kris
/
boringssl
1
0
Vork 0
Code Kwesties 0 Pull-aanvragen 0 Publicaties 0 Wiki Activiteit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1408 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Tree: 5f387e38fc
Branches Labels
${ item.name }
Maak branch ${ searchTerm }
van '5f387e38fc'
${ noResults }
boringssl/ssl/s3_lib.c

1223 regels
38 KiB
Ruw Blame Geschiedenis 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.]

  56.  */

  57. /* ====================================================================

  58.  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.

  59.  *

  60.  * Redistribution and use in source and binary forms, with or without

  61.  * modification, are permitted provided that the following conditions

  62.  * are met:

  63.  *

  64.  * 1. Redistributions of source code must retain the above copyright

  65.  *    notice, this list of conditions and the following disclaimer.

  66.  *

  67.  * 2. Redistributions in binary form must reproduce the above copyright

  68.  *    notice, this list of conditions and the following disclaimer in

  69.  *    the documentation and/or other materials provided with the

  70.  *    distribution.

  71.  *

  72.  * 3. All advertising materials mentioning features or use of this

  73.  *    software must display the following acknowledgment:

  74.  *    "This product includes software developed by the OpenSSL Project

  75.  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

  76.  *

  77.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  78.  *    endorse or promote products derived from this software without

  79.  *    prior written permission. For written permission, please contact

  80.  *    openssl-core@openssl.org.

  81.  *

  82.  * 5. Products derived from this software may not be called "OpenSSL"

  83.  *    nor may "OpenSSL" appear in their names without prior written

  84.  *    permission of the OpenSSL Project.

  85.  *

  86.  * 6. Redistributions of any form whatsoever must retain the following

  87.  *    acknowledgment:

  88.  *    "This product includes software developed by the OpenSSL Project

  89.  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

  90.  *

  91.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  92.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  93.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  94.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  95.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  96.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  97.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  98.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  99.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  100.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  101.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  102.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  103.  * ====================================================================

  104.  *

  105.  * This product includes cryptographic software written by Eric Young

  106.  * (eay@cryptsoft.com).  This product includes software written by Tim

  107.  * Hudson (tjh@cryptsoft.com).

  108.  *

  109.  */

  110. /* ====================================================================

  111.  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

  112.  *

  113.  * Portions of the attached software ("Contribution") are developed by

  114.  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

  115.  *

  116.  * The Contribution is licensed pursuant to the OpenSSL open source

  117.  * license provided above.

  118.  *

  119.  * ECC cipher suite support in OpenSSL originally written by

  120.  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.

  121.  *

  122.  */

  123. /* ====================================================================

  124.  * Copyright 2005 Nokia. All rights reserved.

  125.  *

  126.  * The portions of the attached software ("Contribution") is developed by

  127.  * Nokia Corporation and is licensed pursuant to the OpenSSL open source

  128.  * license.

  129.  *

  130.  * The Contribution, originally written by Mika Kousa and Pasi Eronen of

  131.  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites

  132.  * support (see RFC 4279) to OpenSSL.

  133.  *

  134.  * No patent licenses or other rights except those expressly stated in

  135.  * the OpenSSL open source license shall be deemed granted or received

  136.  * expressly, by implication, estoppel, or otherwise.

  137.  *

  138.  * No assurances are provided by Nokia that the Contribution does not

  139.  * infringe the patent or other intellectual property rights of any third

  140.  * party or that the license provides you with all the necessary rights

  141.  * to make use of the Contribution.

  142.  *

  143.  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN

  144.  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA

  145.  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY

  146.  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR

  147.  * OTHERWISE. */

  148. 

  149. #include <assert.h>

  150. #include <stdio.h>

  151. #include <string.h>

  152. 

  153. #include <openssl/buf.h>

  154. #include <openssl/dh.h>

  155. #include <openssl/err.h>

  156. #include <openssl/md5.h>

  157. #include <openssl/mem.h>

  158. #include <openssl/obj.h>

  159. 

  160. #include "internal.h"

  161. 

  162. 

  163. #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER))

  164. 

  165. /* list of available SSLv3 ciphers (sorted by id) */

  166. const SSL_CIPHER ssl3_ciphers[] = {

  167.     /* The RSA ciphers */

  168.     /* Cipher 04 */

  169.     {

  170.      SSL3_TXT_RSA_RC4_128_MD5, SSL3_CK_RSA_RC4_128_MD5, SSL_kRSA, SSL_aRSA,

  171.      SSL_RC4, SSL_MD5, SSL_SSLV3, SSL_MEDIUM,

  172.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,

  173.     },

  174. 

  175.     /* Cipher 05 */

  176.     {

  177.      SSL3_TXT_RSA_RC4_128_SHA, SSL3_CK_RSA_RC4_128_SHA, SSL_kRSA, SSL_aRSA,

  178.      SSL_RC4, SSL_SHA1, SSL_SSLV3, SSL_MEDIUM,

  179.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,

  180.     },

  181. 

  182.     /* Cipher 0A */

  183.     {

  184.      SSL3_TXT_RSA_DES_192_CBC3_SHA, SSL3_CK_RSA_DES_192_CBC3_SHA, SSL_kRSA,

  185.      SSL_aRSA, SSL_3DES, SSL_SHA1, SSL_SSLV3, SSL_HIGH | SSL_FIPS,

  186.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168,

  187.     },

  188. 

  189. 

  190.     /* New AES ciphersuites */

  191. 

  192.     /* Cipher 2F */

  193.     {

  194.      TLS1_TXT_RSA_WITH_AES_128_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, SSL_kRSA,

  195.      SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,

  196.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,

  197.     },

  198. 

  199.     /* Cipher 33 */

  200.     {

  201.      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, TLS1_CK_DHE_RSA_WITH_AES_128_SHA,

  202.      SSL_kDHE, SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,

  203.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,

  204.     },

  205. 

  206.     /* Cipher 35 */

  207.     {

  208.      TLS1_TXT_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_256_SHA, SSL_kRSA,

  209.      SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,

  210.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,

  211.     },

  212. 

  213.     /* Cipher 39 */

  214.     {

  215.      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, TLS1_CK_DHE_RSA_WITH_AES_256_SHA,

  216.      SSL_kDHE, SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,

  217.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,

  218.     },

  219. 

  220. 

  221.     /* TLS v1.2 ciphersuites */

  222. 

  223.     /* Cipher 3C */

  224.     {

  225.      TLS1_TXT_RSA_WITH_AES_128_SHA256, TLS1_CK_RSA_WITH_AES_128_SHA256,

  226.      SSL_kRSA, SSL_aRSA, SSL_AES128, SSL_SHA256, SSL_TLSV1_2,

  227.      SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128,

  228.     },

  229. 

  230.     /* Cipher 3D */

  231.     {

  232.      TLS1_TXT_RSA_WITH_AES_256_SHA256, TLS1_CK_RSA_WITH_AES_256_SHA256,

  233.      SSL_kRSA, SSL_aRSA, SSL_AES256, SSL_SHA256, SSL_TLSV1_2,

  234.      SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256,

  235.     },

  236. 

  237.     /* Cipher 67 */

  238.     {

  239.      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,

  240.      TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128,

  241.      SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  242.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128,

  243.     },

  244. 

  245.     /* Cipher 6B */

  246.     {

  247.      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,

  248.      TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES256,

  249.      SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  250.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256,

  251.     },

  252. 

  253.     /* Cipher 8A */

  254.     {

  255.      TLS1_TXT_PSK_WITH_RC4_128_SHA, TLS1_CK_PSK_WITH_RC4_128_SHA, SSL_kPSK,

  256.      SSL_aPSK, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM,

  257.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,

  258.     },

  259. 

  260.     /* Cipher 8C */

  261.     {

  262.      TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, TLS1_CK_PSK_WITH_AES_128_CBC_SHA,

  263.      SSL_kPSK, SSL_aPSK, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,

  264.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,

  265.     },

  266. 

  267.     /* Cipher 8D */

  268.     {

  269.      TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, TLS1_CK_PSK_WITH_AES_256_CBC_SHA,

  270.      SSL_kPSK, SSL_aPSK, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,

  271.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,

  272.     },

  273. 

  274. 

  275.     /* GCM ciphersuites from RFC5288 */

  276. 

  277.     /* Cipher 9C */

  278.     {

  279.      TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,

  280.      TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, SSL_kRSA, SSL_aRSA, SSL_AES128GCM,

  281.      SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  282.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |

  283.          SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  284.      128, 128,

  285.     },

  286. 

  287.     /* Cipher 9D */

  288.     {

  289.      TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,

  290.      TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, SSL_kRSA, SSL_aRSA, SSL_AES256GCM,

  291.      SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  292.      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD |

  293.          SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  294.      256, 256,

  295.     },

  296. 

  297.     /* Cipher 9E */

  298.     {

  299.      TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,

  300.      TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128GCM,

  301.      SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  302.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |

  303.          SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  304.      128, 128,

  305.     },

  306. 

  307.     /* Cipher 9F */

  308.     {

  309.      TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,

  310.      TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kDHE, SSL_aRSA, SSL_AES256GCM,

  311.      SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  312.      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD |

  313.          SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  314.      256, 256,

  315.     },

  316. 

  317.     /* Cipher C007 */

  318.     {

  319.      TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,

  320.      TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_kECDHE, SSL_aECDSA, SSL_RC4,

  321.      SSL_SHA1, SSL_TLSV1, SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128,

  322.      128,

  323.     },

  324. 

  325.     /* Cipher C009 */

  326.     {

  327.      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,

  328.      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aECDSA,

  329.      SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,

  330.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,

  331.     },

  332. 

  333.     /* Cipher C00A */

  334.     {

  335.      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,

  336.      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aECDSA,

  337.      SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,

  338.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,

  339.     },

  340. 

  341.     /* Cipher C011 */

  342.     {

  343.      TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,

  344.      SSL_kECDHE, SSL_aRSA, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM,

  345.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,

  346.     },

  347. 

  348.     /* Cipher C013 */

  349.     {

  350.      TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,

  351.      TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES128,

  352.      SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,

  353.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,

  354.     },

  355. 

  356.     /* Cipher C014 */

  357.     {

  358.      TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,

  359.      TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES256,

  360.      SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,

  361.      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,

  362.     },

  363. 

  364. 

  365.     /* HMAC based TLS v1.2 ciphersuites from RFC5289 */

  366. 

  367.     /* Cipher C023 */

  368.     {

  369.      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,

  370.      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aECDSA,

  371.      SSL_AES128, SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  372.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128,

  373.     },

  374. 

  375.     /* Cipher C024 */

  376.     {

  377.      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,

  378.      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aECDSA,

  379.      SSL_AES256, SSL_SHA384, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  380.      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256,

  381.     },

  382. 

  383.     /* Cipher C027 */

  384.     {

  385.      TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,

  386.      TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aRSA, SSL_AES128,

  387.      SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  388.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128,

  389.     },

  390. 

  391.     /* Cipher C028 */

  392.     {

  393.      TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,

  394.      TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aRSA, SSL_AES256,

  395.      SSL_SHA384, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  396.      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256,

  397.     },

  398. 

  399. 

  400.     /* GCM based TLS v1.2 ciphersuites from RFC5289 */

  401. 

  402.     /* Cipher C02B */

  403.     {

  404.      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,

  405.      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aECDSA,

  406.      SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  407.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |

  408.          SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  409.      128, 128,

  410.     },

  411. 

  412.     /* Cipher C02C */

  413.     {

  414.      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,

  415.      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aECDSA,

  416.      SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  417.      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD |

  418.          SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  419.      256, 256,

  420.     },

  421. 

  422.     /* Cipher C02F */

  423.     {

  424.      TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,

  425.      TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aRSA,

  426.      SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  427.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |

  428.          SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  429.      128, 128,

  430.     },

  431. 

  432.     /* Cipher C030 */

  433.     {

  434.      TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,

  435.      TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aRSA,

  436.      SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,

  437.      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD |

  438.          SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  439.      256, 256,

  440.     },

  441. 

  442. 

  443.     /* ECDH PSK ciphersuites */

  444. 

  445.     /* Cipher CAFE */

  446.     {

  447.      TLS1_TXT_ECDHE_PSK_WITH_AES_128_GCM_SHA256,

  448.      TLS1_CK_ECDHE_PSK_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aPSK,

  449.      SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,

  450.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |

  451.          SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  452.      128, 128,

  453.     },

  454. 

  455.     {

  456.      TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,

  457.      TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aRSA,

  458.      SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,

  459.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD,

  460.      256, 0,

  461.     },

  462. 

  463.     {

  464.      TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,

  465.      TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aECDSA,

  466.      SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,

  467.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD,

  468.      256, 0,

  469.     },

  470. 

  471.     {

  472.      TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,

  473.      TLS1_CK_DHE_RSA_CHACHA20_POLY1305, SSL_kDHE, SSL_aRSA,

  474.      SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,

  475.      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD,

  476.      256, 0,

  477.     },

  478. };

  479. 

  480. const SSL3_ENC_METHOD SSLv3_enc_data = {

  481.     ssl3_prf,

  482.     tls1_setup_key_block,

  483.     tls1_generate_master_secret,

  484.     tls1_change_cipher_state,

  485.     ssl3_final_finish_mac,

  486.     ssl3_cert_verify_mac,

  487.     SSL3_MD_CLIENT_FINISHED_CONST, 4,

  488.     SSL3_MD_SERVER_FINISHED_CONST, 4,

  489.     ssl3_alert_code,

  490.     tls1_export_keying_material,

  491.     0,

  492. };

  493. 

  494. size_t ssl3_num_ciphers(void) { return SSL3_NUM_CIPHERS; }

  495. 

  496. const SSL_CIPHER *ssl3_get_cipher(size_t i) {

  497.   if (i >= SSL3_NUM_CIPHERS) {

  498.     return NULL;

  499.   }

  500. 

  501.   return &ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - i];

  502. }

  503. 

  504. int ssl3_pending(const SSL *s) {

  505.   if (s->rstate == SSL_ST_READ_BODY) {

  506.     return 0;

  507.   }

  508. 

  509.   return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length

  510.                                                         : 0;

  511. }

  512. 

  513. int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len) {

  514.   uint8_t *p = (uint8_t *)s->init_buf->data;

  515.   *(p++) = htype;

  516.   l2n3(len, p);

  517.   s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;

  518.   s->init_off = 0;

  519. 

  520.   /* Add the message to the handshake hash. */

  521.   return ssl3_finish_mac(s, (uint8_t *)s->init_buf->data, s->init_num);

  522. }

  523. 

  524. int ssl3_handshake_write(SSL *s) { return ssl3_do_write(s, SSL3_RT_HANDSHAKE); }

  525. 

  526. int ssl3_new(SSL *s) {

  527.   SSL3_STATE *s3;

  528. 

  529.   s3 = OPENSSL_malloc(sizeof *s3);

  530.   if (s3 == NULL) {

  531.     goto err;

  532.   }

  533.   memset(s3, 0, sizeof *s3);

  534.   memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));

  535. 

  536.   s->s3 = s3;

  537. 

  538.   /* Set the version to the highest supported version for TLS. This controls the

  539.    * initial state of |s->enc_method| and what the API reports as the version

  540.    * prior to negotiation.

  541.    *

  542.    * TODO(davidben): This is fragile and confusing. */

  543.   s->version = TLS1_2_VERSION;

  544.   return 1;

  545. err:

  546.   return 0;

  547. }

  548. 

  549. void ssl3_free(SSL *s) {

  550.   if (s == NULL || s->s3 == NULL) {

  551.     return;

  552.   }

  553. 

  554.   BUF_MEM_free(s->s3->sniff_buffer);

  555.   ssl3_cleanup_key_block(s);

  556.   ssl3_release_read_buffer(s);

  557.   ssl3_release_write_buffer(s);

  558.   DH_free(s->s3->tmp.dh);

  559.   EC_KEY_free(s->s3->tmp.ecdh);

  560. 

  561.   sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);

  562.   OPENSSL_free(s->s3->tmp.certificate_types);

  563.   OPENSSL_free(s->s3->tmp.peer_ecpointformatlist);

  564.   OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist);

  565.   OPENSSL_free(s->s3->tmp.peer_psk_identity_hint);

  566.   BIO_free(s->s3->handshake_buffer);

  567.   ssl3_free_digest_list(s);

  568.   OPENSSL_free(s->s3->alpn_selected);

  569. 

  570.   OPENSSL_cleanse(s->s3, sizeof *s->s3);

  571.   OPENSSL_free(s->s3);

  572.   s->s3 = NULL;

  573. }

  574. 

  575. static int ssl3_set_req_cert_type(CERT *c, const uint8_t *p, size_t len);

  576. 

  577. int SSL_session_reused(const SSL *ssl) {

  578.   return ssl->hit;

  579. }

  580. 

  581. int SSL_total_renegotiations(const SSL *ssl) {

  582.   return ssl->s3->total_renegotiations;

  583. }

  584. 

  585. int SSL_num_renegotiations(const SSL *ssl) {

  586.   return SSL_total_renegotiations(ssl);

  587. }

  588. 

  589. int SSL_CTX_need_tmp_RSA(const SSL_CTX *ctx) {

  590.   return 0;

  591. }

  592. 

  593. int SSL_need_rsa(const SSL *ssl) {

  594.   return 0;

  595. }

  596. 

  597. int SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, const RSA *rsa) {

  598.   return 1;

  599. }

  600. 

  601. int SSL_set_tmp_rsa(SSL *ssl, const RSA *rsa) {

  602.   return 1;

  603. }

  604. 

  605. int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh) {

  606.   DH_free(ctx->cert->dh_tmp);

  607.   ctx->cert->dh_tmp = DHparams_dup(dh);

  608.   if (ctx->cert->dh_tmp == NULL) {

  609.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_set_tmp_dh, ERR_R_DH_LIB);

  610.     return 0;

  611.   }

  612.   return 1;

  613. }

  614. 

  615. int SSL_set_tmp_dh(SSL *ssl, const DH *dh) {

  616.   DH_free(ssl->cert->dh_tmp);

  617.   ssl->cert->dh_tmp = DHparams_dup(dh);

  618.   if (ssl->cert->dh_tmp == NULL) {

  619.     OPENSSL_PUT_ERROR(SSL, SSL_set_tmp_dh, ERR_R_DH_LIB);

  620.     return 0;

  621.   }

  622.   return 1;

  623. }

  624. 

  625. int SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ec_key) {

  626.   if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) {

  627.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_set_tmp_ecdh, ERR_R_PASSED_NULL_PARAMETER);

  628.     return 0;

  629.   }

  630.   ctx->cert->ecdh_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));

  631.   return 1;

  632. }

  633. 

  634. int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key) {

  635.   if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) {

  636.     OPENSSL_PUT_ERROR(SSL, SSL_set_tmp_ecdh, ERR_R_PASSED_NULL_PARAMETER);

  637.     return 0;

  638.   }

  639.   ssl->cert->ecdh_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));

  640.   return 1;

  641. }

  642. 

  643. int SSL_CTX_enable_tls_channel_id(SSL_CTX *ctx) {

  644.   ctx->tlsext_channel_id_enabled = 1;

  645.   return 1;

  646. }

  647. 

  648. int SSL_enable_tls_channel_id(SSL *ssl) {

  649.   ssl->tlsext_channel_id_enabled = 1;

  650.   return 1;

  651. }

  652. 

  653. int SSL_CTX_set1_tls_channel_id(SSL_CTX *ctx, EVP_PKEY *private_key) {

  654.   ctx->tlsext_channel_id_enabled = 1;

  655.   if (EVP_PKEY_id(private_key) != EVP_PKEY_EC ||

  656.       EVP_PKEY_bits(private_key) != 256) {

  657.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_set1_tls_channel_id,

  658.                       SSL_R_CHANNEL_ID_NOT_P256);

  659.     return 0;

  660.   }

  661.   EVP_PKEY_free(ctx->tlsext_channel_id_private);

  662.   ctx->tlsext_channel_id_private = EVP_PKEY_up_ref(private_key);

  663.   return 1;

  664. }

  665. 

  666. int SSL_set1_tls_channel_id(SSL *ssl, EVP_PKEY *private_key) {

  667.   ssl->tlsext_channel_id_enabled = 1;

  668.   if (EVP_PKEY_id(private_key) != EVP_PKEY_EC ||

  669.       EVP_PKEY_bits(private_key) != 256) {

  670.     OPENSSL_PUT_ERROR(SSL, SSL_set1_tls_channel_id, SSL_R_CHANNEL_ID_NOT_P256);

  671.     return 0;

  672.   }

  673.   EVP_PKEY_free(ssl->tlsext_channel_id_private);

  674.   ssl->tlsext_channel_id_private = EVP_PKEY_up_ref(private_key);

  675.   return 1;

  676. }

  677. 

  678. size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out, size_t max_out) {

  679.   if (!ssl->s3->tlsext_channel_id_valid) {

  680.     return 0;

  681.   }

  682.   memcpy(out, ssl->s3->tlsext_channel_id, (max_out < 64) ? max_out : 64);

  683.   return 64;

  684. }

  685. 

  686. int SSL_set_tlsext_host_name(SSL *ssl, const char *name) {

  687.   OPENSSL_free(ssl->tlsext_hostname);

  688.   ssl->tlsext_hostname = NULL;

  689. 

  690.   if (name == NULL) {

  691.     return 1;

  692.   }

  693.   if (strlen(name) > TLSEXT_MAXLEN_host_name) {

  694.     OPENSSL_PUT_ERROR(SSL, SSL_set_tlsext_host_name,

  695.                       SSL_R_SSL3_EXT_INVALID_SERVERNAME);

  696.     return 0;

  697.   }

  698.   ssl->tlsext_hostname = BUF_strdup(name);

  699.   if (ssl->tlsext_hostname == NULL) {

  700.     OPENSSL_PUT_ERROR(SSL, SSL_set_tlsext_host_name, ERR_R_MALLOC_FAILURE);

  701.     return 0;

  702.   }

  703.   return 1;

  704. }

  705. 

  706. long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) {

  707.   int ret = 0;

  708. 

  709.   switch (cmd) {

  710.     case SSL_CTRL_CHAIN:

  711.       if (larg) {

  712.         return ssl_cert_set1_chain(s->cert, (STACK_OF(X509) *)parg);

  713.       } else {

  714.         return ssl_cert_set0_chain(s->cert, (STACK_OF(X509) *)parg);

  715.       }

  716. 

  717.     case SSL_CTRL_CHAIN_CERT:

  718.       if (larg) {

  719.         return ssl_cert_add1_chain_cert(s->cert, (X509 *)parg);

  720.       } else {

  721.         return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg);

  722.       }

  723. 

  724.     case SSL_CTRL_GET_CHAIN_CERTS:

  725.       *(STACK_OF(X509) **)parg = s->cert->key->chain;

  726.       ret = 1;

  727.       break;

  728. 

  729.     case SSL_CTRL_SELECT_CURRENT_CERT:

  730.       return ssl_cert_select_current(s->cert, (X509 *)parg);

  731. 

  732.     case SSL_CTRL_GET_CURVES: {

  733.       const uint16_t *clist = s->s3->tmp.peer_ellipticcurvelist;

  734.       size_t clistlen = s->s3->tmp.peer_ellipticcurvelist_length;

  735.       if (parg) {

  736.         size_t i;

  737.         int *cptr = parg;

  738.         int nid;

  739.         for (i = 0; i < clistlen; i++) {

  740.           nid = tls1_ec_curve_id2nid(clist[i]);

  741.           if (nid != NID_undef) {

  742.             cptr[i] = nid;

  743.           } else {

  744.             cptr[i] = TLSEXT_nid_unknown | clist[i];

  745.           }

  746.         }

  747.       }

  748.       return (int)clistlen;

  749.     }

  750. 

  751.     case SSL_CTRL_SET_CURVES:

  752.       return tls1_set_curves(&s->tlsext_ellipticcurvelist,

  753.                              &s->tlsext_ellipticcurvelist_length, parg, larg);

  754. 

  755.     case SSL_CTRL_SET_SIGALGS:

  756.       return tls1_set_sigalgs(s->cert, parg, larg, 0);

  757. 

  758.     case SSL_CTRL_SET_CLIENT_SIGALGS:

  759.       return tls1_set_sigalgs(s->cert, parg, larg, 1);

  760. 

  761.     case SSL_CTRL_GET_CLIENT_CERT_TYPES: {

  762.       const uint8_t **pctype = parg;

  763.       if (s->server || !s->s3->tmp.cert_req) {

  764.         return 0;

  765.       }

  766.       if (pctype) {

  767.         *pctype = s->s3->tmp.certificate_types;

  768.       }

  769.       return (int)s->s3->tmp.num_certificate_types;

  770.     }

  771. 

  772.     case SSL_CTRL_SET_CLIENT_CERT_TYPES:

  773.       if (!s->server) {

  774.         return 0;

  775.       }

  776.       return ssl3_set_req_cert_type(s->cert, parg, larg);

  777. 

  778.     case SSL_CTRL_BUILD_CERT_CHAIN:

  779.       return ssl_build_cert_chain(s->cert, s->ctx->cert_store, larg);

  780. 

  781.     case SSL_CTRL_SET_VERIFY_CERT_STORE:

  782.       return ssl_cert_set_cert_store(s->cert, parg, 0, larg);

  783. 

  784.     case SSL_CTRL_SET_CHAIN_CERT_STORE:

  785.       return ssl_cert_set_cert_store(s->cert, parg, 1, larg);

  786. 

  787.     case SSL_CTRL_GET_SERVER_TMP_KEY:

  788.       if (s->server || !s->session || !s->session->sess_cert) {

  789.         return 0;

  790.       } else {

  791.         SESS_CERT *sc;

  792.         EVP_PKEY *ptmp;

  793.         int rv = 0;

  794.         sc = s->session->sess_cert;

  795.         if (!sc->peer_dh_tmp && !sc->peer_ecdh_tmp) {

  796.           return 0;

  797.         }

  798.         ptmp = EVP_PKEY_new();

  799.         if (!ptmp) {

  800.           return 0;

  801.         }

  802.         if (sc->peer_dh_tmp) {

  803.           rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);

  804.         } else if (sc->peer_ecdh_tmp) {

  805.           rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);

  806.         }

  807.         if (rv) {

  808.           *(EVP_PKEY **)parg = ptmp;

  809.           return 1;

  810.         }

  811.         EVP_PKEY_free(ptmp);

  812.         return 0;

  813.       }

  814. 

  815.     case SSL_CTRL_GET_EC_POINT_FORMATS: {

  816.       const uint8_t **pformat = parg;

  817.       if (!s->s3->tmp.peer_ecpointformatlist) {

  818.         return 0;

  819.       }

  820.       *pformat = s->s3->tmp.peer_ecpointformatlist;

  821.       return (int)s->s3->tmp.peer_ecpointformatlist_length;

  822.     }

  823. 

  824.     default:

  825.       break;

  826.   }

  827. 

  828.   return ret;

  829. }

  830. 

  831. long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) {

  832.   switch (cmd) {

  833.     case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:

  834.     case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: {

  835.       uint8_t *keys = parg;

  836.       if (!keys) {

  837.         return 48;

  838.       }

  839.       if (larg != 48) {

  840.         OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, SSL_R_INVALID_TICKET_KEYS_LENGTH);

  841.         return 0;

  842.       }

  843.       if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {

  844.         memcpy(ctx->tlsext_tick_key_name, keys, 16);

  845.         memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);

  846.         memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);

  847.       } else {

  848.         memcpy(keys, ctx->tlsext_tick_key_name, 16);

  849.         memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);

  850.         memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);

  851.       }

  852.       return 1;

  853.     }

  854. 

  855.     case SSL_CTRL_SET_CURVES:

  856.       return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,

  857.                              &ctx->tlsext_ellipticcurvelist_length, parg, larg);

  858. 

  859.     case SSL_CTRL_SET_SIGALGS:

  860.       return tls1_set_sigalgs(ctx->cert, parg, larg, 0);

  861. 

  862.     case SSL_CTRL_SET_CLIENT_SIGALGS:

  863.       return tls1_set_sigalgs(ctx->cert, parg, larg, 1);

  864. 

  865.     case SSL_CTRL_SET_CLIENT_CERT_TYPES:

  866.       return ssl3_set_req_cert_type(ctx->cert, parg, larg);

  867. 

  868.     case SSL_CTRL_BUILD_CERT_CHAIN:

  869.       return ssl_build_cert_chain(ctx->cert, ctx->cert_store, larg);

  870. 

  871.     case SSL_CTRL_SET_VERIFY_CERT_STORE:

  872.       return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);

  873. 

  874.     case SSL_CTRL_SET_CHAIN_CERT_STORE:

  875.       return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);

  876. 

  877.     case SSL_CTRL_EXTRA_CHAIN_CERT:

  878.       if (ctx->extra_certs == NULL) {

  879.         ctx->extra_certs = sk_X509_new_null();

  880.         if (ctx->extra_certs == NULL) {

  881.           return 0;

  882.         }

  883.       }

  884.       sk_X509_push(ctx->extra_certs, (X509 *)parg);

  885.       break;

  886. 

  887.     case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:

  888.       if (ctx->extra_certs == NULL && larg == 0) {

  889.         *(STACK_OF(X509) **)parg = ctx->cert->key->chain;

  890.       } else {

  891.         *(STACK_OF(X509) **)parg = ctx->extra_certs;

  892.       }

  893.       break;

  894. 

  895.     case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:

  896.       sk_X509_pop_free(ctx->extra_certs, X509_free);

  897.       ctx->extra_certs = NULL;

  898.       break;

  899. 

  900.     case SSL_CTRL_CHAIN:

  901.       if (larg) {

  902.         return ssl_cert_set1_chain(ctx->cert, (STACK_OF(X509) *)parg);

  903.       } else {

  904.         return ssl_cert_set0_chain(ctx->cert, (STACK_OF(X509) *)parg);

  905.       }

  906. 

  907.     case SSL_CTRL_CHAIN_CERT:

  908.       if (larg) {

  909.         return ssl_cert_add1_chain_cert(ctx->cert, (X509 *)parg);

  910.       } else {

  911.         return ssl_cert_add0_chain_cert(ctx->cert, (X509 *)parg);

  912.       }

  913. 

  914.     case SSL_CTRL_GET_CHAIN_CERTS:

  915.       *(STACK_OF(X509) **)parg = ctx->cert->key->chain;

  916.       break;

  917. 

  918.     case SSL_CTRL_SELECT_CURRENT_CERT:

  919.       return ssl_cert_select_current(ctx->cert, (X509 *)parg);

  920. 

  921.     default:

  922.       return 0;

  923.   }

  924. 

  925.   return 1;

  926. }

  927. 

  928. int SSL_CTX_set_tlsext_servername_callback(

  929.     SSL_CTX *ctx, int (*callback)(SSL *ssl, int *out_alert, void *arg)) {

  930.   ctx->tlsext_servername_callback = callback;

  931.   return 1;

  932. }

  933. 

  934. int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg) {

  935.   ctx->tlsext_servername_arg = arg;

  936.   return 1;

  937. }

  938. 

  939. int SSL_CTX_set_tlsext_ticket_key_cb(

  940.     SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv,

  941.                                   EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,

  942.                                   int encrypt)) {

  943.   ctx->tlsext_ticket_key_cb = callback;

  944.   return 1;

  945. }

  946. 

  947. /* ssl3_get_cipher_by_value returns the SSL_CIPHER with value |value| or NULL

  948.  * if none exists.

  949.  *

  950.  * This function needs to check if the ciphers required are actually

  951.  * available. */

  952. const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value) {

  953.   SSL_CIPHER c;

  954. 

  955.   c.id = 0x03000000L | value;

  956.   return bsearch(&c, ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(SSL_CIPHER),

  957.                  ssl_cipher_id_cmp);

  958. }

  959. 

  960. /* ssl3_get_cipher_by_value returns the cipher value of |c|. */

  961. uint16_t ssl3_get_cipher_value(const SSL_CIPHER *c) {

  962.   uint32_t id = c->id;

  963.   /* All ciphers are SSLv3 now. */

  964.   assert((id & 0xff000000) == 0x03000000);

  965.   return id & 0xffff;

  966. }

  967. 

  968. struct ssl_cipher_preference_list_st *ssl_get_cipher_preferences(SSL *s) {

  969.   if (s->cipher_list != NULL) {

  970.     return s->cipher_list;

  971.   }

  972. 

  973.   if (s->version >= TLS1_1_VERSION && s->ctx != NULL &&

  974.       s->ctx->cipher_list_tls11 != NULL) {

  975.     return s->ctx->cipher_list_tls11;

  976.   }

  977. 

  978.   if (s->ctx != NULL && s->ctx->cipher_list != NULL) {

  979.     return s->ctx->cipher_list;

  980.   }

  981. 

  982.   return NULL;

  983. }

  984. 

  985. const SSL_CIPHER *ssl3_choose_cipher(

  986.     SSL *s, STACK_OF(SSL_CIPHER) *clnt,

  987.     struct ssl_cipher_preference_list_st *server_pref) {

  988.   const SSL_CIPHER *c, *ret = NULL;

  989.   STACK_OF(SSL_CIPHER) *srvr = server_pref->ciphers, *prio, *allow;

  990.   size_t i;

  991.   int ok;

  992.   size_t cipher_index;

  993.   uint32_t alg_k, alg_a, mask_k, mask_a;

  994.   /* in_group_flags will either be NULL, or will point to an array of bytes

  995.    * which indicate equal-preference groups in the |prio| stack. See the

  996.    * comment about |in_group_flags| in the |ssl_cipher_preference_list_st|

  997.    * struct. */

  998.   const uint8_t *in_group_flags;

  999.   /* group_min contains the minimal index so far found in a group, or -1 if no

  1000.    * such value exists yet. */

  1001.   int group_min = -1;

  1002. 

  1003.   if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {

  1004.     prio = srvr;

  1005.     in_group_flags = server_pref->in_group_flags;

  1006.     allow = clnt;

  1007.   } else {

  1008.     prio = clnt;

  1009.     in_group_flags = NULL;

  1010.     allow = srvr;

  1011.   }

  1012. 

  1013.   ssl_get_compatible_server_ciphers(s, &mask_k, &mask_a);

  1014. 

  1015.   for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {

  1016.     c = sk_SSL_CIPHER_value(prio, i);

  1017. 

  1018.     ok = 1;

  1019. 

  1020.     /* Skip TLS v1.2 only ciphersuites if not supported */

  1021.     if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s)) {

  1022.       ok = 0;

  1023.     }

  1024. 

  1025.     alg_k = c->algorithm_mkey;

  1026.     alg_a = c->algorithm_auth;

  1027. 

  1028.     ok = ok && (alg_k & mask_k) && (alg_a & mask_a);

  1029. 

  1030.     if (ok && sk_SSL_CIPHER_find(allow, &cipher_index, c)) {

  1031.       if (in_group_flags != NULL && in_group_flags[i] == 1) {

  1032.         /* This element of |prio| is in a group. Update the minimum index found

  1033.          * so far and continue looking. */

  1034.         if (group_min == -1 || (size_t)group_min > cipher_index) {

  1035.           group_min = cipher_index;

  1036.         }

  1037.       } else {

  1038.         if (group_min != -1 && (size_t)group_min < cipher_index) {

  1039.           cipher_index = group_min;

  1040.         }

  1041.         ret = sk_SSL_CIPHER_value(allow, cipher_index);

  1042.         break;

  1043.       }

  1044.     }

  1045. 

  1046.     if (in_group_flags != NULL && in_group_flags[i] == 0 && group_min != -1) {

  1047.       /* We are about to leave a group, but we found a match in it, so that's

  1048.        * our answer. */

  1049.       ret = sk_SSL_CIPHER_value(allow, group_min);

  1050.       break;

  1051.     }

  1052.   }

  1053. 

  1054.   return ret;

  1055. }

  1056. 

  1057. int ssl3_get_req_cert_type(SSL *s, uint8_t *p) {

  1058.   int ret = 0;

  1059.   const uint8_t *sig;

  1060.   size_t i, siglen;

  1061.   int have_rsa_sign = 0;

  1062.   int have_ecdsa_sign = 0;

  1063. 

  1064.   /* If we have custom certificate types set, use them */

  1065.   if (s->cert->client_certificate_types) {

  1066.     memcpy(p, s->cert->client_certificate_types,

  1067.            s->cert->num_client_certificate_types);

  1068.     return s->cert->num_client_certificate_types;

  1069.   }

  1070. 

  1071.   /* get configured sigalgs */

  1072.   siglen = tls12_get_psigalgs(s, &sig);

  1073.   for (i = 0; i < siglen; i += 2, sig += 2) {

  1074.     switch (sig[1]) {

  1075.       case TLSEXT_signature_rsa:

  1076.         have_rsa_sign = 1;

  1077.         break;

  1078. 

  1079.       case TLSEXT_signature_ecdsa:

  1080.         have_ecdsa_sign = 1;

  1081.         break;

  1082.     }

  1083.   }

  1084. 

  1085.   if (have_rsa_sign) {

  1086.     p[ret++] = SSL3_CT_RSA_SIGN;

  1087.   }

  1088. 

  1089.   /* ECDSA certs can be used with RSA cipher suites as well so we don't need to

  1090.    * check for SSL_kECDH or SSL_kECDHE. */

  1091.   if (s->version >= TLS1_VERSION && have_ecdsa_sign) {

  1092.       p[ret++] = TLS_CT_ECDSA_SIGN;

  1093.   }

  1094. 

  1095.   return ret;

  1096. }

  1097. 

  1098. static int ssl3_set_req_cert_type(CERT *c, const uint8_t *p, size_t len) {

  1099.   OPENSSL_free(c->client_certificate_types);

  1100.   c->client_certificate_types = NULL;

  1101.   c->num_client_certificate_types = 0;

  1102. 

  1103.   if (!p || !len) {

  1104.     return 1;

  1105.   }

  1106. 

  1107.   if (len > 0xff) {

  1108.     return 0;

  1109.   }

  1110. 

  1111.   c->client_certificate_types = BUF_memdup(p, len);

  1112.   if (!c->client_certificate_types) {

  1113.     return 0;

  1114.   }

  1115. 

  1116.   c->num_client_certificate_types = len;

  1117.   return 1;

  1118. }

  1119. 

  1120. int ssl3_shutdown(SSL *s) {

  1121.   int ret;

  1122. 

  1123.   /* Do nothing if configured not to send a close_notify. */

  1124.   if (s->quiet_shutdown) {

  1125.     s->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN;

  1126.     return 1;

  1127.   }

  1128. 

  1129.   if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {

  1130.     s->shutdown |= SSL_SENT_SHUTDOWN;

  1131.     ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);

  1132. 

  1133.     /* our shutdown alert has been sent now, and if it still needs to be

  1134.      * written, s->s3->alert_dispatch will be true */

  1135.     if (s->s3->alert_dispatch) {

  1136.       return -1; /* return WANT_WRITE */

  1137.     }

  1138.   } else if (s->s3->alert_dispatch) {

  1139.     /* resend it if not sent */

  1140.     ret = s->method->ssl_dispatch_alert(s);

  1141.     if (ret == -1) {

  1142.       /* we only get to return -1 here the 2nd/Nth invocation, we must  have

  1143.        * already signalled return 0 upon a previous invoation, return

  1144.        * WANT_WRITE */

  1145.       return ret;

  1146.     }

  1147.   } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {

  1148.     /* If we are waiting for a close from our peer, we are closed */

  1149.     s->method->ssl_read_bytes(s, 0, NULL, 0, 0);

  1150.     if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {

  1151.       return -1; /* return WANT_READ */

  1152.     }

  1153.   }

  1154. 

  1155.   if (s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN) &&

  1156.       !s->s3->alert_dispatch) {

  1157.     return 1;

  1158.   } else {

  1159.     return 0;

  1160.   }

  1161. }

  1162. 

  1163. int ssl3_write(SSL *s, const void *buf, int len) {

  1164.   ERR_clear_system_error();

  1165.   if (s->s3->renegotiate) {

  1166.     ssl3_renegotiate_check(s);

  1167.   }

  1168. 

  1169.   return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);

  1170. }

  1171. 

  1172. static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) {

  1173.   ERR_clear_system_error();

  1174.   if (s->s3->renegotiate) {

  1175.     ssl3_renegotiate_check(s);

  1176.   }

  1177. 

  1178.   return s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek);

  1179. }

  1180. 

  1181. int ssl3_read(SSL *s, void *buf, int len) {

  1182.   return ssl3_read_internal(s, buf, len, 0);

  1183. }

  1184. 

  1185. int ssl3_peek(SSL *s, void *buf, int len) {

  1186.   return ssl3_read_internal(s, buf, len, 1);

  1187. }

  1188. 

  1189. int ssl3_renegotiate(SSL *s) {

  1190.   if (s->handshake_func == NULL) {

  1191.     return 1;

  1192.   }

  1193. 

  1194.   s->s3->renegotiate = 1;

  1195.   return 1;

  1196. }

  1197. 

  1198. int ssl3_renegotiate_check(SSL *s) {

  1199.   if (s->s3->renegotiate && s->s3->rbuf.left == 0 && s->s3->wbuf.left == 0 &&

  1200.       !SSL_in_init(s)) {

  1201.     /* if we are the server, and we have sent a 'RENEGOTIATE' message, we

  1202.      * need to go to SSL_ST_ACCEPT. */

  1203.     s->state = SSL_ST_RENEGOTIATE;

  1204.     s->s3->renegotiate = 0;

  1205.     s->s3->total_renegotiations++;

  1206.     return 1;

  1207.   }

  1208. 

  1209.   return 0;

  1210. }

  1211. 

  1212. /* If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and

  1213.  * handshake macs if required. */

  1214. uint32_t ssl_get_algorithm2(SSL *s) {

  1215.   static const uint32_t kMask = SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;

  1216.   uint32_t alg2 = s->s3->tmp.new_cipher->algorithm2;

  1217.   if (s->enc_method->enc_flags & SSL_ENC_FLAG_SHA256_PRF &&

  1218.       (alg2 & kMask) == kMask) {

  1219.     return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;

  1220.   }

  1221.   return alg2;

  1222. }