|
1 /* ssl/ssl_locl.h */ |
|
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
|
3 * All rights reserved. |
|
4 * |
|
5 * This package is an SSL implementation written |
|
6 * by Eric Young (eay@cryptsoft.com). |
|
7 * The implementation was written so as to conform with Netscapes SSL. |
|
8 * |
|
9 * This library is free for commercial and non-commercial use as long as |
|
10 * the following conditions are aheared to. The following conditions |
|
11 * apply to all code found in this distribution, be it the RC4, RSA, |
|
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|
13 * included with this distribution is covered by the same copyright terms |
|
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|
15 * |
|
16 * Copyright remains Eric Young's, and as such any Copyright notices in |
|
17 * the code are not to be removed. |
|
18 * If this package is used in a product, Eric Young should be given attribution |
|
19 * as the author of the parts of the library used. |
|
20 * This can be in the form of a textual message at program startup or |
|
21 * in documentation (online or textual) provided with the package. |
|
22 * |
|
23 * Redistribution and use in source and binary forms, with or without |
|
24 * modification, are permitted provided that the following conditions |
|
25 * are met: |
|
26 * 1. Redistributions of source code must retain the copyright |
|
27 * notice, this list of conditions and the following disclaimer. |
|
28 * 2. Redistributions in binary form must reproduce the above copyright |
|
29 * notice, this list of conditions and the following disclaimer in the |
|
30 * documentation and/or other materials provided with the distribution. |
|
31 * 3. All advertising materials mentioning features or use of this software |
|
32 * must display the following acknowledgement: |
|
33 * "This product includes cryptographic software written by |
|
34 * Eric Young (eay@cryptsoft.com)" |
|
35 * The word 'cryptographic' can be left out if the rouines from the library |
|
36 * being used are not cryptographic related :-). |
|
37 * 4. If you include any Windows specific code (or a derivative thereof) from |
|
38 * the apps directory (application code) you must include an acknowledgement: |
|
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|
40 * |
|
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|
51 * SUCH DAMAGE. |
|
52 * |
|
53 * The licence and distribution terms for any publically available version or |
|
54 * derivative of this code cannot be changed. i.e. this code cannot simply be |
|
55 * copied and put under another distribution licence |
|
56 * [including the GNU Public Licence.] |
|
57 */ |
|
58 /* ==================================================================== |
|
59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. |
|
60 * |
|
61 * Redistribution and use in source and binary forms, with or without |
|
62 * modification, are permitted provided that the following conditions |
|
63 * are met: |
|
64 * |
|
65 * 1. Redistributions of source code must retain the above copyright |
|
66 * notice, this list of conditions and the following disclaimer. |
|
67 * |
|
68 * 2. Redistributions in binary form must reproduce the above copyright |
|
69 * notice, this list of conditions and the following disclaimer in |
|
70 * the documentation and/or other materials provided with the |
|
71 * distribution. |
|
72 * |
|
73 * 3. All advertising materials mentioning features or use of this |
|
74 * software must display the following acknowledgment: |
|
75 * "This product includes software developed by the OpenSSL Project |
|
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" |
|
77 * |
|
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|
79 * endorse or promote products derived from this software without |
|
80 * prior written permission. For written permission, please contact |
|
81 * openssl-core@openssl.org. |
|
82 * |
|
83 * 5. Products derived from this software may not be called "OpenSSL" |
|
84 * nor may "OpenSSL" appear in their names without prior written |
|
85 * permission of the OpenSSL Project. |
|
86 * |
|
87 * 6. Redistributions of any form whatsoever must retain the following |
|
88 * acknowledgment: |
|
89 * "This product includes software developed by the OpenSSL Project |
|
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" |
|
91 * |
|
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|
103 * OF THE POSSIBILITY OF SUCH DAMAGE. |
|
104 * ==================================================================== |
|
105 * |
|
106 * This product includes cryptographic software written by Eric Young |
|
107 * (eay@cryptsoft.com). This product includes software written by Tim |
|
108 * Hudson (tjh@cryptsoft.com). |
|
109 * |
|
110 */ |
|
111 /* ==================================================================== |
|
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. |
|
113 * ECC cipher suite support in OpenSSL originally developed by |
|
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. |
|
115 */ |
|
116 |
|
117 #ifndef HEADER_SSL_LOCL_H |
|
118 #define HEADER_SSL_LOCL_H |
|
119 #include <stdlib.h> |
|
120 #include <time.h> |
|
121 #include <string.h> |
|
122 #include <errno.h> |
|
123 |
|
124 #include "e_os.h" |
|
125 |
|
126 #include <openssl/buffer.h> |
|
127 #include <openssl/comp.h> |
|
128 #include <openssl/bio.h> |
|
129 #include <openssl/stack.h> |
|
130 #ifndef OPENSSL_NO_RSA |
|
131 #include <openssl/rsa.h> |
|
132 #endif |
|
133 #ifndef OPENSSL_NO_DSA |
|
134 #include <openssl/dsa.h> |
|
135 #endif |
|
136 #include <openssl/err.h> |
|
137 #include <openssl/ssl.h> |
|
138 #include <openssl/symhacks.h> |
|
139 |
|
140 #if (defined(SYMBIAN) && (defined(__WINSCW__) || defined(__WINS__))) |
|
141 #include "libssl_wsd.h" |
|
142 //#ifndef EMULATOR |
|
143 //#define EMULATOR (defined(SYMBIAN) && (defined(__WINSCW__) || defined(__WINS__))) |
|
144 //#endif |
|
145 #endif |
|
146 |
|
147 #ifdef OPENSSL_BUILD_SHLIBSSL |
|
148 # undef OPENSSL_EXTERN |
|
149 # define OPENSSL_EXTERN OPENSSL_EXPORT |
|
150 #endif |
|
151 |
|
152 #define PKCS1_CHECK |
|
153 |
|
154 #define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \ |
|
155 l|=(((unsigned long)(*((c)++)))<< 8), \ |
|
156 l|=(((unsigned long)(*((c)++)))<<16), \ |
|
157 l|=(((unsigned long)(*((c)++)))<<24)) |
|
158 |
|
159 /* NOTE - c is not incremented as per c2l */ |
|
160 #define c2ln(c,l1,l2,n) { \ |
|
161 c+=n; \ |
|
162 l1=l2=0; \ |
|
163 switch (n) { \ |
|
164 case 8: l2 =((unsigned long)(*(--(c))))<<24; \ |
|
165 case 7: l2|=((unsigned long)(*(--(c))))<<16; \ |
|
166 case 6: l2|=((unsigned long)(*(--(c))))<< 8; \ |
|
167 case 5: l2|=((unsigned long)(*(--(c)))); \ |
|
168 case 4: l1 =((unsigned long)(*(--(c))))<<24; \ |
|
169 case 3: l1|=((unsigned long)(*(--(c))))<<16; \ |
|
170 case 2: l1|=((unsigned long)(*(--(c))))<< 8; \ |
|
171 case 1: l1|=((unsigned long)(*(--(c)))); \ |
|
172 } \ |
|
173 } |
|
174 |
|
175 #define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ |
|
176 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ |
|
177 *((c)++)=(unsigned char)(((l)>>16)&0xff), \ |
|
178 *((c)++)=(unsigned char)(((l)>>24)&0xff)) |
|
179 |
|
180 #define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \ |
|
181 l|=((unsigned long)(*((c)++)))<<16, \ |
|
182 l|=((unsigned long)(*((c)++)))<< 8, \ |
|
183 l|=((unsigned long)(*((c)++)))) |
|
184 |
|
185 #define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ |
|
186 *((c)++)=(unsigned char)(((l)>>16)&0xff), \ |
|
187 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ |
|
188 *((c)++)=(unsigned char)(((l) )&0xff)) |
|
189 |
|
190 #define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \ |
|
191 *((c)++)=(unsigned char)(((l)>>32)&0xff), \ |
|
192 *((c)++)=(unsigned char)(((l)>>24)&0xff), \ |
|
193 *((c)++)=(unsigned char)(((l)>>16)&0xff), \ |
|
194 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ |
|
195 *((c)++)=(unsigned char)(((l) )&0xff)) |
|
196 |
|
197 #define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \ |
|
198 l|=((BN_ULLONG)(*((c)++)))<<32, \ |
|
199 l|=((BN_ULLONG)(*((c)++)))<<24, \ |
|
200 l|=((BN_ULLONG)(*((c)++)))<<16, \ |
|
201 l|=((BN_ULLONG)(*((c)++)))<< 8, \ |
|
202 l|=((BN_ULLONG)(*((c)++)))) |
|
203 |
|
204 /* NOTE - c is not incremented as per l2c */ |
|
205 #define l2cn(l1,l2,c,n) { \ |
|
206 c+=n; \ |
|
207 switch (n) { \ |
|
208 case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ |
|
209 case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ |
|
210 case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ |
|
211 case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ |
|
212 case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ |
|
213 case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ |
|
214 case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ |
|
215 case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ |
|
216 } \ |
|
217 } |
|
218 |
|
219 #define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \ |
|
220 (((unsigned int)(c[1])) )),c+=2) |
|
221 #define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \ |
|
222 c[1]=(unsigned char)(((s) )&0xff)),c+=2) |
|
223 |
|
224 #define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \ |
|
225 (((unsigned long)(c[1]))<< 8)| \ |
|
226 (((unsigned long)(c[2])) )),c+=3) |
|
227 |
|
228 #define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \ |
|
229 c[1]=(unsigned char)(((l)>> 8)&0xff), \ |
|
230 c[2]=(unsigned char)(((l) )&0xff)),c+=3) |
|
231 |
|
232 /* LOCAL STUFF */ |
|
233 |
|
234 #define SSL_DECRYPT 0 |
|
235 #define SSL_ENCRYPT 1 |
|
236 |
|
237 #define TWO_BYTE_BIT 0x80 |
|
238 #define SEC_ESC_BIT 0x40 |
|
239 #define TWO_BYTE_MASK 0x7fff |
|
240 #define THREE_BYTE_MASK 0x3fff |
|
241 |
|
242 #define INC32(a) ((a)=((a)+1)&0xffffffffL) |
|
243 #define DEC32(a) ((a)=((a)-1)&0xffffffffL) |
|
244 #define MAX_MAC_SIZE 20 /* up from 16 for SSLv3 */ |
|
245 |
|
246 /* |
|
247 * Define the Bitmasks for SSL_CIPHER.algorithms. |
|
248 * This bits are used packed as dense as possible. If new methods/ciphers |
|
249 * etc will be added, the bits a likely to change, so this information |
|
250 * is for internal library use only, even though SSL_CIPHER.algorithms |
|
251 * can be publicly accessed. |
|
252 * Use the according functions for cipher management instead. |
|
253 * |
|
254 * The bit mask handling in the selection and sorting scheme in |
|
255 * ssl_create_cipher_list() has only limited capabilities, reflecting |
|
256 * that the different entities within are mutually exclusive: |
|
257 * ONLY ONE BIT PER MASK CAN BE SET AT A TIME. |
|
258 */ |
|
259 #define SSL_MKEY_MASK 0x000000FFL |
|
260 #define SSL_kRSA 0x00000001L /* RSA key exchange */ |
|
261 #define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */ |
|
262 #define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */ |
|
263 #define SSL_kFZA 0x00000008L |
|
264 #define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */ |
|
265 #define SSL_kKRB5 0x00000020L /* Kerberos5 key exchange */ |
|
266 #define SSL_kECDH 0x00000040L /* ECDH w/ long-term keys */ |
|
267 #define SSL_kECDHE 0x00000080L /* ephemeral ECDH */ |
|
268 #define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL)) |
|
269 |
|
270 #define SSL_AUTH_MASK 0x00007F00L |
|
271 #define SSL_aRSA 0x00000100L /* Authenticate with RSA */ |
|
272 #define SSL_aDSS 0x00000200L /* Authenticate with DSS */ |
|
273 #define SSL_DSS SSL_aDSS |
|
274 #define SSL_aFZA 0x00000400L |
|
275 #define SSL_aNULL 0x00000800L /* no Authenticate, ADH */ |
|
276 #define SSL_aDH 0x00001000L /* no Authenticate, ADH */ |
|
277 #define SSL_aKRB5 0x00002000L /* Authenticate with KRB5 */ |
|
278 #define SSL_aECDSA 0x00004000L /* Authenticate with ECDSA */ |
|
279 |
|
280 #define SSL_NULL (SSL_eNULL) |
|
281 #define SSL_ADH (SSL_kEDH|SSL_aNULL) |
|
282 #define SSL_RSA (SSL_kRSA|SSL_aRSA) |
|
283 #define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH) |
|
284 #define SSL_ECDH (SSL_kECDH|SSL_kECDHE) |
|
285 #define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA) |
|
286 #define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5) |
|
287 |
|
288 #define SSL_ENC_MASK 0x043F8000L |
|
289 #define SSL_DES 0x00008000L |
|
290 #define SSL_3DES 0x00010000L |
|
291 #define SSL_RC4 0x00020000L |
|
292 #define SSL_RC2 0x00040000L |
|
293 #define SSL_IDEA 0x00080000L |
|
294 #define SSL_eFZA 0x00100000L |
|
295 #define SSL_eNULL 0x00200000L |
|
296 #define SSL_AES 0x04000000L |
|
297 |
|
298 |
|
299 |
|
300 #define SSL_MAC_MASK 0x00c00000L |
|
301 #define SSL_MD5 0x00400000L |
|
302 #define SSL_SHA1 0x00800000L |
|
303 #define SSL_SHA (SSL_SHA1) |
|
304 |
|
305 #define SSL_SSL_MASK 0x03000000L |
|
306 #define SSL_SSLV2 0x01000000L |
|
307 #define SSL_SSLV3 0x02000000L |
|
308 #define SSL_TLSV1 SSL_SSLV3 /* for now */ |
|
309 |
|
310 /* we have used 07ffffff - 5 bits left to go. */ |
|
311 |
|
312 /* |
|
313 * Export and cipher strength information. For each cipher we have to decide |
|
314 * whether it is exportable or not. This information is likely to change |
|
315 * over time, since the export control rules are no static technical issue. |
|
316 * |
|
317 * Independent of the export flag the cipher strength is sorted into classes. |
|
318 * SSL_EXP40 was denoting the 40bit US export limit of past times, which now |
|
319 * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change |
|
320 * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more, |
|
321 * since SSL_EXP64 could be similar to SSL_LOW. |
|
322 * For this reason SSL_MICRO and SSL_MINI macros are included to widen the |
|
323 * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed |
|
324 * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would |
|
325 * be possible. |
|
326 */ |
|
327 #define SSL_EXP_MASK 0x00000003L |
|
328 #define SSL_NOT_EXP 0x00000001L |
|
329 #define SSL_EXPORT 0x00000002L |
|
330 |
|
331 #define SSL_STRONG_MASK 0x000000fcL |
|
332 #define SSL_STRONG_NONE 0x00000004L |
|
333 #define SSL_EXP40 0x00000008L |
|
334 #define SSL_MICRO (SSL_EXP40) |
|
335 #define SSL_EXP56 0x00000010L |
|
336 #define SSL_MINI (SSL_EXP56) |
|
337 #define SSL_LOW 0x00000020L |
|
338 #define SSL_MEDIUM 0x00000040L |
|
339 #define SSL_HIGH 0x00000080L |
|
340 |
|
341 /* we have used 000000ff - 24 bits left to go */ |
|
342 |
|
343 /* |
|
344 * Macros to check the export status and cipher strength for export ciphers. |
|
345 * Even though the macros for EXPORT and EXPORT40/56 have similar names, |
|
346 * their meaning is different: |
|
347 * *_EXPORT macros check the 'exportable' status. |
|
348 * *_EXPORT40/56 macros are used to check whether a certain cipher strength |
|
349 * is given. |
|
350 * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct |
|
351 * algorithm structure element to be passed (algorithms, algo_strength) and no |
|
352 * typechecking can be done as they are all of type unsigned long, their |
|
353 * direct usage is discouraged. |
|
354 * Use the SSL_C_* macros instead. |
|
355 */ |
|
356 #define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT) |
|
357 #define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56) |
|
358 #define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40) |
|
359 #define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength) |
|
360 #define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength) |
|
361 #define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength) |
|
362 |
|
363 #define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \ |
|
364 ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7) |
|
365 #define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024) |
|
366 #define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithms, \ |
|
367 (c)->algo_strength) |
|
368 #define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength) |
|
369 |
|
370 |
|
371 #define SSL_ALL 0xffffffffL |
|
372 #define SSL_ALL_CIPHERS (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\ |
|
373 SSL_MAC_MASK) |
|
374 #define SSL_ALL_STRENGTHS (SSL_EXP_MASK|SSL_STRONG_MASK) |
|
375 |
|
376 /* Mostly for SSLv3 */ |
|
377 #define SSL_PKEY_RSA_ENC 0 |
|
378 #define SSL_PKEY_RSA_SIGN 1 |
|
379 #define SSL_PKEY_DSA_SIGN 2 |
|
380 #define SSL_PKEY_DH_RSA 3 |
|
381 #define SSL_PKEY_DH_DSA 4 |
|
382 #define SSL_PKEY_ECC 5 |
|
383 #define SSL_PKEY_NUM 6 |
|
384 |
|
385 /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | |
|
386 * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) |
|
387 * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) |
|
388 * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN |
|
389 * SSL_aRSA <- RSA_ENC | RSA_SIGN |
|
390 * SSL_aDSS <- DSA_SIGN |
|
391 */ |
|
392 |
|
393 /* |
|
394 #define CERT_INVALID 0 |
|
395 #define CERT_PUBLIC_KEY 1 |
|
396 #define CERT_PRIVATE_KEY 2 |
|
397 */ |
|
398 |
|
399 #ifndef OPENSSL_NO_EC |
|
400 /* From ECC-TLS draft, used in encoding the curve type in |
|
401 * ECParameters |
|
402 */ |
|
403 #define EXPLICIT_PRIME_CURVE_TYPE 1 |
|
404 #define EXPLICIT_CHAR2_CURVE_TYPE 2 |
|
405 #define NAMED_CURVE_TYPE 3 |
|
406 #endif /* OPENSSL_NO_EC */ |
|
407 |
|
408 typedef struct cert_pkey_st |
|
409 { |
|
410 X509 *x509; |
|
411 EVP_PKEY *privatekey; |
|
412 } CERT_PKEY; |
|
413 |
|
414 typedef struct cert_st |
|
415 { |
|
416 /* Current active set */ |
|
417 CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array |
|
418 * Probably it would make more sense to store |
|
419 * an index, not a pointer. */ |
|
420 |
|
421 /* The following masks are for the key and auth |
|
422 * algorithms that are supported by the certs below */ |
|
423 int valid; |
|
424 unsigned long mask; |
|
425 unsigned long export_mask; |
|
426 #ifndef OPENSSL_NO_RSA |
|
427 RSA *rsa_tmp; |
|
428 RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize); |
|
429 #endif |
|
430 #ifndef OPENSSL_NO_DH |
|
431 DH *dh_tmp; |
|
432 DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize); |
|
433 #endif |
|
434 #ifndef OPENSSL_NO_ECDH |
|
435 EC_KEY *ecdh_tmp; |
|
436 /* Callback for generating ephemeral ECDH keys */ |
|
437 EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize); |
|
438 #endif |
|
439 |
|
440 CERT_PKEY pkeys[SSL_PKEY_NUM]; |
|
441 |
|
442 int references; /* >1 only if SSL_copy_session_id is used */ |
|
443 } CERT; |
|
444 |
|
445 typedef struct sess_cert_st |
|
446 { |
|
447 STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */ |
|
448 |
|
449 /* The 'peer_...' members are used only by clients. */ |
|
450 int peer_cert_type; |
|
451 |
|
452 CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */ |
|
453 CERT_PKEY peer_pkeys[SSL_PKEY_NUM]; |
|
454 /* Obviously we don't have the private keys of these, |
|
455 * so maybe we shouldn't even use the CERT_PKEY type here. */ |
|
456 |
|
457 #ifndef OPENSSL_NO_RSA |
|
458 RSA *peer_rsa_tmp; /* not used for SSL 2 */ |
|
459 #endif |
|
460 #ifndef OPENSSL_NO_DH |
|
461 DH *peer_dh_tmp; /* not used for SSL 2 */ |
|
462 #endif |
|
463 #ifndef OPENSSL_NO_ECDH |
|
464 EC_KEY *peer_ecdh_tmp; |
|
465 #endif |
|
466 |
|
467 int references; /* actually always 1 at the moment */ |
|
468 } SESS_CERT; |
|
469 |
|
470 |
|
471 /*#define MAC_DEBUG */ |
|
472 |
|
473 /*#define ERR_DEBUG */ |
|
474 /*#define ABORT_DEBUG */ |
|
475 /*#define PKT_DEBUG 1 */ |
|
476 /*#define DES_DEBUG */ |
|
477 /*#define DES_OFB_DEBUG */ |
|
478 /*#define SSL_DEBUG */ |
|
479 /*#define RSA_DEBUG */ |
|
480 /*#define IDEA_DEBUG */ |
|
481 |
|
482 #define FP_ICC (int (*)(const void *,const void *)) |
|
483 #define ssl_put_cipher_by_char(ssl,ciph,ptr) \ |
|
484 ((ssl)->method->put_cipher_by_char((ciph),(ptr))) |
|
485 #define ssl_get_cipher_by_char(ssl,ptr) \ |
|
486 ((ssl)->method->get_cipher_by_char(ptr)) |
|
487 |
|
488 #ifndef EMULATOR |
|
489 /* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff |
|
490 * It is a bit of a mess of functions, but hell, think of it as |
|
491 * an opaque structure :-) */ |
|
492 typedef struct ssl3_enc_method |
|
493 { |
|
494 int (*enc)(SSL *, int); |
|
495 int (*mac)(SSL *, unsigned char *, int); |
|
496 int (*setup_key_block)(SSL *); |
|
497 int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int); |
|
498 int (*change_cipher_state)(SSL *, int); |
|
499 int (*final_finish_mac)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char *, int, unsigned char *); |
|
500 int finish_mac_length; |
|
501 int (*cert_verify_mac)(SSL *, EVP_MD_CTX *, unsigned char *); |
|
502 const char *client_finished_label; |
|
503 int client_finished_label_len; |
|
504 const char *server_finished_label; |
|
505 int server_finished_label_len; |
|
506 int (*alert_value)(int); |
|
507 } SSL3_ENC_METHOD; |
|
508 #endif |
|
509 /* Used for holding the relevant compression methods loaded into SSL_CTX */ |
|
510 typedef struct ssl3_comp_st |
|
511 { |
|
512 int comp_id; /* The identifier byte for this compression type */ |
|
513 char *name; /* Text name used for the compression type */ |
|
514 COMP_METHOD *method; /* The method :-) */ |
|
515 } SSL3_COMP; |
|
516 |
|
517 #ifndef EMULATOR |
|
518 |
|
519 extern SSL3_ENC_METHOD ssl3_undef_enc_method; |
|
520 OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[]; |
|
521 OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[]; |
|
522 |
|
523 #else |
|
524 |
|
525 //GET_GLOBAL_VAR_FROM_TLS(ssl3_undef_enc_method,ssl_lib,SSL3_ENC_METHOD) |
|
526 //#define ssl3_undef_enc_method (GET_WSD_VAR_NAME(ssl3_undef_enc_method,ssl_lib,g)()) |
|
527 |
|
528 |
|
529 //GET_GLOBAL_ARRAY_FROM_TLS(ssl2_ciphers,s2_lib,SSL_CIPHER) |
|
530 |
|
531 //#define ssl2_ciphers (GET_WSD_VAR_NAME(ssl2_ciphers,s2_lib,g)()) |
|
532 |
|
533 |
|
534 //GET_GLOBAL_ARRAY_FROM_TLS(ssl3_ciphers,s3_lib,SSL_CIPHER) |
|
535 |
|
536 //#define ssl3_ciphers (GET_WSD_VAR_NAME(ssl3_ciphers,s3_lib,g)()) |
|
537 |
|
538 #endif |
|
539 |
|
540 //extern const SSL3_ENC_METHOD ssl3_undef_enc_method; |
|
541 //OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[]; |
|
542 //OPENSSL_EXTERN const SSL_CIPHER ssl3_ciphers[]; |
|
543 |
|
544 //#endif |
|
545 |
|
546 SSL_METHOD *ssl_bad_method(int ver); |
|
547 SSL_METHOD *sslv2_base_method(void); |
|
548 SSL_METHOD *sslv23_base_method(void); |
|
549 SSL_METHOD *sslv3_base_method(void); |
|
550 |
|
551 |
|
552 |
|
553 #ifndef EMULATOR |
|
554 |
|
555 extern SSL3_ENC_METHOD DTLSv1_enc_data; |
|
556 extern SSL3_ENC_METHOD TLSv1_enc_data; |
|
557 extern SSL3_ENC_METHOD SSLv3_enc_data; |
|
558 |
|
559 #endif |
|
560 |
|
561 #ifdef EMULATOR |
|
562 |
|
563 #define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \ |
|
564 SSL_METHOD *func_name(void) \ |
|
565 { \ |
|
566 return &func_name##_data; \ |
|
567 }\ |
|
568 const SSL_METHOD temp_##func_name##_data= { \ |
|
569 TLS1_VERSION, \ |
|
570 tls1_new, \ |
|
571 tls1_clear, \ |
|
572 tls1_free, \ |
|
573 s_accept, \ |
|
574 s_connect, \ |
|
575 ssl23_read, \ |
|
576 ssl23_peek, \ |
|
577 ssl23_write, \ |
|
578 ssl_undefined_function, \ |
|
579 ssl_undefined_function, \ |
|
580 ssl_ok, \ |
|
581 ssl3_get_message, \ |
|
582 ssl3_read_bytes, \ |
|
583 ssl3_write_bytes, \ |
|
584 ssl3_dispatch_alert, \ |
|
585 ssl3_ctrl, \ |
|
586 ssl3_ctx_ctrl, \ |
|
587 ssl23_get_cipher_by_char, \ |
|
588 ssl23_put_cipher_by_char, \ |
|
589 ssl_undefined_const_function, \ |
|
590 ssl23_num_ciphers, \ |
|
591 ssl23_get_cipher, \ |
|
592 s_get_meth, \ |
|
593 ssl23_default_timeout, \ |
|
594 /*&ssl3_undef_enc_method*/NULL, \ |
|
595 ssl_undefined_void_function, \ |
|
596 ssl3_callback_ctrl, \ |
|
597 ssl3_ctx_callback_ctrl, \ |
|
598 }; |
|
599 |
|
600 |
|
601 #define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \ |
|
602 \ |
|
603 SSL_METHOD *func_name(void) \ |
|
604 { \ |
|
605 return &func_name##_data; \ |
|
606 }\ |
|
607 const SSL_METHOD temp_##func_name##_data= { \ |
|
608 SSL2_VERSION, \ |
|
609 ssl2_new, /* local */ \ |
|
610 ssl2_clear, /* local */ \ |
|
611 ssl2_free, /* local */ \ |
|
612 s_accept, \ |
|
613 s_connect, \ |
|
614 ssl2_read, \ |
|
615 ssl2_peek, \ |
|
616 ssl2_write, \ |
|
617 ssl2_shutdown, \ |
|
618 ssl_ok, /* NULL - renegotiate */ \ |
|
619 ssl_ok, /* NULL - check renegotiate */ \ |
|
620 NULL, /* NULL - ssl_get_message */ \ |
|
621 NULL, /* NULL - ssl_get_record */ \ |
|
622 NULL, /* NULL - ssl_write_bytes */ \ |
|
623 NULL, /* NULL - dispatch_alert */ \ |
|
624 ssl2_ctrl, /* local */ \ |
|
625 ssl2_ctx_ctrl, /* local */ \ |
|
626 ssl2_get_cipher_by_char, \ |
|
627 ssl2_put_cipher_by_char, \ |
|
628 ssl2_pending, \ |
|
629 ssl2_num_ciphers, \ |
|
630 ssl2_get_cipher, \ |
|
631 s_get_meth, \ |
|
632 ssl2_default_timeout, \ |
|
633 /*&ssl3_undef_enc_method*/NULL, \ |
|
634 ssl_undefined_void_function, \ |
|
635 ssl2_callback_ctrl, /* local */ \ |
|
636 ssl2_ctx_callback_ctrl, /* local */ \ |
|
637 }; |
|
638 |
|
639 #define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ |
|
640 \ |
|
641 SSL_METHOD *func_name(void) \ |
|
642 { \ |
|
643 return &func_name##_data; \ |
|
644 }\ |
|
645 const SSL_METHOD temp_##func_name##_data= { \ |
|
646 DTLS1_VERSION, \ |
|
647 dtls1_new, \ |
|
648 dtls1_clear, \ |
|
649 dtls1_free, \ |
|
650 s_accept, \ |
|
651 s_connect, \ |
|
652 ssl3_read, \ |
|
653 ssl3_peek, \ |
|
654 ssl3_write, \ |
|
655 ssl3_shutdown, \ |
|
656 ssl3_renegotiate, \ |
|
657 ssl3_renegotiate_check, \ |
|
658 dtls1_get_message, \ |
|
659 dtls1_read_bytes, \ |
|
660 dtls1_write_app_data_bytes, \ |
|
661 dtls1_dispatch_alert, \ |
|
662 ssl3_ctrl, \ |
|
663 ssl3_ctx_ctrl, \ |
|
664 ssl3_get_cipher_by_char, \ |
|
665 ssl3_put_cipher_by_char, \ |
|
666 ssl3_pending, \ |
|
667 ssl3_num_ciphers, \ |
|
668 ssl3_get_cipher, \ |
|
669 s_get_meth, \ |
|
670 dtls1_default_timeout, \ |
|
671 /*&DTLSv1_enc_data*/NULL,\ |
|
672 ssl_undefined_void_function, \ |
|
673 ssl3_callback_ctrl, \ |
|
674 ssl3_ctx_callback_ctrl, \ |
|
675 }; |
|
676 |
|
677 |
|
678 |
|
679 #define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \ |
|
680 \ |
|
681 SSL_METHOD *func_name(void) \ |
|
682 { \ |
|
683 return &func_name##_data; \ |
|
684 }\ |
|
685 const SSL_METHOD temp_##func_name##_data= { \ |
|
686 SSL3_VERSION, \ |
|
687 ssl3_new, \ |
|
688 ssl3_clear, \ |
|
689 ssl3_free, \ |
|
690 s_accept, \ |
|
691 s_connect, \ |
|
692 ssl3_read, \ |
|
693 ssl3_peek, \ |
|
694 ssl3_write, \ |
|
695 ssl3_shutdown, \ |
|
696 ssl3_renegotiate, \ |
|
697 ssl3_renegotiate_check, \ |
|
698 ssl3_get_message, \ |
|
699 ssl3_read_bytes, \ |
|
700 ssl3_write_bytes, \ |
|
701 ssl3_dispatch_alert, \ |
|
702 ssl3_ctrl, \ |
|
703 ssl3_ctx_ctrl, \ |
|
704 ssl3_get_cipher_by_char, \ |
|
705 ssl3_put_cipher_by_char, \ |
|
706 ssl3_pending, \ |
|
707 ssl3_num_ciphers, \ |
|
708 ssl3_get_cipher, \ |
|
709 s_get_meth, \ |
|
710 ssl3_default_timeout, \ |
|
711 /*&SSLv3_enc_data*/NULL, \ |
|
712 ssl_undefined_void_function, \ |
|
713 ssl3_callback_ctrl, \ |
|
714 ssl3_ctx_callback_ctrl, \ |
|
715 }; |
|
716 |
|
717 #define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ |
|
718 \ |
|
719 SSL_METHOD *func_name(void) \ |
|
720 { \ |
|
721 return &func_name##_data; \ |
|
722 }\ |
|
723 const SSL_METHOD temp_##func_name##_data= { \ |
|
724 TLS1_VERSION, \ |
|
725 tls1_new, \ |
|
726 tls1_clear, \ |
|
727 tls1_free, \ |
|
728 s_accept, \ |
|
729 s_connect, \ |
|
730 ssl3_read, \ |
|
731 ssl3_peek, \ |
|
732 ssl3_write, \ |
|
733 ssl3_shutdown, \ |
|
734 ssl3_renegotiate, \ |
|
735 ssl3_renegotiate_check, \ |
|
736 ssl3_get_message, \ |
|
737 ssl3_read_bytes, \ |
|
738 ssl3_write_bytes, \ |
|
739 ssl3_dispatch_alert, \ |
|
740 ssl3_ctrl, \ |
|
741 ssl3_ctx_ctrl, \ |
|
742 ssl3_get_cipher_by_char, \ |
|
743 ssl3_put_cipher_by_char, \ |
|
744 ssl3_pending, \ |
|
745 ssl3_num_ciphers, \ |
|
746 ssl3_get_cipher, \ |
|
747 s_get_meth, \ |
|
748 tls1_default_timeout, \ |
|
749 /* &TLSv1_enc_data */NULL, \ |
|
750 ssl_undefined_void_function, \ |
|
751 ssl3_callback_ctrl, \ |
|
752 ssl3_ctx_callback_ctrl, \ |
|
753 }; |
|
754 |
|
755 #else /* #endif *//* EMULATOR */ |
|
756 |
|
757 |
|
758 #define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ |
|
759 SSL_METHOD *func_name(void) \ |
|
760 { \ |
|
761 static SSL_METHOD func_name##_data= { \ |
|
762 TLS1_VERSION, \ |
|
763 tls1_new, \ |
|
764 tls1_clear, \ |
|
765 tls1_free, \ |
|
766 s_accept, \ |
|
767 s_connect, \ |
|
768 ssl3_read, \ |
|
769 ssl3_peek, \ |
|
770 ssl3_write, \ |
|
771 ssl3_shutdown, \ |
|
772 ssl3_renegotiate, \ |
|
773 ssl3_renegotiate_check, \ |
|
774 ssl3_get_message, \ |
|
775 ssl3_read_bytes, \ |
|
776 ssl3_write_bytes, \ |
|
777 ssl3_dispatch_alert, \ |
|
778 ssl3_ctrl, \ |
|
779 ssl3_ctx_ctrl, \ |
|
780 ssl3_get_cipher_by_char, \ |
|
781 ssl3_put_cipher_by_char, \ |
|
782 ssl3_pending, \ |
|
783 ssl3_num_ciphers, \ |
|
784 ssl3_get_cipher, \ |
|
785 s_get_meth, \ |
|
786 tls1_default_timeout, \ |
|
787 &TLSv1_enc_data, \ |
|
788 ssl_undefined_void_function, \ |
|
789 ssl3_callback_ctrl, \ |
|
790 ssl3_ctx_callback_ctrl, \ |
|
791 }; \ |
|
792 return &func_name##_data; \ |
|
793 } |
|
794 |
|
795 #define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \ |
|
796 SSL_METHOD *func_name(void) \ |
|
797 { \ |
|
798 static SSL_METHOD func_name##_data= { \ |
|
799 SSL3_VERSION, \ |
|
800 ssl3_new, \ |
|
801 ssl3_clear, \ |
|
802 ssl3_free, \ |
|
803 s_accept, \ |
|
804 s_connect, \ |
|
805 ssl3_read, \ |
|
806 ssl3_peek, \ |
|
807 ssl3_write, \ |
|
808 ssl3_shutdown, \ |
|
809 ssl3_renegotiate, \ |
|
810 ssl3_renegotiate_check, \ |
|
811 ssl3_get_message, \ |
|
812 ssl3_read_bytes, \ |
|
813 ssl3_write_bytes, \ |
|
814 ssl3_dispatch_alert, \ |
|
815 ssl3_ctrl, \ |
|
816 ssl3_ctx_ctrl, \ |
|
817 ssl3_get_cipher_by_char, \ |
|
818 ssl3_put_cipher_by_char, \ |
|
819 ssl3_pending, \ |
|
820 ssl3_num_ciphers, \ |
|
821 ssl3_get_cipher, \ |
|
822 s_get_meth, \ |
|
823 ssl3_default_timeout, \ |
|
824 &SSLv3_enc_data, \ |
|
825 ssl_undefined_void_function, \ |
|
826 ssl3_callback_ctrl, \ |
|
827 ssl3_ctx_callback_ctrl, \ |
|
828 }; \ |
|
829 return &func_name##_data; \ |
|
830 } |
|
831 |
|
832 |
|
833 #define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \ |
|
834 SSL_METHOD *func_name(void) \ |
|
835 { \ |
|
836 static SSL_METHOD func_name##_data= { \ |
|
837 TLS1_VERSION, \ |
|
838 tls1_new, \ |
|
839 tls1_clear, \ |
|
840 tls1_free, \ |
|
841 s_accept, \ |
|
842 s_connect, \ |
|
843 ssl23_read, \ |
|
844 ssl23_peek, \ |
|
845 ssl23_write, \ |
|
846 ssl_undefined_function, \ |
|
847 ssl_undefined_function, \ |
|
848 ssl_ok, \ |
|
849 ssl3_get_message, \ |
|
850 ssl3_read_bytes, \ |
|
851 ssl3_write_bytes, \ |
|
852 ssl3_dispatch_alert, \ |
|
853 ssl3_ctrl, \ |
|
854 ssl3_ctx_ctrl, \ |
|
855 ssl23_get_cipher_by_char, \ |
|
856 ssl23_put_cipher_by_char, \ |
|
857 ssl_undefined_const_function, \ |
|
858 ssl23_num_ciphers, \ |
|
859 ssl23_get_cipher, \ |
|
860 s_get_meth, \ |
|
861 ssl23_default_timeout, \ |
|
862 &ssl3_undef_enc_method, \ |
|
863 ssl_undefined_void_function, \ |
|
864 ssl3_callback_ctrl, \ |
|
865 ssl3_ctx_callback_ctrl, \ |
|
866 }; \ |
|
867 return &func_name##_data; \ |
|
868 } |
|
869 |
|
870 |
|
871 #define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \ |
|
872 SSL_METHOD *func_name(void) \ |
|
873 { \ |
|
874 static SSL_METHOD func_name##_data= { \ |
|
875 SSL2_VERSION, \ |
|
876 ssl2_new, /* local */ \ |
|
877 ssl2_clear, /* local */ \ |
|
878 ssl2_free, /* local */ \ |
|
879 s_accept, \ |
|
880 s_connect, \ |
|
881 ssl2_read, \ |
|
882 ssl2_peek, \ |
|
883 ssl2_write, \ |
|
884 ssl2_shutdown, \ |
|
885 ssl_ok, /* NULL - renegotiate */ \ |
|
886 ssl_ok, /* NULL - check renegotiate */ \ |
|
887 NULL, /* NULL - ssl_get_message */ \ |
|
888 NULL, /* NULL - ssl_get_record */ \ |
|
889 NULL, /* NULL - ssl_write_bytes */ \ |
|
890 NULL, /* NULL - dispatch_alert */ \ |
|
891 ssl2_ctrl, /* local */ \ |
|
892 ssl2_ctx_ctrl, /* local */ \ |
|
893 ssl2_get_cipher_by_char, \ |
|
894 ssl2_put_cipher_by_char, \ |
|
895 ssl2_pending, \ |
|
896 ssl2_num_ciphers, \ |
|
897 ssl2_get_cipher, \ |
|
898 s_get_meth, \ |
|
899 ssl2_default_timeout, \ |
|
900 &ssl3_undef_enc_method, \ |
|
901 ssl_undefined_void_function, \ |
|
902 ssl2_callback_ctrl, /* local */ \ |
|
903 ssl2_ctx_callback_ctrl, /* local */ \ |
|
904 }; \ |
|
905 return &func_name##_data; \ |
|
906 } |
|
907 |
|
908 |
|
909 #define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ |
|
910 SSL_METHOD *func_name(void) \ |
|
911 { \ |
|
912 static SSL_METHOD func_name##_data= { \ |
|
913 DTLS1_VERSION, \ |
|
914 dtls1_new, \ |
|
915 dtls1_clear, \ |
|
916 dtls1_free, \ |
|
917 s_accept, \ |
|
918 s_connect, \ |
|
919 ssl3_read, \ |
|
920 ssl3_peek, \ |
|
921 ssl3_write, \ |
|
922 ssl3_shutdown, \ |
|
923 ssl3_renegotiate, \ |
|
924 ssl3_renegotiate_check, \ |
|
925 dtls1_get_message, \ |
|
926 dtls1_read_bytes, \ |
|
927 dtls1_write_app_data_bytes, \ |
|
928 dtls1_dispatch_alert, \ |
|
929 ssl3_ctrl, \ |
|
930 ssl3_ctx_ctrl, \ |
|
931 ssl3_get_cipher_by_char, \ |
|
932 ssl3_put_cipher_by_char, \ |
|
933 ssl3_pending, \ |
|
934 ssl3_num_ciphers, \ |
|
935 ssl3_get_cipher, \ |
|
936 s_get_meth, \ |
|
937 dtls1_default_timeout, \ |
|
938 &DTLSv1_enc_data, \ |
|
939 ssl_undefined_void_function, \ |
|
940 ssl3_callback_ctrl, \ |
|
941 ssl3_ctx_callback_ctrl, \ |
|
942 }; \ |
|
943 return &func_name##_data; \ |
|
944 } |
|
945 |
|
946 |
|
947 #endif /* EMULATOR */ |
|
948 |
|
949 void ssl_clear_cipher_ctx(SSL *s); |
|
950 int ssl_clear_bad_session(SSL *s); |
|
951 CERT *ssl_cert_new(void); |
|
952 CERT *ssl_cert_dup(CERT *cert); |
|
953 int ssl_cert_inst(CERT **o); |
|
954 void ssl_cert_free(CERT *c); |
|
955 SESS_CERT *ssl_sess_cert_new(void); |
|
956 void ssl_sess_cert_free(SESS_CERT *sc); |
|
957 int ssl_set_peer_cert_type(SESS_CERT *c, int type); |
|
958 int ssl_get_new_session(SSL *s, int session); |
|
959 int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit); |
|
960 int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b); |
|
961 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, |
|
962 const SSL_CIPHER * const *bp); |
|
963 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, |
|
964 STACK_OF(SSL_CIPHER) **skp); |
|
965 int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, |
|
966 int (*put_cb)(const SSL_CIPHER *, unsigned char *)); |
|
967 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, |
|
968 STACK_OF(SSL_CIPHER) **pref, |
|
969 STACK_OF(SSL_CIPHER) **sorted, |
|
970 const char *rule_str); |
|
971 void ssl_update_cache(SSL *s, int mode); |
|
972 int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc, |
|
973 const EVP_MD **md,SSL_COMP **comp); |
|
974 int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); |
|
975 int ssl_undefined_function(SSL *s); |
|
976 int ssl_undefined_void_function(void); |
|
977 int ssl_undefined_const_function(const SSL *s); |
|
978 X509 *ssl_get_server_send_cert(SSL *); |
|
979 EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *); |
|
980 int ssl_cert_type(X509 *x,EVP_PKEY *pkey); |
|
981 void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher); |
|
982 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); |
|
983 int ssl_verify_alarm_type(long type); |
|
984 void ssl_load_ciphers(void); |
|
985 |
|
986 int ssl2_enc_init(SSL *s, int client); |
|
987 int ssl2_generate_key_material(SSL *s); |
|
988 void ssl2_enc(SSL *s,int send_data); |
|
989 void ssl2_mac(SSL *s,unsigned char *mac,int send_data); |
|
990 SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); |
|
991 int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); |
|
992 int ssl2_part_read(SSL *s, unsigned long f, int i); |
|
993 int ssl2_do_write(SSL *s); |
|
994 int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data); |
|
995 void ssl2_return_error(SSL *s,int reason); |
|
996 void ssl2_write_error(SSL *s); |
|
997 int ssl2_num_ciphers(void); |
|
998 SSL_CIPHER *ssl2_get_cipher(unsigned int u); |
|
999 int ssl2_new(SSL *s); |
|
1000 void ssl2_free(SSL *s); |
|
1001 int ssl2_accept(SSL *s); |
|
1002 int ssl2_connect(SSL *s); |
|
1003 int ssl2_read(SSL *s, void *buf, int len); |
|
1004 int ssl2_peek(SSL *s, void *buf, int len); |
|
1005 int ssl2_write(SSL *s, const void *buf, int len); |
|
1006 int ssl2_shutdown(SSL *s); |
|
1007 void ssl2_clear(SSL *s); |
|
1008 long ssl2_ctrl(SSL *s,int cmd, long larg, void *parg); |
|
1009 long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); |
|
1010 long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); |
|
1011 long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void)); |
|
1012 int ssl2_pending(const SSL *s); |
|
1013 long ssl2_default_timeout(void ); |
|
1014 |
|
1015 SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); |
|
1016 int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); |
|
1017 void ssl3_init_finished_mac(SSL *s); |
|
1018 int ssl3_send_server_certificate(SSL *s); |
|
1019 int ssl3_send_newsession_ticket(SSL *s); |
|
1020 int ssl3_get_finished(SSL *s,int state_a,int state_b); |
|
1021 int ssl3_setup_key_block(SSL *s); |
|
1022 int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b); |
|
1023 int ssl3_change_cipher_state(SSL *s,int which); |
|
1024 void ssl3_cleanup_key_block(SSL *s); |
|
1025 int ssl3_do_write(SSL *s,int type); |
|
1026 void ssl3_send_alert(SSL *s,int level, int desc); |
|
1027 int ssl3_generate_master_secret(SSL *s, unsigned char *out, |
|
1028 unsigned char *p, int len); |
|
1029 int ssl3_get_req_cert_type(SSL *s,unsigned char *p); |
|
1030 long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); |
|
1031 int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen); |
|
1032 int ssl3_num_ciphers(void); |
|
1033 SSL_CIPHER *ssl3_get_cipher(unsigned int u); |
|
1034 int ssl3_renegotiate(SSL *ssl); |
|
1035 int ssl3_renegotiate_check(SSL *ssl); |
|
1036 int ssl3_dispatch_alert(SSL *s); |
|
1037 int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); |
|
1038 int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); |
|
1039 int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2, |
|
1040 const char *sender, int slen,unsigned char *p); |
|
1041 int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p); |
|
1042 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); |
|
1043 int ssl3_enc(SSL *s, int send_data); |
|
1044 int ssl3_mac(SSL *ssl, unsigned char *md, int send_data); |
|
1045 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x); |
|
1046 SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt, |
|
1047 STACK_OF(SSL_CIPHER) *srvr); |
|
1048 int ssl3_setup_buffers(SSL *s); |
|
1049 int ssl3_new(SSL *s); |
|
1050 void ssl3_free(SSL *s); |
|
1051 int ssl3_accept(SSL *s); |
|
1052 int ssl3_connect(SSL *s); |
|
1053 int ssl3_read(SSL *s, void *buf, int len); |
|
1054 int ssl3_peek(SSL *s, void *buf, int len); |
|
1055 int ssl3_write(SSL *s, const void *buf, int len); |
|
1056 int ssl3_shutdown(SSL *s); |
|
1057 void ssl3_clear(SSL *s); |
|
1058 long ssl3_ctrl(SSL *s,int cmd, long larg, void *parg); |
|
1059 long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); |
|
1060 long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); |
|
1061 long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void)); |
|
1062 int ssl3_pending(const SSL *s); |
|
1063 |
|
1064 void ssl3_record_sequence_update(unsigned char *seq); |
|
1065 int ssl3_do_change_cipher_spec(SSL *ssl); |
|
1066 long ssl3_default_timeout(void ); |
|
1067 |
|
1068 int ssl23_num_ciphers(void ); |
|
1069 SSL_CIPHER *ssl23_get_cipher(unsigned int u); |
|
1070 int ssl23_read(SSL *s, void *buf, int len); |
|
1071 int ssl23_peek(SSL *s, void *buf, int len); |
|
1072 int ssl23_write(SSL *s, const void *buf, int len); |
|
1073 int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); |
|
1074 SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); |
|
1075 long ssl23_default_timeout(void ); |
|
1076 |
|
1077 long tls1_default_timeout(void); |
|
1078 int dtls1_do_write(SSL *s,int type); |
|
1079 int ssl3_read_n(SSL *s, int n, int max, int extend); |
|
1080 int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); |
|
1081 int ssl3_do_compress(SSL *ssl); |
|
1082 int ssl3_do_uncompress(SSL *ssl); |
|
1083 int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, |
|
1084 unsigned int len); |
|
1085 unsigned char *dtls1_set_message_header(SSL *s, |
|
1086 unsigned char *p, unsigned char mt, unsigned long len, |
|
1087 unsigned long frag_off, unsigned long frag_len); |
|
1088 |
|
1089 int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len); |
|
1090 int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); |
|
1091 |
|
1092 int dtls1_send_change_cipher_spec(SSL *s, int a, int b); |
|
1093 int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen); |
|
1094 unsigned long dtls1_output_cert_chain(SSL *s, X509 *x); |
|
1095 int dtls1_read_failed(SSL *s, int code); |
|
1096 int dtls1_buffer_message(SSL *s, int ccs); |
|
1097 int dtls1_retransmit_message(SSL *s, unsigned short seq, |
|
1098 unsigned long frag_off, int *found); |
|
1099 void dtls1_clear_record_buffer(SSL *s); |
|
1100 void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr); |
|
1101 void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); |
|
1102 void dtls1_reset_seq_numbers(SSL *s, int rw); |
|
1103 long dtls1_default_timeout(void); |
|
1104 SSL_CIPHER *dtls1_get_cipher(unsigned int u); |
|
1105 |
|
1106 |
|
1107 /* some client-only functions */ |
|
1108 int ssl3_client_hello(SSL *s); |
|
1109 int ssl3_get_server_hello(SSL *s); |
|
1110 int ssl3_get_certificate_request(SSL *s); |
|
1111 int ssl3_get_new_session_ticket(SSL *s); |
|
1112 int ssl3_get_server_done(SSL *s); |
|
1113 int ssl3_send_client_verify(SSL *s); |
|
1114 int ssl3_send_client_certificate(SSL *s); |
|
1115 int ssl3_send_client_key_exchange(SSL *s); |
|
1116 int ssl3_get_key_exchange(SSL *s); |
|
1117 int ssl3_get_server_certificate(SSL *s); |
|
1118 int ssl3_check_cert_and_algorithm(SSL *s); |
|
1119 |
|
1120 int dtls1_client_hello(SSL *s); |
|
1121 int dtls1_send_client_certificate(SSL *s); |
|
1122 int dtls1_send_client_key_exchange(SSL *s); |
|
1123 int dtls1_send_client_verify(SSL *s); |
|
1124 |
|
1125 /* some server-only functions */ |
|
1126 int ssl3_get_client_hello(SSL *s); |
|
1127 int ssl3_send_server_hello(SSL *s); |
|
1128 int ssl3_send_hello_request(SSL *s); |
|
1129 int ssl3_send_server_key_exchange(SSL *s); |
|
1130 int ssl3_send_certificate_request(SSL *s); |
|
1131 int ssl3_send_server_done(SSL *s); |
|
1132 int ssl3_check_client_hello(SSL *s); |
|
1133 int ssl3_get_client_certificate(SSL *s); |
|
1134 int ssl3_get_client_key_exchange(SSL *s); |
|
1135 int ssl3_get_cert_verify(SSL *s); |
|
1136 |
|
1137 int dtls1_send_hello_request(SSL *s); |
|
1138 int dtls1_send_server_hello(SSL *s); |
|
1139 int dtls1_send_server_certificate(SSL *s); |
|
1140 int dtls1_send_server_key_exchange(SSL *s); |
|
1141 int dtls1_send_certificate_request(SSL *s); |
|
1142 int dtls1_send_server_done(SSL *s); |
|
1143 |
|
1144 |
|
1145 |
|
1146 int ssl23_accept(SSL *s); |
|
1147 int ssl23_connect(SSL *s); |
|
1148 int ssl23_read_bytes(SSL *s, int n); |
|
1149 int ssl23_write_bytes(SSL *s); |
|
1150 |
|
1151 int tls1_new(SSL *s); |
|
1152 void tls1_free(SSL *s); |
|
1153 void tls1_clear(SSL *s); |
|
1154 long tls1_ctrl(SSL *s,int cmd, long larg, void *parg); |
|
1155 long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); |
|
1156 SSL_METHOD *tlsv1_base_method(void ); |
|
1157 |
|
1158 int dtls1_new(SSL *s); |
|
1159 int dtls1_accept(SSL *s); |
|
1160 int dtls1_connect(SSL *s); |
|
1161 void dtls1_free(SSL *s); |
|
1162 void dtls1_clear(SSL *s); |
|
1163 long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg); |
|
1164 SSL_METHOD *dtlsv1_base_method(void ); |
|
1165 |
|
1166 long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); |
|
1167 int dtls1_get_record(SSL *s); |
|
1168 int do_dtls1_write(SSL *s, int type, const unsigned char *buf, |
|
1169 unsigned int len, int create_empty_fragement); |
|
1170 int dtls1_dispatch_alert(SSL *s); |
|
1171 int dtls1_enc(SSL *s, int snd); |
|
1172 |
|
1173 int ssl_init_wbio_buffer(SSL *s, int push); |
|
1174 void ssl_free_wbio_buffer(SSL *s); |
|
1175 |
|
1176 int tls1_change_cipher_state(SSL *s, int which); |
|
1177 int tls1_setup_key_block(SSL *s); |
|
1178 int tls1_enc(SSL *s, int snd); |
|
1179 int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx, |
|
1180 const char *str, int slen, unsigned char *p); |
|
1181 int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p); |
|
1182 int tls1_mac(SSL *ssl, unsigned char *md, int snd); |
|
1183 int tls1_generate_master_secret(SSL *s, unsigned char *out, |
|
1184 unsigned char *p, int len); |
|
1185 int tls1_alert_code(int code); |
|
1186 int ssl3_alert_code(int code); |
|
1187 int ssl_ok(SSL *s); |
|
1188 |
|
1189 int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs); |
|
1190 |
|
1191 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); |
|
1192 |
|
1193 |
|
1194 #endif |