ssl_locl.h 45.9 KB
Newer Older
1
/* ssl/ssl_locl.h */
2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
B
Bodo Möller 已提交
58
/* ====================================================================
59
 * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
B
Bodo Möller 已提交
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
B
Bodo Möller 已提交
111 112 113 114 115
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 * ECC cipher suite support in OpenSSL originally developed by 
 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
 */
116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141
/* ====================================================================
 * Copyright 2005 Nokia. All rights reserved.
 *
 * The portions of the attached software ("Contribution") is developed by
 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
 * license.
 *
 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
 * support (see RFC 4279) to OpenSSL.
 *
 * No patent licenses or other rights except those expressly stated in
 * the OpenSSL open source license shall be deemed granted or received
 * expressly, by implication, estoppel, or otherwise.
 *
 * No assurances are provided by Nokia that the Contribution does not
 * infringe the patent or other intellectual property rights of any third
 * party or that the license provides you with all the necessary rights
 * to make use of the Contribution.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
 * OTHERWISE.
 */
142 143 144 145 146 147 148 149

#ifndef HEADER_SSL_LOCL_H
#define HEADER_SSL_LOCL_H
#include <stdlib.h>
#include <time.h>
#include <string.h>
#include <errno.h>

150
#include "e_os.h"
151

152
#include <openssl/buffer.h>
153
#ifndef OPENSSL_NO_COMP
154
#include <openssl/comp.h>
155
#endif
156 157
#include <openssl/bio.h>
#include <openssl/stack.h>
N
make  
Nils Larsch 已提交
158
#ifndef OPENSSL_NO_RSA
159
#include <openssl/rsa.h>
N
make  
Nils Larsch 已提交
160 161
#endif
#ifndef OPENSSL_NO_DSA
162
#include <openssl/dsa.h>
N
make  
Nils Larsch 已提交
163
#endif
164 165
#include <openssl/err.h>
#include <openssl/ssl.h>
166
#include <openssl/symhacks.h>
167

168 169 170 171 172
#ifdef OPENSSL_BUILD_SHLIBSSL
# undef OPENSSL_EXTERN
# define OPENSSL_EXTERN OPENSSL_EXPORT
#endif

173
#undef PKCS1_CHECK
174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210

#define c2l(c,l)	(l = ((unsigned long)(*((c)++)))     , \
			 l|=(((unsigned long)(*((c)++)))<< 8), \
			 l|=(((unsigned long)(*((c)++)))<<16), \
			 l|=(((unsigned long)(*((c)++)))<<24))

/* NOTE - c is not incremented as per c2l */
#define c2ln(c,l1,l2,n)	{ \
			c+=n; \
			l1=l2=0; \
			switch (n) { \
			case 8: l2 =((unsigned long)(*(--(c))))<<24; \
			case 7: l2|=((unsigned long)(*(--(c))))<<16; \
			case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
			case 5: l2|=((unsigned long)(*(--(c))));     \
			case 4: l1 =((unsigned long)(*(--(c))))<<24; \
			case 3: l1|=((unsigned long)(*(--(c))))<<16; \
			case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
			case 1: l1|=((unsigned long)(*(--(c))));     \
				} \
			}

#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff), \
			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>24)&0xff))

#define n2l(c,l)	(l =((unsigned long)(*((c)++)))<<24, \
			 l|=((unsigned long)(*((c)++)))<<16, \
			 l|=((unsigned long)(*((c)++)))<< 8, \
			 l|=((unsigned long)(*((c)++))))

#define l2n(l,c)	(*((c)++)=(unsigned char)(((l)>>24)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
			 *((c)++)=(unsigned char)(((l)    )&0xff))

B
Ben Laurie 已提交
211 212 213 214 215 216 217
#define l2n6(l,c)	(*((c)++)=(unsigned char)(((l)>>40)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>32)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
			 *((c)++)=(unsigned char)(((l)    )&0xff))

B
Ben Laurie 已提交
218 219 220 221 222 223 224 225 226
#define l2n8(l,c)	(*((c)++)=(unsigned char)(((l)>>56)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>48)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>40)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>32)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
			 *((c)++)=(unsigned char)(((l)    )&0xff))

227 228 229 230 231 232
#define n2l6(c,l)	(l =((BN_ULLONG)(*((c)++)))<<40, \
			 l|=((BN_ULLONG)(*((c)++)))<<32, \
			 l|=((BN_ULLONG)(*((c)++)))<<24, \
			 l|=((BN_ULLONG)(*((c)++)))<<16, \
			 l|=((BN_ULLONG)(*((c)++)))<< 8, \
			 l|=((BN_ULLONG)(*((c)++))))
B
Ben Laurie 已提交
233

234 235 236 237 238 239 240 241 242 243 244 245 246 247 248
/* NOTE - c is not incremented as per l2c */
#define l2cn(l1,l2,c,n)	{ \
			c+=n; \
			switch (n) { \
			case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
			case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
			case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
			case 5: *(--(c))=(unsigned char)(((l2)    )&0xff); \
			case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
			case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
			case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
			case 1: *(--(c))=(unsigned char)(((l1)    )&0xff); \
				} \
			}

249 250 251 252
#define n2s(c,s)	((s=(((unsigned int)(c[0]))<< 8)| \
			    (((unsigned int)(c[1]))    )),c+=2)
#define s2n(s,c)	((c[0]=(unsigned char)(((s)>> 8)&0xff), \
			  c[1]=(unsigned char)(((s)    )&0xff)),c+=2)
253

254 255 256
#define n2l3(c,l)	((l =(((unsigned long)(c[0]))<<16)| \
			     (((unsigned long)(c[1]))<< 8)| \
			     (((unsigned long)(c[2]))    )),c+=3)
257

258 259 260
#define l2n3(l,c)	((c[0]=(unsigned char)(((l)>>16)&0xff), \
			  c[1]=(unsigned char)(((l)>> 8)&0xff), \
			  c[2]=(unsigned char)(((l)    )&0xff)),c+=3)
261 262 263 264 265 266 267 268 269 270 271 272 273 274 275

/* LOCAL STUFF */

#define SSL_DECRYPT	0
#define SSL_ENCRYPT	1

#define TWO_BYTE_BIT	0x80
#define SEC_ESC_BIT	0x40
#define TWO_BYTE_MASK	0x7fff
#define THREE_BYTE_MASK	0x3fff

#define INC32(a)	((a)=((a)+1)&0xffffffffL)
#define DEC32(a)	((a)=((a)-1)&0xffffffffL)
#define MAX_MAC_SIZE	20 /* up from 16 for SSLv3 */

276 277 278 279 280 281 282 283
/*
 * Define the Bitmasks for SSL_CIPHER.algorithms.
 * This bits are used packed as dense as possible. If new methods/ciphers
 * etc will be added, the bits a likely to change, so this information
 * is for internal library use only, even though SSL_CIPHER.algorithms
 * can be publicly accessed.
 * Use the according functions for cipher management instead.
 *
U
Ulf Möller 已提交
284
 * The bit mask handling in the selection and sorting scheme in
285
 * ssl_create_cipher_list() has only limited capabilities, reflecting
U
Ulf Möller 已提交
286
 * that the different entities within are mutually exclusive:
287 288
 * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
 */
289 290

/* Bits for algorithm_mkey (key exchange algorithm) */
291
#define SSL_kRSA		0x00000001L /* RSA key exchange */
292 293
#define SSL_kDHr		0x00000002L /* DH cert, RSA CA cert */
#define SSL_kDHd		0x00000004L /* DH cert, DSA CA cert */
294 295 296 297 298
#define SSL_kEDH		0x00000008L /* tmp DH key no DH cert */
#define SSL_kKRB5		0x00000010L /* Kerberos5 key exchange */
#define SSL_kECDHr		0x00000020L /* ECDH cert, RSA CA cert */
#define SSL_kECDHe		0x00000040L /* ECDH cert, ECDSA CA cert */
#define SSL_kEECDH		0x00000080L /* ephemeral ECDH */
299
#define SSL_kPSK		0x00000100L /* PSK */
300
#define SSL_kGOST       0x00000200L /* GOST key exchange */
B
Ben Laurie 已提交
301
#define SSL_kSRP        0x00000400L /* SRP */
302 303 304 305 306

/* Bits for algorithm_auth (server authentication) */
#define SSL_aRSA		0x00000001L /* RSA auth */
#define SSL_aDSS 		0x00000002L /* DSS auth */
#define SSL_aNULL 		0x00000004L /* no auth (i.e. use ADH or AECDH) */
307
#define SSL_aDH 		0x00000008L /* Fixed DH auth (kDHd or kDHr) */
308 309 310 311
#define SSL_aECDH 		0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */
#define SSL_aKRB5               0x00000020L /* KRB5 auth */
#define SSL_aECDSA              0x00000040L /* ECDSA auth*/
#define SSL_aPSK                0x00000080L /* PSK auth */
312 313
#define SSL_aGOST94				0x00000100L /* GOST R 34.10-94 signature auth */
#define SSL_aGOST01 			0x00000200L /* GOST R 34.10-2001 signature auth */
314 315 316 317 318 319 320 321 322 323 324 325 326


/* Bits for algorithm_enc (symmetric encryption) */
#define SSL_DES			0x00000001L
#define SSL_3DES		0x00000002L
#define SSL_RC4			0x00000004L
#define SSL_RC2			0x00000008L
#define SSL_IDEA		0x00000010L
#define SSL_eNULL		0x00000020L
#define SSL_AES128		0x00000040L
#define SSL_AES256		0x00000080L
#define SSL_CAMELLIA128		0x00000100L
#define SSL_CAMELLIA256		0x00000200L
327
#define SSL_eGOST2814789CNT	0x00000400L
B
Bodo Möller 已提交
328
#define SSL_SEED		0x00000800L
329 330
#define SSL_AES128GCM		0x00001000L
#define SSL_AES256GCM		0x00002000L
331

332
#define SSL_AES        		(SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM)
333 334 335 336
#define SSL_CAMELLIA		(SSL_CAMELLIA128|SSL_CAMELLIA256)


/* Bits for algorithm_mac (symmetric authentication) */
337

338 339
#define SSL_MD5			0x00000001L
#define SSL_SHA1		0x00000002L
340 341
#define SSL_GOST94      0x00000004L
#define SSL_GOST89MAC   0x00000008L
342
#define SSL_SHA256		0x00000010L
343
#define SSL_SHA384		0x00000020L
344 345
/* Not a real MAC, just an indication it is part of cipher */
#define SSL_AEAD		0x00000040L
346 347 348 349

/* Bits for algorithm_ssl (protocol version) */
#define SSL_SSLV2		0x00000001L
#define SSL_SSLV3		0x00000002L
350
#define SSL_TLSV1		SSL_SSLV3	/* for now */
351
#define SSL_TLSV1_2		0x00000004L
352

353 354

/* Bits for algorithm2 (handshake digests and other extra flags) */
355 356 357 358

#define SSL_HANDSHAKE_MAC_MD5 0x10
#define SSL_HANDSHAKE_MAC_SHA 0x20
#define SSL_HANDSHAKE_MAC_GOST94 0x40
359
#define SSL_HANDSHAKE_MAC_SHA256 0x80
360
#define SSL_HANDSHAKE_MAC_SHA384 0x100
361 362 363 364
#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)

/* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX
 * make sure to update this constant too */
365
#define SSL_MAX_DIGEST 6
366

367
#define TLS1_PRF_DGST_SHIFT 10
368 369
#define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT)
#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
370
#define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT)
371
#define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT)
372 373
#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
374 375 376 377 378 379 380

/* Stream MAC for GOST ciphersuites from cryptopro draft
 * (currently this also goes into algorithm2) */
#define TLS1_STREAM_MAC 0x04



381
/*
U
Ulf Möller 已提交
382
 * Export and cipher strength information. For each cipher we have to decide
383 384 385 386 387 388
 * whether it is exportable or not. This information is likely to change
 * over time, since the export control rules are no static technical issue.
 *
 * Independent of the export flag the cipher strength is sorted into classes.
 * SSL_EXP40 was denoting the 40bit US export limit of past times, which now
 * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
U
Ulf Möller 已提交
389
 * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
390 391 392 393 394 395 396
 * since SSL_EXP64 could be similar to SSL_LOW.
 * For this reason SSL_MICRO and SSL_MINI macros are included to widen the
 * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
 * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
 * be possible.
 */
#define SSL_EXP_MASK		0x00000003L
397
#define SSL_STRONG_MASK		0x000001fcL
398

399 400 401
#define SSL_NOT_EXP		0x00000001L
#define SSL_EXPORT		0x00000002L

402 403
#define SSL_STRONG_NONE		0x00000004L
#define SSL_EXP40		0x00000008L
404
#define SSL_MICRO		(SSL_EXP40)
405
#define SSL_EXP56		0x00000010L
406
#define SSL_MINI		(SSL_EXP56)
407 408 409
#define SSL_LOW			0x00000020L
#define SSL_MEDIUM		0x00000040L
#define SSL_HIGH		0x00000080L
410
#define SSL_FIPS		0x00000100L
411

B
Bodo Möller 已提交
412
/* we have used 000001ff - 23 bits left to go */
413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434

/*
 * Macros to check the export status and cipher strength for export ciphers.
 * Even though the macros for EXPORT and EXPORT40/56 have similar names,
 * their meaning is different:
 * *_EXPORT macros check the 'exportable' status.
 * *_EXPORT40/56 macros are used to check whether a certain cipher strength
 *          is given.
 * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
 * algorithm structure element to be passed (algorithms, algo_strength) and no
 * typechecking can be done as they are all of type unsigned long, their
 * direct usage is discouraged.
 * Use the SSL_C_* macros instead.
 */
#define SSL_IS_EXPORT(a)	((a)&SSL_EXPORT)
#define SSL_IS_EXPORT56(a)	((a)&SSL_EXP56)
#define SSL_IS_EXPORT40(a)	((a)&SSL_EXP40)
#define SSL_C_IS_EXPORT(c)	SSL_IS_EXPORT((c)->algo_strength)
#define SSL_C_IS_EXPORT56(c)	SSL_IS_EXPORT56((c)->algo_strength)
#define SSL_C_IS_EXPORT40(c)	SSL_IS_EXPORT40((c)->algo_strength)

#define SSL_EXPORT_KEYLENGTH(a,s)	(SSL_IS_EXPORT40(s) ? 5 : \
435
				 (a) == SSL_DES ? 8 : 7)
436
#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
437
#define SSL_C_EXPORT_KEYLENGTH(c)	SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \
438 439
				(c)->algo_strength)
#define SSL_C_EXPORT_PKEYLENGTH(c)	SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
440 441


442

443 444 445 446 447 448 449

/* Mostly for SSLv3 */
#define SSL_PKEY_RSA_ENC	0
#define SSL_PKEY_RSA_SIGN	1
#define SSL_PKEY_DSA_SIGN	2
#define SSL_PKEY_DH_RSA		3
#define SSL_PKEY_DH_DSA		4
B
Bodo Möller 已提交
450
#define SSL_PKEY_ECC            5
451 452 453
#define SSL_PKEY_GOST94		6
#define SSL_PKEY_GOST01		7
#define SSL_PKEY_NUM		8
454 455 456 457 458 459 460 461 462 463 464 465 466 467 468

/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
 * 	    <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
 * SSL_kDH  <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
 * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
 * SSL_aRSA <- RSA_ENC | RSA_SIGN
 * SSL_aDSS <- DSA_SIGN
 */

/*
#define CERT_INVALID		0
#define CERT_PUBLIC_KEY		1
#define CERT_PRIVATE_KEY	2
*/

B
Bodo Möller 已提交
469 470 471 472 473 474 475 476 477
#ifndef OPENSSL_NO_EC
/* From ECC-TLS draft, used in encoding the curve type in 
 * ECParameters
 */
#define EXPLICIT_PRIME_CURVE_TYPE  1   
#define EXPLICIT_CHAR2_CURVE_TYPE  2
#define NAMED_CURVE_TYPE           3
#endif  /* OPENSSL_NO_EC */

478 479 480 481
typedef struct cert_pkey_st
	{
	X509 *x509;
	EVP_PKEY *privatekey;
482 483
	/* Digest to use when signing */
	const EVP_MD *digest;
484 485
	/* Chain for this certificate */
	STACK_OF(X509) *chain;
B
Ben Laurie 已提交
486 487 488 489 490 491 492 493 494
#ifndef OPENSSL_NO_TLSEXT
	/* authz/authz_length contain authz data for this certificate. The data
	 * is in wire format, specifically it's a series of records like:
	 *   uint8_t authz_type;  // (RFC 5878, AuthzDataFormat)
	 *   uint16_t length;
	 *   uint8_t data[length]; */
	unsigned char *authz;
	size_t authz_length;
#endif
495 496 497 498 499
	/* Set if CERT_PKEY can be used with current SSL session: e.g.
	 * appropriate curve, signature algorithms etc. If zero it can't be
	 * used at all.
	 */
	int valid_flags;
500
	} CERT_PKEY;
501 502 503 504 505
/* Retrieve Suite B flags */
#define tls1_suiteb(s)	(s->cert->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS)
/* Uses to check strict mode: suite B modes are always strict */
#define SSL_CERT_FLAGS_CHECK_TLS_STRICT \
	(SSL_CERT_FLAG_SUITEB_128_LOS|SSL_CERT_FLAG_TLS_STRICT)
506 507 508 509

typedef struct cert_st
	{
	/* Current active set */
510
	CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
B
Bodo Möller 已提交
511 512
			 * Probably it would make more sense to store
			 * an index, not a pointer. */
513
 
514 515 516 517 518
	/* For servers the following masks are for the key and auth
	 * algorithms that are supported by the certs below.
	 * For clients they are masks of *disabled* algorithms based
	 * on the current session.
	 */
519
	int valid;
520 521 522 523
	unsigned long mask_k;
	unsigned long mask_a;
	unsigned long export_mask_k;
	unsigned long export_mask_a;
524 525
	/* Client only */
	unsigned long mask_ssl;
526
#ifndef OPENSSL_NO_RSA
527
	RSA *rsa_tmp;
U
Ulf Möller 已提交
528
	RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
529
#endif
530
#ifndef OPENSSL_NO_DH
531
	DH *dh_tmp;
U
Ulf Möller 已提交
532
	DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
533
#endif
B
Bodo Möller 已提交
534 535 536 537
#ifndef OPENSSL_NO_ECDH
	EC_KEY *ecdh_tmp;
	/* Callback for generating ephemeral ECDH keys */
	EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize);
538 539
	/* Select ECDH parameters automatically */
	int ecdh_tmp_auto;
B
Bodo Möller 已提交
540
#endif
541 542
	/* Flags related to certificates */
	unsigned int cert_flags;
543 544
	CERT_PKEY pkeys[SSL_PKEY_NUM];

545 546 547 548 549 550 551
	/* Certificate types (received or sent) in certificate request
	 * message. On receive this is only set if number of certificate
	 * types exceeds SSL3_CT_NUMBER.
	 */
	unsigned char *ctypes;
	size_t ctype_num;

552 553 554 555
	/* signature algorithms peer reports: e.g. supported signature
	 * algorithms extension for server or as part of a certificate
	 * request for client.
	 */
556
	unsigned char *peer_sigalgs;
557
	/* Size of above array */
558
	size_t peer_sigalgslen;
559 560 561 562
	/* suppported signature algorithms.
	 * When set on a client this is sent in the client hello as the 
	 * supported signature algorithms extension. For servers
	 * it represents the signature algorithms we are willing to use.
563
	 */
564
	unsigned char *conf_sigalgs;
565 566
	/* Size of above array */
	size_t conf_sigalgslen;
567 568 569 570 571 572 573 574 575
	/* Client authentication signature algorithms, if not set then
	 * uses conf_sigalgs. On servers these will be the signature
	 * algorithms sent to the client in a cerificate request for TLS 1.2.
	 * On a client this represents the signature algortithms we are
	 * willing to use for client authentication.
	 */
	unsigned char *client_sigalgs;
	/* Size of above array */
	size_t client_sigalgslen;
576
	/* Signature algorithms shared by client and server: cached
577
	 * because these are used most often.
578 579 580
	 */
	TLS_SIGALGS *shared_sigalgs;
	size_t shared_sigalgslen;
581

582 583 584 585 586 587 588 589 590 591
	/* Certificate setup callback: if set is called whenever a
	 * certificate may be required (client or server). the callback
	 * can then examine any appropriate parameters and setup any
	 * certificates required. This allows advanced applications
	 * to select certificates on the fly: for example based on
	 * supported signature algorithms or curves.
	 */
	int (*cert_cb)(SSL *ssl, void *arg);
	void *cert_cb_arg;

592 593 594 595 596 597
	/* Optional X509_STORE for chain building or certificate validation
	 * If NULL the parent SSL_CTX store is used instead.
	 */
	X509_STORE *chain_store;
	X509_STORE *verify_store;

598 599 600 601
	/* Raw values of the cipher list from a client */
	unsigned char *ciphers_raw;
	size_t ciphers_rawlen;

B
Bodo Möller 已提交
602
	int references; /* >1 only if SSL_copy_session_id is used */
603 604
	} CERT;

605 606

typedef struct sess_cert_st
607 608 609 610 611 612 613 614 615 616 617
	{
	STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */

	/* The 'peer_...' members are used only by clients. */
	int peer_cert_type;

	CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
	CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
	/* Obviously we don't have the private keys of these,
	 * so maybe we shouldn't even use the CERT_PKEY type here. */

618
#ifndef OPENSSL_NO_RSA
619 620
	RSA *peer_rsa_tmp; /* not used for SSL 2 */
#endif
621
#ifndef OPENSSL_NO_DH
622
	DH *peer_dh_tmp; /* not used for SSL 2 */
623
#endif
B
Bodo Möller 已提交
624 625 626
#ifndef OPENSSL_NO_ECDH
	EC_KEY *peer_ecdh_tmp;
#endif
627

628 629
	int references; /* actually always 1 at the moment */
	} SESS_CERT;
630 631 632 633 634 635 636 637 638 639 640 641 642
/* Structure containing decoded values of signature algorithms extension */
struct tls_sigalgs_st
	{
	/* NID of hash algorithm */
	int hash_nid;
	/* NID of signature algorithm */
	int sign_nid;
	/* Combined hash and signature NID */
	int signandhash_nid;
	/* Raw values used in extension */
	unsigned char rsign;
	unsigned char rhash;
	};
643

644 645 646 647 648 649 650 651 652 653 654 655 656 657 658
/*#define MAC_DEBUG	*/

/*#define ERR_DEBUG	*/
/*#define ABORT_DEBUG	*/
/*#define PKT_DEBUG 1   */
/*#define DES_DEBUG	*/
/*#define DES_OFB_DEBUG	*/
/*#define SSL_DEBUG	*/
/*#define RSA_DEBUG	*/ 
/*#define IDEA_DEBUG	*/ 

#define FP_ICC  (int (*)(const void *,const void *))
#define ssl_put_cipher_by_char(ssl,ciph,ptr) \
		((ssl)->method->put_cipher_by_char((ciph),(ptr)))

659 660
/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
 * It is a bit of a mess of functions, but hell, think of it as
U
Ulf Möller 已提交
661
 * an opaque structure :-) */
662 663
typedef struct ssl3_enc_method
	{
B
Bodo Möller 已提交
664 665 666 667 668
	int (*enc)(SSL *, int);
	int (*mac)(SSL *, unsigned char *, int);
	int (*setup_key_block)(SSL *);
	int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
	int (*change_cipher_state)(SSL *, int);
669
	int (*final_finish_mac)(SSL *,  const char *, int, unsigned char *);
670
	int finish_mac_length;
671
	int (*cert_verify_mac)(SSL *, int, unsigned char *);
672 673 674 675
	const char *client_finished_label;
	int client_finished_label_len;
	const char *server_finished_label;
	int server_finished_label_len;
B
Bodo Möller 已提交
676
	int (*alert_value)(int);
677 678 679
	int (*export_keying_material)(SSL *, unsigned char *, size_t,
				      const char *, size_t,
				      const unsigned char *, size_t,
680 681
				      int use_context);
	} SSL3_ENC_METHOD;
682

683
#ifndef OPENSSL_NO_COMP
684
/* Used for holding the relevant compression methods loaded into SSL_CTX */
685 686
typedef struct ssl3_comp_st
	{
U
Ulf Möller 已提交
687
	int comp_id;	/* The identifier byte for this compression type */
688 689 690
	char *name;	/* Text name used for the compression type */
	COMP_METHOD *method; /* The method :-) */
	} SSL3_COMP;
691
#endif
692

693
#ifndef OPENSSL_NO_BUF_FREELISTS
B
Ben Laurie 已提交
694 695 696
typedef struct ssl3_buf_freelist_st
	{
	size_t chunklen;
697
	unsigned int len;
B
Ben Laurie 已提交
698 699 700 701 702 703 704 705 706
	struct ssl3_buf_freelist_entry_st *head;
	} SSL3_BUF_FREELIST;

typedef struct ssl3_buf_freelist_entry_st
	{
	struct ssl3_buf_freelist_entry_st *next;
	} SSL3_BUF_FREELIST_ENTRY;
#endif

707
extern SSL3_ENC_METHOD ssl3_undef_enc_method;
708
OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];
B
Bodo Möller 已提交
709
OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
U
Ulf Möller 已提交
710

711 712 713

SSL_METHOD *ssl_bad_method(int ver);

714 715 716 717
extern SSL3_ENC_METHOD TLSv1_enc_data;
extern SSL3_ENC_METHOD SSLv3_enc_data;
extern SSL3_ENC_METHOD DTLSv1_enc_data;

718 719
#define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
				s_get_meth) \
720
const SSL_METHOD *func_name(void)  \
721
	{ \
722
	static const SSL_METHOD func_name##_data= { \
723
		version, \
724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756
		tls1_new, \
		tls1_clear, \
		tls1_free, \
		s_accept, \
		s_connect, \
		ssl3_read, \
		ssl3_peek, \
		ssl3_write, \
		ssl3_shutdown, \
		ssl3_renegotiate, \
		ssl3_renegotiate_check, \
		ssl3_get_message, \
		ssl3_read_bytes, \
		ssl3_write_bytes, \
		ssl3_dispatch_alert, \
		ssl3_ctrl, \
		ssl3_ctx_ctrl, \
		ssl3_get_cipher_by_char, \
		ssl3_put_cipher_by_char, \
		ssl3_pending, \
		ssl3_num_ciphers, \
		ssl3_get_cipher, \
		s_get_meth, \
		tls1_default_timeout, \
		&TLSv1_enc_data, \
		ssl_undefined_void_function, \
		ssl3_callback_ctrl, \
		ssl3_ctx_callback_ctrl, \
	}; \
	return &func_name##_data; \
	}

#define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \
757
const SSL_METHOD *func_name(void)  \
758
	{ \
759
	static const SSL_METHOD func_name##_data= { \
760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793
		SSL3_VERSION, \
		ssl3_new, \
		ssl3_clear, \
		ssl3_free, \
		s_accept, \
		s_connect, \
		ssl3_read, \
		ssl3_peek, \
		ssl3_write, \
		ssl3_shutdown, \
		ssl3_renegotiate, \
		ssl3_renegotiate_check, \
		ssl3_get_message, \
		ssl3_read_bytes, \
		ssl3_write_bytes, \
		ssl3_dispatch_alert, \
		ssl3_ctrl, \
		ssl3_ctx_ctrl, \
		ssl3_get_cipher_by_char, \
		ssl3_put_cipher_by_char, \
		ssl3_pending, \
		ssl3_num_ciphers, \
		ssl3_get_cipher, \
		s_get_meth, \
		ssl3_default_timeout, \
		&SSLv3_enc_data, \
		ssl_undefined_void_function, \
		ssl3_callback_ctrl, \
		ssl3_ctx_callback_ctrl, \
	}; \
	return &func_name##_data; \
	}

#define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \
794
const SSL_METHOD *func_name(void)  \
795
	{ \
796
	static const SSL_METHOD func_name##_data= { \
797
	TLS1_2_VERSION, \
798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830
	tls1_new, \
	tls1_clear, \
	tls1_free, \
	s_accept, \
	s_connect, \
	ssl23_read, \
	ssl23_peek, \
	ssl23_write, \
	ssl_undefined_function, \
	ssl_undefined_function, \
	ssl_ok, \
	ssl3_get_message, \
	ssl3_read_bytes, \
	ssl3_write_bytes, \
	ssl3_dispatch_alert, \
	ssl3_ctrl, \
	ssl3_ctx_ctrl, \
	ssl23_get_cipher_by_char, \
	ssl23_put_cipher_by_char, \
	ssl_undefined_const_function, \
	ssl23_num_ciphers, \
	ssl23_get_cipher, \
	s_get_meth, \
	ssl23_default_timeout, \
	&ssl3_undef_enc_method, \
	ssl_undefined_void_function, \
	ssl3_callback_ctrl, \
	ssl3_ctx_callback_ctrl, \
	}; \
	return &func_name##_data; \
	}

#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
831
const SSL_METHOD *func_name(void)  \
832
	{ \
833
	static const SSL_METHOD func_name##_data= { \
834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867
		SSL2_VERSION, \
		ssl2_new,	/* local */ \
		ssl2_clear,	/* local */ \
		ssl2_free,	/* local */ \
		s_accept, \
		s_connect, \
		ssl2_read, \
		ssl2_peek, \
		ssl2_write, \
		ssl2_shutdown, \
		ssl_ok,	/* NULL - renegotiate */ \
		ssl_ok,	/* NULL - check renegotiate */ \
		NULL, /* NULL - ssl_get_message */ \
		NULL, /* NULL - ssl_get_record */ \
		NULL, /* NULL - ssl_write_bytes */ \
		NULL, /* NULL - dispatch_alert */ \
		ssl2_ctrl,	/* local */ \
		ssl2_ctx_ctrl,	/* local */ \
		ssl2_get_cipher_by_char, \
		ssl2_put_cipher_by_char, \
		ssl2_pending, \
		ssl2_num_ciphers, \
		ssl2_get_cipher, \
		s_get_meth, \
		ssl2_default_timeout, \
		&ssl3_undef_enc_method, \
		ssl_undefined_void_function, \
		ssl2_callback_ctrl,	/* local */ \
		ssl2_ctx_callback_ctrl,	/* local */ \
	}; \
	return &func_name##_data; \
	}

#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
868
const SSL_METHOD *func_name(void)  \
869
	{ \
870
	static const SSL_METHOD func_name##_data= { \
871 872 873 874 875 876 877 878 879
		DTLS1_VERSION, \
		dtls1_new, \
		dtls1_clear, \
		dtls1_free, \
		s_accept, \
		s_connect, \
		ssl3_read, \
		ssl3_peek, \
		ssl3_write, \
D
Dr. Stephen Henson 已提交
880
		dtls1_shutdown, \
881 882 883 884 885 886
		ssl3_renegotiate, \
		ssl3_renegotiate_check, \
		dtls1_get_message, \
		dtls1_read_bytes, \
		dtls1_write_app_data_bytes, \
		dtls1_dispatch_alert, \
D
Dr. Stephen Henson 已提交
887
		dtls1_ctrl, \
888 889 890 891 892
		ssl3_ctx_ctrl, \
		ssl3_get_cipher_by_char, \
		ssl3_put_cipher_by_char, \
		ssl3_pending, \
		ssl3_num_ciphers, \
A
Andy Polyakov 已提交
893
		dtls1_get_cipher, \
894 895 896 897 898 899 900 901 902 903
		s_get_meth, \
		dtls1_default_timeout, \
		&DTLSv1_enc_data, \
		ssl_undefined_void_function, \
		ssl3_callback_ctrl, \
		ssl3_ctx_callback_ctrl, \
	}; \
	return &func_name##_data; \
	}

904 905 906
void ssl_clear_cipher_ctx(SSL *s);
int ssl_clear_bad_session(SSL *s);
CERT *ssl_cert_new(void);
907
CERT *ssl_cert_dup(CERT *cert);
908
void ssl_cert_set_default_md(CERT *cert);
909
int ssl_cert_inst(CERT **o);
910
void ssl_cert_clear_certs(CERT *c);
911
void ssl_cert_free(CERT *c);
912 913 914
SESS_CERT *ssl_sess_cert_new(void);
void ssl_sess_cert_free(SESS_CERT *sc);
int ssl_set_peer_cert_type(SESS_CERT *c, int type);
915
int ssl_get_new_session(SSL *s, int session);
916
int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
917
int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
D
Dr. Stephen Henson 已提交
918
DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
919
				  ssl_cipher_id);
920 921
int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
			const SSL_CIPHER * const *bp);
B
Ben Laurie 已提交
922 923
STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
					       STACK_OF(SSL_CIPHER) **skp);
924 925
int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
                             int (*put_cb)(const SSL_CIPHER *, unsigned char *));
926
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
B
Ben Laurie 已提交
927 928
					     STACK_OF(SSL_CIPHER) **pref,
					     STACK_OF(SSL_CIPHER) **sorted,
929
					     const char *rule_str, CERT *c);
930
void ssl_update_cache(SSL *s, int mode);
B
Ben Laurie 已提交
931
int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
932
		       const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp);
933 934
int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);
int ssl_cipher_get_cert_index(const SSL_CIPHER *c);
935
const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr);
936 937 938 939
int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain);
int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain);
int ssl_cert_add0_chain_cert(CERT *c, X509 *x);
int ssl_cert_add1_chain_cert(CERT *c, X509 *x);
940
void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg);
941

B
Ben Laurie 已提交
942
int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
943
int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l);
944 945
int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags);
int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref);
946
int ssl_undefined_function(SSL *s);
947
int ssl_undefined_void_function(void);
B
Ben Laurie 已提交
948
int ssl_undefined_const_function(const SSL *s);
949
CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
B
Ben Laurie 已提交
950
unsigned char *ssl_get_authz_data(SSL *s, size_t *authz_length);
951
EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd);
952
int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
953
void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
B
Ben Laurie 已提交
954
STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
955
int ssl_verify_alarm_type(long type);
956
void ssl_load_ciphers(void);
957 958

int ssl2_enc_init(SSL *s, int client);
B
Bodo Möller 已提交
959
int ssl2_generate_key_material(SSL *s);
960 961
void ssl2_enc(SSL *s,int send_data);
void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
962
const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
B
Ben Laurie 已提交
963
int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
964 965
int ssl2_part_read(SSL *s, unsigned long f, int i);
int ssl2_do_write(SSL *s);
966
int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data);
967 968 969
void ssl2_return_error(SSL *s,int reason);
void ssl2_write_error(SSL *s);
int ssl2_num_ciphers(void);
970
const SSL_CIPHER *ssl2_get_cipher(unsigned int u);
971 972 973 974
int	ssl2_new(SSL *s);
void	ssl2_free(SSL *s);
int	ssl2_accept(SSL *s);
int	ssl2_connect(SSL *s);
B
Ben Laurie 已提交
975
int	ssl2_read(SSL *s, void *buf, int len);
976
int	ssl2_peek(SSL *s, void *buf, int len);
B
Ben Laurie 已提交
977
int	ssl2_write(SSL *s, const void *buf, int len);
978 979
int	ssl2_shutdown(SSL *s);
void	ssl2_clear(SSL *s);
980 981
long	ssl2_ctrl(SSL *s,int cmd, long larg, void *parg);
long	ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
982 983
long	ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
long	ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
B
Ben Laurie 已提交
984
int	ssl2_pending(const SSL *s);
985
long	ssl2_default_timeout(void );
986

987
const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
B
Ben Laurie 已提交
988
int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
989 990
void ssl3_init_finished_mac(SSL *s);
int ssl3_send_server_certificate(SSL *s);
991
int ssl3_send_newsession_ticket(SSL *s);
992
int ssl3_send_cert_status(SSL *s);
993
int ssl3_get_finished(SSL *s,int state_a,int state_b);
994 995 996 997 998
int ssl3_setup_key_block(SSL *s);
int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
int ssl3_change_cipher_state(SSL *s,int which);
void ssl3_cleanup_key_block(SSL *s);
int ssl3_do_write(SSL *s,int type);
D
Dr. Stephen Henson 已提交
999
int ssl3_send_alert(SSL *s,int level, int desc);
1000 1001 1002 1003
int ssl3_generate_master_secret(SSL *s, unsigned char *out,
	unsigned char *p, int len);
int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
1004
int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
1005
int ssl3_num_ciphers(void);
1006
const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
1007
int ssl3_renegotiate(SSL *ssl); 
1008
int ssl3_renegotiate_check(SSL *ssl); 
1009
int ssl3_dispatch_alert(SSL *s);
B
Bodo Möller 已提交
1010
int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
B
Ben Laurie 已提交
1011
int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
1012 1013
int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,unsigned char *p);
int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
B
Ben Laurie 已提交
1014
void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
1015
int ssl3_enc(SSL *s, int send_data);
1016
int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
1017
void ssl3_free_digest_list(SSL *s);
1018
unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk);
1019 1020
SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
			       STACK_OF(SSL_CIPHER) *srvr);
1021
int	ssl3_setup_buffers(SSL *s);
B
Ben Laurie 已提交
1022 1023 1024 1025
int	ssl3_setup_read_buffer(SSL *s);
int	ssl3_setup_write_buffer(SSL *s);
int	ssl3_release_read_buffer(SSL *s);
int	ssl3_release_write_buffer(SSL *s);
1026
int	ssl3_digest_cached_records(SSL *s);
1027 1028 1029 1030
int	ssl3_new(SSL *s);
void	ssl3_free(SSL *s);
int	ssl3_accept(SSL *s);
int	ssl3_connect(SSL *s);
B
Ben Laurie 已提交
1031
int	ssl3_read(SSL *s, void *buf, int len);
1032
int	ssl3_peek(SSL *s, void *buf, int len);
B
Ben Laurie 已提交
1033
int	ssl3_write(SSL *s, const void *buf, int len);
1034 1035
int	ssl3_shutdown(SSL *s);
void	ssl3_clear(SSL *s);
1036 1037
long	ssl3_ctrl(SSL *s,int cmd, long larg, void *parg);
long	ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
1038 1039
long	ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
long	ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
B
Ben Laurie 已提交
1040
int	ssl3_pending(const SSL *s);
1041

B
Bodo Möller 已提交
1042 1043
void ssl3_record_sequence_update(unsigned char *seq);
int ssl3_do_change_cipher_spec(SSL *ssl);
1044 1045 1046
long ssl3_default_timeout(void );

int ssl23_num_ciphers(void );
1047
const SSL_CIPHER *ssl23_get_cipher(unsigned int u);
1048 1049 1050 1051
int ssl23_read(SSL *s, void *buf, int len);
int ssl23_peek(SSL *s, void *buf, int len);
int ssl23_write(SSL *s, const void *buf, int len);
int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
1052
const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
1053 1054 1055
long ssl23_default_timeout(void );

long tls1_default_timeout(void);
B
Ben Laurie 已提交
1056 1057 1058 1059 1060 1061 1062 1063 1064 1065
int dtls1_do_write(SSL *s,int type);
int ssl3_read_n(SSL *s, int n, int max, int extend);
int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
int ssl3_do_compress(SSL *ssl);
int ssl3_do_uncompress(SSL *ssl);
int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
	unsigned int len);
unsigned char *dtls1_set_message_header(SSL *s, 
	unsigned char *p, unsigned char mt,	unsigned long len, 
	unsigned long frag_off, unsigned long frag_len);
1066

B
Ben Laurie 已提交
1067 1068
int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
B
Bodo Möller 已提交
1069

1070 1071
int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
1072
unsigned long dtls1_output_cert_chain(SSL *s, CERT_PKEY *cpk);
1073 1074 1075 1076
int dtls1_read_failed(SSL *s, int code);
int dtls1_buffer_message(SSL *s, int ccs);
int dtls1_retransmit_message(SSL *s, unsigned short seq, 
	unsigned long frag_off, int *found);
D
Dr. Stephen Henson 已提交
1077 1078
int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
int dtls1_retransmit_buffered_messages(SSL *s);
1079 1080 1081 1082
void dtls1_clear_record_buffer(SSL *s);
void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr);
void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
void dtls1_reset_seq_numbers(SSL *s, int rw);
1083
long dtls1_default_timeout(void);
D
Dr. Stephen Henson 已提交
1084
struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
D
Dr. Stephen Henson 已提交
1085
int dtls1_check_timeout_num(SSL *s);
D
Dr. Stephen Henson 已提交
1086
int dtls1_handle_timeout(SSL *s);
1087
const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
1088 1089 1090 1091
void dtls1_start_timer(SSL *s);
void dtls1_stop_timer(SSL *s);
int dtls1_is_timer_expired(SSL *s);
void dtls1_double_timeout(SSL *s);
D
Dr. Stephen Henson 已提交
1092
int dtls1_send_newsession_ticket(SSL *s);
D
Dr. Stephen Henson 已提交
1093
unsigned int dtls1_min_mtu(void);
1094 1095

/* some client-only functions */
B
Bodo Möller 已提交
1096 1097 1098
int ssl3_client_hello(SSL *s);
int ssl3_get_server_hello(SSL *s);
int ssl3_get_certificate_request(SSL *s);
1099
int ssl3_get_new_session_ticket(SSL *s);
1100
int ssl3_get_cert_status(SSL *s);
B
Bodo Möller 已提交
1101 1102 1103
int ssl3_get_server_done(SSL *s);
int ssl3_send_client_verify(SSL *s);
int ssl3_send_client_certificate(SSL *s);
1104
int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
B
Bodo Möller 已提交
1105 1106 1107 1108
int ssl3_send_client_key_exchange(SSL *s);
int ssl3_get_key_exchange(SSL *s);
int ssl3_get_server_certificate(SSL *s);
int ssl3_check_cert_and_algorithm(SSL *s);
D
Dr. Stephen Henson 已提交
1109 1110
#ifndef OPENSSL_NO_TLSEXT
int ssl3_check_finished(SSL *s);
B
Ben Laurie 已提交
1111
# ifndef OPENSSL_NO_NEXTPROTONEG
B
Ben Laurie 已提交
1112 1113
int ssl3_send_next_proto(SSL *s);
# endif
D
Dr. Stephen Henson 已提交
1114
#endif
B
Bodo Möller 已提交
1115

1116 1117 1118 1119 1120 1121
int dtls1_client_hello(SSL *s);
int dtls1_send_client_certificate(SSL *s);
int dtls1_send_client_key_exchange(SSL *s);
int dtls1_send_client_verify(SSL *s);

/* some server-only functions */
B
Bodo Möller 已提交
1122 1123 1124 1125 1126 1127 1128 1129 1130 1131
int ssl3_get_client_hello(SSL *s);
int ssl3_send_server_hello(SSL *s);
int ssl3_send_hello_request(SSL *s);
int ssl3_send_server_key_exchange(SSL *s);
int ssl3_send_certificate_request(SSL *s);
int ssl3_send_server_done(SSL *s);
int ssl3_check_client_hello(SSL *s);
int ssl3_get_client_certificate(SSL *s);
int ssl3_get_client_key_exchange(SSL *s);
int ssl3_get_cert_verify(SSL *s);
B
Ben Laurie 已提交
1132
#ifndef OPENSSL_NO_NEXTPROTONEG
B
Ben Laurie 已提交
1133 1134
int ssl3_get_next_proto(SSL *s);
#endif
B
Bodo Möller 已提交
1135

1136 1137 1138 1139 1140 1141 1142
int dtls1_send_hello_request(SSL *s);
int dtls1_send_server_hello(SSL *s);
int dtls1_send_server_certificate(SSL *s);
int dtls1_send_server_key_exchange(SSL *s);
int dtls1_send_certificate_request(SSL *s);
int dtls1_send_server_done(SSL *s);

B
Bodo Möller 已提交
1143

B
Ben Laurie 已提交
1144

1145 1146 1147 1148 1149
int ssl23_accept(SSL *s);
int ssl23_connect(SSL *s);
int ssl23_read_bytes(SSL *s, int n);
int ssl23_write_bytes(SSL *s);

1150 1151 1152
int tls1_new(SSL *s);
void tls1_free(SSL *s);
void tls1_clear(SSL *s);
1153
long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
1154
long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
1155

B
Ben Laurie 已提交
1156 1157 1158 1159 1160 1161
int dtls1_new(SSL *s);
int	dtls1_accept(SSL *s);
int	dtls1_connect(SSL *s);
void dtls1_free(SSL *s);
void dtls1_clear(SSL *s);
long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg);
D
Dr. Stephen Henson 已提交
1162
int dtls1_shutdown(SSL *s);
B
Ben Laurie 已提交
1163 1164 1165 1166 1167 1168 1169 1170

long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
int dtls1_get_record(SSL *s);
int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
	unsigned int len, int create_empty_fragement);
int dtls1_dispatch_alert(SSL *s);
int dtls1_enc(SSL *s, int snd);

1171
int ssl_init_wbio_buffer(SSL *s, int push);
1172
void ssl_free_wbio_buffer(SSL *s);
1173 1174 1175 1176

int tls1_change_cipher_state(SSL *s, int which);
int tls1_setup_key_block(SSL *s);
int tls1_enc(SSL *s, int snd);
1177
int tls1_final_finish_mac(SSL *s,
B
Bodo Möller 已提交
1178
	const char *str, int slen, unsigned char *p);
1179
int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
1180 1181 1182
int tls1_mac(SSL *ssl, unsigned char *md, int snd);
int tls1_generate_master_secret(SSL *s, unsigned char *out,
	unsigned char *p, int len);
1183 1184 1185
int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
	const char *label, size_t llen,
	const unsigned char *p, size_t plen, int use_context);
1186 1187
int tls1_alert_code(int code);
int ssl3_alert_code(int code);
1188
int ssl_ok(SSL *s);
1189

1190
#ifndef OPENSSL_NO_ECDH
1191
int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
1192
#endif
B
Bodo Möller 已提交
1193

B
Ben Laurie 已提交
1194
SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
1195

1196 1197 1198
#ifndef OPENSSL_NO_EC
int tls1_ec_curve_id2nid(int curve_id);
int tls1_ec_nid2curve_id(int nid);
1199
int tls1_check_curve(SSL *s, const unsigned char *p, size_t len);
1200 1201 1202 1203 1204
int tls1_shared_curve(SSL *s, int nmatch);
int tls1_set_curves(unsigned char **pext, size_t *pextlen,
			int *curves, size_t ncurves);
int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, 
				const char *str);
1205
int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
1206 1207
#endif /* OPENSSL_NO_EC */

1208
#ifndef OPENSSL_NO_TLSEXT
1209 1210 1211 1212
int tls1_shared_list(SSL *s,
			const unsigned char *l1, size_t l1len,
			const unsigned char *l2, size_t l2len,
			int nmatch);
1213 1214
unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 
unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 
1215
int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n);
1216
int ssl_check_clienthello_tlsext_late(SSL *s);
1217
int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n);
1218 1219
int ssl_prepare_clienthello_tlsext(SSL *s);
int ssl_prepare_serverhello_tlsext(SSL *s);
D
Dr. Stephen Henson 已提交
1220

B
Ben Laurie 已提交
1221 1222 1223 1224 1225
/* server only */
int tls1_send_server_supplemental_data(SSL *s);
/* client only */
int tls1_get_server_supplemental_data(SSL *s);

D
Dr. Stephen Henson 已提交
1226 1227 1228 1229 1230 1231 1232
#ifndef OPENSSL_NO_HEARTBEATS
int tls1_heartbeat(SSL *s);
int dtls1_heartbeat(SSL *s);
int tls1_process_heartbeat(SSL *s);
int dtls1_process_heartbeat(SSL *s);
#endif

1233 1234 1235 1236 1237
#ifdef OPENSSL_NO_SHA256
#define tlsext_tick_md	EVP_sha1
#else
#define tlsext_tick_md	EVP_sha256
#endif
1238 1239
int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
				const unsigned char *limit, SSL_SESSION **ret);
1240 1241 1242 1243 1244 1245

int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
				const EVP_MD *md);
int tls12_get_sigid(const EVP_PKEY *pk);
const EVP_MD *tls12_get_hash(unsigned char hash_alg);

1246 1247
int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client);
1248 1249 1250
int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
								int idx);
void tls1_set_cert_validity(SSL *s);
1251

1252
#endif
1253 1254
EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
1255 1256 1257 1258 1259 1260 1261 1262
int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
					int maxlen);
int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
					  int *al);
int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
					int maxlen);
int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
					  int *al);
1263
long ssl_get_algorithm2(SSL *s);
1264
int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
1265
size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs);
1266 1267
int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
				const unsigned char *sig, EVP_PKEY *pkey);
1268
void ssl_set_client_disabled(SSL *s);
1269 1270 1271 1272 1273 1274

int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);
int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al);
int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);
int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al);

B
Ben Laurie 已提交
1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299
/* s3_cbc.c */
void ssl3_cbc_copy_mac(unsigned char* out,
		       const SSL3_RECORD *rec,
		       unsigned md_size);
int ssl3_cbc_remove_padding(const SSL* s,
			    SSL3_RECORD *rec,
			    unsigned block_size,
			    unsigned mac_size);
int tls1_cbc_remove_padding(const SSL* s,
			    SSL3_RECORD *rec,
			    unsigned block_size,
			    unsigned mac_size);
char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
void ssl3_cbc_digest_record(
	const EVP_MD_CTX *ctx,
	unsigned char* md_out,
	size_t* md_out_size,
	const unsigned char header[13],
	const unsigned char *data,
	size_t data_plus_mac_size,
	size_t data_plus_mac_plus_padding_size,
	const unsigned char *mac_secret,
	unsigned mac_secret_length,
	char is_sslv3);

1300 1301 1302 1303
void tls_fips_digest_extra(
	const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
	const unsigned char *data, size_t data_len, size_t orig_len);

1304
#endif