kris
/
boringssl
1
0
Fork 0
Koodi Ongelmat 0 Pull-pyynnöt 0 Julkaisut 0 Wiki Toiminta
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1359 Commitit
12 Branchit
38 MiB
 
 
 
 
 
 
Puu: 08dc68d510
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from '08dc68d510'
${ noResults }
boringssl/ssl/s3_lib.c

1225 rivejä
38 KiB
Raaka Blame Historia 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.]

  56.  */

  57. /* ====================================================================

  58.  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.

  59.  *

  60.  * Redistribution and use in source and binary forms, with or without

  61.  * modification, are permitted provided that the following conditions

  62.  * are met:

  63.  *

  64.  * 1. Redistributions of source code must retain the above copyright

  65.  *    notice, this list of conditions and the following disclaimer.

  66.  *

  67.  * 2. Redistributions in binary form must reproduce the above copyright

  68.  *    notice, this list of conditions and the following disclaimer in

  69.  *    the documentation and/or other materials provided with the

  70.  *    distribution.

  71.  *

  72.  * 3. All advertising materials mentioning features or use of this

  73.  *    software must display the following acknowledgment:

  74.  *    "This product includes software developed by the OpenSSL Project

  75.  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

  76.  *

  77.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  78.  *    endorse or promote products derived from this software without

  79.  *    prior written permission. For written permission, please contact

  80.  *    openssl-core@openssl.org.

  81.  *

  82.  * 5. Products derived from this software may not be called "OpenSSL"

  83.  *    nor may "OpenSSL" appear in their names without prior written

  84.  *    permission of the OpenSSL Project.

  85.  *

  86.  * 6. Redistributions of any form whatsoever must retain the following

  87.  *    acknowledgment:

  88.  *    "This product includes software developed by the OpenSSL Project

  89.  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

  90.  *

  91.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  92.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  93.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  94.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  95.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  96.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  97.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  98.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  99.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  100.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  101.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  102.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  103.  * ====================================================================

  104.  *

  105.  * This product includes cryptographic software written by Eric Young

  106.  * (eay@cryptsoft.com).  This product includes software written by Tim

  107.  * Hudson (tjh@cryptsoft.com).

  108.  *

  109.  */

  110. /* ====================================================================

  111.  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

  112.  *

  113.  * Portions of the attached software ("Contribution") are developed by

  114.  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

  115.  *

  116.  * The Contribution is licensed pursuant to the OpenSSL open source

  117.  * license provided above.

  118.  *

  119.  * ECC cipher suite support in OpenSSL originally written by

  120.  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.

  121.  *

  122.  */

  123. /* ====================================================================

  124.  * Copyright 2005 Nokia. All rights reserved.

  125.  *

  126.  * The portions of the attached software ("Contribution") is developed by

  127.  * Nokia Corporation and is licensed pursuant to the OpenSSL open source

  128.  * license.

  129.  *

  130.  * The Contribution, originally written by Mika Kousa and Pasi Eronen of

  131.  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites

  132.  * support (see RFC 4279) to OpenSSL.

  133.  *

  134.  * No patent licenses or other rights except those expressly stated in

  135.  * the OpenSSL open source license shall be deemed granted or received

  136.  * expressly, by implication, estoppel, or otherwise.

  137.  *

  138.  * No assurances are provided by Nokia that the Contribution does not

  139.  * infringe the patent or other intellectual property rights of any third

  140.  * party or that the license provides you with all the necessary rights

  141.  * to make use of the Contribution.

  142.  *

  143.  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN

  144.  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA

  145.  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY

  146.  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR

  147.  * OTHERWISE. */

  148. 

  149. #include <assert.h>

  150. #include <stdio.h>

  151. #include <string.h>

  152. 

  153. #include <openssl/buf.h>

  154. #include <openssl/dh.h>

  155. #include <openssl/err.h>

  156. #include <openssl/md5.h>

  157. #include <openssl/mem.h>

  158. #include <openssl/obj.h>

  159. 

  160. #include "internal.h"

  161. 

  162. 

  163. #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER))

  164. 

  165. /* list of available SSLv3 ciphers (sorted by id) */

  166. const SSL_CIPHER ssl3_ciphers[] = {

  167.     /* The RSA ciphers */

  168.     /* Cipher 04 */

  169.     {

  170.      SSL3_TXT_RSA_RC4_128_MD5, SSL3_CK_RSA_RC4_128_MD5, SSL_kRSA, SSL_aRSA,

  171.      SSL_RC4, SSL_MD5, SSL_SSLV3, SSL_MEDIUM,

  172.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,

  173.     },

  174. 

  175.     /* Cipher 05 */

  176.     {

  177.      SSL3_TXT_RSA_RC4_128_SHA, SSL3_CK_RSA_RC4_128_SHA, SSL_kRSA, SSL_aRSA,

  178.      SSL_RC4, SSL_SHA1, SSL_SSLV3, SSL_MEDIUM,

  179.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,

  180.     },

  181. 

  182.     /* Cipher 0A */

  183.     {

  184.      SSL3_TXT_RSA_DES_192_CBC3_SHA, SSL3_CK_RSA_DES_192_CBC3_SHA, SSL_kRSA,

  185.      SSL_aRSA, SSL_3DES, SSL_SHA1, SSL_SSLV3, SSL_HIGH | SSL_FIPS,

  186.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168,

  187.     },

  188. 

  189. 

  190.     /* New AES ciphersuites */

  191. 

  192.     /* Cipher 2F */

  193.     {

  194.      TLS1_TXT_RSA_WITH_AES_128_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, SSL_kRSA,

  195.      SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,

  196.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,

  197.     },

  198. 

  199.     /* Cipher 33 */

  200.     {

  201.      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, TLS1_CK_DHE_RSA_WITH_AES_128_SHA,

  202.      SSL_kDHE, SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,

  203.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,

  204.     },

  205. 

  206.     /* Cipher 35 */

  207.     {

  208.      TLS1_TXT_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_256_SHA, SSL_kRSA,

  209.      SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,

  210.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,

  211.     },

  212. 

  213.     /* Cipher 39 */

  214.     {

  215.      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, TLS1_CK_DHE_RSA_WITH_AES_256_SHA,

  216.      SSL_kDHE, SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,

  217.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,

  218.     },

  219. 

  220. 

  221.     /* TLS v1.2 ciphersuites */

  222. 

  223.     /* Cipher 3C */

  224.     {

  225.      TLS1_TXT_RSA_WITH_AES_128_SHA256, TLS1_CK_RSA_WITH_AES_128_SHA256,

  226.      SSL_kRSA, SSL_aRSA, SSL_AES128, SSL_SHA256, SSL_TLSV1_2,

  227.      SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128,

  228.     },

  229. 

  230.     /* Cipher 3D */

  231.     {

  232.      TLS1_TXT_RSA_WITH_AES_256_SHA256, TLS1_CK_RSA_WITH_AES_256_SHA256,

  233.      SSL_kRSA, SSL_aRSA, SSL_AES256, SSL_SHA256, SSL_TLSV1_2,

  234.      SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256,

  235.     },

  236. 

  237.     /* Cipher 67 */

  238.     {

  239.      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,

  240.      TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128,

  241.      SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  242.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128,

  243.     },

  244. 

  245.     /* Cipher 6B */

  246.     {

  247.      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,

  248.      TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES256,

  249.      SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  250.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256,

  251.     },

  252. 

  253.     /* Cipher 8A */

  254.     {

  255.      TLS1_TXT_PSK_WITH_RC4_128_SHA, TLS1_CK_PSK_WITH_RC4_128_SHA, SSL_kPSK,

  256.      SSL_aPSK, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM,

  257.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,

  258.     },

  259. 

  260.     /* Cipher 8C */

  261.     {

  262.      TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, TLS1_CK_PSK_WITH_AES_128_CBC_SHA,

  263.      SSL_kPSK, SSL_aPSK, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,

  264.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,

  265.     },

  266. 

  267.     /* Cipher 8D */

  268.     {

  269.      TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, TLS1_CK_PSK_WITH_AES_256_CBC_SHA,

  270.      SSL_kPSK, SSL_aPSK, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,

  271.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,

  272.     },

  273. 

  274. 

  275.     /* GCM ciphersuites from RFC5288 */

  276. 

  277.     /* Cipher 9C */

  278.     {

  279.      TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,

  280.      TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, SSL_kRSA, SSL_aRSA, SSL_AES128GCM,

  281.      SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  282.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |

  283.          SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  284.      128, 128,

  285.     },

  286. 

  287.     /* Cipher 9D */

  288.     {

  289.      TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,

  290.      TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, SSL_kRSA, SSL_aRSA, SSL_AES256GCM,

  291.      SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  292.      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD |

  293.          SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  294.      256, 256,

  295.     },

  296. 

  297.     /* Cipher 9E */

  298.     {

  299.      TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,

  300.      TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128GCM,

  301.      SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  302.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |

  303.          SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  304.      128, 128,

  305.     },

  306. 

  307.     /* Cipher 9F */

  308.     {

  309.      TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,

  310.      TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kDHE, SSL_aRSA, SSL_AES256GCM,

  311.      SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  312.      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD |

  313.          SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  314.      256, 256,

  315.     },

  316. 

  317.     /* Cipher C007 */

  318.     {

  319.      TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,

  320.      TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_kECDHE, SSL_aECDSA, SSL_RC4,

  321.      SSL_SHA1, SSL_TLSV1, SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128,

  322.      128,

  323.     },

  324. 

  325.     /* Cipher C009 */

  326.     {

  327.      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,

  328.      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aECDSA,

  329.      SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,

  330.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,

  331.     },

  332. 

  333.     /* Cipher C00A */

  334.     {

  335.      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,

  336.      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aECDSA,

  337.      SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,

  338.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,

  339.     },

  340. 

  341.     /* Cipher C011 */

  342.     {

  343.      TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,

  344.      SSL_kECDHE, SSL_aRSA, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM,

  345.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,

  346.     },

  347. 

  348.     /* Cipher C013 */

  349.     {

  350.      TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,

  351.      TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES128,

  352.      SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,

  353.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,

  354.     },

  355. 

  356.     /* Cipher C014 */

  357.     {

  358.      TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,

  359.      TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES256,

  360.      SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,

  361.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,

  362.     },

  363. 

  364. 

  365.     /* HMAC based TLS v1.2 ciphersuites from RFC5289 */

  366. 

  367.     /* Cipher C023 */

  368.     {

  369.      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,

  370.      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aECDSA,

  371.      SSL_AES128, SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  372.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128,

  373.     },

  374. 

  375.     /* Cipher C024 */

  376.     {

  377.      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,

  378.      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aECDSA,

  379.      SSL_AES256, SSL_SHA384, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  380.      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256,

  381.     },

  382. 

  383.     /* Cipher C027 */

  384.     {

  385.      TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,

  386.      TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aRSA, SSL_AES128,

  387.      SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  388.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128,

  389.     },

  390. 

  391.     /* Cipher C028 */

  392.     {

  393.      TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,

  394.      TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aRSA, SSL_AES256,

  395.      SSL_SHA384, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  396.      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256,

  397.     },

  398. 

  399. 

  400.     /* GCM based TLS v1.2 ciphersuites from RFC5289 */

  401. 

  402.     /* Cipher C02B */

  403.     {

  404.      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,

  405.      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aECDSA,

  406.      SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  407.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |

  408.          SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  409.      128, 128,

  410.     },

  411. 

  412.     /* Cipher C02C */

  413.     {

  414.      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,

  415.      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aECDSA,

  416.      SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  417.      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD |

  418.          SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  419.      256, 256,

  420.     },

  421. 

  422.     /* Cipher C02F */

  423.     {

  424.      TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,

  425.      TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aRSA,

  426.      SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  427.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |

  428.          SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  429.      128, 128,

  430.     },

  431. 

  432.     /* Cipher C030 */

  433.     {

  434.      TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,

  435.      TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aRSA,

  436.      SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  437.      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD |

  438.          SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  439.      256, 256,

  440.     },

  441. 

  442. 

  443.     /* ECDH PSK ciphersuites */

  444. 

  445.     /* Cipher CAFE */

  446.     {

  447.      TLS1_TXT_ECDHE_PSK_WITH_AES_128_GCM_SHA256,

  448.      TLS1_CK_ECDHE_PSK_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aPSK,

  449.      SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,

  450.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |

  451.          SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  452.      128, 128,

  453.     },

  454. 

  455.     {

  456.      TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,

  457.      TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aRSA,

  458.      SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,

  459.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD,

  460.      256, 0,

  461.     },

  462. 

  463.     {

  464.      TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,

  465.      TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aECDSA,

  466.      SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,

  467.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD,

  468.      256, 0,

  469.     },

  470. 

  471.     {

  472.      TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,

  473.      TLS1_CK_DHE_RSA_CHACHA20_POLY1305, SSL_kDHE, SSL_aRSA,

  474.      SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,

  475.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD,

  476.      256, 0,

  477.     },

  478. };

  479. 

  480. const SSL3_ENC_METHOD SSLv3_enc_data = {

  481.     tls1_enc,

  482.     ssl3_prf,

  483.     tls1_setup_key_block,

  484.     tls1_generate_master_secret,

  485.     tls1_change_cipher_state,

  486.     ssl3_final_finish_mac,

  487.     ssl3_cert_verify_mac,

  488.     SSL3_MD_CLIENT_FINISHED_CONST, 4,

  489.     SSL3_MD_SERVER_FINISHED_CONST, 4,

  490.     ssl3_alert_code,

  491.     tls1_export_keying_material,

  492.     0,

  493. };

  494. 

  495. size_t ssl3_num_ciphers(void) { return SSL3_NUM_CIPHERS; }

  496. 

  497. const SSL_CIPHER *ssl3_get_cipher(size_t i) {

  498.   if (i >= SSL3_NUM_CIPHERS) {

  499.     return NULL;

  500.   }

  501. 

  502.   return &ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - i];

  503. }

  504. 

  505. int ssl3_pending(const SSL *s) {

  506.   if (s->rstate == SSL_ST_READ_BODY) {

  507.     return 0;

  508.   }

  509. 

  510.   return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length

  511.                                                         : 0;

  512. }

  513. 

  514. int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len) {

  515.   uint8_t *p = (uint8_t *)s->init_buf->data;

  516.   *(p++) = htype;

  517.   l2n3(len, p);

  518.   s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;

  519.   s->init_off = 0;

  520. 

  521.   /* Add the message to the handshake hash. */

  522.   return ssl3_finish_mac(s, (uint8_t *)s->init_buf->data, s->init_num);

  523. }

  524. 

  525. int ssl3_handshake_write(SSL *s) { return ssl3_do_write(s, SSL3_RT_HANDSHAKE); }

  526. 

  527. int ssl3_new(SSL *s) {

  528.   SSL3_STATE *s3;

  529. 

  530.   s3 = OPENSSL_malloc(sizeof *s3);

  531.   if (s3 == NULL) {

  532.     goto err;

  533.   }

  534.   memset(s3, 0, sizeof *s3);

  535.   memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));

  536.   memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));

  537. 

  538.   s->s3 = s3;

  539. 

  540.   /* Set the version to the highest supported version for TLS. This controls the

  541.    * initial state of |s->enc_method| and what the API reports as the version

  542.    * prior to negotiation.

  543.    *

  544.    * TODO(davidben): This is fragile and confusing. */

  545.   s->version = TLS1_2_VERSION;

  546.   return 1;

  547. err:

  548.   return 0;

  549. }

  550. 

  551. void ssl3_free(SSL *s) {

  552.   if (s == NULL || s->s3 == NULL) {

  553.     return;

  554.   }

  555. 

  556.   BUF_MEM_free(s->s3->sniff_buffer);

  557.   ssl3_cleanup_key_block(s);

  558.   ssl3_release_read_buffer(s);

  559.   ssl3_release_write_buffer(s);

  560.   DH_free(s->s3->tmp.dh);

  561.   EC_KEY_free(s->s3->tmp.ecdh);

  562. 

  563.   sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);

  564.   OPENSSL_free(s->s3->tmp.certificate_types);

  565.   OPENSSL_free(s->s3->tmp.peer_ecpointformatlist);

  566.   OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist);

  567.   OPENSSL_free(s->s3->tmp.peer_psk_identity_hint);

  568.   BIO_free(s->s3->handshake_buffer);

  569.   ssl3_free_digest_list(s);

  570.   OPENSSL_free(s->s3->alpn_selected);

  571. 

  572.   OPENSSL_cleanse(s->s3, sizeof *s->s3);

  573.   OPENSSL_free(s->s3);

  574.   s->s3 = NULL;

  575. }

  576. 

  577. static int ssl3_set_req_cert_type(CERT *c, const uint8_t *p, size_t len);

  578. 

  579. int SSL_session_reused(const SSL *ssl) {

  580.   return ssl->hit;

  581. }

  582. 

  583. int SSL_total_renegotiations(const SSL *ssl) {

  584.   return ssl->s3->total_renegotiations;

  585. }

  586. 

  587. int SSL_num_renegotiations(const SSL *ssl) {

  588.   return SSL_total_renegotiations(ssl);

  589. }

  590. 

  591. int SSL_CTX_need_tmp_RSA(const SSL_CTX *ctx) {

  592.   return 0;

  593. }

  594. 

  595. int SSL_need_rsa(const SSL *ssl) {

  596.   return 0;

  597. }

  598. 

  599. int SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, const RSA *rsa) {

  600.   return 1;

  601. }

  602. 

  603. int SSL_set_tmp_rsa(SSL *ssl, const RSA *rsa) {

  604.   return 1;

  605. }

  606. 

  607. int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh) {

  608.   DH_free(ctx->cert->dh_tmp);

  609.   ctx->cert->dh_tmp = DHparams_dup(dh);

  610.   if (ctx->cert->dh_tmp == NULL) {

  611.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_set_tmp_dh, ERR_R_DH_LIB);

  612.     return 0;

  613.   }

  614.   return 1;

  615. }

  616. 

  617. int SSL_set_tmp_dh(SSL *ssl, const DH *dh) {

  618.   DH_free(ssl->cert->dh_tmp);

  619.   ssl->cert->dh_tmp = DHparams_dup(dh);

  620.   if (ssl->cert->dh_tmp == NULL) {

  621.     OPENSSL_PUT_ERROR(SSL, SSL_set_tmp_dh, ERR_R_DH_LIB);

  622.     return 0;

  623.   }

  624.   return 1;

  625. }

  626. 

  627. int SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ec_key) {

  628.   if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) {

  629.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_set_tmp_ecdh, ERR_R_PASSED_NULL_PARAMETER);

  630.     return 0;

  631.   }

  632.   ctx->cert->ecdh_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));

  633.   return 1;

  634. }

  635. 

  636. int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key) {

  637.   if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) {

  638.     OPENSSL_PUT_ERROR(SSL, SSL_set_tmp_ecdh, ERR_R_PASSED_NULL_PARAMETER);

  639.     return 0;

  640.   }

  641.   ssl->cert->ecdh_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));

  642.   return 1;

  643. }

  644. 

  645. int SSL_CTX_enable_tls_channel_id(SSL_CTX *ctx) {

  646.   ctx->tlsext_channel_id_enabled = 1;

  647.   return 1;

  648. }

  649. 

  650. int SSL_enable_tls_channel_id(SSL *ssl) {

  651.   ssl->tlsext_channel_id_enabled = 1;

  652.   return 1;

  653. }

  654. 

  655. int SSL_CTX_set1_tls_channel_id(SSL_CTX *ctx, EVP_PKEY *private_key) {

  656.   ctx->tlsext_channel_id_enabled = 1;

  657.   if (EVP_PKEY_id(private_key) != EVP_PKEY_EC ||

  658.       EVP_PKEY_bits(private_key) != 256) {

  659.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_set1_tls_channel_id,

  660.                       SSL_R_CHANNEL_ID_NOT_P256);

  661.     return 0;

  662.   }

  663.   EVP_PKEY_free(ctx->tlsext_channel_id_private);

  664.   ctx->tlsext_channel_id_private = EVP_PKEY_up_ref(private_key);

  665.   return 1;

  666. }

  667. 

  668. int SSL_set1_tls_channel_id(SSL *ssl, EVP_PKEY *private_key) {

  669.   ssl->tlsext_channel_id_enabled = 1;

  670.   if (EVP_PKEY_id(private_key) != EVP_PKEY_EC ||

  671.       EVP_PKEY_bits(private_key) != 256) {

  672.     OPENSSL_PUT_ERROR(SSL, SSL_set1_tls_channel_id, SSL_R_CHANNEL_ID_NOT_P256);

  673.     return 0;

  674.   }

  675.   EVP_PKEY_free(ssl->tlsext_channel_id_private);

  676.   ssl->tlsext_channel_id_private = EVP_PKEY_up_ref(private_key);

  677.   return 1;

  678. }

  679. 

  680. size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out, size_t max_out) {

  681.   if (!ssl->s3->tlsext_channel_id_valid) {

  682.     return 0;

  683.   }

  684.   memcpy(out, ssl->s3->tlsext_channel_id, (max_out < 64) ? max_out : 64);

  685.   return 64;

  686. }

  687. 

  688. int SSL_set_tlsext_host_name(SSL *ssl, const char *name) {

  689.   OPENSSL_free(ssl->tlsext_hostname);

  690.   ssl->tlsext_hostname = NULL;

  691. 

  692.   if (name == NULL) {

  693.     return 1;

  694.   }

  695.   if (strlen(name) > TLSEXT_MAXLEN_host_name) {

  696.     OPENSSL_PUT_ERROR(SSL, SSL_set_tlsext_host_name,

  697.                       SSL_R_SSL3_EXT_INVALID_SERVERNAME);

  698.     return 0;

  699.   }

  700.   ssl->tlsext_hostname = BUF_strdup(name);

  701.   if (ssl->tlsext_hostname == NULL) {

  702.     OPENSSL_PUT_ERROR(SSL, SSL_set_tlsext_host_name, ERR_R_MALLOC_FAILURE);

  703.     return 0;

  704.   }

  705.   return 1;

  706. }

  707. 

  708. long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) {

  709.   int ret = 0;

  710. 

  711.   switch (cmd) {

  712.     case SSL_CTRL_CHAIN:

  713.       if (larg) {

  714.         return ssl_cert_set1_chain(s->cert, (STACK_OF(X509) *)parg);

  715.       } else {

  716.         return ssl_cert_set0_chain(s->cert, (STACK_OF(X509) *)parg);

  717.       }

  718. 

  719.     case SSL_CTRL_CHAIN_CERT:

  720.       if (larg) {

  721.         return ssl_cert_add1_chain_cert(s->cert, (X509 *)parg);

  722.       } else {

  723.         return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg);

  724.       }

  725. 

  726.     case SSL_CTRL_GET_CHAIN_CERTS:

  727.       *(STACK_OF(X509) **)parg = s->cert->key->chain;

  728.       ret = 1;

  729.       break;

  730. 

  731.     case SSL_CTRL_SELECT_CURRENT_CERT:

  732.       return ssl_cert_select_current(s->cert, (X509 *)parg);

  733. 

  734.     case SSL_CTRL_GET_CURVES: {

  735.       const uint16_t *clist = s->s3->tmp.peer_ellipticcurvelist;

  736.       size_t clistlen = s->s3->tmp.peer_ellipticcurvelist_length;

  737.       if (parg) {

  738.         size_t i;

  739.         int *cptr = parg;

  740.         int nid;

  741.         for (i = 0; i < clistlen; i++) {

  742.           nid = tls1_ec_curve_id2nid(clist[i]);

  743.           if (nid != NID_undef) {

  744.             cptr[i] = nid;

  745.           } else {

  746.             cptr[i] = TLSEXT_nid_unknown | clist[i];

  747.           }

  748.         }

  749.       }

  750.       return (int)clistlen;

  751.     }

  752. 

  753.     case SSL_CTRL_SET_CURVES:

  754.       return tls1_set_curves(&s->tlsext_ellipticcurvelist,

  755.                              &s->tlsext_ellipticcurvelist_length, parg, larg);

  756. 

  757.     case SSL_CTRL_SET_SIGALGS:

  758.       return tls1_set_sigalgs(s->cert, parg, larg, 0);

  759. 

  760.     case SSL_CTRL_SET_CLIENT_SIGALGS:

  761.       return tls1_set_sigalgs(s->cert, parg, larg, 1);

  762. 

  763.     case SSL_CTRL_GET_CLIENT_CERT_TYPES: {

  764.       const uint8_t **pctype = parg;

  765.       if (s->server || !s->s3->tmp.cert_req) {

  766.         return 0;

  767.       }

  768.       if (pctype) {

  769.         *pctype = s->s3->tmp.certificate_types;

  770.       }

  771.       return (int)s->s3->tmp.num_certificate_types;

  772.     }

  773. 

  774.     case SSL_CTRL_SET_CLIENT_CERT_TYPES:

  775.       if (!s->server) {

  776.         return 0;

  777.       }

  778.       return ssl3_set_req_cert_type(s->cert, parg, larg);

  779. 

  780.     case SSL_CTRL_BUILD_CERT_CHAIN:

  781.       return ssl_build_cert_chain(s->cert, s->ctx->cert_store, larg);

  782. 

  783.     case SSL_CTRL_SET_VERIFY_CERT_STORE:

  784.       return ssl_cert_set_cert_store(s->cert, parg, 0, larg);

  785. 

  786.     case SSL_CTRL_SET_CHAIN_CERT_STORE:

  787.       return ssl_cert_set_cert_store(s->cert, parg, 1, larg);

  788. 

  789.     case SSL_CTRL_GET_SERVER_TMP_KEY:

  790.       if (s->server || !s->session || !s->session->sess_cert) {

  791.         return 0;

  792.       } else {

  793.         SESS_CERT *sc;

  794.         EVP_PKEY *ptmp;

  795.         int rv = 0;

  796.         sc = s->session->sess_cert;

  797.         if (!sc->peer_dh_tmp && !sc->peer_ecdh_tmp) {

  798.           return 0;

  799.         }

  800.         ptmp = EVP_PKEY_new();

  801.         if (!ptmp) {

  802.           return 0;

  803.         }

  804.         if (sc->peer_dh_tmp) {

  805.           rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);

  806.         } else if (sc->peer_ecdh_tmp) {

  807.           rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);

  808.         }

  809.         if (rv) {

  810.           *(EVP_PKEY **)parg = ptmp;

  811.           return 1;

  812.         }

  813.         EVP_PKEY_free(ptmp);

  814.         return 0;

  815.       }

  816. 

  817.     case SSL_CTRL_GET_EC_POINT_FORMATS: {

  818.       const uint8_t **pformat = parg;

  819.       if (!s->s3->tmp.peer_ecpointformatlist) {

  820.         return 0;

  821.       }

  822.       *pformat = s->s3->tmp.peer_ecpointformatlist;

  823.       return (int)s->s3->tmp.peer_ecpointformatlist_length;

  824.     }

  825. 

  826.     default:

  827.       break;

  828.   }

  829. 

  830.   return ret;

  831. }

  832. 

  833. long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) {

  834.   switch (cmd) {

  835.     case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:

  836.     case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: {

  837.       uint8_t *keys = parg;

  838.       if (!keys) {

  839.         return 48;

  840.       }

  841.       if (larg != 48) {

  842.         OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, SSL_R_INVALID_TICKET_KEYS_LENGTH);

  843.         return 0;

  844.       }

  845.       if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {

  846.         memcpy(ctx->tlsext_tick_key_name, keys, 16);

  847.         memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);

  848.         memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);

  849.       } else {

  850.         memcpy(keys, ctx->tlsext_tick_key_name, 16);

  851.         memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);

  852.         memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);

  853.       }

  854.       return 1;

  855.     }

  856. 

  857.     case SSL_CTRL_SET_CURVES:

  858.       return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,

  859.                              &ctx->tlsext_ellipticcurvelist_length, parg, larg);

  860. 

  861.     case SSL_CTRL_SET_SIGALGS:

  862.       return tls1_set_sigalgs(ctx->cert, parg, larg, 0);

  863. 

  864.     case SSL_CTRL_SET_CLIENT_SIGALGS:

  865.       return tls1_set_sigalgs(ctx->cert, parg, larg, 1);

  866. 

  867.     case SSL_CTRL_SET_CLIENT_CERT_TYPES:

  868.       return ssl3_set_req_cert_type(ctx->cert, parg, larg);

  869. 

  870.     case SSL_CTRL_BUILD_CERT_CHAIN:

  871.       return ssl_build_cert_chain(ctx->cert, ctx->cert_store, larg);

  872. 

  873.     case SSL_CTRL_SET_VERIFY_CERT_STORE:

  874.       return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);

  875. 

  876.     case SSL_CTRL_SET_CHAIN_CERT_STORE:

  877.       return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);

  878. 

  879.     case SSL_CTRL_EXTRA_CHAIN_CERT:

  880.       if (ctx->extra_certs == NULL) {

  881.         ctx->extra_certs = sk_X509_new_null();

  882.         if (ctx->extra_certs == NULL) {

  883.           return 0;

  884.         }

  885.       }

  886.       sk_X509_push(ctx->extra_certs, (X509 *)parg);

  887.       break;

  888. 

  889.     case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:

  890.       if (ctx->extra_certs == NULL && larg == 0) {

  891.         *(STACK_OF(X509) **)parg = ctx->cert->key->chain;

  892.       } else {

  893.         *(STACK_OF(X509) **)parg = ctx->extra_certs;

  894.       }

  895.       break;

  896. 

  897.     case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:

  898.       sk_X509_pop_free(ctx->extra_certs, X509_free);

  899.       ctx->extra_certs = NULL;

  900.       break;

  901. 

  902.     case SSL_CTRL_CHAIN:

  903.       if (larg) {

  904.         return ssl_cert_set1_chain(ctx->cert, (STACK_OF(X509) *)parg);

  905.       } else {

  906.         return ssl_cert_set0_chain(ctx->cert, (STACK_OF(X509) *)parg);

  907.       }

  908. 

  909.     case SSL_CTRL_CHAIN_CERT:

  910.       if (larg) {

  911.         return ssl_cert_add1_chain_cert(ctx->cert, (X509 *)parg);

  912.       } else {

  913.         return ssl_cert_add0_chain_cert(ctx->cert, (X509 *)parg);

  914.       }

  915. 

  916.     case SSL_CTRL_GET_CHAIN_CERTS:

  917.       *(STACK_OF(X509) **)parg = ctx->cert->key->chain;

  918.       break;

  919. 

  920.     case SSL_CTRL_SELECT_CURRENT_CERT:

  921.       return ssl_cert_select_current(ctx->cert, (X509 *)parg);

  922. 

  923.     default:

  924.       return 0;

  925.   }

  926. 

  927.   return 1;

  928. }

  929. 

  930. int SSL_CTX_set_tlsext_servername_callback(

  931.     SSL_CTX *ctx, int (*callback)(SSL *ssl, int *out_alert, void *arg)) {

  932.   ctx->tlsext_servername_callback = callback;

  933.   return 1;

  934. }

  935. 

  936. int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg) {

  937.   ctx->tlsext_servername_arg = arg;

  938.   return 1;

  939. }

  940. 

  941. int SSL_CTX_set_tlsext_ticket_key_cb(

  942.     SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv,

  943.                                   EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,

  944.                                   int encrypt)) {

  945.   ctx->tlsext_ticket_key_cb = callback;

  946.   return 1;

  947. }

  948. 

  949. /* ssl3_get_cipher_by_value returns the SSL_CIPHER with value |value| or NULL

  950.  * if none exists.

  951.  *

  952.  * This function needs to check if the ciphers required are actually

  953.  * available. */

  954. const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value) {

  955.   SSL_CIPHER c;

  956. 

  957.   c.id = 0x03000000L | value;

  958.   return bsearch(&c, ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(SSL_CIPHER),

  959.                  ssl_cipher_id_cmp);

  960. }

  961. 

  962. /* ssl3_get_cipher_by_value returns the cipher value of |c|. */

  963. uint16_t ssl3_get_cipher_value(const SSL_CIPHER *c) {

  964.   uint32_t id = c->id;

  965.   /* All ciphers are SSLv3 now. */

  966.   assert((id & 0xff000000) == 0x03000000);

  967.   return id & 0xffff;

  968. }

  969. 

  970. struct ssl_cipher_preference_list_st *ssl_get_cipher_preferences(SSL *s) {

  971.   if (s->cipher_list != NULL) {

  972.     return s->cipher_list;

  973.   }

  974. 

  975.   if (s->version >= TLS1_1_VERSION && s->ctx != NULL &&

  976.       s->ctx->cipher_list_tls11 != NULL) {

  977.     return s->ctx->cipher_list_tls11;

  978.   }

  979. 

  980.   if (s->ctx != NULL && s->ctx->cipher_list != NULL) {

  981.     return s->ctx->cipher_list;

  982.   }

  983. 

  984.   return NULL;

  985. }

  986. 

  987. const SSL_CIPHER *ssl3_choose_cipher(

  988.     SSL *s, STACK_OF(SSL_CIPHER) *clnt,

  989.     struct ssl_cipher_preference_list_st *server_pref) {

  990.   const SSL_CIPHER *c, *ret = NULL;

  991.   STACK_OF(SSL_CIPHER) *srvr = server_pref->ciphers, *prio, *allow;

  992.   size_t i;

  993.   int ok;

  994.   size_t cipher_index;

  995.   uint32_t alg_k, alg_a, mask_k, mask_a;

  996.   /* in_group_flags will either be NULL, or will point to an array of bytes

  997.    * which indicate equal-preference groups in the |prio| stack. See the

  998.    * comment about |in_group_flags| in the |ssl_cipher_preference_list_st|

  999.    * struct. */

  1000.   const uint8_t *in_group_flags;

  1001.   /* group_min contains the minimal index so far found in a group, or -1 if no

  1002.    * such value exists yet. */

  1003.   int group_min = -1;

  1004. 

  1005.   if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {

  1006.     prio = srvr;

  1007.     in_group_flags = server_pref->in_group_flags;

  1008.     allow = clnt;

  1009.   } else {

  1010.     prio = clnt;

  1011.     in_group_flags = NULL;

  1012.     allow = srvr;

  1013.   }

  1014. 

  1015.   ssl_get_compatible_server_ciphers(s, &mask_k, &mask_a);

  1016. 

  1017.   for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {

  1018.     c = sk_SSL_CIPHER_value(prio, i);

  1019. 

  1020.     ok = 1;

  1021. 

  1022.     /* Skip TLS v1.2 only ciphersuites if not supported */

  1023.     if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s)) {

  1024.       ok = 0;

  1025.     }

  1026. 

  1027.     alg_k = c->algorithm_mkey;

  1028.     alg_a = c->algorithm_auth;

  1029. 

  1030.     ok = ok && (alg_k & mask_k) && (alg_a & mask_a);

  1031. 

  1032.     if (ok && sk_SSL_CIPHER_find(allow, &cipher_index, c)) {

  1033.       if (in_group_flags != NULL && in_group_flags[i] == 1) {

  1034.         /* This element of |prio| is in a group. Update the minimum index found

  1035.          * so far and continue looking. */

  1036.         if (group_min == -1 || (size_t)group_min > cipher_index) {

  1037.           group_min = cipher_index;

  1038.         }

  1039.       } else {

  1040.         if (group_min != -1 && (size_t)group_min < cipher_index) {

  1041.           cipher_index = group_min;

  1042.         }

  1043.         ret = sk_SSL_CIPHER_value(allow, cipher_index);

  1044.         break;

  1045.       }

  1046.     }

  1047. 

  1048.     if (in_group_flags != NULL && in_group_flags[i] == 0 && group_min != -1) {

  1049.       /* We are about to leave a group, but we found a match in it, so that's

  1050.        * our answer. */

  1051.       ret = sk_SSL_CIPHER_value(allow, group_min);

  1052.       break;

  1053.     }

  1054.   }

  1055. 

  1056.   return ret;

  1057. }

  1058. 

  1059. int ssl3_get_req_cert_type(SSL *s, uint8_t *p) {

  1060.   int ret = 0;

  1061.   const uint8_t *sig;

  1062.   size_t i, siglen;

  1063.   int have_rsa_sign = 0;

  1064.   int have_ecdsa_sign = 0;

  1065. 

  1066.   /* If we have custom certificate types set, use them */

  1067.   if (s->cert->client_certificate_types) {

  1068.     memcpy(p, s->cert->client_certificate_types,

  1069.            s->cert->num_client_certificate_types);

  1070.     return s->cert->num_client_certificate_types;

  1071.   }

  1072. 

  1073.   /* get configured sigalgs */

  1074.   siglen = tls12_get_psigalgs(s, &sig);

  1075.   for (i = 0; i < siglen; i += 2, sig += 2) {

  1076.     switch (sig[1]) {

  1077.       case TLSEXT_signature_rsa:

  1078.         have_rsa_sign = 1;

  1079.         break;

  1080. 

  1081.       case TLSEXT_signature_ecdsa:

  1082.         have_ecdsa_sign = 1;

  1083.         break;

  1084.     }

  1085.   }

  1086. 

  1087.   if (have_rsa_sign) {

  1088.     p[ret++] = SSL3_CT_RSA_SIGN;

  1089.   }

  1090. 

  1091.   /* ECDSA certs can be used with RSA cipher suites as well so we don't need to

  1092.    * check for SSL_kECDH or SSL_kECDHE. */

  1093.   if (s->version >= TLS1_VERSION && have_ecdsa_sign) {

  1094.       p[ret++] = TLS_CT_ECDSA_SIGN;

  1095.   }

  1096. 

  1097.   return ret;

  1098. }

  1099. 

  1100. static int ssl3_set_req_cert_type(CERT *c, const uint8_t *p, size_t len) {

  1101.   OPENSSL_free(c->client_certificate_types);

  1102.   c->client_certificate_types = NULL;

  1103.   c->num_client_certificate_types = 0;

  1104. 

  1105.   if (!p || !len) {

  1106.     return 1;

  1107.   }

  1108. 

  1109.   if (len > 0xff) {

  1110.     return 0;

  1111.   }

  1112. 

  1113.   c->client_certificate_types = BUF_memdup(p, len);

  1114.   if (!c->client_certificate_types) {

  1115.     return 0;

  1116.   }

  1117. 

  1118.   c->num_client_certificate_types = len;

  1119.   return 1;

  1120. }

  1121. 

  1122. int ssl3_shutdown(SSL *s) {

  1123.   int ret;

  1124. 

  1125.   /* Do nothing if configured not to send a close_notify. */

  1126.   if (s->quiet_shutdown) {

  1127.     s->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN;

  1128.     return 1;

  1129.   }

  1130. 

  1131.   if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {

  1132.     s->shutdown |= SSL_SENT_SHUTDOWN;

  1133.     ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);

  1134. 

  1135.     /* our shutdown alert has been sent now, and if it still needs to be

  1136.      * written, s->s3->alert_dispatch will be true */

  1137.     if (s->s3->alert_dispatch) {

  1138.       return -1; /* return WANT_WRITE */

  1139.     }

  1140.   } else if (s->s3->alert_dispatch) {

  1141.     /* resend it if not sent */

  1142.     ret = s->method->ssl_dispatch_alert(s);

  1143.     if (ret == -1) {

  1144.       /* we only get to return -1 here the 2nd/Nth invocation, we must  have

  1145.        * already signalled return 0 upon a previous invoation, return

  1146.        * WANT_WRITE */

  1147.       return ret;

  1148.     }

  1149.   } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {

  1150.     /* If we are waiting for a close from our peer, we are closed */

  1151.     s->method->ssl_read_bytes(s, 0, NULL, 0, 0);

  1152.     if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {

  1153.       return -1; /* return WANT_READ */

  1154.     }

  1155.   }

  1156. 

  1157.   if (s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN) &&

  1158.       !s->s3->alert_dispatch) {

  1159.     return 1;

  1160.   } else {

  1161.     return 0;

  1162.   }

  1163. }

  1164. 

  1165. int ssl3_write(SSL *s, const void *buf, int len) {

  1166.   ERR_clear_system_error();

  1167.   if (s->s3->renegotiate) {

  1168.     ssl3_renegotiate_check(s);

  1169.   }

  1170. 

  1171.   return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);

  1172. }

  1173. 

  1174. static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) {

  1175.   ERR_clear_system_error();

  1176.   if (s->s3->renegotiate) {

  1177.     ssl3_renegotiate_check(s);

  1178.   }

  1179. 

  1180.   return s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek);

  1181. }

  1182. 

  1183. int ssl3_read(SSL *s, void *buf, int len) {

  1184.   return ssl3_read_internal(s, buf, len, 0);

  1185. }

  1186. 

  1187. int ssl3_peek(SSL *s, void *buf, int len) {

  1188.   return ssl3_read_internal(s, buf, len, 1);

  1189. }

  1190. 

  1191. int ssl3_renegotiate(SSL *s) {

  1192.   if (s->handshake_func == NULL) {

  1193.     return 1;

  1194.   }

  1195. 

  1196.   s->s3->renegotiate = 1;

  1197.   return 1;

  1198. }

  1199. 

  1200. int ssl3_renegotiate_check(SSL *s) {

  1201.   if (s->s3->renegotiate && s->s3->rbuf.left == 0 && s->s3->wbuf.left == 0 &&

  1202.       !SSL_in_init(s)) {

  1203.     /* if we are the server, and we have sent a 'RENEGOTIATE' message, we

  1204.      * need to go to SSL_ST_ACCEPT. */

  1205.     s->state = SSL_ST_RENEGOTIATE;

  1206.     s->s3->renegotiate = 0;

  1207.     s->s3->total_renegotiations++;

  1208.     return 1;

  1209.   }

  1210. 

  1211.   return 0;

  1212. }

  1213. 

  1214. /* If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and

  1215.  * handshake macs if required. */

  1216. uint32_t ssl_get_algorithm2(SSL *s) {

  1217.   static const uint32_t kMask = SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;

  1218.   uint32_t alg2 = s->s3->tmp.new_cipher->algorithm2;

  1219.   if (s->enc_method->enc_flags & SSL_ENC_FLAG_SHA256_PRF &&

  1220.       (alg2 & kMask) == kMask) {

  1221.     return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;

  1222.   }

  1223.   return alg2;

  1224. }