1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay@cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay@cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] 56 */ 57/* ==================================================================== 58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 59 * 60 * Redistribution and use in source and binary forms, with or without 61 * modification, are permitted provided that the following conditions 62 * are met: 63 * 64 * 1. Redistributions of source code must retain the above copyright 65 * notice, this list of conditions and the following disclaimer. 66 * 67 * 2. Redistributions in binary form must reproduce the above copyright 68 * notice, this list of conditions and the following disclaimer in 69 * the documentation and/or other materials provided with the 70 * distribution. 71 * 72 * 3. All advertising materials mentioning features or use of this 73 * software must display the following acknowledgment: 74 * "This product includes software developed by the OpenSSL Project 75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 76 * 77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 78 * endorse or promote products derived from this software without 79 * prior written permission. For written permission, please contact 80 * openssl-core@openssl.org. 81 * 82 * 5. Products derived from this software may not be called "OpenSSL" 83 * nor may "OpenSSL" appear in their names without prior written 84 * permission of the OpenSSL Project. 85 * 86 * 6. Redistributions of any form whatsoever must retain the following 87 * acknowledgment: 88 * "This product includes software developed by the OpenSSL Project 89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 90 * 91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 102 * OF THE POSSIBILITY OF SUCH DAMAGE. 103 * ==================================================================== 104 * 105 * This product includes cryptographic software written by Eric Young 106 * (eay@cryptsoft.com). This product includes software written by Tim 107 * Hudson (tjh@cryptsoft.com). 108 * 109 */ 110/* ==================================================================== 111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 112 * 113 * Portions of the attached software ("Contribution") are developed by 114 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 115 * 116 * The Contribution is licensed pursuant to the OpenSSL open source 117 * license provided above. 118 * 119 * ECC cipher suite support in OpenSSL originally written by 120 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 121 * 122 */ 123/* ==================================================================== 124 * Copyright 2005 Nokia. All rights reserved. 125 * 126 * The portions of the attached software ("Contribution") is developed by 127 * Nokia Corporation and is licensed pursuant to the OpenSSL open source 128 * license. 129 * 130 * The Contribution, originally written by Mika Kousa and Pasi Eronen of 131 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 132 * support (see RFC 4279) to OpenSSL. 133 * 134 * No patent licenses or other rights except those expressly stated in 135 * the OpenSSL open source license shall be deemed granted or received 136 * expressly, by implication, estoppel, or otherwise. 137 * 138 * No assurances are provided by Nokia that the Contribution does not 139 * infringe the patent or other intellectual property rights of any third 140 * party or that the license provides you with all the necessary rights 141 * to make use of the Contribution. 142 * 143 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 144 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 145 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 146 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 147 * OTHERWISE. */ 148 149#include <assert.h> 150#include <stdio.h> 151 152#include <openssl/buf.h> 153#include <openssl/dh.h> 154#include <openssl/md5.h> 155#include <openssl/mem.h> 156#include <openssl/obj.h> 157 158#include "ssl_locl.h" 159 160#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) 161 162/* FIXED_NONCE_LEN is a macro that results in the correct value to set the 163 * fixed nonce length in SSL_CIPHER.algorithms2. It's the inverse of 164 * SSL_CIPHER_AEAD_FIXED_NONCE_LEN. */ 165#define FIXED_NONCE_LEN(x) ((x/2)<<24) 166 167/* list of available SSLv3 ciphers (sorted by id) */ 168const SSL_CIPHER ssl3_ciphers[]={ 169 170/* The RSA ciphers */ 171/* Cipher 04 */ 172 { 173 1, 174 SSL3_TXT_RSA_RC4_128_MD5, 175 SSL3_CK_RSA_RC4_128_MD5, 176 SSL_kRSA, 177 SSL_aRSA, 178 SSL_RC4, 179 SSL_MD5, 180 SSL_SSLV3, 181 SSL_MEDIUM, 182 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|SSL_CIPHER_ALGORITHM2_STATEFUL_AEAD, 183 128, 184 128, 185 }, 186 187/* Cipher 05 */ 188 { 189 1, 190 SSL3_TXT_RSA_RC4_128_SHA, 191 SSL3_CK_RSA_RC4_128_SHA, 192 SSL_kRSA, 193 SSL_aRSA, 194 SSL_RC4, 195 SSL_SHA1, 196 SSL_SSLV3, 197 SSL_MEDIUM, 198 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 199 128, 200 128, 201 }, 202 203/* Cipher 0A */ 204 { 205 1, 206 SSL3_TXT_RSA_DES_192_CBC3_SHA, 207 SSL3_CK_RSA_DES_192_CBC3_SHA, 208 SSL_kRSA, 209 SSL_aRSA, 210 SSL_3DES, 211 SSL_SHA1, 212 SSL_SSLV3, 213 SSL_HIGH|SSL_FIPS, 214 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 215 112, 216 168, 217 }, 218 219/* The Ephemeral DH ciphers */ 220 221/* Cipher 18 */ 222 { 223 1, 224 SSL3_TXT_ADH_RC4_128_MD5, 225 SSL3_CK_ADH_RC4_128_MD5, 226 SSL_kEDH, 227 SSL_aNULL, 228 SSL_RC4, 229 SSL_MD5, 230 SSL_SSLV3, 231 SSL_MEDIUM, 232 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 233 128, 234 128, 235 }, 236 237/* New AES ciphersuites */ 238/* Cipher 2F */ 239 { 240 1, 241 TLS1_TXT_RSA_WITH_AES_128_SHA, 242 TLS1_CK_RSA_WITH_AES_128_SHA, 243 SSL_kRSA, 244 SSL_aRSA, 245 SSL_AES128, 246 SSL_SHA1, 247 SSL_TLSV1, 248 SSL_HIGH|SSL_FIPS, 249 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 250 128, 251 128, 252 }, 253/* Cipher 33 */ 254 { 255 1, 256 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 257 TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 258 SSL_kEDH, 259 SSL_aRSA, 260 SSL_AES128, 261 SSL_SHA1, 262 SSL_TLSV1, 263 SSL_HIGH|SSL_FIPS, 264 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 265 128, 266 128, 267 }, 268/* Cipher 34 */ 269 { 270 1, 271 TLS1_TXT_ADH_WITH_AES_128_SHA, 272 TLS1_CK_ADH_WITH_AES_128_SHA, 273 SSL_kEDH, 274 SSL_aNULL, 275 SSL_AES128, 276 SSL_SHA1, 277 SSL_TLSV1, 278 SSL_HIGH|SSL_FIPS, 279 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 280 128, 281 128, 282 }, 283 284/* Cipher 35 */ 285 { 286 1, 287 TLS1_TXT_RSA_WITH_AES_256_SHA, 288 TLS1_CK_RSA_WITH_AES_256_SHA, 289 SSL_kRSA, 290 SSL_aRSA, 291 SSL_AES256, 292 SSL_SHA1, 293 SSL_TLSV1, 294 SSL_HIGH|SSL_FIPS, 295 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 296 256, 297 256, 298 }, 299 300/* Cipher 39 */ 301 { 302 1, 303 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 304 TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 305 SSL_kEDH, 306 SSL_aRSA, 307 SSL_AES256, 308 SSL_SHA1, 309 SSL_TLSV1, 310 SSL_HIGH|SSL_FIPS, 311 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 312 256, 313 256, 314 }, 315 316 /* Cipher 3A */ 317 { 318 1, 319 TLS1_TXT_ADH_WITH_AES_256_SHA, 320 TLS1_CK_ADH_WITH_AES_256_SHA, 321 SSL_kEDH, 322 SSL_aNULL, 323 SSL_AES256, 324 SSL_SHA1, 325 SSL_TLSV1, 326 SSL_HIGH|SSL_FIPS, 327 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 328 256, 329 256, 330 }, 331 332 /* TLS v1.2 ciphersuites */ 333 /* Cipher 3C */ 334 { 335 1, 336 TLS1_TXT_RSA_WITH_AES_128_SHA256, 337 TLS1_CK_RSA_WITH_AES_128_SHA256, 338 SSL_kRSA, 339 SSL_aRSA, 340 SSL_AES128, 341 SSL_SHA256, 342 SSL_TLSV1_2, 343 SSL_HIGH|SSL_FIPS, 344 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 345 128, 346 128, 347 }, 348 349 /* Cipher 3D */ 350 { 351 1, 352 TLS1_TXT_RSA_WITH_AES_256_SHA256, 353 TLS1_CK_RSA_WITH_AES_256_SHA256, 354 SSL_kRSA, 355 SSL_aRSA, 356 SSL_AES256, 357 SSL_SHA256, 358 SSL_TLSV1_2, 359 SSL_HIGH|SSL_FIPS, 360 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 361 256, 362 256, 363 }, 364 365 366 /* TLS v1.2 ciphersuites */ 367 /* Cipher 67 */ 368 { 369 1, 370 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, 371 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, 372 SSL_kEDH, 373 SSL_aRSA, 374 SSL_AES128, 375 SSL_SHA256, 376 SSL_TLSV1_2, 377 SSL_HIGH|SSL_FIPS, 378 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 379 128, 380 128, 381 }, 382 383 /* Cipher 6B */ 384 { 385 1, 386 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, 387 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, 388 SSL_kEDH, 389 SSL_aRSA, 390 SSL_AES256, 391 SSL_SHA256, 392 SSL_TLSV1_2, 393 SSL_HIGH|SSL_FIPS, 394 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 395 256, 396 256, 397 }, 398 399 /* Cipher 6C */ 400 { 401 1, 402 TLS1_TXT_ADH_WITH_AES_128_SHA256, 403 TLS1_CK_ADH_WITH_AES_128_SHA256, 404 SSL_kEDH, 405 SSL_aNULL, 406 SSL_AES128, 407 SSL_SHA256, 408 SSL_TLSV1_2, 409 SSL_HIGH|SSL_FIPS, 410 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 411 128, 412 128, 413 }, 414 415 /* Cipher 6D */ 416 { 417 1, 418 TLS1_TXT_ADH_WITH_AES_256_SHA256, 419 TLS1_CK_ADH_WITH_AES_256_SHA256, 420 SSL_kEDH, 421 SSL_aNULL, 422 SSL_AES256, 423 SSL_SHA256, 424 SSL_TLSV1_2, 425 SSL_HIGH|SSL_FIPS, 426 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 427 256, 428 256, 429 }, 430 431 432 /* Cipher 8A */ 433 { 434 1, 435 TLS1_TXT_PSK_WITH_RC4_128_SHA, 436 TLS1_CK_PSK_WITH_RC4_128_SHA, 437 SSL_kPSK, 438 SSL_aPSK, 439 SSL_RC4, 440 SSL_SHA1, 441 SSL_TLSV1, 442 SSL_MEDIUM, 443 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 444 128, 445 128, 446 }, 447 448 /* Cipher 8C */ 449 { 450 1, 451 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, 452 TLS1_CK_PSK_WITH_AES_128_CBC_SHA, 453 SSL_kPSK, 454 SSL_aPSK, 455 SSL_AES128, 456 SSL_SHA1, 457 SSL_TLSV1, 458 SSL_HIGH|SSL_FIPS, 459 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 460 128, 461 128, 462 }, 463 464 /* Cipher 8D */ 465 { 466 1, 467 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, 468 TLS1_CK_PSK_WITH_AES_256_CBC_SHA, 469 SSL_kPSK, 470 SSL_aPSK, 471 SSL_AES256, 472 SSL_SHA1, 473 SSL_TLSV1, 474 SSL_HIGH|SSL_FIPS, 475 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 476 256, 477 256, 478 }, 479 480 /* GCM ciphersuites from RFC5288 */ 481 482 /* Cipher 9C */ 483 { 484 1, 485 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, 486 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 487 SSL_kRSA, 488 SSL_aRSA, 489 SSL_AES128GCM, 490 SSL_AEAD, 491 SSL_TLSV1_2, 492 SSL_HIGH|SSL_FIPS, 493 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, 494 128, 495 128, 496 }, 497 498 /* Cipher 9D */ 499 { 500 1, 501 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, 502 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, 503 SSL_kRSA, 504 SSL_aRSA, 505 SSL_AES256GCM, 506 SSL_AEAD, 507 SSL_TLSV1_2, 508 SSL_HIGH|SSL_FIPS, 509 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 510 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, 511 256, 512 256, 513 }, 514 515 /* Cipher 9E */ 516 { 517 1, 518 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, 519 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 520 SSL_kEDH, 521 SSL_aRSA, 522 SSL_AES128GCM, 523 SSL_AEAD, 524 SSL_TLSV1_2, 525 SSL_HIGH|SSL_FIPS, 526 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, 527 128, 528 128, 529 }, 530 531 /* Cipher 9F */ 532 { 533 1, 534 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, 535 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, 536 SSL_kEDH, 537 SSL_aRSA, 538 SSL_AES256GCM, 539 SSL_AEAD, 540 SSL_TLSV1_2, 541 SSL_HIGH|SSL_FIPS, 542 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 543 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, 544 256, 545 256, 546 }, 547 548 /* Cipher A6 */ 549 { 550 1, 551 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, 552 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, 553 SSL_kEDH, 554 SSL_aNULL, 555 SSL_AES128GCM, 556 SSL_AEAD, 557 SSL_TLSV1_2, 558 SSL_HIGH|SSL_FIPS, 559 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, 560 128, 561 128, 562 }, 563 564 /* Cipher A7 */ 565 { 566 1, 567 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, 568 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, 569 SSL_kEDH, 570 SSL_aNULL, 571 SSL_AES256GCM, 572 SSL_AEAD, 573 SSL_TLSV1_2, 574 SSL_HIGH|SSL_FIPS, 575 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 576 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, 577 256, 578 256, 579 }, 580 581 /* Cipher C007 */ 582 { 583 1, 584 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 585 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, 586 SSL_kEECDH, 587 SSL_aECDSA, 588 SSL_RC4, 589 SSL_SHA1, 590 SSL_TLSV1, 591 SSL_MEDIUM, 592 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 593 128, 594 128, 595 }, 596 597 /* Cipher C009 */ 598 { 599 1, 600 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 601 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 602 SSL_kEECDH, 603 SSL_aECDSA, 604 SSL_AES128, 605 SSL_SHA1, 606 SSL_TLSV1, 607 SSL_HIGH|SSL_FIPS, 608 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 609 128, 610 128, 611 }, 612 613 /* Cipher C00A */ 614 { 615 1, 616 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 617 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 618 SSL_kEECDH, 619 SSL_aECDSA, 620 SSL_AES256, 621 SSL_SHA1, 622 SSL_TLSV1, 623 SSL_HIGH|SSL_FIPS, 624 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 625 256, 626 256, 627 }, 628 629 /* Cipher C011 */ 630 { 631 1, 632 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 633 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 634 SSL_kEECDH, 635 SSL_aRSA, 636 SSL_RC4, 637 SSL_SHA1, 638 SSL_TLSV1, 639 SSL_MEDIUM, 640 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 641 128, 642 128, 643 }, 644 645 /* Cipher C013 */ 646 { 647 1, 648 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 649 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 650 SSL_kEECDH, 651 SSL_aRSA, 652 SSL_AES128, 653 SSL_SHA1, 654 SSL_TLSV1, 655 SSL_HIGH|SSL_FIPS, 656 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 657 128, 658 128, 659 }, 660 661 /* Cipher C014 */ 662 { 663 1, 664 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 665 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 666 SSL_kEECDH, 667 SSL_aRSA, 668 SSL_AES256, 669 SSL_SHA1, 670 SSL_TLSV1, 671 SSL_HIGH|SSL_FIPS, 672 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 673 256, 674 256, 675 }, 676 677 /* Cipher C016 */ 678 { 679 1, 680 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 681 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, 682 SSL_kEECDH, 683 SSL_aNULL, 684 SSL_RC4, 685 SSL_SHA1, 686 SSL_TLSV1, 687 SSL_MEDIUM, 688 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 689 128, 690 128, 691 }, 692 693 /* Cipher C018 */ 694 { 695 1, 696 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 697 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, 698 SSL_kEECDH, 699 SSL_aNULL, 700 SSL_AES128, 701 SSL_SHA1, 702 SSL_TLSV1, 703 SSL_HIGH|SSL_FIPS, 704 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 705 128, 706 128, 707 }, 708 709 /* Cipher C019 */ 710 { 711 1, 712 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 713 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, 714 SSL_kEECDH, 715 SSL_aNULL, 716 SSL_AES256, 717 SSL_SHA1, 718 SSL_TLSV1, 719 SSL_HIGH|SSL_FIPS, 720 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 721 256, 722 256, 723 }, 724 725 726 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ 727 728 /* Cipher C023 */ 729 { 730 1, 731 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, 732 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, 733 SSL_kEECDH, 734 SSL_aECDSA, 735 SSL_AES128, 736 SSL_SHA256, 737 SSL_TLSV1_2, 738 SSL_HIGH|SSL_FIPS, 739 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 740 128, 741 128, 742 }, 743 744 /* Cipher C024 */ 745 { 746 1, 747 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, 748 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, 749 SSL_kEECDH, 750 SSL_aECDSA, 751 SSL_AES256, 752 SSL_SHA384, 753 SSL_TLSV1_2, 754 SSL_HIGH|SSL_FIPS, 755 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 756 256, 757 256, 758 }, 759 760 /* Cipher C027 */ 761 { 762 1, 763 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, 764 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, 765 SSL_kEECDH, 766 SSL_aRSA, 767 SSL_AES128, 768 SSL_SHA256, 769 SSL_TLSV1_2, 770 SSL_HIGH|SSL_FIPS, 771 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 772 128, 773 128, 774 }, 775 776 /* Cipher C028 */ 777 { 778 1, 779 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, 780 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, 781 SSL_kEECDH, 782 SSL_aRSA, 783 SSL_AES256, 784 SSL_SHA384, 785 SSL_TLSV1_2, 786 SSL_HIGH|SSL_FIPS, 787 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 788 256, 789 256, 790 }, 791 792 /* GCM based TLS v1.2 ciphersuites from RFC5289 */ 793 794 /* Cipher C02B */ 795 { 796 1, 797 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 798 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 799 SSL_kEECDH, 800 SSL_aECDSA, 801 SSL_AES128GCM, 802 SSL_AEAD, 803 SSL_TLSV1_2, 804 SSL_HIGH|SSL_FIPS, 805 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, 806 128, 807 128, 808 }, 809 810 /* Cipher C02C */ 811 { 812 1, 813 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 814 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 815 SSL_kEECDH, 816 SSL_aECDSA, 817 SSL_AES256GCM, 818 SSL_AEAD, 819 SSL_TLSV1_2, 820 SSL_HIGH|SSL_FIPS, 821 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 822 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, 823 256, 824 256, 825 }, 826 827 /* Cipher C02F */ 828 { 829 1, 830 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 831 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 832 SSL_kEECDH, 833 SSL_aRSA, 834 SSL_AES128GCM, 835 SSL_AEAD, 836 SSL_TLSV1_2, 837 SSL_HIGH|SSL_FIPS, 838 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, 839 128, 840 128, 841 }, 842 843 /* Cipher C030 */ 844 { 845 1, 846 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 847 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 848 SSL_kEECDH, 849 SSL_aRSA, 850 SSL_AES256GCM, 851 SSL_AEAD, 852 SSL_TLSV1_2, 853 SSL_HIGH|SSL_FIPS, 854 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 855 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, 856 256, 857 256, 858 }, 859 860 /* ECDH PSK ciphersuites */ 861 /* Cipher CAFE */ 862 { 863 1, 864 TLS1_TXT_ECDHE_PSK_WITH_AES_128_GCM_SHA256, 865 TLS1_CK_ECDHE_PSK_WITH_AES_128_GCM_SHA256, 866 SSL_kEECDH, 867 SSL_aPSK, 868 SSL_AES128GCM, 869 SSL_AEAD, 870 SSL_TLSV1_2, 871 SSL_HIGH, 872 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 873 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, 874 128, 875 128, 876 }, 877 878 879 { 880 1, 881 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, 882 TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 883 SSL_kEECDH, 884 SSL_aRSA, 885 SSL_CHACHA20POLY1305, 886 SSL_AEAD, 887 SSL_TLSV1_2, 888 SSL_HIGH, 889 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), 890 256, 891 0, 892 }, 893 894 { 895 1, 896 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 897 TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 898 SSL_kEECDH, 899 SSL_aECDSA, 900 SSL_CHACHA20POLY1305, 901 SSL_AEAD, 902 SSL_TLSV1_2, 903 SSL_HIGH, 904 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), 905 256, 906 0, 907 }, 908 909 { 910 1, 911 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, 912 TLS1_CK_DHE_RSA_CHACHA20_POLY1305, 913 SSL_kEDH, 914 SSL_aRSA, 915 SSL_CHACHA20POLY1305, 916 SSL_AEAD, 917 SSL_TLSV1_2, 918 SSL_HIGH, 919 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), 920 256, 921 0, 922 }, 923 924/* end of list */ 925 }; 926 927SSL3_ENC_METHOD SSLv3_enc_data={ 928 ssl3_enc, 929 n_ssl3_mac, 930 ssl3_setup_key_block, 931 ssl3_generate_master_secret, 932 ssl3_change_cipher_state, 933 ssl3_final_finish_mac, 934 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, 935 ssl3_cert_verify_mac, 936 SSL3_MD_CLIENT_FINISHED_CONST,4, 937 SSL3_MD_SERVER_FINISHED_CONST,4, 938 ssl3_alert_code, 939 (int (*)(SSL *, unsigned char *, size_t, const char *, 940 size_t, const unsigned char *, size_t, 941 int use_context))ssl_undefined_function, 942 0, 943 SSL3_HM_HEADER_LENGTH, 944 ssl3_set_handshake_header, 945 ssl3_handshake_write 946 }; 947 948int ssl3_num_ciphers(void) 949 { 950 return(SSL3_NUM_CIPHERS); 951 } 952 953const SSL_CIPHER *ssl3_get_cipher(unsigned int u) 954 { 955 if (u < SSL3_NUM_CIPHERS) 956 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); 957 else 958 return(NULL); 959 } 960 961int ssl3_pending(const SSL *s) 962 { 963 if (s->rstate == SSL_ST_READ_BODY) 964 return 0; 965 966 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; 967 } 968 969void ssl3_set_handshake_header(SSL *s, int htype, unsigned long len) 970 { 971 unsigned char *p = (unsigned char *)s->init_buf->data; 972 *(p++) = htype; 973 l2n3(len, p); 974 s->init_num = (int)len + SSL3_HM_HEADER_LENGTH; 975 s->init_off = 0; 976 } 977 978int ssl3_handshake_write(SSL *s) 979 { 980 return ssl3_do_write(s, SSL3_RT_HANDSHAKE); 981 } 982 983int ssl3_new(SSL *s) 984 { 985 SSL3_STATE *s3; 986 987 if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err; 988 memset(s3,0,sizeof *s3); 989 memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num)); 990 memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num)); 991 992 s->s3=s3; 993 994 s->tlsext_channel_id_enabled = s->ctx->tlsext_channel_id_enabled; 995 if (s->ctx->tlsext_channel_id_private) 996 s->tlsext_channel_id_private = EVP_PKEY_dup(s->ctx->tlsext_channel_id_private); 997 s->method->ssl_clear(s); 998 return(1); 999err: 1000 return(0); 1001 } 1002 1003void ssl3_free(SSL *s) 1004 { 1005 if(s == NULL) 1006 return; 1007 1008 ssl3_cleanup_key_block(s); 1009 if (s->s3->rbuf.buf != NULL) 1010 ssl3_release_read_buffer(s); 1011 if (s->s3->wbuf.buf != NULL) 1012 ssl3_release_write_buffer(s); 1013 if (s->s3->tmp.dh != NULL) 1014 DH_free(s->s3->tmp.dh); 1015 if (s->s3->tmp.ecdh != NULL) 1016 EC_KEY_free(s->s3->tmp.ecdh); 1017 1018 if (s->s3->tmp.ca_names != NULL) 1019 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 1020 if (s->s3->tmp.certificate_types != NULL) 1021 OPENSSL_free(s->s3->tmp.certificate_types); 1022 if (s->s3->handshake_buffer) { 1023 BIO_free(s->s3->handshake_buffer); 1024 } 1025 if (s->s3->handshake_dgst) ssl3_free_digest_list(s); 1026 if (s->s3->alpn_selected) 1027 OPENSSL_free(s->s3->alpn_selected); 1028 1029 OPENSSL_cleanse(s->s3,sizeof *s->s3); 1030 OPENSSL_free(s->s3); 1031 s->s3=NULL; 1032 } 1033 1034void ssl3_clear(SSL *s) 1035 { 1036 unsigned char *rp,*wp; 1037 size_t rlen, wlen; 1038 int init_extra; 1039 1040 ssl3_cleanup_key_block(s); 1041 if (s->s3->tmp.ca_names != NULL) 1042 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 1043 if (s->s3->tmp.certificate_types != NULL) 1044 OPENSSL_free(s->s3->tmp.certificate_types); 1045 s->s3->tmp.num_certificate_types = 0; 1046 1047 if (s->s3->tmp.dh != NULL) 1048 { 1049 DH_free(s->s3->tmp.dh); 1050 s->s3->tmp.dh = NULL; 1051 } 1052 if (s->s3->tmp.ecdh != NULL) 1053 { 1054 EC_KEY_free(s->s3->tmp.ecdh); 1055 s->s3->tmp.ecdh = NULL; 1056 } 1057 rp = s->s3->rbuf.buf; 1058 wp = s->s3->wbuf.buf; 1059 rlen = s->s3->rbuf.len; 1060 wlen = s->s3->wbuf.len; 1061 init_extra = s->s3->init_extra; 1062 if (s->s3->handshake_buffer) { 1063 BIO_free(s->s3->handshake_buffer); 1064 s->s3->handshake_buffer = NULL; 1065 } 1066 if (s->s3->handshake_dgst) { 1067 ssl3_free_digest_list(s); 1068 } 1069 1070 if (s->s3->alpn_selected) 1071 { 1072 OPENSSL_free(s->s3->alpn_selected); 1073 s->s3->alpn_selected = NULL; 1074 } 1075 memset(s->s3,0,sizeof *s->s3); 1076 s->s3->rbuf.buf = rp; 1077 s->s3->wbuf.buf = wp; 1078 s->s3->rbuf.len = rlen; 1079 s->s3->wbuf.len = wlen; 1080 s->s3->init_extra = init_extra; 1081 1082 ssl_free_wbio_buffer(s); 1083 1084 s->packet_length=0; 1085 s->s3->renegotiate=0; 1086 s->s3->total_renegotiations=0; 1087 s->s3->num_renegotiations=0; 1088 s->s3->in_read_app_data=0; 1089 s->version = s->method->version; 1090 1091 if (s->next_proto_negotiated) 1092 { 1093 OPENSSL_free(s->next_proto_negotiated); 1094 s->next_proto_negotiated = NULL; 1095 s->next_proto_negotiated_len = 0; 1096 } 1097 1098 s->s3->tlsext_channel_id_valid = 0; 1099 } 1100 1101static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len); 1102 1103long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 1104 { 1105 int ret=0; 1106 1107 if (cmd == SSL_CTRL_SET_TMP_RSA || 1108 cmd == SSL_CTRL_SET_TMP_RSA_CB || 1109 cmd == SSL_CTRL_SET_TMP_DH || 1110 cmd == SSL_CTRL_SET_TMP_DH_CB) 1111 { 1112 if (!ssl_cert_inst(&s->cert)) 1113 { 1114 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_MALLOC_FAILURE); 1115 return(0); 1116 } 1117 } 1118 1119 switch (cmd) 1120 { 1121 case SSL_CTRL_GET_SESSION_REUSED: 1122 ret=s->hit; 1123 break; 1124 case SSL_CTRL_GET_CLIENT_CERT_REQUEST: 1125 break; 1126 case SSL_CTRL_GET_NUM_RENEGOTIATIONS: 1127 ret=s->s3->num_renegotiations; 1128 break; 1129 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: 1130 ret=s->s3->num_renegotiations; 1131 s->s3->num_renegotiations=0; 1132 break; 1133 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: 1134 ret=s->s3->total_renegotiations; 1135 break; 1136 case SSL_CTRL_GET_FLAGS: 1137 ret=(int)(s->s3->flags); 1138 break; 1139 case SSL_CTRL_NEED_TMP_RSA: 1140 /* Temporary RSA keys are never used. */ 1141 ret = 0; 1142 break; 1143 case SSL_CTRL_SET_TMP_RSA: 1144 /* Temporary RSA keys are never used. */ 1145 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1146 break; 1147 case SSL_CTRL_SET_TMP_RSA_CB: 1148 { 1149 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1150 return(ret); 1151 } 1152 break; 1153 case SSL_CTRL_SET_TMP_DH: 1154 { 1155 DH *dh = (DH *)parg; 1156 if (dh == NULL) 1157 { 1158 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_PASSED_NULL_PARAMETER); 1159 return(ret); 1160 } 1161 if ((dh = DHparams_dup(dh)) == NULL) 1162 { 1163 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_DH_LIB); 1164 return(ret); 1165 } 1166 if (!(s->options & SSL_OP_SINGLE_DH_USE)) 1167 { 1168 if (!DH_generate_key(dh)) 1169 { 1170 DH_free(dh); 1171 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_DH_LIB); 1172 return(ret); 1173 } 1174 } 1175 if (s->cert->dh_tmp != NULL) 1176 DH_free(s->cert->dh_tmp); 1177 s->cert->dh_tmp = dh; 1178 ret = 1; 1179 } 1180 break; 1181 case SSL_CTRL_SET_TMP_DH_CB: 1182 { 1183 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1184 return(ret); 1185 } 1186 break; 1187 case SSL_CTRL_SET_TMP_ECDH: 1188 { 1189 EC_KEY *ecdh = NULL; 1190 1191 if (parg == NULL) 1192 { 1193 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_PASSED_NULL_PARAMETER); 1194 return(ret); 1195 } 1196 if (!EC_KEY_up_ref((EC_KEY *)parg)) 1197 { 1198 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_ECDH_LIB); 1199 return(ret); 1200 } 1201 ecdh = (EC_KEY *)parg; 1202 if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) 1203 { 1204 if (!EC_KEY_generate_key(ecdh)) 1205 { 1206 EC_KEY_free(ecdh); 1207 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_ECDH_LIB); 1208 return(ret); 1209 } 1210 } 1211 if (s->cert->ecdh_tmp != NULL) 1212 EC_KEY_free(s->cert->ecdh_tmp); 1213 s->cert->ecdh_tmp = ecdh; 1214 ret = 1; 1215 } 1216 break; 1217 case SSL_CTRL_SET_TMP_ECDH_CB: 1218 { 1219 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1220 return(ret); 1221 } 1222 break; 1223 case SSL_CTRL_SET_TLSEXT_HOSTNAME: 1224 if (larg == TLSEXT_NAMETYPE_host_name) 1225 { 1226 if (s->tlsext_hostname != NULL) 1227 OPENSSL_free(s->tlsext_hostname); 1228 s->tlsext_hostname = NULL; 1229 1230 ret = 1; 1231 if (parg == NULL) 1232 break; 1233 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) 1234 { 1235 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, SSL_R_SSL3_EXT_INVALID_SERVERNAME); 1236 return 0; 1237 } 1238 if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) 1239 { 1240 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_INTERNAL_ERROR); 1241 return 0; 1242 } 1243 } 1244 else 1245 { 1246 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); 1247 return 0; 1248 } 1249 break; 1250 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: 1251 s->tlsext_debug_arg=parg; 1252 ret = 1; 1253 break; 1254 1255 case SSL_CTRL_CHAIN: 1256 if (larg) 1257 return ssl_cert_set1_chain(s->cert, 1258 (STACK_OF (X509) *)parg); 1259 else 1260 return ssl_cert_set0_chain(s->cert, 1261 (STACK_OF (X509) *)parg); 1262 1263 case SSL_CTRL_CHAIN_CERT: 1264 if (larg) 1265 return ssl_cert_add1_chain_cert(s->cert, (X509 *)parg); 1266 else 1267 return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg); 1268 1269 case SSL_CTRL_GET_CHAIN_CERTS: 1270 *(STACK_OF(X509) **)parg = s->cert->key->chain; 1271 break; 1272 1273 case SSL_CTRL_SELECT_CURRENT_CERT: 1274 return ssl_cert_select_current(s->cert, (X509 *)parg); 1275 1276 case SSL_CTRL_GET_CURVES: 1277 { 1278 const uint16_t *clist; 1279 size_t clistlen; 1280 if (!s->session) 1281 return 0; 1282 clist = s->session->tlsext_ellipticcurvelist; 1283 clistlen = s->session->tlsext_ellipticcurvelist_length; 1284 if (parg) 1285 { 1286 size_t i; 1287 int *cptr = parg; 1288 int nid; 1289 for (i = 0; i < clistlen; i++) 1290 { 1291 nid = tls1_ec_curve_id2nid(clist[i]); 1292 if (nid != OBJ_undef) 1293 cptr[i] = nid; 1294 else 1295 cptr[i] = TLSEXT_nid_unknown | clist[i]; 1296 } 1297 } 1298 return (int)clistlen; 1299 } 1300 1301 case SSL_CTRL_SET_CURVES: 1302 return tls1_set_curves(&s->tlsext_ellipticcurvelist, 1303 &s->tlsext_ellipticcurvelist_length, 1304 parg, larg); 1305 1306 case SSL_CTRL_SET_ECDH_AUTO: 1307 s->cert->ecdh_tmp_auto = larg; 1308 return 1; 1309 case SSL_CTRL_SET_SIGALGS: 1310 return tls1_set_sigalgs(s->cert, parg, larg, 0); 1311 1312 case SSL_CTRL_SET_CLIENT_SIGALGS: 1313 return tls1_set_sigalgs(s->cert, parg, larg, 1); 1314 1315 case SSL_CTRL_GET_CLIENT_CERT_TYPES: 1316 { 1317 const unsigned char **pctype = parg; 1318 if (s->server || !s->s3->tmp.cert_req) 1319 return 0; 1320 if (pctype) 1321 *pctype = s->s3->tmp.certificate_types; 1322 return (int)s->s3->tmp.num_certificate_types; 1323 } 1324 1325 case SSL_CTRL_SET_CLIENT_CERT_TYPES: 1326 if (!s->server) 1327 return 0; 1328 return ssl3_set_req_cert_type(s->cert, parg, larg); 1329 1330 case SSL_CTRL_BUILD_CERT_CHAIN: 1331 return ssl_build_cert_chain(s->cert, s->ctx->cert_store, larg); 1332 1333 case SSL_CTRL_SET_VERIFY_CERT_STORE: 1334 return ssl_cert_set_cert_store(s->cert, parg, 0, larg); 1335 1336 case SSL_CTRL_SET_CHAIN_CERT_STORE: 1337 return ssl_cert_set_cert_store(s->cert, parg, 1, larg); 1338 1339 case SSL_CTRL_GET_PEER_SIGNATURE_NID: 1340 if (SSL_USE_SIGALGS(s)) 1341 { 1342 if (s->session && s->session->sess_cert) 1343 { 1344 const EVP_MD *sig; 1345 sig = s->session->sess_cert->peer_key->digest; 1346 if (sig) 1347 { 1348 *(int *)parg = EVP_MD_type(sig); 1349 return 1; 1350 } 1351 } 1352 return 0; 1353 } 1354 /* Might want to do something here for other versions */ 1355 else 1356 return 0; 1357 1358 case SSL_CTRL_GET_SERVER_TMP_KEY: 1359 if (s->server || !s->session || !s->session->sess_cert) 1360 return 0; 1361 else 1362 { 1363 SESS_CERT *sc; 1364 EVP_PKEY *ptmp; 1365 int rv = 0; 1366 sc = s->session->sess_cert; 1367 if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp && !sc->peer_ecdh_tmp) 1368 return 0; 1369 ptmp = EVP_PKEY_new(); 1370 if (!ptmp) 1371 return 0; 1372 if (sc->peer_rsa_tmp) 1373 rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp); 1374 else if (sc->peer_dh_tmp) 1375 rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp); 1376 else if (sc->peer_ecdh_tmp) 1377 rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp); 1378 if (rv) 1379 { 1380 *(EVP_PKEY **)parg = ptmp; 1381 return 1; 1382 } 1383 EVP_PKEY_free(ptmp); 1384 return 0; 1385 } 1386 case SSL_CTRL_GET_EC_POINT_FORMATS: 1387 { 1388 SSL_SESSION *sess = s->session; 1389 const unsigned char **pformat = parg; 1390 if (!sess || !sess->tlsext_ecpointformatlist) 1391 return 0; 1392 *pformat = sess->tlsext_ecpointformatlist; 1393 return (int)sess->tlsext_ecpointformatlist_length; 1394 } 1395 1396 case SSL_CTRL_CHANNEL_ID: 1397 s->tlsext_channel_id_enabled = 1; 1398 ret = 1; 1399 break; 1400 1401 case SSL_CTRL_SET_CHANNEL_ID: 1402 if (s->server) 1403 break; 1404 s->tlsext_channel_id_enabled = 1; 1405 if (EVP_PKEY_bits(parg) != 256) 1406 { 1407 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, SSL_R_CHANNEL_ID_NOT_P256); 1408 break; 1409 } 1410 if (s->tlsext_channel_id_private) 1411 EVP_PKEY_free(s->tlsext_channel_id_private); 1412 s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg); 1413 ret = 1; 1414 break; 1415 1416 case SSL_CTRL_GET_CHANNEL_ID: 1417 if (!s->server) 1418 break; 1419 if (!s->s3->tlsext_channel_id_valid) 1420 break; 1421 memcpy(parg, s->s3->tlsext_channel_id, larg < 64 ? larg : 64); 1422 return 64; 1423 1424 case SSL_CTRL_FALLBACK_SCSV: 1425 if (s->server) 1426 break; 1427 s->fallback_scsv = 1; 1428 ret = 1; 1429 break; 1430 1431 default: 1432 break; 1433 } 1434 return(ret); 1435 } 1436 1437long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 1438 { 1439 int ret=0; 1440 1441 if (cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH_CB) 1442 { 1443 if (!ssl_cert_inst(&s->cert)) 1444 { 1445 OPENSSL_PUT_ERROR(SSL, ssl3_callback_ctrl, ERR_R_MALLOC_FAILURE); 1446 return(0); 1447 } 1448 } 1449 1450 switch (cmd) 1451 { 1452 case SSL_CTRL_SET_TMP_RSA_CB: 1453 /* Ignore the callback; temporary RSA keys are never used. */ 1454 break; 1455 case SSL_CTRL_SET_TMP_DH_CB: 1456 { 1457 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 1458 } 1459 break; 1460 case SSL_CTRL_SET_TMP_ECDH_CB: 1461 { 1462 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 1463 } 1464 break; 1465 case SSL_CTRL_SET_TLSEXT_DEBUG_CB: 1466 s->tlsext_debug_cb=(void (*)(SSL *,int ,int, 1467 unsigned char *, int, void *))fp; 1468 break; 1469 default: 1470 break; 1471 } 1472 return(ret); 1473 } 1474 1475long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 1476 { 1477 CERT *cert; 1478 1479 cert=ctx->cert; 1480 1481 switch (cmd) 1482 { 1483 case SSL_CTRL_NEED_TMP_RSA: 1484 /* Temporary RSA keys are never used. */ 1485 return 0; 1486 case SSL_CTRL_SET_TMP_RSA: 1487 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1488 return 0; 1489 case SSL_CTRL_SET_TMP_RSA_CB: 1490 { 1491 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1492 return(0); 1493 } 1494 break; 1495 case SSL_CTRL_SET_TMP_DH: 1496 { 1497 DH *new=NULL,*dh; 1498 1499 dh=(DH *)parg; 1500 if ((new=DHparams_dup(dh)) == NULL) 1501 { 1502 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_DH_LIB); 1503 return 0; 1504 } 1505 if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) 1506 { 1507 if (!DH_generate_key(new)) 1508 { 1509 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_DH_LIB); 1510 DH_free(new); 1511 return 0; 1512 } 1513 } 1514 if (cert->dh_tmp != NULL) 1515 DH_free(cert->dh_tmp); 1516 cert->dh_tmp=new; 1517 return 1; 1518 } 1519 /*break; */ 1520 case SSL_CTRL_SET_TMP_DH_CB: 1521 { 1522 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1523 return(0); 1524 } 1525 break; 1526 case SSL_CTRL_SET_TMP_ECDH: 1527 { 1528 EC_KEY *ecdh = NULL; 1529 1530 if (parg == NULL) 1531 { 1532 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_ECDH_LIB); 1533 return 0; 1534 } 1535 ecdh = EC_KEY_dup((EC_KEY *)parg); 1536 if (ecdh == NULL) 1537 { 1538 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_EC_LIB); 1539 return 0; 1540 } 1541 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) 1542 { 1543 if (!EC_KEY_generate_key(ecdh)) 1544 { 1545 EC_KEY_free(ecdh); 1546 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_ECDH_LIB); 1547 return 0; 1548 } 1549 } 1550 1551 if (cert->ecdh_tmp != NULL) 1552 { 1553 EC_KEY_free(cert->ecdh_tmp); 1554 } 1555 cert->ecdh_tmp = ecdh; 1556 return 1; 1557 } 1558 /* break; */ 1559 case SSL_CTRL_SET_TMP_ECDH_CB: 1560 { 1561 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1562 return(0); 1563 } 1564 break; 1565 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: 1566 ctx->tlsext_servername_arg=parg; 1567 break; 1568 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: 1569 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: 1570 { 1571 unsigned char *keys = parg; 1572 if (!keys) 1573 return 48; 1574 if (larg != 48) 1575 { 1576 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, SSL_R_INVALID_TICKET_KEYS_LENGTH); 1577 return 0; 1578 } 1579 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) 1580 { 1581 memcpy(ctx->tlsext_tick_key_name, keys, 16); 1582 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16); 1583 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); 1584 } 1585 else 1586 { 1587 memcpy(keys, ctx->tlsext_tick_key_name, 16); 1588 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); 1589 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); 1590 } 1591 return 1; 1592 } 1593 1594 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: 1595 ctx->tlsext_status_arg=parg; 1596 return 1; 1597 break; 1598 1599 case SSL_CTRL_SET_CURVES: 1600 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist, 1601 &ctx->tlsext_ellipticcurvelist_length, 1602 parg, larg); 1603 1604 case SSL_CTRL_SET_ECDH_AUTO: 1605 ctx->cert->ecdh_tmp_auto = larg; 1606 return 1; 1607 case SSL_CTRL_SET_SIGALGS: 1608 return tls1_set_sigalgs(ctx->cert, parg, larg, 0); 1609 1610 case SSL_CTRL_SET_CLIENT_SIGALGS: 1611 return tls1_set_sigalgs(ctx->cert, parg, larg, 1); 1612 1613 case SSL_CTRL_SET_CLIENT_CERT_TYPES: 1614 return ssl3_set_req_cert_type(ctx->cert, parg, larg); 1615 1616 case SSL_CTRL_BUILD_CERT_CHAIN: 1617 return ssl_build_cert_chain(ctx->cert, ctx->cert_store, larg); 1618 1619 case SSL_CTRL_SET_VERIFY_CERT_STORE: 1620 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg); 1621 1622 case SSL_CTRL_SET_CHAIN_CERT_STORE: 1623 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg); 1624 1625 1626 /* A Thawte special :-) */ 1627 case SSL_CTRL_EXTRA_CHAIN_CERT: 1628 if (ctx->extra_certs == NULL) 1629 { 1630 if ((ctx->extra_certs=sk_X509_new_null()) == NULL) 1631 return(0); 1632 } 1633 sk_X509_push(ctx->extra_certs,(X509 *)parg); 1634 break; 1635 1636 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: 1637 if (ctx->extra_certs == NULL && larg == 0) 1638 *(STACK_OF(X509) **)parg = ctx->cert->key->chain; 1639 else 1640 *(STACK_OF(X509) **)parg = ctx->extra_certs; 1641 break; 1642 1643 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: 1644 if (ctx->extra_certs) 1645 { 1646 sk_X509_pop_free(ctx->extra_certs, X509_free); 1647 ctx->extra_certs = NULL; 1648 } 1649 break; 1650 1651 case SSL_CTRL_CHAIN: 1652 if (larg) 1653 return ssl_cert_set1_chain(ctx->cert, 1654 (STACK_OF (X509) *)parg); 1655 else 1656 return ssl_cert_set0_chain(ctx->cert, 1657 (STACK_OF (X509) *)parg); 1658 1659 case SSL_CTRL_CHAIN_CERT: 1660 if (larg) 1661 return ssl_cert_add1_chain_cert(ctx->cert, (X509 *)parg); 1662 else 1663 return ssl_cert_add0_chain_cert(ctx->cert, (X509 *)parg); 1664 1665 case SSL_CTRL_GET_CHAIN_CERTS: 1666 *(STACK_OF(X509) **)parg = ctx->cert->key->chain; 1667 break; 1668 1669 case SSL_CTRL_SELECT_CURRENT_CERT: 1670 return ssl_cert_select_current(ctx->cert, (X509 *)parg); 1671 1672 case SSL_CTRL_CHANNEL_ID: 1673 /* must be called on a server */ 1674 if (ctx->method->ssl_accept == ssl_undefined_function) 1675 return 0; 1676 ctx->tlsext_channel_id_enabled=1; 1677 return 1; 1678 1679 case SSL_CTRL_SET_CHANNEL_ID: 1680 ctx->tlsext_channel_id_enabled = 1; 1681 if (EVP_PKEY_bits(parg) != 256) 1682 { 1683 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, SSL_R_CHANNEL_ID_NOT_P256); 1684 break; 1685 } 1686 if (ctx->tlsext_channel_id_private) 1687 EVP_PKEY_free(ctx->tlsext_channel_id_private); 1688 ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg); 1689 break; 1690 1691 default: 1692 return(0); 1693 } 1694 return(1); 1695 } 1696 1697long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 1698 { 1699 CERT *cert; 1700 1701 cert=ctx->cert; 1702 1703 switch (cmd) 1704 { 1705 case SSL_CTRL_SET_TMP_RSA_CB: 1706 /* Ignore the callback; temporary RSA keys are never used. */ 1707 break; 1708 case SSL_CTRL_SET_TMP_DH_CB: 1709 { 1710 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 1711 } 1712 break; 1713 case SSL_CTRL_SET_TMP_ECDH_CB: 1714 { 1715 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 1716 } 1717 break; 1718 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 1719 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp; 1720 break; 1721 1722 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: 1723 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp; 1724 break; 1725 1726 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: 1727 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *, 1728 unsigned char *, 1729 EVP_CIPHER_CTX *, 1730 HMAC_CTX *, int))fp; 1731 break; 1732 1733 default: 1734 return(0); 1735 } 1736 return(1); 1737 } 1738 1739/* ssl3_get_cipher_by_value returns the SSL_CIPHER with value |value| or NULL if 1740 * none exists. 1741 * 1742 * This function needs to check if the ciphers required are actually 1743 * available. */ 1744const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value) 1745 { 1746 SSL_CIPHER c; 1747 1748 c.id = 0x03000000L|value; 1749 return bsearch(&c, ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(SSL_CIPHER), ssl_cipher_id_cmp); 1750 } 1751 1752/* ssl3_get_cipher_by_value returns the cipher value of |c|. */ 1753uint16_t ssl3_get_cipher_value(const SSL_CIPHER *c) 1754 { 1755 unsigned long id = c->id; 1756 /* All ciphers are SSLv3 now. */ 1757 assert((id & 0xff000000) == 0x03000000); 1758 return id & 0xffff; 1759 } 1760 1761struct ssl_cipher_preference_list_st* ssl_get_cipher_preferences(SSL *s) 1762 { 1763 if (s->cipher_list != NULL) 1764 return(s->cipher_list); 1765 1766 if (s->version >= TLS1_1_VERSION) 1767 { 1768 if (s->ctx != NULL && s->ctx->cipher_list_tls11 != NULL) 1769 return s->ctx->cipher_list_tls11; 1770 } 1771 1772 if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) 1773 return(s->ctx->cipher_list); 1774 1775 return NULL; 1776 } 1777 1778const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 1779 struct ssl_cipher_preference_list_st *server_pref) 1780 { 1781 const SSL_CIPHER *c,*ret=NULL; 1782 STACK_OF(SSL_CIPHER) *srvr = server_pref->ciphers, *prio, *allow; 1783 int i,ok; 1784 size_t cipher_index; 1785 CERT *cert; 1786 unsigned long alg_k,alg_a,mask_k,mask_a; 1787 /* in_group_flags will either be NULL, or will point to an array of 1788 * bytes which indicate equal-preference groups in the |prio| stack. 1789 * See the comment about |in_group_flags| in the 1790 * |ssl_cipher_preference_list_st| struct. */ 1791 const unsigned char *in_group_flags; 1792 /* group_min contains the minimal index so far found in a group, or -1 1793 * if no such value exists yet. */ 1794 int group_min = -1; 1795 1796 /* Let's see which ciphers we can support */ 1797 cert=s->cert; 1798 1799#if 0 1800 /* Do not set the compare functions, because this may lead to a 1801 * reordering by "id". We want to keep the original ordering. 1802 * We may pay a price in performance during sk_SSL_CIPHER_find(), 1803 * but would have to pay with the price of sk_SSL_CIPHER_dup(). 1804 */ 1805 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp); 1806 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp); 1807#endif 1808 1809#ifdef CIPHER_DEBUG 1810 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr); 1811 for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i) 1812 { 1813 c=sk_SSL_CIPHER_value(srvr,i); 1814 printf("%p:%s\n",(void *)c,c->name); 1815 } 1816 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt); 1817 for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i) 1818 { 1819 c=sk_SSL_CIPHER_value(clnt,i); 1820 printf("%p:%s\n",(void *)c,c->name); 1821 } 1822#endif 1823 1824 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) 1825 { 1826 prio = srvr; 1827 in_group_flags = server_pref->in_group_flags; 1828 allow = clnt; 1829 } 1830 else 1831 { 1832 prio = clnt; 1833 in_group_flags = NULL; 1834 allow = srvr; 1835 } 1836 1837 tls1_set_cert_validity(s); 1838 1839 for (i=0; i<sk_SSL_CIPHER_num(prio); i++) 1840 { 1841 c=sk_SSL_CIPHER_value(prio,i); 1842 1843 ok = 1; 1844 1845 /* Skip TLS v1.2 only ciphersuites if not supported */ 1846 if ((c->algorithm_ssl & SSL_TLSV1_2) && 1847 !SSL_USE_TLS1_2_CIPHERS(s)) 1848 ok = 0; 1849 1850 ssl_set_cert_masks(cert,c); 1851 mask_k = cert->mask_k; 1852 mask_a = cert->mask_a; 1853 1854#ifdef KSSL_DEBUG 1855/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/ 1856#endif /* KSSL_DEBUG */ 1857 1858 alg_k=c->algorithm_mkey; 1859 alg_a=c->algorithm_auth; 1860 1861 /* with PSK there must be server callback set */ 1862 if ((alg_a & SSL_aPSK) && s->psk_server_callback == NULL) 1863 ok = 0; 1864 1865 ok = ok && (alg_k & mask_k) && (alg_a & mask_a); 1866#ifdef CIPHER_DEBUG 1867 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c, 1868 c->name); 1869#endif 1870 1871 /* if we are considering an ECC cipher suite that uses 1872 * an ephemeral EC key check it */ 1873 if (alg_k & SSL_kEECDH) 1874 ok = ok && tls1_check_ec_tmp_key(s, c->id); 1875 1876 if (ok && sk_SSL_CIPHER_find(allow, &cipher_index, c)) 1877 { 1878 if (in_group_flags != NULL && in_group_flags[i] == 1) 1879 { 1880 /* This element of |prio| is in a group. Update 1881 * the minimum index found so far and continue 1882 * looking. */ 1883 if (group_min == -1 || group_min > cipher_index) 1884 group_min = cipher_index; 1885 } 1886 else 1887 { 1888 if (group_min != -1 && group_min < cipher_index) 1889 cipher_index = group_min; 1890 ret=sk_SSL_CIPHER_value(allow,cipher_index); 1891 break; 1892 } 1893 } 1894 1895 if (in_group_flags != NULL && 1896 in_group_flags[i] == 0 && 1897 group_min != -1) 1898 { 1899 /* We are about to leave a group, but we found a match 1900 * in it, so that's our answer. */ 1901 ret=sk_SSL_CIPHER_value(allow,group_min); 1902 break; 1903 } 1904 } 1905 return(ret); 1906 } 1907 1908int ssl3_get_req_cert_type(SSL *s, unsigned char *p) 1909 { 1910 int ret=0; 1911 const unsigned char *sig; 1912 size_t i, siglen; 1913 int have_rsa_sign = 0; 1914 int have_ecdsa_sign = 0; 1915 1916 /* If we have custom certificate types set, use them */ 1917 if (s->cert->client_certificate_types) 1918 { 1919 memcpy(p, s->cert->client_certificate_types, 1920 s->cert->num_client_certificate_types); 1921 return (int)s->cert->num_client_certificate_types; 1922 } 1923 /* get configured sigalgs */ 1924 siglen = tls12_get_psigalgs(s, &sig); 1925 for (i = 0; i < siglen; i+=2, sig+=2) 1926 { 1927 switch(sig[1]) 1928 { 1929 case TLSEXT_signature_rsa: 1930 have_rsa_sign = 1; 1931 break; 1932 1933 case TLSEXT_signature_ecdsa: 1934 have_ecdsa_sign = 1; 1935 break; 1936 } 1937 } 1938 1939 if (have_rsa_sign) 1940 p[ret++]=SSL3_CT_RSA_SIGN; 1941 1942 /* ECDSA certs can be used with RSA cipher suites as well 1943 * so we don't need to check for SSL_kECDH or SSL_kEECDH 1944 */ 1945 if (s->version >= TLS1_VERSION) 1946 { 1947 if (have_ecdsa_sign) 1948 p[ret++]=TLS_CT_ECDSA_SIGN; 1949 } 1950 return(ret); 1951 } 1952 1953static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len) 1954 { 1955 if (c->client_certificate_types) 1956 { 1957 OPENSSL_free(c->client_certificate_types); 1958 c->client_certificate_types = NULL; 1959 } 1960 c->num_client_certificate_types = 0; 1961 if (!p || !len) 1962 return 1; 1963 if (len > 0xff) 1964 return 0; 1965 c->client_certificate_types = BUF_memdup(p, len); 1966 if (!c->client_certificate_types) 1967 return 0; 1968 c->num_client_certificate_types = len; 1969 return 1; 1970 } 1971 1972int ssl3_shutdown(SSL *s) 1973 { 1974 int ret; 1975 1976 /* Don't do anything much if we have not done the handshake or 1977 * we don't want to send messages :-) */ 1978 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) 1979 { 1980 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 1981 return(1); 1982 } 1983 1984 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) 1985 { 1986 s->shutdown|=SSL_SENT_SHUTDOWN; 1987#if 1 1988 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY); 1989#endif 1990 /* our shutdown alert has been sent now, and if it still needs 1991 * to be written, s->s3->alert_dispatch will be true */ 1992 if (s->s3->alert_dispatch) 1993 return(-1); /* return WANT_WRITE */ 1994 } 1995 else if (s->s3->alert_dispatch) 1996 { 1997 /* resend it if not sent */ 1998#if 1 1999 ret=s->method->ssl_dispatch_alert(s); 2000 if(ret == -1) 2001 { 2002 /* we only get to return -1 here the 2nd/Nth 2003 * invocation, we must have already signalled 2004 * return 0 upon a previous invoation, 2005 * return WANT_WRITE */ 2006 return(ret); 2007 } 2008#endif 2009 } 2010 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) 2011 { 2012 /* If we are waiting for a close from our peer, we are closed */ 2013 s->method->ssl_read_bytes(s,0,NULL,0,0); 2014 if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) 2015 { 2016 return(-1); /* return WANT_READ */ 2017 } 2018 } 2019 2020 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 2021 !s->s3->alert_dispatch) 2022 return(1); 2023 else 2024 return(0); 2025 } 2026 2027int ssl3_write(SSL *s, const void *buf, int len) 2028 { 2029 int ret,n; 2030 2031#if 0 2032 if (s->shutdown & SSL_SEND_SHUTDOWN) 2033 { 2034 s->rwstate=SSL_NOTHING; 2035 return(0); 2036 } 2037#endif 2038 ERR_clear_system_error(); 2039 if (s->s3->renegotiate) ssl3_renegotiate_check(s); 2040 2041 /* This is an experimental flag that sends the 2042 * last handshake message in the same packet as the first 2043 * use data - used to see if it helps the TCP protocol during 2044 * session-id reuse */ 2045 /* The second test is because the buffer may have been removed */ 2046 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) 2047 { 2048 /* First time through, we write into the buffer */ 2049 if (s->s3->delay_buf_pop_ret == 0) 2050 { 2051 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, 2052 buf,len); 2053 if (ret <= 0) return(ret); 2054 2055 s->s3->delay_buf_pop_ret=ret; 2056 } 2057 2058 s->rwstate=SSL_WRITING; 2059 n=BIO_flush(s->wbio); 2060 if (n <= 0) return(n); 2061 s->rwstate=SSL_NOTHING; 2062 2063 /* We have flushed the buffer, so remove it */ 2064 ssl_free_wbio_buffer(s); 2065 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 2066 2067 ret=s->s3->delay_buf_pop_ret; 2068 s->s3->delay_buf_pop_ret=0; 2069 } 2070 else 2071 { 2072 ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA, 2073 buf,len); 2074 if (ret <= 0) return(ret); 2075 } 2076 2077 return(ret); 2078 } 2079 2080static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) 2081 { 2082 int n,ret; 2083 2084 ERR_clear_system_error(); 2085 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) 2086 { 2087 /* Deal with an application that calls SSL_read() when handshake data 2088 * is yet to be written. 2089 */ 2090 if (BIO_wpending(s->wbio) > 0) 2091 { 2092 s->rwstate=SSL_WRITING; 2093 n=BIO_flush(s->wbio); 2094 if (n <= 0) return(n); 2095 s->rwstate=SSL_NOTHING; 2096 } 2097 } 2098 if (s->s3->renegotiate) ssl3_renegotiate_check(s); 2099 s->s3->in_read_app_data=1; 2100 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); 2101 if ((ret == -1) && (s->s3->in_read_app_data == 2)) 2102 { 2103 /* ssl3_read_bytes decided to call s->handshake_func, which 2104 * called ssl3_read_bytes to read handshake data. 2105 * However, ssl3_read_bytes actually found application data 2106 * and thinks that application data makes sense here; so disable 2107 * handshake processing and try to read application data again. */ 2108 s->in_handshake++; 2109 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); 2110 s->in_handshake--; 2111 } 2112 else 2113 s->s3->in_read_app_data=0; 2114 2115 return(ret); 2116 } 2117 2118int ssl3_read(SSL *s, void *buf, int len) 2119 { 2120 return ssl3_read_internal(s, buf, len, 0); 2121 } 2122 2123int ssl3_peek(SSL *s, void *buf, int len) 2124 { 2125 return ssl3_read_internal(s, buf, len, 1); 2126 } 2127 2128int ssl3_renegotiate(SSL *s) 2129 { 2130 if (s->handshake_func == NULL) 2131 return(1); 2132 2133 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) 2134 return(0); 2135 2136 s->s3->renegotiate=1; 2137 return(1); 2138 } 2139 2140int ssl3_renegotiate_check(SSL *s) 2141 { 2142 int ret=0; 2143 2144 if (s->s3->renegotiate) 2145 { 2146 if ( (s->s3->rbuf.left == 0) && 2147 (s->s3->wbuf.left == 0) && 2148 !SSL_in_init(s)) 2149 { 2150/* 2151if we are the server, and we have sent a 'RENEGOTIATE' message, we 2152need to go to SSL_ST_ACCEPT. 2153*/ 2154 /* SSL_ST_ACCEPT */ 2155 s->state=SSL_ST_RENEGOTIATE; 2156 s->s3->renegotiate=0; 2157 s->s3->num_renegotiations++; 2158 s->s3->total_renegotiations++; 2159 ret=1; 2160 } 2161 } 2162 return(ret); 2163 } 2164/* If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF 2165 * and handshake macs if required. 2166 */ 2167long ssl_get_algorithm2(SSL *s) 2168 { 2169 static const unsigned long kMask = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF; 2170 long alg2 = s->s3->tmp.new_cipher->algorithm2; 2171 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF 2172 && (alg2 & kMask) == kMask) 2173 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; 2174 return alg2; 2175 } 2176 2177