_strings(0,SSL_str_reasons); } #endif } Index: releng/8.4/crypto/openssl/ssl/ssl_lib.c =================================================================== --- releng/8.4/crypto/openssl/ssl/ssl_lib.c (revision 273415) +++ releng/8.4/crypto/openssl/ssl/ssl_lib.c (revision 273416) @@ -1,2775 +1,2807 @@ /*! \file ssl/ssl_lib.c * \brief Version independent SSL functions. */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* ==================================================================== * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * ECC cipher suite support in OpenSSL originally developed by * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ #ifdef REF_CHECK # include #endif #include #include "ssl_locl.h" #include "kssl_lcl.h" #include #include #include #include #include #ifndef OPENSSL_NO_DH #include #endif #ifndef OPENSSL_NO_ENGINE #include #endif const char *SSL_version_str=OPENSSL_VERSION_TEXT; SSL3_ENC_METHOD ssl3_undef_enc_method={ /* evil casts, but these functions are only called if there's a library bug */ (int (*)(SSL *,int))ssl_undefined_function, (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, ssl_undefined_function, (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, (int (*)(SSL*, int))ssl_undefined_function, (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function, 0, /* finish_mac_length */ (int (*)(SSL *, EVP_MD_CTX *, unsigned char *))ssl_undefined_function, NULL, /* client_finished_label */ 0, /* client_finished_label_len */ NULL, /* server_finished_label */ 0, /* server_finished_label_len */ (int (*)(int))ssl_undefined_function }; int SSL_clear(SSL *s) { if (s->method == NULL) { SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED); return(0); } if (ssl_clear_bad_session(s)) { SSL_SESSION_free(s->session); s->session=NULL; } s->error=0; s->hit=0; s->shutdown=0; #if 0 /* Disabled since version 1.10 of this file (early return not * needed because SSL_clear is not called when doing renegotiation) */ /* This is set if we are doing dynamic renegotiation so keep * the old cipher. It is sort of a SSL_clear_lite :-) */ if (s->new_session) return(1); #else if (s->new_session) { SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR); return 0; } #endif s->type=0; s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT); s->version=s->method->version; s->client_version=s->version; s->rwstate=SSL_NOTHING; s->rstate=SSL_ST_READ_HEADER; #if 0 s->read_ahead=s->ctx->read_ahead; #endif if (s->init_buf != NULL) { BUF_MEM_free(s->init_buf); s->init_buf=NULL; } ssl_clear_cipher_ctx(s); s->first_packet=0; #if 1 /* Check to see if we were changed into a different method, if * so, revert back if we are not doing session-id reuse. */ if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) { s->method->ssl_free(s); s->method=s->ctx->method; if (!s->method->ssl_new(s)) return(0); } else #endif s->method->ssl_clear(s); return(1); } /** Used to change an SSL_CTXs default SSL method type */ int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth) { STACK_OF(SSL_CIPHER) *sk; ctx->method=meth; sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list), &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST); if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return(0); } return(1); } SSL *SSL_new(SSL_CTX *ctx) { SSL *s; if (ctx == NULL) { SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX); return(NULL); } if (ctx->method == NULL) { SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); return(NULL); } s=(SSL *)OPENSSL_malloc(sizeof(SSL)); if (s == NULL) goto err; memset(s,0,sizeof(SSL)); #ifndef OPENSSL_NO_KRB5 s->kssl_ctx = kssl_ctx_new(); #endif /* OPENSSL_NO_KRB5 */ s->options=ctx->options; s->mode=ctx->mode; s->max_cert_list=ctx->max_cert_list; if (ctx->cert != NULL) { /* Earlier library versions used to copy the pointer to * the CERT, not its contents; only when setting new * parameters for the per-SSL copy, ssl_cert_new would be * called (and the direct reference to the per-SSL_CTX * settings would be lost, but those still were indirectly * accessed for various purposes, and for that reason they * used to be known as s->ctx->default_cert). * Now we don't look at the SSL_CTX's CERT after having * duplicated it once. */ s->cert = ssl_cert_dup(ctx->cert); if (s->cert == NULL) goto err; } else s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ s->read_ahead=ctx->read_ahead; s->msg_callback=ctx->msg_callback; s->msg_callback_arg=ctx->msg_callback_arg; s->verify_mode=ctx->verify_mode; #if 0 s->verify_depth=ctx->verify_depth; #endif s->sid_ctx_length=ctx->sid_ctx_length; OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); s->verify_callback=ctx->default_verify_callback; s->generate_session_id=ctx->generate_session_id; s->param = X509_VERIFY_PARAM_new(); if (!s->param) goto err; X509_VERIFY_PARAM_inherit(s->param, ctx->param); #if 0 s->purpose = ctx->purpose; s->trust = ctx->trust; #endif s->quiet_shutdown=ctx->quiet_shutdown; CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); s->ctx=ctx; #ifndef OPENSSL_NO_TLSEXT s->tlsext_debug_cb = 0; s->tlsext_debug_arg = NULL; s->tlsext_ticket_expected = 0; s->tlsext_status_type = -1; s->tlsext_status_expected = 0; s->tlsext_ocsp_ids = NULL; s->tlsext_ocsp_exts = NULL; s->tlsext_ocsp_resp = NULL; s->tlsext_ocsp_resplen = -1; CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); s->initial_ctx=ctx; #endif s->verify_result=X509_V_OK; s->method=ctx->method; if (!s->method->ssl_new(s)) goto err; s->references=1; s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1; SSL_clear(s); CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); return(s); err: if (s != NULL) { if (s->cert != NULL) ssl_cert_free(s->cert); if (s->ctx != NULL) SSL_CTX_free(s->ctx); /* decrement reference count */ OPENSSL_free(s); } SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE); return(NULL); } int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, unsigned int sid_ctx_len) { if(sid_ctx_len > sizeof ctx->sid_ctx) { SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; } ctx->sid_ctx_length=sid_ctx_len; memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len); return 1; } int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, unsigned int sid_ctx_len) { if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; } ssl->sid_ctx_length=sid_ctx_len; memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len); return 1; } int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) { CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); ctx->generate_session_id = cb; CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); return 1; } int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) { CRYPTO_w_lock(CRYPTO_LOCK_SSL); ssl->generate_session_id = cb; CRYPTO_w_unlock(CRYPTO_LOCK_SSL); return 1; } int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, unsigned int id_len) { /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how * we can "construct" a session to give us the desired check - ie. to * find if there's a session in the hash table that would conflict with * any new session built out of this id/id_len and the ssl_version in * use by this SSL. */ SSL_SESSION r, *p; if(id_len > sizeof r.session_id) return 0; r.ssl_version = ssl->version; r.session_id_length = id_len; memcpy(r.session_id, id, id_len); /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a * callback is calling us to check the uniqueness of a shorter ID, it * must be compared as a padded-out ID because that is what it will be * converted to when the callback has finished choosing it. */ if((r.ssl_version == SSL2_VERSION) && (id_len < SSL2_SSL_SESSION_ID_LENGTH)) { memset(r.session_id + id_len, 0, SSL2_SSL_SESSION_ID_LENGTH - id_len); r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; } CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); p = (SSL_SESSION *)lh_retrieve(ssl->ctx->sessions, &r); CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); return (p != NULL); } int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) { return X509_VERIFY_PARAM_set_purpose(s->param, purpose); } int SSL_set_purpose(SSL *s, int purpose) { return X509_VERIFY_PARAM_set_purpose(s->param, purpose); } int SSL_CTX_set_trust(SSL_CTX *s, int trust) { return X509_VERIFY_PARAM_set_trust(s->param, trust); } int SSL_set_trust(SSL *s, int trust) { return X509_VERIFY_PARAM_set_trust(s->param, trust); } void SSL_free(SSL *s) { int i; if(s == NULL) return; i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL); #ifdef REF_PRINT REF_PRINT("SSL",s); #endif if (i > 0) return; #ifdef REF_CHECK if (i < 0) { fprintf(stderr,"SSL_free, bad reference count\n"); abort(); /* ok */ } #endif if (s->param) X509_VERIFY_PARAM_free(s->param); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); if (s->bbio != NULL) { /* If the buffering BIO is in place, pop it off */ if (s->bbio == s->wbio) { s->wbio=BIO_pop(s->wbio); } BIO_free(s->bbio); s->bbio=NULL; } if (s->rbio != NULL) BIO_free_all(s->rbio); if ((s->wbio != NULL) && (s->wbio != s->rbio)) BIO_free_all(s->wbio); if (s->init_buf != NULL) BUF_MEM_free(s->init_buf); /* add extra stuff */ if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list); if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id); /* Make the next call work :-) */ if (s->session != NULL) { ssl_clear_bad_session(s); SSL_SESSION_free(s->session); } ssl_clear_cipher_ctx(s); if (s->cert != NULL) ssl_cert_free(s->cert); /* Free up if allocated */ #ifndef OPENSSL_NO_TLSEXT if (s->tlsext_hostname) OPENSSL_free(s->tlsext_hostname); if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); if (s->tlsext_ocsp_exts) sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); if (s->tlsext_ocsp_ids) sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); if (s->tlsext_ocsp_resp) OPENSSL_free(s->tlsext_ocsp_resp); #endif if (s->client_CA != NULL) sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); if (s->method != NULL) s->method->ssl_free(s); if (s->ctx) SSL_CTX_free(s->ctx); #ifndef OPENSSL_NO_KRB5 if (s->kssl_ctx != NULL) kssl_ctx_free(s->kssl_ctx); #endif /* OPENSSL_NO_KRB5 */ OPENSSL_free(s); } void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio) { /* If the output buffering BIO is still in place, remove it */ if (s->bbio != NULL) { if (s->wbio == s->bbio) { s->wbio=s->wbio->next_bio; s->bbio->next_bio=NULL; } } if ((s->rbio != NULL) && (s->rbio != rbio)) BIO_free_all(s->rbio); if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) BIO_free_all(s->wbio); s->rbio=rbio; s->wbio=wbio; } BIO *SSL_get_rbio(const SSL *s) { return(s->rbio); } BIO *SSL_get_wbio(const SSL *s) { return(s->wbio); } int SSL_get_fd(const SSL *s) { return(SSL_get_rfd(s)); } int SSL_get_rfd(const SSL *s) { int ret= -1; BIO *b,*r; b=SSL_get_rbio(s); r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); if (r != NULL) BIO_get_fd(r,&ret); return(ret); } int SSL_get_wfd(const SSL *s) { int ret= -1; BIO *b,*r; b=SSL_get_wbio(s); r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); if (r != NULL) BIO_get_fd(r,&ret); return(ret); } #ifndef OPENSSL_NO_SOCK int SSL_set_fd(SSL *s,int fd) { int ret=0; BIO *bio=NULL; bio=BIO_new(BIO_s_socket()); if (bio == NULL) { SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB); goto err; } BIO_set_fd(bio,fd,BIO_NOCLOSE); SSL_set_bio(s,bio,bio); ret=1; err: return(ret); } int SSL_set_wfd(SSL *s,int fd) { int ret=0; BIO *bio=NULL; if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) || ((int)BIO_get_fd(s->rbio,NULL) != fd)) { bio=BIO_new(BIO_s_socket()); if (bio == NULL) { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; } BIO_set_fd(bio,fd,BIO_NOCLOSE); SSL_set_bio(s,SSL_get_rbio(s),bio); } else SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s)); ret=1; err: return(ret); } int SSL_set_rfd(SSL *s,int fd) { int ret=0; BIO *bio=NULL; if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) || ((int)BIO_get_fd(s->wbio,NULL) != fd)) { bio=BIO_new(BIO_s_socket()); if (bio == NULL) { SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB); goto err; } BIO_set_fd(bio,fd,BIO_NOCLOSE); SSL_set_bio(s,bio,SSL_get_wbio(s)); } else SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s)); ret=1; err: return(ret); } #endif /* return length of latest Finished message we sent, copy to 'buf' */ size_t SSL_get_finished(const SSL *s, void *buf, size_t count) { size_t ret = 0; if (s->s3 != NULL) { ret = s->s3->tmp.finish_md_len; if (count > ret) count = ret; memcpy(buf, s->s3->tmp.finish_md, count); } return ret; } /* return length of latest Finished message we expected, copy to 'buf' */ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) { size_t ret = 0; if (s->s3 != NULL) { ret = s->s3->tmp.peer_finish_md_len; if (count > ret) count = ret; memcpy(buf, s->s3->tmp.peer_finish_md, count); } return ret; } int SSL_get_verify_mode(const SSL *s) { return(s->verify_mode); } int SSL_get_verify_depth(const SSL *s) { return X509_VERIFY_PARAM_get_depth(s->param); } int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *) { return(s->verify_callback); } int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) { return(ctx->verify_mode); } int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) { return X509_VERIFY_PARAM_get_depth(ctx->param); } int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *) { return(ctx->default_verify_callback); } void SSL_set_verify(SSL *s,int mode, int (*callback)(int ok,X509_STORE_CTX *ctx)) { s->verify_mode=mode; if (callback != NULL) s->verify_callback=callback; } void SSL_set_verify_depth(SSL *s,int depth) { X509_VERIFY_PARAM_set_depth(s->param, depth); } void SSL_set_read_ahead(SSL *s,int yes) { s->read_ahead=yes; } int SSL_get_read_ahead(const SSL *s) { return(s->read_ahead); } int SSL_pending(const SSL *s) { /* SSL_pending cannot work properly if read-ahead is enabled * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), * and it is impossible to fix since SSL_pending cannot report * errors that may be observed while scanning the new data. * (Note that SSL_pending() is often used as a boolean value, * so we'd better not return -1.) */ return(s->method->ssl_pending(s)); } X509 *SSL_get_peer_certificate(const SSL *s) { X509 *r; if ((s == NULL) || (s->session == NULL)) r=NULL; else r=s->session->peer; if (r == NULL) return(r); CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509); return(r); } STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) { STACK_OF(X509) *r; if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL)) r=NULL; else r=s->session->sess_cert->cert_chain; /* If we are a client, cert_chain includes the peer's own * certificate; if we are a server, it does not. */ return(r); } /* Now in theory, since the calling process own 't' it should be safe to * modify. We need to be able to read f without being hassled */ void SSL_copy_session_id(SSL *t,const SSL *f) { CERT *tmp; /* Do we need to to SSL locking? */ SSL_set_session(t,SSL_get_session(f)); /* what if we are setup as SSLv2 but want to talk SSLv3 or * vice-versa */ if (t->method != f->method) { t->method->ssl_free(t); /* cleanup current */ t->method=f->method; /* change method */ t->method->ssl_new(t); /* setup new */ } tmp=t->cert; if (f->cert != NULL) { CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT); t->cert=f->cert; } else t->cert=NULL; if (tmp != NULL) ssl_cert_free(tmp); SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length); } /* Fix this so it checks all the valid key/cert options */ int SSL_CTX_check_private_key(const SSL_CTX *ctx) { if ( (ctx == NULL) || (ctx->cert == NULL) || (ctx->cert->key->x509 == NULL)) { SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); return(0); } if (ctx->cert->key->privatekey == NULL) { SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); return(0); } return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); } /* Fix this function so that it takes an optional type parameter */ int SSL_check_private_key(const SSL *ssl) { if (ssl == NULL) { SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER); return(0); } if (ssl->cert == NULL) { SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); return 0; } if (ssl->cert->key->x509 == NULL) { SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); return(0); } if (ssl->cert->key->privatekey == NULL) { SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); return(0); } return(X509_check_private_key(ssl->cert->key->x509, ssl->cert->key->privatekey)); } int SSL_accept(SSL *s) { if (s->handshake_func == 0) /* Not properly initialized yet */ SSL_set_accept_state(s); return(s->method->ssl_accept(s)); } int SSL_connect(SSL *s) { if (s->handshake_func == 0) /* Not properly initialized yet */ SSL_set_connect_state(s); return(s->method->ssl_connect(s)); } long SSL_get_default_timeout(const SSL *s) { return(s->method->get_timeout()); } int SSL_read(SSL *s,void *buf,int num) { if (s->handshake_func == 0) { SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); return -1; } if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { s->rwstate=SSL_NOTHING; return(0); } return(s->method->ssl_read(s,buf,num)); } int SSL_peek(SSL *s,void *buf,int num) { if (s->handshake_func == 0) { SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); return -1; } if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { return(0); } return(s->method->ssl_peek(s,buf,num)); } int SSL_write(SSL *s,const void *buf,int num) { if (s->handshake_func == 0) { SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); return -1; } if (s->shutdown & SSL_SENT_SHUTDOWN) { s->rwstate=SSL_NOTHING; SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN); return(-1); } return(s->method->ssl_write(s,buf,num)); } int SSL_shutdown(SSL *s) { /* Note that this function behaves differently from what one might * expect. Return values are 0 for no success (yet), * 1 for success; but calling it once is usually not enough, * even if blocking I/O is used (see ssl3_shutdown). */ if (s->handshake_func == 0) { SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); return -1; } if ((s != NULL) && !SSL_in_init(s)) return(s->method->ssl_shutdown(s)); else return(1); } int SSL_renegotiate(SSL *s) { if (s->new_session == 0) { s->new_session=1; } return(s->method->ssl_renegotiate(s)); } int SSL_renegotiate_pending(SSL *s) { /* becomes true when negotiation is requested; * false again once a handshake has finished */ return (s->new_session != 0); } long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) { long l; switch (cmd) { case SSL_CTRL_GET_READ_AHEAD: return(s->read_ahead); case SSL_CTRL_SET_READ_AHEAD: l=s->read_ahead; s->read_ahead=larg; return(l); case SSL_CTRL_SET_MSG_CALLBACK_ARG: s->msg_callback_arg = parg; return 1; case SSL_CTRL_OPTIONS: return(s->options|=larg); case SSL_CTRL_CLEAR_OPTIONS: return(s->options&=~larg); case SSL_CTRL_MODE: return(s->mode|=larg); case SSL_CTRL_CLEAR_MODE: return(s->mode &=~larg); case SSL_CTRL_GET_MAX_CERT_LIST: return(s->max_cert_list); case SSL_CTRL_SET_MAX_CERT_LIST: l=s->max_cert_list; s->max_cert_list=larg; return(l); case SSL_CTRL_SET_MTU: #ifndef OPENSSL_NO_DTLS1 if (larg < (long)dtls1_min_mtu()) return 0; #endif if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) { s->d1->mtu = larg; return larg; } return 0; case SSL_CTRL_GET_RI_SUPPORT: if (s->s3) return s->s3->send_connection_binding; else return 0; default: return(s->method->ssl_ctrl(s,cmd,larg,parg)); } } long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { switch(cmd) { case SSL_CTRL_SET_MSG_CALLBACK: s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); return 1; default: return(s->method->ssl_callback_ctrl(s,cmd,fp)); } } struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx) { return ctx->sessions; } long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg) { long l; switch (cmd) { case SSL_CTRL_GET_READ_AHEAD: return(ctx->read_ahead); case SSL_CTRL_SET_READ_AHEAD: l=ctx->read_ahead; ctx->read_ahead=larg; return(l); case SSL_CTRL_SET_MSG_CALLBACK_ARG: ctx->msg_callback_arg = parg; return 1; case SSL_CTRL_GET_MAX_CERT_LIST: return(ctx->max_cert_list); case SSL_CTRL_SET_MAX_CERT_LIST: l=ctx->max_cert_list; ctx->max_cert_list=larg; return(l); case SSL_CTRL_SET_SESS_CACHE_SIZE: l=ctx->session_cache_size; ctx->session_cache_size=larg; return(l); case SSL_CTRL_GET_SESS_CACHE_SIZE: return(ctx->session_cache_size); case SSL_CTRL_SET_SESS_CACHE_MODE: l=ctx->session_cache_mode; ctx->session_cache_mode=larg; return(l); case SSL_CTRL_GET_SESS_CACHE_MODE: return(ctx->session_cache_mode); case SSL_CTRL_SESS_NUMBER: return(ctx->sessions->num_items); case SSL_CTRL_SESS_CONNECT: return(ctx->stats.sess_connect); case SSL_CTRL_SESS_CONNECT_GOOD: return(ctx->stats.sess_connect_good); case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: return(ctx->stats.sess_connect_renegotiate); case SSL_CTRL_SESS_ACCEPT: return(ctx->stats.sess_accept); case SSL_CTRL_SESS_ACCEPT_GOOD: return(ctx->stats.sess_accept_good); case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: return(ctx->stats.sess_accept_renegotiate); case SSL_CTRL_SESS_HIT: return(ctx->stats.sess_hit); case SSL_CTRL_SESS_CB_HIT: return(ctx->stats.sess_cb_hit); case SSL_CTRL_SESS_MISSES: return(ctx->stats.sess_miss); case SSL_CTRL_SESS_TIMEOUTS: return(ctx->stats.sess_timeout); case SSL_CTRL_SESS_CACHE_FULL: return(ctx->stats.sess_cache_full); case SSL_CTRL_OPTIONS: return(ctx->options|=larg); case SSL_CTRL_CLEAR_OPTIONS: return(ctx->options&=~larg); case SSL_CTRL_MODE: return(ctx->mode|=larg); case SSL_CTRL_CLEAR_MODE: return(ctx->mode&=~larg); default: return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg)); } } long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) { switch(cmd) { case SSL_CTRL_SET_MSG_CALLBACK: ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); return 1; default: return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp)); } } int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) { long l; l=a->id-b->id; if (l == 0L) return(0); else return((l > 0)?1:-1); } int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, const SSL_CIPHER * const *bp) { long l; l=(*ap)->id-(*bp)->id; if (l == 0L) return(0); else return((l > 0)?1:-1); } /** return a STACK of the ciphers available for the SSL and in order of * preference */ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) { if (s != NULL) { if (s->cipher_list != NULL) { return(s->cipher_list); } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) { return(s->ctx->cipher_list); } } return(NULL); } /** return a STACK of the ciphers available for the SSL and in order of * algorithm id */ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) { if (s != NULL) { if (s->cipher_list_by_id != NULL) { return(s->cipher_list_by_id); } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) { return(s->ctx->cipher_list_by_id); } } return(NULL); } /** The old interface to get the same thing as SSL_get_ciphers() */ const char *SSL_get_cipher_list(const SSL *s,int n) { SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk; if (s == NULL) return(NULL); sk=SSL_get_ciphers(s); if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) return(NULL); c=sk_SSL_CIPHER_value(sk,n); if (c == NULL) return(NULL); return(c->name); } /** specify the ciphers to be used by default by the SSL_CTX */ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) { STACK_OF(SSL_CIPHER) *sk; sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list, &ctx->cipher_list_by_id,str); /* ssl_create_cipher_list may return an empty stack if it * was unable to find a cipher matching the given rule string * (for example if the rule string specifies a cipher which * has been disabled). This is not an error as far as * ssl_create_cipher_list is concerned, and hence * ctx->cipher_list and ctx->cipher_list_by_id has been * updated. */ if (sk == NULL) return 0; else if (sk_SSL_CIPHER_num(sk) == 0) { SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); return 0; } return 1; } /** specify the ciphers to be used by the SSL */ int SSL_set_cipher_list(SSL *s,const char *str) { STACK_OF(SSL_CIPHER) *sk; sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list, &s->cipher_list_by_id,str); /* see comment in SSL_CTX_set_cipher_list */ if (sk == NULL) return 0; else if (sk_SSL_CIPHER_num(sk) == 0) { SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); return 0; } return 1; } /* works well for SSLv2, not so good for SSLv3 */ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) { char *p; STACK_OF(SSL_CIPHER) *sk; SSL_CIPHER *c; int i; if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2)) return(NULL); p=buf; sk=s->session->ciphers; for (i=0; iname); if (n+1 > len) { if (p != buf) --p; *p='\0'; return buf; } strcpy(p,c->name); p+=n; *(p++)=':'; len-=n+1; } p[-1]='\0'; return(buf); } int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, int (*put_cb)(const SSL_CIPHER *, unsigned char *)) { int i,j=0; SSL_CIPHER *c; unsigned char *q; #ifndef OPENSSL_NO_KRB5 int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); #endif /* OPENSSL_NO_KRB5 */ if (sk == NULL) return(0); q=p; + if (put_cb == NULL) + put_cb = s->method->put_cipher_by_char; for (i=0; ialgorithms & SSL_KRB5) && nokrb5) continue; #endif /* OPENSSL_NO_KRB5 */ - j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); + j = put_cb(c,p); p+=j; } - /* If p == q, no ciphers and caller indicates an error. Otherwise - * add SCSV if not renegotiating. - */ - if (p != q && !s->new_session) + /* If p == q, no ciphers; caller indicates an error. + * Otherwise, add applicable SCSVs. */ + if (p != q) { - static SSL_CIPHER scsv = + if (!s->new_session) { - 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, - }; - j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p); - p+=j; + static SSL_CIPHER scsv = + { + 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, + }; + j = put_cb(&scsv,p); + p+=j; #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "SCSV sent by client\n"); + fprintf(stderr, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n"); #endif - } + } + if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) + { + static SSL_CIPHER scsv = + { + 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, + }; + j = put_cb(&scsv,p); + p+=j; + } + } + return(p-q); } STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, STACK_OF(SSL_CIPHER) **skp) { SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk; int i,n; + if (s->s3) s->s3->send_connection_binding = 0; n=ssl_put_cipher_by_char(s,NULL,NULL); - if ((num%n) != 0) + if (n == 0 || (num%n) != 0) { SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); return(NULL); } if ((skp == NULL) || (*skp == NULL)) sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */ else { sk= *skp; sk_SSL_CIPHER_zero(sk); } for (i=0; is3 && (n != 3 || !p[0]) && (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && (p[n-1] == (SSL3_CK_SCSV & 0xff))) { /* SCSV fatal if renegotiating */ if (s->new_session) { SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); goto err; } s->s3->send_connection_binding = 1; p += n; #ifdef OPENSSL_RI_DEBUG fprintf(stderr, "SCSV received by server\n"); #endif + continue; + } + + /* Check for TLS_FALLBACK_SCSV */ + if ((n != 3 || !p[0]) && + (p[n-2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) && + (p[n-1] == (SSL3_CK_FALLBACK_SCSV & 0xff))) + { + /* The SCSV indicates that the client previously tried a higher version. + * Fail if the current version is an unexpected downgrade. */ + if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL)) + { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_INAPPROPRIATE_FALLBACK); + if (s->s3) + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INAPPROPRIATE_FALLBACK); + goto err; + } continue; } c=ssl_get_cipher_by_char(s,p); p+=n; if (c != NULL) { if (!sk_SSL_CIPHER_push(sk,c)) { SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE); goto err; } } } if (skp != NULL) *skp=sk; return(sk); err: if ((skp == NULL) || (*skp == NULL)) sk_SSL_CIPHER_free(sk); return(NULL); } #ifndef OPENSSL_NO_TLSEXT /** return a servername extension value if provided in Client Hello, or NULL. * So far, only host_name types are defined (RFC 3546). */ const char *SSL_get_servername(const SSL *s, const int type) { if (type != TLSEXT_NAMETYPE_host_name) return NULL; return s->session && !s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname; } int SSL_get_servername_type(const SSL *s) { if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) return TLSEXT_NAMETYPE_host_name; return -1; } #endif unsigned long SSL_SESSION_hash(const SSL_SESSION *a) { unsigned long l; l=(unsigned long) ((unsigned int) a->session_id[0] )| ((unsigned int) a->session_id[1]<< 8L)| ((unsigned long)a->session_id[2]<<16L)| ((unsigned long)a->session_id[3]<<24L); return(l); } /* NB: If this function (or indeed the hash function which uses a sort of * coarser function than this one) is changed, ensure * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being * able to construct an SSL_SESSION that will collide with any existing session * with a matching session ID. */ int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b) { if (a->ssl_version != b->ssl_version) return(1); if (a->session_id_length != b->session_id_length) return(1); return(memcmp(a->session_id,b->session_id,a->session_id_length)); } /* These wrapper functions should remain rather than redeclaring * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each * variable. The reason is that the functions aren't static, they're exposed via * ssl.h. */ static IMPLEMENT_LHASH_HASH_FN(SSL_SESSION_hash, SSL_SESSION *) static IMPLEMENT_LHASH_COMP_FN(SSL_SESSION_cmp, SSL_SESSION *) SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) { SSL_CTX *ret=NULL; if (meth == NULL) { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED); return(NULL); } #ifdef OPENSSL_FIPS if (FIPS_mode() && (meth->version < TLS1_VERSION)) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); return NULL; } #endif if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); goto err; } ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); if (ret == NULL) goto err; memset(ret,0,sizeof(SSL_CTX)); ret->method=meth; ret->cert_store=NULL; ret->session_cache_mode=SSL_SESS_CACHE_SERVER; ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; ret->session_cache_head=NULL; ret->session_cache_tail=NULL; /* We take the system default */ ret->session_timeout=meth->get_timeout(); ret->new_session_cb=0; ret->remove_session_cb=0; ret->get_session_cb=0; ret->generate_session_id=0; memset((char *)&ret->stats,0,sizeof(ret->stats)); ret->references=1; ret->quiet_shutdown=0; /* ret->cipher=NULL;*/ /* ret->s2->challenge=NULL; ret->master_key=NULL; ret->key_arg=NULL; ret->s2->conn_id=NULL; */ ret->info_callback=NULL; ret->app_verify_callback=0; ret->app_verify_arg=NULL; ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT; ret->read_ahead=0; ret->msg_callback=0; ret->msg_callback_arg=NULL; ret->verify_mode=SSL_VERIFY_NONE; #if 0 ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ #endif ret->sid_ctx_length=0; ret->default_verify_callback=NULL; if ((ret->cert=ssl_cert_new()) == NULL) goto err; ret->default_passwd_callback=0; ret->default_passwd_callback_userdata=NULL; ret->client_cert_cb=0; ret->app_gen_cookie_cb=0; ret->app_verify_cookie_cb=0; ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash), LHASH_COMP_FN(SSL_SESSION_cmp)); if (ret->sessions == NULL) goto err; ret->cert_store=X509_STORE_new(); if (ret->cert_store == NULL) goto err; ssl_create_cipher_list(ret->method, &ret->cipher_list,&ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST); if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; } ret->param = X509_VERIFY_PARAM_new(); if (!ret->param) goto err; if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL) { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); goto err2; } if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL) { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); goto err2; } if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL) { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); goto err2; } if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL) goto err; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); ret->extra_certs=NULL; ret->comp_methods=SSL_COMP_get_compression_methods(); #ifndef OPENSSL_NO_TLSEXT ret->tlsext_servername_callback = 0; ret->tlsext_servername_arg = NULL; /* Setup RFC4507 ticket keys */ if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) ret->options |= SSL_OP_NO_TICKET; ret->tlsext_status_cb = 0; ret->tlsext_status_arg = NULL; #endif #ifndef OPENSSL_NO_ENGINE ret->client_cert_engine = NULL; #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO #define eng_strx(x) #x #define eng_str(x) eng_strx(x) /* Use specific client engine automatically... ignore errors */ { ENGINE *eng; eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); if (!eng) { ERR_clear_error(); ENGINE_load_builtin_engines(); eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); } if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) ERR_clear_error(); } #endif #endif /* Default is to connect to non-RI servers. When RI is more widely * deployed might change this. */ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; return(ret); err: SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); err2: if (ret != NULL) SSL_CTX_free(ret); return(NULL); } #if 0 static void SSL_COMP_free(SSL_COMP *comp) { OPENSSL_free(comp); } #endif void SSL_CTX_free(SSL_CTX *a) { int i; if (a == NULL) return; i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX); #ifdef REF_PRINT REF_PRINT("SSL_CTX",a); #endif if (i > 0) return; #ifdef REF_CHECK if (i < 0) { fprintf(stderr,"SSL_CTX_free, bad reference count\n"); abort(); /* ok */ } #endif if (a->param) X509_VERIFY_PARAM_free(a->param); /* * Free internal session cache. However: the remove_cb() may reference * the ex_data of SSL_CTX, thus the ex_data store can only be removed * after the sessions were flushed. * As the ex_data handling routines might also touch the session cache, * the most secure solution seems to be: empty (flush) the cache, then * free ex_data, then finally free the cache. * (See ticket [openssl.org #212].) */ if (a->sessions != NULL) SSL_CTX_flush_sessions(a,0); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); if (a->sessions != NULL) lh_free(a->sessions); if (a->cert_store != NULL) X509_STORE_free(a->cert_store); if (a->cipher_list != NULL) sk_SSL_CIPHER_free(a->cipher_list); if (a->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(a->cipher_list_by_id); if (a->cert != NULL) ssl_cert_free(a->cert); if (a->client_CA != NULL) sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free); if (a->extra_certs != NULL) sk_X509_pop_free(a->extra_certs,X509_free); #if 0 /* This should never be done, since it removes a global database */ if (a->comp_methods != NULL) sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free); #else a->comp_methods = NULL; #endif #ifndef OPENSSL_NO_ENGINE if (a->client_cert_engine) ENGINE_finish(a->client_cert_engine); #endif OPENSSL_free(a); } void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) { ctx->default_passwd_callback=cb; } void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u) { ctx->default_passwd_callback_userdata=u; } void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg) { ctx->app_verify_callback=cb; ctx->app_verify_arg=arg; } void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) { ctx->verify_mode=mode; ctx->default_verify_callback=cb; } void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) { X509_VERIFY_PARAM_set_depth(ctx->param, depth); } void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) { CERT_PKEY *cpk; int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; int rsa_enc_export,dh_rsa_export,dh_dsa_export; int rsa_tmp_export,dh_tmp_export,kl; unsigned long mask,emask; int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; #ifndef OPENSSL_NO_ECDH int have_ecdh_tmp; #endif X509 *x = NULL; EVP_PKEY *ecc_pkey = NULL; int signature_nid = 0; if (c == NULL) return; kl=SSL_C_EXPORT_PKEYLENGTH(cipher); #ifndef OPENSSL_NO_RSA rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); rsa_tmp_export=(c->rsa_tmp_cb != NULL || (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); #else rsa_tmp=rsa_tmp_export=0; #endif #ifndef OPENSSL_NO_DH dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL); dh_tmp_export=(c->dh_tmp_cb != NULL || (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); #else dh_tmp=dh_tmp_export=0; #endif #ifndef OPENSSL_NO_ECDH have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); #endif cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL); rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]); rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]); dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); cpk= &(c->pkeys[SSL_PKEY_DH_RSA]); dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL); dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); cpk= &(c->pkeys[SSL_PKEY_DH_DSA]); /* FIX THIS EAY EAY EAY */ dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL); dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); cpk= &(c->pkeys[SSL_PKEY_ECC]); have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL); mask=0; emask=0; #ifdef CIPHER_DEBUG printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", rsa_tmp,rsa_tmp_export,dh_tmp, rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa); #endif if (rsa_enc || (rsa_tmp && rsa_sign)) mask|=SSL_kRSA; if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc))) emask|=SSL_kRSA; #if 0 /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ if ( (dh_tmp || dh_rsa || dh_dsa) && (rsa_enc || rsa_sign || dsa_sign)) mask|=SSL_kEDH; if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && (rsa_enc || rsa_sign || dsa_sign)) emask|=SSL_kEDH; #endif if (dh_tmp_export) emask|=SSL_kEDH; if (dh_tmp) mask|=SSL_kEDH; if (dh_rsa) mask|=SSL_kDHr; if (dh_rsa_export) emask|=SSL_kDHr; if (dh_dsa) mask|=SSL_kDHd; if (dh_dsa_export) emask|=SSL_kDHd; if (rsa_enc || rsa_sign) { mask|=SSL_aRSA; emask|=SSL_aRSA; } if (dsa_sign) { mask|=SSL_aDSS; emask|=SSL_aDSS; } mask|=SSL_aNULL; emask|=SSL_aNULL; #ifndef OPENSSL_NO_KRB5 mask|=SSL_kKRB5|SSL_aKRB5; emask|=SSL_kKRB5|SSL_aKRB5; #endif /* An ECC certificate may be usable for ECDH and/or * ECDSA cipher suites depending on the key usage extension. */ if (have_ecc_cert) { /* This call populates extension flags (ex_flags) */ x = (c->pkeys[SSL_PKEY_ECC]).x509; X509_check_purpose(x, -1, 0); ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; ecc_pkey = X509_get_pubkey(x); ecc_pkey_size = (ecc_pkey != NULL) ? EVP_PKEY_bits(ecc_pkey) : 0; EVP_PKEY_free(ecc_pkey); if ((x->sig_alg) && (x->sig_alg->algorithm)) signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); #ifndef OPENSSL_NO_ECDH if (ecdh_ok) { if ((signature_nid == NID_md5WithRSAEncryption) || (signature_nid == NID_md4WithRSAEncryption) || (signature_nid == NID_md2WithRSAEncryption)) { mask|=SSL_kECDH|SSL_aRSA; if (ecc_pkey_size <= 163) emask|=SSL_kECDH|SSL_aRSA; } if (signature_nid == NID_ecdsa_with_SHA1) { mask|=SSL_kECDH|SSL_aECDSA; if (ecc_pkey_size <= 163) emask|=SSL_kECDH|SSL_aECDSA; } } #endif #ifndef OPENSSL_NO_ECDSA if (ecdsa_ok) { mask|=SSL_aECDSA; emask|=SSL_aECDSA; } #endif } #ifndef OPENSSL_NO_ECDH if (have_ecdh_tmp) { mask|=SSL_kECDHE; emask|=SSL_kECDHE; } #endif c->mask=mask; c->export_mask=emask; c->valid=1; } /* This handy macro borrowed from crypto/x509v3/v3_purp.c */ #define ku_reject(x, usage) \ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs) { unsigned long alg = cs->algorithms; EVP_PKEY *pkey = NULL; int keysize = 0; int signature_nid = 0; if (SSL_C_IS_EXPORT(cs)) { /* ECDH key length in export ciphers must be <= 163 bits */ pkey = X509_get_pubkey(x); if (pkey == NULL) return 0; keysize = EVP_PKEY_bits(pkey); EVP_PKEY_free(pkey); if (keysize > 163) return 0; } /* This call populates the ex_flags field correctly */ X509_check_purpose(x, -1, 0); if ((x->sig_alg) && (x->sig_alg->algorithm)) signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); if (alg & SSL_kECDH) { /* key usage, if present, must allow key agreement */ if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) { return 0; } if (alg & SSL_aECDSA) { /* signature alg must be ECDSA */ if (signature_nid != NID_ecdsa_with_SHA1) { return 0; } } if (alg & SSL_aRSA) { /* signature alg must be RSA */ if ((signature_nid != NID_md5WithRSAEncryption) && (signature_nid != NID_md4WithRSAEncryption) && (signature_nid != NID_md2WithRSAEncryption)) { return 0; } } } else if (alg & SSL_aECDSA) { /* key usage, if present, must allow signing */ if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) { return 0; } } return 1; /* all checks are ok */ } /* THIS NEEDS CLEANING UP */ CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) { unsigned long alg,kalg; CERT *c; int i; c=s->cert; ssl_set_cert_masks(c, s->s3->tmp.new_cipher); alg=s->s3->tmp.new_cipher->algorithms; kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK); if (kalg & SSL_kECDH) { /* we don't need to look at SSL_kECDHE * since no certificate is needed for * anon ECDH and for authenticated * ECDHE, the check for the auth * algorithm will set i correctly * NOTE: For ECDH-RSA, we need an ECC * not an RSA cert but for ECDHE-RSA * we need an RSA cert. Placing the * checks for SSL_kECDH before RSA * checks ensures the correct cert is chosen. */ i=SSL_PKEY_ECC; } else if (kalg & SSL_aECDSA) { i=SSL_PKEY_ECC; } else if (kalg & SSL_kDHr) i=SSL_PKEY_DH_RSA; else if (kalg & SSL_kDHd) i=SSL_PKEY_DH_DSA; else if (kalg & SSL_aDSS) i=SSL_PKEY_DSA_SIGN; else if (kalg & SSL_aRSA) { if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) i=SSL_PKEY_RSA_SIGN; else i=SSL_PKEY_RSA_ENC; } else if (kalg & SSL_aKRB5) { /* VRS something else here? */ return(NULL); } else /* if (kalg & SSL_aNULL) */ { SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR); return(NULL); } return c->pkeys + i; } X509 *ssl_get_server_send_cert(const SSL *s) { CERT_PKEY *cpk; cpk = ssl_get_server_send_pkey(s); if (!cpk) return NULL; return cpk->x509; } EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher) { unsigned long alg; CERT *c; alg=cipher->algorithms; c=s->cert; if ((alg & SSL_aDSS) && (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey); else if (alg & SSL_aRSA) { if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey); else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) return(c->pkeys[SSL_PKEY_RSA_ENC].privatekey); else return(NULL); } else if ((alg & SSL_aECDSA) && (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) return(c->pkeys[SSL_PKEY_ECC].privatekey); else /* if (alg & SSL_aNULL) */ { SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR); return(NULL); } } void ssl_update_cache(SSL *s,int mode) { int i; /* If the session_id_length is 0, we are not supposed to cache it, * and it would be rather hard to do anyway :-) */ if (s->session->session_id_length == 0) return; i=s->ctx->session_cache_mode; if ((i & mode) && (!s->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) || SSL_CTX_add_session(s->ctx,s->session)) && (s->ctx->new_session_cb != NULL)) { CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION); if (!s->ctx->new_session_cb(s,s->session)) SSL_SESSION_free(s->session); } /* auto flush every 255 connections */ if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) { if ( (((mode & SSL_SESS_CACHE_CLIENT) ?s->ctx->stats.sess_connect_good :s->ctx->stats.sess_accept_good) & 0xff) == 0xff) { SSL_CTX_flush_sessions(s->ctx,(unsigned long)time(NULL)); } } } SSL_METHOD *SSL_get_ssl_method(SSL *s) { return(s->method); } int SSL_set_ssl_method(SSL *s,SSL_METHOD *meth) { int conn= -1; int ret=1; if (s->method != meth) { if (s->handshake_func != NULL) conn=(s->handshake_func == s->method->ssl_connect); if (s->method->version == meth->version) s->method=meth; else { s->method->ssl_free(s); s->method=meth; ret=s->method->ssl_new(s); } if (conn == 1) s->handshake_func=meth->ssl_connect; else if (conn == 0) s->handshake_func=meth->ssl_accept; } return(ret); } int SSL_get_error(const SSL *s,int i) { int reason; unsigned long l; BIO *bio; if (i > 0) return(SSL_ERROR_NONE); /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake * etc, where we do encode the error */ if ((l=ERR_peek_error()) != 0) { if (ERR_GET_LIB(l) == ERR_LIB_SYS) return(SSL_ERROR_SYSCALL); else return(SSL_ERROR_SSL); } if ((i < 0) && SSL_want_read(s)) { bio=SSL_get_rbio(s); if (BIO_should_read(bio)) return(SSL_ERROR_WANT_READ); else if (BIO_should_write(bio)) /* This one doesn't make too much sense ... We never try * to write to the rbio, and an application program where * rbio and wbio are separate couldn't even know what it * should wait for. * However if we ever set s->rwstate incorrectly * (so that we have SSL_want_read(s) instead of * SSL_want_write(s)) and rbio and wbio *are* the same, * this test works around that bug; so it might be safer * to keep it. */ return(SSL_ERROR_WANT_WRITE); else if (BIO_should_io_special(bio)) { reason=BIO_get_retry_reason(bio); if (reason == BIO_RR_CONNECT) return(SSL_ERROR_WANT_CONNECT); else if (reason == BIO_RR_ACCEPT) return(SSL_ERROR_WANT_ACCEPT); else return(SSL_ERROR_SYSCALL); /* unknown */ } } if ((i < 0) && SSL_want_write(s)) { bio=SSL_get_wbio(s); if (BIO_should_write(bio)) return(SSL_ERROR_WANT_WRITE); else if (BIO_should_read(bio)) /* See above (SSL_want_read(s) with BIO_should_write(bio)) */ return(SSL_ERROR_WANT_READ); else if (BIO_should_io_special(bio)) { reason=BIO_get_retry_reason(bio); if (reason == BIO_RR_CONNECT) return(SSL_ERROR_WANT_CONNECT); else if (reason == BIO_RR_ACCEPT) return(SSL_ERROR_WANT_ACCEPT); else return(SSL_ERROR_SYSCALL); } } if ((i < 0) && SSL_want_x509_lookup(s)) { return(SSL_ERROR_WANT_X509_LOOKUP); } if (i == 0) { if (s->version == SSL2_VERSION) { /* assume it is the socket being closed */ return(SSL_ERROR_ZERO_RETURN); } else { if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) return(SSL_ERROR_ZERO_RETURN); } } return(SSL_ERROR_SYSCALL); } int SSL_do_handshake(SSL *s) { int ret=1; if (s->handshake_func == NULL) { SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET); return(-1); } s->method->ssl_renegotiate_check(s); if (SSL_in_init(s) || SSL_in_before(s)) { ret=s->handshake_func(s); } return(ret); } /* For the next 2 functions, SSL_clear() sets shutdown and so * one of these calls will reset it */ void SSL_set_accept_state(SSL *s) { s->server=1; s->shutdown=0; s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE; s->handshake_func=s->method->ssl_accept; /* clear the current cipher */ ssl_clear_cipher_ctx(s); } void SSL_set_connect_state(SSL *s) { s->server=0; s->shutdown=0; s->state=SSL_ST_CONNECT|SSL_ST_BEFORE; s->handshake_func=s->method->ssl_connect; /* clear the current cipher */ ssl_clear_cipher_ctx(s); } int ssl_undefined_function(SSL *s) { SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return(0); } int ssl_undefined_void_function(void) { SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return(0); } int ssl_undefined_const_function(const SSL *s) { SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return(0); } SSL_METHOD *ssl_bad_method(int ver) { SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return(NULL); } const char *SSL_get_version(const SSL *s) { if (s->version == TLS1_VERSION) return("TLSv1"); else if (s->version == SSL3_VERSION) return("SSLv3"); else if (s->version == SSL2_VERSION) return("SSLv2"); else return("unknown"); } SSL *SSL_dup(SSL *s) { STACK_OF(X509_NAME) *sk; X509_NAME *xn; SSL *ret; int i; if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) return(NULL); ret->version = s->version; ret->type = s->type; ret->method = s->method; if (s->session != NULL) { /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ SSL_copy_session_id(ret,s); } else { /* No session has been established yet, so we have to expect * that s->cert or ret->cert will be changed later -- * they should not both point to the same object, * and thus we can't use SSL_copy_session_id. */ ret->method->ssl_free(ret); ret->method = s->method; ret->method->ssl_new(ret); if (s->cert != NULL) { if (ret->cert != NULL) { ssl_cert_free(ret->cert); } ret->cert = ssl_cert_dup(s->cert); if (ret->cert == NULL) goto err; } SSL_set_session_id_context(ret, s->sid_ctx, s->sid_ctx_length); } ret->options=s->options; ret->mode=s->mode; SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s)); SSL_set_read_ahead(ret,SSL_get_read_ahead(s)); ret->msg_callback = s->msg_callback; ret->msg_callback_arg = s->msg_callback_arg; SSL_set_verify(ret,SSL_get_verify_mode(s), SSL_get_verify_callback(s)); SSL_set_verify_depth(ret,SSL_get_verify_depth(s)); ret->generate_session_id = s->generate_session_id; SSL_set_info_callback(ret,SSL_get_info_callback(s)); ret->debug=s->debug; /* copy app data, a little dangerous perhaps */ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) goto err; /* setup rbio, and wbio */ if (s->rbio != NULL) { if (!BIO_dup_state(s->rbio,(char *)&ret->rbio)) goto err; } if (s->wbio != NULL) { if (s->wbio != s->rbio) { if (!BIO_dup_state(s->wbio,(char *)&ret->wbio)) goto err; } else ret->wbio=ret->rbio; } ret->rwstate = s->rwstate; ret->in_handshake = s->in_handshake; ret->handshake_func = s->handshake_func; ret->server = s->server; ret->new_session = s->new_session; ret->quiet_shutdown = s->quiet_shutdown; ret->shutdown=s->shutdown; ret->state=s->state; /* SSL_dup does not really work at any state, though */ ret->rstate=s->rstate; ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ ret->hit=s->hit; X509_VERIFY_PARAM_inherit(ret->param, s->param); /* dup the cipher_list and cipher_list_by_id stacks */ if (s->cipher_list != NULL) { if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) goto err; } if (s->cipher_list_by_id != NULL) if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id)) == NULL) goto err; /* Dup the client_CA list */ if (s->client_CA != NULL) { if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; ret->client_CA=sk; for (i=0; ienc_read_ctx != NULL) { EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); OPENSSL_free(s->enc_read_ctx); s->enc_read_ctx=NULL; } if (s->enc_write_ctx != NULL) { EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); OPENSSL_free(s->enc_write_ctx); s->enc_write_ctx=NULL; } #ifndef OPENSSL_NO_COMP if (s->expand != NULL) { COMP_CTX_free(s->expand); s->expand=NULL; } if (s->compress != NULL) { COMP_CTX_free(s->compress); s->compress=NULL; } #endif } /* Fix this function so that it takes an optional type parameter */ X509 *SSL_get_certificate(const SSL *s) { if (s->server) return(ssl_get_server_send_cert(s)); else if (s->cert != NULL) return(s->cert->key->x509); else return(NULL); } /* Fix this function so that it takes an optional type parameter */ EVP_PKEY *SSL_get_privatekey(SSL *s) { if (s->cert != NULL) return(s->cert->key->privatekey); else return(NULL); } SSL_CIPHER *SSL_get_current_cipher(const SSL *s) { if ((s->session != NULL) && (s->session->cipher != NULL)) return(s->session->cipher); return(NULL); } #ifdef OPENSSL_NO_COMP const void *SSL_get_current_compression(SSL *s) { return NULL; } const void *SSL_get_current_expansion(SSL *s) { return NULL; } #else const COMP_METHOD *SSL_get_current_compression(SSL *s) { if (s->compress != NULL) return(s->compress->meth); return(NULL); } const COMP_METHOD *SSL_get_current_expansion(SSL *s) { if (s->expand != NULL) return(s->expand->meth); return(NULL); } #endif int ssl_init_wbio_buffer(SSL *s,int push) { BIO *bbio; if (s->bbio == NULL) { bbio=BIO_new(BIO_f_buffer()); if (bbio == NULL) return(0); s->bbio=bbio; } else { bbio=s->bbio; if (s->bbio == s->wbio) s->wbio=BIO_pop(s->wbio); } (void)BIO_reset(bbio); /* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ if (!BIO_set_read_buffer_size(bbio,1)) { SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB); return(0); } if (push) { if (s->wbio != bbio) s->wbio=BIO_push(bbio,s->wbio); } else { if (s->wbio == bbio) s->wbio=BIO_pop(bbio); } return(1); } void ssl_free_wbio_buffer(SSL *s) { if (s->bbio == NULL) return; if (s->bbio == s->wbio) { /* remove buffering */ s->wbio=BIO_pop(s->wbio); #ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */ assert(s->wbio != NULL); #endif } BIO_free(s->bbio); s->bbio=NULL; } void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode) { ctx->quiet_shutdown=mode; } int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) { return(ctx->quiet_shutdown); } void SSL_set_quiet_shutdown(SSL *s,int mode) { s->quiet_shutdown=mode; } int SSL_get_quiet_shutdown(const SSL *s) { return(s->quiet_shutdown); } void SSL_set_shutdown(SSL *s,int mode) { s->shutdown=mode; } int SSL_get_shutdown(const SSL *s) { return(s->shutdown); } int SSL_version(const SSL *s) { return(s->version); } SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) { return(ssl->ctx); } SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) { if (ssl->ctx == ctx) return ssl->ctx; #ifndef OPENSSL_NO_TLSEXT if (ctx == NULL) ctx = ssl->initial_ctx; #endif if (ssl->cert != NULL) ssl_cert_free(ssl->cert); ssl->cert = ssl_cert_dup(ctx->cert); CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); if (ssl->ctx != NULL) SSL_CTX_free(ssl->ctx); /* decrement reference count */ ssl->ctx = ctx; return(ssl->ctx); } #ifndef OPENSSL_NO_STDIO int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) { return(X509_STORE_set_default_paths(ctx->cert_store)); } int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath) { return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath)); } #endif void SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl,int type,int val)) { ssl->info_callback=cb; } /* One compiler (Diab DCC) doesn't like argument names in returned function pointer. */ void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) { return ssl->info_callback; } int SSL_state(const SSL *ssl) { return(ssl->state); } void SSL_set_verify_result(SSL *ssl,long arg) { ssl->verify_result=arg; } long SSL_get_verify_result(const SSL *ssl) { return(ssl->verify_result); } int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) { return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, new_func, dup_func, free_func); } int SSL_set_ex_data(SSL *s,int idx,void *arg) { return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); } void *SSL_get_ex_data(const SSL *s,int idx) { return(CRYPTO_get_ex_data(&s->ex_data,idx)); } int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) { return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, new_func, dup_func, free_func); } int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg) { return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); } void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx) { return(CRYPTO_get_ex_data(&s->ex_data,idx)); } int ssl_ok(SSL *s) { return(1); } X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) { return(ctx->cert_store); } void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store) { if (ctx->cert_store != NULL) X509_STORE_free(ctx->cert_store); ctx->cert_store=store; } int SSL_want(const SSL *s) { return(s->rwstate); } /*! * \brief Set the callback for generating temporary RSA keys. * \param ctx the SSL context. * \param cb the callback */ #ifndef OPENSSL_NO_RSA void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl, int is_export, int keylength)) { SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); } void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, int is_export, int keylength)) { SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); } #endif #ifdef DOXYGEN /*! * \brief The RSA temporary key callback function. * \param ssl the SSL session. * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite. * \param keylength if \c is_export is \c TRUE, then \c keylength is the size * of the required key in bits. * \return the temporary RSA key. * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback */ RSA *cb(SSL *ssl,int is_export,int keylength) {} #endif /*! * \brief Set the callback for generating temporary DH keys. * \param ctx the SSL context. * \param dh the callback */ #ifndef OPENSSL_NO_DH void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export, int keylength)) { SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); } void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export, int keylength)) { SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); } #endif #ifndef OPENSSL_NO_ECDH void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export, int keylength)) { SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); } void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export, int keylength)) { SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); } #endif void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) { SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); } void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) { SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); } #if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16) #include "../crypto/bio/bss_file.c" #endif IMPLEMENT_STACK_OF(SSL_CIPHER) IMPLEMENT_STACK_OF(SSL_COMP) Index: releng/8.4/crypto/openssl/ssl/ssl_stat.c =================================================================== --- releng/8.4/crypto/openssl/ssl/ssl_stat.c (revision 273415) +++ releng/8.4/crypto/openssl/ssl/ssl_stat.c (revision 273416) @@ -1,517 +1,541 @@ /* ssl/ssl_stat.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include #include "ssl_locl.h" const char *SSL_state_string_long(const SSL *s) { const char *str; switch (s->state) { case SSL_ST_BEFORE: str="before SSL initialization"; break; case SSL_ST_ACCEPT: str="before accept initialization"; break; case SSL_ST_CONNECT: str="before connect initialization"; break; case SSL_ST_OK: str="SSL negotiation finished successfully"; break; case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break; case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break; case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break; case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break; case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break; #ifndef OPENSSL_NO_SSL2 case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break; case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break; case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break; case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break; case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break; case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break; case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break; case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break; case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break; case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break; case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break; case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break; case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break; case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break; case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break; case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break; case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break; case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break; case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break; case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break; case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break; case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break; case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break; case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break; case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break; case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break; case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break; case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break; case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break; case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break; case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break; case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break; case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break; case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break; case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break; case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break; case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break; case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break; #endif #ifndef OPENSSL_NO_SSL3 /* SSLv3 additions */ case SSL3_ST_CW_CLNT_HELLO_A: str="SSLv3 write client hello A"; break; case SSL3_ST_CW_CLNT_HELLO_B: str="SSLv3 write client hello B"; break; case SSL3_ST_CR_SRVR_HELLO_A: str="SSLv3 read server hello A"; break; case SSL3_ST_CR_SRVR_HELLO_B: str="SSLv3 read server hello B"; break; case SSL3_ST_CR_CERT_A: str="SSLv3 read server certificate A"; break; case SSL3_ST_CR_CERT_B: str="SSLv3 read server certificate B"; break; case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break; case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break; case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break; case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break; case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break; case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break; case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break; case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break; case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break; case SSL3_ST_CW_CERT_B: str="SSLv3 write client certificate B"; break; case SSL3_ST_CW_CERT_C: str="SSLv3 write client certificate C"; break; case SSL3_ST_CW_CERT_D: str="SSLv3 write client certificate D"; break; case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break; case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break; case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break; case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify B"; break; case SSL3_ST_CW_CHANGE_A: case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break; case SSL3_ST_CW_CHANGE_B: case SSL3_ST_SW_CHANGE_B: str="SSLv3 write change cipher spec B"; break; case SSL3_ST_CW_FINISHED_A: case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break; case SSL3_ST_CW_FINISHED_B: case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished B"; break; case SSL3_ST_CR_CHANGE_A: case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break; case SSL3_ST_CR_CHANGE_B: case SSL3_ST_SR_CHANGE_B: str="SSLv3 read change cipher spec B"; break; case SSL3_ST_CR_FINISHED_A: case SSL3_ST_SR_FINISHED_A: str="SSLv3 read finished A"; break; case SSL3_ST_CR_FINISHED_B: case SSL3_ST_SR_FINISHED_B: str="SSLv3 read finished B"; break; case SSL3_ST_CW_FLUSH: case SSL3_ST_SW_FLUSH: str="SSLv3 flush data"; break; case SSL3_ST_SR_CLNT_HELLO_A: str="SSLv3 read client hello A"; break; case SSL3_ST_SR_CLNT_HELLO_B: str="SSLv3 read client hello B"; break; case SSL3_ST_SR_CLNT_HELLO_C: str="SSLv3 read client hello C"; break; case SSL3_ST_SW_HELLO_REQ_A: str="SSLv3 write hello request A"; break; case SSL3_ST_SW_HELLO_REQ_B: str="SSLv3 write hello request B"; break; case SSL3_ST_SW_HELLO_REQ_C: str="SSLv3 write hello request C"; break; case SSL3_ST_SW_SRVR_HELLO_A: str="SSLv3 write server hello A"; break; case SSL3_ST_SW_SRVR_HELLO_B: str="SSLv3 write server hello B"; break; case SSL3_ST_SW_CERT_A: str="SSLv3 write certificate A"; break; case SSL3_ST_SW_CERT_B: str="SSLv3 write certificate B"; break; case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break; case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break; case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break; case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break; case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break; case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break; case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break; case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break; case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break; case SSL3_ST_SR_CERT_B: str="SSLv3 read client certificate B"; break; case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break; case SSL3_ST_SR_KEY_EXCH_B: str="SSLv3 read client key exchange B"; break; case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certificate verify A"; break; case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break; #endif #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) /* SSLv2/v3 compatibility states */ /* client */ case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break; case SSL23_ST_CW_CLNT_HELLO_B: str="SSLv2/v3 write client hello B"; break; case SSL23_ST_CR_SRVR_HELLO_A: str="SSLv2/v3 read server hello A"; break; case SSL23_ST_CR_SRVR_HELLO_B: str="SSLv2/v3 read server hello B"; break; /* server */ case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break; case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break; #endif /* DTLS */ case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break; case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DTLS1 read hello verify request B"; break; case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DTLS1 write hello verify request A"; break; case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DTLS1 write hello verify request B"; break; default: str="unknown state"; break; } return(str); } const char *SSL_rstate_string_long(const SSL *s) { const char *str; switch (s->rstate) { case SSL_ST_READ_HEADER: str="read header"; break; case SSL_ST_READ_BODY: str="read body"; break; case SSL_ST_READ_DONE: str="read done"; break; default: str="unknown"; break; } return(str); } const char *SSL_state_string(const SSL *s) { const char *str; switch (s->state) { case SSL_ST_BEFORE: str="PINIT "; break; case SSL_ST_ACCEPT: str="AINIT "; break; case SSL_ST_CONNECT: str="CINIT "; break; case SSL_ST_OK: str="SSLOK "; break; #ifndef OPENSSL_NO_SSL2 case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break; case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break; case SSL2_ST_SEND_CLIENT_HELLO_A: str="2SCH_A"; break; case SSL2_ST_SEND_CLIENT_HELLO_B: str="2SCH_B"; break; case SSL2_ST_GET_SERVER_HELLO_A: str="2GSH_A"; break; case SSL2_ST_GET_SERVER_HELLO_B: str="2GSH_B"; break; case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="2SCMKA"; break; case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="2SCMKB"; break; case SSL2_ST_SEND_CLIENT_FINISHED_A: str="2SCF_A"; break; case SSL2_ST_SEND_CLIENT_FINISHED_B: str="2SCF_B"; break; case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="2SCC_A"; break; case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="2SCC_B"; break; case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="2SCC_C"; break; case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="2SCC_D"; break; case SSL2_ST_GET_SERVER_VERIFY_A: str="2GSV_A"; break; case SSL2_ST_GET_SERVER_VERIFY_B: str="2GSV_B"; break; case SSL2_ST_GET_SERVER_FINISHED_A: str="2GSF_A"; break; case SSL2_ST_GET_SERVER_FINISHED_B: str="2GSF_B"; break; case SSL2_ST_GET_CLIENT_HELLO_A: str="2GCH_A"; break; case SSL2_ST_GET_CLIENT_HELLO_B: str="2GCH_B"; break; case SSL2_ST_GET_CLIENT_HELLO_C: str="2GCH_C"; break; case SSL2_ST_SEND_SERVER_HELLO_A: str="2SSH_A"; break; case SSL2_ST_SEND_SERVER_HELLO_B: str="2SSH_B"; break; case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="2GCMKA"; break; case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="2GCMKA"; break; case SSL2_ST_SEND_SERVER_VERIFY_A: str="2SSV_A"; break; case SSL2_ST_SEND_SERVER_VERIFY_B: str="2SSV_B"; break; case SSL2_ST_SEND_SERVER_VERIFY_C: str="2SSV_C"; break; case SSL2_ST_GET_CLIENT_FINISHED_A: str="2GCF_A"; break; case SSL2_ST_GET_CLIENT_FINISHED_B: str="2GCF_B"; break; case SSL2_ST_SEND_SERVER_FINISHED_A: str="2SSF_A"; break; case SSL2_ST_SEND_SERVER_FINISHED_B: str="2SSF_B"; break; case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="2SRC_A"; break; case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="2SRC_B"; break; case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="2SRC_C"; break; case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="2SRC_D"; break; case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="2X9GSC"; break; case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="2X9GCC"; break; #endif #ifndef OPENSSL_NO_SSL3 /* SSLv3 additions */ case SSL3_ST_SW_FLUSH: case SSL3_ST_CW_FLUSH: str="3FLUSH"; break; case SSL3_ST_CW_CLNT_HELLO_A: str="3WCH_A"; break; case SSL3_ST_CW_CLNT_HELLO_B: str="3WCH_B"; break; case SSL3_ST_CR_SRVR_HELLO_A: str="3RSH_A"; break; case SSL3_ST_CR_SRVR_HELLO_B: str="3RSH_B"; break; case SSL3_ST_CR_CERT_A: str="3RSC_A"; break; case SSL3_ST_CR_CERT_B: str="3RSC_B"; break; case SSL3_ST_CR_KEY_EXCH_A: str="3RSKEA"; break; case SSL3_ST_CR_KEY_EXCH_B: str="3RSKEB"; break; case SSL3_ST_CR_CERT_REQ_A: str="3RCR_A"; break; case SSL3_ST_CR_CERT_REQ_B: str="3RCR_B"; break; case SSL3_ST_CR_SRVR_DONE_A: str="3RSD_A"; break; case SSL3_ST_CR_SRVR_DONE_B: str="3RSD_B"; break; case SSL3_ST_CW_CERT_A: str="3WCC_A"; break; case SSL3_ST_CW_CERT_B: str="3WCC_B"; break; case SSL3_ST_CW_CERT_C: str="3WCC_C"; break; case SSL3_ST_CW_CERT_D: str="3WCC_D"; break; case SSL3_ST_CW_KEY_EXCH_A: str="3WCKEA"; break; case SSL3_ST_CW_KEY_EXCH_B: str="3WCKEB"; break; case SSL3_ST_CW_CERT_VRFY_A: str="3WCV_A"; break; case SSL3_ST_CW_CERT_VRFY_B: str="3WCV_B"; break; case SSL3_ST_SW_CHANGE_A: case SSL3_ST_CW_CHANGE_A: str="3WCCSA"; break; case SSL3_ST_SW_CHANGE_B: case SSL3_ST_CW_CHANGE_B: str="3WCCSB"; break; case SSL3_ST_SW_FINISHED_A: case SSL3_ST_CW_FINISHED_A: str="3WFINA"; break; case SSL3_ST_SW_FINISHED_B: case SSL3_ST_CW_FINISHED_B: str="3WFINB"; break; case SSL3_ST_SR_CHANGE_A: case SSL3_ST_CR_CHANGE_A: str="3RCCSA"; break; case SSL3_ST_SR_CHANGE_B: case SSL3_ST_CR_CHANGE_B: str="3RCCSB"; break; case SSL3_ST_SR_FINISHED_A: case SSL3_ST_CR_FINISHED_A: str="3RFINA"; break; case SSL3_ST_SR_FINISHED_B: case SSL3_ST_CR_FINISHED_B: str="3RFINB"; break; case SSL3_ST_SW_HELLO_REQ_A: str="3WHR_A"; break; case SSL3_ST_SW_HELLO_REQ_B: str="3WHR_B"; break; case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break; case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break; case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break; case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break; case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break; case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break; case SSL3_ST_SW_CERT_A: str="3WSC_A"; break; case SSL3_ST_SW_CERT_B: str="3WSC_B"; break; case SSL3_ST_SW_KEY_EXCH_A: str="3WSKEA"; break; case SSL3_ST_SW_KEY_EXCH_B: str="3WSKEB"; break; case SSL3_ST_SW_CERT_REQ_A: str="3WCR_A"; break; case SSL3_ST_SW_CERT_REQ_B: str="3WCR_B"; break; case SSL3_ST_SW_SRVR_DONE_A: str="3WSD_A"; break; case SSL3_ST_SW_SRVR_DONE_B: str="3WSD_B"; break; case SSL3_ST_SR_CERT_A: str="3RCC_A"; break; case SSL3_ST_SR_CERT_B: str="3RCC_B"; break; case SSL3_ST_SR_KEY_EXCH_A: str="3RCKEA"; break; case SSL3_ST_SR_KEY_EXCH_B: str="3RCKEB"; break; case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break; case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break; #endif #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) /* SSLv2/v3 compatibility states */ /* client */ case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break; case SSL23_ST_CW_CLNT_HELLO_B: str="23WCHB"; break; case SSL23_ST_CR_SRVR_HELLO_A: str="23RSHA"; break; case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; break; /* server */ case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break; case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break; #endif /* DTLS */ case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break; case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break; case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DWCHVA"; break; case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DWCHVB"; break; default: str="UNKWN "; break; } return(str); } const char *SSL_alert_type_string_long(int value) { value>>=8; if (value == SSL3_AL_WARNING) return("warning"); else if (value == SSL3_AL_FATAL) return("fatal"); else return("unknown"); } const char *SSL_alert_type_string(int value) { value>>=8; if (value == SSL3_AL_WARNING) return("W"); else if (value == SSL3_AL_FATAL) return("F"); else return("U"); } const char *SSL_alert_desc_string(int value) { const char *str; switch (value & 0xff) { case SSL3_AD_CLOSE_NOTIFY: str="CN"; break; case SSL3_AD_UNEXPECTED_MESSAGE: str="UM"; break; case SSL3_AD_BAD_RECORD_MAC: str="BM"; break; case SSL3_AD_DECOMPRESSION_FAILURE: str="DF"; break; case SSL3_AD_HANDSHAKE_FAILURE: str="HF"; break; case SSL3_AD_NO_CERTIFICATE: str="NC"; break; case SSL3_AD_BAD_CERTIFICATE: str="BC"; break; case SSL3_AD_UNSUPPORTED_CERTIFICATE: str="UC"; break; case SSL3_AD_CERTIFICATE_REVOKED: str="CR"; break; case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break; case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break; case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break; case TLS1_AD_DECRYPTION_FAILED: str="DC"; break; case TLS1_AD_RECORD_OVERFLOW: str="RO"; break; case TLS1_AD_UNKNOWN_CA: str="CA"; break; case TLS1_AD_ACCESS_DENIED: str="AD"; break; case TLS1_AD_DECODE_ERROR: str="DE"; break; case TLS1_AD_DECRYPT_ERROR: str="CY"; break; case TLS1_AD_EXPORT_RESTRICTION: str="ER"; break; case TLS1_AD_PROTOCOL_VERSION: str="PV"; break; case TLS1_AD_INSUFFICIENT_SECURITY: str="IS"; break; case TLS1_AD_INTERNAL_ERROR: str="IE"; break; case TLS1_AD_USER_CANCELLED: str="US"; break; case TLS1_AD_NO_RENEGOTIATION: str="NR"; break; + case TLS1_AD_UNSUPPORTED_EXTENSION: str="UE"; break; + case TLS1_AD_CERTIFICATE_UNOBTAINABLE: str="CO"; break; + case TLS1_AD_UNRECOGNIZED_NAME: str="UN"; break; + case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: str="BR"; break; + case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: str="BH"; break; + case TLS1_AD_UNKNOWN_PSK_IDENTITY: str="UP"; break; default: str="UK"; break; } return(str); } const char *SSL_alert_desc_string_long(int value) { const char *str; switch (value & 0xff) { case SSL3_AD_CLOSE_NOTIFY: str="close notify"; break; case SSL3_AD_UNEXPECTED_MESSAGE: str="unexpected_message"; break; case SSL3_AD_BAD_RECORD_MAC: str="bad record mac"; break; case SSL3_AD_DECOMPRESSION_FAILURE: str="decompression failure"; break; case SSL3_AD_HANDSHAKE_FAILURE: str="handshake failure"; break; case SSL3_AD_NO_CERTIFICATE: str="no certificate"; break; case SSL3_AD_BAD_CERTIFICATE: str="bad certificate"; break; case SSL3_AD_UNSUPPORTED_CERTIFICATE: str="unsupported certificate"; break; case SSL3_AD_CERTIFICATE_REVOKED: str="certificate revoked"; break; case SSL3_AD_CERTIFICATE_EXPIRED: str="certificate expired"; break; case SSL3_AD_CERTIFICATE_UNKNOWN: str="certificate unknown"; break; case SSL3_AD_ILLEGAL_PARAMETER: str="illegal parameter"; break; case TLS1_AD_DECRYPTION_FAILED: str="decryption failed"; break; case TLS1_AD_RECORD_OVERFLOW: str="record overflow"; break; case TLS1_AD_UNKNOWN_CA: str="unknown CA"; break; case TLS1_AD_ACCESS_DENIED: str="access denied"; break; case TLS1_AD_DECODE_ERROR: str="decode error"; break; case TLS1_AD_DECRYPT_ERROR: str="decrypt error"; break; case TLS1_AD_EXPORT_RESTRICTION: str="export restriction"; break; case TLS1_AD_PROTOCOL_VERSION: str="protocol version"; break; case TLS1_AD_INSUFFICIENT_SECURITY: str="insufficient security"; break; case TLS1_AD_INTERNAL_ERROR: str="internal error"; break; case TLS1_AD_USER_CANCELLED: str="user canceled"; break; case TLS1_AD_NO_RENEGOTIATION: str="no renegotiation"; + break; + case TLS1_AD_UNSUPPORTED_EXTENSION: + str="unsupported extension"; + break; + case TLS1_AD_CERTIFICATE_UNOBTAINABLE: + str="certificate unobtainable"; + break; + case TLS1_AD_UNRECOGNIZED_NAME: + str="unrecognized name"; + break; + case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: + str="bad certificate status response"; + break; + case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: + str="bad certificate hash value"; + break; + case TLS1_AD_UNKNOWN_PSK_IDENTITY: + str="unknown PSK identity"; break; default: str="unknown"; break; } return(str); } const char *SSL_rstate_string(const SSL *s) { const char *str; switch (s->rstate) { case SSL_ST_READ_HEADER:str="RH"; break; case SSL_ST_READ_BODY: str="RB"; break; case SSL_ST_READ_DONE: str="RD"; break; default: str="unknown"; break; } return(str); } Index: releng/8.4/crypto/openssl/ssl/t1_enc.c =================================================================== --- releng/8.4/crypto/openssl/ssl/t1_enc.c (revision 273415) +++ releng/8.4/crypto/openssl/ssl/t1_enc.c (revision 273416) @@ -1,863 +1,869 @@ /* ssl/t1_enc.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ #include #include "ssl_locl.h" #ifndef OPENSSL_NO_COMP #include #endif #include #include #include #ifdef KSSL_DEBUG #include #endif static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, unsigned char *seed, int seed_len, unsigned char *out, int olen) { int chunk; unsigned int j; HMAC_CTX ctx; HMAC_CTX ctx_tmp; unsigned char A1[EVP_MAX_MD_SIZE]; unsigned int A1_len; chunk=EVP_MD_size(md); HMAC_CTX_init(&ctx); HMAC_CTX_init(&ctx_tmp); HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); HMAC_Update(&ctx,seed,seed_len); HMAC_Final(&ctx,A1,&A1_len); for (;;) { HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */ HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */ HMAC_Update(&ctx,A1,A1_len); HMAC_Update(&ctx_tmp,A1,A1_len); HMAC_Update(&ctx,seed,seed_len); if (olen > chunk) { HMAC_Final(&ctx,out,&j); out+=j; olen-=j; HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */ } else /* last one */ { HMAC_Final(&ctx,A1,&A1_len); memcpy(out,A1,olen); break; } } HMAC_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&ctx_tmp); OPENSSL_cleanse(A1,sizeof(A1)); } static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1, unsigned char *label, int label_len, const unsigned char *sec, int slen, unsigned char *out1, unsigned char *out2, int olen) { int len,i; const unsigned char *S1,*S2; len=slen/2; S1=sec; S2= &(sec[len]); len+=(slen&1); /* add for odd, make longer */ tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen); tls1_P_hash(sha1,S2,len,label,label_len,out2,olen); for (i=0; is3->server_random,SSL3_RANDOM_SIZE); p+=SSL3_RANDOM_SIZE; memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); p+=SSL3_RANDOM_SIZE; tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf), s->session->master_key,s->session->master_key_length, km,tmp,num); #ifdef KSSL_DEBUG printf("tls1_generate_key_block() ==> %d byte master_key =\n\t", s->session->master_key_length); { int i; for (i=0; i < s->session->master_key_length; i++) { printf("%02X", s->session->master_key[i]); } printf("\n"); } #endif /* KSSL_DEBUG */ } int tls1_change_cipher_state(SSL *s, int which) { static const unsigned char empty[]=""; unsigned char *p,*mac_secret; unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+ SSL3_RANDOM_SIZE*2]; unsigned char tmp1[EVP_MAX_KEY_LENGTH]; unsigned char tmp2[EVP_MAX_KEY_LENGTH]; unsigned char iv1[EVP_MAX_IV_LENGTH*2]; unsigned char iv2[EVP_MAX_IV_LENGTH*2]; unsigned char *ms,*key,*iv; int client_write; EVP_CIPHER_CTX *dd; const EVP_CIPHER *c; #ifndef OPENSSL_NO_COMP const SSL_COMP *comp; #endif const EVP_MD *m; int is_export,n,i,j,k,exp_label_len,cl; int reuse_dd = 0; is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); c=s->s3->tmp.new_sym_enc; m=s->s3->tmp.new_hash; #ifndef OPENSSL_NO_COMP comp=s->s3->tmp.new_compression; #endif #ifdef KSSL_DEBUG key_block=s->s3->tmp.key_block; printf("tls1_change_cipher_state(which= %d) w/\n", which); printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms, (void *)comp); printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", (void *)c); printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", c->nid,c->block_size,c->key_len,c->iv_len); printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length); { int ki; for (ki=0; kis3->tmp.key_block_length; ki++) printf("%02x", s->s3->tmp.key_block[ki]); printf("\n"); } #endif /* KSSL_DEBUG */ if (which & SSL3_CC_READ) { if (s->enc_read_ctx != NULL) reuse_dd = 1; else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) goto err; else /* make sure it's intialized in case we exit later with an error */ EVP_CIPHER_CTX_init(s->enc_read_ctx); dd= s->enc_read_ctx; s->read_hash=m; #ifndef OPENSSL_NO_COMP if (s->expand != NULL) { COMP_CTX_free(s->expand); s->expand=NULL; } if (comp != NULL) { s->expand=COMP_CTX_new(comp->method); if (s->expand == NULL) { SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR); goto err2; } if (s->s3->rrec.comp == NULL) s->s3->rrec.comp=(unsigned char *) OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH); if (s->s3->rrec.comp == NULL) goto err; } #endif /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ if (s->version != DTLS1_VERSION) memset(&(s->s3->read_sequence[0]),0,8); mac_secret= &(s->s3->read_mac_secret[0]); } else { if (s->enc_write_ctx != NULL) reuse_dd = 1; else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) goto err; else /* make sure it's intialized in case we exit later with an error */ EVP_CIPHER_CTX_init(s->enc_write_ctx); dd= s->enc_write_ctx; s->write_hash=m; #ifndef OPENSSL_NO_COMP if (s->compress != NULL) { COMP_CTX_free(s->compress); s->compress=NULL; } if (comp != NULL) { s->compress=COMP_CTX_new(comp->method); if (s->compress == NULL) { SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR); goto err2; } } #endif /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ if (s->version != DTLS1_VERSION) memset(&(s->s3->write_sequence[0]),0,8); mac_secret= &(s->s3->write_mac_secret[0]); } if (reuse_dd) EVP_CIPHER_CTX_cleanup(dd); p=s->s3->tmp.key_block; i=EVP_MD_size(m); cl=EVP_CIPHER_key_length(c); j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ k=EVP_CIPHER_iv_length(c); if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { ms= &(p[ 0]); n=i+i; key= &(p[ n]); n+=j+j; iv= &(p[ n]); n+=k+k; exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST; exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE; client_write=1; } else { n=i; ms= &(p[ n]); n+=i+j; key= &(p[ n]); n+=j+k; iv= &(p[ n]); n+=k; exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST; exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE; client_write=0; } if (n > s->s3->tmp.key_block_length) { SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR); goto err2; } memcpy(mac_secret,ms,i); #ifdef TLS_DEBUG printf("which = %04X\nmac key=",which); { int z; for (z=0; zs3->client_random,SSL3_RANDOM_SIZE); p+=SSL3_RANDOM_SIZE; memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); p+=SSL3_RANDOM_SIZE; tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j, tmp1,tmp2,EVP_CIPHER_key_length(c)); key=tmp1; if (k > 0) { p=buf; memcpy(p,TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE); p+=TLS_MD_IV_BLOCK_CONST_SIZE; memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); p+=SSL3_RANDOM_SIZE; memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); p+=SSL3_RANDOM_SIZE; tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0, iv1,iv2,k*2); if (client_write) iv=iv1; else iv= &(iv1[k]); } } s->session->key_arg_length=0; #ifdef KSSL_DEBUG { int ki; printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n"); printf("\tkey= "); for (ki=0; kikey_len; ki++) printf("%02x", key[ki]); printf("\n"); printf("\t iv= "); for (ki=0; kiiv_len; ki++) printf("%02x", iv[ki]); printf("\n"); } #endif /* KSSL_DEBUG */ EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE)); #ifdef TLS_DEBUG printf("which = %04X\nkey=",which); { int z; for (z=0; zs3->tmp.key_block_length != 0) return(1); if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp)) { SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE); return(0); } s->s3->tmp.new_sym_enc=c; s->s3->tmp.new_hash=hash; num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c); num*=2; ssl3_cleanup_key_block(s); if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL) goto err; if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL) goto err; s->s3->tmp.key_block_length=num; s->s3->tmp.key_block=p1; #ifdef TLS_DEBUG printf("client random\n"); { int z; for (z=0; zs3->client_random[z],((z+1)%16)?' ':'\n'); } printf("server random\n"); { int z; for (z=0; zs3->server_random[z],((z+1)%16)?' ':'\n'); } printf("pre-master\n"); { int z; for (z=0; zsession->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); } #endif tls1_generate_key_block(s,p1,p2,num); OPENSSL_cleanse(p2,num); OPENSSL_free(p2); #ifdef TLS_DEBUG printf("\nkey block\n"); { int z; for (z=0; zoptions & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) { /* enable vulnerability countermeasure for CBC ciphers with * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */ s->s3->need_empty_fragments = 1; if (s->session->cipher != NULL) { if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL) s->s3->need_empty_fragments = 0; #ifndef OPENSSL_NO_RC4 if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4) s->s3->need_empty_fragments = 0; #endif } } return(1); err: SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); return(0); } /* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. * * Returns: * 0: (in non-constant time) if the record is publically invalid (i.e. too * short etc). * 1: if the record's padding is valid / the encryption was successful. * -1: if the record's padding/AEAD-authenticator is invalid or, if sending, * an internal error occured. */ int tls1_enc(SSL *s, int send) { SSL3_RECORD *rec; EVP_CIPHER_CTX *ds; unsigned long l; int bs,i,j,k,pad=0,ret,mac_size=0; const EVP_CIPHER *enc; if (send) { ds=s->enc_write_ctx; rec= &(s->s3->wrec); if (s->enc_write_ctx == NULL) enc=NULL; else enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); } else { ds=s->enc_read_ctx; rec= &(s->s3->rrec); if (s->enc_read_ctx == NULL) enc=NULL; else enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); } #ifdef KSSL_DEBUG printf("tls1_enc(%d)\n", send); #endif /* KSSL_DEBUG */ if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { memmove(rec->data,rec->input,rec->length); rec->input=rec->data; ret = 1; } else { l=rec->length; bs=EVP_CIPHER_block_size(ds->cipher); if ((bs != 1) && send) { i=bs-((int)l%bs); /* Add weird padding of upto 256 bytes */ /* we need to add 'i' padding bytes of value j */ j=i-1; if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) { if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) j++; } for (k=(int)l; k<(int)(l+i); k++) rec->input[k]=j; l+=i; rec->length+=i; } #ifdef KSSL_DEBUG { unsigned long ui; printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", ds,rec->data,rec->input,l); printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", ds->buf_len, ds->cipher->key_len, DES_KEY_SZ, DES_SCHEDULE_SZ, ds->cipher->iv_len); printf("\t\tIV: "); for (i=0; icipher->iv_len; i++) printf("%02X", ds->iv[i]); printf("\n"); printf("\trec->input="); for (ui=0; uiinput[ui]); printf("\n"); } #endif /* KSSL_DEBUG */ if (!send) { if (l == 0 || l%bs != 0) return 0; } EVP_Cipher(ds,rec->data,rec->input,l); #ifdef KSSL_DEBUG { unsigned long ki; printf("\trec->data="); for (ki=0; kidata[ki]); printf("\n"); } #endif /* KSSL_DEBUG */ ret = 1; if (s->read_hash != NULL) mac_size = EVP_MD_size(s->read_hash); if ((bs != 1) && !send) ret = tls1_cbc_remove_padding(s, rec, bs, mac_size); if (pad && !send) rec->length -= pad; } return ret; } int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out) { unsigned int ret; EVP_MD_CTX ctx; EVP_MD_CTX_init(&ctx); EVP_MD_CTX_copy_ex(&ctx,in_ctx); EVP_DigestFinal_ex(&ctx,out,&ret); EVP_MD_CTX_cleanup(&ctx); return((int)ret); } int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx, const char *str, int slen, unsigned char *out) { unsigned int i; EVP_MD_CTX ctx; unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; unsigned char *q,buf2[12]; q=buf; memcpy(q,str,slen); q+=slen; EVP_MD_CTX_init(&ctx); EVP_MD_CTX_copy_ex(&ctx,in1_ctx); EVP_DigestFinal_ex(&ctx,q,&i); q+=i; EVP_MD_CTX_copy_ex(&ctx,in2_ctx); EVP_DigestFinal_ex(&ctx,q,&i); q+=i; tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf), s->session->master_key,s->session->master_key_length, out,buf2,sizeof buf2); EVP_MD_CTX_cleanup(&ctx); return sizeof buf2; } int tls1_mac(SSL *ssl, unsigned char *md, int send) { SSL3_RECORD *rec; unsigned char *mac_sec,*seq; const EVP_MD *hash; size_t md_size, orig_len; int i; HMAC_CTX hmac; unsigned char header[13]; if (send) { rec= &(ssl->s3->wrec); mac_sec= &(ssl->s3->write_mac_secret[0]); seq= &(ssl->s3->write_sequence[0]); hash=ssl->write_hash; } else { rec= &(ssl->s3->rrec); mac_sec= &(ssl->s3->read_mac_secret[0]); seq= &(ssl->s3->read_sequence[0]); hash=ssl->read_hash; } md_size=EVP_MD_size(hash); /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ HMAC_CTX_init(&hmac); HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL); if (ssl->version == DTLS1_BAD_VER || (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)) { unsigned char dtlsseq[8],*p=dtlsseq; s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p); memcpy (p,&seq[2],6); memcpy(header, dtlsseq, 8); } else memcpy(header, seq, 8); /* kludge: tls1_cbc_remove_padding passes padding length in rec->type */ orig_len = rec->length+md_size+((unsigned int)rec->type>>8); rec->type &= 0xff; header[8]=rec->type; header[9]=(unsigned char)(ssl->version>>8); header[10]=(unsigned char)(ssl->version); header[11]=(rec->length)>>8; header[12]=(rec->length)&0xff; if (!send && EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && ssl3_cbc_record_digest_supported(hash)) { /* This is a CBC-encrypted record. We must avoid leaking any * timing-side channel information about how many blocks of * data we are hashing because that gives an attacker a * timing-oracle. */ ssl3_cbc_digest_record( hash, md, &md_size, header, rec->input, rec->length + md_size, orig_len, ssl->s3->read_mac_secret, EVP_MD_size(ssl->read_hash), 0 /* not SSLv3 */); } else { unsigned mds; HMAC_Update(&hmac,header,sizeof(header)); HMAC_Update(&hmac,rec->input,rec->length); HMAC_Final(&hmac,md,&mds); md_size = mds; #ifdef OPENSSL_FIPS if (!send && FIPS_mode()) tls_fips_digest_extra( ssl->enc_read_ctx, hash, &hmac, rec->input, rec->length, orig_len); #endif } HMAC_CTX_cleanup(&hmac); #ifdef TLS_DEBUG printf("sec="); {unsigned int z; for (z=0; z=0; i--) { ++seq[i]; if (seq[i] != 0) break; } } #ifdef TLS_DEBUG {unsigned int z; for (z=0; zs3->client_random,SSL3_RANDOM_SIZE); memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]), s->s3->server_random,SSL3_RANDOM_SIZE); tls1_PRF(s->ctx->md5,s->ctx->sha1, buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len, s->session->master_key,buff,sizeof buff); #ifdef KSSL_DEBUG printf ("tls1_generate_master_secret() complete\n"); #endif /* KSSL_DEBUG */ return(SSL3_MASTER_SECRET_SIZE); } int tls1_alert_code(int code) { switch (code) { case SSL_AD_CLOSE_NOTIFY: return(SSL3_AD_CLOSE_NOTIFY); case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE); case SSL_AD_BAD_RECORD_MAC: return(SSL3_AD_BAD_RECORD_MAC); case SSL_AD_DECRYPTION_FAILED: return(TLS1_AD_DECRYPTION_FAILED); case SSL_AD_RECORD_OVERFLOW: return(TLS1_AD_RECORD_OVERFLOW); case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE); case SSL_AD_HANDSHAKE_FAILURE: return(SSL3_AD_HANDSHAKE_FAILURE); case SSL_AD_NO_CERTIFICATE: return(-1); case SSL_AD_BAD_CERTIFICATE: return(SSL3_AD_BAD_CERTIFICATE); case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE); case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED); case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED); case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN); case SSL_AD_ILLEGAL_PARAMETER: return(SSL3_AD_ILLEGAL_PARAMETER); case SSL_AD_UNKNOWN_CA: return(TLS1_AD_UNKNOWN_CA); case SSL_AD_ACCESS_DENIED: return(TLS1_AD_ACCESS_DENIED); case SSL_AD_DECODE_ERROR: return(TLS1_AD_DECODE_ERROR); case SSL_AD_DECRYPT_ERROR: return(TLS1_AD_DECRYPT_ERROR); case SSL_AD_EXPORT_RESTRICTION: return(TLS1_AD_EXPORT_RESTRICTION); case SSL_AD_PROTOCOL_VERSION: return(TLS1_AD_PROTOCOL_VERSION); case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY); case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR); case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED); case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION); + case SSL_AD_UNSUPPORTED_EXTENSION: return(TLS1_AD_UNSUPPORTED_EXTENSION); + case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(TLS1_AD_CERTIFICATE_UNOBTAINABLE); + case SSL_AD_UNRECOGNIZED_NAME: return(TLS1_AD_UNRECOGNIZED_NAME); + case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE); + case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE); + case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); + case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK); #ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); #endif default: return(-1); } } - Index: releng/8.4/crypto/openssl/ssl/t1_lib.c =================================================================== --- releng/8.4/crypto/openssl/ssl/t1_lib.c (revision 273415) +++ releng/8.4/crypto/openssl/ssl/t1_lib.c (revision 273416) @@ -1,1058 +1,1061 @@ /* ssl/t1_lib.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include #include #include #include #include #include "ssl_locl.h" const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT; #ifndef OPENSSL_NO_TLSEXT static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, const unsigned char *sess_id, int sesslen, SSL_SESSION **psess); #endif SSL3_ENC_METHOD TLSv1_enc_data={ tls1_enc, tls1_mac, tls1_setup_key_block, tls1_generate_master_secret, tls1_change_cipher_state, tls1_final_finish_mac, TLS1_FINISH_MAC_LENGTH, tls1_cert_verify_mac, TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, }; long tls1_default_timeout(void) { /* 2 hours, the 24 hours mentioned in the TLSv1 spec * is way too long for http, the cache would over fill */ return(60*60*2); } IMPLEMENT_tls1_meth_func(tlsv1_base_method, ssl_undefined_function, ssl_undefined_function, ssl_bad_method) int tls1_new(SSL *s) { if (!ssl3_new(s)) return(0); s->method->ssl_clear(s); return(1); } void tls1_free(SSL *s) { ssl3_free(s); } void tls1_clear(SSL *s) { ssl3_clear(s); s->version=TLS1_VERSION; } #if 0 long tls1_ctrl(SSL *s, int cmd, long larg, char *parg) { return(0); } long tls1_callback_ctrl(SSL *s, int cmd, void *(*fp)()) { return(0); } #endif #ifndef OPENSSL_NO_TLSEXT unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) { int extdatalen=0; unsigned char *ret = p; /* don't add extensions for SSLv3 unless doing secure renegotiation */ if (s->client_version == SSL3_VERSION && !s->s3->send_connection_binding) return p; ret+=2; if (ret>=limit) return NULL; /* this really never occurs, but ... */ if (s->tlsext_hostname != NULL) { /* Add TLS extension servername to the Client Hello message */ unsigned long size_str; long lenmax; /* check for enough space. 4 for the servername type and entension length 2 for servernamelist length 1 for the hostname type 2 for hostname length + hostname length */ if ((lenmax = limit - ret - 9) < 0 || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax) return NULL; /* extension type and length */ s2n(TLSEXT_TYPE_server_name,ret); s2n(size_str+5,ret); /* length of servername list */ s2n(size_str+3,ret); /* hostname type, length and hostname */ *(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name; s2n(size_str,ret); memcpy(ret, s->tlsext_hostname, size_str); ret+=size_str; } /* Add RI if renegotiating */ if (s->new_session) { int el; if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return NULL; } if((limit - p - 4 - el) < 0) return NULL; s2n(TLSEXT_TYPE_renegotiate,ret); s2n(el,ret); if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return NULL; } ret += el; } if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) { int ticklen; if (!s->new_session && s->session && s->session->tlsext_tick) ticklen = s->session->tlsext_ticklen; else ticklen = 0; /* Check for enough room 2 for extension type, 2 for len * rest for ticket */ if (limit - ret - 4 - ticklen < 0) return NULL; s2n(TLSEXT_TYPE_session_ticket,ret); s2n(ticklen,ret); if (ticklen) { memcpy(ret, s->session->tlsext_tick, ticklen); ret += ticklen; } } if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && s->version != DTLS1_VERSION) { int i; long extlen, idlen, itmp; OCSP_RESPID *id; idlen = 0; for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) { id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); itmp = i2d_OCSP_RESPID(id, NULL); if (itmp <= 0) return NULL; idlen += itmp + 2; } if (s->tlsext_ocsp_exts) { extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL); if (extlen < 0) return NULL; } else extlen = 0; if ((long)(limit - ret - 7 - extlen - idlen) < 0) return NULL; s2n(TLSEXT_TYPE_status_request, ret); if (extlen + idlen > 0xFFF0) return NULL; s2n(extlen + idlen + 5, ret); *(ret++) = TLSEXT_STATUSTYPE_ocsp; s2n(idlen, ret); for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) { /* save position of id len */ unsigned char *q = ret; id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); /* skip over id len */ ret += 2; itmp = i2d_OCSP_RESPID(id, &ret); /* write id len */ s2n(itmp, q); } s2n(extlen, ret); if (extlen > 0) i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); } if ((extdatalen = ret-p-2)== 0) return p; s2n(extdatalen,p); return ret; } unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) { int extdatalen=0; unsigned char *ret = p; /* don't add extensions for SSLv3, unless doing secure renegotiation */ if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) return p; ret+=2; if (ret>=limit) return NULL; /* this really never occurs, but ... */ if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL) { if (limit - ret - 4 < 0) return NULL; s2n(TLSEXT_TYPE_server_name,ret); s2n(0,ret); } if(s->s3->send_connection_binding) { int el; if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) { SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return NULL; } if((limit - p - 4 - el) < 0) return NULL; s2n(TLSEXT_TYPE_renegotiate,ret); s2n(el,ret); if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) { SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return NULL; } ret += el; } if (s->tlsext_ticket_expected && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) { if (limit - ret - 4 < 0) return NULL; s2n(TLSEXT_TYPE_session_ticket,ret); s2n(0,ret); } if (s->tlsext_status_expected) { if ((long)(limit - ret - 4) < 0) return NULL; s2n(TLSEXT_TYPE_status_request,ret); s2n(0,ret); } if ((extdatalen = ret-p-2)== 0) return p; s2n(extdatalen,p); return ret; } int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) { unsigned short type; unsigned short size; unsigned short len; unsigned char *data = *p; int renegotiate_seen = 0; s->servername_done = 0; s->tlsext_status_type = -1; if (data >= (d+n-2)) goto ri_check; n2s(data,len); if (data > (d+n-len)) goto ri_check; while (data <= (d+n-4)) { n2s(data,type); n2s(data,size); if (data+size > (d+n)) goto ri_check; if (s->tlsext_debug_cb) s->tlsext_debug_cb(s, 0, type, data, size, s->tlsext_debug_arg); /* The servername extension is treated as follows: - Only the hostname type is supported with a maximum length of 255. - The servername is rejected if too long or if it contains zeros, in which case an fatal alert is generated. - The servername field is maintained together with the session cache. - When a session is resumed, the servername call back invoked in order to allow the application to position itself to the right context. - The servername is acknowledged if it is new for a session or when it is identical to a previously used for the same session. Applications can control the behaviour. They can at any time set a 'desirable' servername for a new SSL object. This can be the case for example with HTTPS when a Host: header field is received and a renegotiation is requested. In this case, a possible servername presented in the new client hello is only acknowledged if it matches the value of the Host: field. - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION if they provide for changing an explicit servername context for the session, i.e. when the session has been established with a servername extension. - On session reconnect, the servername extension may be absent. */ if (type == TLSEXT_TYPE_server_name) { unsigned char *sdata; int servname_type; int dsize; if (size < 2) { *al = SSL_AD_DECODE_ERROR; return 0; } n2s(data,dsize); size -= 2; if (dsize > size ) { *al = SSL_AD_DECODE_ERROR; return 0; } sdata = data; while (dsize > 3) { servname_type = *(sdata++); n2s(sdata,len); dsize -= 3; if (len > dsize) { *al = SSL_AD_DECODE_ERROR; return 0; } if (s->servername_done == 0) switch (servname_type) { case TLSEXT_NAMETYPE_host_name: if (!s->hit) { if(s->session->tlsext_hostname) { *al = SSL_AD_DECODE_ERROR; return 0; } if (len > TLSEXT_MAXLEN_host_name) { *al = TLS1_AD_UNRECOGNIZED_NAME; return 0; } if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL) { *al = TLS1_AD_INTERNAL_ERROR; return 0; } memcpy(s->session->tlsext_hostname, sdata, len); s->session->tlsext_hostname[len]='\0'; if (strlen(s->session->tlsext_hostname) != len) { OPENSSL_free(s->session->tlsext_hostname); s->session->tlsext_hostname = NULL; *al = TLS1_AD_UNRECOGNIZED_NAME; return 0; } s->servername_done = 1; } else s->servername_done = s->session->tlsext_hostname && strlen(s->session->tlsext_hostname) == len && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; break; default: break; } dsize -= len; } if (dsize != 0) { *al = SSL_AD_DECODE_ERROR; return 0; } } else if (type == TLSEXT_TYPE_renegotiate) { if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al)) return 0; renegotiate_seen = 1; } else if (type == TLSEXT_TYPE_status_request && s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb) { if (size < 5) { *al = SSL_AD_DECODE_ERROR; return 0; } s->tlsext_status_type = *data++; size--; if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) { const unsigned char *sdata; int dsize; /* Read in responder_id_list */ n2s(data,dsize); size -= 2; if (dsize > size ) { *al = SSL_AD_DECODE_ERROR; return 0; } while (dsize > 0) { OCSP_RESPID *id; int idsize; if (dsize < 4) { *al = SSL_AD_DECODE_ERROR; return 0; } n2s(data, idsize); dsize -= 2 + idsize; size -= 2 + idsize; if (dsize < 0) { *al = SSL_AD_DECODE_ERROR; return 0; } sdata = data; data += idsize; id = d2i_OCSP_RESPID(NULL, &sdata, idsize); if (!id) { *al = SSL_AD_DECODE_ERROR; return 0; } if (data != sdata) { OCSP_RESPID_free(id); *al = SSL_AD_DECODE_ERROR; return 0; } if (!s->tlsext_ocsp_ids && !(s->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null())) { OCSP_RESPID_free(id); *al = SSL_AD_INTERNAL_ERROR; return 0; } if (!sk_OCSP_RESPID_push( s->tlsext_ocsp_ids, id)) { OCSP_RESPID_free(id); *al = SSL_AD_INTERNAL_ERROR; return 0; } } /* Read in request_extensions */ if (size < 2) { *al = SSL_AD_DECODE_ERROR; return 0; } n2s(data,dsize); size -= 2; if (dsize != size) { *al = SSL_AD_DECODE_ERROR; return 0; } sdata = data; if (dsize > 0) { if (s->tlsext_ocsp_exts) { sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); } s->tlsext_ocsp_exts = d2i_X509_EXTENSIONS(NULL, &sdata, dsize); if (!s->tlsext_ocsp_exts || (data + dsize != sdata)) { *al = SSL_AD_DECODE_ERROR; return 0; } } } /* We don't know what to do with any other type * so ignore it. */ else s->tlsext_status_type = -1; } /* session ticket processed earlier */ data+=size; } *p = data; ri_check: /* Need RI if renegotiating */ if (!renegotiate_seen && s->new_session && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { *al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); return 0; } return 1; } int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) { unsigned short length; unsigned short type; unsigned short size; unsigned char *data = *p; int tlsext_servername = 0; int renegotiate_seen = 0; if (data >= (d+n-2)) goto ri_check; n2s(data,length); if (data+length != d+n) { *al = SSL_AD_DECODE_ERROR; return 0; } while(data <= (d+n-4)) { n2s(data,type); n2s(data,size); if (data+size > (d+n)) goto ri_check; if (s->tlsext_debug_cb) s->tlsext_debug_cb(s, 1, type, data, size, s->tlsext_debug_arg); if (type == TLSEXT_TYPE_server_name) { if (s->tlsext_hostname == NULL || size > 0) { *al = TLS1_AD_UNRECOGNIZED_NAME; return 0; } tlsext_servername = 1; } else if (type == TLSEXT_TYPE_session_ticket) { if ((SSL_get_options(s) & SSL_OP_NO_TICKET) || (size > 0)) { *al = TLS1_AD_UNSUPPORTED_EXTENSION; return 0; } s->tlsext_ticket_expected = 1; } else if (type == TLSEXT_TYPE_status_request && s->version != DTLS1_VERSION) { /* MUST be empty and only sent if we've requested * a status request message. */ if ((s->tlsext_status_type == -1) || (size > 0)) { *al = TLS1_AD_UNSUPPORTED_EXTENSION; return 0; } /* Set flag to expect CertificateStatus message */ s->tlsext_status_expected = 1; } else if (type == TLSEXT_TYPE_renegotiate) { if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al)) return 0; renegotiate_seen = 1; } data+=size; } if (data != d+n) { *al = SSL_AD_DECODE_ERROR; return 0; } if (!s->hit && tlsext_servername == 1) { if (s->tlsext_hostname) { if (s->session->tlsext_hostname == NULL) { s->session->tlsext_hostname = BUF_strdup(s->tlsext_hostname); if (!s->session->tlsext_hostname) { *al = SSL_AD_UNRECOGNIZED_NAME; return 0; } } else { *al = SSL_AD_DECODE_ERROR; return 0; } } } *p = data; ri_check: /* Determine if we need to see RI. Strictly speaking if we want to * avoid an attack we should *always* see RI even on initial server * hello because the client doesn't see any renegotiation during an * attack. However this would mean we could not connect to any server * which doesn't support RI so for the immediate future tolerate RI * absence on initial connect only. */ if (!renegotiate_seen && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT) && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { *al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); return 0; } return 1; } int ssl_check_clienthello_tlsext_early(SSL *s) { int ret=SSL_TLSEXT_ERR_NOACK; int al = SSL_AD_UNRECOGNIZED_NAME; if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); switch (ret) { case SSL_TLSEXT_ERR_ALERT_FATAL: ssl3_send_alert(s, SSL3_AL_FATAL, al); return -1; case SSL_TLSEXT_ERR_ALERT_WARNING: ssl3_send_alert(s, SSL3_AL_WARNING, al); return 1; case SSL_TLSEXT_ERR_NOACK: s->servername_done = 0; default: return 1; } } int ssl_check_clienthello_tlsext_late(SSL *s) { int ret = SSL_TLSEXT_ERR_OK; int al; /* If status request then ask callback what to do. * Note: this must be called after servername callbacks in case * the certificate has changed, and must be called after the cipher * has been chosen because this may influence which certificate is sent */ if (s->tlsext_status_type != -1 && s->ctx && s->ctx->tlsext_status_cb) { int r; CERT_PKEY *certpkey; certpkey = ssl_get_server_send_pkey(s); /* If no certificate can't return certificate status */ if (certpkey == NULL) { s->tlsext_status_expected = 0; return 1; } /* Set current certificate to one we will use so * SSL_get_certificate et al can pick it up. */ s->cert->key = certpkey; r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); switch (r) { /* We don't want to send a status request response */ case SSL_TLSEXT_ERR_NOACK: s->tlsext_status_expected = 0; break; /* status request response should be sent */ case SSL_TLSEXT_ERR_OK: if (s->tlsext_ocsp_resp) s->tlsext_status_expected = 1; else s->tlsext_status_expected = 0; break; /* something bad happened */ case SSL_TLSEXT_ERR_ALERT_FATAL: ret = SSL_TLSEXT_ERR_ALERT_FATAL; al = SSL_AD_INTERNAL_ERROR; goto err; } } else s->tlsext_status_expected = 0; err: switch (ret) { case SSL_TLSEXT_ERR_ALERT_FATAL: ssl3_send_alert(s,SSL3_AL_FATAL,al); return -1; case SSL_TLSEXT_ERR_ALERT_WARNING: ssl3_send_alert(s,SSL3_AL_WARNING,al); return 1; default: return 1; } } int ssl_check_serverhello_tlsext(SSL *s) { int ret=SSL_TLSEXT_ERR_NOACK; int al = SSL_AD_UNRECOGNIZED_NAME; if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); /* If we've requested certificate status and we wont get one * tell the callback */ if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) && s->ctx->tlsext_status_cb) { int r; /* Set resp to NULL, resplen to -1 so callback knows * there is no response. */ if (s->tlsext_ocsp_resp) { OPENSSL_free(s->tlsext_ocsp_resp); s->tlsext_ocsp_resp = NULL; } s->tlsext_ocsp_resplen = -1; r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); if (r == 0) { al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; ret = SSL_TLSEXT_ERR_ALERT_FATAL; } if (r < 0) { al = SSL_AD_INTERNAL_ERROR; ret = SSL_TLSEXT_ERR_ALERT_FATAL; } } switch (ret) { case SSL_TLSEXT_ERR_ALERT_FATAL: ssl3_send_alert(s,SSL3_AL_FATAL,al); return -1; case SSL_TLSEXT_ERR_ALERT_WARNING: ssl3_send_alert(s,SSL3_AL_WARNING,al); return 1; case SSL_TLSEXT_ERR_NOACK: s->servername_done=0; default: return 1; } } /* Since the server cache lookup is done early on in the processing of client * hello and other operations depend on the result we need to handle any TLS * session ticket extension at the same time. */ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, const unsigned char *limit, SSL_SESSION **ret) { /* Point after session ID in client hello */ const unsigned char *p = session_id + len; unsigned short i; /* If tickets disabled behave as if no ticket present * to permit stateful resumption. */ if (SSL_get_options(s) & SSL_OP_NO_TICKET) return 1; if ((s->version <= SSL3_VERSION) || !limit) return 1; if (p >= limit) return -1; /* Skip past DTLS cookie */ if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { i = *(p++); p+= i; if (p >= limit) return -1; } /* Skip past cipher list */ n2s(p, i); p+= i; if (p >= limit) return -1; /* Skip past compression algorithm list */ i = *(p++); p += i; if (p > limit) return -1; /* Now at start of extensions */ if ((p + 2) >= limit) return 1; n2s(p, i); while ((p + 4) <= limit) { unsigned short type, size; n2s(p, type); n2s(p, size); if (p + size > limit) return 1; if (type == TLSEXT_TYPE_session_ticket) { /* If zero length note client will accept a ticket * and indicate cache miss to trigger full handshake */ if (size == 0) { s->tlsext_ticket_expected = 1; return 0; /* Cache miss */ } return tls_decrypt_ticket(s, p, size, session_id, len, ret); } p += size; } return 1; } static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, const unsigned char *sess_id, int sesslen, SSL_SESSION **psess) { SSL_SESSION *sess; unsigned char *sdec; const unsigned char *p; int slen, mlen, renew_ticket = 0; unsigned char tick_hmac[EVP_MAX_MD_SIZE]; HMAC_CTX hctx; EVP_CIPHER_CTX ctx; SSL_CTX *tctx = s->initial_ctx; /* Need at least keyname + iv + some encrypted data */ if (eticklen < 48) goto tickerr; /* Initialize session ticket encryption and HMAC contexts */ HMAC_CTX_init(&hctx); EVP_CIPHER_CTX_init(&ctx); if (tctx->tlsext_ticket_key_cb) { unsigned char *nctick = (unsigned char *)etick; int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, &ctx, &hctx, 0); if (rv < 0) return -1; if (rv == 0) goto tickerr; if (rv == 2) renew_ticket = 1; } else { /* Check key name matches */ if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) goto tickerr; HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, tlsext_tick_md(), NULL); EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, tctx->tlsext_tick_aes_key, etick + 16); } /* Attempt to process session ticket, first conduct sanity and * integrity checks on ticket. */ mlen = HMAC_size(&hctx); eticklen -= mlen; /* Check HMAC of encrypted ticket */ HMAC_Update(&hctx, etick, eticklen); HMAC_Final(&hctx, tick_hmac, NULL); HMAC_CTX_cleanup(&hctx); if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) + { + EVP_CIPHER_CTX_cleanup(&ctx); goto tickerr; + } /* Attempt to decrypt session data */ /* Move p after IV to start of encrypted ticket, update length */ p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx); sdec = OPENSSL_malloc(eticklen); if (!sdec) { EVP_CIPHER_CTX_cleanup(&ctx); return -1; } EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen); if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) goto tickerr; slen += mlen; EVP_CIPHER_CTX_cleanup(&ctx); p = sdec; sess = d2i_SSL_SESSION(NULL, &p, slen); OPENSSL_free(sdec); if (sess) { /* The session ID if non-empty is used by some clients to * detect that the ticket has been accepted. So we copy it to * the session structure. If it is empty set length to zero * as required by standard. */ if (sesslen) memcpy(sess->session_id, sess_id, sesslen); sess->session_id_length = sesslen; *psess = sess; s->tlsext_ticket_expected = renew_ticket; return 1; } /* If session decrypt failure indicate a cache miss and set state to * send a new ticket */ tickerr: s->tlsext_ticket_expected = 1; return 0; } #endif Index: releng/8.4/crypto/openssl/ssl/tls1.h =================================================================== --- releng/8.4/crypto/openssl/ssl/tls1.h (revision 273415) +++ releng/8.4/crypto/openssl/ssl/tls1.h (revision 273416) @@ -1,410 +1,417 @@ /* ssl/tls1.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * * Portions of the attached software ("Contribution") are developed by * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. * * The Contribution is licensed pursuant to the OpenSSL open source * license provided above. * * ECC cipher suite support in OpenSSL originally written by * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. * */ #ifndef HEADER_TLS1_H #define HEADER_TLS1_H #include #ifdef __cplusplus extern "C" { #endif #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 #define TLS1_VERSION 0x0301 +#define TLS1_1_VERSION 0x0302 +#define TLS1_2_VERSION 0x0303 +/* TLS 1.1 and 1.2 are not supported by this version of OpenSSL, so + * TLS_MAX_VERSION indicates TLS 1.0 regardless of the above + * definitions. (s23_clnt.c and s23_srvr.c have an OPENSSL_assert() + * check that would catch the error if TLS_MAX_VERSION was too low.) + */ +#define TLS_MAX_VERSION TLS1_VERSION + #define TLS1_VERSION_MAJOR 0x03 #define TLS1_VERSION_MINOR 0x01 #define TLS1_AD_DECRYPTION_FAILED 21 #define TLS1_AD_RECORD_OVERFLOW 22 #define TLS1_AD_UNKNOWN_CA 48 /* fatal */ #define TLS1_AD_ACCESS_DENIED 49 /* fatal */ #define TLS1_AD_DECODE_ERROR 50 /* fatal */ #define TLS1_AD_DECRYPT_ERROR 51 #define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */ #define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ #define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ +#define TLS1_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */ #define TLS1_AD_USER_CANCELLED 90 #define TLS1_AD_NO_RENEGOTIATION 100 /* codes 110-114 are from RFC3546 */ #define TLS1_AD_UNSUPPORTED_EXTENSION 110 #define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 #define TLS1_AD_UNRECOGNIZED_NAME 112 #define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 #define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ /* ExtensionType values from RFC 3546 */ #define TLSEXT_TYPE_server_name 0 #define TLSEXT_TYPE_max_fragment_length 1 #define TLSEXT_TYPE_client_certificate_url 2 #define TLSEXT_TYPE_trusted_ca_keys 3 #define TLSEXT_TYPE_truncated_hmac 4 #define TLSEXT_TYPE_status_request 5 #define TLSEXT_TYPE_elliptic_curves 10 #define TLSEXT_TYPE_ec_point_formats 11 #define TLSEXT_TYPE_session_ticket 35 /* Temporary extension type */ #define TLSEXT_TYPE_renegotiate 0xff01 /* NameType value from RFC 3546 */ #define TLSEXT_NAMETYPE_host_name 0 /* status request value from RFC 3546 */ #define TLSEXT_STATUSTYPE_ocsp 1 #ifndef OPENSSL_NO_TLSEXT #define TLSEXT_MAXLEN_host_name 255 const char *SSL_get_servername(const SSL *s, const int type) ; int SSL_get_servername_type(const SSL *s) ; #define SSL_set_tlsext_host_name(s,name) \ SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) #define SSL_set_tlsext_debug_callback(ssl, cb) \ SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) #define SSL_set_tlsext_debug_arg(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) #define SSL_set_tlsext_status_type(ssl, type) \ SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) #define SSL_get_tlsext_status_exts(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) #define SSL_set_tlsext_status_exts(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) #define SSL_get_tlsext_status_ids(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) #define SSL_set_tlsext_status_ids(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) #define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg) #define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg) #define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) #define SSL_TLSEXT_ERR_OK 0 #define SSL_TLSEXT_ERR_ALERT_WARNING 1 #define SSL_TLSEXT_ERR_ALERT_FATAL 2 #define SSL_TLSEXT_ERR_NOACK 3 #define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) #define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys)) #define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys)) #define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) #define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #endif /* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably * shouldn't. */ #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 #define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 #define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 /* AES ciphersuites from RFC3268 */ #define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F #define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 #define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 #define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 #define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 #define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 #define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 #define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 #define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 #define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 #define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A /* Camellia ciphersuites from RFC4132 */ #define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 #define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 #define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 #define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 #define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 #define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 #define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 #define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 #define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 #define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 /* SEED ciphersuites from RFC4162 */ #define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 #define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 #define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 #define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 #define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A #define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B /* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */ #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 #define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 #define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 #define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 #define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 #define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A #define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B #define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C #define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D #define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E #define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F #define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 #define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 #define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 #define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 #define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 #define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 #define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 #define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 #define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 #define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 /* XXX * Inconsistency alert: * The OpenSSL names of ciphers with ephemeral DH here include the string * "DHE", while elsewhere it has always been "EDH". * (The alias for the list of all such ciphers also is "EDH".) * The specifications speak of "EDH"; maybe we should allow both forms * for everything. */ #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" #define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" #define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA" #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA" #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" #define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" /* AES ciphersuites from RFC3268 */ #define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" #define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" #define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" #define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" #define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" #define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" #define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" #define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" #define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" #define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" #define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" #define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" /* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ #define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" #define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" #define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" #define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" #define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" #define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" #define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" #define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" #define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" #define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" #define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" #define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" #define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" #define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" #define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" #define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" #define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" #define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" #define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" #define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" #define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" #define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" /* Camellia ciphersuites from RFC4132 */ #define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" #define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" #define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" #define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" #define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" #define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" /* SEED ciphersuites from RFC4162 */ #define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" #define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" #define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" #define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" #define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" #define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" #define TLS_CT_RSA_SIGN 1 #define TLS_CT_DSS_SIGN 2 #define TLS_CT_RSA_FIXED_DH 3 #define TLS_CT_DSS_FIXED_DH 4 #define TLS_CT_ECDSA_SIGN 64 #define TLS_CT_RSA_FIXED_ECDH 65 #define TLS_CT_ECDSA_FIXED_ECDH 66 #define TLS_CT_NUMBER 7 #define TLS1_FINISH_MAC_LENGTH 12 #define TLS_MD_MAX_CONST_SIZE 20 #define TLS_MD_CLIENT_FINISH_CONST "client finished" #define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 #define TLS_MD_SERVER_FINISH_CONST "server finished" #define TLS_MD_SERVER_FINISH_CONST_SIZE 15 #define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" #define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 #define TLS_MD_KEY_EXPANSION_CONST "key expansion" #define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 #define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" #define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 #define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" #define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 #define TLS_MD_IV_BLOCK_CONST "IV block" #define TLS_MD_IV_BLOCK_CONST_SIZE 8 #define TLS_MD_MASTER_SECRET_CONST "master secret" #define TLS_MD_MASTER_SECRET_CONST_SIZE 13 #ifdef CHARSET_EBCDIC #undef TLS_MD_CLIENT_FINISH_CONST #define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*client finished*/ #undef TLS_MD_SERVER_FINISH_CONST #define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*server finished*/ #undef TLS_MD_SERVER_WRITE_KEY_CONST #define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/ #undef TLS_MD_KEY_EXPANSION_CONST #define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" /*key expansion*/ #undef TLS_MD_CLIENT_WRITE_KEY_CONST #define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*client write key*/ #undef TLS_MD_SERVER_WRITE_KEY_CONST #define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/ #undef TLS_MD_IV_BLOCK_CONST #define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" /*IV block*/ #undef TLS_MD_MASTER_SECRET_CONST #define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/ #endif #ifdef __cplusplus } #endif #endif - - - Index: releng/8.4/sbin/routed/input.c =================================================================== --- releng/8.4/sbin/routed/input.c (revision 273415) +++ releng/8.4/sbin/routed/input.c (revision 273416) @@ -1,1013 +1,1017 @@ /* * Copyright (c) 1983, 1988, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #include "defs.h" #ifdef __NetBSD__ __RCSID("$NetBSD$"); #elif defined(__FreeBSD__) __RCSID("$FreeBSD$"); #else __RCSID("$Revision: 2.26 $"); #ident "$Revision: 2.26 $" #endif static void input(struct sockaddr_in *, struct interface *, struct interface *, struct rip *, int); static void input_route(naddr, naddr, struct rt_spare *, struct netinfo *); static int ck_passwd(struct interface *, struct rip *, void *, naddr, struct msg_limit *); /* process RIP input */ void read_rip(int sock, struct interface *sifp) { struct sockaddr_in from; struct interface *aifp; socklen_t fromlen; int cc; #ifdef USE_PASSIFNAME static struct msg_limit bad_name; struct { char ifname[IFNAMSIZ]; union pkt_buf pbuf; } inbuf; #else struct { union pkt_buf pbuf; } inbuf; #endif for (;;) { fromlen = sizeof(from); cc = recvfrom(sock, &inbuf, sizeof(inbuf), 0, (struct sockaddr*)&from, &fromlen); if (cc <= 0) { if (cc < 0 && errno != EWOULDBLOCK) LOGERR("recvfrom(rip)"); break; } if (fromlen != sizeof(struct sockaddr_in)) logbad(1,"impossible recvfrom(rip) fromlen=%d", (int)fromlen); /* aifp is the "authenticated" interface via which the packet * arrived. In fact, it is only the interface on which * the packet should have arrived based on is source * address. * sifp is interface associated with the socket through which * the packet was received. */ #ifdef USE_PASSIFNAME if ((cc -= sizeof(inbuf.ifname)) < 0) logbad(0,"missing USE_PASSIFNAME; only %d bytes", cc+sizeof(inbuf.ifname)); /* check the remote interfaces first */ LIST_FOREACH(aifp, &remote_if, remote_list) { if (aifp->int_addr == from.sin_addr.s_addr) break; } if (aifp == 0) { aifp = ifwithname(inbuf.ifname, 0); if (aifp == 0) { msglim(&bad_name, from.sin_addr.s_addr, "impossible interface name %.*s", IFNAMSIZ, inbuf.ifname); } else if (((aifp->int_if_flags & IFF_POINTOPOINT) && aifp->int_dstaddr!=from.sin_addr.s_addr) || (!(aifp->int_if_flags & IFF_POINTOPOINT) && !on_net(from.sin_addr.s_addr, aifp->int_net, aifp->int_mask))) { /* If it came via the wrong interface, do not * trust it. */ aifp = 0; } } #else aifp = iflookup(from.sin_addr.s_addr); #endif if (sifp == 0) sifp = aifp; input(&from, sifp, aifp, &inbuf.pbuf.rip, cc); } } /* Process a RIP packet */ static void input(struct sockaddr_in *from, /* received from this IP address */ struct interface *sifp, /* interface of incoming socket */ struct interface *aifp, /* "authenticated" interface */ struct rip *rip, int cc) { # define FROM_NADDR from->sin_addr.s_addr static struct msg_limit use_auth, bad_len, bad_mask; static struct msg_limit unk_router, bad_router, bad_nhop; struct rt_entry *rt; struct rt_spare new; struct netinfo *n, *lim; struct interface *ifp1; naddr gate, mask, v1_mask, dst, ddst_h = 0; struct auth *ap; struct tgate *tg = 0; struct tgate_net *tn; int i, j; /* Notice when we hear from a remote gateway */ if (aifp != 0 && (aifp->int_state & IS_REMOTE)) aifp->int_act_time = now.tv_sec; trace_rip("Recv", "from", from, sifp, rip, cc); if (rip->rip_vers == 0) { msglim(&bad_router, FROM_NADDR, "RIP version 0, cmd %d, packet received from %s", rip->rip_cmd, naddr_ntoa(FROM_NADDR)); return; } else if (rip->rip_vers > RIPv2) { rip->rip_vers = RIPv2; } if (cc > (int)OVER_MAXPACKETSIZE) { msglim(&bad_router, FROM_NADDR, "packet at least %d bytes too long received from %s", cc-MAXPACKETSIZE, naddr_ntoa(FROM_NADDR)); return; } n = rip->rip_nets; lim = (struct netinfo *)((char*)rip + cc); /* Notice authentication. * As required by section 4.2 in RFC 1723, discard authenticated * RIPv2 messages, but only if configured for that silliness. * * RIPv2 authentication is lame. Why authenticate queries? * Why should a RIPv2 implementation with authentication disabled * not be able to listen to RIPv2 packets with authentication, while * RIPv1 systems will listen? Crazy! */ if (!auth_ok && rip->rip_vers == RIPv2 && n < lim && n->n_family == RIP_AF_AUTH) { msglim(&use_auth, FROM_NADDR, "RIPv2 message with authentication from %s discarded", naddr_ntoa(FROM_NADDR)); return; } switch (rip->rip_cmd) { case RIPCMD_REQUEST: /* For mere requests, be a little sloppy about the source */ if (aifp == 0) aifp = sifp; /* Are we talking to ourself or a remote gateway? */ ifp1 = ifwithaddr(FROM_NADDR, 0, 1); if (ifp1) { if (ifp1->int_state & IS_REMOTE) { /* remote gateway */ aifp = ifp1; if (check_remote(aifp)) { aifp->int_act_time = now.tv_sec; (void)if_ok(aifp, "remote "); } } else if (from->sin_port == htons(RIP_PORT)) { trace_pkt(" discard our own RIP request"); return; } } /* did the request come from a router? */ if (from->sin_port == htons(RIP_PORT)) { /* yes, ignore the request if RIP is off so that * the router does not depend on us. */ if (rip_sock < 0 || (aifp != 0 && IS_RIP_OUT_OFF(aifp->int_state))) { trace_pkt(" discard request while RIP off"); return; } } /* According to RFC 1723, we should ignore unauthenticated * queries. That is too silly to bother with. Sheesh! * Are forwarding tables supposed to be secret, when * a bad guy can infer them with test traffic? When RIP * is still the most common router-discovery protocol * and so hosts need to send queries that will be answered? * What about `rtquery`? * Maybe on firewalls you'd care, but not enough to * give up the diagnostic facilities of remote probing. */ if (n >= lim) { msglim(&bad_len, FROM_NADDR, "empty request from %s", naddr_ntoa(FROM_NADDR)); return; } if (cc%sizeof(*n) != sizeof(struct rip)%sizeof(*n)) { msglim(&bad_len, FROM_NADDR, "request of bad length (%d) from %s", cc, naddr_ntoa(FROM_NADDR)); } if (rip->rip_vers == RIPv2 && (aifp == 0 || (aifp->int_state & IS_NO_RIPV1_OUT))) { v12buf.buf->rip_vers = RIPv2; /* If we have a secret but it is a cleartext secret, * do not disclose our secret unless the other guy * already knows it. */ ap = find_auth(aifp); if (ap != 0 && ap->type == RIP_AUTH_PW && n->n_family == RIP_AF_AUTH && !ck_passwd(aifp,rip,lim,FROM_NADDR,&use_auth)) ap = 0; } else { v12buf.buf->rip_vers = RIPv1; ap = 0; } clr_ws_buf(&v12buf, ap); do { n->n_metric = ntohl(n->n_metric); /* A single entry with family RIP_AF_UNSPEC and * metric HOPCNT_INFINITY means "all routes". * We respond to routers only if we are acting * as a supplier, or to anyone other than a router * (i.e. a query). */ if (n->n_family == RIP_AF_UNSPEC && n->n_metric == HOPCNT_INFINITY) { /* Answer a query from a utility program * with all we know. */ + if (aifp == NULL) { + trace_pkt("ignore remote query"); + return; + } if (from->sin_port != htons(RIP_PORT)) { supply(from, aifp, OUT_QUERY, 0, rip->rip_vers, ap != 0); return; } /* A router trying to prime its tables. * Filter the answer in the about same way * broadcasts are filtered. * * Only answer a router if we are a supplier * to keep an unwary host that is just starting * from picking us as a router. */ if (aifp == 0) { trace_pkt("ignore distant router"); return; } if (!supplier || IS_RIP_OFF(aifp->int_state)) { trace_pkt("ignore; not supplying"); return; } /* Do not answer a RIPv1 router if * we are sending RIPv2. But do offer * poor man's router discovery. */ if ((aifp->int_state & IS_NO_RIPV1_OUT) && rip->rip_vers == RIPv1) { if (!(aifp->int_state & IS_PM_RDISC)) { trace_pkt("ignore; sending RIPv2"); return; } v12buf.n->n_family = RIP_AF_INET; v12buf.n->n_dst = RIP_DEFAULT; i = aifp->int_d_metric; if (0 != (rt = rtget(RIP_DEFAULT, 0))) { j = (rt->rt_metric +aifp->int_metric +aifp->int_adj_outmetric +1); if (i > j) i = j; } v12buf.n->n_metric = htonl(i); v12buf.n++; break; } /* Respond with RIPv1 instead of RIPv2 if * that is what we are broadcasting on the * interface to keep the remote router from * getting the wrong initial idea of the * routes we send. */ supply(from, aifp, OUT_UNICAST, 0, (aifp->int_state & IS_NO_RIPV1_OUT) ? RIPv2 : RIPv1, ap != 0); return; } /* Ignore authentication */ if (n->n_family == RIP_AF_AUTH) continue; if (n->n_family != RIP_AF_INET) { msglim(&bad_router, FROM_NADDR, "request from %s for unsupported" " (af %d) %s", naddr_ntoa(FROM_NADDR), ntohs(n->n_family), naddr_ntoa(n->n_dst)); return; } /* We are being asked about a specific destination. */ dst = n->n_dst; if (!check_dst(dst)) { msglim(&bad_router, FROM_NADDR, "bad queried destination %s from %s", naddr_ntoa(dst), naddr_ntoa(FROM_NADDR)); return; } /* decide what mask was intended */ if (rip->rip_vers == RIPv1 || 0 == (mask = ntohl(n->n_mask)) || 0 != (ntohl(dst) & ~mask)) mask = ripv1_mask_host(dst, aifp); /* try to find the answer */ rt = rtget(dst, mask); if (!rt && dst != RIP_DEFAULT) rt = rtfind(n->n_dst); if (v12buf.buf->rip_vers != RIPv1) v12buf.n->n_mask = mask; if (rt == 0) { /* we do not have the answer */ v12buf.n->n_metric = HOPCNT_INFINITY; } else { /* we have the answer, so compute the * right metric and next hop. */ v12buf.n->n_family = RIP_AF_INET; v12buf.n->n_dst = dst; j = rt->rt_metric+1; if (!aifp) ++j; else j += (aifp->int_metric + aifp->int_adj_outmetric); if (j < HOPCNT_INFINITY) v12buf.n->n_metric = j; else v12buf.n->n_metric = HOPCNT_INFINITY; if (v12buf.buf->rip_vers != RIPv1) { v12buf.n->n_tag = rt->rt_tag; v12buf.n->n_mask = mask; if (aifp != 0 && on_net(rt->rt_gate, aifp->int_net, aifp->int_mask) && rt->rt_gate != aifp->int_addr) v12buf.n->n_nhop = rt->rt_gate; } } v12buf.n->n_metric = htonl(v12buf.n->n_metric); /* Stop paying attention if we fill the output buffer. */ if (++v12buf.n >= v12buf.lim) break; } while (++n < lim); /* Send the answer about specific routes. */ if (ap != 0 && ap->type == RIP_AUTH_MD5) end_md5_auth(&v12buf, ap); if (from->sin_port != htons(RIP_PORT)) { /* query */ (void)output(OUT_QUERY, from, aifp, v12buf.buf, ((char *)v12buf.n - (char*)v12buf.buf)); } else if (supplier) { (void)output(OUT_UNICAST, from, aifp, v12buf.buf, ((char *)v12buf.n - (char*)v12buf.buf)); } else { /* Only answer a router if we are a supplier * to keep an unwary host that is just starting * from picking us an a router. */ ; } return; case RIPCMD_TRACEON: case RIPCMD_TRACEOFF: /* Notice that trace messages are turned off for all possible * abuse if _PATH_TRACE is undefined in pathnames.h. * Notice also that because of the way the trace file is * handled in trace.c, no abuse is plausible even if * _PATH_TRACE_ is defined. * * First verify message came from a privileged port. */ if (ntohs(from->sin_port) > IPPORT_RESERVED) { msglog("trace command from untrusted port on %s", naddr_ntoa(FROM_NADDR)); return; } if (aifp == 0) { msglog("trace command from unknown router %s", naddr_ntoa(FROM_NADDR)); return; } if (rip->rip_cmd == RIPCMD_TRACEON) { rip->rip_tracefile[cc-4] = '\0'; set_tracefile((char*)rip->rip_tracefile, "trace command: %s\n", 0); } else { trace_off("tracing turned off by %s", naddr_ntoa(FROM_NADDR)); } return; case RIPCMD_RESPONSE: if (cc%sizeof(*n) != sizeof(struct rip)%sizeof(*n)) { msglim(&bad_len, FROM_NADDR, "response of bad length (%d) from %s", cc, naddr_ntoa(FROM_NADDR)); } /* verify message came from a router */ if (from->sin_port != ntohs(RIP_PORT)) { msglim(&bad_router, FROM_NADDR, " discard RIP response from unknown port" " %d on %s", ntohs(from->sin_port), naddr_ntoa(FROM_NADDR)); return; } if (rip_sock < 0) { trace_pkt(" discard response while RIP off"); return; } /* Are we talking to ourself or a remote gateway? */ ifp1 = ifwithaddr(FROM_NADDR, 0, 1); if (ifp1) { if (ifp1->int_state & IS_REMOTE) { /* remote gateway */ aifp = ifp1; if (check_remote(aifp)) { aifp->int_act_time = now.tv_sec; (void)if_ok(aifp, "remote "); } } else { trace_pkt(" discard our own RIP response"); return; } } /* Accept routing packets from routers directly connected * via broadcast or point-to-point networks, and from * those listed in /etc/gateways. */ if (aifp == 0) { msglim(&unk_router, FROM_NADDR, " discard response from %s" " via unexpected interface", naddr_ntoa(FROM_NADDR)); return; } if (IS_RIP_IN_OFF(aifp->int_state)) { trace_pkt(" discard RIPv%d response" " via disabled interface %s", rip->rip_vers, aifp->int_name); return; } if (n >= lim) { msglim(&bad_len, FROM_NADDR, "empty response from %s", naddr_ntoa(FROM_NADDR)); return; } if (((aifp->int_state & IS_NO_RIPV1_IN) && rip->rip_vers == RIPv1) || ((aifp->int_state & IS_NO_RIPV2_IN) && rip->rip_vers != RIPv1)) { trace_pkt(" discard RIPv%d response", rip->rip_vers); return; } /* Ignore routes via dead interface. */ if (aifp->int_state & IS_BROKE) { trace_pkt("discard response via broken interface %s", aifp->int_name); return; } /* If the interface cares, ignore bad routers. * Trace but do not log this problem, because where it * happens, it happens frequently. */ if (aifp->int_state & IS_DISTRUST) { tg = tgates; while (tg->tgate_addr != FROM_NADDR) { tg = tg->tgate_next; if (tg == 0) { trace_pkt(" discard RIP response" " from untrusted router %s", naddr_ntoa(FROM_NADDR)); return; } } } /* Authenticate the packet if we have a secret. * If we do not have any secrets, ignore the error in * RFC 1723 and accept it regardless. */ if (aifp->int_auth[0].type != RIP_AUTH_NONE && rip->rip_vers != RIPv1 && !ck_passwd(aifp,rip,lim,FROM_NADDR,&use_auth)) return; do { if (n->n_family == RIP_AF_AUTH) continue; n->n_metric = ntohl(n->n_metric); dst = n->n_dst; if (n->n_family != RIP_AF_INET && (n->n_family != RIP_AF_UNSPEC || dst != RIP_DEFAULT)) { msglim(&bad_router, FROM_NADDR, "route from %s to unsupported" " address family=%d destination=%s", naddr_ntoa(FROM_NADDR), n->n_family, naddr_ntoa(dst)); continue; } if (!check_dst(dst)) { msglim(&bad_router, FROM_NADDR, "bad destination %s from %s", naddr_ntoa(dst), naddr_ntoa(FROM_NADDR)); return; } if (n->n_metric == 0 || n->n_metric > HOPCNT_INFINITY) { msglim(&bad_router, FROM_NADDR, "bad metric %d from %s" " for destination %s", n->n_metric, naddr_ntoa(FROM_NADDR), naddr_ntoa(dst)); return; } /* Notice the next-hop. */ gate = FROM_NADDR; if (n->n_nhop != 0) { if (rip->rip_vers == RIPv1) { n->n_nhop = 0; } else { /* Use it only if it is valid. */ if (on_net(n->n_nhop, aifp->int_net, aifp->int_mask) && check_dst(n->n_nhop)) { gate = n->n_nhop; } else { msglim(&bad_nhop, FROM_NADDR, "router %s to %s" " has bad next hop %s", naddr_ntoa(FROM_NADDR), naddr_ntoa(dst), naddr_ntoa(n->n_nhop)); n->n_nhop = 0; } } } if (rip->rip_vers == RIPv1 || 0 == (mask = ntohl(n->n_mask))) { mask = ripv1_mask_host(dst,aifp); } else if ((ntohl(dst) & ~mask) != 0) { msglim(&bad_mask, FROM_NADDR, "router %s sent bad netmask" " %#lx with %s", naddr_ntoa(FROM_NADDR), (u_long)mask, naddr_ntoa(dst)); continue; } if (rip->rip_vers == RIPv1) n->n_tag = 0; /* Adjust metric according to incoming interface.. */ n->n_metric += (aifp->int_metric + aifp->int_adj_inmetric); if (n->n_metric > HOPCNT_INFINITY) n->n_metric = HOPCNT_INFINITY; /* Should we trust this route from this router? */ if (tg && (tn = tg->tgate_nets)->mask != 0) { for (i = 0; i < MAX_TGATE_NETS; i++, tn++) { if (on_net(dst, tn->net, tn->mask) && tn->mask <= mask) break; } if (i >= MAX_TGATE_NETS || tn->mask == 0) { trace_pkt(" ignored unauthorized %s", addrname(dst,mask,0)); continue; } } /* Recognize and ignore a default route we faked * which is being sent back to us by a machine with * broken split-horizon. * Be a little more paranoid than that, and reject * default routes with the same metric we advertised. */ if (aifp->int_d_metric != 0 && dst == RIP_DEFAULT && (int)n->n_metric >= aifp->int_d_metric) continue; /* We can receive aggregated RIPv2 routes that must * be broken down before they are transmitted by * RIPv1 via an interface on a subnet. * We might also receive the same routes aggregated * via other RIPv2 interfaces. * This could cause duplicate routes to be sent on * the RIPv1 interfaces. "Longest matching variable * length netmasks" lets RIPv2 listeners understand, * but breaking down the aggregated routes for RIPv1 * listeners can produce duplicate routes. * * Breaking down aggregated routes here bloats * the daemon table, but does not hurt the kernel * table, since routes are always aggregated for * the kernel. * * Notice that this does not break down network * routes corresponding to subnets. This is part * of the defense against RS_NET_SYN. */ if (have_ripv1_out && (((rt = rtget(dst,mask)) == 0 || !(rt->rt_state & RS_NET_SYN))) && (v1_mask = ripv1_mask_net(dst,0)) > mask) { ddst_h = v1_mask & -v1_mask; i = (v1_mask & ~mask)/ddst_h; if (i >= 511) { /* Punt if we would have to generate * an unreasonable number of routes. */ if (TRACECONTENTS) trace_misc("accept %s-->%s as 1" " instead of %d routes", addrname(dst,mask,0), naddr_ntoa(FROM_NADDR), i+1); i = 0; } else { mask = v1_mask; } } else { i = 0; } new.rts_gate = gate; new.rts_router = FROM_NADDR; new.rts_metric = n->n_metric; new.rts_tag = n->n_tag; new.rts_time = now.tv_sec; new.rts_ifp = aifp; new.rts_de_ag = i; j = 0; for (;;) { input_route(dst, mask, &new, n); if (++j > i) break; dst = htonl(ntohl(dst) + ddst_h); } } while (++n < lim); break; } #undef FROM_NADDR } /* Process a single input route. */ static void input_route(naddr dst, /* network order */ naddr mask, struct rt_spare *new, struct netinfo *n) { int i; struct rt_entry *rt; struct rt_spare *rts, *rts0; struct interface *ifp1; /* See if the other guy is telling us to send our packets to him. * Sometimes network routes arrive over a point-to-point link for * the network containing the address(es) of the link. * * If our interface is broken, switch to using the other guy. */ ifp1 = ifwithaddr(dst, 1, 1); if (ifp1 != 0 && (!(ifp1->int_state & IS_BROKE) || (ifp1->int_state & IS_PASSIVE))) return; /* Look for the route in our table. */ rt = rtget(dst, mask); /* Consider adding the route if we do not already have it. */ if (rt == 0) { /* Ignore unknown routes being poisoned. */ if (new->rts_metric == HOPCNT_INFINITY) return; /* Ignore the route if it points to us */ if (n->n_nhop != 0 && 0 != ifwithaddr(n->n_nhop, 1, 0)) return; /* If something has not gone crazy and tried to fill * our memory, accept the new route. */ if (total_routes < MAX_ROUTES) rtadd(dst, mask, 0, new); return; } /* We already know about the route. Consider this update. * * If (rt->rt_state & RS_NET_SYN), then this route * is the same as a network route we have inferred * for subnets we know, in order to tell RIPv1 routers * about the subnets. * * It is impossible to tell if the route is coming * from a distant RIPv2 router with the standard * netmask because that router knows about the entire * network, or if it is a round-about echo of a * synthetic, RIPv1 network route of our own. * The worst is that both kinds of routes might be * received, and the bad one might have the smaller * metric. Partly solve this problem by never * aggregating into such a route. Also keep it * around as long as the interface exists. */ rts0 = rt->rt_spares; for (rts = rts0, i = NUM_SPARES; i != 0; i--, rts++) { if (rts->rts_router == new->rts_router) break; /* Note the worst slot to reuse, * other than the current slot. */ if (rts0 == rt->rt_spares || BETTER_LINK(rt, rts0, rts)) rts0 = rts; } if (i != 0) { /* Found a route from the router already in the table. */ /* If the new route is a route broken down from an * aggregated route, and if the previous route is either * not a broken down route or was broken down from a finer * netmask, and if the previous route is current, * then forget this one. */ if (new->rts_de_ag > rts->rts_de_ag && now_stale <= rts->rts_time) return; /* Keep poisoned routes around only long enough to pass * the poison on. Use a new timestamp for good routes. */ if (rts->rts_metric == HOPCNT_INFINITY && new->rts_metric == HOPCNT_INFINITY) new->rts_time = rts->rts_time; /* If this is an update for the router we currently prefer, * then note it. */ if (i == NUM_SPARES) { rtchange(rt, rt->rt_state, new, 0); /* If the route got worse, check for something better. */ if (new->rts_metric > rts->rts_metric) rtswitch(rt, 0); return; } /* This is an update for a spare route. * Finished if the route is unchanged. */ if (rts->rts_gate == new->rts_gate && rts->rts_metric == new->rts_metric && rts->rts_tag == new->rts_tag) { trace_upslot(rt, rts, new); *rts = *new; return; } /* Forget it if it has gone bad. */ if (new->rts_metric == HOPCNT_INFINITY) { rts_delete(rt, rts); return; } } else { /* The update is for a route we know about, * but not from a familiar router. * * Ignore the route if it points to us. */ if (n->n_nhop != 0 && 0 != ifwithaddr(n->n_nhop, 1, 0)) return; /* the loop above set rts0=worst spare */ rts = rts0; /* Save the route as a spare only if it has * a better metric than our worst spare. * This also ignores poisoned routes (those * received with metric HOPCNT_INFINITY). */ if (new->rts_metric >= rts->rts_metric) return; } trace_upslot(rt, rts, new); *rts = *new; /* try to switch to a better route */ rtswitch(rt, rts); } static int /* 0 if bad */ ck_passwd(struct interface *aifp, struct rip *rip, void *lim, naddr from, struct msg_limit *use_authp) { # define NA (rip->rip_auths) struct netauth *na2; struct auth *ap; MD5_CTX md5_ctx; u_char hash[RIP_AUTH_PW_LEN]; int i, len; assert(aifp != NULL); if ((void *)NA >= lim || NA->a_family != RIP_AF_AUTH) { msglim(use_authp, from, "missing password from %s", naddr_ntoa(from)); return 0; } /* accept any current (+/- 24 hours) password */ for (ap = aifp->int_auth, i = 0; i < MAX_AUTH_KEYS; i++, ap++) { if (ap->type != NA->a_type || (u_long)ap->start > (u_long)clk.tv_sec+DAY || (u_long)ap->end+DAY < (u_long)clk.tv_sec) continue; if (NA->a_type == RIP_AUTH_PW) { if (!memcmp(NA->au.au_pw, ap->key, RIP_AUTH_PW_LEN)) return 1; } else { /* accept MD5 secret with the right key ID */ if (NA->au.a_md5.md5_keyid != ap->keyid) continue; len = ntohs(NA->au.a_md5.md5_pkt_len); if ((len-sizeof(*rip)) % sizeof(*NA) != 0 || len != (char *)lim-(char*)rip-(int)sizeof(*NA)) { msglim(use_authp, from, "wrong MD5 RIPv2 packet length of %d" " instead of %d from %s", len, (int)((char *)lim-(char *)rip -sizeof(*NA)), naddr_ntoa(from)); return 0; } na2 = (struct netauth *)((char *)rip+len); /* Given a good hash value, these are not security * problems so be generous and accept the routes, * after complaining. */ if (TRACEPACKETS) { if (NA->au.a_md5.md5_auth_len != RIP_AUTH_MD5_HASH_LEN) msglim(use_authp, from, "unknown MD5 RIPv2 auth len %#x" " instead of %#x from %s", NA->au.a_md5.md5_auth_len, (unsigned)RIP_AUTH_MD5_HASH_LEN, naddr_ntoa(from)); if (na2->a_family != RIP_AF_AUTH) msglim(use_authp, from, "unknown MD5 RIPv2 family %#x" " instead of %#x from %s", na2->a_family, RIP_AF_AUTH, naddr_ntoa(from)); if (na2->a_type != ntohs(1)) msglim(use_authp, from, "MD5 RIPv2 hash has %#x" " instead of %#x from %s", na2->a_type, ntohs(1), naddr_ntoa(from)); } MD5Init(&md5_ctx); MD5Update(&md5_ctx, (u_char *)rip, len + RIP_AUTH_MD5_HASH_XTRA); MD5Update(&md5_ctx, ap->key, RIP_AUTH_MD5_KEY_LEN); MD5Final(hash, &md5_ctx); if (!memcmp(hash, na2->au.au_pw, sizeof(hash))) return 1; } } msglim(use_authp, from, "bad password from %s", naddr_ntoa(from)); return 0; #undef NA } Index: releng/8.4/sys/conf/newvers.sh =================================================================== --- releng/8.4/sys/conf/newvers.sh (revision 273415) +++ releng/8.4/sys/conf/newvers.sh (revision 273416) @@ -1,152 +1,152 @@ #!/bin/sh - # # Copyright (c) 1984, 1986, 1990, 1993 # The Regents of the University of California. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 4. Neither the name of the University nor the names of its contributors # may be used to endorse or promote products derived from this software # without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # @(#)newvers.sh 8.1 (Berkeley) 4/20/94 # $FreeBSD$ TYPE="FreeBSD" REVISION="8.4" -BRANCH="RELEASE-p16" +BRANCH="RELEASE-p17" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi RELEASE="${REVISION}-${BRANCH}" VERSION="${TYPE} ${RELEASE}" SYSDIR=$(dirname $0)/.. if [ "X${PARAMFILE}" != "X" ]; then RELDATE=$(awk '/__FreeBSD_version.*propagated to newvers/ {print $3}' \ ${PARAMFILE}) else RELDATE=$(awk '/__FreeBSD_version.*propagated to newvers/ {print $3}' \ ${SYSDIR}/sys/param.h) fi b=share/examples/etc/bsd-style-copyright year=`date '+%Y'` # look for copyright template for bsd_copyright in ../$b ../../$b ../../../$b /usr/src/$b /usr/$b do if [ -r "$bsd_copyright" ]; then COPYRIGHT=`sed \ -e "s/\[year\]/1992-$year/" \ -e 's/\[your name here\]\.* /The FreeBSD Project./' \ -e 's/\[your name\]\.*/The FreeBSD Project./' \ -e '/\[id for your version control system, if any\]/d' \ $bsd_copyright` break fi done # no copyright found, use a dummy if [ X"$COPYRIGHT" = X ]; then COPYRIGHT="/*- * Copyright (c) 1992-$year The FreeBSD Project. * All rights reserved. * */" fi # add newline COPYRIGHT="$COPYRIGHT " LC_ALL=C; export LC_ALL if [ ! -r version ] then echo 0 > version fi touch version v=`cat version` u=${USER:-root} d=`pwd` h=${HOSTNAME:-`hostname`} t=`date` i=`${MAKE:-make} -V KERN_IDENT` compiler_v=$($(${MAKE:-make} -V CC) -v 2>&1 | grep 'version') for dir in /bin /usr/bin /usr/local/bin; do if [ -x "${dir}/svnversion" ] ; then svnversion=${dir}/svnversion break fi done if [ -d "${SYSDIR}/../.git" ] ; then for dir in /bin /usr/bin /usr/local/bin; do if [ -x "${dir}/git" ] ; then git_cmd="${dir}/git --git-dir=${SYSDIR}/../.git" break fi done fi if [ -n "$svnversion" ] ; then echo "$svnversion" svn=`cd ${SYSDIR} && $svnversion` case "$svn" in [0-9]*) svn=" r${svn}" ;; *) unset svn ;; esac fi if [ -n "$git_cmd" ] ; then git=`$git_cmd rev-parse --verify --short HEAD 2>/dev/null` svn=`$git_cmd svn find-rev $git 2>/dev/null` if [ -n "$svn" ] ; then svn=" r${svn}" git="=${git}" else svn=`$git_cmd log | fgrep 'git-svn-id:' | head -1 | \ sed -n 's/^.*@\([0-9][0-9]*\).*$/\1/p'` if [ -n $svn ] ; then svn=" r${svn}" git="+${git}" else git=" ${git}" fi fi if $git_cmd --work-tree=${SYSDIR}/.. diff-index \ --name-only HEAD | read dummy; then git="${git}-dirty" fi fi cat << EOF > vers.c $COPYRIGHT #define SCCSSTR "@(#)${VERSION} #${v}${svn}${git}: ${t}" #define VERSTR "${VERSION} #${v}${svn}${git}: ${t}\\n ${u}@${h}:${d}\\n" #define RELSTR "${RELEASE}" char sccs[sizeof(SCCSSTR) > 128 ? sizeof(SCCSSTR) : 128] = SCCSSTR; char version[sizeof(VERSTR) > 256 ? sizeof(VERSTR) : 256] = VERSTR; char compiler_version[] = "${compiler_v}"; char ostype[] = "${TYPE}"; char osrelease[sizeof(RELSTR) > 32 ? sizeof(RELSTR) : 32] = RELSTR; int osreldate = ${RELDATE}; char kern_ident[] = "${i}"; EOF echo $((v + 1)) > version