Google Git
Sign in
boringssl / boringssl / 3db1ded2e786f76ca4729d25bd5dcaea4ecacda8 / . / ssl / s3_lib.c
blob: d67d381e3e76b3a6296a51569267408b32e4b0bc [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57/* ====================================================================
58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59 *
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
62 * are met:
63 *
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
66 *
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
70 * distribution.
71 *
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76 *
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
81 *
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
85 *
86 * 6. Redistributions of any form whatsoever must retain the following
87 * acknowledgment:
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90 *
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
104 *
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
108 *
109 */
110/* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112 *
113 * Portions of the attached software ("Contribution") are developed by
114 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
115 *
116 * The Contribution is licensed pursuant to the OpenSSL open source
117 * license provided above.
118 *
119 * ECC cipher suite support in OpenSSL originally written by
120 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
121 *
122 */
123/* ====================================================================
124 * Copyright 2005 Nokia. All rights reserved.
125 *
126 * The portions of the attached software ("Contribution") is developed by
127 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
128 * license.
129 *
130 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
131 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
132 * support (see RFC 4279) to OpenSSL.
133 *
134 * No patent licenses or other rights except those expressly stated in
135 * the OpenSSL open source license shall be deemed granted or received
136 * expressly, by implication, estoppel, or otherwise.
137 *
138 * No assurances are provided by Nokia that the Contribution does not
139 * infringe the patent or other intellectual property rights of any third
140 * party or that the license provides you with all the necessary rights
141 * to make use of the Contribution.
142 *
143 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
144 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
145 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
146 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
147 * OTHERWISE. */
148
David Benjamin39482a12014-07-20 13:30:15 -0400[diff] [blame]149#include <assert.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]150#include <stdio.h>
151
David Benjamin676d1e72014-07-08 14:34:10 -0400[diff] [blame]152#include <openssl/buf.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]153#include <openssl/dh.h>
154#include <openssl/md5.h>
155#include <openssl/mem.h>
156#include <openssl/obj.h>
157
158#include "ssl_locl.h"
159
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]160
161#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]162
163/* list of available SSLv3 ciphers (sorted by id) */
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]164const SSL_CIPHER ssl3_ciphers[] = {
165 /* The RSA ciphers */
166 /* Cipher 04 */
167 {
168 1, SSL3_TXT_RSA_RC4_128_MD5, SSL3_CK_RSA_RC4_128_MD5, SSL_kRSA, SSL_aRSA,
169 SSL_RC4, SSL_MD5, SSL_SSLV3, SSL_MEDIUM,
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]170 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]171 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]172
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]173 /* Cipher 05 */
174 {
175 1, SSL3_TXT_RSA_RC4_128_SHA, SSL3_CK_RSA_RC4_128_SHA, SSL_kRSA, SSL_aRSA,
176 SSL_RC4, SSL_SHA1, SSL_SSLV3, SSL_MEDIUM,
177 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
178 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]179
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]180 /* Cipher 0A */
181 {
182 1, SSL3_TXT_RSA_DES_192_CBC3_SHA, SSL3_CK_RSA_DES_192_CBC3_SHA, SSL_kRSA,
183 SSL_aRSA, SSL_3DES, SSL_SHA1, SSL_SSLV3, SSL_HIGH | SSL_FIPS,
184 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168,
185 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]186
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]187
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]188 /* The Ephemeral DH ciphers */
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]189
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]190 /* Cipher 18 */
191 {
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]192 1, SSL3_TXT_ADH_RC4_128_MD5, SSL3_CK_ADH_RC4_128_MD5, SSL_kDHE, SSL_aNULL,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]193 SSL_RC4, SSL_MD5, SSL_SSLV3, SSL_MEDIUM,
194 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
195 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]196
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]197
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]198 /* New AES ciphersuites */
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]199
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]200 /* Cipher 2F */
201 {
202 1, TLS1_TXT_RSA_WITH_AES_128_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, SSL_kRSA,
203 SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
204 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
205 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]206
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]207 /* Cipher 33 */
208 {
209 1, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]210 SSL_kDHE, SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]211 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
212 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]213
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]214 /* Cipher 34 */
215 {
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]216 1, TLS1_TXT_ADH_WITH_AES_128_SHA, TLS1_CK_ADH_WITH_AES_128_SHA, SSL_kDHE,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]217 SSL_aNULL, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
218 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
219 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]220
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]221 /* Cipher 35 */
222 {
223 1, TLS1_TXT_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_256_SHA, SSL_kRSA,
224 SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
225 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,
226 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]227
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]228 /* Cipher 39 */
229 {
230 1, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]231 SSL_kDHE, SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]232 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,
233 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]234
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]235 /* Cipher 3A */
236 {
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]237 1, TLS1_TXT_ADH_WITH_AES_256_SHA, TLS1_CK_ADH_WITH_AES_256_SHA, SSL_kDHE,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]238 SSL_aNULL, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
239 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,
240 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]241
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]242
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]243 /* TLS v1.2 ciphersuites */
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]244
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]245 /* Cipher 3C */
246 {
247 1, TLS1_TXT_RSA_WITH_AES_128_SHA256, TLS1_CK_RSA_WITH_AES_128_SHA256,
248 SSL_kRSA, SSL_aRSA, SSL_AES128, SSL_SHA256, SSL_TLSV1_2,
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]249 SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]250 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]251
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]252 /* Cipher 3D */
253 {
254 1, TLS1_TXT_RSA_WITH_AES_256_SHA256, TLS1_CK_RSA_WITH_AES_256_SHA256,
255 SSL_kRSA, SSL_aRSA, SSL_AES256, SSL_SHA256, SSL_TLSV1_2,
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]256 SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]257 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]258
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]259 /* Cipher 67 */
260 {
261 1, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]262 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]263 SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]264 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]265 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]266
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]267 /* Cipher 6B */
268 {
269 1, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]270 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES256,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]271 SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]272 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]273 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]274
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]275 /* Cipher 6C */
276 {
277 1, TLS1_TXT_ADH_WITH_AES_128_SHA256, TLS1_CK_ADH_WITH_AES_128_SHA256,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]278 SSL_kDHE, SSL_aNULL, SSL_AES128, SSL_SHA256, SSL_TLSV1_2,
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]279 SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]280 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]281
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]282 /* Cipher 6D */
283 {
284 1, TLS1_TXT_ADH_WITH_AES_256_SHA256, TLS1_CK_ADH_WITH_AES_256_SHA256,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]285 SSL_kDHE, SSL_aNULL, SSL_AES256, SSL_SHA256, SSL_TLSV1_2,
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]286 SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]287 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]288
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]289 /* Cipher 8A */
290 {
291 1, TLS1_TXT_PSK_WITH_RC4_128_SHA, TLS1_CK_PSK_WITH_RC4_128_SHA, SSL_kPSK,
292 SSL_aPSK, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM,
293 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
294 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]295
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]296 /* Cipher 8C */
297 {
298 1, TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
299 SSL_kPSK, SSL_aPSK, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
300 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
301 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]302
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]303 /* Cipher 8D */
304 {
305 1, TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
306 SSL_kPSK, SSL_aPSK, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
307 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,
308 },
309
310
311 /* GCM ciphersuites from RFC5288 */
312
313 /* Cipher 9C */
314 {
315 1, TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
316 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, SSL_kRSA, SSL_aRSA, SSL_AES128GCM,
317 SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
318 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]319 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
320 128, 128,
321 },
322
323 /* Cipher 9D */
324 {
325 1, TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
326 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, SSL_kRSA, SSL_aRSA, SSL_AES256GCM,
327 SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
328 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD |
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]329 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
330 256, 256,
331 },
332
333 /* Cipher 9E */
334 {
335 1, TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]336 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128GCM,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]337 SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
338 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]339 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
340 128, 128,
341 },
342
343 /* Cipher 9F */
344 {
345 1, TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]346 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kDHE, SSL_aRSA, SSL_AES256GCM,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]347 SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
348 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD |
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]349 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
350 256, 256,
351 },
352
353 /* Cipher A6 */
354 {
355 1, TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]356 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, SSL_kDHE, SSL_aNULL, SSL_AES128GCM,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]357 SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
358 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]359 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
360 128, 128,
361 },
362
363 /* Cipher A7 */
364 {
365 1, TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]366 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, SSL_kDHE, SSL_aNULL, SSL_AES256GCM,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]367 SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
368 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD |
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]369 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
370 256, 256,
371 },
372
373 /* Cipher C007 */
374 {
375 1, TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]376 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_kECDHE, SSL_aECDSA, SSL_RC4,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]377 SSL_SHA1, SSL_TLSV1, SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128,
378 128,
379 },
380
381 /* Cipher C009 */
382 {
383 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]384 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aECDSA,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]385 SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
386 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
387 },
388
389 /* Cipher C00A */
390 {
391 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]392 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aECDSA,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]393 SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
394 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,
395 },
396
397 /* Cipher C011 */
398 {
399 1, TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]400 SSL_kECDHE, SSL_aRSA, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]401 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
402 },
403
404 /* Cipher C013 */
405 {
406 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]407 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES128,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]408 SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
409 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
410 },
411
412 /* Cipher C014 */
413 {
414 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]415 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES256,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]416 SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
417 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,
418 },
419
420 /* Cipher C016 */
421 {
422 1, TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]423 SSL_kECDHE, SSL_aNULL, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]424 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
425 },
426
427 /* Cipher C018 */
428 {
429 1, TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]430 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aNULL, SSL_AES128,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]431 SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
432 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
433 },
434
435 /* Cipher C019 */
436 {
437 1, TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]438 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aNULL, SSL_AES256,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]439 SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
440 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,
441 },
442
443
444 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
445
446 /* Cipher C023 */
447 {
448 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]449 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aECDSA,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]450 SSL_AES128, SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
451 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128,
452 },
453
454 /* Cipher C024 */
455 {
456 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]457 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aECDSA,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]458 SSL_AES256, SSL_SHA384, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
459 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256,
460 },
461
462 /* Cipher C027 */
463 {
464 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]465 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aRSA, SSL_AES128,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]466 SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
467 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128,
468 },
469
470 /* Cipher C028 */
471 {
472 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]473 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aRSA, SSL_AES256,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]474 SSL_SHA384, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
475 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256,
476 },
477
478
479 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
480
481 /* Cipher C02B */
482 {
483 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]484 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aECDSA,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]485 SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
486 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]487 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
488 128, 128,
489 },
490
491 /* Cipher C02C */
492 {
493 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]494 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aECDSA,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]495 SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
496 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD |
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]497 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
498 256, 256,
499 },
500
501 /* Cipher C02F */
502 {
503 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]504 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aRSA,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]505 SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
506 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]507 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
508 128, 128,
509 },
510
511 /* Cipher C030 */
512 {
513 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]514 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aRSA,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]515 SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
516 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD |
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]517 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
518 256, 256,
519 },
520
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]521
Adam Langleyc26c8022014-06-20 12:00:00 -0700[diff] [blame]522 /* ECDH PSK ciphersuites */
Adam Langleyc26c8022014-06-20 12:00:00 -0700[diff] [blame]523
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]524 /* Cipher CAFE */
525 {
526 1, TLS1_TXT_ECDHE_PSK_WITH_AES_128_GCM_SHA256,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]527 TLS1_CK_ECDHE_PSK_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aPSK,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]528 SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,
529 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]530 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
531 128, 128,
532 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]533
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]534 {
535 1, TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]536 TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aRSA,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]537 SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]538 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]539 256, 0,
540 },
Adam Langleyde0b2022014-06-20 12:00:00 -0700[diff] [blame]541
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]542 {
543 1, TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]544 TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aECDSA,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]545 SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]546 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]547 256, 0,
548 },
Adam Langleyde0b2022014-06-20 12:00:00 -0700[diff] [blame]549
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]550 {
551 1, TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]552 TLS1_CK_DHE_RSA_CHACHA20_POLY1305, SSL_kDHE, SSL_aRSA,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]553 SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]554 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]555 256, 0,
556 },
557};
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]558
David Benjamin338fcaf2014-12-11 01:20:52 -0500[diff] [blame]559const SSL3_ENC_METHOD SSLv3_enc_data = {
David Benjamin044abb02014-12-23 10:57:17 -0500[diff] [blame]560 tls1_enc,
David Benjamin41ac9792014-12-23 10:41:06 -0500[diff] [blame]561 ssl3_prf,
David Benjamin044abb02014-12-23 10:57:17 -0500[diff] [blame]562 tls1_setup_key_block,
David Benjamin41ac9792014-12-23 10:41:06 -0500[diff] [blame]563 tls1_generate_master_secret,
David Benjamin044abb02014-12-23 10:57:17 -0500[diff] [blame]564 tls1_change_cipher_state,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]565 ssl3_final_finish_mac,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]566 ssl3_cert_verify_mac,
567 SSL3_MD_CLIENT_FINISHED_CONST, 4,
568 SSL3_MD_SERVER_FINISHED_CONST, 4,
569 ssl3_alert_code,
570 (int (*)(SSL *, uint8_t *, size_t, const char *, size_t, const uint8_t *,
571 size_t, int use_context)) ssl_undefined_function,
572 0,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]573};
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]574
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]575int ssl3_num_ciphers(void) { return SSL3_NUM_CIPHERS; }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]576
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]577const SSL_CIPHER *ssl3_get_cipher(unsigned int u) {
578 if (u >= SSL3_NUM_CIPHERS) {
579 return NULL;
580 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]581
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]582 return &ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u];
583}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]584
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]585int ssl3_pending(const SSL *s) {
586 if (s->rstate == SSL_ST_READ_BODY) {
587 return 0;
588 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]589
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]590 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length
591 : 0;
592}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]593
David Benjaminfbdfefb2015-02-16 19:33:53 -0500[diff] [blame]594int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len) {
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]595 uint8_t *p = (uint8_t *)s->init_buf->data;
596 *(p++) = htype;
597 l2n3(len, p);
598 s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
599 s->init_off = 0;
David Benjamine4824e82014-12-14 19:44:34 -0500[diff] [blame]600
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]601 /* Add the message to the handshake hash. */
David Benjaminfbdfefb2015-02-16 19:33:53 -0500[diff] [blame]602 return ssl3_finish_mac(s, (uint8_t *)s->init_buf->data, s->init_num);
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]603}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]604
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]605int ssl3_handshake_write(SSL *s) { return ssl3_do_write(s, SSL3_RT_HANDSHAKE); }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]606
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]607int ssl3_new(SSL *s) {
608 SSL3_STATE *s3;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]609
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]610 s3 = OPENSSL_malloc(sizeof *s3);
611 if (s3 == NULL) {
612 goto err;
613 }
614 memset(s3, 0, sizeof *s3);
615 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
616 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
617
618 s->s3 = s3;
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]619
David Benjamin62fd1622015-01-11 13:30:01 -0500[diff] [blame]620 /* Set the version to the highest supported version for TLS. This controls the
621 * initial state of |s->enc_method| and what the API reports as the version
622 * prior to negotiation.
623 *
624 * TODO(davidben): This is fragile and confusing. */
625 s->version = TLS1_2_VERSION;
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]626 return 1;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]627err:
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]628 return 0;
629}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]630
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]631void ssl3_free(SSL *s) {
David Benjamin62fd1622015-01-11 13:30:01 -0500[diff] [blame]632 if (s == NULL || s->s3 == NULL) {
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]633 return;
634 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]635
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]636 if (s->s3->sniff_buffer != NULL) {
637 BUF_MEM_free(s->s3->sniff_buffer);
638 }
639 ssl3_cleanup_key_block(s);
640 if (s->s3->rbuf.buf != NULL) {
641 ssl3_release_read_buffer(s);
642 }
643 if (s->s3->wbuf.buf != NULL) {
644 ssl3_release_write_buffer(s);
645 }
646 if (s->s3->tmp.dh != NULL) {
647 DH_free(s->s3->tmp.dh);
648 }
649 if (s->s3->tmp.ecdh != NULL) {
650 EC_KEY_free(s->s3->tmp.ecdh);
651 }
David Benjamin4b755cb2014-12-12 03:58:07 -0500[diff] [blame]652
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]653 if (s->s3->tmp.ca_names != NULL) {
654 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
655 }
656 if (s->s3->tmp.certificate_types != NULL) {
657 OPENSSL_free(s->s3->tmp.certificate_types);
658 }
659 if (s->s3->tmp.peer_ecpointformatlist) {
660 OPENSSL_free(s->s3->tmp.peer_ecpointformatlist);
661 }
662 if (s->s3->tmp.peer_ellipticcurvelist) {
663 OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist);
664 }
665 if (s->s3->tmp.peer_psk_identity_hint) {
666 OPENSSL_free(s->s3->tmp.peer_psk_identity_hint);
667 }
668 if (s->s3->handshake_buffer) {
669 BIO_free(s->s3->handshake_buffer);
670 }
671 if (s->s3->handshake_dgst) {
672 ssl3_free_digest_list(s);
673 }
674 if (s->s3->alpn_selected) {
675 OPENSSL_free(s->s3->alpn_selected);
676 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]677
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]678 OPENSSL_cleanse(s->s3, sizeof *s->s3);
679 OPENSSL_free(s->s3);
680 s->s3 = NULL;
681}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]682
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]683static int ssl3_set_req_cert_type(CERT *c, const uint8_t *p, size_t len);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]684
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]685long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) {
686 int ret = 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]687
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]688 switch (cmd) {
689 case SSL_CTRL_GET_SESSION_REUSED:
690 ret = s->hit;
691 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]692
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]693 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
694 break;
695
696 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
697 ret = s->s3->num_renegotiations;
698 break;
699
700 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
701 ret = s->s3->num_renegotiations;
702 s->s3->num_renegotiations = 0;
703 break;
704
705 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
706 ret = s->s3->total_renegotiations;
707 break;
708
709 case SSL_CTRL_GET_FLAGS:
710 ret = (int)(s->s3->flags);
711 break;
712
713 case SSL_CTRL_NEED_TMP_RSA:
714 /* Temporary RSA keys are never used. */
715 ret = 0;
716 break;
717
718 case SSL_CTRL_SET_TMP_RSA:
719 /* Temporary RSA keys are never used. */
720 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
721 break;
722
723 case SSL_CTRL_SET_TMP_RSA_CB:
724 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
725 return ret;
726
727 case SSL_CTRL_SET_TMP_DH: {
728 DH *dh = (DH *)parg;
729 if (dh == NULL) {
730 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_PASSED_NULL_PARAMETER);
731 return ret;
732 }
733 dh = DHparams_dup(dh);
734 if (dh == NULL) {
735 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_DH_LIB);
736 return ret;
737 }
738 if (!(s->options & SSL_OP_SINGLE_DH_USE) && !DH_generate_key(dh)) {
739 DH_free(dh);
740 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_DH_LIB);
741 return ret;
742 }
743 if (s->cert->dh_tmp != NULL) {
744 DH_free(s->cert->dh_tmp);
745 }
746 s->cert->dh_tmp = dh;
747 ret = 1;
748 break;
749 }
750
751 case SSL_CTRL_SET_TMP_DH_CB:
752 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
753 return ret;
754
755 case SSL_CTRL_SET_TMP_ECDH: {
756 EC_KEY *ecdh = NULL;
757
758 if (parg == NULL) {
759 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_PASSED_NULL_PARAMETER);
760 return ret;
761 }
762 if (!EC_KEY_up_ref((EC_KEY *)parg)) {
763 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_ECDH_LIB);
764 return ret;
765 }
766 ecdh = (EC_KEY *)parg;
767 if (!(s->options & SSL_OP_SINGLE_ECDH_USE) && !EC_KEY_generate_key(ecdh)) {
768 EC_KEY_free(ecdh);
769 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_ECDH_LIB);
770 return ret;
771 }
772 if (s->cert->ecdh_tmp != NULL) {
773 EC_KEY_free(s->cert->ecdh_tmp);
774 }
775 s->cert->ecdh_tmp = ecdh;
776 ret = 1;
777 break;
778 }
779
780 case SSL_CTRL_SET_TMP_ECDH_CB:
781 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
782 return ret;
783
784 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
785 if (larg == TLSEXT_NAMETYPE_host_name) {
786 if (s->tlsext_hostname != NULL) {
787 OPENSSL_free(s->tlsext_hostname);
788 }
789 s->tlsext_hostname = NULL;
790
791 ret = 1;
792 if (parg == NULL) {
793 break;
794 }
795 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
796 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
797 return 0;
798 }
799 s->tlsext_hostname = BUF_strdup((char *) parg);
800 if (s->tlsext_hostname == NULL) {
801 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_INTERNAL_ERROR);
802 return 0;
803 }
804 } else {
805 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl,
806 SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
807 return 0;
808 }
809 break;
810
811 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
812 s->tlsext_debug_arg = parg;
813 ret = 1;
814 break;
815
816 case SSL_CTRL_CHAIN:
817 if (larg) {
818 return ssl_cert_set1_chain(s->cert, (STACK_OF(X509) *)parg);
819 } else {
820 return ssl_cert_set0_chain(s->cert, (STACK_OF(X509) *)parg);
821 }
822
823 case SSL_CTRL_CHAIN_CERT:
824 if (larg) {
825 return ssl_cert_add1_chain_cert(s->cert, (X509 *)parg);
826 } else {
827 return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg);
828 }
829
830 case SSL_CTRL_GET_CHAIN_CERTS:
831 *(STACK_OF(X509) **)parg = s->cert->key->chain;
832 break;
833
834 case SSL_CTRL_SELECT_CURRENT_CERT:
835 return ssl_cert_select_current(s->cert, (X509 *)parg);
836
837 case SSL_CTRL_GET_CURVES: {
838 const uint16_t *clist = s->s3->tmp.peer_ellipticcurvelist;
839 size_t clistlen = s->s3->tmp.peer_ellipticcurvelist_length;
840 if (parg) {
841 size_t i;
842 int *cptr = parg;
843 int nid;
844 for (i = 0; i < clistlen; i++) {
845 nid = tls1_ec_curve_id2nid(clist[i]);
David Benjamin0cb3f5b2014-12-27 02:15:41 -0500[diff] [blame]846 if (nid != NID_undef) {
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]847 cptr[i] = nid;
848 } else {
849 cptr[i] = TLSEXT_nid_unknown | clist[i];
850 }
851 }
852 }
853 return (int)clistlen;
854 }
855
856 case SSL_CTRL_SET_CURVES:
857 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
858 &s->tlsext_ellipticcurvelist_length, parg, larg);
859
860 case SSL_CTRL_SET_ECDH_AUTO:
861 s->cert->ecdh_tmp_auto = larg;
862 return 1;
863
864 case SSL_CTRL_SET_SIGALGS:
865 return tls1_set_sigalgs(s->cert, parg, larg, 0);
866
867 case SSL_CTRL_SET_CLIENT_SIGALGS:
868 return tls1_set_sigalgs(s->cert, parg, larg, 1);
869
870 case SSL_CTRL_GET_CLIENT_CERT_TYPES: {
871 const uint8_t **pctype = parg;
872 if (s->server || !s->s3->tmp.cert_req) {
873 return 0;
874 }
875 if (pctype) {
876 *pctype = s->s3->tmp.certificate_types;
877 }
878 return (int)s->s3->tmp.num_certificate_types;
879 }
880
881 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
882 if (!s->server) {
883 return 0;
884 }
885 return ssl3_set_req_cert_type(s->cert, parg, larg);
886
887 case SSL_CTRL_BUILD_CERT_CHAIN:
888 return ssl_build_cert_chain(s->cert, s->ctx->cert_store, larg);
889
890 case SSL_CTRL_SET_VERIFY_CERT_STORE:
891 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
892
893 case SSL_CTRL_SET_CHAIN_CERT_STORE:
894 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
895
896 case SSL_CTRL_GET_SERVER_TMP_KEY:
897 if (s->server || !s->session || !s->session->sess_cert) {
898 return 0;
899 } else {
900 SESS_CERT *sc;
901 EVP_PKEY *ptmp;
902 int rv = 0;
903 sc = s->session->sess_cert;
904 if (!sc->peer_dh_tmp && !sc->peer_ecdh_tmp) {
905 return 0;
906 }
907 ptmp = EVP_PKEY_new();
908 if (!ptmp) {
909 return 0;
910 }
911 if (sc->peer_dh_tmp) {
912 rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
913 } else if (sc->peer_ecdh_tmp) {
914 rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);
915 }
916 if (rv) {
917 *(EVP_PKEY **)parg = ptmp;
918 return 1;
919 }
920 EVP_PKEY_free(ptmp);
921 return 0;
922 }
923
924 case SSL_CTRL_GET_EC_POINT_FORMATS: {
925 const uint8_t **pformat = parg;
926 if (!s->s3->tmp.peer_ecpointformatlist) {
927 return 0;
928 }
929 *pformat = s->s3->tmp.peer_ecpointformatlist;
930 return (int)s->s3->tmp.peer_ecpointformatlist_length;
931 }
932
933 case SSL_CTRL_CHANNEL_ID:
934 s->tlsext_channel_id_enabled = 1;
935 ret = 1;
936 break;
937
938 case SSL_CTRL_SET_CHANNEL_ID:
939 s->tlsext_channel_id_enabled = 1;
940 if (EVP_PKEY_bits(parg) != 256) {
941 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, SSL_R_CHANNEL_ID_NOT_P256);
942 break;
943 }
944 if (s->tlsext_channel_id_private) {
945 EVP_PKEY_free(s->tlsext_channel_id_private);
946 }
947 s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY *)parg);
948 ret = 1;
949 break;
950
951 case SSL_CTRL_GET_CHANNEL_ID:
952 if (!s->s3->tlsext_channel_id_valid) {
953 break;
954 }
955 memcpy(parg, s->s3->tlsext_channel_id, larg < 64 ? larg : 64);
956 return 64;
957
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]958 default:
959 break;
960 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]961
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]962 return ret;
963}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]964
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]965long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) {
966 int ret = 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]967
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]968 switch (cmd) {
969 case SSL_CTRL_SET_TMP_RSA_CB:
970 /* Ignore the callback; temporary RSA keys are never used. */
971 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]972
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]973 case SSL_CTRL_SET_TMP_DH_CB:
974 s->cert->dh_tmp_cb = (DH * (*)(SSL *, int, int))fp;
975 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]976
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]977 case SSL_CTRL_SET_TMP_ECDH_CB:
978 s->cert->ecdh_tmp_cb = (EC_KEY * (*)(SSL *, int, int))fp;
979 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]980
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]981 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
982 s->tlsext_debug_cb =
983 (void (*)(SSL *, int, int, uint8_t *, int, void *))fp;
984 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]985
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]986 default:
987 break;
988 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]989
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]990 return ret;
991}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]992
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]993long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) {
994 CERT *cert;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]995
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]996 cert = ctx->cert;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]997
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]998 switch (cmd) {
999 case SSL_CTRL_NEED_TMP_RSA:
1000 /* Temporary RSA keys are never used. */
1001 return 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1002
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1003 case SSL_CTRL_SET_TMP_RSA:
1004 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1005 return 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1006
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1007 case SSL_CTRL_SET_TMP_RSA_CB:
1008 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1009 return 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1010
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1011 case SSL_CTRL_SET_TMP_DH: {
1012 DH *new = NULL, *dh;
Adam Langley1258b6a2014-06-20 12:00:00 -0700[diff] [blame]1013
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1014 dh = (DH *)parg;
1015 new = DHparams_dup(dh);
1016 if (new == NULL) {
1017 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_DH_LIB);
1018 return 0;
1019 }
1020 if (!(ctx->options & SSL_OP_SINGLE_DH_USE) && !DH_generate_key(new)) {
1021 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_DH_LIB);
1022 DH_free(new);
1023 return 0;
1024 }
1025 if (cert->dh_tmp != NULL) {
1026 DH_free(cert->dh_tmp);
1027 }
1028 cert->dh_tmp = new;
1029 return 1;
1030 }
Adam Langley1258b6a2014-06-20 12:00:00 -0700[diff] [blame]1031
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1032 case SSL_CTRL_SET_TMP_DH_CB:
1033 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1034 return 0;
Adam Langley1258b6a2014-06-20 12:00:00 -0700[diff] [blame]1035
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1036 case SSL_CTRL_SET_TMP_ECDH: {
1037 EC_KEY *ecdh = NULL;
Adam Langley1258b6a2014-06-20 12:00:00 -0700[diff] [blame]1038
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1039 if (parg == NULL) {
1040 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_ECDH_LIB);
1041 return 0;
1042 }
1043 ecdh = EC_KEY_dup((EC_KEY *)parg);
1044 if (ecdh == NULL) {
1045 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_EC_LIB);
1046 return 0;
1047 }
1048 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE) &&
1049 !EC_KEY_generate_key(ecdh)) {
1050 EC_KEY_free(ecdh);
1051 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_ECDH_LIB);
1052 return 0;
1053 }
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]1054
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1055 if (cert->ecdh_tmp != NULL) {
1056 EC_KEY_free(cert->ecdh_tmp);
1057 }
1058 cert->ecdh_tmp = ecdh;
1059 return 1;
1060 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1061
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1062 case SSL_CTRL_SET_TMP_ECDH_CB:
1063 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1064 return 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1065
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1066 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
1067 ctx->tlsext_servername_arg = parg;
1068 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1069
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1070 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
1071 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: {
1072 uint8_t *keys = parg;
1073 if (!keys) {
1074 return 48;
1075 }
1076 if (larg != 48) {
1077 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, SSL_R_INVALID_TICKET_KEYS_LENGTH);
1078 return 0;
1079 }
1080 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
1081 memcpy(ctx->tlsext_tick_key_name, keys, 16);
1082 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
1083 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
1084 } else {
1085 memcpy(keys, ctx->tlsext_tick_key_name, 16);
1086 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
1087 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
1088 }
1089 return 1;
1090 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1091
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1092 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
1093 ctx->tlsext_status_arg = parg;
1094 return 1;
1095 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1096
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1097 case SSL_CTRL_SET_CURVES:
1098 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
1099 &ctx->tlsext_ellipticcurvelist_length, parg, larg);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1100
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1101 case SSL_CTRL_SET_ECDH_AUTO:
1102 ctx->cert->ecdh_tmp_auto = larg;
1103 return 1;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1104
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1105 case SSL_CTRL_SET_SIGALGS:
1106 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1107
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1108 case SSL_CTRL_SET_CLIENT_SIGALGS:
1109 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1110
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1111 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
1112 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1113
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1114 case SSL_CTRL_BUILD_CERT_CHAIN:
1115 return ssl_build_cert_chain(ctx->cert, ctx->cert_store, larg);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1116
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1117 case SSL_CTRL_SET_VERIFY_CERT_STORE:
1118 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1119
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1120 case SSL_CTRL_SET_CHAIN_CERT_STORE:
1121 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1122
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1123 case SSL_CTRL_EXTRA_CHAIN_CERT:
1124 if (ctx->extra_certs == NULL) {
1125 ctx->extra_certs = sk_X509_new_null();
1126 if (ctx->extra_certs == NULL) {
1127 return 0;
1128 }
1129 }
1130 sk_X509_push(ctx->extra_certs, (X509 *)parg);
1131 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1132
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1133 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
1134 if (ctx->extra_certs == NULL && larg == 0) {
1135 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
1136 } else {
1137 *(STACK_OF(X509) **)parg = ctx->extra_certs;
1138 }
1139 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1140
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1141 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
1142 if (ctx->extra_certs) {
1143 sk_X509_pop_free(ctx->extra_certs, X509_free);
1144 ctx->extra_certs = NULL;
1145 }
1146 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1147
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1148 case SSL_CTRL_CHAIN:
1149 if (larg) {
1150 return ssl_cert_set1_chain(ctx->cert, (STACK_OF(X509) *)parg);
1151 } else {
1152 return ssl_cert_set0_chain(ctx->cert, (STACK_OF(X509) *)parg);
1153 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1154
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1155 case SSL_CTRL_CHAIN_CERT:
1156 if (larg) {
1157 return ssl_cert_add1_chain_cert(ctx->cert, (X509 *)parg);
1158 } else {
1159 return ssl_cert_add0_chain_cert(ctx->cert, (X509 *)parg);
1160 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1161
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1162 case SSL_CTRL_GET_CHAIN_CERTS:
1163 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
1164 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1165
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1166 case SSL_CTRL_SELECT_CURRENT_CERT:
1167 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1168
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1169 case SSL_CTRL_CHANNEL_ID:
1170 ctx->tlsext_channel_id_enabled = 1;
1171 return 1;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1172
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1173 case SSL_CTRL_SET_CHANNEL_ID:
1174 ctx->tlsext_channel_id_enabled = 1;
1175 if (EVP_PKEY_bits(parg) != 256) {
1176 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, SSL_R_CHANNEL_ID_NOT_P256);
1177 break;
1178 }
1179 if (ctx->tlsext_channel_id_private) {
1180 EVP_PKEY_free(ctx->tlsext_channel_id_private);
1181 }
1182 ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY *)parg);
1183 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1184
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1185 default:
1186 return 0;
1187 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1188
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1189 return 1;
1190}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1191
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1192long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) {
1193 CERT *cert;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1194
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1195 cert = ctx->cert;
Adam Langley1258b6a2014-06-20 12:00:00 -0700[diff] [blame]1196
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1197 switch (cmd) {
1198 case SSL_CTRL_SET_TMP_RSA_CB:
1199 /* Ignore the callback; temporary RSA keys are never used. */
1200 break;
Adam Langley1258b6a2014-06-20 12:00:00 -0700[diff] [blame]1201
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1202 case SSL_CTRL_SET_TMP_DH_CB:
1203 cert->dh_tmp_cb = (DH * (*)(SSL *, int, int))fp;
1204 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1205
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1206 case SSL_CTRL_SET_TMP_ECDH_CB:
1207 cert->ecdh_tmp_cb = (EC_KEY * (*)(SSL *, int, int))fp;
1208 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1209
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1210 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
1211 ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
1212 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1213
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1214 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
1215 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
1216 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1217
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1218 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
1219 ctx->tlsext_ticket_key_cb = (int (
1220 *)(SSL *, uint8_t *, uint8_t *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
1221 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1222
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1223 default:
1224 return 0;
1225 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1226
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1227 return 1;
1228}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1229
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1230/* ssl3_get_cipher_by_value returns the SSL_CIPHER with value |value| or NULL
1231 * if none exists.
David Benjamin39482a12014-07-20 13:30:15 -0400[diff] [blame]1232 *
1233 * This function needs to check if the ciphers required are actually
1234 * available. */
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1235const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value) {
1236 SSL_CIPHER c;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1237
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1238 c.id = 0x03000000L | value;
1239 return bsearch(&c, ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(SSL_CIPHER),
1240 ssl_cipher_id_cmp);
1241}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1242
David Benjamin39482a12014-07-20 13:30:15 -0400[diff] [blame]1243/* ssl3_get_cipher_by_value returns the cipher value of |c|. */
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1244uint16_t ssl3_get_cipher_value(const SSL_CIPHER *c) {
1245 unsigned long id = c->id;
1246 /* All ciphers are SSLv3 now. */
1247 assert((id & 0xff000000) == 0x03000000);
1248 return id & 0xffff;
1249}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1250
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1251struct ssl_cipher_preference_list_st *ssl_get_cipher_preferences(SSL *s) {
1252 if (s->cipher_list != NULL) {
1253 return s->cipher_list;
1254 }
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]1255
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1256 if (s->version >= TLS1_1_VERSION && s->ctx != NULL &&
1257 s->ctx->cipher_list_tls11 != NULL) {
1258 return s->ctx->cipher_list_tls11;
1259 }
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]1260
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1261 if (s->ctx != NULL && s->ctx->cipher_list != NULL) {
1262 return s->ctx->cipher_list;
1263 }
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]1264
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1265 return NULL;
1266}
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]1267
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1268const SSL_CIPHER *ssl3_choose_cipher(
1269 SSL *s, STACK_OF(SSL_CIPHER) * clnt,
1270 struct ssl_cipher_preference_list_st *server_pref) {
1271 const SSL_CIPHER *c, *ret = NULL;
1272 STACK_OF(SSL_CIPHER) *srvr = server_pref->ciphers, *prio, *allow;
1273 size_t i;
1274 int ok;
1275 size_t cipher_index;
1276 unsigned long alg_k, alg_a, mask_k, mask_a;
1277 /* in_group_flags will either be NULL, or will point to an array of bytes
1278 * which indicate equal-preference groups in the |prio| stack. See the
1279 * comment about |in_group_flags| in the |ssl_cipher_preference_list_st|
1280 * struct. */
1281 const uint8_t *in_group_flags;
1282 /* group_min contains the minimal index so far found in a group, or -1 if no
1283 * such value exists yet. */
1284 int group_min = -1;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1285
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1286 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
1287 prio = srvr;
1288 in_group_flags = server_pref->in_group_flags;
1289 allow = clnt;
1290 } else {
1291 prio = clnt;
1292 in_group_flags = NULL;
1293 allow = srvr;
1294 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1295
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1296 ssl_get_compatible_server_ciphers(s, &mask_k, &mask_a);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1297
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1298 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
1299 c = sk_SSL_CIPHER_value(prio, i);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1300
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1301 ok = 1;
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]1302
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1303 /* Skip TLS v1.2 only ciphersuites if not supported */
1304 if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s)) {
1305 ok = 0;
1306 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1307
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1308 alg_k = c->algorithm_mkey;
1309 alg_a = c->algorithm_auth;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1310
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1311 ok = ok && (alg_k & mask_k) && (alg_a & mask_a);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1312
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1313 if (ok && sk_SSL_CIPHER_find(allow, &cipher_index, c)) {
1314 if (in_group_flags != NULL && in_group_flags[i] == 1) {
1315 /* This element of |prio| is in a group. Update the minimum index found
1316 * so far and continue looking. */
1317 if (group_min == -1 || (size_t)group_min > cipher_index) {
1318 group_min = cipher_index;
1319 }
1320 } else {
1321 if (group_min != -1 && (size_t)group_min < cipher_index) {
1322 cipher_index = group_min;
1323 }
1324 ret = sk_SSL_CIPHER_value(allow, cipher_index);
1325 break;
1326 }
1327 }
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]1328
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1329 if (in_group_flags != NULL && in_group_flags[i] == 0 && group_min != -1) {
1330 /* We are about to leave a group, but we found a match in it, so that's
1331 * our answer. */
1332 ret = sk_SSL_CIPHER_value(allow, group_min);
1333 break;
1334 }
1335 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1336
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1337 return ret;
1338}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1339
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1340int ssl3_get_req_cert_type(SSL *s, uint8_t *p) {
1341 int ret = 0;
1342 const uint8_t *sig;
1343 size_t i, siglen;
1344 int have_rsa_sign = 0;
1345 int have_ecdsa_sign = 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1346
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1347 /* If we have custom certificate types set, use them */
1348 if (s->cert->client_certificate_types) {
1349 memcpy(p, s->cert->client_certificate_types,
1350 s->cert->num_client_certificate_types);
1351 return s->cert->num_client_certificate_types;
1352 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1353
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1354 /* get configured sigalgs */
1355 siglen = tls12_get_psigalgs(s, &sig);
1356 for (i = 0; i < siglen; i += 2, sig += 2) {
1357 switch (sig[1]) {
1358 case TLSEXT_signature_rsa:
1359 have_rsa_sign = 1;
1360 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1361
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1362 case TLSEXT_signature_ecdsa:
1363 have_ecdsa_sign = 1;
1364 break;
1365 }
1366 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1367
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1368 if (have_rsa_sign) {
1369 p[ret++] = SSL3_CT_RSA_SIGN;
1370 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1371
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1372 /* ECDSA certs can be used with RSA cipher suites as well so we don't need to
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]1373 * check for SSL_kECDH or SSL_kECDHE. */
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1374 if (s->version >= TLS1_VERSION && have_ecdsa_sign) {
1375 p[ret++] = TLS_CT_ECDSA_SIGN;
1376 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1377
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1378 return ret;
1379}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1380
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1381static int ssl3_set_req_cert_type(CERT *c, const uint8_t *p, size_t len) {
1382 if (c->client_certificate_types) {
1383 OPENSSL_free(c->client_certificate_types);
1384 c->client_certificate_types = NULL;
1385 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1386
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1387 c->num_client_certificate_types = 0;
1388 if (!p || !len) {
1389 return 1;
1390 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1391
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1392 if (len > 0xff) {
1393 return 0;
1394 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1395
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1396 c->client_certificate_types = BUF_memdup(p, len);
1397 if (!c->client_certificate_types) {
1398 return 0;
1399 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1400
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1401 c->num_client_certificate_types = len;
1402 return 1;
1403}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1404
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1405int ssl3_shutdown(SSL *s) {
1406 int ret;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1407
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1408 /* Do nothing if configured not to send a close_notify. */
1409 if (s->quiet_shutdown) {
1410 s->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN;
1411 return 1;
1412 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1413
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1414 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
1415 s->shutdown |= SSL_SENT_SHUTDOWN;
1416 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1417
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1418 /* our shutdown alert has been sent now, and if it still needs to be
1419 * written, s->s3->alert_dispatch will be true */
1420 if (s->s3->alert_dispatch) {
1421 return -1; /* return WANT_WRITE */
1422 }
1423 } else if (s->s3->alert_dispatch) {
1424 /* resend it if not sent */
1425 ret = s->method->ssl_dispatch_alert(s);
1426 if (ret == -1) {
1427 /* we only get to return -1 here the 2nd/Nth invocation, we must have
1428 * already signalled return 0 upon a previous invoation, return
1429 * WANT_WRITE */
1430 return ret;
1431 }
1432 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
1433 /* If we are waiting for a close from our peer, we are closed */
1434 s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
1435 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
1436 return -1; /* return WANT_READ */
1437 }
1438 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1439
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1440 if (s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN) &&
1441 !s->s3->alert_dispatch) {
1442 return 1;
1443 } else {
1444 return 0;
1445 }
1446}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1447
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1448int ssl3_write(SSL *s, const void *buf, int len) {
1449 ERR_clear_system_error();
1450 if (s->s3->renegotiate) {
1451 ssl3_renegotiate_check(s);
1452 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1453
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1454 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);
1455}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1456
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1457static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) {
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1458 ERR_clear_system_error();
1459 if (s->s3->renegotiate) {
1460 ssl3_renegotiate_check(s);
1461 }
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1462
David Benjaminccf74f82015-02-09 00:01:31 -0500[diff] [blame]1463 return s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek);
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1464}
1465
1466int ssl3_read(SSL *s, void *buf, int len) {
1467 return ssl3_read_internal(s, buf, len, 0);
1468}
1469
1470int ssl3_peek(SSL *s, void *buf, int len) {
1471 return ssl3_read_internal(s, buf, len, 1);
1472}
1473
1474int ssl3_renegotiate(SSL *s) {
1475 if (s->handshake_func == NULL) {
1476 return 1;
1477 }
1478
1479 s->s3->renegotiate = 1;
1480 return 1;
1481}
1482
1483int ssl3_renegotiate_check(SSL *s) {
1484 if (s->s3->renegotiate && s->s3->rbuf.left == 0 && s->s3->wbuf.left == 0 &&
1485 !SSL_in_init(s)) {
1486 /* if we are the server, and we have sent a 'RENEGOTIATE' message, we
1487 * need to go to SSL_ST_ACCEPT. */
1488 s->state = SSL_ST_RENEGOTIATE;
1489 s->s3->renegotiate = 0;
1490 s->s3->num_renegotiations++;
1491 s->s3->total_renegotiations++;
1492 return 1;
1493 }
1494
1495 return 0;
1496}
1497
1498/* If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
1499 * handshake macs if required. */
1500long ssl_get_algorithm2(SSL *s) {
1501 static const unsigned long kMask = SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
1502 long alg2 = s->s3->tmp.new_cipher->algorithm2;
1503 if (s->enc_method->enc_flags & SSL_ENC_FLAG_SHA256_PRF &&
1504 (alg2 & kMask) == kMask) {
1505 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
1506 }
1507 return alg2;
1508}