Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 2ee94aabf53b70248a2653af8189aa10346670a0 / . / ssl / s3_lib.c
blob: c0dab07b00e85d50ea27fd38882739e04fed5b2e [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57/* ====================================================================
58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59 *
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
62 * are met:
63 *
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
66 *
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
70 * distribution.
71 *
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76 *
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
81 *
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
85 *
86 * 6. Redistributions of any form whatsoever must retain the following
87 * acknowledgment:
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90 *
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
104 *
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
108 *
109 */
110/* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112 *
113 * Portions of the attached software ("Contribution") are developed by
114 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
115 *
116 * The Contribution is licensed pursuant to the OpenSSL open source
117 * license provided above.
118 *
119 * ECC cipher suite support in OpenSSL originally written by
120 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
121 *
122 */
123/* ====================================================================
124 * Copyright 2005 Nokia. All rights reserved.
125 *
126 * The portions of the attached software ("Contribution") is developed by
127 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
128 * license.
129 *
130 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
131 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
132 * support (see RFC 4279) to OpenSSL.
133 *
134 * No patent licenses or other rights except those expressly stated in
135 * the OpenSSL open source license shall be deemed granted or received
136 * expressly, by implication, estoppel, or otherwise.
137 *
138 * No assurances are provided by Nokia that the Contribution does not
139 * infringe the patent or other intellectual property rights of any third
140 * party or that the license provides you with all the necessary rights
141 * to make use of the Contribution.
142 *
143 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
144 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
145 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
146 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
147 * OTHERWISE. */
148
David Benjamin39482a12014-07-20 13:30:15 -0400[diff] [blame]149#include <assert.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]150#include <stdio.h>
151
David Benjamin676d1e72014-07-08 14:34:10 -0400[diff] [blame]152#include <openssl/buf.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]153#include <openssl/dh.h>
154#include <openssl/md5.h>
155#include <openssl/mem.h>
156#include <openssl/obj.h>
157
David Benjamin2ee94aa2015-04-07 22:38:30 -0400[diff] [blame^]158#include "internal.h"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]159
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]160
161#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]162
163/* list of available SSLv3 ciphers (sorted by id) */
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]164const SSL_CIPHER ssl3_ciphers[] = {
165 /* The RSA ciphers */
166 /* Cipher 04 */
167 {
168 1, SSL3_TXT_RSA_RC4_128_MD5, SSL3_CK_RSA_RC4_128_MD5, SSL_kRSA, SSL_aRSA,
169 SSL_RC4, SSL_MD5, SSL_SSLV3, SSL_MEDIUM,
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]170 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]171 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]172
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]173 /* Cipher 05 */
174 {
175 1, SSL3_TXT_RSA_RC4_128_SHA, SSL3_CK_RSA_RC4_128_SHA, SSL_kRSA, SSL_aRSA,
176 SSL_RC4, SSL_SHA1, SSL_SSLV3, SSL_MEDIUM,
177 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
178 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]179
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]180 /* Cipher 0A */
181 {
182 1, SSL3_TXT_RSA_DES_192_CBC3_SHA, SSL3_CK_RSA_DES_192_CBC3_SHA, SSL_kRSA,
183 SSL_aRSA, SSL_3DES, SSL_SHA1, SSL_SSLV3, SSL_HIGH | SSL_FIPS,
184 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168,
185 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]186
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]187
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]188 /* New AES ciphersuites */
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]189
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]190 /* Cipher 2F */
191 {
192 1, TLS1_TXT_RSA_WITH_AES_128_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, SSL_kRSA,
193 SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
194 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
195 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]196
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]197 /* Cipher 33 */
198 {
199 1, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]200 SSL_kDHE, SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]201 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
202 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]203
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]204 /* Cipher 35 */
205 {
206 1, TLS1_TXT_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_256_SHA, SSL_kRSA,
207 SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
208 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,
209 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]210
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]211 /* Cipher 39 */
212 {
213 1, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]214 SSL_kDHE, SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]215 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,
216 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]217
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]218
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]219 /* TLS v1.2 ciphersuites */
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]220
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]221 /* Cipher 3C */
222 {
223 1, TLS1_TXT_RSA_WITH_AES_128_SHA256, TLS1_CK_RSA_WITH_AES_128_SHA256,
224 SSL_kRSA, SSL_aRSA, SSL_AES128, SSL_SHA256, SSL_TLSV1_2,
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]225 SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]226 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]227
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]228 /* Cipher 3D */
229 {
230 1, TLS1_TXT_RSA_WITH_AES_256_SHA256, TLS1_CK_RSA_WITH_AES_256_SHA256,
231 SSL_kRSA, SSL_aRSA, SSL_AES256, SSL_SHA256, SSL_TLSV1_2,
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]232 SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]233 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]234
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]235 /* Cipher 67 */
236 {
237 1, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]238 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]239 SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]240 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]241 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]242
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]243 /* Cipher 6B */
244 {
245 1, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]246 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES256,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]247 SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]248 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]249 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]250
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]251 /* Cipher 8A */
252 {
253 1, TLS1_TXT_PSK_WITH_RC4_128_SHA, TLS1_CK_PSK_WITH_RC4_128_SHA, SSL_kPSK,
254 SSL_aPSK, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM,
255 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
256 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]257
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]258 /* Cipher 8C */
259 {
260 1, TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
261 SSL_kPSK, SSL_aPSK, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
262 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
263 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]264
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]265 /* Cipher 8D */
266 {
267 1, TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
268 SSL_kPSK, SSL_aPSK, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
269 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,
270 },
271
272
273 /* GCM ciphersuites from RFC5288 */
274
275 /* Cipher 9C */
276 {
277 1, TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
278 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, SSL_kRSA, SSL_aRSA, SSL_AES128GCM,
279 SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
280 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]281 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
282 128, 128,
283 },
284
285 /* Cipher 9D */
286 {
287 1, TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
288 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, SSL_kRSA, SSL_aRSA, SSL_AES256GCM,
289 SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
290 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD |
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]291 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
292 256, 256,
293 },
294
295 /* Cipher 9E */
296 {
297 1, TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]298 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128GCM,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]299 SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
300 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]301 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
302 128, 128,
303 },
304
305 /* Cipher 9F */
306 {
307 1, TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]308 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kDHE, SSL_aRSA, SSL_AES256GCM,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]309 SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
310 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD |
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]311 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
312 256, 256,
313 },
314
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]315 /* Cipher C007 */
316 {
317 1, TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]318 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_kECDHE, SSL_aECDSA, SSL_RC4,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]319 SSL_SHA1, SSL_TLSV1, SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128,
320 128,
321 },
322
323 /* Cipher C009 */
324 {
325 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]326 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aECDSA,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]327 SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
328 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
329 },
330
331 /* Cipher C00A */
332 {
333 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]334 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aECDSA,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]335 SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
336 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,
337 },
338
339 /* Cipher C011 */
340 {
341 1, TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]342 SSL_kECDHE, SSL_aRSA, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]343 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
344 },
345
346 /* Cipher C013 */
347 {
348 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]349 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES128,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]350 SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
351 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
352 },
353
354 /* Cipher C014 */
355 {
356 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]357 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES256,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]358 SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
359 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,
360 },
361
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]362
363 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
364
365 /* Cipher C023 */
366 {
367 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]368 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aECDSA,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]369 SSL_AES128, SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
370 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128,
371 },
372
373 /* Cipher C024 */
374 {
375 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]376 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aECDSA,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]377 SSL_AES256, SSL_SHA384, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
378 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256,
379 },
380
381 /* Cipher C027 */
382 {
383 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]384 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aRSA, SSL_AES128,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]385 SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
386 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128,
387 },
388
389 /* Cipher C028 */
390 {
391 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]392 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aRSA, SSL_AES256,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]393 SSL_SHA384, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
394 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256,
395 },
396
397
398 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
399
400 /* Cipher C02B */
401 {
402 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]403 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aECDSA,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]404 SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
405 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]406 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
407 128, 128,
408 },
409
410 /* Cipher C02C */
411 {
412 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]413 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aECDSA,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]414 SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
415 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD |
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]416 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
417 256, 256,
418 },
419
420 /* Cipher C02F */
421 {
422 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]423 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aRSA,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]424 SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
425 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]426 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
427 128, 128,
428 },
429
430 /* Cipher C030 */
431 {
432 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]433 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aRSA,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]434 SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
435 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD |
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]436 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
437 256, 256,
438 },
439
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]440
Adam Langleyc26c8022014-06-20 12:00:00 -0700[diff] [blame]441 /* ECDH PSK ciphersuites */
Adam Langleyc26c8022014-06-20 12:00:00 -0700[diff] [blame]442
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]443 /* Cipher CAFE */
444 {
445 1, TLS1_TXT_ECDHE_PSK_WITH_AES_128_GCM_SHA256,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]446 TLS1_CK_ECDHE_PSK_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aPSK,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]447 SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,
448 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]449 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
450 128, 128,
451 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]452
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]453 {
454 1, TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]455 TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aRSA,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]456 SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]457 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]458 256, 0,
459 },
Adam Langleyde0b2022014-06-20 12:00:00 -0700[diff] [blame]460
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]461 {
462 1, TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]463 TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aECDSA,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]464 SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]465 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]466 256, 0,
467 },
Adam Langleyde0b2022014-06-20 12:00:00 -0700[diff] [blame]468
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]469 {
470 1, TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]471 TLS1_CK_DHE_RSA_CHACHA20_POLY1305, SSL_kDHE, SSL_aRSA,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]472 SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]473 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]474 256, 0,
475 },
476};
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]477
David Benjamin338fcaf2014-12-11 01:20:52 -0500[diff] [blame]478const SSL3_ENC_METHOD SSLv3_enc_data = {
David Benjamin044abb02014-12-23 10:57:17 -0500[diff] [blame]479 tls1_enc,
David Benjamin41ac9792014-12-23 10:41:06 -0500[diff] [blame]480 ssl3_prf,
David Benjamin044abb02014-12-23 10:57:17 -0500[diff] [blame]481 tls1_setup_key_block,
David Benjamin41ac9792014-12-23 10:41:06 -0500[diff] [blame]482 tls1_generate_master_secret,
David Benjamin044abb02014-12-23 10:57:17 -0500[diff] [blame]483 tls1_change_cipher_state,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]484 ssl3_final_finish_mac,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]485 ssl3_cert_verify_mac,
486 SSL3_MD_CLIENT_FINISHED_CONST, 4,
487 SSL3_MD_SERVER_FINISHED_CONST, 4,
488 ssl3_alert_code,
489 (int (*)(SSL *, uint8_t *, size_t, const char *, size_t, const uint8_t *,
490 size_t, int use_context)) ssl_undefined_function,
491 0,
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]492};
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]493
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]494int ssl3_num_ciphers(void) { return SSL3_NUM_CIPHERS; }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]495
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]496const SSL_CIPHER *ssl3_get_cipher(unsigned int u) {
497 if (u >= SSL3_NUM_CIPHERS) {
498 return NULL;
499 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]500
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]501 return &ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u];
502}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]503
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]504int ssl3_pending(const SSL *s) {
505 if (s->rstate == SSL_ST_READ_BODY) {
506 return 0;
507 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]508
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]509 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length
510 : 0;
511}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]512
David Benjaminfbdfefb2015-02-16 19:33:53 -0500[diff] [blame]513int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len) {
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]514 uint8_t *p = (uint8_t *)s->init_buf->data;
515 *(p++) = htype;
516 l2n3(len, p);
517 s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
518 s->init_off = 0;
David Benjamine4824e82014-12-14 19:44:34 -0500[diff] [blame]519
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]520 /* Add the message to the handshake hash. */
David Benjaminfbdfefb2015-02-16 19:33:53 -0500[diff] [blame]521 return ssl3_finish_mac(s, (uint8_t *)s->init_buf->data, s->init_num);
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]522}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]523
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]524int ssl3_handshake_write(SSL *s) { return ssl3_do_write(s, SSL3_RT_HANDSHAKE); }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]525
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]526int ssl3_new(SSL *s) {
527 SSL3_STATE *s3;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]528
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]529 s3 = OPENSSL_malloc(sizeof *s3);
530 if (s3 == NULL) {
531 goto err;
532 }
533 memset(s3, 0, sizeof *s3);
534 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
535 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
536
537 s->s3 = s3;
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]538
David Benjamin62fd1622015-01-11 13:30:01 -0500[diff] [blame]539 /* Set the version to the highest supported version for TLS. This controls the
540 * initial state of |s->enc_method| and what the API reports as the version
541 * prior to negotiation.
542 *
543 * TODO(davidben): This is fragile and confusing. */
544 s->version = TLS1_2_VERSION;
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]545 return 1;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]546err:
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]547 return 0;
548}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]549
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]550void ssl3_free(SSL *s) {
David Benjamin62fd1622015-01-11 13:30:01 -0500[diff] [blame]551 if (s == NULL || s->s3 == NULL) {
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]552 return;
553 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]554
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]555 if (s->s3->sniff_buffer != NULL) {
556 BUF_MEM_free(s->s3->sniff_buffer);
557 }
558 ssl3_cleanup_key_block(s);
559 if (s->s3->rbuf.buf != NULL) {
560 ssl3_release_read_buffer(s);
561 }
562 if (s->s3->wbuf.buf != NULL) {
563 ssl3_release_write_buffer(s);
564 }
565 if (s->s3->tmp.dh != NULL) {
566 DH_free(s->s3->tmp.dh);
567 }
568 if (s->s3->tmp.ecdh != NULL) {
569 EC_KEY_free(s->s3->tmp.ecdh);
570 }
David Benjamin4b755cb2014-12-12 03:58:07 -0500[diff] [blame]571
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]572 if (s->s3->tmp.ca_names != NULL) {
573 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
574 }
575 if (s->s3->tmp.certificate_types != NULL) {
576 OPENSSL_free(s->s3->tmp.certificate_types);
577 }
578 if (s->s3->tmp.peer_ecpointformatlist) {
579 OPENSSL_free(s->s3->tmp.peer_ecpointformatlist);
580 }
581 if (s->s3->tmp.peer_ellipticcurvelist) {
582 OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist);
583 }
584 if (s->s3->tmp.peer_psk_identity_hint) {
585 OPENSSL_free(s->s3->tmp.peer_psk_identity_hint);
586 }
587 if (s->s3->handshake_buffer) {
588 BIO_free(s->s3->handshake_buffer);
589 }
590 if (s->s3->handshake_dgst) {
591 ssl3_free_digest_list(s);
592 }
593 if (s->s3->alpn_selected) {
594 OPENSSL_free(s->s3->alpn_selected);
595 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]596
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]597 OPENSSL_cleanse(s->s3, sizeof *s->s3);
598 OPENSSL_free(s->s3);
599 s->s3 = NULL;
600}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]601
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]602static int ssl3_set_req_cert_type(CERT *c, const uint8_t *p, size_t len);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]603
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]604long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) {
605 int ret = 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]606
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]607 switch (cmd) {
608 case SSL_CTRL_GET_SESSION_REUSED:
609 ret = s->hit;
610 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]611
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]612 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
613 break;
614
615 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
616 ret = s->s3->num_renegotiations;
617 break;
618
619 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
620 ret = s->s3->num_renegotiations;
621 s->s3->num_renegotiations = 0;
622 break;
623
624 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
625 ret = s->s3->total_renegotiations;
626 break;
627
628 case SSL_CTRL_GET_FLAGS:
629 ret = (int)(s->s3->flags);
630 break;
631
632 case SSL_CTRL_NEED_TMP_RSA:
633 /* Temporary RSA keys are never used. */
634 ret = 0;
635 break;
636
637 case SSL_CTRL_SET_TMP_RSA:
638 /* Temporary RSA keys are never used. */
639 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
640 break;
641
642 case SSL_CTRL_SET_TMP_RSA_CB:
643 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
644 return ret;
645
646 case SSL_CTRL_SET_TMP_DH: {
647 DH *dh = (DH *)parg;
648 if (dh == NULL) {
649 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_PASSED_NULL_PARAMETER);
650 return ret;
651 }
652 dh = DHparams_dup(dh);
653 if (dh == NULL) {
654 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_DH_LIB);
655 return ret;
656 }
657 if (!(s->options & SSL_OP_SINGLE_DH_USE) && !DH_generate_key(dh)) {
658 DH_free(dh);
659 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_DH_LIB);
660 return ret;
661 }
662 if (s->cert->dh_tmp != NULL) {
663 DH_free(s->cert->dh_tmp);
664 }
665 s->cert->dh_tmp = dh;
666 ret = 1;
667 break;
668 }
669
670 case SSL_CTRL_SET_TMP_DH_CB:
671 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
672 return ret;
673
674 case SSL_CTRL_SET_TMP_ECDH: {
David Benjaminc0f763b2015-03-27 02:05:39 -0400[diff] [blame]675 /* For historical reasons, this API expects an |EC_KEY|, but only the
676 * group is used. */
677 EC_KEY *ec_key = (EC_KEY *)parg;
678 if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) {
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]679 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_PASSED_NULL_PARAMETER);
680 return ret;
681 }
David Benjaminc0f763b2015-03-27 02:05:39 -0400[diff] [blame]682 s->cert->ecdh_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]683 ret = 1;
684 break;
685 }
686
687 case SSL_CTRL_SET_TMP_ECDH_CB:
688 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
689 return ret;
690
691 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
692 if (larg == TLSEXT_NAMETYPE_host_name) {
693 if (s->tlsext_hostname != NULL) {
694 OPENSSL_free(s->tlsext_hostname);
695 }
696 s->tlsext_hostname = NULL;
697
698 ret = 1;
699 if (parg == NULL) {
700 break;
701 }
702 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
703 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
704 return 0;
705 }
706 s->tlsext_hostname = BUF_strdup((char *) parg);
707 if (s->tlsext_hostname == NULL) {
708 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_INTERNAL_ERROR);
709 return 0;
710 }
711 } else {
712 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl,
713 SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
714 return 0;
715 }
716 break;
717
718 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
719 s->tlsext_debug_arg = parg;
720 ret = 1;
721 break;
722
723 case SSL_CTRL_CHAIN:
724 if (larg) {
725 return ssl_cert_set1_chain(s->cert, (STACK_OF(X509) *)parg);
726 } else {
727 return ssl_cert_set0_chain(s->cert, (STACK_OF(X509) *)parg);
728 }
729
730 case SSL_CTRL_CHAIN_CERT:
731 if (larg) {
732 return ssl_cert_add1_chain_cert(s->cert, (X509 *)parg);
733 } else {
734 return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg);
735 }
736
737 case SSL_CTRL_GET_CHAIN_CERTS:
738 *(STACK_OF(X509) **)parg = s->cert->key->chain;
739 break;
740
741 case SSL_CTRL_SELECT_CURRENT_CERT:
742 return ssl_cert_select_current(s->cert, (X509 *)parg);
743
744 case SSL_CTRL_GET_CURVES: {
745 const uint16_t *clist = s->s3->tmp.peer_ellipticcurvelist;
746 size_t clistlen = s->s3->tmp.peer_ellipticcurvelist_length;
747 if (parg) {
748 size_t i;
749 int *cptr = parg;
750 int nid;
751 for (i = 0; i < clistlen; i++) {
752 nid = tls1_ec_curve_id2nid(clist[i]);
David Benjamin0cb3f5b2014-12-27 02:15:41 -0500[diff] [blame]753 if (nid != NID_undef) {
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]754 cptr[i] = nid;
755 } else {
756 cptr[i] = TLSEXT_nid_unknown | clist[i];
757 }
758 }
759 }
760 return (int)clistlen;
761 }
762
763 case SSL_CTRL_SET_CURVES:
764 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
765 &s->tlsext_ellipticcurvelist_length, parg, larg);
766
767 case SSL_CTRL_SET_ECDH_AUTO:
768 s->cert->ecdh_tmp_auto = larg;
769 return 1;
770
771 case SSL_CTRL_SET_SIGALGS:
772 return tls1_set_sigalgs(s->cert, parg, larg, 0);
773
774 case SSL_CTRL_SET_CLIENT_SIGALGS:
775 return tls1_set_sigalgs(s->cert, parg, larg, 1);
776
777 case SSL_CTRL_GET_CLIENT_CERT_TYPES: {
778 const uint8_t **pctype = parg;
779 if (s->server || !s->s3->tmp.cert_req) {
780 return 0;
781 }
782 if (pctype) {
783 *pctype = s->s3->tmp.certificate_types;
784 }
785 return (int)s->s3->tmp.num_certificate_types;
786 }
787
788 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
789 if (!s->server) {
790 return 0;
791 }
792 return ssl3_set_req_cert_type(s->cert, parg, larg);
793
794 case SSL_CTRL_BUILD_CERT_CHAIN:
795 return ssl_build_cert_chain(s->cert, s->ctx->cert_store, larg);
796
797 case SSL_CTRL_SET_VERIFY_CERT_STORE:
798 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
799
800 case SSL_CTRL_SET_CHAIN_CERT_STORE:
801 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
802
803 case SSL_CTRL_GET_SERVER_TMP_KEY:
804 if (s->server || !s->session || !s->session->sess_cert) {
805 return 0;
806 } else {
807 SESS_CERT *sc;
808 EVP_PKEY *ptmp;
809 int rv = 0;
810 sc = s->session->sess_cert;
811 if (!sc->peer_dh_tmp && !sc->peer_ecdh_tmp) {
812 return 0;
813 }
814 ptmp = EVP_PKEY_new();
815 if (!ptmp) {
816 return 0;
817 }
818 if (sc->peer_dh_tmp) {
819 rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
820 } else if (sc->peer_ecdh_tmp) {
821 rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);
822 }
823 if (rv) {
824 *(EVP_PKEY **)parg = ptmp;
825 return 1;
826 }
827 EVP_PKEY_free(ptmp);
828 return 0;
829 }
830
831 case SSL_CTRL_GET_EC_POINT_FORMATS: {
832 const uint8_t **pformat = parg;
833 if (!s->s3->tmp.peer_ecpointformatlist) {
834 return 0;
835 }
836 *pformat = s->s3->tmp.peer_ecpointformatlist;
837 return (int)s->s3->tmp.peer_ecpointformatlist_length;
838 }
839
840 case SSL_CTRL_CHANNEL_ID:
841 s->tlsext_channel_id_enabled = 1;
842 ret = 1;
843 break;
844
845 case SSL_CTRL_SET_CHANNEL_ID:
846 s->tlsext_channel_id_enabled = 1;
847 if (EVP_PKEY_bits(parg) != 256) {
848 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, SSL_R_CHANNEL_ID_NOT_P256);
849 break;
850 }
851 if (s->tlsext_channel_id_private) {
852 EVP_PKEY_free(s->tlsext_channel_id_private);
853 }
854 s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY *)parg);
855 ret = 1;
856 break;
857
858 case SSL_CTRL_GET_CHANNEL_ID:
859 if (!s->s3->tlsext_channel_id_valid) {
860 break;
861 }
862 memcpy(parg, s->s3->tlsext_channel_id, larg < 64 ? larg : 64);
863 return 64;
864
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]865 default:
866 break;
867 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]868
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]869 return ret;
870}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]871
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]872long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) {
873 int ret = 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]874
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]875 switch (cmd) {
876 case SSL_CTRL_SET_TMP_RSA_CB:
877 /* Ignore the callback; temporary RSA keys are never used. */
878 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]879
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]880 case SSL_CTRL_SET_TMP_DH_CB:
881 s->cert->dh_tmp_cb = (DH * (*)(SSL *, int, int))fp;
882 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]883
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]884 case SSL_CTRL_SET_TMP_ECDH_CB:
885 s->cert->ecdh_tmp_cb = (EC_KEY * (*)(SSL *, int, int))fp;
886 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]887
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]888 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
889 s->tlsext_debug_cb =
890 (void (*)(SSL *, int, int, uint8_t *, int, void *))fp;
891 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]892
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]893 default:
894 break;
895 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]896
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]897 return ret;
898}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]899
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]900long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) {
901 CERT *cert;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]902
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]903 cert = ctx->cert;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]904
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]905 switch (cmd) {
906 case SSL_CTRL_NEED_TMP_RSA:
907 /* Temporary RSA keys are never used. */
908 return 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]909
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]910 case SSL_CTRL_SET_TMP_RSA:
911 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
912 return 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]913
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]914 case SSL_CTRL_SET_TMP_RSA_CB:
915 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
916 return 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]917
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]918 case SSL_CTRL_SET_TMP_DH: {
919 DH *new = NULL, *dh;
Adam Langley1258b6a2014-06-20 12:00:00 -0700[diff] [blame]920
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]921 dh = (DH *)parg;
922 new = DHparams_dup(dh);
923 if (new == NULL) {
924 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_DH_LIB);
925 return 0;
926 }
927 if (!(ctx->options & SSL_OP_SINGLE_DH_USE) && !DH_generate_key(new)) {
928 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_DH_LIB);
929 DH_free(new);
930 return 0;
931 }
932 if (cert->dh_tmp != NULL) {
933 DH_free(cert->dh_tmp);
934 }
935 cert->dh_tmp = new;
936 return 1;
937 }
Adam Langley1258b6a2014-06-20 12:00:00 -0700[diff] [blame]938
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]939 case SSL_CTRL_SET_TMP_DH_CB:
940 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
941 return 0;
Adam Langley1258b6a2014-06-20 12:00:00 -0700[diff] [blame]942
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]943 case SSL_CTRL_SET_TMP_ECDH: {
David Benjaminc0f763b2015-03-27 02:05:39 -0400[diff] [blame]944 /* For historical reasons, this API expects an |EC_KEY|, but only the
945 * group is used. */
946 EC_KEY *ec_key = (EC_KEY *)parg;
947 if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) {
948 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_PASSED_NULL_PARAMETER);
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]949 return 0;
950 }
David Benjaminc0f763b2015-03-27 02:05:39 -0400[diff] [blame]951 ctx->cert->ecdh_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]952 return 1;
953 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]954
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]955 case SSL_CTRL_SET_TMP_ECDH_CB:
956 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
957 return 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]958
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]959 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
960 ctx->tlsext_servername_arg = parg;
961 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]962
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]963 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
964 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: {
965 uint8_t *keys = parg;
966 if (!keys) {
967 return 48;
968 }
969 if (larg != 48) {
970 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, SSL_R_INVALID_TICKET_KEYS_LENGTH);
971 return 0;
972 }
973 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
974 memcpy(ctx->tlsext_tick_key_name, keys, 16);
975 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
976 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
977 } else {
978 memcpy(keys, ctx->tlsext_tick_key_name, 16);
979 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
980 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
981 }
982 return 1;
983 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]984
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]985 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
986 ctx->tlsext_status_arg = parg;
987 return 1;
988 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]989
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]990 case SSL_CTRL_SET_CURVES:
991 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
992 &ctx->tlsext_ellipticcurvelist_length, parg, larg);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]993
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]994 case SSL_CTRL_SET_ECDH_AUTO:
995 ctx->cert->ecdh_tmp_auto = larg;
996 return 1;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]997
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]998 case SSL_CTRL_SET_SIGALGS:
999 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1000
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1001 case SSL_CTRL_SET_CLIENT_SIGALGS:
1002 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1003
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1004 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
1005 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1006
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1007 case SSL_CTRL_BUILD_CERT_CHAIN:
1008 return ssl_build_cert_chain(ctx->cert, ctx->cert_store, larg);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1009
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1010 case SSL_CTRL_SET_VERIFY_CERT_STORE:
1011 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1012
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1013 case SSL_CTRL_SET_CHAIN_CERT_STORE:
1014 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1015
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1016 case SSL_CTRL_EXTRA_CHAIN_CERT:
1017 if (ctx->extra_certs == NULL) {
1018 ctx->extra_certs = sk_X509_new_null();
1019 if (ctx->extra_certs == NULL) {
1020 return 0;
1021 }
1022 }
1023 sk_X509_push(ctx->extra_certs, (X509 *)parg);
1024 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1025
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1026 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
1027 if (ctx->extra_certs == NULL && larg == 0) {
1028 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
1029 } else {
1030 *(STACK_OF(X509) **)parg = ctx->extra_certs;
1031 }
1032 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1033
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1034 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
1035 if (ctx->extra_certs) {
1036 sk_X509_pop_free(ctx->extra_certs, X509_free);
1037 ctx->extra_certs = NULL;
1038 }
1039 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1040
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1041 case SSL_CTRL_CHAIN:
1042 if (larg) {
1043 return ssl_cert_set1_chain(ctx->cert, (STACK_OF(X509) *)parg);
1044 } else {
1045 return ssl_cert_set0_chain(ctx->cert, (STACK_OF(X509) *)parg);
1046 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1047
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1048 case SSL_CTRL_CHAIN_CERT:
1049 if (larg) {
1050 return ssl_cert_add1_chain_cert(ctx->cert, (X509 *)parg);
1051 } else {
1052 return ssl_cert_add0_chain_cert(ctx->cert, (X509 *)parg);
1053 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1054
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1055 case SSL_CTRL_GET_CHAIN_CERTS:
1056 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
1057 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1058
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1059 case SSL_CTRL_SELECT_CURRENT_CERT:
1060 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1061
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1062 case SSL_CTRL_CHANNEL_ID:
1063 ctx->tlsext_channel_id_enabled = 1;
1064 return 1;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1065
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1066 case SSL_CTRL_SET_CHANNEL_ID:
1067 ctx->tlsext_channel_id_enabled = 1;
1068 if (EVP_PKEY_bits(parg) != 256) {
1069 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, SSL_R_CHANNEL_ID_NOT_P256);
1070 break;
1071 }
1072 if (ctx->tlsext_channel_id_private) {
1073 EVP_PKEY_free(ctx->tlsext_channel_id_private);
1074 }
1075 ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY *)parg);
1076 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1077
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1078 default:
1079 return 0;
1080 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1081
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1082 return 1;
1083}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1084
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1085long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) {
1086 CERT *cert;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1087
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1088 cert = ctx->cert;
Adam Langley1258b6a2014-06-20 12:00:00 -0700[diff] [blame]1089
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1090 switch (cmd) {
1091 case SSL_CTRL_SET_TMP_RSA_CB:
1092 /* Ignore the callback; temporary RSA keys are never used. */
1093 break;
Adam Langley1258b6a2014-06-20 12:00:00 -0700[diff] [blame]1094
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1095 case SSL_CTRL_SET_TMP_DH_CB:
1096 cert->dh_tmp_cb = (DH * (*)(SSL *, int, int))fp;
1097 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1098
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1099 case SSL_CTRL_SET_TMP_ECDH_CB:
1100 cert->ecdh_tmp_cb = (EC_KEY * (*)(SSL *, int, int))fp;
1101 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1102
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1103 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
1104 ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
1105 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1106
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1107 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
1108 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
1109 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1110
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1111 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
1112 ctx->tlsext_ticket_key_cb = (int (
1113 *)(SSL *, uint8_t *, uint8_t *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
1114 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1115
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1116 default:
1117 return 0;
1118 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1119
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1120 return 1;
1121}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1122
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1123/* ssl3_get_cipher_by_value returns the SSL_CIPHER with value |value| or NULL
1124 * if none exists.
David Benjamin39482a12014-07-20 13:30:15 -0400[diff] [blame]1125 *
1126 * This function needs to check if the ciphers required are actually
1127 * available. */
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1128const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value) {
1129 SSL_CIPHER c;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1130
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1131 c.id = 0x03000000L | value;
1132 return bsearch(&c, ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(SSL_CIPHER),
1133 ssl_cipher_id_cmp);
1134}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1135
David Benjamin39482a12014-07-20 13:30:15 -0400[diff] [blame]1136/* ssl3_get_cipher_by_value returns the cipher value of |c|. */
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1137uint16_t ssl3_get_cipher_value(const SSL_CIPHER *c) {
1138 unsigned long id = c->id;
1139 /* All ciphers are SSLv3 now. */
1140 assert((id & 0xff000000) == 0x03000000);
1141 return id & 0xffff;
1142}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1143
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1144struct ssl_cipher_preference_list_st *ssl_get_cipher_preferences(SSL *s) {
1145 if (s->cipher_list != NULL) {
1146 return s->cipher_list;
1147 }
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]1148
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1149 if (s->version >= TLS1_1_VERSION && s->ctx != NULL &&
1150 s->ctx->cipher_list_tls11 != NULL) {
1151 return s->ctx->cipher_list_tls11;
1152 }
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]1153
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1154 if (s->ctx != NULL && s->ctx->cipher_list != NULL) {
1155 return s->ctx->cipher_list;
1156 }
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]1157
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1158 return NULL;
1159}
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]1160
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1161const SSL_CIPHER *ssl3_choose_cipher(
1162 SSL *s, STACK_OF(SSL_CIPHER) * clnt,
1163 struct ssl_cipher_preference_list_st *server_pref) {
1164 const SSL_CIPHER *c, *ret = NULL;
1165 STACK_OF(SSL_CIPHER) *srvr = server_pref->ciphers, *prio, *allow;
1166 size_t i;
1167 int ok;
1168 size_t cipher_index;
1169 unsigned long alg_k, alg_a, mask_k, mask_a;
1170 /* in_group_flags will either be NULL, or will point to an array of bytes
1171 * which indicate equal-preference groups in the |prio| stack. See the
1172 * comment about |in_group_flags| in the |ssl_cipher_preference_list_st|
1173 * struct. */
1174 const uint8_t *in_group_flags;
1175 /* group_min contains the minimal index so far found in a group, or -1 if no
1176 * such value exists yet. */
1177 int group_min = -1;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1178
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1179 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
1180 prio = srvr;
1181 in_group_flags = server_pref->in_group_flags;
1182 allow = clnt;
1183 } else {
1184 prio = clnt;
1185 in_group_flags = NULL;
1186 allow = srvr;
1187 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1188
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1189 ssl_get_compatible_server_ciphers(s, &mask_k, &mask_a);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1190
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1191 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
1192 c = sk_SSL_CIPHER_value(prio, i);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1193
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1194 ok = 1;
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]1195
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1196 /* Skip TLS v1.2 only ciphersuites if not supported */
1197 if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s)) {
1198 ok = 0;
1199 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1200
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1201 alg_k = c->algorithm_mkey;
1202 alg_a = c->algorithm_auth;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1203
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1204 ok = ok && (alg_k & mask_k) && (alg_a & mask_a);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1205
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1206 if (ok && sk_SSL_CIPHER_find(allow, &cipher_index, c)) {
1207 if (in_group_flags != NULL && in_group_flags[i] == 1) {
1208 /* This element of |prio| is in a group. Update the minimum index found
1209 * so far and continue looking. */
1210 if (group_min == -1 || (size_t)group_min > cipher_index) {
1211 group_min = cipher_index;
1212 }
1213 } else {
1214 if (group_min != -1 && (size_t)group_min < cipher_index) {
1215 cipher_index = group_min;
1216 }
1217 ret = sk_SSL_CIPHER_value(allow, cipher_index);
1218 break;
1219 }
1220 }
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]1221
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1222 if (in_group_flags != NULL && in_group_flags[i] == 0 && group_min != -1) {
1223 /* We are about to leave a group, but we found a match in it, so that's
1224 * our answer. */
1225 ret = sk_SSL_CIPHER_value(allow, group_min);
1226 break;
1227 }
1228 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1229
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1230 return ret;
1231}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1232
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1233int ssl3_get_req_cert_type(SSL *s, uint8_t *p) {
1234 int ret = 0;
1235 const uint8_t *sig;
1236 size_t i, siglen;
1237 int have_rsa_sign = 0;
1238 int have_ecdsa_sign = 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1239
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1240 /* If we have custom certificate types set, use them */
1241 if (s->cert->client_certificate_types) {
1242 memcpy(p, s->cert->client_certificate_types,
1243 s->cert->num_client_certificate_types);
1244 return s->cert->num_client_certificate_types;
1245 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1246
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1247 /* get configured sigalgs */
1248 siglen = tls12_get_psigalgs(s, &sig);
1249 for (i = 0; i < siglen; i += 2, sig += 2) {
1250 switch (sig[1]) {
1251 case TLSEXT_signature_rsa:
1252 have_rsa_sign = 1;
1253 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1254
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1255 case TLSEXT_signature_ecdsa:
1256 have_ecdsa_sign = 1;
1257 break;
1258 }
1259 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1260
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1261 if (have_rsa_sign) {
1262 p[ret++] = SSL3_CT_RSA_SIGN;
1263 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1264
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1265 /* ECDSA certs can be used with RSA cipher suites as well so we don't need to
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]1266 * check for SSL_kECDH or SSL_kECDHE. */
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1267 if (s->version >= TLS1_VERSION && have_ecdsa_sign) {
1268 p[ret++] = TLS_CT_ECDSA_SIGN;
1269 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1270
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1271 return ret;
1272}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1273
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1274static int ssl3_set_req_cert_type(CERT *c, const uint8_t *p, size_t len) {
1275 if (c->client_certificate_types) {
1276 OPENSSL_free(c->client_certificate_types);
1277 c->client_certificate_types = NULL;
1278 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1279
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1280 c->num_client_certificate_types = 0;
1281 if (!p || !len) {
1282 return 1;
1283 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1284
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1285 if (len > 0xff) {
1286 return 0;
1287 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1288
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1289 c->client_certificate_types = BUF_memdup(p, len);
1290 if (!c->client_certificate_types) {
1291 return 0;
1292 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1293
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1294 c->num_client_certificate_types = len;
1295 return 1;
1296}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1297
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1298int ssl3_shutdown(SSL *s) {
1299 int ret;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1300
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1301 /* Do nothing if configured not to send a close_notify. */
1302 if (s->quiet_shutdown) {
1303 s->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN;
1304 return 1;
1305 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1306
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1307 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
1308 s->shutdown |= SSL_SENT_SHUTDOWN;
1309 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1310
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1311 /* our shutdown alert has been sent now, and if it still needs to be
1312 * written, s->s3->alert_dispatch will be true */
1313 if (s->s3->alert_dispatch) {
1314 return -1; /* return WANT_WRITE */
1315 }
1316 } else if (s->s3->alert_dispatch) {
1317 /* resend it if not sent */
1318 ret = s->method->ssl_dispatch_alert(s);
1319 if (ret == -1) {
1320 /* we only get to return -1 here the 2nd/Nth invocation, we must have
1321 * already signalled return 0 upon a previous invoation, return
1322 * WANT_WRITE */
1323 return ret;
1324 }
1325 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
1326 /* If we are waiting for a close from our peer, we are closed */
1327 s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
1328 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
1329 return -1; /* return WANT_READ */
1330 }
1331 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1332
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1333 if (s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN) &&
1334 !s->s3->alert_dispatch) {
1335 return 1;
1336 } else {
1337 return 0;
1338 }
1339}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1340
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1341int ssl3_write(SSL *s, const void *buf, int len) {
1342 ERR_clear_system_error();
1343 if (s->s3->renegotiate) {
1344 ssl3_renegotiate_check(s);
1345 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1346
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1347 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);
1348}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1349
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1350static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) {
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1351 ERR_clear_system_error();
1352 if (s->s3->renegotiate) {
1353 ssl3_renegotiate_check(s);
1354 }
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1355
David Benjaminccf74f82015-02-09 00:01:31 -0500[diff] [blame]1356 return s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek);
Adam Langleybe2900a2014-12-18 12:09:04 -0800[diff] [blame]1357}
1358
1359int ssl3_read(SSL *s, void *buf, int len) {
1360 return ssl3_read_internal(s, buf, len, 0);
1361}
1362
1363int ssl3_peek(SSL *s, void *buf, int len) {
1364 return ssl3_read_internal(s, buf, len, 1);
1365}
1366
1367int ssl3_renegotiate(SSL *s) {
1368 if (s->handshake_func == NULL) {
1369 return 1;
1370 }
1371
1372 s->s3->renegotiate = 1;
1373 return 1;
1374}
1375
1376int ssl3_renegotiate_check(SSL *s) {
1377 if (s->s3->renegotiate && s->s3->rbuf.left == 0 && s->s3->wbuf.left == 0 &&
1378 !SSL_in_init(s)) {
1379 /* if we are the server, and we have sent a 'RENEGOTIATE' message, we
1380 * need to go to SSL_ST_ACCEPT. */
1381 s->state = SSL_ST_RENEGOTIATE;
1382 s->s3->renegotiate = 0;
1383 s->s3->num_renegotiations++;
1384 s->s3->total_renegotiations++;
1385 return 1;
1386 }
1387
1388 return 0;
1389}
1390
1391/* If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
1392 * handshake macs if required. */
1393long ssl_get_algorithm2(SSL *s) {
1394 static const unsigned long kMask = SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
1395 long alg2 = s->s3->tmp.new_cipher->algorithm2;
1396 if (s->enc_method->enc_flags & SSL_ENC_FLAG_SHA256_PRF &&
1397 (alg2 & kMask) == kMask) {
1398 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
1399 }
1400 return alg2;
1401}