aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssl/ssl
diff options
context:
space:
mode:
authorcvs2svn <cvs2svn@FreeBSD.org>2002-08-05 16:25:18 +0000
committercvs2svn <cvs2svn@FreeBSD.org>2002-08-05 16:25:18 +0000
commitb511ae2f1f196288ae21fd8ef86946e50dacbbcd (patch)
treec77ed69a9d89e7b50ec49f9e17f03e1daaf0c328 /crypto/openssl/ssl
parentb1357e1cec95464ca388f5ea85e0b24cfac69efc (diff)
This commit was manufactured by cvs2svn to create tagvendor/openssl/0.9.6e-asn1-patch
'openssl-vendor-crypto-v0_9_6e_asn1_patch'.
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=101386 svn path=/vendor-crypto/openssl/0.9.6e-asn1-patch/; revision=101388; tag=vendor/openssl/0.9.6e-asn1-patch
Diffstat (limited to 'crypto/openssl/ssl')
-rw-r--r--crypto/openssl/ssl/Makefile.save884
-rw-r--r--crypto/openssl/ssl/Makefile.ssl889
-rw-r--r--crypto/openssl/ssl/bio_ssl.c586
-rw-r--r--crypto/openssl/ssl/s23_clnt.c475
-rw-r--r--crypto/openssl/ssl/s23_lib.c236
-rw-r--r--crypto/openssl/ssl/s23_meth.c92
-rw-r--r--crypto/openssl/ssl/s23_pkt.c170
-rw-r--r--crypto/openssl/ssl/s23_srvr.c645
-rw-r--r--crypto/openssl/ssl/s2_clnt.c1069
-rw-r--r--crypto/openssl/ssl/s2_enc.c187
-rw-r--r--crypto/openssl/ssl/s2_lib.c496
-rw-r--r--crypto/openssl/ssl/s2_meth.c95
-rw-r--r--crypto/openssl/ssl/s2_pkt.c734
-rw-r--r--crypto/openssl/ssl/s2_srvr.c1088
-rw-r--r--crypto/openssl/ssl/s3_both.c604
-rw-r--r--crypto/openssl/ssl/s3_clnt.c1811
-rw-r--r--crypto/openssl/ssl/s3_enc.c671
-rw-r--r--crypto/openssl/ssl/s3_lib.c1386
-rw-r--r--crypto/openssl/ssl/s3_meth.c88
-rw-r--r--crypto/openssl/ssl/s3_pkt.c1274
-rw-r--r--crypto/openssl/ssl/s3_srvr.c1864
-rw-r--r--crypto/openssl/ssl/ssl.h1641
-rw-r--r--crypto/openssl/ssl/ssl2.h269
-rw-r--r--crypto/openssl/ssl/ssl23.h83
-rw-r--r--crypto/openssl/ssl/ssl3.h492
-rw-r--r--crypto/openssl/ssl/ssl_algs.c107
-rw-r--r--crypto/openssl/ssl/ssl_asn1.c351
-rw-r--r--crypto/openssl/ssl/ssl_cert.c761
-rw-r--r--crypto/openssl/ssl/ssl_ciph.c1071
-rw-r--r--crypto/openssl/ssl/ssl_err.c440
-rw-r--r--crypto/openssl/ssl/ssl_err2.c70
-rw-r--r--crypto/openssl/ssl/ssl_lib.c2090
-rw-r--r--crypto/openssl/ssl/ssl_locl.h610
-rw-r--r--crypto/openssl/ssl/ssl_rsa.c815
-rw-r--r--crypto/openssl/ssl/ssl_sess.c683
-rw-r--r--crypto/openssl/ssl/ssl_stat.c502
-rw-r--r--crypto/openssl/ssl/ssl_task.c369
-rw-r--r--crypto/openssl/ssl/ssl_txt.c174
-rw-r--r--crypto/openssl/ssl/ssltest.c1377
-rw-r--r--crypto/openssl/ssl/t1_clnt.c90
-rw-r--r--crypto/openssl/ssl/t1_enc.c721
-rw-r--r--crypto/openssl/ssl/t1_lib.c149
-rw-r--r--crypto/openssl/ssl/t1_meth.c88
-rw-r--r--crypto/openssl/ssl/t1_srvr.c91
-rw-r--r--crypto/openssl/ssl/tls1.h164
45 files changed, 0 insertions, 28552 deletions
diff --git a/crypto/openssl/ssl/Makefile.save b/crypto/openssl/ssl/Makefile.save
deleted file mode 100644
index 61b9cee090b6..000000000000
--- a/crypto/openssl/ssl/Makefile.save
+++ /dev/null
@@ -1,884 +0,0 @@
-#
-# SSLeay/ssl/Makefile
-#
-
-DIR= ssl
-TOP= ..
-CC= cc
-INCLUDES= -I../crypto -I../include
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR= /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKE= make -f Makefile.ssl
-MAKEDEPEND= $(TOP)/util/domd $(TOP)
-MAKEFILE= Makefile.ssl
-AR= ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile README ssl-lib.com install.com
-TEST=ssltest.c
-APPS=
-
-LIB=$(TOP)/libssl.a
-LIBSRC= \
- s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c \
- s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c \
- s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c \
- t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c \
- ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
- ssl_ciph.c ssl_stat.c ssl_rsa.c \
- ssl_asn1.c ssl_txt.c ssl_algs.c \
- bio_ssl.c ssl_err.c
-LIBOBJ= \
- s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o \
- s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o \
- s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o \
- t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o \
- ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
- ssl_ciph.o ssl_stat.o ssl_rsa.o \
- ssl_asn1.o ssl_txt.o ssl_algs.o \
- bio_ssl.o ssl_err.o
-
-SRC= $(LIBSRC)
-
-EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h tls1.h
-HEADER= $(EXHEADER) ssl_locl.h
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- (cd ..; $(MAKE) DIRS=$(DIR) all)
-
-all: lib
-
-lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
- @echo You may get an error following this line. Please ignore.
- - $(RANLIB) $(LIB)
- @touch lib
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
-
-links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
- @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
- @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
- @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
-
-install:
- @for i in $(EXHEADER) ; \
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-
-tags:
- ctags $(SRC)
-
-tests:
-
-lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-bio_ssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-bio_ssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-bio_ssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-bio_ssl.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-bio_ssl.o: ../include/openssl/des.h ../include/openssl/dh.h
-bio_ssl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-bio_ssl.o: ../include/openssl/err.h ../include/openssl/evp.h
-bio_ssl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-bio_ssl.o: ../include/openssl/md2.h ../include/openssl/md4.h
-bio_ssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-bio_ssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-bio_ssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-bio_ssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-bio_ssl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-bio_ssl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-bio_ssl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-bio_ssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-bio_ssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-bio_ssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-bio_ssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-bio_ssl.o: ../include/openssl/x509_vfy.h
-s23_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s23_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s23_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s23_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
-s23_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s23_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s23_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s23_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s23_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s23_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s23_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s23_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s23_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s23_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s23_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s23_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s23_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s23_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s23_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s23_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s23_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h
-s23_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s23_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s23_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s23_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
-s23_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s23_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s23_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s23_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s23_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s23_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s23_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s23_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s23_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s23_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s23_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s23_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s23_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s23_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s23_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s23_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s23_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s23_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s23_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s23_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
-s23_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s23_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s23_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s23_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s23_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s23_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s23_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s23_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s23_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s23_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s23_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s23_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s23_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s23_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s23_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s23_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s23_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s23_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s23_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s23_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h
-s23_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s23_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s23_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s23_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s23_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s23_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s23_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s23_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s23_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s23_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s23_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s23_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s23_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s23_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s23_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s23_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s23_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s23_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s23_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s23_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
-s23_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s23_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s23_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s23_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s23_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s23_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s23_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s23_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s23_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s23_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s23_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s23_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s23_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s23_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s23_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s23_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h
-s2_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
-s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s2_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s2_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h
-s2_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s2_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_enc.o: ../include/openssl/des.h ../include/openssl/dh.h
-s2_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s2_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s2_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s2_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
-s2_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s2_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s2_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s2_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s2_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
-s2_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s2_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s2_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s2_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s2_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s2_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h
-s2_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s2_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s2_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
-s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s2_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s2_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h
-s3_both.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_both.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s3_both.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s3_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_both.o: ../include/openssl/des.h ../include/openssl/dh.h
-s3_both.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s3_both.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_both.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s3_both.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_both.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s3_both.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s3_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_both.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_both.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s3_both.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s3_both.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s3_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_both.o: ../include/openssl/x509_vfy.h ssl_locl.h
-s3_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s3_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
-s3_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s3_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s3_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s3_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s3_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h
-s3_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s3_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s3_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_enc.o: ../include/openssl/des.h ../include/openssl/dh.h
-s3_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s3_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s3_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s3_enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s3_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s3_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s3_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s3_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s3_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s3_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s3_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
-s3_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s3_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s3_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s3_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s3_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s3_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s3_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s3_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s3_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s3_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s3_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
-s3_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s3_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s3_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s3_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s3_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s3_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s3_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s3_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s3_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s3_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s3_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h
-s3_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s3_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s3_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s3_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s3_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s3_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s3_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s3_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
-s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s3_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s3_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s3_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_algs.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_algs.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_algs.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_algs.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_algs.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssl_algs.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-ssl_algs.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_algs.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_algs.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_algs.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssl_algs.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssl_algs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_algs.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ssl_algs.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_algs.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_algs.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_algs.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_algs.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_asn1.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
-ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-ssl_asn1.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ssl_asn1.o: ../include/openssl/cast.h ../include/openssl/comp.h
-ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/des.h
-ssl_asn1.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_asn1.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ssl_asn1.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ssl_asn1.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ssl_asn1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-ssl_asn1.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ssl_asn1.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_cert.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_cert.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_cert.o: ../include/openssl/comp.h ../include/openssl/conf.h
-ssl_cert.o: ../include/openssl/crypto.h ../include/openssl/des.h
-ssl_cert.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_cert.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-ssl_cert.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-ssl_cert.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_cert.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ssl_cert.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ssl_cert.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ssl_cert.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_cert.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_cert.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_cert.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-ssl_cert.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ssl_cert.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ssl_cert.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_cert.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_cert.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_cert.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_cert.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_cert.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
-ssl_cert.o: ssl_locl.h
-ssl_ciph.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_ciph.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_ciph.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_ciph.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_ciph.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssl_ciph.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-ssl_ciph.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_ciph.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_ciph.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_ciph.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssl_ciph.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssl_ciph.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_ciph.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ssl_ciph.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_ciph.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_ciph.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_ciph.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_ciph.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_ciph.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_ciph.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_ciph.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_err.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_err.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_err.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_err.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssl_err.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-ssl_err.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_err.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ssl_err.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ssl_err.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ssl_err.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_err.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_err.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_err.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-ssl_err.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ssl_err.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ssl_err.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_err.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_err.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_err.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_err.o: ../include/openssl/x509_vfy.h
-ssl_err2.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_err2.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_err2.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_err2.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_err2.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssl_err2.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-ssl_err2.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_err2.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ssl_err2.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ssl_err2.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ssl_err2.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_err2.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_err2.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_err2.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-ssl_err2.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ssl_err2.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ssl_err2.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_err2.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_err2.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_err2.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_err2.o: ../include/openssl/x509_vfy.h
-ssl_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h
-ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
-ssl_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_lib.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-ssl_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssl_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssl_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ssl_lib.o: ../include/openssl/x509v3.h ssl_locl.h
-ssl_rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_rsa.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_rsa.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssl_rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-ssl_rsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssl_rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssl_rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ssl_rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_rsa.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_sess.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_sess.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_sess.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_sess.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_sess.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssl_sess.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ssl_sess.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-ssl_sess.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ssl_sess.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_sess.o: ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_stat.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_stat.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_stat.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_stat.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_stat.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssl_stat.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-ssl_stat.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_stat.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_stat.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_stat.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssl_stat.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssl_stat.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_stat.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ssl_stat.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_stat.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_stat.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_stat.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_stat.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_stat.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_stat.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_txt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_txt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_txt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_txt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_txt.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssl_txt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-ssl_txt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_txt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_txt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_txt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssl_txt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssl_txt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_txt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ssl_txt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_txt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_txt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_txt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_txt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_txt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_txt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-t1_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-t1_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-t1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
-t1_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-t1_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-t1_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-t1_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-t1_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-t1_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-t1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-t1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-t1_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-t1_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-t1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-t1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-t1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h
-t1_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-t1_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-t1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_enc.o: ../include/openssl/des.h ../include/openssl/dh.h
-t1_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-t1_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-t1_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-t1_enc.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-t1_enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
-t1_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-t1_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-t1_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-t1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-t1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-t1_enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-t1_enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-t1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-t1_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-t1_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-t1_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_enc.o: ../include/openssl/x509_vfy.h ssl_locl.h
-t1_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-t1_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-t1_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
-t1_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-t1_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-t1_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
-t1_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-t1_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
-t1_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-t1_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-t1_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-t1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-t1_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-t1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-t1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-t1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-t1_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-t1_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-t1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
-t1_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-t1_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-t1_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
-t1_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-t1_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h
-t1_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-t1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-t1_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-t1_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-t1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-t1_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-t1_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-t1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
-t1_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-t1_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-t1_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
-t1_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-t1_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
-t1_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-t1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-t1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-t1_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-t1_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-t1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-t1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-t1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h
diff --git a/crypto/openssl/ssl/Makefile.ssl b/crypto/openssl/ssl/Makefile.ssl
deleted file mode 100644
index 4b8053ace67c..000000000000
--- a/crypto/openssl/ssl/Makefile.ssl
+++ /dev/null
@@ -1,889 +0,0 @@
-#
-# SSLeay/ssl/Makefile
-#
-
-DIR= ssl
-TOP= ..
-CC= cc
-INCLUDES= -I../crypto -I../include
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR= /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKE= make -f Makefile.ssl
-MAKEDEPEND= $(TOP)/util/domd $(TOP)
-MAKEFILE= Makefile.ssl
-AR= ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile README ssl-lib.com install.com
-TEST=ssltest.c
-APPS=
-
-LIB=$(TOP)/libssl.a
-LIBSRC= \
- s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c \
- s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c \
- s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c \
- t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c \
- ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
- ssl_ciph.c ssl_stat.c ssl_rsa.c \
- ssl_asn1.c ssl_txt.c ssl_algs.c \
- bio_ssl.c ssl_err.c
-LIBOBJ= \
- s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o \
- s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o \
- s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o \
- t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o \
- ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
- ssl_ciph.o ssl_stat.o ssl_rsa.o \
- ssl_asn1.o ssl_txt.o ssl_algs.o \
- bio_ssl.o ssl_err.o
-
-SRC= $(LIBSRC)
-
-EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h tls1.h
-HEADER= $(EXHEADER) ssl_locl.h
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- (cd ..; $(MAKE) DIRS=$(DIR) all)
-
-all: lib
-
-lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
- @echo You may get an error following this line. Please ignore.
- - $(RANLIB) $(LIB)
- @touch lib
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
-
-links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
- @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
- @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
- @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
-
-install:
- @for i in $(EXHEADER) ; \
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-
-tags:
- ctags $(SRC)
-
-tests:
-
-lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-bio_ssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-bio_ssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-bio_ssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-bio_ssl.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-bio_ssl.o: ../include/openssl/des.h ../include/openssl/dh.h
-bio_ssl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-bio_ssl.o: ../include/openssl/err.h ../include/openssl/evp.h
-bio_ssl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-bio_ssl.o: ../include/openssl/md2.h ../include/openssl/md4.h
-bio_ssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-bio_ssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-bio_ssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-bio_ssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-bio_ssl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-bio_ssl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-bio_ssl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-bio_ssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-bio_ssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-bio_ssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-bio_ssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-bio_ssl.o: ../include/openssl/x509_vfy.h
-s23_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s23_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s23_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s23_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
-s23_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s23_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s23_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s23_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s23_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s23_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s23_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s23_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s23_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s23_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s23_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s23_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s23_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s23_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s23_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s23_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s23_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h
-s23_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s23_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s23_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s23_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
-s23_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s23_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s23_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s23_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s23_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s23_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s23_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s23_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s23_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s23_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s23_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s23_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s23_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s23_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s23_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s23_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s23_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s23_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s23_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s23_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
-s23_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s23_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s23_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s23_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s23_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s23_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s23_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s23_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s23_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s23_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s23_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s23_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s23_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s23_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s23_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s23_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s23_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s23_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s23_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s23_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h
-s23_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s23_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s23_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s23_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s23_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s23_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s23_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s23_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s23_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s23_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s23_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s23_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s23_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s23_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s23_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s23_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s23_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s23_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s23_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s23_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
-s23_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s23_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s23_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s23_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s23_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s23_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s23_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s23_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s23_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s23_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s23_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s23_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s23_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s23_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s23_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s23_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h
-s2_clnt.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
-s2_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-s2_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s2_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
-s2_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
-s2_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s2_clnt.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s2_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s2_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h
-s2_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s2_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_enc.o: ../include/openssl/des.h ../include/openssl/dh.h
-s2_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s2_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s2_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s2_lib.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
-s2_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-s2_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s2_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
-s2_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
-s2_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s2_lib.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s2_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s2_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s2_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s2_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
-s2_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s2_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s2_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s2_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s2_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s2_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h
-s2_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s2_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s2_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s2_srvr.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
-s2_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-s2_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s2_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
-s2_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
-s2_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s2_srvr.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s2_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s2_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h
-s3_both.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_both.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s3_both.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s3_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_both.o: ../include/openssl/des.h ../include/openssl/dh.h
-s3_both.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s3_both.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_both.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s3_both.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_both.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s3_both.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s3_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_both.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_both.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s3_both.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s3_both.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s3_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_both.o: ../include/openssl/x509_vfy.h ssl_locl.h
-s3_clnt.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
-s3_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s3_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
-s3_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
-s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s3_clnt.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-s3_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s3_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s3_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s3_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h
-s3_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s3_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s3_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_enc.o: ../include/openssl/des.h ../include/openssl/dh.h
-s3_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s3_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s3_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s3_enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s3_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s3_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s3_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s3_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s3_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s3_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s3_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
-s3_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s3_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s3_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s3_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s3_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s3_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s3_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s3_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s3_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s3_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s3_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
-s3_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s3_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s3_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s3_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s3_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s3_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s3_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s3_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s3_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s3_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s3_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h
-s3_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-s3_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s3_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s3_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s3_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s3_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s3_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s3_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-s3_srvr.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
-s3_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s3_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
-s3_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
-s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s3_srvr.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s3_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s3_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s3_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_algs.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_algs.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_algs.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_algs.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_algs.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssl_algs.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-ssl_algs.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_algs.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_algs.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_algs.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssl_algs.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssl_algs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_algs.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ssl_algs.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_algs.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_algs.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_algs.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_algs.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_asn1.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
-ssl_asn1.o: ../include/openssl/asn1_mac.h ../include/openssl/bio.h
-ssl_asn1.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_asn1.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_asn1.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_asn1.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssl_asn1.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-ssl_asn1.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ssl_asn1.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ssl_asn1.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ssl_asn1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-ssl_asn1.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ssl_asn1.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_cert.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_cert.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_cert.o: ../include/openssl/comp.h ../include/openssl/conf.h
-ssl_cert.o: ../include/openssl/crypto.h ../include/openssl/des.h
-ssl_cert.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_cert.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-ssl_cert.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_cert.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_cert.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_cert.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssl_cert.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssl_cert.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_cert.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ssl_cert.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_cert.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_cert.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_cert.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_cert.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_cert.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_cert.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_cert.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ssl_cert.o: ../include/openssl/x509v3.h ssl_locl.h
-ssl_ciph.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_ciph.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_ciph.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_ciph.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_ciph.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssl_ciph.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-ssl_ciph.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_ciph.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_ciph.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_ciph.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssl_ciph.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssl_ciph.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_ciph.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ssl_ciph.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_ciph.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_ciph.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_ciph.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_ciph.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_ciph.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_ciph.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_ciph.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_err.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_err.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_err.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_err.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssl_err.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-ssl_err.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_err.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ssl_err.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ssl_err.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ssl_err.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_err.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_err.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_err.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-ssl_err.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ssl_err.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ssl_err.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_err.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_err.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_err.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_err.o: ../include/openssl/x509_vfy.h
-ssl_err2.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_err2.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_err2.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_err2.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_err2.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssl_err2.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-ssl_err2.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_err2.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ssl_err2.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ssl_err2.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ssl_err2.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_err2.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_err2.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_err2.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-ssl_err2.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ssl_err2.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ssl_err2.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_err2.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_err2.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_err2.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_err2.o: ../include/openssl/x509_vfy.h
-ssl_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h
-ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
-ssl_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_lib.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_lib.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ssl_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ssl_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ssl_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-ssl_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ssl_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ssl_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h ssl_locl.h
-ssl_rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_rsa.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_rsa.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssl_rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-ssl_rsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssl_rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssl_rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ssl_rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_rsa.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_sess.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
-ssl_sess.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-ssl_sess.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ssl_sess.o: ../include/openssl/cast.h ../include/openssl/comp.h
-ssl_sess.o: ../include/openssl/crypto.h ../include/openssl/des.h
-ssl_sess.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_sess.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_sess.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_sess.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssl_sess.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ssl_sess.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-ssl_sess.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ssl_sess.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_sess.o: ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_stat.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_stat.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_stat.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_stat.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_stat.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssl_stat.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-ssl_stat.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_stat.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_stat.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_stat.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssl_stat.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssl_stat.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_stat.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ssl_stat.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_stat.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_stat.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_stat.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_stat.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_stat.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_stat.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_txt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_txt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_txt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_txt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_txt.o: ../include/openssl/des.h ../include/openssl/dh.h
-ssl_txt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-ssl_txt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_txt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_txt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_txt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssl_txt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssl_txt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_txt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ssl_txt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_txt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_txt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_txt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_txt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_txt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_txt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-t1_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-t1_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-t1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
-t1_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-t1_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-t1_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-t1_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-t1_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-t1_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-t1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-t1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-t1_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-t1_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-t1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-t1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-t1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h
-t1_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-t1_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-t1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_enc.o: ../include/openssl/des.h ../include/openssl/dh.h
-t1_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-t1_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-t1_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-t1_enc.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-t1_enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
-t1_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-t1_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-t1_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-t1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-t1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-t1_enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-t1_enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-t1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-t1_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-t1_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-t1_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_enc.o: ../include/openssl/x509_vfy.h ssl_locl.h
-t1_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-t1_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-t1_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
-t1_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-t1_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-t1_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
-t1_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-t1_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
-t1_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-t1_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-t1_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-t1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-t1_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-t1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-t1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-t1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-t1_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-t1_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-t1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
-t1_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-t1_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-t1_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
-t1_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-t1_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h
-t1_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-t1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-t1_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-t1_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-t1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-t1_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-t1_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-t1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
-t1_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-t1_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-t1_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
-t1_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-t1_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
-t1_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-t1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-t1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-t1_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-t1_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-t1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-t1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-t1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h
diff --git a/crypto/openssl/ssl/bio_ssl.c b/crypto/openssl/ssl/bio_ssl.c
deleted file mode 100644
index d85555a7e697..000000000000
--- a/crypto/openssl/ssl/bio_ssl.c
+++ /dev/null
@@ -1,586 +0,0 @@
-/* ssl/bio_ssl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <openssl/crypto.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-static int ssl_write(BIO *h, const char *buf, int num);
-static int ssl_read(BIO *h, char *buf, int size);
-static int ssl_puts(BIO *h, const char *str);
-static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int ssl_new(BIO *h);
-static int ssl_free(BIO *data);
-static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-typedef struct bio_ssl_st
- {
- SSL *ssl; /* The ssl handle :-) */
- /* re-negotiate every time the total number of bytes is this size */
- int num_renegotiates;
- unsigned long renegotiate_count;
- unsigned long byte_count;
- unsigned long renegotiate_timeout;
- unsigned long last_time;
- } BIO_SSL;
-
-static BIO_METHOD methods_sslp=
- {
- BIO_TYPE_SSL,"ssl",
- ssl_write,
- ssl_read,
- ssl_puts,
- NULL, /* ssl_gets, */
- ssl_ctrl,
- ssl_new,
- ssl_free,
- ssl_callback_ctrl,
- };
-
-BIO_METHOD *BIO_f_ssl(void)
- {
- return(&methods_sslp);
- }
-
-static int ssl_new(BIO *bi)
- {
- BIO_SSL *bs;
-
- bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
- if (bs == NULL)
- {
- BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- memset(bs,0,sizeof(BIO_SSL));
- bi->init=0;
- bi->ptr=(char *)bs;
- bi->flags=0;
- return(1);
- }
-
-static int ssl_free(BIO *a)
- {
- BIO_SSL *bs;
-
- if (a == NULL) return(0);
- bs=(BIO_SSL *)a->ptr;
- if (bs->ssl != NULL) SSL_shutdown(bs->ssl);
- if (a->shutdown)
- {
- if (a->init && (bs->ssl != NULL))
- SSL_free(bs->ssl);
- a->init=0;
- a->flags=0;
- }
- if (a->ptr != NULL)
- OPENSSL_free(a->ptr);
- return(1);
- }
-
-static int ssl_read(BIO *b, char *out, int outl)
- {
- int ret=1;
- BIO_SSL *sb;
- SSL *ssl;
- int retry_reason=0;
- int r=0;
-
- if (out == NULL) return(0);
- sb=(BIO_SSL *)b->ptr;
- ssl=sb->ssl;
-
- BIO_clear_retry_flags(b);
-
-#if 0
- if (!SSL_is_init_finished(ssl))
- {
-/* ret=SSL_do_handshake(ssl); */
- if (ret > 0)
- {
-
- outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
- ret= -1;
- goto end;
- }
- }
-#endif
-/* if (ret > 0) */
- ret=SSL_read(ssl,out,outl);
-
- switch (SSL_get_error(ssl,ret))
- {
- case SSL_ERROR_NONE:
- if (ret <= 0) break;
- if (sb->renegotiate_count > 0)
- {
- sb->byte_count+=ret;
- if (sb->byte_count > sb->renegotiate_count)
- {
- sb->byte_count=0;
- sb->num_renegotiates++;
- SSL_renegotiate(ssl);
- r=1;
- }
- }
- if ((sb->renegotiate_timeout > 0) && (!r))
- {
- unsigned long tm;
-
- tm=(unsigned long)time(NULL);
- if (tm > sb->last_time+sb->renegotiate_timeout)
- {
- sb->last_time=tm;
- sb->num_renegotiates++;
- SSL_renegotiate(ssl);
- }
- }
-
- break;
- case SSL_ERROR_WANT_READ:
- BIO_set_retry_read(b);
- break;
- case SSL_ERROR_WANT_WRITE:
- BIO_set_retry_write(b);
- break;
- case SSL_ERROR_WANT_X509_LOOKUP:
- BIO_set_retry_special(b);
- retry_reason=BIO_RR_SSL_X509_LOOKUP;
- break;
- case SSL_ERROR_WANT_CONNECT:
- BIO_set_retry_special(b);
- retry_reason=BIO_RR_CONNECT;
- break;
- case SSL_ERROR_SYSCALL:
- case SSL_ERROR_SSL:
- case SSL_ERROR_ZERO_RETURN:
- default:
- break;
- }
-
- b->retry_reason=retry_reason;
- return(ret);
- }
-
-static int ssl_write(BIO *b, const char *out, int outl)
- {
- int ret,r=0;
- int retry_reason=0;
- SSL *ssl;
- BIO_SSL *bs;
-
- if (out == NULL) return(0);
- bs=(BIO_SSL *)b->ptr;
- ssl=bs->ssl;
-
- BIO_clear_retry_flags(b);
-
-/* ret=SSL_do_handshake(ssl);
- if (ret > 0) */
- ret=SSL_write(ssl,out,outl);
-
- switch (SSL_get_error(ssl,ret))
- {
- case SSL_ERROR_NONE:
- if (ret <= 0) break;
- if (bs->renegotiate_count > 0)
- {
- bs->byte_count+=ret;
- if (bs->byte_count > bs->renegotiate_count)
- {
- bs->byte_count=0;
- bs->num_renegotiates++;
- SSL_renegotiate(ssl);
- r=1;
- }
- }
- if ((bs->renegotiate_timeout > 0) && (!r))
- {
- unsigned long tm;
-
- tm=(unsigned long)time(NULL);
- if (tm > bs->last_time+bs->renegotiate_timeout)
- {
- bs->last_time=tm;
- bs->num_renegotiates++;
- SSL_renegotiate(ssl);
- }
- }
- break;
- case SSL_ERROR_WANT_WRITE:
- BIO_set_retry_write(b);
- break;
- case SSL_ERROR_WANT_READ:
- BIO_set_retry_read(b);
- break;
- case SSL_ERROR_WANT_X509_LOOKUP:
- BIO_set_retry_special(b);
- retry_reason=BIO_RR_SSL_X509_LOOKUP;
- break;
- case SSL_ERROR_WANT_CONNECT:
- BIO_set_retry_special(b);
- retry_reason=BIO_RR_CONNECT;
- case SSL_ERROR_SYSCALL:
- case SSL_ERROR_SSL:
- default:
- break;
- }
-
- b->retry_reason=retry_reason;
- return(ret);
- }
-
-static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- SSL **sslp,*ssl;
- BIO_SSL *bs;
- BIO *dbio,*bio;
- long ret=1;
-
- bs=(BIO_SSL *)b->ptr;
- ssl=bs->ssl;
- if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
- return(0);
- switch (cmd)
- {
- case BIO_CTRL_RESET:
- SSL_shutdown(ssl);
-
- if (ssl->handshake_func == ssl->method->ssl_connect)
- SSL_set_connect_state(ssl);
- else if (ssl->handshake_func == ssl->method->ssl_accept)
- SSL_set_accept_state(ssl);
-
- SSL_clear(ssl);
-
- if (b->next_bio != NULL)
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- else if (ssl->rbio != NULL)
- ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
- else
- ret=1;
- break;
- case BIO_CTRL_INFO:
- ret=0;
- break;
- case BIO_C_SSL_MODE:
- if (num) /* client mode */
- SSL_set_connect_state(ssl);
- else
- SSL_set_accept_state(ssl);
- break;
- case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
- ret=bs->renegotiate_timeout;
- if (num < 60) num=5;
- bs->renegotiate_timeout=(unsigned long)num;
- bs->last_time=(unsigned long)time(NULL);
- break;
- case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
- ret=bs->renegotiate_count;
- if ((long)num >=512)
- bs->renegotiate_count=(unsigned long)num;
- break;
- case BIO_C_GET_SSL_NUM_RENEGOTIATES:
- ret=bs->num_renegotiates;
- break;
- case BIO_C_SET_SSL:
- if (ssl != NULL)
- ssl_free(b);
- b->shutdown=(int)num;
- ssl=(SSL *)ptr;
- ((BIO_SSL *)b->ptr)->ssl=ssl;
- bio=SSL_get_rbio(ssl);
- if (bio != NULL)
- {
- if (b->next_bio != NULL)
- BIO_push(bio,b->next_bio);
- b->next_bio=bio;
- CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO);
- }
- b->init=1;
- break;
- case BIO_C_GET_SSL:
- if (ptr != NULL)
- {
- sslp=(SSL **)ptr;
- *sslp=ssl;
- }
- else
- ret=0;
- break;
- case BIO_CTRL_GET_CLOSE:
- ret=b->shutdown;
- break;
- case BIO_CTRL_SET_CLOSE:
- b->shutdown=(int)num;
- break;
- case BIO_CTRL_WPENDING:
- ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
- break;
- case BIO_CTRL_PENDING:
- ret=SSL_pending(ssl);
- if (ret == 0)
- ret=BIO_pending(ssl->rbio);
- break;
- case BIO_CTRL_FLUSH:
- BIO_clear_retry_flags(b);
- ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
- BIO_copy_next_retry(b);
- break;
- case BIO_CTRL_PUSH:
- if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio))
- {
- SSL_set_bio(ssl,b->next_bio,b->next_bio);
- CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
- }
- break;
- case BIO_CTRL_POP:
- /* ugly bit of a hack */
- if (ssl->rbio != ssl->wbio) /* we are in trouble :-( */
- {
- BIO_free_all(ssl->wbio);
- }
- ssl->wbio=NULL;
- ssl->rbio=NULL;
- break;
- case BIO_C_DO_STATE_MACHINE:
- BIO_clear_retry_flags(b);
-
- b->retry_reason=0;
- ret=(int)SSL_do_handshake(ssl);
-
- switch (SSL_get_error(ssl,(int)ret))
- {
- case SSL_ERROR_WANT_READ:
- BIO_set_flags(b,
- BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
- break;
- case SSL_ERROR_WANT_WRITE:
- BIO_set_flags(b,
- BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
- break;
- case SSL_ERROR_WANT_CONNECT:
- BIO_set_flags(b,
- BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
- b->retry_reason=b->next_bio->retry_reason;
- break;
- default:
- break;
- }
- break;
- case BIO_CTRL_DUP:
- dbio=(BIO *)ptr;
- if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
- SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
- ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl);
- ((BIO_SSL *)dbio->ptr)->renegotiate_count=
- ((BIO_SSL *)b->ptr)->renegotiate_count;
- ((BIO_SSL *)dbio->ptr)->byte_count=
- ((BIO_SSL *)b->ptr)->byte_count;
- ((BIO_SSL *)dbio->ptr)->renegotiate_timeout=
- ((BIO_SSL *)b->ptr)->renegotiate_timeout;
- ((BIO_SSL *)dbio->ptr)->last_time=
- ((BIO_SSL *)b->ptr)->last_time;
- ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL);
- break;
- case BIO_C_GET_FD:
- ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
- break;
- case BIO_CTRL_SET_CALLBACK:
- {
-#if 0 /* FIXME: Should this be used? -- Richard Levitte */
- BIOerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- ret = -1;
-#else
- ret=0;
-#endif
- }
- break;
- case BIO_CTRL_GET_CALLBACK:
- {
- void (**fptr)();
-
- fptr=(void (**)())ptr;
- *fptr=SSL_get_info_callback(ssl);
- }
- break;
- default:
- ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
- break;
- }
- return(ret);
- }
-
-static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
- {
- SSL *ssl;
- BIO_SSL *bs;
- long ret=1;
-
- bs=(BIO_SSL *)b->ptr;
- ssl=bs->ssl;
- switch (cmd)
- {
- case BIO_CTRL_SET_CALLBACK:
- {
- SSL_set_info_callback(ssl,fp);
- }
- break;
- default:
- ret=BIO_callback_ctrl(ssl->rbio,cmd,fp);
- break;
- }
- return(ret);
- }
-
-static int ssl_puts(BIO *bp, const char *str)
- {
- int n,ret;
-
- n=strlen(str);
- ret=BIO_write(bp,str,n);
- return(ret);
- }
-
-BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
- {
- BIO *ret=NULL,*buf=NULL,*ssl=NULL;
-
- if ((buf=BIO_new(BIO_f_buffer())) == NULL)
- return(NULL);
- if ((ssl=BIO_new_ssl_connect(ctx)) == NULL)
- goto err;
- if ((ret=BIO_push(buf,ssl)) == NULL)
- goto err;
- return(ret);
-err:
- if (buf != NULL) BIO_free(buf);
- if (ssl != NULL) BIO_free(ssl);
- return(NULL);
- }
-
-BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
- {
- BIO *ret=NULL,*con=NULL,*ssl=NULL;
-
- if ((con=BIO_new(BIO_s_connect())) == NULL)
- return(NULL);
- if ((ssl=BIO_new_ssl(ctx,1)) == NULL)
- goto err;
- if ((ret=BIO_push(ssl,con)) == NULL)
- goto err;
- return(ret);
-err:
- if (con != NULL) BIO_free(con);
- if (ret != NULL) BIO_free(ret);
- return(NULL);
- }
-
-BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
- {
- BIO *ret;
- SSL *ssl;
-
- if ((ret=BIO_new(BIO_f_ssl())) == NULL)
- return(NULL);
- if ((ssl=SSL_new(ctx)) == NULL)
- {
- BIO_free(ret);
- return(NULL);
- }
- if (client)
- SSL_set_connect_state(ssl);
- else
- SSL_set_accept_state(ssl);
-
- BIO_set_ssl(ret,ssl,BIO_CLOSE);
- return(ret);
- }
-
-int BIO_ssl_copy_session_id(BIO *t, BIO *f)
- {
- t=BIO_find_type(t,BIO_TYPE_SSL);
- f=BIO_find_type(f,BIO_TYPE_SSL);
- if ((t == NULL) || (f == NULL))
- return(0);
- if ( (((BIO_SSL *)t->ptr)->ssl == NULL) ||
- (((BIO_SSL *)f->ptr)->ssl == NULL))
- return(0);
- SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl);
- return(1);
- }
-
-void BIO_ssl_shutdown(BIO *b)
- {
- SSL *s;
-
- while (b != NULL)
- {
- if (b->method->type == BIO_TYPE_SSL)
- {
- s=((BIO_SSL *)b->ptr)->ssl;
- SSL_shutdown(s);
- break;
- }
- b=b->next_bio;
- }
- }
diff --git a/crypto/openssl/ssl/s23_clnt.c b/crypto/openssl/ssl/s23_clnt.c
deleted file mode 100644
index 2d0eb4a8fff3..000000000000
--- a/crypto/openssl/ssl/s23_clnt.c
+++ /dev/null
@@ -1,475 +0,0 @@
-/* ssl/s23_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include "ssl_locl.h"
-
-static SSL_METHOD *ssl23_get_client_method(int ver);
-static int ssl23_client_hello(SSL *s);
-static int ssl23_get_server_hello(SSL *s);
-static SSL_METHOD *ssl23_get_client_method(int ver)
- {
-#ifndef NO_SSL2
- if (ver == SSL2_VERSION)
- return(SSLv2_client_method());
-#endif
- if (ver == SSL3_VERSION)
- return(SSLv3_client_method());
- else if (ver == TLS1_VERSION)
- return(TLSv1_client_method());
- else
- return(NULL);
- }
-
-SSL_METHOD *SSLv23_client_method(void)
- {
- static int init=1;
- static SSL_METHOD SSLv23_client_data;
-
- if (init)
- {
- memcpy((char *)&SSLv23_client_data,
- (char *)sslv23_base_method(),sizeof(SSL_METHOD));
- SSLv23_client_data.ssl_connect=ssl23_connect;
- SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
- init=0;
- }
- return(&SSLv23_client_data);
- }
-
-int ssl23_connect(SSL *s)
- {
- BUF_MEM *buf;
- unsigned long Time=time(NULL);
- void (*cb)()=NULL;
- int ret= -1;
- int new_state,state;
-
- RAND_add(&Time,sizeof(Time),0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
- for (;;)
- {
- state=s->state;
-
- switch(s->state)
- {
- case SSL_ST_BEFORE:
- case SSL_ST_CONNECT:
- case SSL_ST_BEFORE|SSL_ST_CONNECT:
- case SSL_ST_OK|SSL_ST_CONNECT:
-
- if (s->session != NULL)
- {
- SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE);
- ret= -1;
- goto end;
- }
- s->server=0;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
- /* s->version=TLS1_VERSION; */
- s->type=SSL_ST_CONNECT;
-
- if (s->init_buf == NULL)
- {
- if ((buf=BUF_MEM_new()) == NULL)
- {
- ret= -1;
- goto end;
- }
- if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
- {
- ret= -1;
- goto end;
- }
- s->init_buf=buf;
- }
-
- if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
-
- ssl3_init_finished_mac(s);
-
- s->state=SSL23_ST_CW_CLNT_HELLO_A;
- s->ctx->stats.sess_connect++;
- s->init_num=0;
- break;
-
- case SSL23_ST_CW_CLNT_HELLO_A:
- case SSL23_ST_CW_CLNT_HELLO_B:
-
- s->shutdown=0;
- ret=ssl23_client_hello(s);
- if (ret <= 0) goto end;
- s->state=SSL23_ST_CR_SRVR_HELLO_A;
- s->init_num=0;
-
- break;
-
- case SSL23_ST_CR_SRVR_HELLO_A:
- case SSL23_ST_CR_SRVR_HELLO_B:
- ret=ssl23_get_server_hello(s);
- if (ret >= 0) cb=NULL;
- goto end;
- /* break; */
-
- default:
- SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE);
- ret= -1;
- goto end;
- /* break; */
- }
-
- if (s->debug) { (void)BIO_flush(s->wbio); }
-
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_CONNECT_LOOP,1);
- s->state=new_state;
- }
- }
-end:
- s->in_handshake--;
- if (cb != NULL)
- cb(s,SSL_CB_CONNECT_EXIT,ret);
- return(ret);
- }
-
-
-static int ssl23_client_hello(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
- int i,ch_len;
-
- buf=(unsigned char *)s->init_buf->data;
- if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
- {
-#if 0
- /* don't reuse session-id's */
- if (!ssl_get_new_session(s,0))
- {
- return(-1);
- }
-#endif
-
- p=s->s3->client_random;
- RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE);
-
- /* Do the message type and length last */
- d= &(buf[2]);
- p=d+9;
-
- *(d++)=SSL2_MT_CLIENT_HELLO;
- if (!(s->options & SSL_OP_NO_TLSv1))
- {
- *(d++)=TLS1_VERSION_MAJOR;
- *(d++)=TLS1_VERSION_MINOR;
- s->client_version=TLS1_VERSION;
- }
- else if (!(s->options & SSL_OP_NO_SSLv3))
- {
- *(d++)=SSL3_VERSION_MAJOR;
- *(d++)=SSL3_VERSION_MINOR;
- s->client_version=SSL3_VERSION;
- }
- else if (!(s->options & SSL_OP_NO_SSLv2))
- {
- *(d++)=SSL2_VERSION_MAJOR;
- *(d++)=SSL2_VERSION_MINOR;
- s->client_version=SSL2_VERSION;
- }
- else
- {
- SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE);
- return(-1);
- }
-
- /* Ciphers supported */
- i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p);
- if (i == 0)
- {
- /* no ciphers */
- SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
- return(-1);
- }
- s2n(i,d);
- p+=i;
-
- /* put in the session-id, zero since there is no
- * reuse. */
-#if 0
- s->session->session_id_length=0;
-#endif
- s2n(0,d);
-
- if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
- ch_len=SSL2_CHALLENGE_LENGTH;
- else
- ch_len=SSL2_MAX_CHALLENGE_LENGTH;
-
- /* write out sslv2 challenge */
- if (SSL3_RANDOM_SIZE < ch_len)
- i=SSL3_RANDOM_SIZE;
- else
- i=ch_len;
- s2n(i,d);
- memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
- RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
- memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
- p+=i;
-
- i= p- &(buf[2]);
- buf[0]=((i>>8)&0xff)|0x80;
- buf[1]=(i&0xff);
-
- s->state=SSL23_ST_CW_CLNT_HELLO_B;
- /* number of bytes to write */
- s->init_num=i+2;
- s->init_off=0;
-
- ssl3_finish_mac(s,&(buf[2]),i);
- }
-
- /* SSL3_ST_CW_CLNT_HELLO_B */
- return(ssl23_write_bytes(s));
- }
-
-static int ssl23_get_server_hello(SSL *s)
- {
- char buf[8];
- unsigned char *p;
- int i;
- int n;
-
- n=ssl23_read_bytes(s,7);
-
- if (n != 7) return(n);
- p=s->packet;
-
- memcpy(buf,p,n);
-
- if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
- (p[5] == 0x00) && (p[6] == 0x02))
- {
-#ifdef NO_SSL2
- SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
- goto err;
-#else
- /* we are talking sslv2 */
- /* we need to clean up the SSLv3 setup and put in the
- * sslv2 stuff. */
- int ch_len;
-
- if (s->options & SSL_OP_NO_SSLv2)
- {
- SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
- goto err;
- }
- if (s->s2 == NULL)
- {
- if (!ssl2_new(s))
- goto err;
- }
- else
- ssl2_clear(s);
-
- if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
- ch_len=SSL2_CHALLENGE_LENGTH;
- else
- ch_len=SSL2_MAX_CHALLENGE_LENGTH;
-
- /* write out sslv2 challenge */
- i=(SSL3_RANDOM_SIZE < ch_len)
- ?SSL3_RANDOM_SIZE:ch_len;
- s->s2->challenge_length=i;
- memcpy(s->s2->challenge,
- &(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
-
- if (s->s3 != NULL) ssl3_free(s);
-
- if (!BUF_MEM_grow(s->init_buf,
- SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
- {
- SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
- goto err;
- }
-
- s->state=SSL2_ST_GET_SERVER_HELLO_A;
- if (!(s->client_version == SSL2_VERSION))
- /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
- s->s2->ssl2_rollback=1;
-
- /* setup the 5 bytes we have read so we get them from
- * the sslv2 buffer */
- s->rstate=SSL_ST_READ_HEADER;
- s->packet_length=n;
- s->packet= &(s->s2->rbuf[0]);
- memcpy(s->packet,buf,n);
- s->s2->rbuf_left=n;
- s->s2->rbuf_offs=0;
-
- /* we have already written one */
- s->s2->write_sequence=1;
-
- s->method=SSLv2_client_method();
- s->handshake_func=s->method->ssl_connect;
-#endif
- }
- else if ((p[0] == SSL3_RT_HANDSHAKE) &&
- (p[1] == SSL3_VERSION_MAJOR) &&
- ((p[2] == SSL3_VERSION_MINOR) ||
- (p[2] == TLS1_VERSION_MINOR)) &&
- (p[5] == SSL3_MT_SERVER_HELLO))
- {
- /* we have sslv3 or tls1 */
-
- if (!ssl_init_wbio_buffer(s,1)) goto err;
-
- /* we are in this state */
- s->state=SSL3_ST_CR_SRVR_HELLO_A;
-
- /* put the 5 bytes we have read into the input buffer
- * for SSLv3 */
- s->rstate=SSL_ST_READ_HEADER;
- s->packet_length=n;
- s->packet= &(s->s3->rbuf.buf[0]);
- memcpy(s->packet,buf,n);
- s->s3->rbuf.left=n;
- s->s3->rbuf.offset=0;
-
- if ((p[2] == SSL3_VERSION_MINOR) &&
- !(s->options & SSL_OP_NO_SSLv3))
- {
- s->version=SSL3_VERSION;
- s->method=SSLv3_client_method();
- }
- else if ((p[2] == TLS1_VERSION_MINOR) &&
- !(s->options & SSL_OP_NO_TLSv1))
- {
- s->version=TLS1_VERSION;
- s->method=TLSv1_client_method();
- }
- else
- {
- SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
- goto err;
- }
-
- s->handshake_func=s->method->ssl_connect;
- }
- else if ((p[0] == SSL3_RT_ALERT) &&
- (p[1] == SSL3_VERSION_MAJOR) &&
- ((p[2] == SSL3_VERSION_MINOR) ||
- (p[2] == TLS1_VERSION_MINOR)) &&
- (p[3] == 0) &&
- (p[4] == 2))
- {
- void (*cb)()=NULL;
- int j;
-
- /* An alert */
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- i=p[5];
- if (cb != NULL)
- {
- j=(i<<8)|p[6];
- cb(s,SSL_CB_READ_ALERT,j);
- }
-
- s->rwstate=SSL_NOTHING;
- SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
- goto err;
- }
- else
- {
- SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL);
- goto err;
- }
- s->init_num=0;
-
- /* Since, if we are sending a ssl23 client hello, we are not
- * reusing a session-id */
- if (!ssl_get_new_session(s,0))
- goto err;
-
- s->first_packet=1;
- return(SSL_connect(s));
-err:
- return(-1);
- }
-
diff --git a/crypto/openssl/ssl/s23_lib.c b/crypto/openssl/ssl/s23_lib.c
deleted file mode 100644
index ad2d8dadf755..000000000000
--- a/crypto/openssl/ssl/s23_lib.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/* ssl/s23_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-static int ssl23_num_ciphers(void );
-static SSL_CIPHER *ssl23_get_cipher(unsigned int u);
-static int ssl23_read(SSL *s, void *buf, int len);
-static int ssl23_peek(SSL *s, void *buf, int len);
-static int ssl23_write(SSL *s, const void *buf, int len);
-static long ssl23_default_timeout(void );
-static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
-static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
-const char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT;
-
-static SSL_METHOD SSLv23_data= {
- TLS1_VERSION,
- tls1_new,
- tls1_clear,
- tls1_free,
- ssl_undefined_function,
- ssl_undefined_function,
- ssl23_read,
- ssl23_peek,
- ssl23_write,
- ssl_undefined_function,
- ssl_undefined_function,
- ssl_ok,
- ssl3_ctrl,
- ssl3_ctx_ctrl,
- ssl23_get_cipher_by_char,
- ssl23_put_cipher_by_char,
- ssl_undefined_function,
- ssl23_num_ciphers,
- ssl23_get_cipher,
- ssl_bad_method,
- ssl23_default_timeout,
- &ssl3_undef_enc_method,
- ssl_undefined_function,
- ssl3_callback_ctrl,
- ssl3_ctx_callback_ctrl,
- };
-
-static long ssl23_default_timeout(void)
- {
- return(300);
- }
-
-SSL_METHOD *sslv23_base_method(void)
- {
- return(&SSLv23_data);
- }
-
-static int ssl23_num_ciphers(void)
- {
- return(ssl3_num_ciphers()
-#ifndef NO_SSL2
- + ssl2_num_ciphers()
-#endif
- );
- }
-
-static SSL_CIPHER *ssl23_get_cipher(unsigned int u)
- {
- unsigned int uu=ssl3_num_ciphers();
-
- if (u < uu)
- return(ssl3_get_cipher(u));
- else
-#ifndef NO_SSL2
- return(ssl2_get_cipher(u-uu));
-#else
- return(NULL);
-#endif
- }
-
-/* This function needs to check if the ciphers required are actually
- * available */
-static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
- {
- SSL_CIPHER c,*cp;
- unsigned long id;
- int n;
-
- n=ssl3_num_ciphers();
- id=0x03000000|((unsigned long)p[0]<<16L)|
- ((unsigned long)p[1]<<8L)|(unsigned long)p[2];
- c.id=id;
- cp=ssl3_get_cipher_by_char(p);
-#ifndef NO_SSL2
- if (cp == NULL)
- cp=ssl2_get_cipher_by_char(p);
-#endif
- return(cp);
- }
-
-static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
- {
- long l;
-
- /* We can write SSLv2 and SSLv3 ciphers */
- if (p != NULL)
- {
- l=c->id;
- p[0]=((unsigned char)(l>>16L))&0xFF;
- p[1]=((unsigned char)(l>> 8L))&0xFF;
- p[2]=((unsigned char)(l ))&0xFF;
- }
- return(3);
- }
-
-static int ssl23_read(SSL *s, void *buf, int len)
- {
- int n;
-
- clear_sys_error();
- if (SSL_in_init(s) && (!s->in_handshake))
- {
- n=s->handshake_func(s);
- if (n < 0) return(n);
- if (n == 0)
- {
- SSLerr(SSL_F_SSL23_READ,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
- return(SSL_read(s,buf,len));
- }
- else
- {
- ssl_undefined_function(s);
- return(-1);
- }
- }
-
-static int ssl23_peek(SSL *s, void *buf, int len)
- {
- int n;
-
- clear_sys_error();
- if (SSL_in_init(s) && (!s->in_handshake))
- {
- n=s->handshake_func(s);
- if (n < 0) return(n);
- if (n == 0)
- {
- SSLerr(SSL_F_SSL23_PEEK,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
- return(SSL_peek(s,buf,len));
- }
- else
- {
- ssl_undefined_function(s);
- return(-1);
- }
- }
-
-static int ssl23_write(SSL *s, const void *buf, int len)
- {
- int n;
-
- clear_sys_error();
- if (SSL_in_init(s) && (!s->in_handshake))
- {
- n=s->handshake_func(s);
- if (n < 0) return(n);
- if (n == 0)
- {
- SSLerr(SSL_F_SSL23_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
- return(SSL_write(s,buf,len));
- }
- else
- {
- ssl_undefined_function(s);
- return(-1);
- }
- }
diff --git a/crypto/openssl/ssl/s23_meth.c b/crypto/openssl/ssl/s23_meth.c
deleted file mode 100644
index 40684311db30..000000000000
--- a/crypto/openssl/ssl/s23_meth.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/* ssl/s23_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-static SSL_METHOD *ssl23_get_method(int ver);
-static SSL_METHOD *ssl23_get_method(int ver)
- {
- if (ver == SSL2_VERSION)
- return(SSLv2_method());
- else if (ver == SSL3_VERSION)
- return(SSLv3_method());
- else if (ver == TLS1_VERSION)
- return(TLSv1_method());
- else
- return(NULL);
- }
-
-SSL_METHOD *SSLv23_method(void)
- {
- static int init=1;
- static SSL_METHOD SSLv23_data;
-
- if (init)
- {
- memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(),
- sizeof(SSL_METHOD));
- SSLv23_data.ssl_connect=ssl23_connect;
- SSLv23_data.ssl_accept=ssl23_accept;
- SSLv23_data.get_ssl_method=ssl23_get_method;
- init=0;
- }
- return(&SSLv23_data);
- }
-
diff --git a/crypto/openssl/ssl/s23_pkt.c b/crypto/openssl/ssl/s23_pkt.c
deleted file mode 100644
index a62599cc3e43..000000000000
--- a/crypto/openssl/ssl/s23_pkt.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/* ssl/s23_pkt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include <openssl/evp.h>
-#include <openssl/buffer.h>
-#include "ssl_locl.h"
-
-int ssl23_write_bytes(SSL *s)
- {
- int i,num,tot;
- char *buf;
-
- buf=s->init_buf->data;
- tot=s->init_off;
- num=s->init_num;
- for (;;)
- {
- s->rwstate=SSL_WRITING;
- i=BIO_write(s->wbio,&(buf[tot]),num);
- if (i <= 0)
- {
- s->init_off=tot;
- s->init_num=num;
- return(i);
- }
- s->rwstate=SSL_NOTHING;
- if (i == num) return(tot+i);
-
- num-=i;
- tot+=i;
- }
- }
-
-/* return regularly only when we have read (at least) 'n' bytes */
-int ssl23_read_bytes(SSL *s, int n)
- {
- unsigned char *p;
- int j;
-
- if (s->packet_length < (unsigned int)n)
- {
- p=s->packet;
-
- for (;;)
- {
- s->rwstate=SSL_READING;
- j=BIO_read(s->rbio,(char *)&(p[s->packet_length]),
- n-s->packet_length);
- if (j <= 0)
- return(j);
- s->rwstate=SSL_NOTHING;
- s->packet_length+=j;
- if (s->packet_length >= (unsigned int)n)
- return(s->packet_length);
- }
- }
- return(n);
- }
-
diff --git a/crypto/openssl/ssl/s23_srvr.c b/crypto/openssl/ssl/s23_srvr.c
deleted file mode 100644
index b40bb01ab72a..000000000000
--- a/crypto/openssl/ssl/s23_srvr.c
+++ /dev/null
@@ -1,645 +0,0 @@
-/* ssl/s23_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include "ssl_locl.h"
-
-static SSL_METHOD *ssl23_get_server_method(int ver);
-int ssl23_get_client_hello(SSL *s);
-static SSL_METHOD *ssl23_get_server_method(int ver)
- {
-#ifndef NO_SSL2
- if (ver == SSL2_VERSION)
- return(SSLv2_server_method());
-#endif
- if (ver == SSL3_VERSION)
- return(SSLv3_server_method());
- else if (ver == TLS1_VERSION)
- return(TLSv1_server_method());
- else
- return(NULL);
- }
-
-SSL_METHOD *SSLv23_server_method(void)
- {
- static int init=1;
- static SSL_METHOD SSLv23_server_data;
-
- if (init)
- {
- memcpy((char *)&SSLv23_server_data,
- (char *)sslv23_base_method(),sizeof(SSL_METHOD));
- SSLv23_server_data.ssl_accept=ssl23_accept;
- SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
- init=0;
- }
- return(&SSLv23_server_data);
- }
-
-int ssl23_accept(SSL *s)
- {
- BUF_MEM *buf;
- unsigned long Time=time(NULL);
- void (*cb)()=NULL;
- int ret= -1;
- int new_state,state;
-
- RAND_add(&Time,sizeof(Time),0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
- for (;;)
- {
- state=s->state;
-
- switch(s->state)
- {
- case SSL_ST_BEFORE:
- case SSL_ST_ACCEPT:
- case SSL_ST_BEFORE|SSL_ST_ACCEPT:
- case SSL_ST_OK|SSL_ST_ACCEPT:
-
- s->server=1;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
- /* s->version=SSL3_VERSION; */
- s->type=SSL_ST_ACCEPT;
-
- if (s->init_buf == NULL)
- {
- if ((buf=BUF_MEM_new()) == NULL)
- {
- ret= -1;
- goto end;
- }
- if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
- {
- ret= -1;
- goto end;
- }
- s->init_buf=buf;
- }
-
- ssl3_init_finished_mac(s);
-
- s->state=SSL23_ST_SR_CLNT_HELLO_A;
- s->ctx->stats.sess_accept++;
- s->init_num=0;
- break;
-
- case SSL23_ST_SR_CLNT_HELLO_A:
- case SSL23_ST_SR_CLNT_HELLO_B:
-
- s->shutdown=0;
- ret=ssl23_get_client_hello(s);
- if (ret >= 0) cb=NULL;
- goto end;
- /* break; */
-
- default:
- SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE);
- ret= -1;
- goto end;
- /* break; */
- }
-
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_ACCEPT_LOOP,1);
- s->state=new_state;
- }
- }
-end:
- s->in_handshake--;
- if (cb != NULL)
- cb(s,SSL_CB_ACCEPT_EXIT,ret);
- return(ret);
- }
-
-
-int ssl23_get_client_hello(SSL *s)
- {
- char buf_space[11]; /* Request this many bytes in initial read.
- * We can detect SSL 3.0/TLS 1.0 Client Hellos
- * ('type == 3') correctly only when the following
- * is in a single record, which is not guaranteed by
- * the protocol specification:
- * Byte Content
- * 0 type \
- * 1/2 version > record header
- * 3/4 length /
- * 5 msg_type \
- * 6-8 length > Client Hello message
- * 9/10 client_version /
- */
- char *buf= &(buf_space[0]);
- unsigned char *p,*d,*dd;
- unsigned int i;
- unsigned int csl,sil,cl;
- int n=0,j;
- int type=0;
- int v[2];
-#ifndef NO_RSA
- int use_sslv2_strong=0;
-#endif
-
- if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
- {
- /* read the initial header */
- v[0]=v[1]=0;
-
- if (!ssl3_setup_buffers(s)) goto err;
-
- n=ssl23_read_bytes(s, sizeof buf_space);
- if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */
-
- p=s->packet;
-
- memcpy(buf,p,n);
-
- if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO))
- {
- /*
- * SSLv2 header
- */
- if ((p[3] == 0x00) && (p[4] == 0x02))
- {
- v[0]=p[3]; v[1]=p[4];
- /* SSLv2 */
- if (!(s->options & SSL_OP_NO_SSLv2))
- type=1;
- }
- else if (p[3] == SSL3_VERSION_MAJOR)
- {
- v[0]=p[3]; v[1]=p[4];
- /* SSLv3/TLSv1 */
- if (p[4] >= TLS1_VERSION_MINOR)
- {
- if (!(s->options & SSL_OP_NO_TLSv1))
- {
- s->version=TLS1_VERSION;
- /* type=2; */ /* done later to survive restarts */
- s->state=SSL23_ST_SR_CLNT_HELLO_B;
- }
- else if (!(s->options & SSL_OP_NO_SSLv3))
- {
- s->version=SSL3_VERSION;
- /* type=2; */
- s->state=SSL23_ST_SR_CLNT_HELLO_B;
- }
- else if (!(s->options & SSL_OP_NO_SSLv2))
- {
- type=1;
- }
- }
- else if (!(s->options & SSL_OP_NO_SSLv3))
- {
- s->version=SSL3_VERSION;
- /* type=2; */
- s->state=SSL23_ST_SR_CLNT_HELLO_B;
- }
- else if (!(s->options & SSL_OP_NO_SSLv2))
- type=1;
-
- if (s->options & SSL_OP_NON_EXPORT_FIRST)
- /* Not only utterly confusing, but broken
- * ('fractured programming'?) -- the details
- * of this block nearly make it work
- * as intended in this environment, but on one
- * of the fine points (w.r.t. restarts) it fails.
- * The obvious fix would be even more devastating
- * to program structure; if you want the functionality,
- * throw this away and implement it in a way
- * that makes sense */
- {
-#if 0
- STACK_OF(SSL_CIPHER) *sk;
- SSL_CIPHER *c;
- int ne2,ne3;
-
- j=((p[0]&0x7f)<<8)|p[1];
- if (j > (1024*4))
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
- goto err;
- }
-
- n=ssl23_read_bytes(s,j+2);
- if (n <= 0) return(n);
- p=s->packet;
-
- if ((buf=OPENSSL_malloc(n)) == NULL)
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- memcpy(buf,p,n);
-
- p+=5;
- n2s(p,csl);
- p+=4;
-
- sk=ssl_bytes_to_cipher_list(
- s,p,csl,NULL);
- if (sk != NULL)
- {
- ne2=ne3=0;
- for (j=0; j<sk_SSL_CIPHER_num(sk); j++)
- {
- c=sk_SSL_CIPHER_value(sk,j);
- if (!SSL_C_IS_EXPORT(c))
- {
- if ((c->id>>24L) == 2L)
- ne2=1;
- else
- ne3=1;
- }
- }
- if (ne2 && !ne3)
- {
- type=1;
- use_sslv2_strong=1;
- goto next_bit;
- }
- }
-#else
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_OPTION);
- goto err;
-#endif
- }
- }
- }
- else if ((p[0] == SSL3_RT_HANDSHAKE) &&
- (p[1] == SSL3_VERSION_MAJOR) &&
- (p[5] == SSL3_MT_CLIENT_HELLO) &&
- ((p[3] == 0 && p[4] < 5 /* silly record length? */)
- || (p[9] == p[1])))
- {
- /*
- * SSLv3 or tls1 header
- */
-
- v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
- /* We must look at client_version inside the Client Hello message
- * to get the correct minor version.
- * However if we have only a pathologically small fragment of the
- * Client Hello message, this would be difficult, and we'd have
- * to read more records to find out.
- * No known SSL 3.0 client fragments ClientHello like this,
- * so we simply assume TLS 1.0 to avoid protocol version downgrade
- * attacks. */
- if (p[3] == 0 && p[4] < 6)
- {
-#if 0
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
- goto err;
-#else
- v[1] = TLS1_VERSION_MINOR;
-#endif
- }
- else
- v[1]=p[10]; /* minor version according to client_version */
- if (v[1] >= TLS1_VERSION_MINOR)
- {
- if (!(s->options & SSL_OP_NO_TLSv1))
- {
- s->version=TLS1_VERSION;
- type=3;
- }
- else if (!(s->options & SSL_OP_NO_SSLv3))
- {
- s->version=SSL3_VERSION;
- type=3;
- }
- }
- else
- {
- /* client requests SSL 3.0 */
- if (!(s->options & SSL_OP_NO_SSLv3))
- {
- s->version=SSL3_VERSION;
- type=3;
- }
- else if (!(s->options & SSL_OP_NO_TLSv1))
- {
- /* we won't be able to use TLS of course,
- * but this will send an appropriate alert */
- s->version=TLS1_VERSION;
- type=3;
- }
- }
- }
- else if ((strncmp("GET ", (char *)p,4) == 0) ||
- (strncmp("POST ",(char *)p,5) == 0) ||
- (strncmp("HEAD ",(char *)p,5) == 0) ||
- (strncmp("PUT ", (char *)p,4) == 0))
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST);
- goto err;
- }
- else if (strncmp("CONNECT",(char *)p,7) == 0)
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST);
- goto err;
- }
- }
-
- if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
- {
- /* we have SSLv3/TLSv1 in an SSLv2 header
- * (other cases skip this state) */
-
- type=2;
- p=s->packet;
- v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
- v[1] = p[4];
-
- n=((p[0]&0x7f)<<8)|p[1];
- if (n > (1024*4))
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
- goto err;
- }
-
- j=ssl23_read_bytes(s,n+2);
- if (j <= 0) return(j);
-
- ssl3_finish_mac(s,&(s->packet[2]),s->packet_length-2);
-
- p=s->packet;
- p+=5;
- n2s(p,csl);
- n2s(p,sil);
- n2s(p,cl);
- d=(unsigned char *)s->init_buf->data;
- if ((csl+sil+cl+11) != s->packet_length)
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
- goto err;
- }
-
- *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
- *(d++) = v[1];
-
- /* lets populate the random area */
- /* get the challenge_length */
- i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;
- memset(d,0,SSL3_RANDOM_SIZE);
- memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);
- d+=SSL3_RANDOM_SIZE;
-
- /* no session-id reuse */
- *(d++)=0;
-
- /* ciphers */
- j=0;
- dd=d;
- d+=2;
- for (i=0; i<csl; i+=3)
- {
- if (p[i] != 0) continue;
- *(d++)=p[i+1];
- *(d++)=p[i+2];
- j+=2;
- }
- s2n(j,dd);
-
- /* COMPRESSION */
- *(d++)=1;
- *(d++)=0;
-
- i=(d-(unsigned char *)s->init_buf->data);
-
- /* get the data reused from the init_buf */
- s->s3->tmp.reuse_message=1;
- s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO;
- s->s3->tmp.message_size=i;
- }
-
- /* imaginary new state (for program structure): */
- /* s->state = SSL23_SR_CLNT_HELLO_C */
-
- if (type == 1)
- {
-#ifdef NO_SSL2
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
- goto err;
-#else
- /* we are talking sslv2 */
- /* we need to clean up the SSLv3/TLSv1 setup and put in the
- * sslv2 stuff. */
-
- if (s->s2 == NULL)
- {
- if (!ssl2_new(s))
- goto err;
- }
- else
- ssl2_clear(s);
-
- if (s->s3 != NULL) ssl3_free(s);
-
- if (!BUF_MEM_grow(s->init_buf,
- SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
- {
- goto err;
- }
-
- s->state=SSL2_ST_GET_CLIENT_HELLO_A;
- if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
- use_sslv2_strong ||
- (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
- s->s2->ssl2_rollback=0;
- else
- /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
- * (SSL 3.0 draft/RFC 2246, App. E.2) */
- s->s2->ssl2_rollback=1;
-
- /* setup the n bytes we have read so we get them from
- * the sslv2 buffer */
- s->rstate=SSL_ST_READ_HEADER;
- s->packet_length=n;
- s->packet= &(s->s2->rbuf[0]);
- memcpy(s->packet,buf,n);
- s->s2->rbuf_left=n;
- s->s2->rbuf_offs=0;
-
- s->method=SSLv2_server_method();
- s->handshake_func=s->method->ssl_accept;
-#endif
- }
-
- if ((type == 2) || (type == 3))
- {
- /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
-
- if (!ssl_init_wbio_buffer(s,1)) goto err;
-
- /* we are in this state */
- s->state=SSL3_ST_SR_CLNT_HELLO_A;
-
- if (type == 3)
- {
- /* put the 'n' bytes we have read into the input buffer
- * for SSLv3 */
- s->rstate=SSL_ST_READ_HEADER;
- s->packet_length=n;
- s->packet= &(s->s3->rbuf.buf[0]);
- memcpy(s->packet,buf,n);
- s->s3->rbuf.left=n;
- s->s3->rbuf.offset=0;
- }
- else
- {
- s->packet_length=0;
- s->s3->rbuf.left=0;
- s->s3->rbuf.offset=0;
- }
-
- if (s->version == TLS1_VERSION)
- s->method = TLSv1_server_method();
- else
- s->method = SSLv3_server_method();
-#if 0 /* ssl3_get_client_hello does this */
- s->client_version=(v[0]<<8)|v[1];
-#endif
- s->handshake_func=s->method->ssl_accept;
- }
-
- if ((type < 1) || (type > 3))
- {
- /* bad, very bad */
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);
- goto err;
- }
- s->init_num=0;
-
- if (buf != buf_space) OPENSSL_free(buf);
- s->first_packet=1;
- return(SSL_accept(s));
-err:
- if (buf != buf_space) OPENSSL_free(buf);
- return(-1);
- }
diff --git a/crypto/openssl/ssl/s2_clnt.c b/crypto/openssl/ssl/s2_clnt.c
deleted file mode 100644
index 2a6837dcd5bd..000000000000
--- a/crypto/openssl/ssl/s2_clnt.c
+++ /dev/null
@@ -1,1069 +0,0 @@
-/* ssl/s2_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ssl_locl.h"
-#ifndef NO_SSL2
-#include <stdio.h>
-#include <openssl/rand.h>
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include "cryptlib.h"
-
-static SSL_METHOD *ssl2_get_client_method(int ver);
-static int get_server_finished(SSL *s);
-static int get_server_verify(SSL *s);
-static int get_server_hello(SSL *s);
-static int client_hello(SSL *s);
-static int client_master_key(SSL *s);
-static int client_finished(SSL *s);
-static int client_certificate(SSL *s);
-static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
- unsigned char *to,int padding);
-#define BREAK break
-
-static SSL_METHOD *ssl2_get_client_method(int ver)
- {
- if (ver == SSL2_VERSION)
- return(SSLv2_client_method());
- else
- return(NULL);
- }
-
-SSL_METHOD *SSLv2_client_method(void)
- {
- static int init=1;
- static SSL_METHOD SSLv2_client_data;
-
- if (init)
- {
- memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
- sizeof(SSL_METHOD));
- SSLv2_client_data.ssl_connect=ssl2_connect;
- SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
- init=0;
- }
- return(&SSLv2_client_data);
- }
-
-int ssl2_connect(SSL *s)
- {
- unsigned long l=time(NULL);
- BUF_MEM *buf=NULL;
- int ret= -1;
- void (*cb)()=NULL;
- int new_state,state;
-
- RAND_add(&l,sizeof(l),0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- /* init things to blank */
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
- for (;;)
- {
- state=s->state;
-
- switch (s->state)
- {
- case SSL_ST_BEFORE:
- case SSL_ST_CONNECT:
- case SSL_ST_BEFORE|SSL_ST_CONNECT:
- case SSL_ST_OK|SSL_ST_CONNECT:
-
- s->server=0;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
- s->version=SSL2_VERSION;
- s->type=SSL_ST_CONNECT;
-
- buf=s->init_buf;
- if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL))
- {
- ret= -1;
- goto end;
- }
- if (!BUF_MEM_grow(buf,
- SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
- {
- ret= -1;
- goto end;
- }
- s->init_buf=buf;
- s->init_num=0;
- s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
- s->ctx->stats.sess_connect++;
- s->handshake_func=ssl2_connect;
- BREAK;
-
- case SSL2_ST_SEND_CLIENT_HELLO_A:
- case SSL2_ST_SEND_CLIENT_HELLO_B:
- s->shutdown=0;
- ret=client_hello(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_GET_SERVER_HELLO_A;
- BREAK;
-
- case SSL2_ST_GET_SERVER_HELLO_A:
- case SSL2_ST_GET_SERVER_HELLO_B:
- ret=get_server_hello(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- if (!s->hit) /* new session */
- {
- s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_A;
- BREAK;
- }
- else
- {
- s->state=SSL2_ST_CLIENT_START_ENCRYPTION;
- break;
- }
-
- case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:
- case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:
- ret=client_master_key(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_CLIENT_START_ENCRYPTION;
- break;
-
- case SSL2_ST_CLIENT_START_ENCRYPTION:
- /* Ok, we now have all the stuff needed to
- * start encrypting, so lets fire it up :-) */
- if (!ssl2_enc_init(s,1))
- {
- ret= -1;
- goto end;
- }
- s->s2->clear_text=0;
- s->state=SSL2_ST_SEND_CLIENT_FINISHED_A;
- break;
-
- case SSL2_ST_SEND_CLIENT_FINISHED_A:
- case SSL2_ST_SEND_CLIENT_FINISHED_B:
- ret=client_finished(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_GET_SERVER_VERIFY_A;
- break;
-
- case SSL2_ST_GET_SERVER_VERIFY_A:
- case SSL2_ST_GET_SERVER_VERIFY_B:
- ret=get_server_verify(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_GET_SERVER_FINISHED_A;
- break;
-
- case SSL2_ST_GET_SERVER_FINISHED_A:
- case SSL2_ST_GET_SERVER_FINISHED_B:
- ret=get_server_finished(s);
- if (ret <= 0) goto end;
- break;
-
- case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:
- case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:
- case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:
- case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:
- case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:
- ret=client_certificate(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_GET_SERVER_FINISHED_A;
- break;
-
- case SSL_ST_OK:
- if (s->init_buf != NULL)
- {
- BUF_MEM_free(s->init_buf);
- s->init_buf=NULL;
- }
- s->init_num=0;
- /* ERR_clear_error();*/
-
- /* If we want to cache session-ids in the client
- * and we successfully add the session-id to the
- * cache, and there is a callback, then pass it out.
- * 26/11/96 - eay - only add if not a re-used session.
- */
-
- ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
- if (s->hit) s->ctx->stats.sess_hit++;
-
- ret=1;
- /* s->server=0; */
- s->ctx->stats.sess_connect_good++;
-
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
-
- goto end;
- /* break; */
- default:
- SSLerr(SSL_F_SSL2_CONNECT,SSL_R_UNKNOWN_STATE);
- return(-1);
- /* break; */
- }
-
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_CONNECT_LOOP,1);
- s->state=new_state;
- }
- }
-end:
- s->in_handshake--;
- if (cb != NULL)
- cb(s,SSL_CB_CONNECT_EXIT,ret);
- return(ret);
- }
-
-static int get_server_hello(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p;
- int i,j;
- unsigned long len;
- STACK_OF(SSL_CIPHER) *sk=NULL,*cl;
-
- buf=(unsigned char *)s->init_buf->data;
- p=buf;
- if (s->state == SSL2_ST_GET_SERVER_HELLO_A)
- {
- i=ssl2_read(s,(char *)&(buf[s->init_num]),11-s->init_num);
- if (i < (11-s->init_num))
- return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
- s->init_num = 11;
-
- if (*(p++) != SSL2_MT_SERVER_HELLO)
- {
- if (p[-1] != SSL2_MT_ERROR)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_HELLO,
- SSL_R_READ_WRONG_PACKET_TYPE);
- }
- else
- SSLerr(SSL_F_GET_SERVER_HELLO,
- SSL_R_PEER_ERROR);
- return(-1);
- }
-#ifdef __APPLE_CC__
- /* The Rhapsody 5.5 (a.k.a. MacOS X) compiler bug
- * workaround. <appro@fy.chalmers.se> */
- s->hit=(i=*(p++))?1:0;
-#else
- s->hit=(*(p++))?1:0;
-#endif
- s->s2->tmp.cert_type= *(p++);
- n2s(p,i);
- if (i < s->version) s->version=i;
- n2s(p,i); s->s2->tmp.cert_length=i;
- n2s(p,i); s->s2->tmp.csl=i;
- n2s(p,i); s->s2->tmp.conn_id_length=i;
- s->state=SSL2_ST_GET_SERVER_HELLO_B;
- }
-
- /* SSL2_ST_GET_SERVER_HELLO_B */
- len = 11 + (unsigned long)s->s2->tmp.cert_length + (unsigned long)s->s2->tmp.csl + (unsigned long)s->s2->tmp.conn_id_length;
- if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
- {
- SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_MESSAGE_TOO_LONG);
- return -1;
- }
- j = (int)len - s->init_num;
- i = ssl2_read(s,(char *)&(buf[s->init_num]),j);
- if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
-
- /* things are looking good */
-
- p = buf + 11;
- if (s->hit)
- {
- if (s->s2->tmp.cert_length != 0)
- {
- SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_LENGTH_NOT_ZERO);
- return(-1);
- }
- if (s->s2->tmp.cert_type != 0)
- {
- if (!(s->options &
- SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG))
- {
- SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_TYPE_NOT_ZERO);
- return(-1);
- }
- }
- if (s->s2->tmp.csl != 0)
- {
- SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CIPHER_LIST_NOT_ZERO);
- return(-1);
- }
- }
- else
- {
-#ifdef undef
- /* very bad */
- memset(s->session->session_id,0,
- SSL_MAX_SSL_SESSION_ID_LENGTH_IN_BYTES);
- s->session->session_id_length=0;
- */
-#endif
-
- /* we need to do this in case we were trying to reuse a
- * client session but others are already reusing it.
- * If this was a new 'blank' session ID, the session-id
- * length will still be 0 */
- if (s->session->session_id_length > 0)
- {
- if (!ssl_get_new_session(s,0))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- return(-1);
- }
- }
-
- if (ssl2_set_certificate(s,s->s2->tmp.cert_type,
- s->s2->tmp.cert_length,p) <= 0)
- {
- ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
- return(-1);
- }
- p+=s->s2->tmp.cert_length;
-
- if (s->s2->tmp.csl == 0)
- {
- ssl2_return_error(s,SSL2_PE_NO_CIPHER);
- SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_LIST);
- return(-1);
- }
-
- /* We have just received a list of ciphers back from the
- * server. We need to get the ones that match, then select
- * the one we want the most :-). */
-
- /* load the ciphers */
- sk=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.csl,
- &s->session->ciphers);
- p+=s->s2->tmp.csl;
- if (sk == NULL)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE);
- return(-1);
- }
-
- sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp);
-
- /* get the array of ciphers we will accept */
- cl=ssl_get_ciphers_by_id(s);
-
- /* In theory we could have ciphers sent back that we
- * don't want to use but that does not matter since we
- * will check against the list we originally sent and
- * for performance reasons we should not bother to match
- * the two lists up just to check. */
- for (i=0; i<sk_SSL_CIPHER_num(cl); i++)
- {
- if (sk_SSL_CIPHER_find(sk,
- sk_SSL_CIPHER_value(cl,i)) >= 0)
- break;
- }
-
- if (i >= sk_SSL_CIPHER_num(cl))
- {
- ssl2_return_error(s,SSL2_PE_NO_CIPHER);
- SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_MATCH);
- return(-1);
- }
- s->session->cipher=sk_SSL_CIPHER_value(cl,i);
-
-
- if (s->session->peer != NULL) /* can't happen*/
- {
- ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
- return(-1);
- }
-
- s->session->peer = s->session->sess_cert->peer_key->x509;
- /* peer_key->x509 has been set by ssl2_set_certificate. */
- CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
- }
-
- if (s->session->peer != s->session->sess_cert->peer_key->x509)
- /* can't happen */
- {
- ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
- return(-1);
- }
-
- s->s2->conn_id_length=s->s2->tmp.conn_id_length;
- die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
- memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
- return(1);
- }
-
-static int client_hello(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
-/* CIPHER **cipher;*/
- int i,n,j;
-
- buf=(unsigned char *)s->init_buf->data;
- if (s->state == SSL2_ST_SEND_CLIENT_HELLO_A)
- {
- if ((s->session == NULL) ||
- (s->session->ssl_version != s->version))
- {
- if (!ssl_get_new_session(s,0))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- return(-1);
- }
- }
- /* else use the pre-loaded session */
-
- p=buf; /* header */
- d=p+9; /* data section */
- *(p++)=SSL2_MT_CLIENT_HELLO; /* type */
- s2n(SSL2_VERSION,p); /* version */
- n=j=0;
-
- n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d);
- d+=n;
-
- if (n == 0)
- {
- SSLerr(SSL_F_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
- return(-1);
- }
-
- s2n(n,p); /* cipher spec num bytes */
-
- if ((s->session->session_id_length > 0) &&
- (s->session->session_id_length <=
- SSL2_MAX_SSL_SESSION_ID_LENGTH))
- {
- i=s->session->session_id_length;
- s2n(i,p); /* session id length */
- memcpy(d,s->session->session_id,(unsigned int)i);
- d+=i;
- }
- else
- {
- s2n(0,p);
- }
-
- s->s2->challenge_length=SSL2_CHALLENGE_LENGTH;
- s2n(SSL2_CHALLENGE_LENGTH,p); /* challenge length */
- /*challenge id data*/
- RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH);
- memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH);
- d+=SSL2_CHALLENGE_LENGTH;
-
- s->state=SSL2_ST_SEND_CLIENT_HELLO_B;
- s->init_num=d-buf;
- s->init_off=0;
- }
- /* SSL2_ST_SEND_CLIENT_HELLO_B */
- return(ssl2_do_write(s));
- }
-
-static int client_master_key(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
- int clear,enc,karg,i;
- SSL_SESSION *sess;
- const EVP_CIPHER *c;
- const EVP_MD *md;
-
- buf=(unsigned char *)s->init_buf->data;
- if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A)
- {
-
- if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
- {
- ssl2_return_error(s,SSL2_PE_NO_CIPHER);
- SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
- return(-1);
- }
- sess=s->session;
- p=buf;
- d=p+10;
- *(p++)=SSL2_MT_CLIENT_MASTER_KEY;/* type */
-
- i=ssl_put_cipher_by_char(s,sess->cipher,p);
- p+=i;
-
- /* make key_arg data */
- i=EVP_CIPHER_iv_length(c);
- sess->key_arg_length=i;
- die(i <= SSL_MAX_KEY_ARG_LENGTH);
- if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
-
- /* make a master key */
- i=EVP_CIPHER_key_length(c);
- sess->master_key_length=i;
- if (i > 0)
- {
- die(i <= sizeof sess->master_key);
- if (RAND_bytes(sess->master_key,i) <= 0)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- return(-1);
- }
- }
-
- if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
- enc=8;
- else if (SSL_C_IS_EXPORT(sess->cipher))
- enc=5;
- else
- enc=i;
-
- if (i < enc)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_CIPHER_TABLE_SRC_ERROR);
- return(-1);
- }
- clear=i-enc;
- s2n(clear,p);
- memcpy(d,sess->master_key,(unsigned int)clear);
- d+=clear;
-
- enc=ssl_rsa_public_encrypt(sess->sess_cert,enc,
- &(sess->master_key[clear]),d,
- (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
- if (enc <= 0)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PUBLIC_KEY_ENCRYPT_ERROR);
- return(-1);
- }
-#ifdef PKCS1_CHECK
- if (s->options & SSL_OP_PKCS1_CHECK_1) d[1]++;
- if (s->options & SSL_OP_PKCS1_CHECK_2)
- sess->master_key[clear]++;
-#endif
- s2n(enc,p);
- d+=enc;
- karg=sess->key_arg_length;
- s2n(karg,p); /* key arg size */
- die(karg <= sizeof sess->key_arg);
- memcpy(d,sess->key_arg,(unsigned int)karg);
- d+=karg;
-
- s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_B;
- s->init_num=d-buf;
- s->init_off=0;
- }
-
- /* SSL2_ST_SEND_CLIENT_MASTER_KEY_B */
- return(ssl2_do_write(s));
- }
-
-static int client_finished(SSL *s)
- {
- unsigned char *p;
-
- if (s->state == SSL2_ST_SEND_CLIENT_FINISHED_A)
- {
- p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL2_MT_CLIENT_FINISHED;
- die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
- memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
-
- s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
- s->init_num=s->s2->conn_id_length+1;
- s->init_off=0;
- }
- return(ssl2_do_write(s));
- }
-
-/* read the data and then respond */
-static int client_certificate(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
- int i;
- unsigned int n;
- int cert_ch_len;
- unsigned char *cert_ch;
-
- buf=(unsigned char *)s->init_buf->data;
-
- /* We have a cert associated with the SSL, so attach it to
- * the session if it does not have one */
-
- if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
- {
- i=ssl2_read(s,(char *)&(buf[s->init_num]),
- SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num);
- if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num))
- return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
- s->init_num += i;
-
- /* type=buf[0]; */
- /* type eq x509 */
- if (buf[1] != SSL2_AT_MD5_WITH_RSA_ENCRYPTION)
- {
- ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
- SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_AUTHENTICATION_TYPE);
- return(-1);
- }
-
- if ((s->cert == NULL) ||
- (s->cert->key->x509 == NULL) ||
- (s->cert->key->privatekey == NULL))
- {
- s->state=SSL2_ST_X509_GET_CLIENT_CERTIFICATE;
- }
- else
- s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
- }
-
- cert_ch = buf + 2;
- cert_ch_len = s->init_num - 2;
-
- if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE)
- {
- X509 *x509=NULL;
- EVP_PKEY *pkey=NULL;
-
- /* If we get an error we need to
- * ssl->rwstate=SSL_X509_LOOKUP;
- * return(error);
- * We should then be retried when things are ok and we
- * can get a cert or not */
-
- i=0;
- if (s->ctx->client_cert_cb != NULL)
- {
- i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
- }
-
- if (i < 0)
- {
- s->rwstate=SSL_X509_LOOKUP;
- return(-1);
- }
- s->rwstate=SSL_NOTHING;
-
- if ((i == 1) && (pkey != NULL) && (x509 != NULL))
- {
- s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
- if ( !SSL_use_certificate(s,x509) ||
- !SSL_use_PrivateKey(s,pkey))
- {
- i=0;
- }
- X509_free(x509);
- EVP_PKEY_free(pkey);
- }
- else if (i == 1)
- {
- if (x509 != NULL) X509_free(x509);
- if (pkey != NULL) EVP_PKEY_free(pkey);
- SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
- i=0;
- }
-
- if (i == 0)
- {
- /* We have no client certificate to respond with
- * so send the correct error message back */
- s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_B;
- p=buf;
- *(p++)=SSL2_MT_ERROR;
- s2n(SSL2_PE_NO_CERTIFICATE,p);
- s->init_off=0;
- s->init_num=3;
- /* Write is done at the end */
- }
- }
-
- if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_B)
- {
- return(ssl2_do_write(s));
- }
-
- if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_C)
- {
- EVP_MD_CTX ctx;
-
- /* ok, now we calculate the checksum
- * do it first so we can reuse buf :-) */
- p=buf;
- EVP_SignInit(&ctx,s->ctx->rsa_md5);
- EVP_SignUpdate(&ctx,s->s2->key_material,
- (unsigned int)s->s2->key_material_length);
- EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
- n=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
- EVP_SignUpdate(&ctx,buf,(unsigned int)n);
-
- p=buf;
- d=p+6;
- *(p++)=SSL2_MT_CLIENT_CERTIFICATE;
- *(p++)=SSL2_CT_X509_CERTIFICATE;
- n=i2d_X509(s->cert->key->x509,&d);
- s2n(n,p);
-
- if (!EVP_SignFinal(&ctx,d,&n,s->cert->key->privatekey))
- {
- /* this is not good. If things have failed it
- * means there so something wrong with the key.
- * We will continue with a 0 length signature
- */
- }
- memset(&ctx,0,sizeof(ctx));
- s2n(n,p);
- d+=n;
-
- s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_D;
- s->init_num=d-buf;
- s->init_off=0;
- }
- /* if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_D) */
- return(ssl2_do_write(s));
- }
-
-static int get_server_verify(SSL *s)
- {
- unsigned char *p;
- int i, n, len;
-
- p=(unsigned char *)s->init_buf->data;
- if (s->state == SSL2_ST_GET_SERVER_VERIFY_A)
- {
- i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
- if (i < (1-s->init_num))
- return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
- s->init_num += i;
-
- s->state= SSL2_ST_GET_SERVER_VERIFY_B;
- if (*p != SSL2_MT_SERVER_VERIFY)
- {
- if (p[0] != SSL2_MT_ERROR)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_VERIFY,
- SSL_R_READ_WRONG_PACKET_TYPE);
- }
- else
- SSLerr(SSL_F_GET_SERVER_VERIFY,
- SSL_R_PEER_ERROR);
- return(-1);
- }
- }
-
- p=(unsigned char *)s->init_buf->data;
- len = 1 + s->s2->challenge_length;
- n = len - s->init_num;
- i = ssl2_read(s,(char *)&(p[s->init_num]),n);
- if (i < n)
- return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
- p += 1;
-
- if (memcmp(p,s->s2->challenge,(unsigned int)s->s2->challenge_length) != 0)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);
- return(-1);
- }
- return(1);
- }
-
-static int get_server_finished(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p;
- int i, n, len;
-
- buf=(unsigned char *)s->init_buf->data;
- p=buf;
- if (s->state == SSL2_ST_GET_SERVER_FINISHED_A)
- {
- i=ssl2_read(s,(char *)&(buf[s->init_num]),1-s->init_num);
- if (i < (1-s->init_num))
- return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
- s->init_num += i;
-
- if (*p == SSL2_MT_REQUEST_CERTIFICATE)
- {
- s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_A;
- return(1);
- }
- else if (*p != SSL2_MT_SERVER_FINISHED)
- {
- if (p[0] != SSL2_MT_ERROR)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);
- }
- else
- SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR);
- return(-1);
- }
- s->state=SSL2_ST_GET_SERVER_FINISHED_B;
- }
-
- len = 1 + SSL2_SSL_SESSION_ID_LENGTH;
- n = len - s->init_num;
- i = ssl2_read(s,(char *)&(buf[s->init_num]), n);
- if (i < n) /* XXX could be shorter than SSL2_SSL_SESSION_ID_LENGTH, that's the maximum */
- return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
- s->init_num += i;
-
- if (!s->hit) /* new session */
- {
- /* new session-id */
- /* Make sure we were not trying to re-use an old SSL_SESSION
- * or bad things can happen */
- /* ZZZZZZZZZZZZZ */
- s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
- memcpy(s->session->session_id,p,SSL2_SSL_SESSION_ID_LENGTH);
- }
- else
- {
- if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
- {
- die(s->session->session_id_length
- <= sizeof s->session->session_id);
- if (memcmp(buf,s->session->session_id,
- (unsigned int)s->session->session_id_length) != 0)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
- return(-1);
- }
- }
- }
- s->state = SSL_ST_OK;
- return(1);
- }
-
-/* loads in the certificate from the server */
-int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data)
- {
- STACK_OF(X509) *sk=NULL;
- EVP_PKEY *pkey=NULL;
- SESS_CERT *sc=NULL;
- int i;
- X509 *x509=NULL;
- int ret=0;
-
- x509=d2i_X509(NULL,&data,(long)len);
- if (x509 == NULL)
- {
- SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_X509_LIB);
- goto err;
- }
-
- if ((sk=sk_X509_new_null()) == NULL || !sk_X509_push(sk,x509))
- {
- SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- i=ssl_verify_cert_chain(s,sk);
-
- if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
- {
- SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
- goto err;
- }
- ERR_clear_error(); /* but we keep s->verify_result */
- s->session->verify_result = s->verify_result;
-
- /* server's cert for this session */
- sc=ssl_sess_cert_new();
- if (sc == NULL)
- {
- ret= -1;
- goto err;
- }
- if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
- s->session->sess_cert=sc;
-
- sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509=x509;
- sc->peer_key= &(sc->peer_pkeys[SSL_PKEY_RSA_ENC]);
-
- pkey=X509_get_pubkey(x509);
- x509=NULL;
- if (pkey == NULL)
- {
- SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY);
- goto err;
- }
- if (pkey->type != EVP_PKEY_RSA)
- {
- SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_PUBLIC_KEY_NOT_RSA);
- goto err;
- }
-
- if (!ssl_set_peer_cert_type(sc,SSL2_CT_X509_CERTIFICATE))
- goto err;
- ret=1;
-err:
- sk_X509_free(sk);
- X509_free(x509);
- EVP_PKEY_free(pkey);
- return(ret);
- }
-
-static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
- unsigned char *to, int padding)
- {
- EVP_PKEY *pkey=NULL;
- int i= -1;
-
- if ((sc == NULL) || (sc->peer_key->x509 == NULL) ||
- ((pkey=X509_get_pubkey(sc->peer_key->x509)) == NULL))
- {
- SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_NO_PUBLICKEY);
- return(-1);
- }
- if (pkey->type != EVP_PKEY_RSA)
- {
- SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA);
- goto end;
- }
-
- /* we have the public key */
- i=RSA_public_encrypt(len,from,to,pkey->pkey.rsa,padding);
- if (i < 0)
- SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB);
-end:
- EVP_PKEY_free(pkey);
- return(i);
- }
-#else /* !NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/crypto/openssl/ssl/s2_enc.c b/crypto/openssl/ssl/s2_enc.c
deleted file mode 100644
index fa2ab8dc4be7..000000000000
--- a/crypto/openssl/ssl/s2_enc.c
+++ /dev/null
@@ -1,187 +0,0 @@
-/* ssl/s2_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "ssl_locl.h"
-#ifndef NO_SSL2
-#include <stdio.h>
-
-int ssl2_enc_init(SSL *s, int client)
- {
- /* Max number of bytes needed */
- EVP_CIPHER_CTX *rs,*ws;
- const EVP_CIPHER *c;
- const EVP_MD *md;
- int num;
-
- if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
- {
- ssl2_return_error(s,SSL2_PE_NO_CIPHER);
- SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
- return(0);
- }
-
- s->read_hash=md;
- s->write_hash=md;
-
- if ((s->enc_read_ctx == NULL) &&
- ((s->enc_read_ctx=(EVP_CIPHER_CTX *)
- OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
- goto err;
- if ((s->enc_write_ctx == NULL) &&
- ((s->enc_write_ctx=(EVP_CIPHER_CTX *)
- OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
- goto err;
-
- rs= s->enc_read_ctx;
- ws= s->enc_write_ctx;
-
- EVP_CIPHER_CTX_init(rs);
- EVP_CIPHER_CTX_init(ws);
-
- num=c->key_len;
- s->s2->key_material_length=num*2;
-
- ssl2_generate_key_material(s);
-
- EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]),
- s->session->key_arg);
- EVP_DecryptInit(rs,c,&(s->s2->key_material[(client)?0:num]),
- s->session->key_arg);
- s->s2->read_key= &(s->s2->key_material[(client)?0:num]);
- s->s2->write_key= &(s->s2->key_material[(client)?num:0]);
- return(1);
-err:
- SSLerr(SSL_F_SSL2_ENC_INIT,ERR_R_MALLOC_FAILURE);
- return(0);
- }
-
-/* read/writes from s->s2->mac_data using length for encrypt and
- * decrypt. It sets s->s2->padding and s->[rw]length
- * if we are encrypting */
-void ssl2_enc(SSL *s, int send)
- {
- EVP_CIPHER_CTX *ds;
- unsigned long l;
- int bs;
-
- if (send)
- {
- ds=s->enc_write_ctx;
- l=s->s2->wlength;
- }
- else
- {
- ds=s->enc_read_ctx;
- l=s->s2->rlength;
- }
-
- /* check for NULL cipher */
- if (ds == NULL) return;
-
-
- bs=ds->cipher->block_size;
- /* This should be using (bs-1) and bs instead of 7 and 8, but
- * what the hell. */
- if (bs == 8)
- l=(l+7)/8*8;
-
- EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l);
- }
-
-void ssl2_mac(SSL *s, unsigned char *md, int send)
- {
- EVP_MD_CTX c;
- unsigned char sequence[4],*p,*sec,*act;
- unsigned long seq;
- unsigned int len;
-
- if (send)
- {
- seq=s->s2->write_sequence;
- sec=s->s2->write_key;
- len=s->s2->wact_data_length;
- act=s->s2->wact_data;
- }
- else
- {
- seq=s->s2->read_sequence;
- sec=s->s2->read_key;
- len=s->s2->ract_data_length;
- act=s->s2->ract_data;
- }
-
- p= &(sequence[0]);
- l2n(seq,p);
-
- /* There has to be a MAC algorithm. */
- EVP_DigestInit(&c,s->read_hash);
- EVP_DigestUpdate(&c,sec,
- EVP_CIPHER_CTX_key_length(s->enc_read_ctx));
- EVP_DigestUpdate(&c,act,len);
- /* the above line also does the pad data */
- EVP_DigestUpdate(&c,sequence,4);
- EVP_DigestFinal(&c,md,NULL);
- /* some would say I should zero the md context */
- }
-#else /* !NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/crypto/openssl/ssl/s2_lib.c b/crypto/openssl/ssl/s2_lib.c
deleted file mode 100644
index 26a85c2f17a9..000000000000
--- a/crypto/openssl/ssl/s2_lib.c
+++ /dev/null
@@ -1,496 +0,0 @@
-/* ssl/s2_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "ssl_locl.h"
-#ifndef NO_SSL2
-#include <stdio.h>
-#include <openssl/rsa.h>
-#include <openssl/objects.h>
-#include <openssl/md5.h>
-#include "cryptlib.h"
-
-static long ssl2_default_timeout(void );
-const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
-
-#define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
-
-OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
-/* NULL_WITH_MD5 v3 */
-#if 0
- {
- 1,
- SSL2_TXT_NULL_WITH_MD5,
- SSL2_CK_NULL_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
- SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-#endif
-/* RC4_128_EXPORT40_WITH_MD5 */
- {
- 1,
- SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
- SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
- SSL_EXPORT|SSL_EXP40,
- SSL2_CF_5_BYTE_ENC,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* RC4_128_WITH_MD5 */
- {
- 1,
- SSL2_TXT_RC4_128_WITH_MD5,
- SSL2_CK_RC4_128_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* RC2_128_CBC_EXPORT40_WITH_MD5 */
- {
- 1,
- SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
- SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
- SSL_EXPORT|SSL_EXP40,
- SSL2_CF_5_BYTE_ENC,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* RC2_128_CBC_WITH_MD5 */
- {
- 1,
- SSL2_TXT_RC2_128_CBC_WITH_MD5,
- SSL2_CK_RC2_128_CBC_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* IDEA_128_CBC_WITH_MD5 */
- {
- 1,
- SSL2_TXT_IDEA_128_CBC_WITH_MD5,
- SSL2_CK_IDEA_128_CBC_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_SSLV2,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* DES_64_CBC_WITH_MD5 */
- {
- 1,
- SSL2_TXT_DES_64_CBC_WITH_MD5,
- SSL2_CK_DES_64_CBC_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_SSLV2,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* DES_192_EDE3_CBC_WITH_MD5 */
- {
- 1,
- SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
- SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_SSLV2,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* RC4_64_WITH_MD5 */
-#if 1
- {
- 1,
- SSL2_TXT_RC4_64_WITH_MD5,
- SSL2_CK_RC4_64_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
- SSL_NOT_EXP|SSL_LOW,
- SSL2_CF_8_BYTE_ENC,
- 64,
- 64,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-#endif
-/* NULL SSLeay (testing) */
-#if 0
- {
- 0,
- SSL2_TXT_NULL,
- SSL2_CK_NULL,
- 0,
- SSL_STRONG_NONE,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-#endif
-
-/* end of list :-) */
- };
-
-static SSL_METHOD SSLv2_data= {
- SSL2_VERSION,
- ssl2_new, /* local */
- ssl2_clear, /* local */
- ssl2_free, /* local */
- ssl_undefined_function,
- ssl_undefined_function,
- ssl2_read,
- ssl2_peek,
- ssl2_write,
- ssl2_shutdown,
- ssl_ok, /* NULL - renegotiate */
- ssl_ok, /* NULL - check renegotiate */
- ssl2_ctrl, /* local */
- ssl2_ctx_ctrl, /* local */
- ssl2_get_cipher_by_char,
- ssl2_put_cipher_by_char,
- ssl2_pending,
- ssl2_num_ciphers,
- ssl2_get_cipher,
- ssl_bad_method,
- ssl2_default_timeout,
- &ssl3_undef_enc_method,
- ssl_undefined_function,
- ssl2_callback_ctrl, /* local */
- ssl2_ctx_callback_ctrl, /* local */
- };
-
-static long ssl2_default_timeout(void)
- {
- return(300);
- }
-
-SSL_METHOD *sslv2_base_method(void)
- {
- return(&SSLv2_data);
- }
-
-int ssl2_num_ciphers(void)
- {
- return(SSL2_NUM_CIPHERS);
- }
-
-SSL_CIPHER *ssl2_get_cipher(unsigned int u)
- {
- if (u < SSL2_NUM_CIPHERS)
- return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u]));
- else
- return(NULL);
- }
-
-int ssl2_pending(SSL *s)
- {
- return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
- }
-
-int ssl2_new(SSL *s)
- {
- SSL2_STATE *s2;
-
- if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err;
- memset(s2,0,sizeof *s2);
-
-#if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
-# error "assertion failed"
-#endif
-
- if ((s2->rbuf=OPENSSL_malloc(
- SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
- /* wbuf needs one byte more because when using two-byte headers,
- * we leave the first byte unused in do_ssl_write (s2_pkt.c) */
- if ((s2->wbuf=OPENSSL_malloc(
- SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err;
- s->s2=s2;
-
- ssl2_clear(s);
- return(1);
-err:
- if (s2 != NULL)
- {
- if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
- if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
- OPENSSL_free(s2);
- }
- return(0);
- }
-
-void ssl2_free(SSL *s)
- {
- SSL2_STATE *s2;
-
- if(s == NULL)
- return;
-
- s2=s->s2;
- if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
- if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
- memset(s2,0,sizeof *s2);
- OPENSSL_free(s2);
- s->s2=NULL;
- }
-
-void ssl2_clear(SSL *s)
- {
- SSL2_STATE *s2;
- unsigned char *rbuf,*wbuf;
-
- s2=s->s2;
-
- rbuf=s2->rbuf;
- wbuf=s2->wbuf;
-
- memset(s2,0,sizeof *s2);
-
- s2->rbuf=rbuf;
- s2->wbuf=wbuf;
- s2->clear_text=1;
- s->packet=s2->rbuf;
- s->version=SSL2_VERSION;
- s->packet_length=0;
- }
-
-long ssl2_ctrl(SSL *s, int cmd, long larg, char *parg)
- {
- int ret=0;
-
- switch(cmd)
- {
- case SSL_CTRL_GET_SESSION_REUSED:
- ret=s->hit;
- break;
- default:
- break;
- }
- return(ret);
- }
-
-long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)())
- {
- return(0);
- }
-
-long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
- {
- return(0);
- }
-
-long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
- {
- return(0);
- }
-
-/* This function needs to check if the ciphers required are actually
- * available */
-SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
- {
- static int init=1;
- static SSL_CIPHER *sorted[SSL2_NUM_CIPHERS];
- SSL_CIPHER c,*cp= &c,**cpp;
- unsigned long id;
- int i;
-
- if (init)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-
- for (i=0; i<SSL2_NUM_CIPHERS; i++)
- sorted[i]= &(ssl2_ciphers[i]);
-
- qsort( (char *)sorted,
- SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
- FP_ICC ssl_cipher_ptr_id_cmp);
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
- init=0;
- }
-
- id=0x02000000L|((unsigned long)p[0]<<16L)|
- ((unsigned long)p[1]<<8L)|(unsigned long)p[2];
- c.id=id;
- cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
- (char *)sorted,
- SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
- FP_ICC ssl_cipher_ptr_id_cmp);
- if ((cpp == NULL) || !(*cpp)->valid)
- return(NULL);
- else
- return(*cpp);
- }
-
-int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
- {
- long l;
-
- if (p != NULL)
- {
- l=c->id;
- if ((l & 0xff000000) != 0x02000000) return(0);
- p[0]=((unsigned char)(l>>16L))&0xFF;
- p[1]=((unsigned char)(l>> 8L))&0xFF;
- p[2]=((unsigned char)(l ))&0xFF;
- }
- return(3);
- }
-
-void ssl2_generate_key_material(SSL *s)
- {
- unsigned int i;
- MD5_CTX ctx;
- unsigned char *km;
- unsigned char c='0';
-
-#ifdef CHARSET_EBCDIC
- c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
- see SSLv2 docu */
-#endif
-
- km=s->s2->key_material;
- die(s->s2->key_material_length <= sizeof s->s2->key_material);
- for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
- {
- MD5_Init(&ctx);
-
- die(s->session->master_key_length >= 0
- && s->session->master_key_length
- < sizeof s->session->master_key);
- MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
- MD5_Update(&ctx,&c,1);
- c++;
- MD5_Update(&ctx,s->s2->challenge,s->s2->challenge_length);
- MD5_Update(&ctx,s->s2->conn_id,s->s2->conn_id_length);
- MD5_Final(km,&ctx);
- km+=MD5_DIGEST_LENGTH;
- }
- }
-
-void ssl2_return_error(SSL *s, int err)
- {
- if (!s->error)
- {
- s->error=3;
- s->error_code=err;
-
- ssl2_write_error(s);
- }
- }
-
-
-void ssl2_write_error(SSL *s)
- {
- unsigned char buf[3];
- int i,error;
-
- buf[0]=SSL2_MT_ERROR;
- buf[1]=(s->error_code>>8)&0xff;
- buf[2]=(s->error_code)&0xff;
-
-/* state=s->rwstate;*/
- error=s->error;
- s->error=0;
- die(error >= 0 && error <= 3);
- i=ssl2_write(s,&(buf[3-error]),error);
-/* if (i == error) s->rwstate=state; */
-
- if (i < 0)
- s->error=error;
- else if (i != s->error)
- s->error=error-i;
- /* else
- s->error=0; */
- }
-
-int ssl2_shutdown(SSL *s)
- {
- s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
- return(1);
- }
-#else /* !NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/crypto/openssl/ssl/s2_meth.c b/crypto/openssl/ssl/s2_meth.c
deleted file mode 100644
index deb9e1d6f36c..000000000000
--- a/crypto/openssl/ssl/s2_meth.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/* ssl/s2_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "ssl_locl.h"
-#ifndef NO_SSL2
-#include <stdio.h>
-#include <openssl/objects.h>
-
-static SSL_METHOD *ssl2_get_method(int ver);
-static SSL_METHOD *ssl2_get_method(int ver)
- {
- if (ver == SSL2_VERSION)
- return(SSLv2_method());
- else
- return(NULL);
- }
-
-SSL_METHOD *SSLv2_method(void)
- {
- static int init=1;
- static SSL_METHOD SSLv2_data;
-
- if (init)
- {
- memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
- sizeof(SSL_METHOD));
- SSLv2_data.ssl_connect=ssl2_connect;
- SSLv2_data.ssl_accept=ssl2_accept;
- SSLv2_data.get_ssl_method=ssl2_get_method;
- init=0;
- }
- return(&SSLv2_data);
- }
-#else /* !NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/crypto/openssl/ssl/s2_pkt.c b/crypto/openssl/ssl/s2_pkt.c
deleted file mode 100644
index 3cd7597fe700..000000000000
--- a/crypto/openssl/ssl/s2_pkt.c
+++ /dev/null
@@ -1,734 +0,0 @@
-/* ssl/s2_pkt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ssl_locl.h"
-#ifndef NO_SSL2
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-
-static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
-static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
-static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);
-static int ssl_mt_error(int n);
-
-
-/* SSL 2.0 imlementation for SSL_read/SSL_peek -
- * This routine will return 0 to len bytes, decrypted etc if required.
- */
-static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
- {
- int n;
- unsigned char mac[MAX_MAC_SIZE];
- unsigned char *p;
- int i;
- unsigned int mac_size;
-
- ssl2_read_again:
- if (SSL_in_init(s) && !s->in_handshake)
- {
- n=s->handshake_func(s);
- if (n < 0) return(n);
- if (n == 0)
- {
- SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
- }
-
- clear_sys_error();
- s->rwstate=SSL_NOTHING;
- if (len <= 0) return(len);
-
- if (s->s2->ract_data_length != 0) /* read from buffer */
- {
- if (len > s->s2->ract_data_length)
- n=s->s2->ract_data_length;
- else
- n=len;
-
- memcpy(buf,s->s2->ract_data,(unsigned int)n);
- if (!peek)
- {
- s->s2->ract_data_length-=n;
- s->s2->ract_data+=n;
- if (s->s2->ract_data_length == 0)
- s->rstate=SSL_ST_READ_HEADER;
- }
-
- return(n);
- }
-
- /* s->s2->ract_data_length == 0
- *
- * Fill the buffer, then goto ssl2_read_again.
- */
-
- if (s->rstate == SSL_ST_READ_HEADER)
- {
- if (s->first_packet)
- {
- n=read_n(s,5,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0);
- if (n <= 0) return(n); /* error or non-blocking */
- s->first_packet=0;
- p=s->packet;
- if (!((p[0] & 0x80) && (
- (p[2] == SSL2_MT_CLIENT_HELLO) ||
- (p[2] == SSL2_MT_SERVER_HELLO))))
- {
- SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_NON_SSLV2_INITIAL_PACKET);
- return(-1);
- }
- }
- else
- {
- n=read_n(s,2,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0);
- if (n <= 0) return(n); /* error or non-blocking */
- }
- /* part read stuff */
-
- s->rstate=SSL_ST_READ_BODY;
- p=s->packet;
- /* Do header */
- /*s->s2->padding=0;*/
- s->s2->escape=0;
- s->s2->rlength=(((unsigned int)p[0])<<8)|((unsigned int)p[1]);
- if ((p[0] & TWO_BYTE_BIT)) /* Two byte header? */
- {
- s->s2->three_byte_header=0;
- s->s2->rlength&=TWO_BYTE_MASK;
- }
- else
- {
- s->s2->three_byte_header=1;
- s->s2->rlength&=THREE_BYTE_MASK;
-
- /* security >s2->escape */
- s->s2->escape=((p[0] & SEC_ESC_BIT))?1:0;
- }
- }
-
- if (s->rstate == SSL_ST_READ_BODY)
- {
- n=s->s2->rlength+2+s->s2->three_byte_header;
- if (n > (int)s->packet_length)
- {
- n-=s->packet_length;
- i=read_n(s,(unsigned int)n,(unsigned int)n,1);
- if (i <= 0) return(i); /* ERROR */
- }
-
- p= &(s->packet[2]);
- s->rstate=SSL_ST_READ_HEADER;
- if (s->s2->three_byte_header)
- s->s2->padding= *(p++);
- else s->s2->padding=0;
-
- /* Data portion */
- if (s->s2->clear_text)
- {
- mac_size = 0;
- s->s2->mac_data=p;
- s->s2->ract_data=p;
- if (s->s2->padding)
- {
- SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);
- return(-1);
- }
- }
- else
- {
- mac_size=EVP_MD_size(s->read_hash);
- s->s2->mac_data=p;
- s->s2->ract_data= &p[mac_size];
- if (s->s2->padding + mac_size > s->s2->rlength)
- {
- SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);
- return(-1);
- }
- }
-
- s->s2->ract_data_length=s->s2->rlength;
- /* added a check for length > max_size in case
- * encryption was not turned on yet due to an error */
- if ((!s->s2->clear_text) &&
- (s->s2->rlength >= mac_size))
- {
- ssl2_enc(s,0);
- s->s2->ract_data_length-=mac_size;
- ssl2_mac(s,mac,0);
- s->s2->ract_data_length-=s->s2->padding;
- if ( (memcmp(mac,s->s2->mac_data,
- (unsigned int)mac_size) != 0) ||
- (s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
- {
- SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);
- return(-1);
- }
- }
- INC32(s->s2->read_sequence); /* expect next number */
- /* s->s2->ract_data is now available for processing */
-
- /* Possibly the packet that we just read had 0 actual data bytes.
- * (SSLeay/OpenSSL itself never sends such packets; see ssl2_write.)
- * In this case, returning 0 would be interpreted by the caller
- * as indicating EOF, so it's not a good idea. Instead, we just
- * continue reading; thus ssl2_read_internal may have to process
- * multiple packets before it can return.
- *
- * [Note that using select() for blocking sockets *never* guarantees
- * that the next SSL_read will not block -- the available
- * data may contain incomplete packets, and except for SSL 2,
- * renegotiation can confuse things even more.] */
-
- goto ssl2_read_again; /* This should really be
- * "return ssl2_read(s,buf,len)",
- * but that would allow for
- * denial-of-service attacks if a
- * C compiler is used that does not
- * recognize end-recursion. */
- }
- else
- {
- SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_STATE);
- return(-1);
- }
- }
-
-int ssl2_read(SSL *s, void *buf, int len)
- {
- return ssl2_read_internal(s, buf, len, 0);
- }
-
-int ssl2_peek(SSL *s, void *buf, int len)
- {
- return ssl2_read_internal(s, buf, len, 1);
- }
-
-static int read_n(SSL *s, unsigned int n, unsigned int max,
- unsigned int extend)
- {
- int i,off,newb;
-
- /* if there is stuff still in the buffer from a previous read,
- * and there is more than we want, take some. */
- if (s->s2->rbuf_left >= (int)n)
- {
- if (extend)
- s->packet_length+=n;
- else
- {
- s->packet= &(s->s2->rbuf[s->s2->rbuf_offs]);
- s->packet_length=n;
- }
- s->s2->rbuf_left-=n;
- s->s2->rbuf_offs+=n;
- return(n);
- }
-
- if (!s->read_ahead) max=n;
- if (max > (unsigned int)(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2))
- max=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2;
-
-
- /* Else we want more than we have.
- * First, if there is some left or we want to extend */
- off=0;
- if ((s->s2->rbuf_left != 0) || ((s->packet_length != 0) && extend))
- {
- newb=s->s2->rbuf_left;
- if (extend)
- {
- off=s->packet_length;
- if (s->packet != s->s2->rbuf)
- memcpy(s->s2->rbuf,s->packet,
- (unsigned int)newb+off);
- }
- else if (s->s2->rbuf_offs != 0)
- {
- memcpy(s->s2->rbuf,&(s->s2->rbuf[s->s2->rbuf_offs]),
- (unsigned int)newb);
- s->s2->rbuf_offs=0;
- }
- s->s2->rbuf_left=0;
- }
- else
- newb=0;
-
- /* off is the offset to start writing too.
- * r->s2->rbuf_offs is the 'unread data', now 0.
- * newb is the number of new bytes so far
- */
- s->packet=s->s2->rbuf;
- while (newb < (int)n)
- {
- clear_sys_error();
- if (s->rbio != NULL)
- {
- s->rwstate=SSL_READING;
- i=BIO_read(s->rbio,(char *)&(s->s2->rbuf[off+newb]),
- max-newb);
- }
- else
- {
- SSLerr(SSL_F_READ_N,SSL_R_READ_BIO_NOT_SET);
- i= -1;
- }
-#ifdef PKT_DEBUG
- if (s->debug & 0x01) sleep(1);
-#endif
- if (i <= 0)
- {
- s->s2->rbuf_left+=newb;
- return(i);
- }
- newb+=i;
- }
-
- /* record unread data */
- if (newb > (int)n)
- {
- s->s2->rbuf_offs=n+off;
- s->s2->rbuf_left=newb-n;
- }
- else
- {
- s->s2->rbuf_offs=0;
- s->s2->rbuf_left=0;
- }
- if (extend)
- s->packet_length+=n;
- else
- s->packet_length=n;
- s->rwstate=SSL_NOTHING;
- return(n);
- }
-
-int ssl2_write(SSL *s, const void *_buf, int len)
- {
- const unsigned char *buf=_buf;
- unsigned int n,tot;
- int i;
-
- if (SSL_in_init(s) && !s->in_handshake)
- {
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_SSL2_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
- }
-
- if (s->error)
- {
- ssl2_write_error(s);
- if (s->error)
- return(-1);
- }
-
- clear_sys_error();
- s->rwstate=SSL_NOTHING;
- if (len <= 0) return(len);
-
- tot=s->s2->wnum;
- s->s2->wnum=0;
-
- n=(len-tot);
- for (;;)
- {
- i=do_ssl_write(s,&(buf[tot]),n);
- if (i <= 0)
- {
- s->s2->wnum=tot;
- return(i);
- }
- if ((i == (int)n) ||
- (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))
- {
- return(tot+i);
- }
-
- n-=i;
- tot+=i;
- }
- }
-
-static int write_pending(SSL *s, const unsigned char *buf, unsigned int len)
- {
- int i;
-
- /* s->s2->wpend_len != 0 MUST be true. */
-
- /* check that they have given us the same buffer to
- * write */
- if ((s->s2->wpend_tot > (int)len) ||
- ((s->s2->wpend_buf != buf) &&
- !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)))
- {
- SSLerr(SSL_F_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
- return(-1);
- }
-
- for (;;)
- {
- clear_sys_error();
- if (s->wbio != NULL)
- {
- s->rwstate=SSL_WRITING;
- i=BIO_write(s->wbio,
- (char *)&(s->s2->write_ptr[s->s2->wpend_off]),
- (unsigned int)s->s2->wpend_len);
- }
- else
- {
- SSLerr(SSL_F_WRITE_PENDING,SSL_R_WRITE_BIO_NOT_SET);
- i= -1;
- }
-#ifdef PKT_DEBUG
- if (s->debug & 0x01) sleep(1);
-#endif
- if (i == s->s2->wpend_len)
- {
- s->s2->wpend_len=0;
- s->rwstate=SSL_NOTHING;
- return(s->s2->wpend_ret);
- }
- else if (i <= 0)
- return(i);
- s->s2->wpend_off+=i;
- s->s2->wpend_len-=i;
- }
- }
-
-static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
- {
- unsigned int j,k,olen,p,mac_size,bs;
- register unsigned char *pp;
-
- olen=len;
-
- /* first check if there is data from an encryption waiting to
- * be sent - it must be sent because the other end is waiting.
- * This will happen with non-blocking IO. We print it and then
- * return.
- */
- if (s->s2->wpend_len != 0) return(write_pending(s,buf,len));
-
- /* set mac_size to mac size */
- if (s->s2->clear_text)
- mac_size=0;
- else
- mac_size=EVP_MD_size(s->write_hash);
-
- /* lets set the pad p */
- if (s->s2->clear_text)
- {
- if (len > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
- len=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;
- p=0;
- s->s2->three_byte_header=0;
- /* len=len; */
- }
- else
- {
- bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx);
- j=len+mac_size;
- /* Two-byte headers allow for a larger record length than
- * three-byte headers, but we can't use them if we need
- * padding or if we have to set the escape bit. */
- if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) &&
- (!s->s2->escape))
- {
- if (j > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
- j=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;
- /* set k to the max number of bytes with 2
- * byte header */
- k=j-(j%bs);
- /* how many data bytes? */
- len=k-mac_size;
- s->s2->three_byte_header=0;
- p=0;
- }
- else if ((bs <= 1) && (!s->s2->escape))
- {
- /* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
- * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */
- s->s2->three_byte_header=0;
- p=0;
- }
- else /* we may have to use a 3 byte header */
- {
- /* If s->s2->escape is not set, then
- * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus
- * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */
- p=(j%bs);
- p=(p == 0)?0:(bs-p);
- if (s->s2->escape)
- {
- s->s2->three_byte_header=1;
- if (j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
- j=SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER;
- }
- else
- s->s2->three_byte_header=(p == 0)?0:1;
- }
- }
-
- /* Now
- * j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
- * holds, and if s->s2->three_byte_header is set, then even
- * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.
- */
-
- /* mac_size is the number of MAC bytes
- * len is the number of data bytes we are going to send
- * p is the number of padding bytes
- * (if it is a two-byte header, then p == 0) */
-
- s->s2->wlength=len;
- s->s2->padding=p;
- s->s2->mac_data= &(s->s2->wbuf[3]);
- s->s2->wact_data= &(s->s2->wbuf[3+mac_size]);
- /* we copy the data into s->s2->wbuf */
- memcpy(s->s2->wact_data,buf,len);
- if (p)
- memset(&(s->s2->wact_data[len]),0,p); /* arbitrary padding */
-
- if (!s->s2->clear_text)
- {
- s->s2->wact_data_length=len+p;
- ssl2_mac(s,s->s2->mac_data,1);
- s->s2->wlength+=p+mac_size;
- ssl2_enc(s,1);
- }
-
- /* package up the header */
- s->s2->wpend_len=s->s2->wlength;
- if (s->s2->three_byte_header) /* 3 byte header */
- {
- pp=s->s2->mac_data;
- pp-=3;
- pp[0]=(s->s2->wlength>>8)&(THREE_BYTE_MASK>>8);
- if (s->s2->escape) pp[0]|=SEC_ESC_BIT;
- pp[1]=s->s2->wlength&0xff;
- pp[2]=s->s2->padding;
- s->s2->wpend_len+=3;
- }
- else
- {
- pp=s->s2->mac_data;
- pp-=2;
- pp[0]=((s->s2->wlength>>8)&(TWO_BYTE_MASK>>8))|TWO_BYTE_BIT;
- pp[1]=s->s2->wlength&0xff;
- s->s2->wpend_len+=2;
- }
- s->s2->write_ptr=pp;
-
- INC32(s->s2->write_sequence); /* expect next number */
-
- /* lets try to actually write the data */
- s->s2->wpend_tot=olen;
- s->s2->wpend_buf=buf;
-
- s->s2->wpend_ret=len;
-
- s->s2->wpend_off=0;
- return(write_pending(s,buf,olen));
- }
-
-int ssl2_part_read(SSL *s, unsigned long f, int i)
- {
- unsigned char *p;
- int j;
-
- if (i < 0)
- {
- /* ssl2_return_error(s); */
- /* for non-blocking io,
- * this is not necessarily fatal */
- return(i);
- }
- else
- {
- s->init_num+=i;
-
- /* Check for error. While there are recoverable errors,
- * this function is not called when those must be expected;
- * any error detected here is fatal. */
- if (s->init_num >= 3)
- {
- p=(unsigned char *)s->init_buf->data;
- if (p[0] == SSL2_MT_ERROR)
- {
- j=(p[1]<<8)|p[2];
- SSLerr((int)f,ssl_mt_error(j));
- s->init_num -= 3;
- if (s->init_num > 0)
- memmove(p, p+3, s->init_num);
- }
- }
-
- /* If it's not an error message, we have some error anyway --
- * the message was shorter than expected. This too is treated
- * as fatal (at least if SSL_get_error is asked for its opinion). */
- return(0);
- }
- }
-
-int ssl2_do_write(SSL *s)
- {
- int ret;
-
- ret=ssl2_write(s,&s->init_buf->data[s->init_off],s->init_num);
- if (ret == s->init_num)
- {
- return(1);
- }
- if (ret < 0)
- return(-1);
- s->init_off+=ret;
- s->init_num-=ret;
- return(0);
- }
-
-static int ssl_mt_error(int n)
- {
- int ret;
-
- switch (n)
- {
- case SSL2_PE_NO_CIPHER:
- ret=SSL_R_PEER_ERROR_NO_CIPHER;
- break;
- case SSL2_PE_NO_CERTIFICATE:
- ret=SSL_R_PEER_ERROR_NO_CERTIFICATE;
- break;
- case SSL2_PE_BAD_CERTIFICATE:
- ret=SSL_R_PEER_ERROR_CERTIFICATE;
- break;
- case SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE:
- ret=SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE;
- break;
- default:
- ret=SSL_R_UNKNOWN_REMOTE_ERROR_TYPE;
- break;
- }
- return(ret);
- }
-#else /* !NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/crypto/openssl/ssl/s2_srvr.c b/crypto/openssl/ssl/s2_srvr.c
deleted file mode 100644
index 96149518ad87..000000000000
--- a/crypto/openssl/ssl/s2_srvr.c
+++ /dev/null
@@ -1,1088 +0,0 @@
-/* ssl/s2_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ssl_locl.h"
-#ifndef NO_SSL2
-#include <stdio.h>
-#include <openssl/bio.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include "cryptlib.h"
-
-static SSL_METHOD *ssl2_get_server_method(int ver);
-static int get_client_master_key(SSL *s);
-static int get_client_hello(SSL *s);
-static int server_hello(SSL *s);
-static int get_client_finished(SSL *s);
-static int server_verify(SSL *s);
-static int server_finish(SSL *s);
-static int request_certificate(SSL *s);
-static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
- unsigned char *to,int padding);
-#define BREAK break
-
-static SSL_METHOD *ssl2_get_server_method(int ver)
- {
- if (ver == SSL2_VERSION)
- return(SSLv2_server_method());
- else
- return(NULL);
- }
-
-SSL_METHOD *SSLv2_server_method(void)
- {
- static int init=1;
- static SSL_METHOD SSLv2_server_data;
-
- if (init)
- {
- memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
- sizeof(SSL_METHOD));
- SSLv2_server_data.ssl_accept=ssl2_accept;
- SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
- init=0;
- }
- return(&SSLv2_server_data);
- }
-
-int ssl2_accept(SSL *s)
- {
- unsigned long l=time(NULL);
- BUF_MEM *buf=NULL;
- int ret= -1;
- long num1;
- void (*cb)()=NULL;
- int new_state,state;
-
- RAND_add(&l,sizeof(l),0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- /* init things to blank */
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
- if (s->cert == NULL)
- {
- SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
- return(-1);
- }
-
- clear_sys_error();
- for (;;)
- {
- state=s->state;
-
- switch (s->state)
- {
- case SSL_ST_BEFORE:
- case SSL_ST_ACCEPT:
- case SSL_ST_BEFORE|SSL_ST_ACCEPT:
- case SSL_ST_OK|SSL_ST_ACCEPT:
-
- s->server=1;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
- s->version=SSL2_VERSION;
- s->type=SSL_ST_ACCEPT;
-
- buf=s->init_buf;
- if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL))
- { ret= -1; goto end; }
- if (!BUF_MEM_grow(buf,(int)
- SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
- { ret= -1; goto end; }
- s->init_buf=buf;
- s->init_num=0;
- s->ctx->stats.sess_accept++;
- s->handshake_func=ssl2_accept;
- s->state=SSL2_ST_GET_CLIENT_HELLO_A;
- BREAK;
-
- case SSL2_ST_GET_CLIENT_HELLO_A:
- case SSL2_ST_GET_CLIENT_HELLO_B:
- case SSL2_ST_GET_CLIENT_HELLO_C:
- s->shutdown=0;
- ret=get_client_hello(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_SEND_SERVER_HELLO_A;
- BREAK;
-
- case SSL2_ST_SEND_SERVER_HELLO_A:
- case SSL2_ST_SEND_SERVER_HELLO_B:
- ret=server_hello(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- if (!s->hit)
- {
- s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_A;
- BREAK;
- }
- else
- {
- s->state=SSL2_ST_SERVER_START_ENCRYPTION;
- BREAK;
- }
- case SSL2_ST_GET_CLIENT_MASTER_KEY_A:
- case SSL2_ST_GET_CLIENT_MASTER_KEY_B:
- ret=get_client_master_key(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_SERVER_START_ENCRYPTION;
- BREAK;
-
- case SSL2_ST_SERVER_START_ENCRYPTION:
- /* Ok we how have sent all the stuff needed to
- * start encrypting, the next packet back will
- * be encrypted. */
- if (!ssl2_enc_init(s,0))
- { ret= -1; goto end; }
- s->s2->clear_text=0;
- s->state=SSL2_ST_SEND_SERVER_VERIFY_A;
- BREAK;
-
- case SSL2_ST_SEND_SERVER_VERIFY_A:
- case SSL2_ST_SEND_SERVER_VERIFY_B:
- ret=server_verify(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- if (s->hit)
- {
- /* If we are in here, we have been
- * buffering the output, so we need to
- * flush it and remove buffering from
- * future traffic */
- s->state=SSL2_ST_SEND_SERVER_VERIFY_C;
- BREAK;
- }
- else
- {
- s->state=SSL2_ST_GET_CLIENT_FINISHED_A;
- break;
- }
-
- case SSL2_ST_SEND_SERVER_VERIFY_C:
- /* get the number of bytes to write */
- num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
- if (num1 != 0)
- {
- s->rwstate=SSL_WRITING;
- num1=BIO_flush(s->wbio);
- if (num1 <= 0) { ret= -1; goto end; }
- s->rwstate=SSL_NOTHING;
- }
-
- /* flushed and now remove buffering */
- s->wbio=BIO_pop(s->wbio);
-
- s->state=SSL2_ST_GET_CLIENT_FINISHED_A;
- BREAK;
-
- case SSL2_ST_GET_CLIENT_FINISHED_A:
- case SSL2_ST_GET_CLIENT_FINISHED_B:
- ret=get_client_finished(s);
- if (ret <= 0)
- goto end;
- s->init_num=0;
- s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_A;
- BREAK;
-
- case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:
- case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:
- case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:
- case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:
- /* don't do a 'request certificate' if we
- * don't want to, or we already have one, and
- * we only want to do it once. */
- if (!(s->verify_mode & SSL_VERIFY_PEER) ||
- ((s->session->peer != NULL) &&
- (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)))
- {
- s->state=SSL2_ST_SEND_SERVER_FINISHED_A;
- break;
- }
- else
- {
- ret=request_certificate(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_SEND_SERVER_FINISHED_A;
- }
- BREAK;
-
- case SSL2_ST_SEND_SERVER_FINISHED_A:
- case SSL2_ST_SEND_SERVER_FINISHED_B:
- ret=server_finish(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL_ST_OK;
- break;
-
- case SSL_ST_OK:
- BUF_MEM_free(s->init_buf);
- ssl_free_wbio_buffer(s);
- s->init_buf=NULL;
- s->init_num=0;
- /* ERR_clear_error();*/
-
- ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
-
- s->ctx->stats.sess_accept_good++;
- /* s->server=1; */
- ret=1;
-
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
-
- goto end;
- /* BREAK; */
-
- default:
- SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_UNKNOWN_STATE);
- ret= -1;
- goto end;
- /* BREAK; */
- }
-
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_ACCEPT_LOOP,1);
- s->state=new_state;
- }
- }
-end:
- s->in_handshake--;
- if (cb != NULL)
- cb(s,SSL_CB_ACCEPT_EXIT,ret);
- return(ret);
- }
-
-static int get_client_master_key(SSL *s)
- {
- int is_export,i,n,keya,ek;
- unsigned long len;
- unsigned char *p;
- SSL_CIPHER *cp;
- const EVP_CIPHER *c;
- const EVP_MD *md;
-
- p=(unsigned char *)s->init_buf->data;
- if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A)
- {
- i=ssl2_read(s,(char *)&(p[s->init_num]),10-s->init_num);
-
- if (i < (10-s->init_num))
- return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
- s->init_num = 10;
-
- if (*(p++) != SSL2_MT_CLIENT_MASTER_KEY)
- {
- if (p[-1] != SSL2_MT_ERROR)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);
- }
- else
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
- SSL_R_PEER_ERROR);
- return(-1);
- }
-
- cp=ssl2_get_cipher_by_char(p);
- if (cp == NULL)
- {
- ssl2_return_error(s,SSL2_PE_NO_CIPHER);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
- SSL_R_NO_CIPHER_MATCH);
- return(-1);
- }
- s->session->cipher= cp;
-
- p+=3;
- n2s(p,i); s->s2->tmp.clear=i;
- n2s(p,i); s->s2->tmp.enc=i;
- n2s(p,i); s->session->key_arg_length=i;
- if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
- {
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
- SSL_R_KEY_ARG_TOO_LONG);
- return -1;
- }
- s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
- }
-
- /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
- p=(unsigned char *)s->init_buf->data;
- die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
- keya=s->session->key_arg_length;
- len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
- if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
- {
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
- return -1;
- }
- n = (int)len - s->init_num;
- i = ssl2_read(s,(char *)&(p[s->init_num]),n);
- if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
- p += 10;
-
- memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]),
- (unsigned int)keya);
-
- if (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
- return(-1);
- }
- i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
- &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
- (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
-
- is_export=SSL_C_IS_EXPORT(s->session->cipher);
-
- if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
- {
- ssl2_return_error(s,SSL2_PE_NO_CIPHER);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
- return(0);
- }
-
- if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
- {
- is_export=1;
- ek=8;
- }
- else
- ek=5;
-
- /* bad decrypt */
-#if 1
- /* If a bad decrypt, continue with protocol but with a
- * random master secret (Bleichenbacher attack) */
- if ((i < 0) ||
- ((!is_export && (i != EVP_CIPHER_key_length(c)))
- || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
- (unsigned int)EVP_CIPHER_key_length(c))))))
- {
- ERR_clear_error();
- if (is_export)
- i=ek;
- else
- i=EVP_CIPHER_key_length(c);
- RAND_pseudo_bytes(p,i);
- }
-#else
- if (i < 0)
- {
- error=1;
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_RSA_DECRYPT);
- }
- /* incorrect number of key bytes for non export cipher */
- else if ((!is_export && (i != EVP_CIPHER_key_length(c)))
- || (is_export && ((i != ek) || (s->s2->tmp.clear+i !=
- EVP_CIPHER_key_length(c)))))
- {
- error=1;
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_WRONG_NUMBER_OF_KEY_BITS);
- }
- if (error)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- return(-1);
- }
-#endif
-
- if (is_export) i+=s->s2->tmp.clear;
- die(i <= SSL_MAX_MASTER_KEY_LENGTH);
- s->session->master_key_length=i;
- memcpy(s->session->master_key,p,(unsigned int)i);
- return(1);
- }
-
-static int get_client_hello(SSL *s)
- {
- int i,n;
- unsigned long len;
- unsigned char *p;
- STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */
- STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */
- int z;
-
- /* This is a bit of a hack to check for the correct packet
- * type the first time round. */
- if (s->state == SSL2_ST_GET_CLIENT_HELLO_A)
- {
- s->first_packet=1;
- s->state=SSL2_ST_GET_CLIENT_HELLO_B;
- }
-
- p=(unsigned char *)s->init_buf->data;
- if (s->state == SSL2_ST_GET_CLIENT_HELLO_B)
- {
- i=ssl2_read(s,(char *)&(p[s->init_num]),9-s->init_num);
- if (i < (9-s->init_num))
- return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
- s->init_num = 9;
-
- if (*(p++) != SSL2_MT_CLIENT_HELLO)
- {
- if (p[-1] != SSL2_MT_ERROR)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_READ_WRONG_PACKET_TYPE);
- }
- else
- SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_PEER_ERROR);
- return(-1);
- }
- n2s(p,i);
- if (i < s->version) s->version=i;
- n2s(p,i); s->s2->tmp.cipher_spec_length=i;
- n2s(p,i); s->s2->tmp.session_id_length=i;
- n2s(p,i); s->s2->challenge_length=i;
- if ( (i < SSL2_MIN_CHALLENGE_LENGTH) ||
- (i > SSL2_MAX_CHALLENGE_LENGTH))
- {
- SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH);
- return(-1);
- }
- s->state=SSL2_ST_GET_CLIENT_HELLO_C;
- }
-
- /* SSL2_ST_GET_CLIENT_HELLO_C */
- p=(unsigned char *)s->init_buf->data;
- len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length;
- if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
- {
- SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG);
- return -1;
- }
- n = (int)len - s->init_num;
- i = ssl2_read(s,(char *)&(p[s->init_num]),n);
- if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
- p += 9;
-
- /* get session-id before cipher stuff so we can get out session
- * structure if it is cached */
- /* session-id */
- if ((s->s2->tmp.session_id_length != 0) &&
- (s->s2->tmp.session_id_length != SSL2_SSL_SESSION_ID_LENGTH))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_BAD_SSL_SESSION_ID_LENGTH);
- return(-1);
- }
-
- if (s->s2->tmp.session_id_length == 0)
- {
- if (!ssl_get_new_session(s,1))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- return(-1);
- }
- }
- else
- {
- i=ssl_get_prev_session(s,&(p[s->s2->tmp.cipher_spec_length]),
- s->s2->tmp.session_id_length);
- if (i == 1)
- { /* previous session */
- s->hit=1;
- }
- else if (i == -1)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- return(-1);
- }
- else
- {
- if (s->cert == NULL)
- {
- ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE);
- SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_NO_CERTIFICATE_SET);
- return(-1);
- }
-
- if (!ssl_get_new_session(s,1))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- return(-1);
- }
- }
- }
-
- if (!s->hit)
- {
- cs=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.cipher_spec_length,
- &s->session->ciphers);
- if (cs == NULL) goto mem_err;
-
- cl=ssl_get_ciphers_by_id(s);
-
- for (z=0; z<sk_SSL_CIPHER_num(cs); z++)
- {
- if (sk_SSL_CIPHER_find(cl,sk_SSL_CIPHER_value(cs,z)) < 0)
- {
- sk_SSL_CIPHER_delete(cs,z);
- z--;
- }
- }
-
- /* s->session->ciphers should now have a list of
- * ciphers that are on both the client and server.
- * This list is ordered by the order the client sent
- * the ciphers.
- */
- }
- p+=s->s2->tmp.cipher_spec_length;
- /* done cipher selection */
-
- /* session id extracted already */
- p+=s->s2->tmp.session_id_length;
-
- /* challenge */
- die(s->s2->challenge_length <= sizeof s->s2->challenge);
- memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
- return(1);
-mem_err:
- SSLerr(SSL_F_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
- return(0);
- }
-
-static int server_hello(SSL *s)
- {
- unsigned char *p,*d;
- int n,hit;
- STACK_OF(SSL_CIPHER) *sk;
-
- p=(unsigned char *)s->init_buf->data;
- if (s->state == SSL2_ST_SEND_SERVER_HELLO_A)
- {
- d=p+11;
- *(p++)=SSL2_MT_SERVER_HELLO; /* type */
- hit=s->hit;
- *(p++)=(unsigned char)hit;
-#if 1
- if (!hit)
- {
- if (s->session->sess_cert != NULL)
- /* This can't really happen because get_client_hello
- * has called ssl_get_new_session, which does not set
- * sess_cert. */
- ssl_sess_cert_free(s->session->sess_cert);
- s->session->sess_cert = ssl_sess_cert_new();
- if (s->session->sess_cert == NULL)
- {
- SSLerr(SSL_F_SERVER_HELLO, ERR_R_MALLOC_FAILURE);
- return(-1);
- }
- }
- /* If 'hit' is set, then s->sess_cert may be non-NULL or NULL,
- * depending on whether it survived in the internal cache
- * or was retrieved from an external cache.
- * If it is NULL, we cannot put any useful data in it anyway,
- * so we don't touch it.
- */
-
-#else /* That's what used to be done when cert_st and sess_cert_st were
- * the same. */
- if (!hit)
- { /* else add cert to session */
- CRYPTO_add(&s->cert->references,1,CRYPTO_LOCK_SSL_CERT);
- if (s->session->sess_cert != NULL)
- ssl_cert_free(s->session->sess_cert);
- s->session->sess_cert=s->cert;
- }
- else /* We have a session id-cache hit, if the
- * session-id has no certificate listed against
- * the 'cert' structure, grab the 'old' one
- * listed against the SSL connection */
- {
- if (s->session->sess_cert == NULL)
- {
- CRYPTO_add(&s->cert->references,1,
- CRYPTO_LOCK_SSL_CERT);
- s->session->sess_cert=s->cert;
- }
- }
-#endif
-
- if (s->cert == NULL)
- {
- ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE);
- SSLerr(SSL_F_SERVER_HELLO,SSL_R_NO_CERTIFICATE_SPECIFIED);
- return(-1);
- }
-
- if (hit)
- {
- *(p++)=0; /* no certificate type */
- s2n(s->version,p); /* version */
- s2n(0,p); /* cert len */
- s2n(0,p); /* ciphers len */
- }
- else
- {
- /* EAY EAY */
- /* put certificate type */
- *(p++)=SSL2_CT_X509_CERTIFICATE;
- s2n(s->version,p); /* version */
- n=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
- s2n(n,p); /* certificate length */
- i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&d);
- n=0;
-
- /* lets send out the ciphers we like in the
- * prefered order */
- sk= s->session->ciphers;
- n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d);
- d+=n;
- s2n(n,p); /* add cipher length */
- }
-
- /* make and send conn_id */
- s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */
- s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;
- RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length);
- memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH);
- d+=SSL2_CONNECTION_ID_LENGTH;
-
- s->state=SSL2_ST_SEND_SERVER_HELLO_B;
- s->init_num=d-(unsigned char *)s->init_buf->data;
- s->init_off=0;
- }
- /* SSL2_ST_SEND_SERVER_HELLO_B */
- /* If we are using TCP/IP, the performance is bad if we do 2
- * writes without a read between them. This occurs when
- * Session-id reuse is used, so I will put in a buffering module
- */
- if (s->hit)
- {
- if (!ssl_init_wbio_buffer(s,1)) return(-1);
- }
-
- return(ssl2_do_write(s));
- }
-
-static int get_client_finished(SSL *s)
- {
- unsigned char *p;
- int i, n;
- unsigned long len;
-
- p=(unsigned char *)s->init_buf->data;
- if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A)
- {
- i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
- if (i < 1-s->init_num)
- return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
- s->init_num += i;
-
- if (*p != SSL2_MT_CLIENT_FINISHED)
- {
- if (*p != SSL2_MT_ERROR)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);
- }
- else
- SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_PEER_ERROR);
- return(-1);
- }
- s->state=SSL2_ST_GET_CLIENT_FINISHED_B;
- }
-
- /* SSL2_ST_GET_CLIENT_FINISHED_B */
- die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
- len = 1 + (unsigned long)s->s2->conn_id_length;
- n = (int)len - s->init_num;
- i = ssl2_read(s,(char *)&(p[s->init_num]),n);
- if (i < n)
- {
- return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
- }
- p += 1;
- if (memcmp(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length) != 0)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT);
- return(-1);
- }
- return(1);
- }
-
-static int server_verify(SSL *s)
- {
- unsigned char *p;
-
- if (s->state == SSL2_ST_SEND_SERVER_VERIFY_A)
- {
- p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL2_MT_SERVER_VERIFY;
- die(s->s2->challenge_length <= sizeof s->s2->challenge);
- memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
- /* p+=s->s2->challenge_length; */
-
- s->state=SSL2_ST_SEND_SERVER_VERIFY_B;
- s->init_num=s->s2->challenge_length+1;
- s->init_off=0;
- }
- return(ssl2_do_write(s));
- }
-
-static int server_finish(SSL *s)
- {
- unsigned char *p;
-
- if (s->state == SSL2_ST_SEND_SERVER_FINISHED_A)
- {
- p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL2_MT_SERVER_FINISHED;
-
- die(s->session->session_id_length
- <= sizeof s->session->session_id);
- memcpy(p,s->session->session_id,
- (unsigned int)s->session->session_id_length);
- /* p+=s->session->session_id_length; */
-
- s->state=SSL2_ST_SEND_SERVER_FINISHED_B;
- s->init_num=s->session->session_id_length+1;
- s->init_off=0;
- }
-
- /* SSL2_ST_SEND_SERVER_FINISHED_B */
- return(ssl2_do_write(s));
- }
-
-/* send the request and check the response */
-static int request_certificate(SSL *s)
- {
- unsigned char *p,*p2,*buf2;
- unsigned char *ccd;
- int i,j,ctype,ret= -1;
- unsigned long len;
- X509 *x509=NULL;
- STACK_OF(X509) *sk=NULL;
-
- ccd=s->s2->tmp.ccl;
- if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_A)
- {
- p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL2_MT_REQUEST_CERTIFICATE;
- *(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
- RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
- memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
-
- s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B;
- s->init_num=SSL2_MIN_CERT_CHALLENGE_LENGTH+2;
- s->init_off=0;
- }
-
- if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_B)
- {
- i=ssl2_do_write(s);
- if (i <= 0)
- {
- ret=i;
- goto end;
- }
-
- s->init_num=0;
- s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_C;
- }
-
- if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C)
- {
- p=(unsigned char *)s->init_buf->data;
- i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num); /* try to read 6 octets ... */
- if (i < 3-s->init_num) /* ... but don't call ssl2_part_read now if we got at least 3
- * (probably NO-CERTIFICATE-ERROR) */
- {
- ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
- goto end;
- }
- s->init_num += i;
-
- if ((s->init_num >= 3) && (p[0] == SSL2_MT_ERROR))
- {
- n2s(p,i);
- if (i != SSL2_PE_NO_CERTIFICATE)
- {
- /* not the error message we expected -- let ssl2_part_read handle it */
- s->init_num -= 3;
- ret = ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE, 3);
- goto end;
- }
-
- /* this is the one place where we can recover from an SSL 2.0 error */
-
- if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
- {
- ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
- SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
- goto end;
- }
- ret=1;
- goto end;
- }
- if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (s->init_num < 6))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_SHORT_READ);
- goto end;
- }
- if (s->init_num != 6)
- {
- SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_INTERNAL_ERROR);
- goto end;
- }
-
- /* ok we have a response */
- /* certificate type, there is only one right now. */
- ctype= *(p++);
- if (ctype != SSL2_AT_MD5_WITH_RSA_ENCRYPTION)
- {
- ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
- SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_RESPONSE_ARGUMENT);
- goto end;
- }
- n2s(p,i); s->s2->tmp.clen=i;
- n2s(p,i); s->s2->tmp.rlen=i;
- s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_D;
- }
-
- /* SSL2_ST_SEND_REQUEST_CERTIFICATE_D */
- p=(unsigned char *)s->init_buf->data;
- len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
- if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
- {
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
- goto end;
- }
- j = (int)len - s->init_num;
- i = ssl2_read(s,(char *)&(p[s->init_num]),j);
- if (i < j)
- {
- ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
- goto end;
- }
- p += 6;
-
- x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen);
- if (x509 == NULL)
- {
- SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_X509_LIB);
- goto msg_end;
- }
-
- if (((sk=sk_X509_new_null()) == NULL) || (!sk_X509_push(sk,x509)))
- {
- SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto msg_end;
- }
-
- i=ssl_verify_cert_chain(s,sk);
-
- if (i) /* we like the packet, now check the chksum */
- {
- EVP_MD_CTX ctx;
- EVP_PKEY *pkey=NULL;
-
- EVP_VerifyInit(&ctx,s->ctx->rsa_md5);
- EVP_VerifyUpdate(&ctx,s->s2->key_material,
- (unsigned int)s->s2->key_material_length);
- EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
-
- i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
- buf2=OPENSSL_malloc((unsigned int)i);
- if (buf2 == NULL)
- {
- SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto msg_end;
- }
- p2=buf2;
- i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);
- EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i);
- OPENSSL_free(buf2);
-
- pkey=X509_get_pubkey(x509);
- if (pkey == NULL) goto end;
- i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey);
- EVP_PKEY_free(pkey);
- memset(&ctx,0,sizeof(ctx));
-
- if (i)
- {
- if (s->session->peer != NULL)
- X509_free(s->session->peer);
- s->session->peer=x509;
- CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
- s->session->verify_result = s->verify_result;
- ret=1;
- goto end;
- }
- else
- {
- SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_CHECKSUM);
- goto msg_end;
- }
- }
- else
- {
-msg_end:
- ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
- }
-end:
- sk_X509_free(sk);
- X509_free(x509);
- return(ret);
- }
-
-static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
- unsigned char *to, int padding)
- {
- RSA *rsa;
- int i;
-
- if ((c == NULL) || (c->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL))
- {
- SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_NO_PRIVATEKEY);
- return(-1);
- }
- if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey->type != EVP_PKEY_RSA)
- {
- SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA);
- return(-1);
- }
- rsa=c->pkeys[SSL_PKEY_RSA_ENC].privatekey->pkey.rsa;
-
- /* we have the public key */
- i=RSA_private_decrypt(len,from,to,rsa,padding);
- if (i < 0)
- SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB);
- return(i);
- }
-#else /* !NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/crypto/openssl/ssl/s3_both.c b/crypto/openssl/ssl/s3_both.c
deleted file mode 100644
index beb562868de5..000000000000
--- a/crypto/openssl/ssl/s3_both.c
+++ /dev/null
@@ -1,604 +0,0 @@
-/* ssl/s3_both.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <stdio.h>
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include "ssl_locl.h"
-
-/* send s->init_buf in records of type 'type' */
-int ssl3_do_write(SSL *s, int type)
- {
- int ret;
-
- ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
- s->init_num);
- if (ret < 0) return(-1);
- if (type == SSL3_RT_HANDSHAKE)
- /* should not be done for 'Hello Request's, but in that case
- * we'll ignore the result anyway */
- ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret);
-
- if (ret == s->init_num)
- return(1);
- s->init_off+=ret;
- s->init_num-=ret;
- return(0);
- }
-
-int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
- {
- unsigned char *p,*d;
- int i;
- unsigned long l;
-
- if (s->state == a)
- {
- d=(unsigned char *)s->init_buf->data;
- p= &(d[4]);
-
- i=s->method->ssl3_enc->final_finish_mac(s,
- &(s->s3->finish_dgst1),
- &(s->s3->finish_dgst2),
- sender,slen,s->s3->tmp.finish_md);
- s->s3->tmp.finish_md_len = i;
- memcpy(p, s->s3->tmp.finish_md, i);
- p+=i;
- l=i;
-
-#ifdef WIN16
- /* MSVC 1.5 does not clear the top bytes of the word unless
- * I do this.
- */
- l&=0xffff;
-#endif
-
- *(d++)=SSL3_MT_FINISHED;
- l2n3(l,d);
- s->init_num=(int)l+4;
- s->init_off=0;
-
- s->state=b;
- }
-
- /* SSL3_ST_SEND_xxxxxx_HELLO_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-int ssl3_get_finished(SSL *s, int a, int b)
- {
- int al,i,ok;
- long n;
- unsigned char *p;
-
- /* the mac has already been generated when we received the
- * change cipher spec message and is in s->s3->tmp.peer_finish_md
- */
-
- n=ssl3_get_message(s,
- a,
- b,
- SSL3_MT_FINISHED,
- 64, /* should actually be 36+4 :-) */
- &ok);
-
- if (!ok) return((int)n);
-
- /* If this occurs, we have missed a message */
- if (!s->s3->change_cipher_spec)
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS);
- goto f_err;
- }
- s->s3->change_cipher_spec=0;
-
- p = (unsigned char *)s->init_buf->data;
- i = s->s3->tmp.peer_finish_md_len;
-
- if (i != n)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH);
- goto f_err;
- }
-
- if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
- {
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
- goto f_err;
- }
-
- return(1);
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- return(0);
- }
-
-/* for these 2 messages, we need to
- * ssl->enc_read_ctx re-init
- * ssl->s3->read_sequence zero
- * ssl->s3->read_mac_secret re-init
- * ssl->session->read_sym_enc assign
- * ssl->session->read_compression assign
- * ssl->session->read_hash assign
- */
-int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
- {
- unsigned char *p;
-
- if (s->state == a)
- {
- p=(unsigned char *)s->init_buf->data;
- *p=SSL3_MT_CCS;
- s->init_num=1;
- s->init_off=0;
-
- s->state=b;
- }
-
- /* SSL3_ST_CW_CHANGE_B */
- return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
- }
-
-unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
- {
- unsigned char *p;
- int n,i;
- unsigned long l=7;
- BUF_MEM *buf;
- X509_STORE_CTX xs_ctx;
- X509_OBJECT obj;
-
- /* TLSv1 sends a chain with nothing in it, instead of an alert */
- buf=s->init_buf;
- if (!BUF_MEM_grow(buf,(int)(10)))
- {
- SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
- return(0);
- }
- if (x != NULL)
- {
- X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL);
-
- for (;;)
- {
- n=i2d_X509(x,NULL);
- if (!BUF_MEM_grow(buf,(int)(n+l+3)))
- {
- SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
- return(0);
- }
- p=(unsigned char *)&(buf->data[l]);
- l2n3(n,p);
- i2d_X509(x,&p);
- l+=n+3;
- if (X509_NAME_cmp(X509_get_subject_name(x),
- X509_get_issuer_name(x)) == 0) break;
-
- i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509,
- X509_get_issuer_name(x),&obj);
- if (i <= 0) break;
- x=obj.data.x509;
- /* Count is one too high since the X509_STORE_get uped the
- * ref count */
- X509_free(x);
- }
-
- X509_STORE_CTX_cleanup(&xs_ctx);
- }
-
- /* Thawte special :-) */
- if (s->ctx->extra_certs != NULL)
- for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
- {
- x=sk_X509_value(s->ctx->extra_certs,i);
- n=i2d_X509(x,NULL);
- if (!BUF_MEM_grow(buf,(int)(n+l+3)))
- {
- SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
- return(0);
- }
- p=(unsigned char *)&(buf->data[l]);
- l2n3(n,p);
- i2d_X509(x,&p);
- l+=n+3;
- }
-
- l-=7;
- p=(unsigned char *)&(buf->data[4]);
- l2n3(l,p);
- l+=3;
- p=(unsigned char *)&(buf->data[0]);
- *(p++)=SSL3_MT_CERTIFICATE;
- l2n3(l,p);
- l+=4;
- return(l);
- }
-
-/* Obtain handshake message of message type 'mt' (any if mt == -1),
- * maximum acceptable body length 'max'.
- * The first four bytes (msg_type and length) are read in state 'st1',
- * the body is read in state 'stn'.
- */
-long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
- {
- unsigned char *p;
- unsigned long l;
- long n;
- int i,al;
-
- if (s->s3->tmp.reuse_message)
- {
- s->s3->tmp.reuse_message=0;
- if ((mt >= 0) && (s->s3->tmp.message_type != mt))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
- }
- *ok=1;
- return((int)s->s3->tmp.message_size);
- }
-
- p=(unsigned char *)s->init_buf->data;
-
- if (s->state == st1) /* s->init_num < 4 */
- {
- int skip_message;
-
- do
- {
- while (s->init_num < 4)
- {
- i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
- 4 - s->init_num, 0);
- if (i <= 0)
- {
- s->rwstate=SSL_READING;
- *ok = 0;
- return i;
- }
- s->init_num+=i;
- }
-
- skip_message = 0;
- if (!s->server)
- if (p[0] == SSL3_MT_HELLO_REQUEST)
- /* The server may always send 'Hello Request' messages --
- * we are doing a handshake anyway now, so ignore them
- * if their format is correct. Does not count for
- * 'Finished' MAC. */
- if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
- {
- s->init_num = 0;
- skip_message = 1;
- }
-
- }
- while (skip_message);
-
- /* s->init_num == 4 */
-
- if ((mt >= 0) && (*p != mt))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
- }
- if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
- (st1 == SSL3_ST_SR_CERT_A) &&
- (stn == SSL3_ST_SR_CERT_B))
- {
- /* At this point we have got an MS SGC second client
- * hello (maybe we should always allow the client to
- * start a new handshake?). We need to restart the mac.
- * Don't increment {num,total}_renegotiations because
- * we have not completed the handshake. */
- ssl3_init_finished_mac(s);
- }
-
- ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, 4);
-
- s->s3->tmp.message_type= *(p++);
-
- n2l3(p,l);
- if (l > (unsigned long)max)
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
- goto f_err;
- }
- if (l && !BUF_MEM_grow(s->init_buf,(int)l))
- {
- SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
- goto err;
- }
- s->s3->tmp.message_size=l;
- s->state=stn;
-
- s->init_num=0;
- }
-
- /* next state (stn) */
- p=(unsigned char *)s->init_buf->data;
- n=s->s3->tmp.message_size;
- n -= s->init_num;
- while (n > 0)
- {
- i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
- if (i <= 0)
- {
- s->rwstate=SSL_READING;
- *ok = 0;
- return i;
- }
- s->init_num += i;
- n -= i;
- }
- ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num);
- *ok=1;
- return s->init_num;
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- *ok=0;
- return(-1);
- }
-
-int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
- {
- EVP_PKEY *pk;
- int ret= -1,i,j;
-
- if (pkey == NULL)
- pk=X509_get_pubkey(x);
- else
- pk=pkey;
- if (pk == NULL) goto err;
-
- i=pk->type;
- if (i == EVP_PKEY_RSA)
- {
- ret=SSL_PKEY_RSA_ENC;
- if (x != NULL)
- {
- j=X509_get_ext_count(x);
- /* check to see if this is a signing only certificate */
- /* EAY EAY EAY EAY */
- }
- }
- else if (i == EVP_PKEY_DSA)
- {
- ret=SSL_PKEY_DSA_SIGN;
- }
- else if (i == EVP_PKEY_DH)
- {
- /* if we just have a key, we needs to be guess */
-
- if (x == NULL)
- ret=SSL_PKEY_DH_DSA;
- else
- {
- j=X509_get_signature_type(x);
- if (j == EVP_PKEY_RSA)
- ret=SSL_PKEY_DH_RSA;
- else if (j== EVP_PKEY_DSA)
- ret=SSL_PKEY_DH_DSA;
- else ret= -1;
- }
- }
- else
- ret= -1;
-
-err:
- if(!pkey) EVP_PKEY_free(pk);
- return(ret);
- }
-
-int ssl_verify_alarm_type(long type)
- {
- int al;
-
- switch(type)
- {
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- case X509_V_ERR_UNABLE_TO_GET_CRL:
- al=SSL_AD_UNKNOWN_CA;
- break;
- case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
- case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
- case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
- case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
- case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
- case X509_V_ERR_CERT_NOT_YET_VALID:
- case X509_V_ERR_CRL_NOT_YET_VALID:
- case X509_V_ERR_CERT_UNTRUSTED:
- case X509_V_ERR_CERT_REJECTED:
- al=SSL_AD_BAD_CERTIFICATE;
- break;
- case X509_V_ERR_CERT_SIGNATURE_FAILURE:
- case X509_V_ERR_CRL_SIGNATURE_FAILURE:
- al=SSL_AD_DECRYPT_ERROR;
- break;
- case X509_V_ERR_CERT_HAS_EXPIRED:
- case X509_V_ERR_CRL_HAS_EXPIRED:
- al=SSL_AD_CERTIFICATE_EXPIRED;
- break;
- case X509_V_ERR_CERT_REVOKED:
- al=SSL_AD_CERTIFICATE_REVOKED;
- break;
- case X509_V_ERR_OUT_OF_MEM:
- al=SSL_AD_INTERNAL_ERROR;
- break;
- case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
- case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
- case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
- case X509_V_ERR_CERT_CHAIN_TOO_LONG:
- case X509_V_ERR_PATH_LENGTH_EXCEEDED:
- case X509_V_ERR_INVALID_CA:
- al=SSL_AD_UNKNOWN_CA;
- break;
- case X509_V_ERR_APPLICATION_VERIFICATION:
- al=SSL_AD_HANDSHAKE_FAILURE;
- break;
- case X509_V_ERR_INVALID_PURPOSE:
- al=SSL_AD_UNSUPPORTED_CERTIFICATE;
- break;
- default:
- al=SSL_AD_CERTIFICATE_UNKNOWN;
- break;
- }
- return(al);
- }
-
-int ssl3_setup_buffers(SSL *s)
- {
- unsigned char *p;
- unsigned int extra;
- size_t len;
-
- if (s->s3->rbuf.buf == NULL)
- {
- if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
- extra=SSL3_RT_MAX_EXTRA;
- else
- extra=0;
- len = SSL3_RT_MAX_PACKET_SIZE + extra;
- if ((p=OPENSSL_malloc(len)) == NULL)
- goto err;
- s->s3->rbuf.buf = p;
- s->s3->rbuf_len = len;
- }
-
- if (s->s3->wbuf.buf == NULL)
- {
- len = SSL3_RT_MAX_PACKET_SIZE;
- len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty fragment */
- if ((p=OPENSSL_malloc(len)) == NULL)
- goto err;
- s->s3->wbuf.buf = p;
- s->s3->wbuf_len = len;
- }
- s->packet= &(s->s3->rbuf.buf[0]);
- return(1);
-err:
- SSLerr(SSL_F_SSL3_SETUP_BUFFERS,ERR_R_MALLOC_FAILURE);
- return(0);
- }
diff --git a/crypto/openssl/ssl/s3_clnt.c b/crypto/openssl/ssl/s3_clnt.c
deleted file mode 100644
index b921d9a43d0e..000000000000
--- a/crypto/openssl/ssl/s3_clnt.c
+++ /dev/null
@@ -1,1811 +0,0 @@
-/* ssl/s3_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
-#include <openssl/evp.h>
-#include "ssl_locl.h"
-#include "cryptlib.h"
-
-static SSL_METHOD *ssl3_get_client_method(int ver);
-static int ssl3_client_hello(SSL *s);
-static int ssl3_get_server_hello(SSL *s);
-static int ssl3_get_certificate_request(SSL *s);
-static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
-static int ssl3_get_server_done(SSL *s);
-static int ssl3_send_client_verify(SSL *s);
-static int ssl3_send_client_certificate(SSL *s);
-static int ssl3_send_client_key_exchange(SSL *s);
-static int ssl3_get_key_exchange(SSL *s);
-static int ssl3_get_server_certificate(SSL *s);
-static int ssl3_check_cert_and_algorithm(SSL *s);
-static SSL_METHOD *ssl3_get_client_method(int ver)
- {
- if (ver == SSL3_VERSION)
- return(SSLv3_client_method());
- else
- return(NULL);
- }
-
-SSL_METHOD *SSLv3_client_method(void)
- {
- static int init=1;
- static SSL_METHOD SSLv3_client_data;
-
- if (init)
- {
- init=0;
- memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
- sizeof(SSL_METHOD));
- SSLv3_client_data.ssl_connect=ssl3_connect;
- SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
- }
- return(&SSLv3_client_data);
- }
-
-int ssl3_connect(SSL *s)
- {
- BUF_MEM *buf;
- unsigned long Time=time(NULL),l;
- long num1;
- void (*cb)()=NULL;
- int ret= -1;
- int new_state,state,skip=0;;
-
- RAND_add(&Time,sizeof(Time),0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
- for (;;)
- {
- state=s->state;
-
- switch(s->state)
- {
- case SSL_ST_RENEGOTIATE:
- s->new_session=1;
- s->state=SSL_ST_CONNECT;
- s->ctx->stats.sess_connect_renegotiate++;
- /* break */
- case SSL_ST_BEFORE:
- case SSL_ST_CONNECT:
- case SSL_ST_BEFORE|SSL_ST_CONNECT:
- case SSL_ST_OK|SSL_ST_CONNECT:
-
- s->server=0;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
- if ((s->version & 0xff00 ) != 0x0300)
- {
- SSLerr(SSL_F_SSL3_CONNECT, SSL_R_INTERNAL_ERROR);
- ret = -1;
- goto end;
- }
-
- /* s->version=SSL3_VERSION; */
- s->type=SSL_ST_CONNECT;
-
- if (s->init_buf == NULL)
- {
- if ((buf=BUF_MEM_new()) == NULL)
- {
- ret= -1;
- goto end;
- }
- if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
- {
- ret= -1;
- goto end;
- }
- s->init_buf=buf;
- }
-
- if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
-
- /* setup buffing BIO */
- if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
-
- /* don't push the buffering BIO quite yet */
-
- ssl3_init_finished_mac(s);
-
- s->state=SSL3_ST_CW_CLNT_HELLO_A;
- s->ctx->stats.sess_connect++;
- s->init_num=0;
- break;
-
- case SSL3_ST_CW_CLNT_HELLO_A:
- case SSL3_ST_CW_CLNT_HELLO_B:
-
- s->shutdown=0;
- ret=ssl3_client_hello(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CR_SRVR_HELLO_A;
- s->init_num=0;
-
- /* turn on buffering for the next lot of output */
- if (s->bbio != s->wbio)
- s->wbio=BIO_push(s->bbio,s->wbio);
-
- break;
-
- case SSL3_ST_CR_SRVR_HELLO_A:
- case SSL3_ST_CR_SRVR_HELLO_B:
- ret=ssl3_get_server_hello(s);
- if (ret <= 0) goto end;
- if (s->hit)
- s->state=SSL3_ST_CR_FINISHED_A;
- else
- s->state=SSL3_ST_CR_CERT_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_CR_CERT_A:
- case SSL3_ST_CR_CERT_B:
- /* Check if it is anon DH */
- if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
- {
- ret=ssl3_get_server_certificate(s);
- if (ret <= 0) goto end;
- }
- else
- skip=1;
- s->state=SSL3_ST_CR_KEY_EXCH_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_CR_KEY_EXCH_A:
- case SSL3_ST_CR_KEY_EXCH_B:
- ret=ssl3_get_key_exchange(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CR_CERT_REQ_A;
- s->init_num=0;
-
- /* at this point we check that we have the
- * required stuff from the server */
- if (!ssl3_check_cert_and_algorithm(s))
- {
- ret= -1;
- goto end;
- }
- break;
-
- case SSL3_ST_CR_CERT_REQ_A:
- case SSL3_ST_CR_CERT_REQ_B:
- ret=ssl3_get_certificate_request(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CR_SRVR_DONE_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_CR_SRVR_DONE_A:
- case SSL3_ST_CR_SRVR_DONE_B:
- ret=ssl3_get_server_done(s);
- if (ret <= 0) goto end;
- if (s->s3->tmp.cert_req)
- s->state=SSL3_ST_CW_CERT_A;
- else
- s->state=SSL3_ST_CW_KEY_EXCH_A;
- s->init_num=0;
-
- break;
-
- case SSL3_ST_CW_CERT_A:
- case SSL3_ST_CW_CERT_B:
- case SSL3_ST_CW_CERT_C:
- case SSL3_ST_CW_CERT_D:
- ret=ssl3_send_client_certificate(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CW_KEY_EXCH_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_CW_KEY_EXCH_A:
- case SSL3_ST_CW_KEY_EXCH_B:
- ret=ssl3_send_client_key_exchange(s);
- if (ret <= 0) goto end;
- l=s->s3->tmp.new_cipher->algorithms;
- /* EAY EAY EAY need to check for DH fix cert
- * sent back */
- /* For TLS, cert_req is set to 2, so a cert chain
- * of nothing is sent, but no verify packet is sent */
- if (s->s3->tmp.cert_req == 1)
- {
- s->state=SSL3_ST_CW_CERT_VRFY_A;
- }
- else
- {
- s->state=SSL3_ST_CW_CHANGE_A;
- s->s3->change_cipher_spec=0;
- }
-
- s->init_num=0;
- break;
-
- case SSL3_ST_CW_CERT_VRFY_A:
- case SSL3_ST_CW_CERT_VRFY_B:
- ret=ssl3_send_client_verify(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CW_CHANGE_A;
- s->init_num=0;
- s->s3->change_cipher_spec=0;
- break;
-
- case SSL3_ST_CW_CHANGE_A:
- case SSL3_ST_CW_CHANGE_B:
- ret=ssl3_send_change_cipher_spec(s,
- SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CW_FINISHED_A;
- s->init_num=0;
-
- s->session->cipher=s->s3->tmp.new_cipher;
- if (s->s3->tmp.new_compression == NULL)
- s->session->compress_meth=0;
- else
- s->session->compress_meth=
- s->s3->tmp.new_compression->id;
- if (!s->method->ssl3_enc->setup_key_block(s))
- {
- ret= -1;
- goto end;
- }
-
- if (!s->method->ssl3_enc->change_cipher_state(s,
- SSL3_CHANGE_CIPHER_CLIENT_WRITE))
- {
- ret= -1;
- goto end;
- }
-
- break;
-
- case SSL3_ST_CW_FINISHED_A:
- case SSL3_ST_CW_FINISHED_B:
- ret=ssl3_send_finished(s,
- SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
- s->method->ssl3_enc->client_finished_label,
- s->method->ssl3_enc->client_finished_label_len);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CW_FLUSH;
-
- /* clear flags */
- s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
- if (s->hit)
- {
- s->s3->tmp.next_state=SSL_ST_OK;
- if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
- {
- s->state=SSL_ST_OK;
- s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
- s->s3->delay_buf_pop_ret=0;
- }
- }
- else
- {
- s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
- }
- s->init_num=0;
- break;
-
- case SSL3_ST_CR_FINISHED_A:
- case SSL3_ST_CR_FINISHED_B:
-
- ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
- SSL3_ST_CR_FINISHED_B);
- if (ret <= 0) goto end;
-
- if (s->hit)
- s->state=SSL3_ST_CW_CHANGE_A;
- else
- s->state=SSL_ST_OK;
- s->init_num=0;
- break;
-
- case SSL3_ST_CW_FLUSH:
- /* number of bytes to be flushed */
- num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
- if (num1 > 0)
- {
- s->rwstate=SSL_WRITING;
- num1=BIO_flush(s->wbio);
- if (num1 <= 0) { ret= -1; goto end; }
- s->rwstate=SSL_NOTHING;
- }
-
- s->state=s->s3->tmp.next_state;
- break;
-
- case SSL_ST_OK:
- /* clean a few things up */
- ssl3_cleanup_key_block(s);
-
- if (s->init_buf != NULL)
- {
- BUF_MEM_free(s->init_buf);
- s->init_buf=NULL;
- }
-
- /* If we are not 'joining' the last two packets,
- * remove the buffering now */
- if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
- ssl_free_wbio_buffer(s);
- /* else do it later in ssl3_write */
-
- s->init_num=0;
- s->new_session=0;
-
- ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
- if (s->hit) s->ctx->stats.sess_hit++;
-
- ret=1;
- /* s->server=0; */
- s->handshake_func=ssl3_connect;
- s->ctx->stats.sess_connect_good++;
-
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
-
- goto end;
- /* break; */
-
- default:
- SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE);
- ret= -1;
- goto end;
- /* break; */
- }
-
- /* did we do anything */
- if (!s->s3->tmp.reuse_message && !skip)
- {
- if (s->debug)
- {
- if ((ret=BIO_flush(s->wbio)) <= 0)
- goto end;
- }
-
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_CONNECT_LOOP,1);
- s->state=new_state;
- }
- }
- skip=0;
- }
-end:
- s->in_handshake--;
- if (cb != NULL)
- cb(s,SSL_CB_CONNECT_EXIT,ret);
- return(ret);
- }
-
-
-static int ssl3_client_hello(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
- int i,j;
- unsigned long Time,l;
- SSL_COMP *comp;
-
- buf=(unsigned char *)s->init_buf->data;
- if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
- {
- if ((s->session == NULL) ||
- (s->session->ssl_version != s->version) ||
- (s->session->not_resumable))
- {
- if (!ssl_get_new_session(s,0))
- goto err;
- }
- /* else use the pre-loaded session */
-
- p=s->s3->client_random;
- Time=time(NULL); /* Time */
- l2n(Time,p);
- RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
-
- /* Do the message type and length last */
- d=p= &(buf[4]);
-
- *(p++)=s->version>>8;
- *(p++)=s->version&0xff;
- s->client_version=s->version;
-
- /* Random stuff */
- memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
-
- /* Session ID */
- if (s->new_session)
- i=0;
- else
- i=s->session->session_id_length;
- *(p++)=i;
- if (i != 0)
- {
- die(i <= sizeof s->session->session_id);
- memcpy(p,s->session->session_id,i);
- p+=i;
- }
-
- /* Ciphers supported */
- i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]));
- if (i == 0)
- {
- SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
- goto err;
- }
- s2n(i,p);
- p+=i;
-
- /* COMPRESSION */
- if (s->ctx->comp_methods == NULL)
- j=0;
- else
- j=sk_SSL_COMP_num(s->ctx->comp_methods);
- *(p++)=1+j;
- for (i=0; i<j; i++)
- {
- comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
- *(p++)=comp->id;
- }
- *(p++)=0; /* Add the NULL method */
-
- l=(p-d);
- d=buf;
- *(d++)=SSL3_MT_CLIENT_HELLO;
- l2n3(l,d);
-
- s->state=SSL3_ST_CW_CLNT_HELLO_B;
- /* number of bytes to write */
- s->init_num=p-buf;
- s->init_off=0;
- }
-
- /* SSL3_ST_CW_CLNT_HELLO_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-err:
- return(-1);
- }
-
-static int ssl3_get_server_hello(SSL *s)
- {
- STACK_OF(SSL_CIPHER) *sk;
- SSL_CIPHER *c;
- unsigned char *p,*d;
- int i,al,ok;
- unsigned int j;
- long n;
- SSL_COMP *comp;
-
- n=ssl3_get_message(s,
- SSL3_ST_CR_SRVR_HELLO_A,
- SSL3_ST_CR_SRVR_HELLO_B,
- SSL3_MT_SERVER_HELLO,
- 300, /* ?? */
- &ok);
-
- if (!ok) return((int)n);
- d=p=(unsigned char *)s->init_buf->data;
-
- if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
- {
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION);
- s->version=(s->version&0xff00)|p[1];
- al=SSL_AD_PROTOCOL_VERSION;
- goto f_err;
- }
- p+=2;
-
- /* load the server hello data */
- /* load the server random */
- memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
-
- /* get the session-id */
- j= *(p++);
-
- if(j > sizeof s->session->session_id)
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
- SSL_R_SSL3_SESSION_ID_TOO_LONG);
- goto f_err;
- }
-
- if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
- {
- /* SSLref returns 16 :-( */
- if (j < SSL2_SSL_SESSION_ID_LENGTH)
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT);
- goto f_err;
- }
- }
- if (j != 0 && j == s->session->session_id_length
- && memcmp(p,s->session->session_id,j) == 0)
- {
- if(s->sid_ctx_length != s->session->sid_ctx_length
- || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
- goto f_err;
- }
- s->hit=1;
- }
- else /* a miss or crap from the other end */
- {
- /* If we were trying for session-id reuse, make a new
- * SSL_SESSION so we don't stuff up other people */
- s->hit=0;
- if (s->session->session_id_length > 0)
- {
- if (!ssl_get_new_session(s,0))
- {
- al=SSL_AD_INTERNAL_ERROR;
- goto f_err;
- }
- }
- s->session->session_id_length=j;
- memcpy(s->session->session_id,p,j); /* j could be 0 */
- }
- p+=j;
- c=ssl_get_cipher_by_char(s,p);
- if (c == NULL)
- {
- /* unknown cipher */
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
- goto f_err;
- }
- p+=ssl_put_cipher_by_char(s,NULL,NULL);
-
- sk=ssl_get_ciphers_by_id(s);
- i=sk_SSL_CIPHER_find(sk,c);
- if (i < 0)
- {
- /* we did not say we would use this cipher */
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
- goto f_err;
- }
-
- if (s->hit && (s->session->cipher != c))
- {
- if (!(s->options &
- SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
- goto f_err;
- }
- }
- s->s3->tmp.new_cipher=c;
-
- /* lets get the compression algorithm */
- /* COMPRESSION */
- j= *(p++);
- if (j == 0)
- comp=NULL;
- else
- comp=ssl3_comp_find(s->ctx->comp_methods,j);
-
- if ((j != 0) && (comp == NULL))
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
- goto f_err;
- }
- else
- {
- s->s3->tmp.new_compression=comp;
- }
-
- if (p != (d+n))
- {
- /* wrong packet length */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH);
- goto err;
- }
-
- return(1);
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- return(-1);
- }
-
-static int ssl3_get_server_certificate(SSL *s)
- {
- int al,i,ok,ret= -1;
- unsigned long n,nc,llen,l;
- X509 *x=NULL;
- unsigned char *p,*d,*q;
- STACK_OF(X509) *sk=NULL;
- SESS_CERT *sc;
- EVP_PKEY *pkey=NULL;
-
- n=ssl3_get_message(s,
- SSL3_ST_CR_CERT_A,
- SSL3_ST_CR_CERT_B,
- -1,
-#if defined(MSDOS) && !defined(WIN32)
- 1024*30, /* 30k max cert list :-) */
-#else
- 1024*100, /* 100k max cert list :-) */
-#endif
- &ok);
-
- if (!ok) return((int)n);
-
- if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE)
- {
- s->s3->tmp.reuse_message=1;
- return(1);
- }
-
- if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
- goto f_err;
- }
- d=p=(unsigned char *)s->init_buf->data;
-
- if ((sk=sk_X509_new_null()) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- n2l3(p,llen);
- if (llen+3 != n)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- for (nc=0; nc<llen; )
- {
- n2l3(p,l);
- if ((l+nc+3) > llen)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
- goto f_err;
- }
-
- q=p;
- x=d2i_X509(NULL,&q,l);
- if (x == NULL)
- {
- al=SSL_AD_BAD_CERTIFICATE;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB);
- goto f_err;
- }
- if (q != (p+l))
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
- goto f_err;
- }
- if (!sk_X509_push(sk,x))
- {
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- x=NULL;
- nc+=l+3;
- p=q;
- }
-
- i=ssl_verify_cert_chain(s,sk);
- if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
- {
- al=ssl_verify_alarm_type(s->verify_result);
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
- goto f_err;
- }
- ERR_clear_error(); /* but we keep s->verify_result */
-
- sc=ssl_sess_cert_new();
- if (sc == NULL) goto err;
-
- if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
- s->session->sess_cert=sc;
-
- sc->cert_chain=sk;
- /* Inconsistency alert: cert_chain does include the peer's
- * certificate, which we don't include in s3_srvr.c */
- x=sk_X509_value(sk,0);
- sk=NULL;
-
- pkey=X509_get_pubkey(x);
-
- if ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))
- {
- x=NULL;
- al=SSL3_AL_FATAL;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
- goto f_err;
- }
-
- i=ssl_cert_type(x,pkey);
- if (i < 0)
- {
- x=NULL;
- al=SSL3_AL_FATAL;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
- goto f_err;
- }
-
- sc->peer_cert_type=i;
- CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
- if (sc->peer_pkeys[i].x509 != NULL) /* Why would this ever happen?
- * We just created sc a couple of
- * lines ago. */
- X509_free(sc->peer_pkeys[i].x509);
- sc->peer_pkeys[i].x509=x;
- sc->peer_key= &(sc->peer_pkeys[i]);
-
- if (s->session->peer != NULL)
- X509_free(s->session->peer);
- CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
- s->session->peer=x;
- s->session->verify_result = s->verify_result;
-
- x=NULL;
- ret=1;
-
- if (0)
- {
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- }
-err:
- EVP_PKEY_free(pkey);
- X509_free(x);
- sk_X509_pop_free(sk,X509_free);
- return(ret);
- }
-
-static int ssl3_get_key_exchange(SSL *s)
- {
-#ifndef NO_RSA
- unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];
-#endif
- EVP_MD_CTX md_ctx;
- unsigned char *param,*p;
- int al,i,j,param_len,ok;
- long n,alg;
- EVP_PKEY *pkey=NULL;
-#ifndef NO_RSA
- RSA *rsa=NULL;
-#endif
-#ifndef NO_DH
- DH *dh=NULL;
-#endif
-
- /* use same message size as in ssl3_get_certificate_request()
- * as ServerKeyExchange message may be skipped */
- n=ssl3_get_message(s,
- SSL3_ST_CR_KEY_EXCH_A,
- SSL3_ST_CR_KEY_EXCH_B,
- -1,
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
- 1024*30, /* 30k max cert list :-) */
-#else
- 1024*100, /* 100k max cert list :-) */
-#endif
- &ok);
-
- if (!ok) return((int)n);
-
- if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
- {
- s->s3->tmp.reuse_message=1;
- return(1);
- }
-
- param=p=(unsigned char *)s->init_buf->data;
-
- if (s->session->sess_cert != NULL)
- {
-#ifndef NO_RSA
- if (s->session->sess_cert->peer_rsa_tmp != NULL)
- {
- RSA_free(s->session->sess_cert->peer_rsa_tmp);
- s->session->sess_cert->peer_rsa_tmp=NULL;
- }
-#endif
-#ifndef NO_DH
- if (s->session->sess_cert->peer_dh_tmp)
- {
- DH_free(s->session->sess_cert->peer_dh_tmp);
- s->session->sess_cert->peer_dh_tmp=NULL;
- }
-#endif
- }
- else
- {
- s->session->sess_cert=ssl_sess_cert_new();
- }
-
- param_len=0;
- alg=s->s3->tmp.new_cipher->algorithms;
-
-#ifndef NO_RSA
- if (alg & SSL_kRSA)
- {
- if ((rsa=RSA_new()) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- n2s(p,i);
- param_len=i+2;
- if (param_len > n)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH);
- goto f_err;
- }
- if (!(rsa->n=BN_bin2bn(p,i,rsa->n)))
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
- goto err;
- }
- p+=i;
-
- n2s(p,i);
- param_len+=i+2;
- if (param_len > n)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH);
- goto f_err;
- }
- if (!(rsa->e=BN_bin2bn(p,i,rsa->e)))
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
- goto err;
- }
- p+=i;
- n-=param_len;
-
- /* this should be because we are using an export cipher */
- if (alg & SSL_aRSA)
- pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
- else
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
- goto err;
- }
- s->session->sess_cert->peer_rsa_tmp=rsa;
- rsa=NULL;
- }
-#else /* NO_RSA */
- if (0)
- ;
-#endif
-#ifndef NO_DH
- else if (alg & SSL_kEDH)
- {
- if ((dh=DH_new()) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
- n2s(p,i);
- param_len=i+2;
- if (param_len > n)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH);
- goto f_err;
- }
- if (!(dh->p=BN_bin2bn(p,i,NULL)))
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
- goto err;
- }
- p+=i;
-
- n2s(p,i);
- param_len+=i+2;
- if (param_len > n)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH);
- goto f_err;
- }
- if (!(dh->g=BN_bin2bn(p,i,NULL)))
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
- goto err;
- }
- p+=i;
-
- n2s(p,i);
- param_len+=i+2;
- if (param_len > n)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH);
- goto f_err;
- }
- if (!(dh->pub_key=BN_bin2bn(p,i,NULL)))
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
- goto err;
- }
- p+=i;
- n-=param_len;
-
-#ifndef NO_RSA
- if (alg & SSL_aRSA)
- pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-#else
- if (0)
- ;
-#endif
-#ifndef NO_DSA
- else if (alg & SSL_aDSS)
- pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
-#endif
- /* else anonymous DH, so no certificate or pkey. */
-
- s->session->sess_cert->peer_dh_tmp=dh;
- dh=NULL;
- }
- else if ((alg & SSL_kDHr) || (alg & SSL_kDHd))
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
- goto f_err;
- }
-#endif /* !NO_DH */
- if (alg & SSL_aFZA)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
- goto f_err;
- }
-
-
- /* p points to the next byte, there are 'n' bytes left */
-
-
- /* if it was signed, check the signature */
- if (pkey != NULL)
- {
- n2s(p,i);
- n-=2;
- j=EVP_PKEY_size(pkey);
-
- if ((i != n) || (n > j) || (n <= 0))
- {
- /* wrong packet length */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH);
- goto f_err;
- }
-
-#ifndef NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- {
- int num;
-
- j=0;
- q=md_buf;
- for (num=2; num > 0; num--)
- {
- EVP_DigestInit(&md_ctx,(num == 2)
- ?s->ctx->md5:s->ctx->sha1);
- EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx,param,param_len);
- EVP_DigestFinal(&md_ctx,q,(unsigned int *)&i);
- q+=i;
- j+=i;
- }
- i=RSA_verify(NID_md5_sha1, md_buf, j, p, n,
- pkey->pkey.rsa);
- if (i < 0)
- {
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
- goto f_err;
- }
- if (i == 0)
- {
- /* bad signature */
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
- goto f_err;
- }
- }
- else
-#endif
-#ifndef NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- {
- /* lets do DSS */
- EVP_VerifyInit(&md_ctx,EVP_dss1());
- EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_VerifyUpdate(&md_ctx,param,param_len);
- if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
- {
- /* bad signature */
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
- goto f_err;
- }
- }
- else
-#endif
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
- goto err;
- }
- }
- else
- {
- /* still data left over */
- if (!(alg & SSL_aNULL))
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
- goto err;
- }
- if (n != 0)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE);
- goto f_err;
- }
- }
- EVP_PKEY_free(pkey);
- return(1);
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- EVP_PKEY_free(pkey);
-#ifndef NO_RSA
- if (rsa != NULL)
- RSA_free(rsa);
-#endif
-#ifndef NO_DH
- if (dh != NULL)
- DH_free(dh);
-#endif
- return(-1);
- }
-
-static int ssl3_get_certificate_request(SSL *s)
- {
- int ok,ret=0;
- unsigned long n,nc,l;
- unsigned int llen,ctype_num,i;
- X509_NAME *xn=NULL;
- unsigned char *p,*d,*q;
- STACK_OF(X509_NAME) *ca_sk=NULL;
-
- n=ssl3_get_message(s,
- SSL3_ST_CR_CERT_REQ_A,
- SSL3_ST_CR_CERT_REQ_B,
- -1,
-#if defined(MSDOS) && !defined(WIN32)
- 1024*30, /* 30k max cert list :-) */
-#else
- 1024*100, /* 100k max cert list :-) */
-#endif
- &ok);
-
- if (!ok) return((int)n);
-
- s->s3->tmp.cert_req=0;
-
- if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)
- {
- s->s3->tmp.reuse_message=1;
- return(1);
- }
-
- if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST)
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE);
- goto err;
- }
-
- /* TLS does not like anon-DH with client cert */
- if (s->version > SSL3_VERSION)
- {
- l=s->s3->tmp.new_cipher->algorithms;
- if (l & SSL_aNULL)
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
- goto err;
- }
- }
-
- d=p=(unsigned char *)s->init_buf->data;
-
- if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* get the certificate types */
- ctype_num= *(p++);
- if (ctype_num > SSL3_CT_NUMBER)
- ctype_num=SSL3_CT_NUMBER;
- for (i=0; i<ctype_num; i++)
- s->s3->tmp.ctype[i]= p[i];
- p+=ctype_num;
-
- /* get the CA RDNs */
- n2s(p,llen);
-#if 0
-{
-FILE *out;
-out=fopen("/tmp/vsign.der","w");
-fwrite(p,1,llen,out);
-fclose(out);
-}
-#endif
-
- if ((llen+ctype_num+2+1) != n)
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH);
- goto err;
- }
-
- for (nc=0; nc<llen; )
- {
- n2s(p,l);
- if ((l+nc+2) > llen)
- {
- if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
- goto cont; /* netscape bugs */
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG);
- goto err;
- }
-
- q=p;
-
- if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
- {
- /* If netscape tolerance is on, ignore errors */
- if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
- goto cont;
- else
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB);
- goto err;
- }
- }
-
- if (q != (p+l))
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH);
- goto err;
- }
- if (!sk_X509_NAME_push(ca_sk,xn))
- {
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- p+=l;
- nc+=l+2;
- }
-
- if (0)
- {
-cont:
- ERR_clear_error();
- }
-
- /* we should setup a certificate to return.... */
- s->s3->tmp.cert_req=1;
- s->s3->tmp.ctype_num=ctype_num;
- if (s->s3->tmp.ca_names != NULL)
- sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
- s->s3->tmp.ca_names=ca_sk;
- ca_sk=NULL;
-
- ret=1;
-err:
- if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free);
- return(ret);
- }
-
-static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
- {
- return(X509_NAME_cmp(*a,*b));
- }
-
-static int ssl3_get_server_done(SSL *s)
- {
- int ok,ret=0;
- long n;
-
- n=ssl3_get_message(s,
- SSL3_ST_CR_SRVR_DONE_A,
- SSL3_ST_CR_SRVR_DONE_B,
- SSL3_MT_SERVER_DONE,
- 30, /* should be very small, like 0 :-) */
- &ok);
-
- if (!ok) return((int)n);
- if (n > 0)
- {
- /* should contain no data */
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
- SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH);
- return -1;
- }
- ret=1;
- return(ret);
- }
-
-static int ssl3_send_client_key_exchange(SSL *s)
- {
- unsigned char *p,*d;
- int n;
- unsigned long l;
-#ifndef NO_RSA
- unsigned char *q;
- EVP_PKEY *pkey=NULL;
-#endif
-
- if (s->state == SSL3_ST_CW_KEY_EXCH_A)
- {
- d=(unsigned char *)s->init_buf->data;
- p= &(d[4]);
-
- l=s->s3->tmp.new_cipher->algorithms;
-
-#ifndef NO_RSA
- if (l & SSL_kRSA)
- {
- RSA *rsa;
- unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-
- if (s->session->sess_cert->peer_rsa_tmp != NULL)
- rsa=s->session->sess_cert->peer_rsa_tmp;
- else
- {
- pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
- if ((pkey == NULL) ||
- (pkey->type != EVP_PKEY_RSA) ||
- (pkey->pkey.rsa == NULL))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
- goto err;
- }
- rsa=pkey->pkey.rsa;
- EVP_PKEY_free(pkey);
- }
-
- tmp_buf[0]=s->client_version>>8;
- tmp_buf[1]=s->client_version&0xff;
- if (RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2) <= 0)
- goto err;
-
- s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
-
- q=p;
- /* Fix buf for TLS and beyond */
- if (s->version > SSL3_VERSION)
- p+=2;
- n=RSA_public_encrypt(SSL_MAX_MASTER_KEY_LENGTH,
- tmp_buf,p,rsa,RSA_PKCS1_PADDING);
-#ifdef PKCS1_CHECK
- if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
- if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;
-#endif
- if (n <= 0)
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
- goto err;
- }
-
- /* Fix buf for TLS and beyond */
- if (s->version > SSL3_VERSION)
- {
- s2n(n,q);
- n+=2;
- }
-
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,
- tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
- memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH);
- }
- else
-#endif
-#ifndef NO_DH
- if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
- {
- DH *dh_srvr,*dh_clnt;
-
- if (s->session->sess_cert->peer_dh_tmp != NULL)
- dh_srvr=s->session->sess_cert->peer_dh_tmp;
- else
- {
- /* we get them from the cert */
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
- goto err;
- }
-
- /* generate a new random key */
- if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
- if (!DH_generate_key(dh_clnt))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
-
- /* use the 'p' output buffer for the DH key, but
- * make sure to clear it out afterwards */
-
- n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
-
- if (n <= 0)
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
-
- /* generate master key from the result */
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,p,n);
- /* clean up */
- memset(p,0,n);
-
- /* send off the data */
- n=BN_num_bytes(dh_clnt->pub_key);
- s2n(n,p);
- BN_bn2bin(dh_clnt->pub_key,p);
- n+=2;
-
- DH_free(dh_clnt);
-
- /* perhaps clean things up a bit EAY EAY EAY EAY*/
- }
- else
-#endif
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
- goto err;
- }
-
- *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
- l2n3(n,d);
-
- s->state=SSL3_ST_CW_KEY_EXCH_B;
- /* number of bytes to write */
- s->init_num=n+4;
- s->init_off=0;
- }
-
- /* SSL3_ST_CW_KEY_EXCH_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-err:
- return(-1);
- }
-
-static int ssl3_send_client_verify(SSL *s)
- {
- unsigned char *p,*d;
- unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
- EVP_PKEY *pkey;
-#ifndef NO_RSA
- unsigned u=0;
-#endif
- unsigned long n;
-#ifndef NO_DSA
- int j;
-#endif
-
- if (s->state == SSL3_ST_CW_CERT_VRFY_A)
- {
- d=(unsigned char *)s->init_buf->data;
- p= &(d[4]);
- pkey=s->cert->key->privatekey;
-
- s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
- &(data[MD5_DIGEST_LENGTH]));
-
-#ifndef NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- {
- s->method->ssl3_enc->cert_verify_mac(s,
- &(s->s3->finish_dgst1),&(data[0]));
- if (RSA_sign(NID_md5_sha1, data,
- MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
- &(p[2]), &u, pkey->pkey.rsa) <= 0 )
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
- goto err;
- }
- s2n(u,p);
- n=u+2;
- }
- else
-#endif
-#ifndef NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- {
- if (!DSA_sign(pkey->save_type,
- &(data[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH,&(p[2]),
- (unsigned int *)&j,pkey->pkey.dsa))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
- goto err;
- }
- s2n(j,p);
- n=j+2;
- }
- else
-#endif
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,SSL_R_INTERNAL_ERROR);
- goto err;
- }
- *(d++)=SSL3_MT_CERTIFICATE_VERIFY;
- l2n3(n,d);
-
- s->init_num=(int)n+4;
- s->init_off=0;
- }
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-err:
- return(-1);
- }
-
-static int ssl3_send_client_certificate(SSL *s)
- {
- X509 *x509=NULL;
- EVP_PKEY *pkey=NULL;
- int i;
- unsigned long l;
-
- if (s->state == SSL3_ST_CW_CERT_A)
- {
- if ((s->cert == NULL) ||
- (s->cert->key->x509 == NULL) ||
- (s->cert->key->privatekey == NULL))
- s->state=SSL3_ST_CW_CERT_B;
- else
- s->state=SSL3_ST_CW_CERT_C;
- }
-
- /* We need to get a client cert */
- if (s->state == SSL3_ST_CW_CERT_B)
- {
- /* If we get an error, we need to
- * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
- * We then get retied later */
- i=0;
- if (s->ctx->client_cert_cb != NULL)
- i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
- if (i < 0)
- {
- s->rwstate=SSL_X509_LOOKUP;
- return(-1);
- }
- s->rwstate=SSL_NOTHING;
- if ((i == 1) && (pkey != NULL) && (x509 != NULL))
- {
- s->state=SSL3_ST_CW_CERT_B;
- if ( !SSL_use_certificate(s,x509) ||
- !SSL_use_PrivateKey(s,pkey))
- i=0;
- }
- else if (i == 1)
- {
- i=0;
- SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
- }
-
- if (x509 != NULL) X509_free(x509);
- if (pkey != NULL) EVP_PKEY_free(pkey);
- if (i == 0)
- {
- if (s->version == SSL3_VERSION)
- {
- s->s3->tmp.cert_req=0;
- ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
- return(1);
- }
- else
- {
- s->s3->tmp.cert_req=2;
- }
- }
-
- /* Ok, we have a cert */
- s->state=SSL3_ST_CW_CERT_C;
- }
-
- if (s->state == SSL3_ST_CW_CERT_C)
- {
- s->state=SSL3_ST_CW_CERT_D;
- l=ssl3_output_cert_chain(s,
- (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
- s->init_num=(int)l;
- s->init_off=0;
- }
- /* SSL3_ST_CW_CERT_D */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-#define has_bits(i,m) (((i)&(m)) == (m))
-
-static int ssl3_check_cert_and_algorithm(SSL *s)
- {
- int i,idx;
- long algs;
- EVP_PKEY *pkey=NULL;
- SESS_CERT *sc;
-#ifndef NO_RSA
- RSA *rsa;
-#endif
-#ifndef NO_DH
- DH *dh;
-#endif
-
- sc=s->session->sess_cert;
-
- if (sc == NULL)
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_INTERNAL_ERROR);
- goto err;
- }
-
- algs=s->s3->tmp.new_cipher->algorithms;
-
- /* we don't have a certificate */
- if (algs & (SSL_aDH|SSL_aNULL))
- return(1);
-
-#ifndef NO_RSA
- rsa=s->session->sess_cert->peer_rsa_tmp;
-#endif
-#ifndef NO_DH
- dh=s->session->sess_cert->peer_dh_tmp;
-#endif
-
- /* This is the passed certificate */
-
- idx=sc->peer_cert_type;
- pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);
- i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);
- EVP_PKEY_free(pkey);
-
-
- /* Check that we have a certificate if we require one */
- if ((algs & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
- goto f_err;
- }
-#ifndef NO_DSA
- else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
- goto f_err;
- }
-#endif
-#ifndef NO_RSA
- if ((algs & SSL_kRSA) &&
- !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
- goto f_err;
- }
-#endif
-#ifndef NO_DH
- if ((algs & SSL_kEDH) &&
- !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
- goto f_err;
- }
- else if ((algs & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
- goto f_err;
- }
-#ifndef NO_DSA
- else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
- goto f_err;
- }
-#endif
-#endif
-
- if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
- {
-#ifndef NO_RSA
- if (algs & SSL_kRSA)
- {
- if (rsa == NULL
- || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
- goto f_err;
- }
- }
- else
-#endif
-#ifndef NO_DH
- if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
- {
- if (dh == NULL
- || DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
- goto f_err;
- }
- }
- else
-#endif
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
- goto f_err;
- }
- }
- return(1);
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-err:
- return(0);
- }
-
diff --git a/crypto/openssl/ssl/s3_enc.c b/crypto/openssl/ssl/s3_enc.c
deleted file mode 100644
index 79fa4f97c24f..000000000000
--- a/crypto/openssl/ssl/s3_enc.c
+++ /dev/null
@@ -1,671 +0,0 @@
-/* ssl/s3_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
-#include <openssl/evp.h>
-#include "ssl_locl.h"
-
-static unsigned char ssl3_pad_1[48]={
- 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
- 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
- 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
- 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
- 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
- 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36 };
-
-static unsigned char ssl3_pad_2[48]={
- 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
- 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
- 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
- 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
- 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
- 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c };
-
-static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
- const char *sender, int len, unsigned char *p);
-
-static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
- {
- MD5_CTX m5;
- SHA_CTX s1;
- unsigned char buf[8],smd[SHA_DIGEST_LENGTH];
- unsigned char c='A';
- int i,j,k;
-
-#ifdef CHARSET_EBCDIC
- c = os_toascii[c]; /*'A' in ASCII */
-#endif
- k=0;
- for (i=0; i<num; i+=MD5_DIGEST_LENGTH)
- {
- k++;
- for (j=0; j<k; j++)
- buf[j]=c;
- c++;
- SHA1_Init( &s1);
- SHA1_Update(&s1,buf,k);
- SHA1_Update(&s1,s->session->master_key,
- s->session->master_key_length);
- SHA1_Update(&s1,s->s3->server_random,SSL3_RANDOM_SIZE);
- SHA1_Update(&s1,s->s3->client_random,SSL3_RANDOM_SIZE);
- SHA1_Final( smd,&s1);
-
- MD5_Init( &m5);
- MD5_Update(&m5,s->session->master_key,
- s->session->master_key_length);
- MD5_Update(&m5,smd,SHA_DIGEST_LENGTH);
- if ((i+MD5_DIGEST_LENGTH) > num)
- {
- MD5_Final(smd,&m5);
- memcpy(km,smd,(num-i));
- }
- else
- MD5_Final(km,&m5);
-
- km+=MD5_DIGEST_LENGTH;
- }
- memset(smd,0,SHA_DIGEST_LENGTH);
- }
-
-int ssl3_change_cipher_state(SSL *s, int which)
- {
- unsigned char *p,*key_block,*mac_secret;
- unsigned char exp_key[EVP_MAX_KEY_LENGTH];
- unsigned char exp_iv[EVP_MAX_KEY_LENGTH];
- unsigned char *ms,*key,*iv,*er1,*er2;
- EVP_CIPHER_CTX *dd;
- const EVP_CIPHER *c;
- COMP_METHOD *comp;
- const EVP_MD *m;
- MD5_CTX md;
- int exp,n,i,j,k,cl;
-
- exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
- c=s->s3->tmp.new_sym_enc;
- m=s->s3->tmp.new_hash;
- if (s->s3->tmp.new_compression == NULL)
- comp=NULL;
- else
- comp=s->s3->tmp.new_compression->method;
- key_block=s->s3->tmp.key_block;
-
- if (which & SSL3_CC_READ)
- {
- if ((s->enc_read_ctx == NULL) &&
- ((s->enc_read_ctx=(EVP_CIPHER_CTX *)
- OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
- goto err;
- dd= s->enc_read_ctx;
- s->read_hash=m;
- /* COMPRESS */
- if (s->expand != NULL)
- {
- COMP_CTX_free(s->expand);
- s->expand=NULL;
- }
- if (comp != NULL)
- {
- s->expand=COMP_CTX_new(comp);
- if (s->expand == NULL)
- {
- SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
- goto err2;
- }
- if (s->s3->rrec.comp == NULL)
- s->s3->rrec.comp=(unsigned char *)
- OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH);
- if (s->s3->rrec.comp == NULL)
- goto err;
- }
- memset(&(s->s3->read_sequence[0]),0,8);
- mac_secret= &(s->s3->read_mac_secret[0]);
- }
- else
- {
- if ((s->enc_write_ctx == NULL) &&
- ((s->enc_write_ctx=(EVP_CIPHER_CTX *)
- OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
- goto err;
- dd= s->enc_write_ctx;
- s->write_hash=m;
- /* COMPRESS */
- if (s->compress != NULL)
- {
- COMP_CTX_free(s->compress);
- s->compress=NULL;
- }
- if (comp != NULL)
- {
- s->compress=COMP_CTX_new(comp);
- if (s->compress == NULL)
- {
- SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
- goto err2;
- }
- }
- memset(&(s->s3->write_sequence[0]),0,8);
- mac_secret= &(s->s3->write_mac_secret[0]);
- }
-
- EVP_CIPHER_CTX_init(dd);
-
- p=s->s3->tmp.key_block;
- i=EVP_MD_size(m);
- cl=EVP_CIPHER_key_length(c);
- j=exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
- cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
- /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
- k=EVP_CIPHER_iv_length(c);
- if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
- (which == SSL3_CHANGE_CIPHER_SERVER_READ))
- {
- ms= &(p[ 0]); n=i+i;
- key= &(p[ n]); n+=j+j;
- iv= &(p[ n]); n+=k+k;
- er1= &(s->s3->client_random[0]);
- er2= &(s->s3->server_random[0]);
- }
- else
- {
- n=i;
- ms= &(p[ n]); n+=i+j;
- key= &(p[ n]); n+=j+k;
- iv= &(p[ n]); n+=k;
- er1= &(s->s3->server_random[0]);
- er2= &(s->s3->client_random[0]);
- }
-
- if (n > s->s3->tmp.key_block_length)
- {
- SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_INTERNAL_ERROR);
- goto err2;
- }
-
- memcpy(mac_secret,ms,i);
- if (exp)
- {
- /* In here I set both the read and write key/iv to the
- * same value since only the correct one will be used :-).
- */
- MD5_Init(&md);
- MD5_Update(&md,key,j);
- MD5_Update(&md,er1,SSL3_RANDOM_SIZE);
- MD5_Update(&md,er2,SSL3_RANDOM_SIZE);
- MD5_Final(&(exp_key[0]),&md);
- key= &(exp_key[0]);
-
- if (k > 0)
- {
- MD5_Init(&md);
- MD5_Update(&md,er1,SSL3_RANDOM_SIZE);
- MD5_Update(&md,er2,SSL3_RANDOM_SIZE);
- MD5_Final(&(exp_iv[0]),&md);
- iv= &(exp_iv[0]);
- }
- }
-
- s->session->key_arg_length=0;
-
- EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
-
- memset(&(exp_key[0]),0,sizeof(exp_key));
- memset(&(exp_iv[0]),0,sizeof(exp_iv));
- return(1);
-err:
- SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
-err2:
- return(0);
- }
-
-int ssl3_setup_key_block(SSL *s)
- {
- unsigned char *p;
- const EVP_CIPHER *c;
- const EVP_MD *hash;
- int num;
- SSL_COMP *comp;
-
- if (s->s3->tmp.key_block_length != 0)
- return(1);
-
- if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
- {
- SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
- return(0);
- }
-
- s->s3->tmp.new_sym_enc=c;
- s->s3->tmp.new_hash=hash;
- s->s3->tmp.new_compression=comp;
-
- num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
- num*=2;
-
- ssl3_cleanup_key_block(s);
-
- if ((p=OPENSSL_malloc(num)) == NULL)
- goto err;
-
- s->s3->tmp.key_block_length=num;
- s->s3->tmp.key_block=p;
-
- ssl3_generate_key_block(s,p,num);
-
- if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
- {
- /* enable vulnerability countermeasure for CBC ciphers with
- * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
- */
- s->s3->need_empty_fragments = 1;
-
- if (s->session->cipher != NULL)
- {
- if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
- s->s3->need_empty_fragments = 0;
-
-#ifndef NO_RC4
- if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
- s->s3->need_empty_fragments = 0;
-#endif
- }
- }
-
- return(1);
-err:
- SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
- return(0);
- }
-
-void ssl3_cleanup_key_block(SSL *s)
- {
- if (s->s3->tmp.key_block != NULL)
- {
- memset(s->s3->tmp.key_block,0,
- s->s3->tmp.key_block_length);
- OPENSSL_free(s->s3->tmp.key_block);
- s->s3->tmp.key_block=NULL;
- }
- s->s3->tmp.key_block_length=0;
- }
-
-int ssl3_enc(SSL *s, int send)
- {
- SSL3_RECORD *rec;
- EVP_CIPHER_CTX *ds;
- unsigned long l;
- int bs,i;
- const EVP_CIPHER *enc;
-
- if (send)
- {
- ds=s->enc_write_ctx;
- rec= &(s->s3->wrec);
- if (s->enc_write_ctx == NULL)
- enc=NULL;
- else
- enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
- }
- else
- {
- ds=s->enc_read_ctx;
- rec= &(s->s3->rrec);
- if (s->enc_read_ctx == NULL)
- enc=NULL;
- else
- enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
- }
-
- if ((s->session == NULL) || (ds == NULL) ||
- (enc == NULL))
- {
- memmove(rec->data,rec->input,rec->length);
- rec->input=rec->data;
- }
- else
- {
- l=rec->length;
- bs=EVP_CIPHER_block_size(ds->cipher);
-
- /* COMPRESS */
-
- if ((bs != 1) && send)
- {
- i=bs-((int)l%bs);
-
- /* we need to add 'i-1' padding bytes */
- l+=i;
- rec->length+=i;
- rec->input[l-1]=(i-1);
- }
-
- if (!send)
- {
- if (l == 0 || l%bs != 0)
- {
- SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
- return 0;
- }
- }
-
- EVP_Cipher(ds,rec->data,rec->input,l);
-
- if ((bs != 1) && !send)
- {
- i=rec->data[l-1]+1;
- /* SSL 3.0 bounds the number of padding bytes by the block size;
- * padding bytes (except that last) are arbitrary */
- if (i > bs)
- {
- /* Incorrect padding. SSLerr() and ssl3_alert are done
- * by caller: we don't want to reveal whether this is
- * a decryption error or a MAC verification failure
- * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
- return -1;
- }
- rec->length-=i;
- }
- }
- return(1);
- }
-
-void ssl3_init_finished_mac(SSL *s)
- {
- EVP_DigestInit(&(s->s3->finish_dgst1),s->ctx->md5);
- EVP_DigestInit(&(s->s3->finish_dgst2),s->ctx->sha1);
- }
-
-void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
- {
- EVP_DigestUpdate(&(s->s3->finish_dgst1),buf,len);
- EVP_DigestUpdate(&(s->s3->finish_dgst2),buf,len);
- }
-
-int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *ctx, unsigned char *p)
- {
- return(ssl3_handshake_mac(s,ctx,NULL,0,p));
- }
-
-int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
- const char *sender, int len, unsigned char *p)
- {
- int ret;
-
- ret=ssl3_handshake_mac(s,ctx1,sender,len,p);
- p+=ret;
- ret+=ssl3_handshake_mac(s,ctx2,sender,len,p);
- return(ret);
- }
-
-static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
- const char *sender, int len, unsigned char *p)
- {
- unsigned int ret;
- int npad,n;
- unsigned int i;
- unsigned char md_buf[EVP_MAX_MD_SIZE];
- EVP_MD_CTX ctx;
-
- EVP_MD_CTX_copy(&ctx,in_ctx);
-
- n=EVP_MD_CTX_size(&ctx);
- npad=(48/n)*n;
-
- if (sender != NULL)
- EVP_DigestUpdate(&ctx,sender,len);
- EVP_DigestUpdate(&ctx,s->session->master_key,
- s->session->master_key_length);
- EVP_DigestUpdate(&ctx,ssl3_pad_1,npad);
- EVP_DigestFinal(&ctx,md_buf,&i);
-
- EVP_DigestInit(&ctx,EVP_MD_CTX_md(&ctx));
- EVP_DigestUpdate(&ctx,s->session->master_key,
- s->session->master_key_length);
- EVP_DigestUpdate(&ctx,ssl3_pad_2,npad);
- EVP_DigestUpdate(&ctx,md_buf,i);
- EVP_DigestFinal(&ctx,p,&ret);
-
- memset(&ctx,0,sizeof(EVP_MD_CTX));
-
- return((int)ret);
- }
-
-int ssl3_mac(SSL *ssl, unsigned char *md, int send)
- {
- SSL3_RECORD *rec;
- unsigned char *mac_sec,*seq;
- EVP_MD_CTX md_ctx;
- const EVP_MD *hash;
- unsigned char *p,rec_char;
- unsigned int md_size;
- int npad,i;
-
- if (send)
- {
- rec= &(ssl->s3->wrec);
- mac_sec= &(ssl->s3->write_mac_secret[0]);
- seq= &(ssl->s3->write_sequence[0]);
- hash=ssl->write_hash;
- }
- else
- {
- rec= &(ssl->s3->rrec);
- mac_sec= &(ssl->s3->read_mac_secret[0]);
- seq= &(ssl->s3->read_sequence[0]);
- hash=ssl->read_hash;
- }
-
- md_size=EVP_MD_size(hash);
- npad=(48/md_size)*md_size;
-
- /* Chop the digest off the end :-) */
-
- EVP_DigestInit( &md_ctx,hash);
- EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
- EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
- EVP_DigestUpdate(&md_ctx,seq,8);
- rec_char=rec->type;
- EVP_DigestUpdate(&md_ctx,&rec_char,1);
- p=md;
- s2n(rec->length,p);
- EVP_DigestUpdate(&md_ctx,md,2);
- EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
- EVP_DigestFinal( &md_ctx,md,NULL);
-
- EVP_DigestInit( &md_ctx,hash);
- EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
- EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
- EVP_DigestUpdate(&md_ctx,md,md_size);
- EVP_DigestFinal( &md_ctx,md,&md_size);
-
- for (i=7; i>=0; i--)
- {
- ++seq[i];
- if (seq[i] != 0) break;
- }
-
- return(md_size);
- }
-
-int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
- int len)
- {
- static const unsigned char *salt[3]={
-#ifndef CHARSET_EBCDIC
- (const unsigned char *)"A",
- (const unsigned char *)"BB",
- (const unsigned char *)"CCC",
-#else
- (const unsigned char *)"\x41",
- (const unsigned char *)"\x42\x42",
- (const unsigned char *)"\x43\x43\x43",
-#endif
- };
- unsigned char buf[EVP_MAX_MD_SIZE];
- EVP_MD_CTX ctx;
- int i,ret=0;
- unsigned int n;
-
- for (i=0; i<3; i++)
- {
- EVP_DigestInit(&ctx,s->ctx->sha1);
- EVP_DigestUpdate(&ctx,salt[i],strlen((const char *)salt[i]));
- EVP_DigestUpdate(&ctx,p,len);
- EVP_DigestUpdate(&ctx,&(s->s3->client_random[0]),
- SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&ctx,&(s->s3->server_random[0]),
- SSL3_RANDOM_SIZE);
- EVP_DigestFinal(&ctx,buf,&n);
-
- EVP_DigestInit(&ctx,s->ctx->md5);
- EVP_DigestUpdate(&ctx,p,len);
- EVP_DigestUpdate(&ctx,buf,n);
- EVP_DigestFinal(&ctx,out,&n);
- out+=n;
- ret+=n;
- }
- return(ret);
- }
-
-int ssl3_alert_code(int code)
- {
- switch (code)
- {
- case SSL_AD_CLOSE_NOTIFY: return(SSL3_AD_CLOSE_NOTIFY);
- case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE);
- case SSL_AD_BAD_RECORD_MAC: return(SSL3_AD_BAD_RECORD_MAC);
- case SSL_AD_DECRYPTION_FAILED: return(SSL3_AD_BAD_RECORD_MAC);
- case SSL_AD_RECORD_OVERFLOW: return(SSL3_AD_BAD_RECORD_MAC);
- case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
- case SSL_AD_HANDSHAKE_FAILURE: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_NO_CERTIFICATE: return(SSL3_AD_NO_CERTIFICATE);
- case SSL_AD_BAD_CERTIFICATE: return(SSL3_AD_BAD_CERTIFICATE);
- case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
- case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
- case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
- case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
- case SSL_AD_ILLEGAL_PARAMETER: return(SSL3_AD_ILLEGAL_PARAMETER);
- case SSL_AD_UNKNOWN_CA: return(SSL3_AD_BAD_CERTIFICATE);
- case SSL_AD_ACCESS_DENIED: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_DECODE_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_DECRYPT_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_EXPORT_RESTRICTION: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_PROTOCOL_VERSION: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_INSUFFICIENT_SECURITY:return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_INTERNAL_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_USER_CANCELLED: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_NO_RENEGOTIATION: return(-1); /* Don't send it :-) */
- default: return(-1);
- }
- }
-
diff --git a/crypto/openssl/ssl/s3_lib.c b/crypto/openssl/ssl/s3_lib.c
deleted file mode 100644
index 9951ebb4191e..000000000000
--- a/crypto/openssl/ssl/s3_lib.c
+++ /dev/null
@@ -1,1386 +0,0 @@
-/* ssl/s3_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
-
-#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
-
-static long ssl3_default_timeout(void );
-
-OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
-/* The RSA ciphers */
-/* Cipher 01 */
- {
- 1,
- SSL3_TXT_RSA_NULL_MD5,
- SSL3_CK_RSA_NULL_MD5,
- SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
- SSL_NOT_EXP|SSL_STRONG_NONE,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 02 */
- {
- 1,
- SSL3_TXT_RSA_NULL_SHA,
- SSL3_CK_RSA_NULL_SHA,
- SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_STRONG_NONE,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* anon DH */
-/* Cipher 17 */
- {
- 1,
- SSL3_TXT_ADH_RC4_40_MD5,
- SSL3_CK_ADH_RC4_40_MD5,
- SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 18 */
- {
- 1,
- SSL3_TXT_ADH_RC4_128_MD5,
- SSL3_CK_ADH_RC4_128_MD5,
- SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 19 */
- {
- 1,
- SSL3_TXT_ADH_DES_40_CBC_SHA,
- SSL3_CK_ADH_DES_40_CBC_SHA,
- SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 1A */
- {
- 1,
- SSL3_TXT_ADH_DES_64_CBC_SHA,
- SSL3_CK_ADH_DES_64_CBC_SHA,
- SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 1B */
- {
- 1,
- SSL3_TXT_ADH_DES_192_CBC_SHA,
- SSL3_CK_ADH_DES_192_CBC_SHA,
- SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* RSA again */
-/* Cipher 03 */
- {
- 1,
- SSL3_TXT_RSA_RC4_40_MD5,
- SSL3_CK_RSA_RC4_40_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 04 */
- {
- 1,
- SSL3_TXT_RSA_RC4_128_MD5,
- SSL3_CK_RSA_RC4_128_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 05 */
- {
- 1,
- SSL3_TXT_RSA_RC4_128_SHA,
- SSL3_CK_RSA_RC4_128_SHA,
- SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 06 */
- {
- 1,
- SSL3_TXT_RSA_RC2_40_MD5,
- SSL3_CK_RSA_RC2_40_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 07 */
- {
- 1,
- SSL3_TXT_RSA_IDEA_128_SHA,
- SSL3_CK_RSA_IDEA_128_SHA,
- SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 08 */
- {
- 1,
- SSL3_TXT_RSA_DES_40_CBC_SHA,
- SSL3_CK_RSA_DES_40_CBC_SHA,
- SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 09 */
- {
- 1,
- SSL3_TXT_RSA_DES_64_CBC_SHA,
- SSL3_CK_RSA_DES_64_CBC_SHA,
- SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 0A */
- {
- 1,
- SSL3_TXT_RSA_DES_192_CBC3_SHA,
- SSL3_CK_RSA_DES_192_CBC3_SHA,
- SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* The DH ciphers */
-/* Cipher 0B */
- {
- 0,
- SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
- SSL3_CK_DH_DSS_DES_40_CBC_SHA,
- SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 0C */
- {
- 0,
- SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
- SSL3_CK_DH_DSS_DES_64_CBC_SHA,
- SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 0D */
- {
- 0,
- SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
- SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
- SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 0E */
- {
- 0,
- SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
- SSL3_CK_DH_RSA_DES_40_CBC_SHA,
- SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 0F */
- {
- 0,
- SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
- SSL3_CK_DH_RSA_DES_64_CBC_SHA,
- SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 10 */
- {
- 0,
- SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
- SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
- SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* The Ephemeral DH ciphers */
-/* Cipher 11 */
- {
- 1,
- SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
- SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
- SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 12 */
- {
- 1,
- SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
- SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
- SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 13 */
- {
- 1,
- SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
- SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
- SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 14 */
- {
- 1,
- SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
- SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
- SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 15 */
- {
- 1,
- SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
- SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
- SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 16 */
- {
- 1,
- SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
- SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
- SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Fortezza */
-/* Cipher 1C */
- {
- 0,
- SSL3_TXT_FZA_DMS_NULL_SHA,
- SSL3_CK_FZA_DMS_NULL_SHA,
- SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_STRONG_NONE,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 1D */
- {
- 0,
- SSL3_TXT_FZA_DMS_FZA_SHA,
- SSL3_CK_FZA_DMS_FZA_SHA,
- SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_STRONG_NONE,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 1E */
- {
- 0,
- SSL3_TXT_FZA_DMS_RC4_SHA,
- SSL3_CK_FZA_DMS_RC4_SHA,
- SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
- /* New TLS Export CipherSuites */
- /* Cipher 60 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
- TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 61 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
- TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 62 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
- TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
- SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 63 */
- {
- 1,
- TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
- TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
- SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 64 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
- TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 65 */
- {
- 1,
- TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
- TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
- SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 66 */
- {
- 1,
- TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
- TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
- SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
-#endif
-
-/* end of list */
- };
-
-static SSL3_ENC_METHOD SSLv3_enc_data={
- ssl3_enc,
- ssl3_mac,
- ssl3_setup_key_block,
- ssl3_generate_master_secret,
- ssl3_change_cipher_state,
- ssl3_final_finish_mac,
- MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
- ssl3_cert_verify_mac,
- SSL3_MD_CLIENT_FINISHED_CONST,4,
- SSL3_MD_SERVER_FINISHED_CONST,4,
- ssl3_alert_code,
- };
-
-static SSL_METHOD SSLv3_data= {
- SSL3_VERSION,
- ssl3_new,
- ssl3_clear,
- ssl3_free,
- ssl_undefined_function,
- ssl_undefined_function,
- ssl3_read,
- ssl3_peek,
- ssl3_write,
- ssl3_shutdown,
- ssl3_renegotiate,
- ssl3_renegotiate_check,
- ssl3_ctrl,
- ssl3_ctx_ctrl,
- ssl3_get_cipher_by_char,
- ssl3_put_cipher_by_char,
- ssl3_pending,
- ssl3_num_ciphers,
- ssl3_get_cipher,
- ssl_bad_method,
- ssl3_default_timeout,
- &SSLv3_enc_data,
- ssl_undefined_function,
- ssl3_callback_ctrl,
- ssl3_ctx_callback_ctrl,
- };
-
-static long ssl3_default_timeout(void)
- {
- /* 2 hours, the 24 hours mentioned in the SSLv3 spec
- * is way too long for http, the cache would over fill */
- return(60*60*2);
- }
-
-SSL_METHOD *sslv3_base_method(void)
- {
- return(&SSLv3_data);
- }
-
-int ssl3_num_ciphers(void)
- {
- return(SSL3_NUM_CIPHERS);
- }
-
-SSL_CIPHER *ssl3_get_cipher(unsigned int u)
- {
- if (u < SSL3_NUM_CIPHERS)
- return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
- else
- return(NULL);
- }
-
-int ssl3_pending(SSL *s)
- {
- if (s->rstate == SSL_ST_READ_BODY)
- return 0;
-
- return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
- }
-
-int ssl3_new(SSL *s)
- {
- SSL3_STATE *s3;
-
- if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
- memset(s3,0,sizeof *s3);
-
- s->s3=s3;
-
- s->method->ssl_clear(s);
- return(1);
-err:
- return(0);
- }
-
-void ssl3_free(SSL *s)
- {
- if(s == NULL)
- return;
-
- ssl3_cleanup_key_block(s);
- if (s->s3->rbuf.buf != NULL)
- OPENSSL_free(s->s3->rbuf.buf);
- if (s->s3->wbuf.buf != NULL)
- OPENSSL_free(s->s3->wbuf.buf);
- if (s->s3->rrec.comp != NULL)
- OPENSSL_free(s->s3->rrec.comp);
-#ifndef NO_DH
- if (s->s3->tmp.dh != NULL)
- DH_free(s->s3->tmp.dh);
-#endif
- if (s->s3->tmp.ca_names != NULL)
- sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
- memset(s->s3,0,sizeof *s->s3);
- OPENSSL_free(s->s3);
- s->s3=NULL;
- }
-
-void ssl3_clear(SSL *s)
- {
- unsigned char *rp,*wp;
- size_t rlen, wlen;
-
- ssl3_cleanup_key_block(s);
- if (s->s3->tmp.ca_names != NULL)
- sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
-
- if (s->s3->rrec.comp != NULL)
- {
- OPENSSL_free(s->s3->rrec.comp);
- s->s3->rrec.comp=NULL;
- }
-#ifndef NO_DH
- if (s->s3->tmp.dh != NULL)
- DH_free(s->s3->tmp.dh);
-#endif
-
- rp = s->s3->rbuf.buf;
- wp = s->s3->wbuf.buf;
- rlen = s->s3->rbuf_len;
- wlen = s->s3->wbuf_len;
-
- memset(s->s3,0,sizeof *s->s3);
- s->s3->rbuf.buf = rp;
- s->s3->wbuf.buf = wp;
- s->s3->rbuf_len = rlen;
- s->s3->wbuf_len = wlen;
-
- ssl_free_wbio_buffer(s);
-
- s->packet_length=0;
- s->s3->renegotiate=0;
- s->s3->total_renegotiations=0;
- s->s3->num_renegotiations=0;
- s->s3->in_read_app_data=0;
- s->version=SSL3_VERSION;
- }
-
-long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg)
- {
- int ret=0;
-
-#if !defined(NO_DSA) || !defined(NO_RSA)
- if (
-#ifndef NO_RSA
- cmd == SSL_CTRL_SET_TMP_RSA ||
- cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-#endif
-#ifndef NO_DSA
- cmd == SSL_CTRL_SET_TMP_DH ||
- cmd == SSL_CTRL_SET_TMP_DH_CB ||
-#endif
- 0)
- {
- if (!ssl_cert_inst(&s->cert))
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
- return(0);
- }
- }
-#endif
-
- switch (cmd)
- {
- case SSL_CTRL_GET_SESSION_REUSED:
- ret=s->hit;
- break;
- case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
- break;
- case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
- ret=s->s3->num_renegotiations;
- break;
- case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
- ret=s->s3->num_renegotiations;
- s->s3->num_renegotiations=0;
- break;
- case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
- ret=s->s3->total_renegotiations;
- break;
- case SSL_CTRL_GET_FLAGS:
- ret=(int)(s->s3->flags);
- break;
-#ifndef NO_RSA
- case SSL_CTRL_NEED_TMP_RSA:
- if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
- ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
- (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
- ret = 1;
- break;
- case SSL_CTRL_SET_TMP_RSA:
- {
- RSA *rsa = (RSA *)parg;
- if (rsa == NULL)
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
- return(ret);
- }
- if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
- return(ret);
- }
- if (s->cert->rsa_tmp != NULL)
- RSA_free(s->cert->rsa_tmp);
- s->cert->rsa_tmp = rsa;
- ret = 1;
- }
- break;
- case SSL_CTRL_SET_TMP_RSA_CB:
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(ret);
- }
- break;
-#endif
-#ifndef NO_DH
- case SSL_CTRL_SET_TMP_DH:
- {
- DH *dh = (DH *)parg;
- if (dh == NULL)
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
- return(ret);
- }
- if ((dh = DHparams_dup(dh)) == NULL)
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
- return(ret);
- }
- if (!(s->options & SSL_OP_SINGLE_DH_USE))
- {
- if (!DH_generate_key(dh))
- {
- DH_free(dh);
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
- return(ret);
- }
- }
- if (s->cert->dh_tmp != NULL)
- DH_free(s->cert->dh_tmp);
- s->cert->dh_tmp = dh;
- ret = 1;
- }
- break;
- case SSL_CTRL_SET_TMP_DH_CB:
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(ret);
- }
- break;
-#endif
- default:
- break;
- }
- return(ret);
- }
-
-long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
- {
- int ret=0;
-
-#if !defined(NO_DSA) || !defined(NO_RSA)
- if (
-#ifndef NO_RSA
- cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-#endif
-#ifndef NO_DSA
- cmd == SSL_CTRL_SET_TMP_DH_CB ||
-#endif
- 0)
- {
- if (!ssl_cert_inst(&s->cert))
- {
- SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
- return(0);
- }
- }
-#endif
-
- switch (cmd)
- {
-#ifndef NO_RSA
- case SSL_CTRL_SET_TMP_RSA_CB:
- {
- s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
- }
- break;
-#endif
-#ifndef NO_DH
- case SSL_CTRL_SET_TMP_DH_CB:
- {
- s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
- }
- break;
-#endif
- default:
- break;
- }
- return(ret);
- }
-
-long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
- {
- CERT *cert;
-
- cert=ctx->cert;
-
- switch (cmd)
- {
-#ifndef NO_RSA
- case SSL_CTRL_NEED_TMP_RSA:
- if ( (cert->rsa_tmp == NULL) &&
- ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
- (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
- )
- return(1);
- else
- return(0);
- /* break; */
- case SSL_CTRL_SET_TMP_RSA:
- {
- RSA *rsa;
- int i;
-
- rsa=(RSA *)parg;
- i=1;
- if (rsa == NULL)
- i=0;
- else
- {
- if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
- i=0;
- }
- if (!i)
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
- return(0);
- }
- else
- {
- if (cert->rsa_tmp != NULL)
- RSA_free(cert->rsa_tmp);
- cert->rsa_tmp=rsa;
- return(1);
- }
- }
- /* break; */
- case SSL_CTRL_SET_TMP_RSA_CB:
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(0);
- }
- break;
-#endif
-#ifndef NO_DH
- case SSL_CTRL_SET_TMP_DH:
- {
- DH *new=NULL,*dh;
-
- dh=(DH *)parg;
- if ((new=DHparams_dup(dh)) == NULL)
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
- return 0;
- }
- if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
- {
- if (!DH_generate_key(new))
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
- DH_free(new);
- return 0;
- }
- }
- if (cert->dh_tmp != NULL)
- DH_free(cert->dh_tmp);
- cert->dh_tmp=new;
- return 1;
- }
- /*break; */
- case SSL_CTRL_SET_TMP_DH_CB:
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(0);
- }
- break;
-#endif
- /* A Thawte special :-) */
- case SSL_CTRL_EXTRA_CHAIN_CERT:
- if (ctx->extra_certs == NULL)
- {
- if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
- return(0);
- }
- sk_X509_push(ctx->extra_certs,(X509 *)parg);
- break;
-
- default:
- return(0);
- }
- return(1);
- }
-
-long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
- {
- CERT *cert;
-
- cert=ctx->cert;
-
- switch (cmd)
- {
-#ifndef NO_RSA
- case SSL_CTRL_SET_TMP_RSA_CB:
- {
- cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
- }
- break;
-#endif
-#ifndef NO_DH
- case SSL_CTRL_SET_TMP_DH_CB:
- {
- cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
- }
- break;
-#endif
- default:
- return(0);
- }
- return(1);
- }
-
-/* This function needs to check if the ciphers required are actually
- * available */
-SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
- {
- static int init=1;
- static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
- SSL_CIPHER c,*cp= &c,**cpp;
- unsigned long id;
- int i;
-
- if (init)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-
- for (i=0; i<SSL3_NUM_CIPHERS; i++)
- sorted[i]= &(ssl3_ciphers[i]);
-
- qsort( (char *)sorted,
- SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
- FP_ICC ssl_cipher_ptr_id_cmp);
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-
- init=0;
- }
-
- id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
- c.id=id;
- cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
- (char *)sorted,
- SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
- FP_ICC ssl_cipher_ptr_id_cmp);
- if ((cpp == NULL) || !(*cpp)->valid)
- return(NULL);
- else
- return(*cpp);
- }
-
-int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
- {
- long l;
-
- if (p != NULL)
- {
- l=c->id;
- if ((l & 0xff000000) != 0x03000000) return(0);
- p[0]=((unsigned char)(l>> 8L))&0xFF;
- p[1]=((unsigned char)(l ))&0xFF;
- }
- return(2);
- }
-
-SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *have,
- STACK_OF(SSL_CIPHER) *pref)
- {
- SSL_CIPHER *c,*ret=NULL;
- int i,j,ok;
- CERT *cert;
- unsigned long alg,mask,emask;
-
- /* Let's see which ciphers we can support */
- cert=s->cert;
-
- sk_SSL_CIPHER_set_cmp_func(pref,ssl_cipher_ptr_id_cmp);
-
-#ifdef CIPHER_DEBUG
- printf("Have:\n");
- for(i=0 ; i < sk_num(pref) ; ++i)
- {
- c=(SSL_CIPHER *)sk_value(pref,i);
- printf("%p:%s\n",c,c->name);
- }
-#endif
-
- for (i=0; i<sk_SSL_CIPHER_num(have); i++)
- {
- c=sk_SSL_CIPHER_value(have,i);
-
- ssl_set_cert_masks(cert,c);
- mask=cert->mask;
- emask=cert->export_mask;
-
- alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
- if (SSL_C_IS_EXPORT(c))
- {
- ok=((alg & emask) == alg)?1:0;
-#ifdef CIPHER_DEBUG
- printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,
- c,c->name);
-#endif
- }
- else
- {
- ok=((alg & mask) == alg)?1:0;
-#ifdef CIPHER_DEBUG
- printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,
- c->name);
-#endif
- }
-
- if (!ok) continue;
-
- j=sk_SSL_CIPHER_find(pref,c);
- if (j >= 0)
- {
- ret=sk_SSL_CIPHER_value(pref,j);
- break;
- }
- }
- return(ret);
- }
-
-int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
- {
- int ret=0;
- unsigned long alg;
-
- alg=s->s3->tmp.new_cipher->algorithms;
-
-#ifndef NO_DH
- if (alg & (SSL_kDHr|SSL_kEDH))
- {
-# ifndef NO_RSA
- p[ret++]=SSL3_CT_RSA_FIXED_DH;
-# endif
-# ifndef NO_DSA
- p[ret++]=SSL3_CT_DSS_FIXED_DH;
-# endif
- }
- if ((s->version == SSL3_VERSION) &&
- (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
- {
-# ifndef NO_RSA
- p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
-# endif
-# ifndef NO_DSA
- p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
-# endif
- }
-#endif /* !NO_DH */
-#ifndef NO_RSA
- p[ret++]=SSL3_CT_RSA_SIGN;
-#endif
-#ifndef NO_DSA
- p[ret++]=SSL3_CT_DSS_SIGN;
-#endif
- return(ret);
- }
-
-int ssl3_shutdown(SSL *s)
- {
-
- /* Don't do anything much if we have not done the handshake or
- * we don't want to send messages :-) */
- if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
- {
- s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
- return(1);
- }
-
- if (!(s->shutdown & SSL_SENT_SHUTDOWN))
- {
- s->shutdown|=SSL_SENT_SHUTDOWN;
-#if 1
- ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
-#endif
- /* our shutdown alert has been sent now, and if it still needs
- * to be written, s->s3->alert_dispatch will be true */
- }
- else if (s->s3->alert_dispatch)
- {
- /* resend it if not sent */
-#if 1
- ssl3_dispatch_alert(s);
-#endif
- }
- else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
- {
- /* If we are waiting for a close from our peer, we are closed */
- ssl3_read_bytes(s,0,NULL,0,0);
- }
-
- if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
- !s->s3->alert_dispatch)
- return(1);
- else
- return(0);
- }
-
-int ssl3_write(SSL *s, const void *buf, int len)
- {
- int ret,n;
-
-#if 0
- if (s->shutdown & SSL_SEND_SHUTDOWN)
- {
- s->rwstate=SSL_NOTHING;
- return(0);
- }
-#endif
- clear_sys_error();
- if (s->s3->renegotiate) ssl3_renegotiate_check(s);
-
- /* This is an experimental flag that sends the
- * last handshake message in the same packet as the first
- * use data - used to see if it helps the TCP protocol during
- * session-id reuse */
- /* The second test is because the buffer may have been removed */
- if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
- {
- /* First time through, we write into the buffer */
- if (s->s3->delay_buf_pop_ret == 0)
- {
- ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
- buf,len);
- if (ret <= 0) return(ret);
-
- s->s3->delay_buf_pop_ret=ret;
- }
-
- s->rwstate=SSL_WRITING;
- n=BIO_flush(s->wbio);
- if (n <= 0) return(n);
- s->rwstate=SSL_NOTHING;
-
- /* We have flushed the buffer, so remove it */
- ssl_free_wbio_buffer(s);
- s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
-
- ret=s->s3->delay_buf_pop_ret;
- s->s3->delay_buf_pop_ret=0;
- }
- else
- {
- ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
- buf,len);
- if (ret <= 0) return(ret);
- }
-
- return(ret);
- }
-
-static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
- {
- int ret;
-
- clear_sys_error();
- if (s->s3->renegotiate) ssl3_renegotiate_check(s);
- s->s3->in_read_app_data=1;
- ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
- if ((ret == -1) && (s->s3->in_read_app_data == 2))
- {
- /* ssl3_read_bytes decided to call s->handshake_func, which
- * called ssl3_read_bytes to read handshake data.
- * However, ssl3_read_bytes actually found application data
- * and thinks that application data makes sense here; so disable
- * handshake processing and try to read application data again. */
- s->in_handshake++;
- ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
- s->in_handshake--;
- }
- else
- s->s3->in_read_app_data=0;
-
- return(ret);
- }
-
-int ssl3_read(SSL *s, void *buf, int len)
- {
- return ssl3_read_internal(s, buf, len, 0);
- }
-
-int ssl3_peek(SSL *s, void *buf, int len)
- {
- return ssl3_read_internal(s, buf, len, 1);
- }
-
-int ssl3_renegotiate(SSL *s)
- {
- if (s->handshake_func == NULL)
- return(1);
-
- if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
- return(0);
-
- s->s3->renegotiate=1;
- return(1);
- }
-
-int ssl3_renegotiate_check(SSL *s)
- {
- int ret=0;
-
- if (s->s3->renegotiate)
- {
- if ( (s->s3->rbuf.left == 0) &&
- (s->s3->wbuf.left == 0) &&
- !SSL_in_init(s))
- {
-/*
-if we are the server, and we have sent a 'RENEGOTIATE' message, we
-need to go to SSL_ST_ACCEPT.
-*/
- /* SSL_ST_ACCEPT */
- s->state=SSL_ST_RENEGOTIATE;
- s->s3->renegotiate=0;
- s->s3->num_renegotiations++;
- s->s3->total_renegotiations++;
- ret=1;
- }
- }
- return(ret);
- }
-
diff --git a/crypto/openssl/ssl/s3_meth.c b/crypto/openssl/ssl/s3_meth.c
deleted file mode 100644
index 81bcad89c52f..000000000000
--- a/crypto/openssl/ssl/s3_meth.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/* ssl/s3_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-static SSL_METHOD *ssl3_get_method(int ver);
-static SSL_METHOD *ssl3_get_method(int ver)
- {
- if (ver == SSL3_VERSION)
- return(SSLv3_method());
- else
- return(NULL);
- }
-
-SSL_METHOD *SSLv3_method(void)
- {
- static int init=1;
- static SSL_METHOD SSLv3_data;
-
- if (init)
- {
- memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(),
- sizeof(SSL_METHOD));
- SSLv3_data.ssl_connect=ssl3_connect;
- SSLv3_data.ssl_accept=ssl3_accept;
- SSLv3_data.get_ssl_method=ssl3_get_method;
- init=0;
- }
- return(&SSLv3_data);
- }
-
diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c
deleted file mode 100644
index f52303c7c3e0..000000000000
--- a/crypto/openssl/ssl/s3_pkt.c
+++ /dev/null
@@ -1,1274 +0,0 @@
-/* ssl/s3_pkt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include <openssl/evp.h>
-#include <openssl/buffer.h>
-#include "ssl_locl.h"
-
-static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
- unsigned int len, int create_empty_fragment);
-static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
- unsigned int len);
-static int ssl3_get_record(SSL *s);
-static int do_compress(SSL *ssl);
-static int do_uncompress(SSL *ssl);
-static int do_change_cipher_spec(SSL *ssl);
-
-/* used only by ssl3_get_record */
-static int ssl3_read_n(SSL *s, int n, int max, int extend)
- {
- /* If extend == 0, obtain new n-byte packet; if extend == 1, increase
- * packet by another n bytes.
- * The packet will be in the sub-array of s->s3->rbuf.buf specified
- * by s->packet and s->packet_length.
- * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
- * [plus s->packet_length bytes if extend == 1].)
- */
- int i,off,newb;
-
- if (!extend)
- {
- /* start with empty packet ... */
- if (s->s3->rbuf.left == 0)
- s->s3->rbuf.offset = 0;
- s->packet = s->s3->rbuf.buf + s->s3->rbuf.offset;
- s->packet_length = 0;
- /* ... now we can act as if 'extend' was set */
- }
-
- /* if there is enough in the buffer from a previous read, take some */
- if (s->s3->rbuf.left >= (int)n)
- {
- s->packet_length+=n;
- s->s3->rbuf.left-=n;
- s->s3->rbuf.offset+=n;
- return(n);
- }
-
- /* else we need to read more data */
- if (!s->read_ahead)
- max=n;
-
- {
- /* avoid buffer overflow */
- int max_max = s->s3->rbuf_len - s->packet_length;
- if (max > max_max)
- max = max_max;
- }
- if (n > max) /* does not happen */
- {
- SSLerr(SSL_F_SSL3_READ_N,SSL_R_INTERNAL_ERROR);
- return -1;
- }
-
- off = s->packet_length;
- newb = s->s3->rbuf.left;
- /* Move any available bytes to front of buffer:
- * 'off' bytes already pointed to by 'packet',
- * 'newb' extra ones at the end */
- if (s->packet != s->s3->rbuf.buf)
- {
- /* off > 0 */
- memmove(s->s3->rbuf.buf, s->packet, off+newb);
- s->packet = s->s3->rbuf.buf;
- }
-
- while (newb < n)
- {
- /* Now we have off+newb bytes at the front of s->s3->rbuf.buf and need
- * to read in more until we have off+n (up to off+max if possible) */
-
- clear_sys_error();
- if (s->rbio != NULL)
- {
- s->rwstate=SSL_READING;
- i=BIO_read(s->rbio, &(s->s3->rbuf.buf[off+newb]), max-newb);
- }
- else
- {
- SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);
- i = -1;
- }
-
- if (i <= 0)
- {
- s->s3->rbuf.left = newb;
- return(i);
- }
- newb+=i;
- }
-
- /* done reading, now the book-keeping */
- s->s3->rbuf.offset = off + n;
- s->s3->rbuf.left = newb - n;
- s->packet_length += n;
- s->rwstate=SSL_NOTHING;
- return(n);
- }
-
-/* Call this to get a new input record.
- * It will return <= 0 if more data is needed, normally due to an error
- * or non-blocking IO.
- * When it finishes, one packet has been decoded and can be found in
- * ssl->s3->rrec.type - is the type of record
- * ssl->s3->rrec.data, - data
- * ssl->s3->rrec.length, - number of bytes
- */
-/* used only by ssl3_read_bytes */
-static int ssl3_get_record(SSL *s)
- {
- int ssl_major,ssl_minor,al;
- int enc_err,n,i,ret= -1;
- SSL3_RECORD *rr;
- SSL_SESSION *sess;
- unsigned char *p;
- unsigned char md[EVP_MAX_MD_SIZE];
- short version;
- unsigned int mac_size;
- int clear=0;
- size_t extra;
-
- rr= &(s->s3->rrec);
- sess=s->session;
-
- if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
- extra=SSL3_RT_MAX_EXTRA;
- else
- extra=0;
- if (extra != s->s3->rbuf_len - SSL3_RT_MAX_PACKET_SIZE)
- {
- /* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
- * set after ssl3_setup_buffers() was done */
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_INTERNAL_ERROR);
- return -1;
- }
-
-again:
- /* check if we have the header */
- if ( (s->rstate != SSL_ST_READ_BODY) ||
- (s->packet_length < SSL3_RT_HEADER_LENGTH))
- {
- n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf_len, 0);
- if (n <= 0) return(n); /* error or non-blocking */
- s->rstate=SSL_ST_READ_BODY;
-
- p=s->packet;
-
- /* Pull apart the header into the SSL3_RECORD */
- rr->type= *(p++);
- ssl_major= *(p++);
- ssl_minor= *(p++);
- version=(ssl_major<<8)|ssl_minor;
- n2s(p,rr->length);
-
- /* Lets check version */
- if (s->first_packet)
- {
- s->first_packet=0;
- }
- else
- {
- if (version != s->version)
- {
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
- /* Send back error using their
- * version number :-) */
- s->version=version;
- al=SSL_AD_PROTOCOL_VERSION;
- goto f_err;
- }
- }
-
- if ((version>>8) != SSL3_VERSION_MAJOR)
- {
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
- goto err;
- }
-
- if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
- {
- al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
- goto f_err;
- }
-
- /* now s->rstate == SSL_ST_READ_BODY */
- }
-
- /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
-
- if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH)
- {
- /* now s->packet_length == SSL3_RT_HEADER_LENGTH */
- i=rr->length;
- n=ssl3_read_n(s,i,i,1);
- if (n <= 0) return(n); /* error or non-blocking io */
- /* now n == rr->length,
- * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */
- }
-
- s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
-
- /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
- * and we have that many bytes in s->packet
- */
- rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
-
- /* ok, we can now read from 's->packet' data into 'rr'
- * rr->input points at rr->length bytes, which
- * need to be copied into rr->data by either
- * the decryption or by the decompression
- * When the data is 'copied' into the rr->data buffer,
- * rr->input will be pointed at the new buffer */
-
- /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
- * rr->length bytes of encrypted compressed stuff. */
-
- /* check is not needed I believe */
- if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
- {
- al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
- goto f_err;
- }
-
- /* decrypt in place in 'rr->input' */
- rr->data=rr->input;
-
- enc_err = s->method->ssl3_enc->enc(s,0);
- if (enc_err <= 0)
- {
- if (enc_err == 0)
- /* SSLerr() and ssl3_send_alert() have been called */
- goto err;
-
- /* otherwise enc_err == -1 */
- goto decryption_failed_or_bad_record_mac;
- }
-
-#ifdef TLS_DEBUG
-printf("dec %d\n",rr->length);
-{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
-printf("\n");
-#endif
-
- /* r->length is now the compressed data plus mac */
- if ( (sess == NULL) ||
- (s->enc_read_ctx == NULL) ||
- (s->read_hash == NULL))
- clear=1;
-
- if (!clear)
- {
- mac_size=EVP_MD_size(s->read_hash);
-
- if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
- {
-#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
- al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
- goto f_err;
-#else
- goto decryption_failed_or_bad_record_mac;
-#endif
- }
- /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
- if (rr->length < mac_size)
- {
-#if 0 /* OK only for stream ciphers */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-#else
- goto decryption_failed_or_bad_record_mac;
-#endif
- }
- rr->length-=mac_size;
- i=s->method->ssl3_enc->mac(s,md,0);
- if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
- {
- goto decryption_failed_or_bad_record_mac;
- }
- }
-
- /* r->length is now just compressed */
- if (s->expand != NULL)
- {
- if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
- {
- al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
- goto f_err;
- }
- if (!do_uncompress(s))
- {
- al=SSL_AD_DECOMPRESSION_FAILURE;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
- goto f_err;
- }
- }
-
- if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra)
- {
- al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
- goto f_err;
- }
-
- rr->off=0;
- /* So at this point the following is true
- * ssl->s3->rrec.type is the type of record
- * ssl->s3->rrec.length == number of bytes in record
- * ssl->s3->rrec.off == offset to first valid byte
- * ssl->s3->rrec.data == where to take bytes from, increment
- * after use :-).
- */
-
- /* we have pulled in a full packet so zero things */
- s->packet_length=0;
-
- /* just read a 0 length packet */
- if (rr->length == 0) goto again;
-
- return(1);
-
-decryption_failed_or_bad_record_mac:
- /* Separate 'decryption_failed' alert was introduced with TLS 1.0,
- * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
- * failure is directly visible from the ciphertext anyway,
- * we should not reveal which kind of error occured -- this
- * might become visible to an attacker (e.g. via logfile) */
- al=SSL_AD_BAD_RECORD_MAC;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- return(ret);
- }
-
-static int do_uncompress(SSL *ssl)
- {
- int i;
- SSL3_RECORD *rr;
-
- rr= &(ssl->s3->rrec);
- i=COMP_expand_block(ssl->expand,rr->comp,
- SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length);
- if (i < 0)
- return(0);
- else
- rr->length=i;
- rr->data=rr->comp;
-
- return(1);
- }
-
-static int do_compress(SSL *ssl)
- {
- int i;
- SSL3_RECORD *wr;
-
- wr= &(ssl->s3->wrec);
- i=COMP_compress_block(ssl->compress,wr->data,
- SSL3_RT_MAX_COMPRESSED_LENGTH,
- wr->input,(int)wr->length);
- if (i < 0)
- return(0);
- else
- wr->length=i;
-
- wr->input=wr->data;
- return(1);
- }
-
-/* Call this to write data in records of type 'type'
- * It will return <= 0 if not all data has been sent or non-blocking IO.
- */
-int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
- {
- const unsigned char *buf=buf_;
- unsigned int tot,n,nw;
- int i;
-
- s->rwstate=SSL_NOTHING;
- tot=s->s3->wnum;
- s->s3->wnum=0;
-
- if (SSL_in_init(s) && !s->in_handshake)
- {
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
- return -1;
- }
- }
-
- n=(len-tot);
- for (;;)
- {
- if (n > SSL3_RT_MAX_PLAIN_LENGTH)
- nw=SSL3_RT_MAX_PLAIN_LENGTH;
- else
- nw=n;
-
- i=do_ssl3_write(s, type, &(buf[tot]), nw, 0);
- if (i <= 0)
- {
- s->s3->wnum=tot;
- return i;
- }
-
- if ((i == (int)n) ||
- (type == SSL3_RT_APPLICATION_DATA &&
- (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
- {
- /* next chunk of data should get another prepended empty fragment
- * in ciphersuites with known-IV weakness: */
- s->s3->empty_fragment_done = 0;
-
- return tot+i;
- }
-
- n-=i;
- tot+=i;
- }
- }
-
-static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
- unsigned int len, int create_empty_fragment)
- {
- unsigned char *p,*plen;
- int i,mac_size,clear=0;
- int prefix_len = 0;
- SSL3_RECORD *wr;
- SSL3_BUFFER *wb;
- SSL_SESSION *sess;
-
- /* first check if there is a SSL3_BUFFER still being written
- * out. This will happen with non blocking IO */
- if (s->s3->wbuf.left != 0)
- return(ssl3_write_pending(s,type,buf,len));
-
- /* If we have an alert to send, lets send it */
- if (s->s3->alert_dispatch)
- {
- i=ssl3_dispatch_alert(s);
- if (i <= 0)
- return(i);
- /* if it went, fall through and send more stuff */
- }
-
- if (len == 0 && !create_empty_fragment)
- return 0;
-
- wr= &(s->s3->wrec);
- wb= &(s->s3->wbuf);
- sess=s->session;
-
- if ( (sess == NULL) ||
- (s->enc_write_ctx == NULL) ||
- (s->write_hash == NULL))
- clear=1;
-
- if (clear)
- mac_size=0;
- else
- mac_size=EVP_MD_size(s->write_hash);
-
- /* 'create_empty_fragment' is true only when this function calls itself */
- if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done)
- {
- /* countermeasure against known-IV weakness in CBC ciphersuites
- * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
-
- if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)
- {
- /* recursive function call with 'create_empty_fragment' set;
- * this prepares and buffers the data for an empty fragment
- * (these 'prefix_len' bytes are sent out later
- * together with the actual payload) */
- prefix_len = do_ssl3_write(s, type, buf, 0, 1);
- if (prefix_len <= 0)
- goto err;
-
- if (s->s3->wbuf_len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
- {
- /* insufficient space */
- SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_INTERNAL_ERROR);
- goto err;
- }
- }
-
- s->s3->empty_fragment_done = 1;
- }
-
- p = wb->buf + prefix_len;
-
- /* write the header */
-
- *(p++)=type&0xff;
- wr->type=type;
-
- *(p++)=(s->version>>8);
- *(p++)=s->version&0xff;
-
- /* field where we are to write out packet length */
- plen=p;
- p+=2;
-
- /* lets setup the record stuff. */
- wr->data=p;
- wr->length=(int)len;
- wr->input=(unsigned char *)buf;
-
- /* we now 'read' from wr->input, wr->length bytes into
- * wr->data */
-
- /* first we compress */
- if (s->compress != NULL)
- {
- if (!do_compress(s))
- {
- SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
- goto err;
- }
- }
- else
- {
- memcpy(wr->data,wr->input,wr->length);
- wr->input=wr->data;
- }
-
- /* we should still have the output to wr->data and the input
- * from wr->input. Length should be wr->length.
- * wr->data still points in the wb->buf */
-
- if (mac_size != 0)
- {
- s->method->ssl3_enc->mac(s,&(p[wr->length]),1);
- wr->length+=mac_size;
- wr->input=p;
- wr->data=p;
- }
-
- /* ssl3_enc can only have an error on read */
- s->method->ssl3_enc->enc(s,1);
-
- /* record length after mac and block padding */
- s2n(wr->length,plen);
-
- /* we should now have
- * wr->data pointing to the encrypted data, which is
- * wr->length long */
- wr->type=type; /* not needed but helps for debugging */
- wr->length+=SSL3_RT_HEADER_LENGTH;
-
- if (create_empty_fragment)
- {
- /* we are in a recursive call;
- * just return the length, don't write out anything here
- */
- return wr->length;
- }
-
- /* now let's set up wb */
- wb->left = prefix_len + wr->length;
- wb->offset = 0;
-
- /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
- s->s3->wpend_tot=len;
- s->s3->wpend_buf=buf;
- s->s3->wpend_type=type;
- s->s3->wpend_ret=len;
-
- /* we now just need to write the buffer */
- return ssl3_write_pending(s,type,buf,len);
-err:
- return -1;
- }
-
-/* if s->s3->wbuf.left != 0, we need to call this */
-static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
- unsigned int len)
- {
- int i;
-
-/* XXXX */
- if ((s->s3->wpend_tot > (int)len)
- || ((s->s3->wpend_buf != buf) &&
- !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
- || (s->s3->wpend_type != type))
- {
- SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
- return(-1);
- }
-
- for (;;)
- {
- clear_sys_error();
- if (s->wbio != NULL)
- {
- s->rwstate=SSL_WRITING;
- i=BIO_write(s->wbio,
- (char *)&(s->s3->wbuf.buf[s->s3->wbuf.offset]),
- (unsigned int)s->s3->wbuf.left);
- }
- else
- {
- SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET);
- i= -1;
- }
- if (i == s->s3->wbuf.left)
- {
- s->s3->wbuf.left=0;
- s->rwstate=SSL_NOTHING;
- return(s->s3->wpend_ret);
- }
- else if (i <= 0)
- return(i);
- s->s3->wbuf.offset+=i;
- s->s3->wbuf.left-=i;
- }
- }
-
-/* Return up to 'len' payload bytes received in 'type' records.
- * 'type' is one of the following:
- *
- * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
- * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
- * - 0 (during a shutdown, no data has to be returned)
- *
- * If we don't have stored data to work from, read a SSL/TLS record first
- * (possibly multiple records if we still don't have anything to return).
- *
- * This function must handle any surprises the peer may have for us, such as
- * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
- * a surprise, but handled as if it were), or renegotiation requests.
- * Also if record payloads contain fragments too small to process, we store
- * them until there is enough for the respective protocol (the record protocol
- * may use arbitrary fragmentation and even interleaving):
- * Change cipher spec protocol
- * just 1 byte needed, no need for keeping anything stored
- * Alert protocol
- * 2 bytes needed (AlertLevel, AlertDescription)
- * Handshake protocol
- * 4 bytes needed (HandshakeType, uint24 length) -- we just have
- * to detect unexpected Client Hello and Hello Request messages
- * here, anything else is handled by higher layers
- * Application data protocol
- * none of our business
- */
-int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
- {
- int al,i,j,ret;
- unsigned int n;
- SSL3_RECORD *rr;
- void (*cb)()=NULL;
-
- if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
- if (!ssl3_setup_buffers(s))
- return(-1);
-
- if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) ||
- (peek && (type != SSL3_RT_APPLICATION_DATA)))
- {
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_INTERNAL_ERROR);
- return -1;
- }
-
- if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0))
- /* (partially) satisfy request from storage */
- {
- unsigned char *src = s->s3->handshake_fragment;
- unsigned char *dst = buf;
- unsigned int k;
-
- /* peek == 0 */
- n = 0;
- while ((len > 0) && (s->s3->handshake_fragment_len > 0))
- {
- *dst++ = *src++;
- len--; s->s3->handshake_fragment_len--;
- n++;
- }
- /* move any remaining fragment bytes: */
- for (k = 0; k < s->s3->handshake_fragment_len; k++)
- s->s3->handshake_fragment[k] = *src++;
- return n;
- }
-
- /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
-
- if (!s->in_handshake && SSL_in_init(s))
- {
- /* type == SSL3_RT_APPLICATION_DATA */
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
- }
-start:
- s->rwstate=SSL_NOTHING;
-
- /* s->s3->rrec.type - is the type of record
- * s->s3->rrec.data, - data
- * s->s3->rrec.off, - offset into 'data' for next read
- * s->s3->rrec.length, - number of bytes. */
- rr = &(s->s3->rrec);
-
- /* get new packet if necessary */
- if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
- {
- ret=ssl3_get_record(s);
- if (ret <= 0) return(ret);
- }
-
- /* we now have a packet which can be read and processed */
-
- if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
- * reset by ssl3_get_finished */
- && (rr->type != SSL3_RT_HANDSHAKE))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
- goto err;
- }
-
- /* If the other end has shut down, throw anything we read away
- * (even in 'peek' mode) */
- if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
- {
- rr->length=0;
- s->rwstate=SSL_NOTHING;
- return(0);
- }
-
-
- if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
- {
- /* make sure that we are not getting application data when we
- * are doing a handshake for the first time */
- if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
- (s->enc_read_ctx == NULL))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
- goto f_err;
- }
-
- if (len <= 0) return(len);
-
- if ((unsigned int)len > rr->length)
- n = rr->length;
- else
- n = (unsigned int)len;
-
- memcpy(buf,&(rr->data[rr->off]),n);
- if (!peek)
- {
- rr->length-=n;
- rr->off+=n;
- if (rr->length == 0)
- {
- s->rstate=SSL_ST_READ_HEADER;
- rr->off=0;
- }
- }
- return(n);
- }
-
-
- /* If we get here, then type != rr->type; if we have a handshake
- * message, then it was unexpected (Hello Request or Client Hello). */
-
- /* In case of record types for which we have 'fragment' storage,
- * fill that so that we can process the data at a fixed place.
- */
- {
- unsigned int dest_maxlen = 0;
- unsigned char *dest = NULL;
- unsigned int *dest_len = NULL;
-
- if (rr->type == SSL3_RT_HANDSHAKE)
- {
- dest_maxlen = sizeof s->s3->handshake_fragment;
- dest = s->s3->handshake_fragment;
- dest_len = &s->s3->handshake_fragment_len;
- }
- else if (rr->type == SSL3_RT_ALERT)
- {
- dest_maxlen = sizeof s->s3->alert_fragment;
- dest = s->s3->alert_fragment;
- dest_len = &s->s3->alert_fragment_len;
- }
-
- if (dest_maxlen > 0)
- {
- n = dest_maxlen - *dest_len; /* available space in 'dest' */
- if (rr->length < n)
- n = rr->length; /* available bytes */
-
- /* now move 'n' bytes: */
- while (n-- > 0)
- {
- dest[(*dest_len)++] = rr->data[rr->off++];
- rr->length--;
- }
-
- if (*dest_len < dest_maxlen)
- goto start; /* fragment was too small */
- }
- }
-
- /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
- * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.
- * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
-
- /* If we are a client, check for an incoming 'Hello Request': */
- if ((!s->server) &&
- (s->s3->handshake_fragment_len >= 4) &&
- (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
- (s->session != NULL) && (s->session->cipher != NULL))
- {
- s->s3->handshake_fragment_len = 0;
-
- if ((s->s3->handshake_fragment[1] != 0) ||
- (s->s3->handshake_fragment[2] != 0) ||
- (s->s3->handshake_fragment[3] != 0))
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
- goto err;
- }
-
- if (SSL_is_init_finished(s) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
- !s->s3->renegotiate)
- {
- ssl3_renegotiate(s);
- if (ssl3_renegotiate_check(s))
- {
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
-
- if (!(s->mode & SSL_MODE_AUTO_RETRY))
- {
- if (s->s3->rbuf.left == 0) /* no read-ahead left? */
- {
- BIO *bio;
- /* In the case where we try to read application data,
- * but we trigger an SSL handshake, we return -1 with
- * the retry option set. Otherwise renegotiation may
- * cause nasty problems in the blocking world */
- s->rwstate=SSL_READING;
- bio=SSL_get_rbio(s);
- BIO_clear_retry_flags(bio);
- BIO_set_retry_read(bio);
- return(-1);
- }
- }
- }
- }
- /* we either finished a handshake or ignored the request,
- * now try again to obtain the (application) data we were asked for */
- goto start;
- }
-
- if (s->s3->alert_fragment_len >= 2)
- {
- int alert_level = s->s3->alert_fragment[0];
- int alert_descr = s->s3->alert_fragment[1];
-
- s->s3->alert_fragment_len = 0;
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- if (cb != NULL)
- {
- j = (alert_level << 8) | alert_descr;
- cb(s, SSL_CB_READ_ALERT, j);
- }
-
- if (alert_level == 1) /* warning */
- {
- s->s3->warn_alert = alert_descr;
- if (alert_descr == SSL_AD_CLOSE_NOTIFY)
- {
- s->shutdown |= SSL_RECEIVED_SHUTDOWN;
- return(0);
- }
- }
- else if (alert_level == 2) /* fatal */
- {
- char tmp[16];
-
- s->rwstate=SSL_NOTHING;
- s->s3->fatal_alert = alert_descr;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
- BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
- ERR_add_error_data(2,"SSL alert number ",tmp);
- s->shutdown|=SSL_RECEIVED_SHUTDOWN;
- SSL_CTX_remove_session(s->ctx,s->session);
- return(0);
- }
- else
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
- goto f_err;
- }
-
- goto start;
- }
-
- if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
- {
- s->rwstate=SSL_NOTHING;
- rr->length=0;
- return(0);
- }
-
- if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
- {
- /* 'Change Cipher Spec' is just a single byte, so we know
- * exactly what the record payload has to look like */
- if ( (rr->length != 1) || (rr->off != 0) ||
- (rr->data[0] != SSL3_MT_CCS))
- {
- i=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
- goto err;
- }
-
- rr->length=0;
- s->s3->change_cipher_spec=1;
- if (!do_change_cipher_spec(s))
- goto err;
- else
- goto start;
- }
-
- /* Unexpected handshake message (Client Hello, or protocol violation) */
- if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake)
- {
- if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
- {
-#if 0 /* worked only because C operator preferences are not as expected (and
- * because this is not really needed for clients except for detecting
- * protocol violations): */
- s->state=SSL_ST_BEFORE|(s->server)
- ?SSL_ST_ACCEPT
- :SSL_ST_CONNECT;
-#else
- s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
-#endif
- s->new_session=1;
- }
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
-
- if (!(s->mode & SSL_MODE_AUTO_RETRY))
- {
- if (s->s3->rbuf.left == 0) /* no read-ahead left? */
- {
- BIO *bio;
- /* In the case where we try to read application data,
- * but we trigger an SSL handshake, we return -1 with
- * the retry option set. Otherwise renegotiation may
- * cause nasty problems in the blocking world */
- s->rwstate=SSL_READING;
- bio=SSL_get_rbio(s);
- BIO_clear_retry_flags(bio);
- BIO_set_retry_read(bio);
- return(-1);
- }
- }
- goto start;
- }
-
- switch (rr->type)
- {
- default:
-#ifndef NO_TLS
- /* TLS just ignores unknown message types */
- if (s->version == TLS1_VERSION)
- {
- rr->length = 0;
- goto start;
- }
-#endif
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
- goto f_err;
- case SSL3_RT_CHANGE_CIPHER_SPEC:
- case SSL3_RT_ALERT:
- case SSL3_RT_HANDSHAKE:
- /* we already handled all of these, with the possible exception
- * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
- * should not happen when type != rr->type */
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_INTERNAL_ERROR);
- goto f_err;
- case SSL3_RT_APPLICATION_DATA:
- /* At this point, we were expecting handshake data,
- * but have application data. If the library was
- * running inside ssl3_read() (i.e. in_read_app_data
- * is set) and it makes sense to read application data
- * at this point (session renegotiation not yet started),
- * we will indulge it.
- */
- if (s->s3->in_read_app_data &&
- (s->s3->total_renegotiations != 0) &&
- ((
- (s->state & SSL_ST_CONNECT) &&
- (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
- (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
- ) || (
- (s->state & SSL_ST_ACCEPT) &&
- (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
- (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
- )
- ))
- {
- s->s3->in_read_app_data=2;
- return(-1);
- }
- else
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
- goto f_err;
- }
- }
- /* not reached */
-
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- return(-1);
- }
-
-static int do_change_cipher_spec(SSL *s)
- {
- int i;
- const char *sender;
- int slen;
-
- if (s->state & SSL_ST_ACCEPT)
- i=SSL3_CHANGE_CIPHER_SERVER_READ;
- else
- i=SSL3_CHANGE_CIPHER_CLIENT_READ;
-
- if (s->s3->tmp.key_block == NULL)
- {
- s->session->cipher=s->s3->tmp.new_cipher;
- if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
- }
-
- if (!s->method->ssl3_enc->change_cipher_state(s,i))
- return(0);
-
- /* we have to record the message digest at
- * this point so we can get it before we read
- * the finished message */
- if (s->state & SSL_ST_CONNECT)
- {
- sender=s->method->ssl3_enc->server_finished_label;
- slen=s->method->ssl3_enc->server_finished_label_len;
- }
- else
- {
- sender=s->method->ssl3_enc->client_finished_label;
- slen=s->method->ssl3_enc->client_finished_label_len;
- }
-
- s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
- &(s->s3->finish_dgst1),
- &(s->s3->finish_dgst2),
- sender,slen,s->s3->tmp.peer_finish_md);
-
- return(1);
- }
-
-void ssl3_send_alert(SSL *s, int level, int desc)
- {
- /* Map tls/ssl alert value to correct one */
- desc=s->method->ssl3_enc->alert_value(desc);
- if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
- desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
- if (desc < 0) return;
- /* If a fatal one, remove from cache */
- if ((level == 2) && (s->session != NULL))
- SSL_CTX_remove_session(s->ctx,s->session);
-
- s->s3->alert_dispatch=1;
- s->s3->send_alert[0]=level;
- s->s3->send_alert[1]=desc;
- if (s->s3->wbuf.left == 0) /* data still being written out? */
- ssl3_dispatch_alert(s);
- /* else data is still being written out, we will get written
- * some time in the future */
- }
-
-int ssl3_dispatch_alert(SSL *s)
- {
- int i,j;
- void (*cb)()=NULL;
-
- s->s3->alert_dispatch=0;
- i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
- if (i <= 0)
- {
- s->s3->alert_dispatch=1;
- }
- else
- {
- /* Alert sent to BIO. If it is important, flush it now.
- * If the message does not get sent due to non-blocking IO,
- * we will not worry too much. */
- if (s->s3->send_alert[0] == SSL3_AL_FATAL)
- (void)BIO_flush(s->wbio);
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- if (cb != NULL)
- {
- j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
- cb(s,SSL_CB_WRITE_ALERT,j);
- }
- }
- return(i);
- }
diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c
deleted file mode 100644
index d211fd48cb40..000000000000
--- a/crypto/openssl/ssl/s3_srvr.c
+++ /dev/null
@@ -1,1864 +0,0 @@
-/* ssl/s3_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define REUSE_CIPHER_BUG
-#define NETSCAPE_HANG_BUG
-
-
-#include <stdio.h>
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include "ssl_locl.h"
-#include "cryptlib.h"
-
-static SSL_METHOD *ssl3_get_server_method(int ver);
-static int ssl3_get_client_hello(SSL *s);
-static int ssl3_check_client_hello(SSL *s);
-static int ssl3_send_server_hello(SSL *s);
-static int ssl3_send_server_key_exchange(SSL *s);
-static int ssl3_send_certificate_request(SSL *s);
-static int ssl3_send_server_done(SSL *s);
-static int ssl3_get_client_key_exchange(SSL *s);
-static int ssl3_get_client_certificate(SSL *s);
-static int ssl3_get_cert_verify(SSL *s);
-static int ssl3_send_hello_request(SSL *s);
-
-static SSL_METHOD *ssl3_get_server_method(int ver)
- {
- if (ver == SSL3_VERSION)
- return(SSLv3_server_method());
- else
- return(NULL);
- }
-
-SSL_METHOD *SSLv3_server_method(void)
- {
- static int init=1;
- static SSL_METHOD SSLv3_server_data;
-
- if (init)
- {
- memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
- sizeof(SSL_METHOD));
- SSLv3_server_data.ssl_accept=ssl3_accept;
- SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
- init=0;
- }
- return(&SSLv3_server_data);
- }
-
-int ssl3_accept(SSL *s)
- {
- BUF_MEM *buf;
- unsigned long l,Time=time(NULL);
- void (*cb)()=NULL;
- long num1;
- int ret= -1;
- int new_state,state,skip=0;
-
- RAND_add(&Time,sizeof(Time),0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- /* init things to blank */
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
- if (s->cert == NULL)
- {
- SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
- return(-1);
- }
-
- for (;;)
- {
- state=s->state;
-
- switch (s->state)
- {
- case SSL_ST_RENEGOTIATE:
- s->new_session=1;
- /* s->state=SSL_ST_ACCEPT; */
-
- case SSL_ST_BEFORE:
- case SSL_ST_ACCEPT:
- case SSL_ST_BEFORE|SSL_ST_ACCEPT:
- case SSL_ST_OK|SSL_ST_ACCEPT:
-
- s->server=1;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
- if ((s->version>>8) != 3)
- {
- SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_INTERNAL_ERROR);
- return -1;
- }
- s->type=SSL_ST_ACCEPT;
-
- if (s->init_buf == NULL)
- {
- if ((buf=BUF_MEM_new()) == NULL)
- {
- ret= -1;
- goto end;
- }
- if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
- {
- ret= -1;
- goto end;
- }
- s->init_buf=buf;
- }
-
- if (!ssl3_setup_buffers(s))
- {
- ret= -1;
- goto end;
- }
-
- s->init_num=0;
-
- if (s->state != SSL_ST_RENEGOTIATE)
- {
- /* Ok, we now need to push on a buffering BIO so that
- * the output is sent in a way that TCP likes :-)
- */
- if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
-
- ssl3_init_finished_mac(s);
- s->state=SSL3_ST_SR_CLNT_HELLO_A;
- s->ctx->stats.sess_accept++;
- }
- else
- {
- /* s->state == SSL_ST_RENEGOTIATE,
- * we will just send a HelloRequest */
- s->ctx->stats.sess_accept_renegotiate++;
- s->state=SSL3_ST_SW_HELLO_REQ_A;
- }
- break;
-
- case SSL3_ST_SW_HELLO_REQ_A:
- case SSL3_ST_SW_HELLO_REQ_B:
-
- s->shutdown=0;
- ret=ssl3_send_hello_request(s);
- if (ret <= 0) goto end;
- s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
- s->state=SSL3_ST_SW_FLUSH;
- s->init_num=0;
-
- ssl3_init_finished_mac(s);
- break;
-
- case SSL3_ST_SW_HELLO_REQ_C:
- s->state=SSL_ST_OK;
- break;
-
- case SSL3_ST_SR_CLNT_HELLO_A:
- case SSL3_ST_SR_CLNT_HELLO_B:
- case SSL3_ST_SR_CLNT_HELLO_C:
-
- s->shutdown=0;
- ret=ssl3_get_client_hello(s);
- if (ret <= 0) goto end;
- s->new_session = 2;
- s->state=SSL3_ST_SW_SRVR_HELLO_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_SRVR_HELLO_A:
- case SSL3_ST_SW_SRVR_HELLO_B:
- ret=ssl3_send_server_hello(s);
- if (ret <= 0) goto end;
-
- if (s->hit)
- s->state=SSL3_ST_SW_CHANGE_A;
- else
- s->state=SSL3_ST_SW_CERT_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_CERT_A:
- case SSL3_ST_SW_CERT_B:
- /* Check if it is anon DH */
- if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
- {
- ret=ssl3_send_server_certificate(s);
- if (ret <= 0) goto end;
- }
- else
- skip=1;
- s->state=SSL3_ST_SW_KEY_EXCH_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_KEY_EXCH_A:
- case SSL3_ST_SW_KEY_EXCH_B:
- l=s->s3->tmp.new_cipher->algorithms;
-
- /* clear this, it may get reset by
- * send_server_key_exchange */
- if (s->options & SSL_OP_EPHEMERAL_RSA)
- s->s3->tmp.use_rsa_tmp=1;
- else
- s->s3->tmp.use_rsa_tmp=0;
-
- /* only send if a DH key exchange, fortezza or
- * RSA but we have a sign only certificate */
- if (s->s3->tmp.use_rsa_tmp
- || (l & (SSL_DH|SSL_kFZA))
- || ((l & SSL_kRSA)
- && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
- || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
- && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
- )
- )
- )
- )
- {
- ret=ssl3_send_server_key_exchange(s);
- if (ret <= 0) goto end;
- }
- else
- skip=1;
-
- s->state=SSL3_ST_SW_CERT_REQ_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_CERT_REQ_A:
- case SSL3_ST_SW_CERT_REQ_B:
- if (/* don't request cert unless asked for it: */
- !(s->verify_mode & SSL_VERIFY_PEER) ||
- /* if SSL_VERIFY_CLIENT_ONCE is set,
- * don't request cert during re-negotiation: */
- ((s->session->peer != NULL) &&
- (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
- /* never request cert in anonymous ciphersuites
- * (see section "Certificate request" in SSL 3 drafts
- * and in RFC 2246): */
- ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
- /* ... except when the application insists on verification
- * (against the specs, but s3_clnt.c accepts this for SSL 3) */
- !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)))
- {
- /* no cert request */
- skip=1;
- s->s3->tmp.cert_request=0;
- s->state=SSL3_ST_SW_SRVR_DONE_A;
- }
- else
- {
- s->s3->tmp.cert_request=1;
- ret=ssl3_send_certificate_request(s);
- if (ret <= 0) goto end;
-#ifndef NETSCAPE_HANG_BUG
- s->state=SSL3_ST_SW_SRVR_DONE_A;
-#else
- s->state=SSL3_ST_SW_FLUSH;
- s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
-#endif
- s->init_num=0;
- }
- break;
-
- case SSL3_ST_SW_SRVR_DONE_A:
- case SSL3_ST_SW_SRVR_DONE_B:
- ret=ssl3_send_server_done(s);
- if (ret <= 0) goto end;
- s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
- s->state=SSL3_ST_SW_FLUSH;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_FLUSH:
- /* number of bytes to be flushed */
- num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
- if (num1 > 0)
- {
- s->rwstate=SSL_WRITING;
- num1=BIO_flush(s->wbio);
- if (num1 <= 0) { ret= -1; goto end; }
- s->rwstate=SSL_NOTHING;
- }
-
- s->state=s->s3->tmp.next_state;
- break;
-
- case SSL3_ST_SR_CERT_A:
- case SSL3_ST_SR_CERT_B:
- /* Check for second client hello (MS SGC) */
- ret = ssl3_check_client_hello(s);
- if (ret <= 0)
- goto end;
- if (ret == 2)
- s->state = SSL3_ST_SR_CLNT_HELLO_C;
- else {
- /* could be sent for a DH cert, even if we
- * have not asked for it :-) */
- ret=ssl3_get_client_certificate(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL3_ST_SR_KEY_EXCH_A;
- }
- break;
-
- case SSL3_ST_SR_KEY_EXCH_A:
- case SSL3_ST_SR_KEY_EXCH_B:
- ret=ssl3_get_client_key_exchange(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SR_CERT_VRFY_A;
- s->init_num=0;
-
- /* We need to get hashes here so if there is
- * a client cert, it can be verified */
- s->method->ssl3_enc->cert_verify_mac(s,
- &(s->s3->finish_dgst1),
- &(s->s3->tmp.cert_verify_md[0]));
- s->method->ssl3_enc->cert_verify_mac(s,
- &(s->s3->finish_dgst2),
- &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
-
- break;
-
- case SSL3_ST_SR_CERT_VRFY_A:
- case SSL3_ST_SR_CERT_VRFY_B:
-
- /* we should decide if we expected this one */
- ret=ssl3_get_cert_verify(s);
- if (ret <= 0) goto end;
-
- s->state=SSL3_ST_SR_FINISHED_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SR_FINISHED_A:
- case SSL3_ST_SR_FINISHED_B:
- ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
- SSL3_ST_SR_FINISHED_B);
- if (ret <= 0) goto end;
- if (s->hit)
- s->state=SSL_ST_OK;
- else
- s->state=SSL3_ST_SW_CHANGE_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_CHANGE_A:
- case SSL3_ST_SW_CHANGE_B:
-
- s->session->cipher=s->s3->tmp.new_cipher;
- if (!s->method->ssl3_enc->setup_key_block(s))
- { ret= -1; goto end; }
-
- ret=ssl3_send_change_cipher_spec(s,
- SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
-
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SW_FINISHED_A;
- s->init_num=0;
-
- if (!s->method->ssl3_enc->change_cipher_state(s,
- SSL3_CHANGE_CIPHER_SERVER_WRITE))
- {
- ret= -1;
- goto end;
- }
-
- break;
-
- case SSL3_ST_SW_FINISHED_A:
- case SSL3_ST_SW_FINISHED_B:
- ret=ssl3_send_finished(s,
- SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
- s->method->ssl3_enc->server_finished_label,
- s->method->ssl3_enc->server_finished_label_len);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SW_FLUSH;
- if (s->hit)
- s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
- else
- s->s3->tmp.next_state=SSL_ST_OK;
- s->init_num=0;
- break;
-
- case SSL_ST_OK:
- /* clean a few things up */
- ssl3_cleanup_key_block(s);
-
- BUF_MEM_free(s->init_buf);
- s->init_buf=NULL;
-
- /* remove buffering on output */
- ssl_free_wbio_buffer(s);
-
- s->init_num=0;
-
- if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
- {
- /* actually not necessarily a 'new' session */
-
- s->new_session=0;
-
- ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
-
- s->ctx->stats.sess_accept_good++;
- /* s->server=1; */
- s->handshake_func=ssl3_accept;
-
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
- }
-
- ret = 1;
- goto end;
- /* break; */
-
- default:
- SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE);
- ret= -1;
- goto end;
- /* break; */
- }
-
- if (!s->s3->tmp.reuse_message && !skip)
- {
- if (s->debug)
- {
- if ((ret=BIO_flush(s->wbio)) <= 0)
- goto end;
- }
-
-
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_ACCEPT_LOOP,1);
- s->state=new_state;
- }
- }
- skip=0;
- }
-end:
- /* BIO_flush(s->wbio); */
-
- s->in_handshake--;
- if (cb != NULL)
- cb(s,SSL_CB_ACCEPT_EXIT,ret);
- return(ret);
- }
-
-static int ssl3_send_hello_request(SSL *s)
- {
- unsigned char *p;
-
- if (s->state == SSL3_ST_SW_HELLO_REQ_A)
- {
- p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL3_MT_HELLO_REQUEST;
- *(p++)=0;
- *(p++)=0;
- *(p++)=0;
-
- s->state=SSL3_ST_SW_HELLO_REQ_B;
- /* number of bytes to write */
- s->init_num=4;
- s->init_off=0;
- }
-
- /* SSL3_ST_SW_HELLO_REQ_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-static int ssl3_check_client_hello(SSL *s)
- {
- int ok;
- long n;
-
- /* this function is called when we really expect a Certificate message,
- * so permit appropriate message length */
- n=ssl3_get_message(s,
- SSL3_ST_SR_CERT_A,
- SSL3_ST_SR_CERT_B,
- -1,
-#if defined(MSDOS) && !defined(WIN32)
- 1024*30, /* 30k max cert list :-) */
-#else
- 1024*100, /* 100k max cert list :-) */
-#endif
- &ok);
- if (!ok) return((int)n);
- s->s3->tmp.reuse_message = 1;
- if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
- {
- /* Throw away what we have done so far in the current handshake,
- * which will now be aborted. (A full SSL_clear would be too much.)
- * I hope that tmp.dh is the only thing that may need to be cleared
- * when a handshake is not completed ... */
-#ifndef NO_DH
- if (s->s3->tmp.dh != NULL)
- {
- DH_free(s->s3->tmp.dh);
- s->s3->tmp.dh = NULL;
- }
-#endif
- return 2;
- }
- return 1;
-}
-
-static int ssl3_get_client_hello(SSL *s)
- {
- int i,j,ok,al,ret= -1;
- long n;
- unsigned long id;
- unsigned char *p,*d,*q;
- SSL_CIPHER *c;
- SSL_COMP *comp=NULL;
- STACK_OF(SSL_CIPHER) *ciphers=NULL;
-
- /* We do this so that we will respond with our native type.
- * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
- * This down switching should be handled by a different method.
- * If we are SSLv3, we will respond with SSLv3, even if prompted with
- * TLSv1.
- */
- if (s->state == SSL3_ST_SR_CLNT_HELLO_A)
- {
- s->first_packet=1;
- s->state=SSL3_ST_SR_CLNT_HELLO_B;
- }
- n=ssl3_get_message(s,
- SSL3_ST_SR_CLNT_HELLO_B,
- SSL3_ST_SR_CLNT_HELLO_C,
- SSL3_MT_CLIENT_HELLO,
- SSL3_RT_MAX_PLAIN_LENGTH,
- &ok);
-
- if (!ok) return((int)n);
- d=p=(unsigned char *)s->init_buf->data;
-
- /* use version from inside client hello, not from record header
- * (may differ: see RFC 2246, Appendix E, second paragraph) */
- s->client_version=(((int)p[0])<<8)|(int)p[1];
- p+=2;
-
- if (s->client_version < s->version)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
- if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
- {
- /* similar to ssl3_get_record, send alert using remote version number */
- s->version = s->client_version;
- }
- al = SSL_AD_PROTOCOL_VERSION;
- goto f_err;
- }
-
- /* load the client random */
- memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
-
- /* get the session-id */
- j= *(p++);
-
- s->hit=0;
- if (j == 0)
- {
- if (!ssl_get_new_session(s,1))
- goto err;
- }
- else
- {
- i=ssl_get_prev_session(s,p,j);
- if (i == 1)
- { /* previous session */
- s->hit=1;
- }
- else if (i == -1)
- goto err;
- else /* i == 0 */
- {
- if (!ssl_get_new_session(s,1))
- goto err;
- }
- }
-
- p+=j;
- n2s(p,i);
- if ((i == 0) && (j != 0))
- {
- /* we need a cipher if we are not resuming a session */
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
- goto f_err;
- }
- if ((p+i) >= (d+n))
- {
- /* not enough data */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- if ((i > 0) && (ssl_bytes_to_cipher_list(s,p,i,&(ciphers))
- == NULL))
- {
- goto err;
- }
- p+=i;
-
- /* If it is a hit, check that the cipher is in the list */
- if ((s->hit) && (i > 0))
- {
- j=0;
- id=s->session->cipher->id;
-
-#ifdef CIPHER_DEBUG
- printf("client sent %d ciphers\n",sk_num(ciphers));
-#endif
- for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++)
- {
- c=sk_SSL_CIPHER_value(ciphers,i);
-#ifdef CIPHER_DEBUG
- printf("client [%2d of %2d]:%s\n",
- i,sk_num(ciphers),SSL_CIPHER_get_name(c));
-#endif
- if (c->id == id)
- {
- j=1;
- break;
- }
- }
- if (j == 0)
- {
- if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
- {
- /* Very bad for multi-threading.... */
- s->session->cipher=sk_SSL_CIPHER_value(ciphers,
- 0);
- }
- else
- {
- /* we need to have the cipher in the cipher
- * list if we are asked to reuse it */
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
- goto f_err;
- }
- }
- }
-
- /* compression */
- i= *(p++);
- if ((p+i) > (d+n))
- {
- /* not enough data */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- q=p;
- for (j=0; j<i; j++)
- {
- if (p[j] == 0) break;
- }
-
- p+=i;
- if (j >= i)
- {
- /* no compress */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_COMPRESSION_SPECIFIED);
- goto f_err;
- }
-
- /* Worst case, we will use the NULL compression, but if we have other
- * options, we will now look for them. We have i-1 compression
- * algorithms from the client, starting at q. */
- s->s3->tmp.new_compression=NULL;
- if (s->ctx->comp_methods != NULL)
- { /* See if we have a match */
- int m,nn,o,v,done=0;
-
- nn=sk_SSL_COMP_num(s->ctx->comp_methods);
- for (m=0; m<nn; m++)
- {
- comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
- v=comp->id;
- for (o=0; o<i; o++)
- {
- if (v == q[o])
- {
- done=1;
- break;
- }
- }
- if (done) break;
- }
- if (done)
- s->s3->tmp.new_compression=comp;
- else
- comp=NULL;
- }
-
- /* TLS does not mind if there is extra stuff */
- if (s->version == SSL3_VERSION)
- {
- if (p < (d+n))
- {
- /* wrong number of bytes,
- * there could be more to follow */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- }
-
- /* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must
- * pick a cipher */
-
- if (!s->hit)
- {
- s->session->compress_meth=(comp == NULL)?0:comp->id;
- if (s->session->ciphers != NULL)
- sk_SSL_CIPHER_free(s->session->ciphers);
- s->session->ciphers=ciphers;
- if (ciphers == NULL)
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
- goto f_err;
- }
- ciphers=NULL;
- c=ssl3_choose_cipher(s,s->session->ciphers,
- ssl_get_ciphers_by_id(s));
-
- if (c == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
- goto f_err;
- }
- s->s3->tmp.new_cipher=c;
- }
- else
- {
- /* Session-id reuse */
-#ifdef REUSE_CIPHER_BUG
- STACK_OF(SSL_CIPHER) *sk;
- SSL_CIPHER *nc=NULL;
- SSL_CIPHER *ec=NULL;
-
- if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
- {
- sk=s->session->ciphers;
- for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
- {
- c=sk_SSL_CIPHER_value(sk,i);
- if (c->algorithms & SSL_eNULL)
- nc=c;
- if (SSL_C_IS_EXPORT(c))
- ec=c;
- }
- if (nc != NULL)
- s->s3->tmp.new_cipher=nc;
- else if (ec != NULL)
- s->s3->tmp.new_cipher=ec;
- else
- s->s3->tmp.new_cipher=s->session->cipher;
- }
- else
-#endif
- s->s3->tmp.new_cipher=s->session->cipher;
- }
-
- /* we now have the following setup.
- * client_random
- * cipher_list - our prefered list of ciphers
- * ciphers - the clients prefered list of ciphers
- * compression - basically ignored right now
- * ssl version is set - sslv3
- * s->session - The ssl session has been setup.
- * s->hit - session reuse flag
- * s->tmp.new_cipher - the new cipher to use.
- */
-
- ret=1;
- if (0)
- {
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- }
-err:
- if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers);
- return(ret);
- }
-
-static int ssl3_send_server_hello(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
- int i,sl;
- unsigned long l,Time;
-
- if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
- {
- buf=(unsigned char *)s->init_buf->data;
- p=s->s3->server_random;
- Time=time(NULL); /* Time */
- l2n(Time,p);
- RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
- /* Do the message type and length last */
- d=p= &(buf[4]);
-
- *(p++)=s->version>>8;
- *(p++)=s->version&0xff;
-
- /* Random stuff */
- memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
-
- /* now in theory we have 3 options to sending back the
- * session id. If it is a re-use, we send back the
- * old session-id, if it is a new session, we send
- * back the new session-id or we send back a 0 length
- * session-id if we want it to be single use.
- * Currently I will not implement the '0' length session-id
- * 12-Jan-98 - I'll now support the '0' length stuff.
- */
- if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
- s->session->session_id_length=0;
-
- sl=s->session->session_id_length;
- die(sl <= sizeof s->session->session_id);
- *(p++)=sl;
- memcpy(p,s->session->session_id,sl);
- p+=sl;
-
- /* put the cipher */
- i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
- p+=i;
-
- /* put the compression method */
- if (s->s3->tmp.new_compression == NULL)
- *(p++)=0;
- else
- *(p++)=s->s3->tmp.new_compression->id;
-
- /* do the header */
- l=(p-d);
- d=buf;
- *(d++)=SSL3_MT_SERVER_HELLO;
- l2n3(l,d);
-
- s->state=SSL3_ST_CW_CLNT_HELLO_B;
- /* number of bytes to write */
- s->init_num=p-buf;
- s->init_off=0;
- }
-
- /* SSL3_ST_CW_CLNT_HELLO_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-static int ssl3_send_server_done(SSL *s)
- {
- unsigned char *p;
-
- if (s->state == SSL3_ST_SW_SRVR_DONE_A)
- {
- p=(unsigned char *)s->init_buf->data;
-
- /* do the header */
- *(p++)=SSL3_MT_SERVER_DONE;
- *(p++)=0;
- *(p++)=0;
- *(p++)=0;
-
- s->state=SSL3_ST_SW_SRVR_DONE_B;
- /* number of bytes to write */
- s->init_num=4;
- s->init_off=0;
- }
-
- /* SSL3_ST_CW_CLNT_HELLO_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-static int ssl3_send_server_key_exchange(SSL *s)
- {
-#ifndef NO_RSA
- unsigned char *q;
- int j,num;
- RSA *rsa;
- unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
- unsigned int u;
-#endif
-#ifndef NO_DH
- DH *dh=NULL,*dhp;
-#endif
- EVP_PKEY *pkey;
- unsigned char *p,*d;
- int al,i;
- unsigned long type;
- int n;
- CERT *cert;
- BIGNUM *r[4];
- int nr[4],kn;
- BUF_MEM *buf;
- EVP_MD_CTX md_ctx;
-
- if (s->state == SSL3_ST_SW_KEY_EXCH_A)
- {
- type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
- cert=s->cert;
-
- buf=s->init_buf;
-
- r[0]=r[1]=r[2]=r[3]=NULL;
- n=0;
-#ifndef NO_RSA
- if (type & SSL_kRSA)
- {
- rsa=cert->rsa_tmp;
- if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
- {
- rsa=s->cert->rsa_tmp_cb(s,
- SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
- SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
- if(rsa == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
- goto f_err;
- }
- CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
- cert->rsa_tmp=rsa;
- }
- if (rsa == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
- goto f_err;
- }
- r[0]=rsa->n;
- r[1]=rsa->e;
- s->s3->tmp.use_rsa_tmp=1;
- }
- else
-#endif
-#ifndef NO_DH
- if (type & SSL_kEDH)
- {
- dhp=cert->dh_tmp;
- if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
- dhp=s->cert->dh_tmp_cb(s,
- SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
- SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
- if (dhp == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
- goto f_err;
- }
-
- if (s->s3->tmp.dh != NULL)
- {
- DH_free(dh);
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_INTERNAL_ERROR);
- goto err;
- }
-
- if ((dh=DHparams_dup(dhp)) == NULL)
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
-
- s->s3->tmp.dh=dh;
- if ((dhp->pub_key == NULL ||
- dhp->priv_key == NULL ||
- (s->options & SSL_OP_SINGLE_DH_USE)))
- {
- if(!DH_generate_key(dh))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
- ERR_R_DH_LIB);
- goto err;
- }
- }
- else
- {
- dh->pub_key=BN_dup(dhp->pub_key);
- dh->priv_key=BN_dup(dhp->priv_key);
- if ((dh->pub_key == NULL) ||
- (dh->priv_key == NULL))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
- }
- r[0]=dh->p;
- r[1]=dh->g;
- r[2]=dh->pub_key;
- }
- else
-#endif
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
- goto f_err;
- }
- for (i=0; r[i] != NULL; i++)
- {
- nr[i]=BN_num_bytes(r[i]);
- n+=2+nr[i];
- }
-
- if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
- {
- if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
- == NULL)
- {
- al=SSL_AD_DECODE_ERROR;
- goto f_err;
- }
- kn=EVP_PKEY_size(pkey);
- }
- else
- {
- pkey=NULL;
- kn=0;
- }
-
- if (!BUF_MEM_grow(buf,n+4+kn))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
- goto err;
- }
- d=(unsigned char *)s->init_buf->data;
- p= &(d[4]);
-
- for (i=0; r[i] != NULL; i++)
- {
- s2n(nr[i],p);
- BN_bn2bin(r[i],p);
- p+=nr[i];
- }
-
- /* not anonymous */
- if (pkey != NULL)
- {
- /* n is the length of the params, they start at &(d[4])
- * and p points to the space at the end. */
-#ifndef NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- {
- q=md_buf;
- j=0;
- for (num=2; num > 0; num--)
- {
- EVP_DigestInit(&md_ctx,(num == 2)
- ?s->ctx->md5:s->ctx->sha1);
- EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx,&(d[4]),n);
- EVP_DigestFinal(&md_ctx,q,
- (unsigned int *)&i);
- q+=i;
- j+=i;
- }
- if (RSA_sign(NID_md5_sha1, md_buf, j,
- &(p[2]), &u, pkey->pkey.rsa) <= 0)
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
- goto err;
- }
- s2n(u,p);
- n+=u+2;
- }
- else
-#endif
-#if !defined(NO_DSA)
- if (pkey->type == EVP_PKEY_DSA)
- {
- /* lets do DSS */
- EVP_SignInit(&md_ctx,EVP_dss1());
- EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_SignUpdate(&md_ctx,&(d[4]),n);
- if (!EVP_SignFinal(&md_ctx,&(p[2]),
- (unsigned int *)&i,pkey))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
- goto err;
- }
- s2n(i,p);
- n+=i+2;
- }
- else
-#endif
- {
- /* Is this error check actually needed? */
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
- goto f_err;
- }
- }
-
- *(d++)=SSL3_MT_SERVER_KEY_EXCHANGE;
- l2n3(n,d);
-
- /* we should now have things packed up, so lets send
- * it off */
- s->init_num=n+4;
- s->init_off=0;
- }
-
- s->state = SSL3_ST_SW_KEY_EXCH_B;
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- return(-1);
- }
-
-static int ssl3_send_certificate_request(SSL *s)
- {
- unsigned char *p,*d;
- int i,j,nl,off,n;
- STACK_OF(X509_NAME) *sk=NULL;
- X509_NAME *name;
- BUF_MEM *buf;
-
- if (s->state == SSL3_ST_SW_CERT_REQ_A)
- {
- buf=s->init_buf;
-
- d=p=(unsigned char *)&(buf->data[4]);
-
- /* get the list of acceptable cert types */
- p++;
- n=ssl3_get_req_cert_type(s,p);
- d[0]=n;
- p+=n;
- n++;
-
- off=n;
- p+=2;
- n+=2;
-
- sk=SSL_get_client_CA_list(s);
- nl=0;
- if (sk != NULL)
- {
- for (i=0; i<sk_X509_NAME_num(sk); i++)
- {
- name=sk_X509_NAME_value(sk,i);
- j=i2d_X509_NAME(name,NULL);
- if (!BUF_MEM_grow(buf,4+n+j+2))
- {
- SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
- goto err;
- }
- p=(unsigned char *)&(buf->data[4+n]);
- if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
- {
- s2n(j,p);
- i2d_X509_NAME(name,&p);
- n+=2+j;
- nl+=2+j;
- }
- else
- {
- d=p;
- i2d_X509_NAME(name,&p);
- j-=2; s2n(j,d); j+=2;
- n+=j;
- nl+=j;
- }
- }
- }
- /* else no CA names */
- p=(unsigned char *)&(buf->data[4+off]);
- s2n(nl,p);
-
- d=(unsigned char *)buf->data;
- *(d++)=SSL3_MT_CERTIFICATE_REQUEST;
- l2n3(n,d);
-
- /* we should now have things packed up, so lets send
- * it off */
-
- s->init_num=n+4;
- s->init_off=0;
-#ifdef NETSCAPE_HANG_BUG
- p=(unsigned char *)s->init_buf->data + s->init_num;
-
- /* do the header */
- *(p++)=SSL3_MT_SERVER_DONE;
- *(p++)=0;
- *(p++)=0;
- *(p++)=0;
- s->init_num += 4;
-#endif
-
- }
-
- /* SSL3_ST_SW_CERT_REQ_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-err:
- return(-1);
- }
-
-static int ssl3_get_client_key_exchange(SSL *s)
- {
- int i,al,ok;
- long n;
- unsigned long l;
- unsigned char *p;
-#ifndef NO_RSA
- RSA *rsa=NULL;
- EVP_PKEY *pkey=NULL;
-#endif
-#ifndef NO_DH
- BIGNUM *pub=NULL;
- DH *dh_srvr;
-#endif
-
- n=ssl3_get_message(s,
- SSL3_ST_SR_KEY_EXCH_A,
- SSL3_ST_SR_KEY_EXCH_B,
- SSL3_MT_CLIENT_KEY_EXCHANGE,
- 2048, /* ???? */
- &ok);
-
- if (!ok) return((int)n);
- p=(unsigned char *)s->init_buf->data;
-
- l=s->s3->tmp.new_cipher->algorithms;
-
-#ifndef NO_RSA
- if (l & SSL_kRSA)
- {
- /* FIX THIS UP EAY EAY EAY EAY */
- if (s->s3->tmp.use_rsa_tmp)
- {
- if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
- rsa=s->cert->rsa_tmp;
- /* Don't do a callback because rsa_tmp should
- * be sent already */
- if (rsa == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_PKEY);
- goto f_err;
-
- }
- }
- else
- {
- pkey=s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
- if ( (pkey == NULL) ||
- (pkey->type != EVP_PKEY_RSA) ||
- (pkey->pkey.rsa == NULL))
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_RSA_CERTIFICATE);
- goto f_err;
- }
- rsa=pkey->pkey.rsa;
- }
-
- /* TLS */
- if (s->version > SSL3_VERSION)
- {
- n2s(p,i);
- if (n != i+2)
- {
- if (!(s->options & SSL_OP_TLS_D5_BUG))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
- goto err;
- }
- else
- p-=2;
- }
- else
- n=i;
- }
-
- i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
-
- al = -1;
-
- if (i != SSL_MAX_MASTER_KEY_LENGTH)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
- }
-
- if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
- {
- /* The premaster secret must contain the same version number as the
- * ClientHello to detect version rollback attacks (strangely, the
- * protocol does not offer such protection for DH ciphersuites).
- * However, buggy clients exist that send the negotiated protocol
- * version instead if the server does not support the requested
- * protocol version.
- * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */
- if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
- (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
- goto f_err;
- }
- }
-
- if (al != -1)
- {
-#if 0
- goto f_err;
-#else
- /* Some decryption failure -- use random value instead as countermeasure
- * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
- * (see RFC 2246, section 7.4.7.1).
- * But note that due to length and protocol version checking, the
- * attack is impractical anyway (see section 5 in D. Bleichenbacher:
- * "Chosen Ciphertext Attacks Against Protocols Based on the RSA
- * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12).
- */
- ERR_clear_error();
- i = SSL_MAX_MASTER_KEY_LENGTH;
- p[0] = s->client_version >> 8;
- p[1] = s->client_version & 0xff;
- RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */
-#endif
- }
-
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,
- p,i);
- memset(p,0,i);
- }
- else
-#endif
-#ifndef NO_DH
- if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
- {
- n2s(p,i);
- if (n != i+2)
- {
- if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
- goto err;
- }
- else
- {
- p-=2;
- i=(int)n;
- }
- }
-
- if (n == 0L) /* the parameters are in the cert */
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_DECODE_DH_CERTS);
- goto f_err;
- }
- else
- {
- if (s->s3->tmp.dh == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
- goto f_err;
- }
- else
- dh_srvr=s->s3->tmp.dh;
- }
-
- pub=BN_bin2bn(p,i,NULL);
- if (pub == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BN_LIB);
- goto err;
- }
-
- i=DH_compute_key(p,pub,dh_srvr);
-
- if (i <= 0)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
-
- DH_free(s->s3->tmp.dh);
- s->s3->tmp.dh=NULL;
-
- BN_clear_free(pub);
- pub=NULL;
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,p,i);
- memset(p,0,i);
- }
- else
-#endif
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNKNOWN_CIPHER_TYPE);
- goto f_err;
- }
-
- return(1);
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-#if !defined(NO_DH) || !defined(NO_RSA)
-err:
-#endif
- return(-1);
- }
-
-static int ssl3_get_cert_verify(SSL *s)
- {
- EVP_PKEY *pkey=NULL;
- unsigned char *p;
- int al,ok,ret=0;
- long n;
- int type=0,i,j;
- X509 *peer;
-
- n=ssl3_get_message(s,
- SSL3_ST_SR_CERT_VRFY_A,
- SSL3_ST_SR_CERT_VRFY_B,
- -1,
- 512, /* 512? */
- &ok);
-
- if (!ok) return((int)n);
-
- if (s->session->peer != NULL)
- {
- peer=s->session->peer;
- pkey=X509_get_pubkey(peer);
- type=X509_certificate_type(peer,pkey);
- }
- else
- {
- peer=NULL;
- pkey=NULL;
- }
-
- if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
- {
- s->s3->tmp.reuse_message=1;
- if ((peer != NULL) && (type | EVP_PKT_SIGN))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
- goto f_err;
- }
- ret=1;
- goto end;
- }
-
- if (peer == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_NO_CLIENT_CERT_RECEIVED);
- al=SSL_AD_UNEXPECTED_MESSAGE;
- goto f_err;
- }
-
- if (!(type & EVP_PKT_SIGN))
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
- al=SSL_AD_ILLEGAL_PARAMETER;
- goto f_err;
- }
-
- if (s->s3->change_cipher_spec)
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
- al=SSL_AD_UNEXPECTED_MESSAGE;
- goto f_err;
- }
-
- /* we now have a signature that we need to verify */
- p=(unsigned char *)s->init_buf->data;
- n2s(p,i);
- n-=2;
- if (i > n)
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH);
- al=SSL_AD_DECODE_ERROR;
- goto f_err;
- }
-
- j=EVP_PKEY_size(pkey);
- if ((i > j) || (n > j) || (n <= 0))
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_SIZE);
- al=SSL_AD_DECODE_ERROR;
- goto f_err;
- }
-
-#ifndef NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- {
- i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
- MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i,
- pkey->pkey.rsa);
- if (i < 0)
- {
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT);
- goto f_err;
- }
- if (i == 0)
- {
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE);
- goto f_err;
- }
- }
- else
-#endif
-#ifndef NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- {
- j=DSA_verify(pkey->save_type,
- &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
- if (j <= 0)
- {
- /* bad signature */
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_DSA_SIGNATURE);
- goto f_err;
- }
- }
- else
-#endif
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_INTERNAL_ERROR);
- al=SSL_AD_UNSUPPORTED_CERTIFICATE;
- goto f_err;
- }
-
-
- ret=1;
- if (0)
- {
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- }
-end:
- EVP_PKEY_free(pkey);
- return(ret);
- }
-
-static int ssl3_get_client_certificate(SSL *s)
- {
- int i,ok,al,ret= -1;
- X509 *x=NULL;
- unsigned long l,nc,llen,n;
- unsigned char *p,*d,*q;
- STACK_OF(X509) *sk=NULL;
-
- n=ssl3_get_message(s,
- SSL3_ST_SR_CERT_A,
- SSL3_ST_SR_CERT_B,
- -1,
-#if defined(MSDOS) && !defined(WIN32)
- 1024*30, /* 30k max cert list :-) */
-#else
- 1024*100, /* 100k max cert list :-) */
-#endif
- &ok);
-
- if (!ok) return((int)n);
-
- if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE)
- {
- if ( (s->verify_mode & SSL_VERIFY_PEER) &&
- (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
- al=SSL_AD_HANDSHAKE_FAILURE;
- goto f_err;
- }
- /* If tls asked for a client cert, the client must return a 0 list */
- if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
- al=SSL_AD_UNEXPECTED_MESSAGE;
- goto f_err;
- }
- s->s3->tmp.reuse_message=1;
- return(1);
- }
-
- if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
- goto f_err;
- }
- d=p=(unsigned char *)s->init_buf->data;
-
- if ((sk=sk_X509_new_null()) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- n2l3(p,llen);
- if (llen+3 != n)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- for (nc=0; nc<llen; )
- {
- n2l3(p,l);
- if ((l+nc+3) > llen)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
- goto f_err;
- }
-
- q=p;
- x=d2i_X509(NULL,&p,l);
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_ASN1_LIB);
- goto err;
- }
- if (p != (q+l))
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
- goto f_err;
- }
- if (!sk_X509_push(sk,x))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- x=NULL;
- nc+=l+3;
- }
-
- if (sk_X509_num(sk) <= 0)
- {
- /* TLS does not mind 0 certs returned */
- if (s->version == SSL3_VERSION)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATES_RETURNED);
- goto f_err;
- }
- /* Fail for TLS only if we required a certificate */
- else if ((s->verify_mode & SSL_VERIFY_PEER) &&
- (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
- al=SSL_AD_HANDSHAKE_FAILURE;
- goto f_err;
- }
- }
- else
- {
- i=ssl_verify_cert_chain(s,sk);
- if (!i)
- {
- al=ssl_verify_alarm_type(s->verify_result);
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
- goto f_err;
- }
- }
-
- if (s->session->peer != NULL) /* This should not be needed */
- X509_free(s->session->peer);
- s->session->peer=sk_X509_shift(sk);
- s->session->verify_result = s->verify_result;
-
- /* With the current implementation, sess_cert will always be NULL
- * when we arrive here. */
- if (s->session->sess_cert == NULL)
- {
- s->session->sess_cert = ssl_sess_cert_new();
- if (s->session->sess_cert == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- if (s->session->sess_cert->cert_chain != NULL)
- sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
- s->session->sess_cert->cert_chain=sk;
- /* Inconsistency alert: cert_chain does *not* include the
- * peer's own certificate, while we do include it in s3_clnt.c */
-
- sk=NULL;
-
- ret=1;
- if (0)
- {
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- }
-err:
- if (x != NULL) X509_free(x);
- if (sk != NULL) sk_X509_pop_free(sk,X509_free);
- return(ret);
- }
-
-int ssl3_send_server_certificate(SSL *s)
- {
- unsigned long l;
- X509 *x;
-
- if (s->state == SSL3_ST_SW_CERT_A)
- {
- x=ssl_get_server_send_cert(s);
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,SSL_R_INTERNAL_ERROR);
- return(0);
- }
-
- l=ssl3_output_cert_chain(s,x);
- s->state=SSL3_ST_SW_CERT_B;
- s->init_num=(int)l;
- s->init_off=0;
- }
-
- /* SSL3_ST_SW_CERT_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
diff --git a/crypto/openssl/ssl/ssl.h b/crypto/openssl/ssl/ssl.h
deleted file mode 100644
index e0c0be727ae1..000000000000
--- a/crypto/openssl/ssl/ssl.h
+++ /dev/null
@@ -1,1641 +0,0 @@
-/* ssl/ssl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_SSL_H
-#define HEADER_SSL_H
-
-#ifndef NO_COMP
-#include <openssl/comp.h>
-#endif
-#ifndef NO_BIO
-#include <openssl/bio.h>
-#endif
-#ifndef NO_X509
-#include <openssl/x509.h>
-#endif
-#include <openssl/safestack.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* SSLeay version number for ASN.1 encoding of the session information */
-/* Version 0 - initial version
- * Version 1 - added the optional peer certificate
- */
-#define SSL_SESSION_ASN1_VERSION 0x0001
-
-/* text strings for the ciphers */
-#define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5
-#define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5
-#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5
-#define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5
-#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5
-#define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5
-#define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5
-#define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA
-#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5
-#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA
-
-#define SSL_MAX_SSL_SESSION_ID_LENGTH 32
-#define SSL_MAX_SID_CTX_LENGTH 32
-
-#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8)
-#define SSL_MAX_KEY_ARG_LENGTH 8
-#define SSL_MAX_MASTER_KEY_LENGTH 48
-
-/* These are used to specify which ciphers to use and not to use */
-#define SSL_TXT_LOW "LOW"
-#define SSL_TXT_MEDIUM "MEDIUM"
-#define SSL_TXT_HIGH "HIGH"
-#define SSL_TXT_kFZA "kFZA"
-#define SSL_TXT_aFZA "aFZA"
-#define SSL_TXT_eFZA "eFZA"
-#define SSL_TXT_FZA "FZA"
-
-#define SSL_TXT_aNULL "aNULL"
-#define SSL_TXT_eNULL "eNULL"
-#define SSL_TXT_NULL "NULL"
-
-#define SSL_TXT_kRSA "kRSA"
-#define SSL_TXT_kDHr "kDHr"
-#define SSL_TXT_kDHd "kDHd"
-#define SSL_TXT_kEDH "kEDH"
-#define SSL_TXT_aRSA "aRSA"
-#define SSL_TXT_aDSS "aDSS"
-#define SSL_TXT_aDH "aDH"
-#define SSL_TXT_DSS "DSS"
-#define SSL_TXT_DH "DH"
-#define SSL_TXT_EDH "EDH"
-#define SSL_TXT_ADH "ADH"
-#define SSL_TXT_RSA "RSA"
-#define SSL_TXT_DES "DES"
-#define SSL_TXT_3DES "3DES"
-#define SSL_TXT_RC4 "RC4"
-#define SSL_TXT_RC2 "RC2"
-#define SSL_TXT_IDEA "IDEA"
-#define SSL_TXT_MD5 "MD5"
-#define SSL_TXT_SHA1 "SHA1"
-#define SSL_TXT_SHA "SHA"
-#define SSL_TXT_EXP "EXP"
-#define SSL_TXT_EXPORT "EXPORT"
-#define SSL_TXT_EXP40 "EXPORT40"
-#define SSL_TXT_EXP56 "EXPORT56"
-#define SSL_TXT_SSLV2 "SSLv2"
-#define SSL_TXT_SSLV3 "SSLv3"
-#define SSL_TXT_TLSV1 "TLSv1"
-#define SSL_TXT_ALL "ALL"
-
-/* 'DEFAULT' at the start of the cipher list insert the following string
- * in addition to this being the default cipher string */
-#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
-
-/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
-#define SSL_SENT_SHUTDOWN 1
-#define SSL_RECEIVED_SHUTDOWN 2
-
-#ifdef __cplusplus
-}
-#endif
-
-#include <openssl/crypto.h>
-#include <openssl/lhash.h>
-#include <openssl/buffer.h>
-#include <openssl/bio.h>
-#include <openssl/pem.h>
-#include <openssl/x509.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if (defined(NO_RSA) || defined(NO_MD5)) && !defined(NO_SSL2)
-#define NO_SSL2
-#endif
-
-#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1
-#define SSL_FILETYPE_PEM X509_FILETYPE_PEM
-
-/* This is needed to stop compilers complaining about the
- * 'struct ssl_st *' function parameters used to prototype callbacks
- * in SSL_CTX. */
-typedef struct ssl_st *ssl_crock_st;
-
-/* used to hold info on the particular ciphers used */
-typedef struct ssl_cipher_st
- {
- int valid;
- const char *name; /* text name */
- unsigned long id; /* id, 4 bytes, first is version */
- unsigned long algorithms; /* what ciphers are used */
- unsigned long algo_strength; /* strength and export flags */
- unsigned long algorithm2; /* Extra flags */
- int strength_bits; /* Number of bits really used */
- int alg_bits; /* Number of bits for algorithm */
- unsigned long mask; /* used for matching */
- unsigned long mask_strength; /* also used for matching */
- } SSL_CIPHER;
-
-DECLARE_STACK_OF(SSL_CIPHER)
-
-typedef struct ssl_st SSL;
-typedef struct ssl_ctx_st SSL_CTX;
-
-/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
-typedef struct ssl_method_st
- {
- int version;
- int (*ssl_new)(SSL *s);
- void (*ssl_clear)(SSL *s);
- void (*ssl_free)(SSL *s);
- int (*ssl_accept)(SSL *s);
- int (*ssl_connect)(SSL *s);
- int (*ssl_read)(SSL *s,void *buf,int len);
- int (*ssl_peek)(SSL *s,void *buf,int len);
- int (*ssl_write)(SSL *s,const void *buf,int len);
- int (*ssl_shutdown)(SSL *s);
- int (*ssl_renegotiate)(SSL *s);
- int (*ssl_renegotiate_check)(SSL *s);
- long (*ssl_ctrl)(SSL *s,int cmd,long larg,char *parg);
- long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,char *parg);
- SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
- int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
- int (*ssl_pending)(SSL *s);
- int (*num_ciphers)(void);
- SSL_CIPHER *(*get_cipher)(unsigned ncipher);
- struct ssl_method_st *(*get_ssl_method)(int version);
- long (*get_timeout)(void);
- struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
- int (*ssl_version)();
- long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)());
- long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)());
- } SSL_METHOD;
-
-/* Lets make this into an ASN.1 type structure as follows
- * SSL_SESSION_ID ::= SEQUENCE {
- * version INTEGER, -- structure version number
- * SSLversion INTEGER, -- SSL version number
- * Cipher OCTET_STRING, -- the 3 byte cipher ID
- * Session_ID OCTET_STRING, -- the Session ID
- * Master_key OCTET_STRING, -- the master key
- * Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument
- * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
- * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
- * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
- * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context
- * Verify_result [ 5 ] EXPLICIT INTEGER -- X509_V_... code for `Peer'
- * Compression [6] IMPLICIT ASN1_OBJECT -- compression OID XXXXX
- * }
- * Look in ssl/ssl_asn1.c for more details
- * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
- */
-typedef struct ssl_session_st
- {
- int ssl_version; /* what ssl version session info is
- * being kept in here? */
-
- /* only really used in SSLv2 */
- unsigned int key_arg_length;
- unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
- int master_key_length;
- unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
- /* session_id - valid? */
- unsigned int session_id_length;
- unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
- /* this is used to determine whether the session is being reused in
- * the appropriate context. It is up to the application to set this,
- * via SSL_new */
- unsigned int sid_ctx_length;
- unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-
- int not_resumable;
-
- /* The cert is the certificate used to establish this connection */
- struct sess_cert_st /* SESS_CERT */ *sess_cert;
-
- /* This is the cert for the other end.
- * On clients, it will be the same as sess_cert->peer_key->x509
- * (the latter is not enough as sess_cert is not retained
- * in the external representation of sessions, see ssl_asn1.c). */
- X509 *peer;
- /* when app_verify_callback accepts a session where the peer's certificate
- * is not ok, we must remember the error for session reuse: */
- long verify_result; /* only for servers */
-
- int references;
- long timeout;
- long time;
-
- int compress_meth; /* Need to lookup the method */
-
- SSL_CIPHER *cipher;
- unsigned long cipher_id; /* when ASN.1 loaded, this
- * needs to be used to load
- * the 'cipher' structure */
-
- STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
-
- CRYPTO_EX_DATA ex_data; /* application specific data */
-
- /* These are used to make removal of session-ids more
- * efficient and to implement a maximum cache size. */
- struct ssl_session_st *prev,*next;
- } SSL_SESSION;
-
-
-#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
-#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
-#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
-#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
-#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L
-#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
-#define SSL_OP_TLS_D5_BUG 0x00000100L
-#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
-#define SSL_OP_TLS_ROLLBACK_BUG 0x00000400L
-
-/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
- * in OpenSSL 0.9.6d. Usually (depending on the application protocol)
- * the workaround is not needed. Unfortunately some broken SSL/TLS
- * implementations cannot handle it at all, which is why we include
- * it in SSL_OP_ALL. */
-#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */
-
-/* SSL_OP_ALL: various bug workarounds that should be rather harmless */
-#define SSL_OP_ALL 0x000FFFFFL
-
-/* If set, always create a new key when using tmp_dh parameters */
-#define SSL_OP_SINGLE_DH_USE 0x00100000L
-/* Set to also use the tmp_rsa key when doing RSA operations. */
-#define SSL_OP_EPHEMERAL_RSA 0x00200000L
-
-#define SSL_OP_NO_SSLv2 0x01000000L
-#define SSL_OP_NO_SSLv3 0x02000000L
-#define SSL_OP_NO_TLSv1 0x04000000L
-
-/* The next flag deliberately changes the ciphertest, this is a check
- * for the PKCS#1 attack */
-#define SSL_OP_PKCS1_CHECK_1 0x08000000L
-#define SSL_OP_PKCS1_CHECK_2 0x10000000L
-#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L
-/* SSL_OP_NON_EXPORT_FIRST looks utterly broken .. */
-#define SSL_OP_NON_EXPORT_FIRST 0x40000000L
-#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x80000000L
-
-
-/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
- * when just a single record has been written): */
-#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L
-/* Make it possible to retry SSL_write() with changed buffer location
- * (buffer contents must stay the same!); this is not the default to avoid
- * the misconception that non-blocking SSL_write() behaves like
- * non-blocking write(): */
-#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
-/* Never bother the application with retries if the transport
- * is blocking: */
-#define SSL_MODE_AUTO_RETRY 0x00000004L
-
-
-/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
- * they cannot be used to clear bits. */
-
-#define SSL_CTX_set_options(ctx,op) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,op,NULL)
-#define SSL_CTX_get_options(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,0,NULL)
-#define SSL_set_options(ssl,op) \
- SSL_ctrl(ssl,SSL_CTRL_OPTIONS,op,NULL)
-#define SSL_get_options(ssl) \
- SSL_ctrl(ssl,SSL_CTRL_OPTIONS,0,NULL)
-
-#define SSL_CTX_set_mode(ctx,op) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,op,NULL)
-#define SSL_CTX_get_mode(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,0,NULL)
-#define SSL_set_mode(ssl,op) \
- SSL_ctrl(ssl,SSL_CTRL_MODE,op,NULL)
-#define SSL_get_mode(ssl) \
- SSL_ctrl(ssl,SSL_CTRL_MODE,0,NULL)
-
-#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20)
-
-typedef struct ssl_comp_st
- {
- int id;
- char *name;
-#ifndef NO_COMP
- COMP_METHOD *method;
-#else
- char *method;
-#endif
- } SSL_COMP;
-
-DECLARE_STACK_OF(SSL_COMP)
-
-struct ssl_ctx_st
- {
- SSL_METHOD *method;
- unsigned long options;
- unsigned long mode;
-
- STACK_OF(SSL_CIPHER) *cipher_list;
- /* same as above but sorted for lookup */
- STACK_OF(SSL_CIPHER) *cipher_list_by_id;
-
- struct x509_store_st /* X509_STORE */ *cert_store;
- struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSIONs */
- /* Most session-ids that will be cached, default is
- * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
- unsigned long session_cache_size;
- struct ssl_session_st *session_cache_head;
- struct ssl_session_st *session_cache_tail;
-
- /* This can have one of 2 values, ored together,
- * SSL_SESS_CACHE_CLIENT,
- * SSL_SESS_CACHE_SERVER,
- * Default is SSL_SESSION_CACHE_SERVER, which means only
- * SSL_accept which cache SSL_SESSIONS. */
- int session_cache_mode;
-
- /* If timeout is not 0, it is the default timeout value set
- * when SSL_new() is called. This has been put in to make
- * life easier to set things up */
- long session_timeout;
-
- /* If this callback is not null, it will be called each
- * time a session id is added to the cache. If this function
- * returns 1, it means that the callback will do a
- * SSL_SESSION_free() when it has finished using it. Otherwise,
- * on 0, it means the callback has finished with it.
- * If remove_session_cb is not null, it will be called when
- * a session-id is removed from the cache. After the call,
- * OpenSSL will SSL_SESSION_free() it. */
- int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
- void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
- SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
- unsigned char *data,int len,int *copy);
- struct
- {
- int sess_connect; /* SSL new conn - started */
- int sess_connect_renegotiate;/* SSL reneg - requested */
- int sess_connect_good; /* SSL new conne/reneg - finished */
- int sess_accept; /* SSL new accept - started */
- int sess_accept_renegotiate;/* SSL reneg - requested */
- int sess_accept_good; /* SSL accept/reneg - finished */
- int sess_miss; /* session lookup misses */
- int sess_timeout; /* reuse attempt on timeouted session */
- int sess_cache_full; /* session removed due to full cache */
- int sess_hit; /* session reuse actually done */
- int sess_cb_hit; /* session-id that was not
- * in the cache was
- * passed back via the callback. This
- * indicates that the application is
- * supplying session-id's from other
- * processes - spooky :-) */
- } stats;
-
- int references;
-
-/**/ void (*info_callback)();
-
- /* if defined, these override the X509_verify_cert() calls */
-/**/ int (*app_verify_callback)();
-/**/ char *app_verify_arg; /* never used; should be void * */
-
- /* default values to use in SSL structures */
-/**/ struct cert_st /* CERT */ *cert;
-/**/ int read_ahead;
-/**/ int verify_mode;
-/**/ int verify_depth;
-/**/ unsigned int sid_ctx_length;
-/**/ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-/**/ int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx);
-
- int purpose; /* Purpose setting */
- int trust; /* Trust setting */
-
- /* Default password callback. */
-/**/ pem_password_cb *default_passwd_callback;
-
- /* Default password callback user data. */
-/**/ void *default_passwd_callback_userdata;
-
- /* get client cert callback */
-/**/ int (*client_cert_cb)(/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */);
-
- /* what we put in client cert requests */
- STACK_OF(X509_NAME) *client_CA;
-
-/**/ int quiet_shutdown;
-
- CRYPTO_EX_DATA ex_data;
-
- const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
- const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
- const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */
-
- STACK_OF(X509) *extra_certs;
- STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
- };
-
-#define SSL_SESS_CACHE_OFF 0x0000
-#define SSL_SESS_CACHE_CLIENT 0x0001
-#define SSL_SESS_CACHE_SERVER 0x0002
-#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
-#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080
-/* This one, when set, makes the server session-id lookup not look
- * in the cache. If there is an application get_session callback
- * defined, this will still get called. */
-#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
-
- struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
-#define SSL_CTX_sess_number(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
-#define SSL_CTX_sess_connect(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
-#define SSL_CTX_sess_connect_good(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
-#define SSL_CTX_sess_connect_renegotiate(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
-#define SSL_CTX_sess_accept(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
-#define SSL_CTX_sess_accept_renegotiate(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
-#define SSL_CTX_sess_accept_good(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
-#define SSL_CTX_sess_hits(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
-#define SSL_CTX_sess_cb_hits(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
-#define SSL_CTX_sess_misses(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
-#define SSL_CTX_sess_timeouts(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
-#define SSL_CTX_sess_cache_full(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
-
-#define SSL_CTX_sess_set_new_cb(ctx,cb) ((ctx)->new_session_cb=(cb))
-#define SSL_CTX_sess_get_new_cb(ctx) ((ctx)->new_session_cb)
-#define SSL_CTX_sess_set_remove_cb(ctx,cb) ((ctx)->remove_session_cb=(cb))
-#define SSL_CTX_sess_get_remove_cb(ctx) ((ctx)->remove_session_cb)
-#define SSL_CTX_sess_set_get_cb(ctx,cb) ((ctx)->get_session_cb=(cb))
-#define SSL_CTX_sess_get_get_cb(ctx) ((ctx)->get_session_cb)
-#define SSL_CTX_set_info_callback(ctx,cb) ((ctx)->info_callback=(cb))
-#define SSL_CTX_get_info_callback(ctx) ((ctx)->info_callback)
-#define SSL_CTX_set_client_cert_cb(ctx,cb) ((ctx)->client_cert_cb=(cb))
-#define SSL_CTX_get_client_cert_cb(ctx) ((ctx)->client_cert_cb)
-
-#define SSL_NOTHING 1
-#define SSL_WRITING 2
-#define SSL_READING 3
-#define SSL_X509_LOOKUP 4
-
-/* These will only be used when doing non-blocking IO */
-#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
-#define SSL_want_read(s) (SSL_want(s) == SSL_READING)
-#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
-#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
-
-struct ssl_st
- {
- /* protocol version
- * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION)
- */
- int version;
- int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
-
- SSL_METHOD *method; /* SSLv3 */
-
- /* There are 2 BIO's even though they are normally both the
- * same. This is so data can be read and written to different
- * handlers */
-
-#ifndef NO_BIO
- BIO *rbio; /* used by SSL_read */
- BIO *wbio; /* used by SSL_write */
- BIO *bbio; /* used during session-id reuse to concatenate
- * messages */
-#else
- char *rbio; /* used by SSL_read */
- char *wbio; /* used by SSL_write */
- char *bbio;
-#endif
- /* This holds a variable that indicates what we were doing
- * when a 0 or -1 is returned. This is needed for
- * non-blocking IO so we know what request needs re-doing when
- * in SSL_accept or SSL_connect */
- int rwstate;
-
- /* true when we are actually in SSL_accept() or SSL_connect() */
- int in_handshake;
- int (*handshake_func)();
-
- /* Imagine that here's a boolean member "init" that is
- * switched as soon as SSL_set_{accept/connect}_state
- * is called for the first time, so that "state" and
- * "handshake_func" are properly initialized. But as
- * handshake_func is == 0 until then, we use this
- * test instead of an "init" member.
- */
-
- int server; /* are we the server side? - mostly used by SSL_clear*/
-
- int new_session;/* 1 if we are to use a new session.
- * 2 if we are a server and are inside a handshake
- * (i.e. not just sending a HelloRequest)
- * NB: For servers, the 'new' session may actually be a previously
- * cached session or even the previous session */
- int quiet_shutdown;/* don't send shutdown packets */
- int shutdown; /* we have shut things down, 0x01 sent, 0x02
- * for received */
- int state; /* where we are */
- int rstate; /* where we are when reading */
-
- BUF_MEM *init_buf; /* buffer used during init */
- int init_num; /* amount read/written */
- int init_off; /* amount read/written */
-
- /* used internally to point at a raw packet */
- unsigned char *packet;
- unsigned int packet_length;
-
- struct ssl2_state_st *s2; /* SSLv2 variables */
- struct ssl3_state_st *s3; /* SSLv3 variables */
-
- int read_ahead; /* Read as many input bytes as possible
- * (for non-blocking reads) */
- int hit; /* reusing a previous session */
-
- int purpose; /* Purpose setting */
- int trust; /* Trust setting */
-
- /* crypto */
- STACK_OF(SSL_CIPHER) *cipher_list;
- STACK_OF(SSL_CIPHER) *cipher_list_by_id;
-
- /* These are the ones being used, the ones in SSL_SESSION are
- * the ones to be 'copied' into these ones */
-
- EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
- const EVP_MD *read_hash; /* used for mac generation */
-#ifndef NO_COMP
- COMP_CTX *expand; /* uncompress */
-#else
- char *expand;
-#endif
-
- EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
- const EVP_MD *write_hash; /* used for mac generation */
-#ifndef NO_COMP
- COMP_CTX *compress; /* compression */
-#else
- char *compress;
-#endif
-
- /* session info */
-
- /* client cert? */
- /* This is used to hold the server certificate used */
- struct cert_st /* CERT */ *cert;
-
- /* the session_id_context is used to ensure sessions are only reused
- * in the appropriate context */
- unsigned int sid_ctx_length;
- unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-
- /* This can also be in the session once a session is established */
- SSL_SESSION *session;
-
- /* Used in SSL2 and SSL3 */
- int verify_mode; /* 0 don't care about verify failure.
- * 1 fail if verify fails */
- int verify_depth;
- int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
- void (*info_callback)(); /* optional informational callback */
-
- int error; /* error bytes to be written */
- int error_code; /* actual code */
-
- SSL_CTX *ctx;
- /* set this flag to 1 and a sleep(1) is put into all SSL_read()
- * and SSL_write() calls, good for nbio debuging :-) */
- int debug;
-
- /* extra application data */
- long verify_result;
- CRYPTO_EX_DATA ex_data;
-
- /* for server side, keep the list of CA_dn we can use */
- STACK_OF(X509_NAME) *client_CA;
-
- int references;
- unsigned long options; /* protocol behaviour */
- unsigned long mode; /* API behaviour */
- int first_packet;
- int client_version; /* what was passed, used for
- * SSLv3/TLS rollback check */
- };
-
-#ifdef __cplusplus
-}
-#endif
-
-#include <openssl/ssl2.h>
-#include <openssl/ssl3.h>
-#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
-#include <openssl/ssl23.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* compatibility */
-#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg))
-#define SSL_get_app_data(s) (SSL_get_ex_data(s,0))
-#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a))
-#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0))
-#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0))
-#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
-
-/* The following are the possible values for ssl->state are are
- * used to indicate where we are up to in the SSL connection establishment.
- * The macros that follow are about the only things you should need to use
- * and even then, only when using non-blocking IO.
- * It can also be useful to work out where you were when the connection
- * failed */
-
-#define SSL_ST_CONNECT 0x1000
-#define SSL_ST_ACCEPT 0x2000
-#define SSL_ST_MASK 0x0FFF
-#define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT)
-#define SSL_ST_BEFORE 0x4000
-#define SSL_ST_OK 0x03
-#define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
-
-#define SSL_CB_LOOP 0x01
-#define SSL_CB_EXIT 0x02
-#define SSL_CB_READ 0x04
-#define SSL_CB_WRITE 0x08
-#define SSL_CB_ALERT 0x4000 /* used in callback */
-#define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
-#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
-#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
-#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
-#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
-#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
-#define SSL_CB_HANDSHAKE_START 0x10
-#define SSL_CB_HANDSHAKE_DONE 0x20
-
-/* Is the SSL_connection established? */
-#define SSL_get_state(a) SSL_state(a)
-#define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK)
-#define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT)
-#define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE)
-#define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT)
-#define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT)
-
-/* The following 2 states are kept in ssl->rstate when reads fail,
- * you should not need these */
-#define SSL_ST_READ_HEADER 0xF0
-#define SSL_ST_READ_BODY 0xF1
-#define SSL_ST_READ_DONE 0xF2
-
-/* Obtain latest Finished message
- * -- that we sent (SSL_get_finished)
- * -- that we expected from peer (SSL_get_peer_finished).
- * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
-size_t SSL_get_finished(SSL *s, void *buf, size_t count);
-size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count);
-
-/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
- * are 'ored' with SSL_VERIFY_PEER if they are desired */
-#define SSL_VERIFY_NONE 0x00
-#define SSL_VERIFY_PEER 0x01
-#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
-#define SSL_VERIFY_CLIENT_ONCE 0x04
-
-#define OpenSSL_add_ssl_algorithms() SSL_library_init()
-#define SSLeay_add_ssl_algorithms() SSL_library_init()
-
-/* this is for backward compatibility */
-#if 0 /* NEW_SSLEAY */
-#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
-#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n)
-#define SSL_add_session(a,b) SSL_CTX_add_session((a),(b))
-#define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b))
-#define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b))
-#endif
-/* More backward compatibility */
-#define SSL_get_cipher(s) \
- SSL_CIPHER_get_name(SSL_get_current_cipher(s))
-#define SSL_get_cipher_bits(s,np) \
- SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
-#define SSL_get_cipher_version(s) \
- SSL_CIPHER_get_version(SSL_get_current_cipher(s))
-#define SSL_get_cipher_name(s) \
- SSL_CIPHER_get_name(SSL_get_current_cipher(s))
-#define SSL_get_time(a) SSL_SESSION_get_time(a)
-#define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b))
-#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a)
-#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b))
-
-#if 1 /*SSLEAY_MACROS*/
-#define d2i_SSL_SESSION_bio(bp,s_id) (SSL_SESSION *)ASN1_d2i_bio( \
- (char *(*)())SSL_SESSION_new,(char *(*)())d2i_SSL_SESSION, \
- (bp),(unsigned char **)(s_id))
-#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio(i2d_SSL_SESSION, \
- bp,(unsigned char *)s_id)
-#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
- (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
-#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \
- (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u)
-#define PEM_write_SSL_SESSION(fp,x) \
- PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
- PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_SSL_SESSION(bp,x) \
- PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
- PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL)
-#endif
-
-#define SSL_AD_REASON_OFFSET 1000
-/* These alert types are for SSLv3 and TLSv1 */
-#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
-#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
-#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */
-#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED
-#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
-#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
-#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */
-#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */
-#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
-#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
-#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
-#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED
-#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN
-#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */
-#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */
-#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */
-#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */
-#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
-#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */
-#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */
-#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
-#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */
-#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
-#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
-
-#define SSL_ERROR_NONE 0
-#define SSL_ERROR_SSL 1
-#define SSL_ERROR_WANT_READ 2
-#define SSL_ERROR_WANT_WRITE 3
-#define SSL_ERROR_WANT_X509_LOOKUP 4
-#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */
-#define SSL_ERROR_ZERO_RETURN 6
-#define SSL_ERROR_WANT_CONNECT 7
-
-#define SSL_CTRL_NEED_TMP_RSA 1
-#define SSL_CTRL_SET_TMP_RSA 2
-#define SSL_CTRL_SET_TMP_DH 3
-#define SSL_CTRL_SET_TMP_RSA_CB 4
-#define SSL_CTRL_SET_TMP_DH_CB 5
-/* Add these ones */
-#define SSL_CTRL_GET_SESSION_REUSED 6
-#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 7
-#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 8
-#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 9
-#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 10
-#define SSL_CTRL_GET_FLAGS 11
-#define SSL_CTRL_EXTRA_CHAIN_CERT 12
-
-/* Stats */
-#define SSL_CTRL_SESS_NUMBER 20
-#define SSL_CTRL_SESS_CONNECT 21
-#define SSL_CTRL_SESS_CONNECT_GOOD 22
-#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23
-#define SSL_CTRL_SESS_ACCEPT 24
-#define SSL_CTRL_SESS_ACCEPT_GOOD 25
-#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26
-#define SSL_CTRL_SESS_HIT 27
-#define SSL_CTRL_SESS_CB_HIT 28
-#define SSL_CTRL_SESS_MISSES 29
-#define SSL_CTRL_SESS_TIMEOUTS 30
-#define SSL_CTRL_SESS_CACHE_FULL 31
-#define SSL_CTRL_OPTIONS 32
-#define SSL_CTRL_MODE 33
-
-#define SSL_CTRL_GET_READ_AHEAD 40
-#define SSL_CTRL_SET_READ_AHEAD 41
-#define SSL_CTRL_SET_SESS_CACHE_SIZE 42
-#define SSL_CTRL_GET_SESS_CACHE_SIZE 43
-#define SSL_CTRL_SET_SESS_CACHE_MODE 44
-#define SSL_CTRL_GET_SESS_CACHE_MODE 45
-
-#define SSL_session_reused(ssl) \
- SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
-#define SSL_num_renegotiations(ssl) \
- SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
-#define SSL_clear_num_renegotiations(ssl) \
- SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
-#define SSL_total_renegotiations(ssl) \
- SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
-
-#define SSL_CTX_need_tmp_RSA(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
-#define SSL_CTX_set_tmp_rsa(ctx,rsa) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
-#define SSL_CTX_set_tmp_dh(ctx,dh) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
-
-#define SSL_need_tmp_RSA(ssl) \
- SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
-#define SSL_set_tmp_rsa(ssl,rsa) \
- SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
-#define SSL_set_tmp_dh(ssl,dh) \
- SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
-
-#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
-
-/* VMS uses only 31 characters for symbols. */
-#ifdef VMS
-#undef SSL_CTX_set_cert_verify_callback
-#define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb
-#undef SSL_CTX_use_certificate_chain_file
-#define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file
-#undef SSL_CTX_set_default_verify_paths
-#define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths
-#undef SSL_get_ex_data_X509_STORE_CTX_idx
-#define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_data_X509_STOR_CTX_i
-#undef SSL_add_file_cert_subjects_to_stack
-#define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_sub_to_stack
-#undef SSL_add_dir_cert_subjects_to_stack
-#define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_sub_to_stack
-#endif
-
-#ifndef NO_BIO
-BIO_METHOD *BIO_f_ssl(void);
-BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
-BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
-BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
-int BIO_ssl_copy_session_id(BIO *to,BIO *from);
-void BIO_ssl_shutdown(BIO *ssl_bio);
-
-#endif
-
-int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
-SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
-void SSL_CTX_free(SSL_CTX *);
-long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
-long SSL_CTX_get_timeout(SSL_CTX *ctx);
-X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *);
-void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
-int SSL_want(SSL *s);
-int SSL_clear(SSL *s);
-
-void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
-
-SSL_CIPHER *SSL_get_current_cipher(SSL *s);
-int SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits);
-char * SSL_CIPHER_get_version(SSL_CIPHER *c);
-const char * SSL_CIPHER_get_name(SSL_CIPHER *c);
-
-int SSL_get_fd(SSL *s);
-int SSL_get_rfd(SSL *s);
-int SSL_get_wfd(SSL *s);
-const char * SSL_get_cipher_list(SSL *s,int n);
-char * SSL_get_shared_ciphers(SSL *s, char *buf, int len);
-int SSL_get_read_ahead(SSL * s);
-int SSL_pending(SSL *s);
-#ifndef NO_SOCK
-int SSL_set_fd(SSL *s, int fd);
-int SSL_set_rfd(SSL *s, int fd);
-int SSL_set_wfd(SSL *s, int fd);
-#endif
-#ifndef NO_BIO
-void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
-BIO * SSL_get_rbio(SSL *s);
-BIO * SSL_get_wbio(SSL *s);
-#endif
-int SSL_set_cipher_list(SSL *s, const char *str);
-void SSL_set_read_ahead(SSL *s, int yes);
-int SSL_get_verify_mode(SSL *s);
-int SSL_get_verify_depth(SSL *s);
-int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *);
-void SSL_set_verify(SSL *s, int mode,
- int (*callback)(int ok,X509_STORE_CTX *ctx));
-void SSL_set_verify_depth(SSL *s, int depth);
-#ifndef NO_RSA
-int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
-#endif
-int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
-int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
-int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
-int SSL_use_certificate(SSL *ssl, X509 *x);
-int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
-
-#ifndef NO_STDIO
-int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
-int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
-int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
-int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
-int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
-int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
-int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
-STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
-int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
- const char *file);
-int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
- const char *dir);
-#endif
-
-void SSL_load_error_strings(void );
-char * SSL_state_string(SSL *s);
-char * SSL_rstate_string(SSL *s);
-char * SSL_state_string_long(SSL *s);
-char * SSL_rstate_string_long(SSL *s);
-long SSL_SESSION_get_time(SSL_SESSION *s);
-long SSL_SESSION_set_time(SSL_SESSION *s, long t);
-long SSL_SESSION_get_timeout(SSL_SESSION *s);
-long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
-void SSL_copy_session_id(SSL *to,SSL *from);
-
-SSL_SESSION *SSL_SESSION_new(void);
-unsigned long SSL_SESSION_hash(SSL_SESSION *a);
-int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b);
-#ifndef NO_FP_API
-int SSL_SESSION_print_fp(FILE *fp,SSL_SESSION *ses);
-#endif
-#ifndef NO_BIO
-int SSL_SESSION_print(BIO *fp,SSL_SESSION *ses);
-#endif
-void SSL_SESSION_free(SSL_SESSION *ses);
-int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
-int SSL_set_session(SSL *to, SSL_SESSION *session);
-int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
-int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length);
-
-#ifdef HEADER_X509_H
-X509 * SSL_get_peer_certificate(SSL *s);
-#endif
-
-STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s);
-
-#ifdef VMS
-#define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud
-#endif
-
-int SSL_CTX_get_verify_mode(SSL_CTX *ctx);
-int SSL_CTX_get_verify_depth(SSL_CTX *ctx);
-int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *);
-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
- int (*callback)(int, X509_STORE_CTX *));
-void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(),char *arg);
-#ifndef NO_RSA
-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
-#endif
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
-int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
-int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
- unsigned char *d, long len);
-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
-
-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
-void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
-
-int SSL_CTX_check_private_key(SSL_CTX *ctx);
-int SSL_check_private_key(SSL *ctx);
-
-int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
- unsigned int sid_ctx_len);
-
-SSL * SSL_new(SSL_CTX *ctx);
-int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
- unsigned int sid_ctx_len);
-
-int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
-int SSL_set_purpose(SSL *s, int purpose);
-int SSL_CTX_set_trust(SSL_CTX *s, int trust);
-int SSL_set_trust(SSL *s, int trust);
-
-void SSL_free(SSL *ssl);
-int SSL_accept(SSL *ssl);
-int SSL_connect(SSL *ssl);
-int SSL_read(SSL *ssl,void *buf,int num);
-int SSL_peek(SSL *ssl,void *buf,int num);
-int SSL_write(SSL *ssl,const void *buf,int num);
-long SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg);
-long SSL_callback_ctrl(SSL *, int, void (*)());
-long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg);
-long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)());
-
-int SSL_get_error(SSL *s,int ret_code);
-const char *SSL_get_version(SSL *s);
-
-/* This sets the 'default' SSL version that SSL_new() will create */
-int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth);
-
-SSL_METHOD *SSLv2_method(void); /* SSLv2 */
-SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
-SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
-
-SSL_METHOD *SSLv3_method(void); /* SSLv3 */
-SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
-SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
-
-SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
-SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
-SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
-
-SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
-SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
-SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */
-
-STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s);
-
-int SSL_do_handshake(SSL *s);
-int SSL_renegotiate(SSL *s);
-int SSL_shutdown(SSL *s);
-
-SSL_METHOD *SSL_get_ssl_method(SSL *s);
-int SSL_set_ssl_method(SSL *s,SSL_METHOD *method);
-char *SSL_alert_type_string_long(int value);
-char *SSL_alert_type_string(int value);
-char *SSL_alert_desc_string_long(int value);
-char *SSL_alert_desc_string(int value);
-
-void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
-STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
-STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s);
-int SSL_add_client_CA(SSL *ssl,X509 *x);
-int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
-
-void SSL_set_connect_state(SSL *s);
-void SSL_set_accept_state(SSL *s);
-
-long SSL_get_default_timeout(SSL *s);
-
-int SSL_library_init(void );
-
-char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
-STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
-
-SSL *SSL_dup(SSL *ssl);
-
-X509 *SSL_get_certificate(SSL *ssl);
-/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
-
-void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
-int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx);
-void SSL_set_quiet_shutdown(SSL *ssl,int mode);
-int SSL_get_quiet_shutdown(SSL *ssl);
-void SSL_set_shutdown(SSL *ssl,int mode);
-int SSL_get_shutdown(SSL *ssl);
-int SSL_version(SSL *ssl);
-int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
-int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
- const char *CApath);
-#define SSL_get0_session SSL_get_session /* just peek at pointer */
-SSL_SESSION *SSL_get_session(SSL *ssl);
-SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
-SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);
-void SSL_set_info_callback(SSL *ssl,void (*cb)());
-void (*SSL_get_info_callback(SSL *ssl))();
-int SSL_state(SSL *ssl);
-
-void SSL_set_verify_result(SSL *ssl,long v);
-long SSL_get_verify_result(SSL *ssl);
-
-int SSL_set_ex_data(SSL *ssl,int idx,void *data);
-void *SSL_get_ex_data(SSL *ssl,int idx);
-int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
-int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
-void *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx);
-int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
-int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
-void *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
-int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
-int SSL_get_ex_data_X509_STORE_CTX_idx(void );
-
-#define SSL_CTX_sess_set_cache_size(ctx,t) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
-#define SSL_CTX_sess_get_cache_size(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
-#define SSL_CTX_set_session_cache_mode(ctx,m) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
-#define SSL_CTX_get_session_cache_mode(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
-
-#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
-#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
-#define SSL_CTX_get_read_ahead(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
-#define SSL_CTX_set_read_ahead(ctx,m) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
-
- /* NB: the keylength is only applicable when is_export is true */
-#ifndef NO_RSA
-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
- RSA *(*cb)(SSL *ssl,int is_export,
- int keylength));
-
-void SSL_set_tmp_rsa_callback(SSL *ssl,
- RSA *(*cb)(SSL *ssl,int is_export,
- int keylength));
-#endif
-#ifndef NO_DH
-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
- DH *(*dh)(SSL *ssl,int is_export,
- int keylength));
-void SSL_set_tmp_dh_callback(SSL *ssl,
- DH *(*dh)(SSL *ssl,int is_export,
- int keylength));
-#endif
-
-#ifndef NO_COMP
-int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
-#else
-int SSL_COMP_add_compression_method(int id,char *cm);
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_SSL_strings(void);
-
-/* Error codes for the SSL functions. */
-
-/* Function codes. */
-#define SSL_F_CLIENT_CERTIFICATE 100
-#define SSL_F_CLIENT_HELLO 101
-#define SSL_F_CLIENT_MASTER_KEY 102
-#define SSL_F_D2I_SSL_SESSION 103
-#define SSL_F_DO_SSL3_WRITE 104
-#define SSL_F_GET_CLIENT_FINISHED 105
-#define SSL_F_GET_CLIENT_HELLO 106
-#define SSL_F_GET_CLIENT_MASTER_KEY 107
-#define SSL_F_GET_SERVER_FINISHED 108
-#define SSL_F_GET_SERVER_HELLO 109
-#define SSL_F_GET_SERVER_VERIFY 110
-#define SSL_F_I2D_SSL_SESSION 111
-#define SSL_F_READ_N 112
-#define SSL_F_REQUEST_CERTIFICATE 113
-#define SSL_F_SERVER_HELLO 114
-#define SSL_F_SSL23_ACCEPT 115
-#define SSL_F_SSL23_CLIENT_HELLO 116
-#define SSL_F_SSL23_CONNECT 117
-#define SSL_F_SSL23_GET_CLIENT_HELLO 118
-#define SSL_F_SSL23_GET_SERVER_HELLO 119
-#define SSL_F_SSL23_PEEK 237
-#define SSL_F_SSL23_READ 120
-#define SSL_F_SSL23_WRITE 121
-#define SSL_F_SSL2_ACCEPT 122
-#define SSL_F_SSL2_CONNECT 123
-#define SSL_F_SSL2_ENC_INIT 124
-#define SSL_F_SSL2_PEEK 234
-#define SSL_F_SSL2_READ 125
-#define SSL_F_SSL2_READ_INTERNAL 236
-#define SSL_F_SSL2_SET_CERTIFICATE 126
-#define SSL_F_SSL2_WRITE 127
-#define SSL_F_SSL3_ACCEPT 128
-#define SSL_F_SSL3_CALLBACK_CTRL 233
-#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
-#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
-#define SSL_F_SSL3_CLIENT_HELLO 131
-#define SSL_F_SSL3_CONNECT 132
-#define SSL_F_SSL3_CTRL 213
-#define SSL_F_SSL3_CTX_CTRL 133
-#define SSL_F_SSL3_ENC 134
-#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
-#define SSL_F_SSL3_GET_CERT_VERIFY 136
-#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137
-#define SSL_F_SSL3_GET_CLIENT_HELLO 138
-#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139
-#define SSL_F_SSL3_GET_FINISHED 140
-#define SSL_F_SSL3_GET_KEY_EXCHANGE 141
-#define SSL_F_SSL3_GET_MESSAGE 142
-#define SSL_F_SSL3_GET_RECORD 143
-#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144
-#define SSL_F_SSL3_GET_SERVER_DONE 145
-#define SSL_F_SSL3_GET_SERVER_HELLO 146
-#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147
-#define SSL_F_SSL3_PEEK 235
-#define SSL_F_SSL3_READ_BYTES 148
-#define SSL_F_SSL3_READ_N 149
-#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150
-#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151
-#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152
-#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153
-#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154
-#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155
-#define SSL_F_SSL3_SETUP_BUFFERS 156
-#define SSL_F_SSL3_SETUP_KEY_BLOCK 157
-#define SSL_F_SSL3_WRITE_BYTES 158
-#define SSL_F_SSL3_WRITE_PENDING 159
-#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215
-#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216
-#define SSL_F_SSL_BAD_METHOD 160
-#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
-#define SSL_F_SSL_CERT_DUP 221
-#define SSL_F_SSL_CERT_INST 222
-#define SSL_F_SSL_CERT_INSTANTIATE 214
-#define SSL_F_SSL_CERT_NEW 162
-#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
-#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230
-#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231
-#define SSL_F_SSL_CLEAR 164
-#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
-#define SSL_F_SSL_CREATE_CIPHER_LIST 166
-#define SSL_F_SSL_CTRL 232
-#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
-#define SSL_F_SSL_CTX_NEW 169
-#define SSL_F_SSL_CTX_SET_PURPOSE 226
-#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
-#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
-#define SSL_F_SSL_CTX_SET_TRUST 229
-#define SSL_F_SSL_CTX_USE_CERTIFICATE 171
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
-#define SSL_F_SSL_DO_HANDSHAKE 180
-#define SSL_F_SSL_GET_NEW_SESSION 181
-#define SSL_F_SSL_GET_PREV_SESSION 217
-#define SSL_F_SSL_GET_SERVER_SEND_CERT 182
-#define SSL_F_SSL_GET_SIGN_PKEY 183
-#define SSL_F_SSL_INIT_WBIO_BUFFER 184
-#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
-#define SSL_F_SSL_NEW 186
-#define SSL_F_SSL_READ 223
-#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
-#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
-#define SSL_F_SSL_SESSION_NEW 189
-#define SSL_F_SSL_SESSION_PRINT_FP 190
-#define SSL_F_SSL_SESS_CERT_NEW 225
-#define SSL_F_SSL_SET_CERT 191
-#define SSL_F_SSL_SET_FD 192
-#define SSL_F_SSL_SET_PKEY 193
-#define SSL_F_SSL_SET_PURPOSE 227
-#define SSL_F_SSL_SET_RFD 194
-#define SSL_F_SSL_SET_SESSION 195
-#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218
-#define SSL_F_SSL_SET_TRUST 228
-#define SSL_F_SSL_SET_WFD 196
-#define SSL_F_SSL_SHUTDOWN 224
-#define SSL_F_SSL_UNDEFINED_FUNCTION 197
-#define SSL_F_SSL_USE_CERTIFICATE 198
-#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199
-#define SSL_F_SSL_USE_CERTIFICATE_FILE 200
-#define SSL_F_SSL_USE_PRIVATEKEY 201
-#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202
-#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203
-#define SSL_F_SSL_USE_RSAPRIVATEKEY 204
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206
-#define SSL_F_SSL_VERIFY_CERT_CHAIN 207
-#define SSL_F_SSL_WRITE 208
-#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
-#define SSL_F_TLS1_ENC 210
-#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
-#define SSL_F_WRITE_PENDING 212
-
-/* Reason codes. */
-#define SSL_R_APP_DATA_IN_HANDSHAKE 100
-#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
-#define SSL_R_BAD_ALERT_RECORD 101
-#define SSL_R_BAD_AUTHENTICATION_TYPE 102
-#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
-#define SSL_R_BAD_CHECKSUM 104
-#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
-#define SSL_R_BAD_DECOMPRESSION 107
-#define SSL_R_BAD_DH_G_LENGTH 108
-#define SSL_R_BAD_DH_PUB_KEY_LENGTH 109
-#define SSL_R_BAD_DH_P_LENGTH 110
-#define SSL_R_BAD_DIGEST_LENGTH 111
-#define SSL_R_BAD_DSA_SIGNATURE 112
-#define SSL_R_BAD_HELLO_REQUEST 105
-#define SSL_R_BAD_LENGTH 271
-#define SSL_R_BAD_MAC_DECODE 113
-#define SSL_R_BAD_MESSAGE_TYPE 114
-#define SSL_R_BAD_PACKET_LENGTH 115
-#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116
-#define SSL_R_BAD_RESPONSE_ARGUMENT 117
-#define SSL_R_BAD_RSA_DECRYPT 118
-#define SSL_R_BAD_RSA_ENCRYPT 119
-#define SSL_R_BAD_RSA_E_LENGTH 120
-#define SSL_R_BAD_RSA_MODULUS_LENGTH 121
-#define SSL_R_BAD_RSA_SIGNATURE 122
-#define SSL_R_BAD_SIGNATURE 123
-#define SSL_R_BAD_SSL_FILETYPE 124
-#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125
-#define SSL_R_BAD_STATE 126
-#define SSL_R_BAD_WRITE_RETRY 127
-#define SSL_R_BIO_NOT_SET 128
-#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129
-#define SSL_R_BN_LIB 130
-#define SSL_R_CA_DN_LENGTH_MISMATCH 131
-#define SSL_R_CA_DN_TOO_LONG 132
-#define SSL_R_CCS_RECEIVED_EARLY 133
-#define SSL_R_CERTIFICATE_VERIFY_FAILED 134
-#define SSL_R_CERT_LENGTH_MISMATCH 135
-#define SSL_R_CHALLENGE_IS_DIFFERENT 136
-#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137
-#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138
-#define SSL_R_CIPHER_TABLE_SRC_ERROR 139
-#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140
-#define SSL_R_COMPRESSION_FAILURE 141
-#define SSL_R_COMPRESSION_LIBRARY_ERROR 142
-#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143
-#define SSL_R_CONNECTION_TYPE_NOT_SET 144
-#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
-#define SSL_R_DATA_LENGTH_TOO_LONG 146
-#define SSL_R_DECRYPTION_FAILED 147
-#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 1109
-#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
-#define SSL_R_DIGEST_CHECK_FAILED 149
-#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
-#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 1092
-#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
-#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
-#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
-#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
-#define SSL_R_HTTPS_PROXY_REQUEST 155
-#define SSL_R_HTTP_REQUEST 156
-#define SSL_R_ILLEGAL_PADDING 1110
-#define SSL_R_INTERNAL_ERROR 157
-#define SSL_R_INVALID_CHALLENGE_LENGTH 158
-#define SSL_R_INVALID_COMMAND 280
-#define SSL_R_INVALID_PURPOSE 278
-#define SSL_R_INVALID_TRUST 279
-#define SSL_R_KEY_ARG_TOO_LONG 1112
-#define SSL_R_LENGTH_MISMATCH 159
-#define SSL_R_LENGTH_TOO_SHORT 160
-#define SSL_R_LIBRARY_BUG 274
-#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
-#define SSL_R_MESSAGE_TOO_LONG 1111
-#define SSL_R_MISSING_DH_DSA_CERT 162
-#define SSL_R_MISSING_DH_KEY 163
-#define SSL_R_MISSING_DH_RSA_CERT 164
-#define SSL_R_MISSING_DSA_SIGNING_CERT 165
-#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166
-#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167
-#define SSL_R_MISSING_RSA_CERTIFICATE 168
-#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
-#define SSL_R_MISSING_RSA_SIGNING_CERT 170
-#define SSL_R_MISSING_TMP_DH_KEY 171
-#define SSL_R_MISSING_TMP_RSA_KEY 172
-#define SSL_R_MISSING_TMP_RSA_PKEY 173
-#define SSL_R_MISSING_VERIFY_MESSAGE 174
-#define SSL_R_NON_SSLV2_INITIAL_PACKET 175
-#define SSL_R_NO_CERTIFICATES_RETURNED 176
-#define SSL_R_NO_CERTIFICATE_ASSIGNED 177
-#define SSL_R_NO_CERTIFICATE_RETURNED 178
-#define SSL_R_NO_CERTIFICATE_SET 179
-#define SSL_R_NO_CERTIFICATE_SPECIFIED 180
-#define SSL_R_NO_CIPHERS_AVAILABLE 181
-#define SSL_R_NO_CIPHERS_PASSED 182
-#define SSL_R_NO_CIPHERS_SPECIFIED 183
-#define SSL_R_NO_CIPHER_LIST 184
-#define SSL_R_NO_CIPHER_MATCH 185
-#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
-#define SSL_R_NO_COMPRESSION_SPECIFIED 187
-#define SSL_R_NO_METHOD_SPECIFIED 188
-#define SSL_R_NO_PRIVATEKEY 189
-#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
-#define SSL_R_NO_PROTOCOLS_AVAILABLE 191
-#define SSL_R_NO_PUBLICKEY 192
-#define SSL_R_NO_SHARED_CIPHER 193
-#define SSL_R_NO_VERIFY_CALLBACK 194
-#define SSL_R_NULL_SSL_CTX 195
-#define SSL_R_NULL_SSL_METHOD_PASSED 196
-#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
-#define SSL_R_PACKET_LENGTH_TOO_LONG 198
-#define SSL_R_PATH_TOO_LONG 270
-#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
-#define SSL_R_PEER_ERROR 200
-#define SSL_R_PEER_ERROR_CERTIFICATE 201
-#define SSL_R_PEER_ERROR_NO_CERTIFICATE 202
-#define SSL_R_PEER_ERROR_NO_CIPHER 203
-#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204
-#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205
-#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206
-#define SSL_R_PROTOCOL_IS_SHUTDOWN 207
-#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208
-#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209
-#define SSL_R_PUBLIC_KEY_NOT_RSA 210
-#define SSL_R_READ_BIO_NOT_SET 211
-#define SSL_R_READ_WRONG_PACKET_TYPE 212
-#define SSL_R_RECORD_LENGTH_MISMATCH 213
-#define SSL_R_RECORD_TOO_LARGE 214
-#define SSL_R_RECORD_TOO_SMALL 1093
-#define SSL_R_REQUIRED_CIPHER_MISSING 215
-#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
-#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
-#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
-#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
-#define SSL_R_SHORT_READ 219
-#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
-#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
-#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
-#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
-#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
-#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
-#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
-#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
-#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
-#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 223
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 224
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 225
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 226
-#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
-#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 227
-#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
-#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
-#define SSL_R_SSL_HANDSHAKE_FAILURE 229
-#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
-#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
-#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
-#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
-#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
-#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
-#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
-#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
-#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
-#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
-#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
-#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
-#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
-#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
-#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
-#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
-#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
-#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
-#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
-#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
-#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237
-#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238
-#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
-#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240
-#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241
-#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
-#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
-#define SSL_R_UNEXPECTED_MESSAGE 244
-#define SSL_R_UNEXPECTED_RECORD 245
-#define SSL_R_UNINITIALIZED 276
-#define SSL_R_UNKNOWN_ALERT_TYPE 246
-#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247
-#define SSL_R_UNKNOWN_CIPHER_RETURNED 248
-#define SSL_R_UNKNOWN_CIPHER_TYPE 249
-#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
-#define SSL_R_UNKNOWN_PKEY_TYPE 251
-#define SSL_R_UNKNOWN_PROTOCOL 252
-#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253
-#define SSL_R_UNKNOWN_SSL_VERSION 254
-#define SSL_R_UNKNOWN_STATE 255
-#define SSL_R_UNSUPPORTED_CIPHER 256
-#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
-#define SSL_R_UNSUPPORTED_OPTION 1091
-#define SSL_R_UNSUPPORTED_PROTOCOL 258
-#define SSL_R_UNSUPPORTED_SSL_VERSION 259
-#define SSL_R_WRITE_BIO_NOT_SET 260
-#define SSL_R_WRONG_CIPHER_RETURNED 261
-#define SSL_R_WRONG_MESSAGE_TYPE 262
-#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
-#define SSL_R_WRONG_SIGNATURE_LENGTH 264
-#define SSL_R_WRONG_SIGNATURE_SIZE 265
-#define SSL_R_WRONG_SSL_VERSION 266
-#define SSL_R_WRONG_VERSION_NUMBER 267
-#define SSL_R_X509_LIB 268
-#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269
-
-#ifdef __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/openssl/ssl/ssl2.h b/crypto/openssl/ssl/ssl2.h
deleted file mode 100644
index 70aae1ec1eee..000000000000
--- a/crypto/openssl/ssl/ssl2.h
+++ /dev/null
@@ -1,269 +0,0 @@
-/* ssl/ssl2.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_SSL2_H
-#define HEADER_SSL2_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Protocol Version Codes */
-#define SSL2_VERSION 0x0002
-#define SSL2_VERSION_MAJOR 0x00
-#define SSL2_VERSION_MINOR 0x02
-/* #define SSL2_CLIENT_VERSION 0x0002 */
-/* #define SSL2_SERVER_VERSION 0x0002 */
-
-/* Protocol Message Codes */
-#define SSL2_MT_ERROR 0
-#define SSL2_MT_CLIENT_HELLO 1
-#define SSL2_MT_CLIENT_MASTER_KEY 2
-#define SSL2_MT_CLIENT_FINISHED 3
-#define SSL2_MT_SERVER_HELLO 4
-#define SSL2_MT_SERVER_VERIFY 5
-#define SSL2_MT_SERVER_FINISHED 6
-#define SSL2_MT_REQUEST_CERTIFICATE 7
-#define SSL2_MT_CLIENT_CERTIFICATE 8
-
-/* Error Message Codes */
-#define SSL2_PE_UNDEFINED_ERROR 0x0000
-#define SSL2_PE_NO_CIPHER 0x0001
-#define SSL2_PE_NO_CERTIFICATE 0x0002
-#define SSL2_PE_BAD_CERTIFICATE 0x0004
-#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
-
-/* Cipher Kind Values */
-#define SSL2_CK_NULL_WITH_MD5 0x02000000 /* v3 */
-#define SSL2_CK_RC4_128_WITH_MD5 0x02010080
-#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080
-#define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080
-#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080
-#define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080
-#define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040
-#define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140 /* v3 */
-#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0
-#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0 /* v3 */
-#define SSL2_CK_RC4_64_WITH_MD5 0x02080080 /* MS hack */
-
-#define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800 /* SSLeay */
-#define SSL2_CK_NULL 0x02ff0810 /* SSLeay */
-
-#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1"
-#define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5"
-#define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5"
-#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5"
-#define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5"
-#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5"
-#define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5"
-#define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5"
-#define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA"
-#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5"
-#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA"
-#define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5"
-
-#define SSL2_TXT_NULL "NULL"
-
-/* Flags for the SSL_CIPHER.algorithm2 field */
-#define SSL2_CF_5_BYTE_ENC 0x01
-#define SSL2_CF_8_BYTE_ENC 0x02
-
-/* Certificate Type Codes */
-#define SSL2_CT_X509_CERTIFICATE 0x01
-
-/* Authentication Type Code */
-#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01
-
-#define SSL2_MAX_SSL_SESSION_ID_LENGTH 32
-
-/* Upper/Lower Bounds */
-#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256
-#ifdef MPE
-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u
-#else
-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u /* 2^15-1 */
-#endif
-#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /* 2^14-1 */
-
-#define SSL2_CHALLENGE_LENGTH 16
-/*#define SSL2_CHALLENGE_LENGTH 32 */
-#define SSL2_MIN_CHALLENGE_LENGTH 16
-#define SSL2_MAX_CHALLENGE_LENGTH 32
-#define SSL2_CONNECTION_ID_LENGTH 16
-#define SSL2_MAX_CONNECTION_ID_LENGTH 16
-#define SSL2_SSL_SESSION_ID_LENGTH 16
-#define SSL2_MAX_CERT_CHALLENGE_LENGTH 32
-#define SSL2_MIN_CERT_CHALLENGE_LENGTH 16
-#define SSL2_MAX_KEY_MATERIAL_LENGTH 24
-
-#ifndef HEADER_SSL_LOCL_H
-#define CERT char
-#endif
-
-typedef struct ssl2_state_st
- {
- int three_byte_header;
- int clear_text; /* clear text */
- int escape; /* not used in SSLv2 */
- int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */
-
- /* non-blocking io info, used to make sure the same
- * args were passwd */
- unsigned int wnum; /* number of bytes sent so far */
- int wpend_tot;
- const unsigned char *wpend_buf;
-
- int wpend_off; /* offset to data to write */
- int wpend_len; /* number of bytes passwd to write */
- int wpend_ret; /* number of bytes to return to caller */
-
- /* buffer raw data */
- int rbuf_left;
- int rbuf_offs;
- unsigned char *rbuf;
- unsigned char *wbuf;
-
- unsigned char *write_ptr;/* used to point to the start due to
- * 2/3 byte header. */
-
- unsigned int padding;
- unsigned int rlength; /* passed to ssl2_enc */
- int ract_data_length; /* Set when things are encrypted. */
- unsigned int wlength; /* passed to ssl2_enc */
- int wact_data_length; /* Set when things are decrypted. */
- unsigned char *ract_data;
- unsigned char *wact_data;
- unsigned char *mac_data;
- unsigned char *pad_data_UNUSED; /* only for binary compatibility with 0.9.6b */
-
- unsigned char *read_key;
- unsigned char *write_key;
-
- /* Stuff specifically to do with this SSL session */
- unsigned int challenge_length;
- unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
- unsigned int conn_id_length;
- unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];
- unsigned int key_material_length;
- unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2];
-
- unsigned long read_sequence;
- unsigned long write_sequence;
-
- struct {
- unsigned int conn_id_length;
- unsigned int cert_type;
- unsigned int cert_length;
- unsigned int csl;
- unsigned int clear;
- unsigned int enc;
- unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
- unsigned int cipher_spec_length;
- unsigned int session_id_length;
- unsigned int clen;
- unsigned int rlen;
- } tmp;
- } SSL2_STATE;
-
-/* SSLv2 */
-/* client */
-#define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT)
-#define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT)
-#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT)
-/* server */
-#define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT)
-#define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT)
-#define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT)
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-
diff --git a/crypto/openssl/ssl/ssl23.h b/crypto/openssl/ssl/ssl23.h
deleted file mode 100644
index d3228983c759..000000000000
--- a/crypto/openssl/ssl/ssl23.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/* ssl/ssl23.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_SSL23_H
-#define HEADER_SSL23_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*client */
-/* write to server */
-#define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT)
-#define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT)
-/* read from server */
-#define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT)
-#define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT)
-
-/* server */
-/* read from client */
-#define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT)
-#define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT)
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-
diff --git a/crypto/openssl/ssl/ssl3.h b/crypto/openssl/ssl/ssl3.h
deleted file mode 100644
index b45effe052ee..000000000000
--- a/crypto/openssl/ssl/ssl3.h
+++ /dev/null
@@ -1,492 +0,0 @@
-/* ssl/ssl3.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_SSL3_H
-#define HEADER_SSL3_H
-
-#ifndef NO_COMP
-#include <openssl/comp.h>
-#endif
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-#include <openssl/ssl.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define SSL3_CK_RSA_NULL_MD5 0x03000001
-#define SSL3_CK_RSA_NULL_SHA 0x03000002
-#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
-#define SSL3_CK_RSA_RC4_128_MD5 0x03000004
-#define SSL3_CK_RSA_RC4_128_SHA 0x03000005
-#define SSL3_CK_RSA_RC2_40_MD5 0x03000006
-#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
-#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
-#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
-#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
-
-#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
-#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
-#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
-#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
-#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
-#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
-
-#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
-#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
-#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013
-#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014
-#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015
-#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016
-
-#define SSL3_CK_ADH_RC4_40_MD5 0x03000017
-#define SSL3_CK_ADH_RC4_128_MD5 0x03000018
-#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
-#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
-#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
-
-#define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C
-#define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D
-#define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E
-
-#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
-#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
-#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
-#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
-#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
-#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
-#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
-#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
-#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
-#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
-
-#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
-#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
-
-#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
-#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
-
-#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
-#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
-#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
-#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
-#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
-
-#define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA"
-#define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA"
-#define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA"
-
-#define SSL3_SSL_SESSION_ID_LENGTH 32
-#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
-
-#define SSL3_MASTER_SECRET_SIZE 48
-#define SSL3_RANDOM_SIZE 32
-#define SSL3_SESSION_ID_SIZE 32
-#define SSL3_RT_HEADER_LENGTH 5
-
-/* Due to MS stuffing up, this can change.... */
-#if defined(WIN16) || (defined(MSDOS) && !defined(WIN32))
-#define SSL3_RT_MAX_EXTRA (14000)
-#else
-#define SSL3_RT_MAX_EXTRA (16384)
-#endif
-
-#define SSL3_RT_MAX_PLAIN_LENGTH 16384
-#define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH)
-#define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
-#define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
-#define SSL3_RT_MAX_DATA_SIZE (1024*1024)
-
-#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
-#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
-
-#define SSL3_VERSION 0x0300
-#define SSL3_VERSION_MAJOR 0x03
-#define SSL3_VERSION_MINOR 0x00
-
-#define SSL3_RT_CHANGE_CIPHER_SPEC 20
-#define SSL3_RT_ALERT 21
-#define SSL3_RT_HANDSHAKE 22
-#define SSL3_RT_APPLICATION_DATA 23
-
-#define SSL3_AL_WARNING 1
-#define SSL3_AL_FATAL 2
-
-#define SSL3_AD_CLOSE_NOTIFY 0
-#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */
-#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */
-#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */
-#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */
-#define SSL3_AD_NO_CERTIFICATE 41
-#define SSL3_AD_BAD_CERTIFICATE 42
-#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
-#define SSL3_AD_CERTIFICATE_REVOKED 44
-#define SSL3_AD_CERTIFICATE_EXPIRED 45
-#define SSL3_AD_CERTIFICATE_UNKNOWN 46
-#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */
-
-typedef struct ssl3_record_st
- {
-/*r */ int type; /* type of record */
-/*rw*/ unsigned int length; /* How many bytes available */
-/*r */ unsigned int off; /* read/write offset into 'buf' */
-/*rw*/ unsigned char *data; /* pointer to the record data */
-/*rw*/ unsigned char *input; /* where the decode bytes are */
-/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */
- } SSL3_RECORD;
-
-typedef struct ssl3_buffer_st
- {
- unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
- * see ssl3_setup_buffers() */
-#if 0 /* put directly into SSL3_STATE for best possible binary compatibility within 0.9.6 series */
- size_t len; /* buffer size */
-#endif
- int offset; /* where to 'copy from' */
- int left; /* how many bytes left */
- } SSL3_BUFFER;
-
-#define SSL3_CT_RSA_SIGN 1
-#define SSL3_CT_DSS_SIGN 2
-#define SSL3_CT_RSA_FIXED_DH 3
-#define SSL3_CT_DSS_FIXED_DH 4
-#define SSL3_CT_RSA_EPHEMERAL_DH 5
-#define SSL3_CT_DSS_EPHEMERAL_DH 6
-#define SSL3_CT_FORTEZZA_DMS 20
-#define SSL3_CT_NUMBER 7
-
-#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
-#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
-#define SSL3_FLAGS_POP_BUFFER 0x0004
-#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
-
-typedef struct ssl3_state_st
- {
- long flags;
- int delay_buf_pop_ret;
-
- unsigned char read_sequence[8];
- unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
- unsigned char write_sequence[8];
- unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
-
- unsigned char server_random[SSL3_RANDOM_SIZE];
- unsigned char client_random[SSL3_RANDOM_SIZE];
-
- SSL3_BUFFER rbuf; /* read IO goes into here */
- SSL3_BUFFER wbuf; /* write IO goes into here */
-
- SSL3_RECORD rrec; /* each decoded record goes in here */
- SSL3_RECORD wrec; /* goes out from here */
-
- /* storage for Alert/Handshake protocol data received but not
- * yet processed by ssl3_read_bytes: */
- unsigned char alert_fragment[2];
- unsigned int alert_fragment_len;
- unsigned char handshake_fragment[4];
- unsigned int handshake_fragment_len;
-
- /* partial write - check the numbers match */
- unsigned int wnum; /* number of bytes sent so far */
- int wpend_tot; /* number bytes written */
- int wpend_type;
- int wpend_ret; /* number of bytes submitted */
- const unsigned char *wpend_buf;
-
- /* used during startup, digest all incoming/outgoing packets */
- EVP_MD_CTX finish_dgst1;
- EVP_MD_CTX finish_dgst2;
-
- /* this is set whenerver we see a change_cipher_spec message
- * come in when we are not looking for one */
- int change_cipher_spec;
-
- int warn_alert;
- int fatal_alert;
- /* we allow one fatal and one warning alert to be outstanding,
- * send close alert via the warning alert */
- int alert_dispatch;
- unsigned char send_alert[2];
-
- /* This flag is set when we should renegotiate ASAP, basically when
- * there is no more data in the read or write buffers */
- int renegotiate;
- int total_renegotiations;
- int num_renegotiations;
-
- int in_read_app_data;
-
- struct {
- /* actually only needs to be 16+20 */
- unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
-
- /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
- unsigned char finish_md[EVP_MAX_MD_SIZE*2];
- int finish_md_len;
- unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
- int peer_finish_md_len;
-
- unsigned long message_size;
- int message_type;
-
- /* used to hold the new cipher we are going to use */
- SSL_CIPHER *new_cipher;
-#ifndef NO_DH
- DH *dh;
-#endif
- /* used when SSL_ST_FLUSH_DATA is entered */
- int next_state;
-
- int reuse_message;
-
- /* used for certificate requests */
- int cert_req;
- int ctype_num;
- char ctype[SSL3_CT_NUMBER];
- STACK_OF(X509_NAME) *ca_names;
-
- int use_rsa_tmp;
-
- int key_block_length;
- unsigned char *key_block;
-
- const EVP_CIPHER *new_sym_enc;
- const EVP_MD *new_hash;
-#ifndef NO_COMP
- const SSL_COMP *new_compression;
-#else
- char *new_compression;
-#endif
- int cert_request;
- } tmp;
-
- /* flags for countermeasure against known-IV weakness */
- int need_empty_fragments;
- int empty_fragment_done;
-
- size_t rbuf_len; /* substitute for rbuf.len */
- size_t wbuf_len; /* substitute for wbuf.len */
-
- } SSL3_STATE;
-
-/* SSLv3 */
-/*client */
-/* extra state */
-#define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT)
-/* write to server */
-#define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT)
-/* read from server */
-#define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT)
-#define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT)
-#define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT)
-/* write to server */
-#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT)
-#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT)
-#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
-#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
-#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
-/* read from server */
-#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT)
-#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT)
-#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT)
-
-/* server */
-/* extra state */
-#define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT)
-/* read from client */
-/* Do not change the number values, they do matter */
-#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT)
-/* write to client */
-#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT)
-/* read from client */
-#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
-/* write to client */
-#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT)
-
-#define SSL3_MT_HELLO_REQUEST 0
-#define SSL3_MT_CLIENT_HELLO 1
-#define SSL3_MT_SERVER_HELLO 2
-#define SSL3_MT_CERTIFICATE 11
-#define SSL3_MT_SERVER_KEY_EXCHANGE 12
-#define SSL3_MT_CERTIFICATE_REQUEST 13
-#define SSL3_MT_SERVER_DONE 14
-#define SSL3_MT_CERTIFICATE_VERIFY 15
-#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
-#define SSL3_MT_FINISHED 20
-
-#define SSL3_MT_CCS 1
-
-/* These are used when changing over to a new cipher */
-#define SSL3_CC_READ 0x01
-#define SSL3_CC_WRITE 0x02
-#define SSL3_CC_CLIENT 0x10
-#define SSL3_CC_SERVER 0x20
-#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)
-#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ)
-#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ)
-#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-
diff --git a/crypto/openssl/ssl/ssl_algs.c b/crypto/openssl/ssl/ssl_algs.c
deleted file mode 100644
index dde8918fe0e3..000000000000
--- a/crypto/openssl/ssl/ssl_algs.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/* ssl/ssl_algs.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include <openssl/lhash.h>
-#include "ssl_locl.h"
-
-int SSL_library_init(void)
- {
-#ifndef NO_DES
- EVP_add_cipher(EVP_des_cbc());
- EVP_add_cipher(EVP_des_ede3_cbc());
-#endif
-#ifndef NO_IDEA
- EVP_add_cipher(EVP_idea_cbc());
-#endif
-#ifndef NO_RC4
- EVP_add_cipher(EVP_rc4());
-#endif
-#ifndef NO_RC2
- EVP_add_cipher(EVP_rc2_cbc());
-#endif
-
-#ifndef NO_MD2
- EVP_add_digest(EVP_md2());
-#endif
-#ifndef NO_MD5
- EVP_add_digest(EVP_md5());
- EVP_add_digest_alias(SN_md5,"ssl2-md5");
- EVP_add_digest_alias(SN_md5,"ssl3-md5");
-#endif
-#ifndef NO_SHA
- EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
- EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
- EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
-#endif
-#if !defined(NO_SHA) && !defined(NO_DSA)
- EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
- EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
- EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
- EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
-#endif
-
- /* If you want support for phased out ciphers, add the following */
-#if 0
- EVP_add_digest(EVP_sha());
- EVP_add_digest(EVP_dss());
-#endif
- return(1);
- }
-
diff --git a/crypto/openssl/ssl/ssl_asn1.c b/crypto/openssl/ssl/ssl_asn1.c
deleted file mode 100644
index 3de1dbc42e79..000000000000
--- a/crypto/openssl/ssl/ssl_asn1.c
+++ /dev/null
@@ -1,351 +0,0 @@
-/* ssl/ssl_asn1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/asn1_mac.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include "ssl_locl.h"
-#include "cryptlib.h"
-
-typedef struct ssl_session_asn1_st
- {
- ASN1_INTEGER version;
- ASN1_INTEGER ssl_version;
- ASN1_OCTET_STRING cipher;
- ASN1_OCTET_STRING master_key;
- ASN1_OCTET_STRING session_id;
- ASN1_OCTET_STRING session_id_context;
- ASN1_OCTET_STRING key_arg;
- ASN1_INTEGER time;
- ASN1_INTEGER timeout;
- ASN1_INTEGER verify_result;
- } SSL_SESSION_ASN1;
-
-int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
- {
-#define LSIZE2 (sizeof(long)*2)
- int v1=0,v2=0,v3=0,v4=0,v5=0;
- unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
- unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
- long l;
- SSL_SESSION_ASN1 a;
- M_ASN1_I2D_vars(in);
-
- if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
- return(0);
-
- /* Note that I cheat in the following 2 assignments. I know
- * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
- * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed.
- * This is a bit evil but makes things simple, no dynamic allocation
- * to clean up :-) */
- a.version.length=LSIZE2;
- a.version.type=V_ASN1_INTEGER;
- a.version.data=ibuf1;
- ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION);
-
- a.ssl_version.length=LSIZE2;
- a.ssl_version.type=V_ASN1_INTEGER;
- a.ssl_version.data=ibuf2;
- ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version);
-
- a.cipher.type=V_ASN1_OCTET_STRING;
- a.cipher.data=buf;
-
- if (in->cipher == NULL)
- l=in->cipher_id;
- else
- l=in->cipher->id;
- if (in->ssl_version == SSL2_VERSION)
- {
- a.cipher.length=3;
- buf[0]=((unsigned char)(l>>16L))&0xff;
- buf[1]=((unsigned char)(l>> 8L))&0xff;
- buf[2]=((unsigned char)(l ))&0xff;
- }
- else
- {
- a.cipher.length=2;
- buf[0]=((unsigned char)(l>>8L))&0xff;
- buf[1]=((unsigned char)(l ))&0xff;
- }
-
- a.master_key.length=in->master_key_length;
- a.master_key.type=V_ASN1_OCTET_STRING;
- a.master_key.data=in->master_key;
-
- a.session_id.length=in->session_id_length;
- a.session_id.type=V_ASN1_OCTET_STRING;
- a.session_id.data=in->session_id;
-
- a.session_id_context.length=in->sid_ctx_length;
- a.session_id_context.type=V_ASN1_OCTET_STRING;
- a.session_id_context.data=in->sid_ctx;
-
- a.key_arg.length=in->key_arg_length;
- a.key_arg.type=V_ASN1_OCTET_STRING;
- a.key_arg.data=in->key_arg;
-
- if (in->time != 0L)
- {
- a.time.length=LSIZE2;
- a.time.type=V_ASN1_INTEGER;
- a.time.data=ibuf3;
- ASN1_INTEGER_set(&(a.time),in->time);
- }
-
- if (in->timeout != 0L)
- {
- a.timeout.length=LSIZE2;
- a.timeout.type=V_ASN1_INTEGER;
- a.timeout.data=ibuf4;
- ASN1_INTEGER_set(&(a.timeout),in->timeout);
- }
-
- if (in->verify_result != X509_V_OK)
- {
- a.verify_result.length=LSIZE2;
- a.verify_result.type=V_ASN1_INTEGER;
- a.verify_result.data=ibuf5;
- ASN1_INTEGER_set(&a.verify_result,in->verify_result);
- }
-
- M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
- M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
- M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
- M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
- M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
- if (in->key_arg_length > 0)
- M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
- if (in->time != 0L)
- M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
- if (in->timeout != 0L)
- M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
- if (in->peer != NULL)
- M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
- M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
- if (in->verify_result != X509_V_OK)
- M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
-
- M_ASN1_I2D_seq_total();
-
- M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
- M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);
- M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
- M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
- M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
- if (in->key_arg_length > 0)
- M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
- if (in->time != 0L)
- M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
- if (in->timeout != 0L)
- M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
- if (in->peer != NULL)
- M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
- M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
- v4);
- if (in->verify_result != X509_V_OK)
- M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
- M_ASN1_I2D_finish();
- }
-
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
- long length)
- {
- int version,ssl_version=0,i;
- long id;
- ASN1_INTEGER ai,*aip;
- ASN1_OCTET_STRING os,*osp;
- M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new);
-
- aip= &ai;
- osp= &os;
-
- M_ASN1_D2I_Init();
- M_ASN1_D2I_start_sequence();
-
- ai.data=NULL; ai.length=0;
- M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
- version=(int)ASN1_INTEGER_get(aip);
- if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
-
- /* we don't care about the version right now :-) */
- M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
- ssl_version=(int)ASN1_INTEGER_get(aip);
- ret->ssl_version=ssl_version;
- if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
-
- os.data=NULL; os.length=0;
- M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
- if (ssl_version == SSL2_VERSION)
- {
- if (os.length != 3)
- {
- c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
- goto err;
- }
- id=0x02000000L|
- ((unsigned long)os.data[0]<<16L)|
- ((unsigned long)os.data[1]<< 8L)|
- (unsigned long)os.data[2];
- }
- else if ((ssl_version>>8) == 3)
- {
- if (os.length != 2)
- {
- c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
- goto err;
- }
- id=0x03000000L|
- ((unsigned long)os.data[0]<<8L)|
- (unsigned long)os.data[1];
- }
- else
- {
- SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION);
- return(NULL);
- }
-
- ret->cipher=NULL;
- ret->cipher_id=id;
-
- M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
- if ((ssl_version>>8) == SSL3_VERSION)
- i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
- else /* if (ssl_version == SSL2_VERSION) */
- i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
-
- if (os.length > i)
- os.length=i;
-
- ret->session_id_length=os.length;
- die(os.length <= sizeof ret->session_id);
- memcpy(ret->session_id,os.data,os.length);
-
- M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
- if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH)
- ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
- else
- ret->master_key_length=os.length;
- memcpy(ret->master_key,os.data,ret->master_key_length);
-
- os.length=0;
- M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
- if (os.length > SSL_MAX_KEY_ARG_LENGTH)
- ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
- else
- ret->key_arg_length=os.length;
- memcpy(ret->key_arg,os.data,ret->key_arg_length);
- if (os.data != NULL) OPENSSL_free(os.data);
-
- ai.length=0;
- M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
- if (ai.data != NULL)
- {
- ret->time=ASN1_INTEGER_get(aip);
- OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
- }
- else
- ret->time=time(NULL);
-
- ai.length=0;
- M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
- if (ai.data != NULL)
- {
- ret->timeout=ASN1_INTEGER_get(aip);
- OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
- }
- else
- ret->timeout=3;
-
- if (ret->peer != NULL)
- {
- X509_free(ret->peer);
- ret->peer=NULL;
- }
- M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
-
- os.length=0;
- os.data=NULL;
- M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
-
- if(os.data != NULL)
- {
- if (os.length > SSL_MAX_SID_CTX_LENGTH)
- SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
- ret->sid_ctx_length=os.length;
- memcpy(ret->sid_ctx,os.data,os.length);
- OPENSSL_free(os.data); os.data=NULL; os.length=0;
- }
- else
- ret->sid_ctx_length=0;
-
- ai.length=0;
- M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);
- if (ai.data != NULL)
- {
- ret->verify_result=ASN1_INTEGER_get(aip);
- OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
- }
- else
- ret->verify_result=X509_V_OK;
-
- M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
- }
diff --git a/crypto/openssl/ssl/ssl_cert.c b/crypto/openssl/ssl/ssl_cert.c
deleted file mode 100644
index bb4cb2fdf07f..000000000000
--- a/crypto/openssl/ssl/ssl_cert.c
+++ /dev/null
@@ -1,761 +0,0 @@
-/*! \file ssl/ssl_cert.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <stdio.h>
-
-#include "openssl/e_os.h"
-
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-
-#if !defined(WIN32) && !defined(VSM) && !defined(NeXT) && !defined(MAC_OS_pre_X)
-#include <dirent.h>
-#endif
-
-#ifdef NeXT
-#include <sys/dir.h>
-#define dirent direct
-#endif
-
-#include <openssl/objects.h>
-#include <openssl/bio.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include "ssl_locl.h"
-
-int SSL_get_ex_data_X509_STORE_CTX_idx(void)
- {
- static int ssl_x509_store_ctx_idx= -1;
-
- if (ssl_x509_store_ctx_idx < 0)
- {
- ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
- 0,"SSL for verify callback",NULL,NULL,NULL);
- }
- return(ssl_x509_store_ctx_idx);
- }
-
-CERT *ssl_cert_new(void)
- {
- CERT *ret;
-
- ret=(CERT *)OPENSSL_malloc(sizeof(CERT));
- if (ret == NULL)
- {
- SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- memset(ret,0,sizeof(CERT));
-
- ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
- ret->references=1;
-
- return(ret);
- }
-
-CERT *ssl_cert_dup(CERT *cert)
- {
- CERT *ret;
- int i;
-
- ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
- if (ret == NULL)
- {
- SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
-
- memset(ret, 0, sizeof(CERT));
-
- ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
- /* or ret->key = ret->pkeys + (cert->key - cert->pkeys),
- * if you find that more readable */
-
- ret->valid = cert->valid;
- ret->mask = cert->mask;
- ret->export_mask = cert->export_mask;
-
-#ifndef NO_RSA
- if (cert->rsa_tmp != NULL)
- {
- ret->rsa_tmp = cert->rsa_tmp;
- CRYPTO_add(&ret->rsa_tmp->references, 1, CRYPTO_LOCK_RSA);
- }
- ret->rsa_tmp_cb = cert->rsa_tmp_cb;
-#endif
-
-#ifndef NO_DH
- if (cert->dh_tmp != NULL)
- {
- /* DH parameters don't have a reference count */
- ret->dh_tmp = DHparams_dup(cert->dh_tmp);
- if (ret->dh_tmp == NULL)
- {
- SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB);
- goto err;
- }
- if (cert->dh_tmp->priv_key)
- {
- BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
- if (!b)
- {
- SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
- goto err;
- }
- ret->dh_tmp->priv_key = b;
- }
- if (cert->dh_tmp->pub_key)
- {
- BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
- if (!b)
- {
- SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
- goto err;
- }
- ret->dh_tmp->pub_key = b;
- }
- }
- ret->dh_tmp_cb = cert->dh_tmp_cb;
-#endif
-
- for (i = 0; i < SSL_PKEY_NUM; i++)
- {
- if (cert->pkeys[i].x509 != NULL)
- {
- ret->pkeys[i].x509 = cert->pkeys[i].x509;
- CRYPTO_add(&ret->pkeys[i].x509->references, 1,
- CRYPTO_LOCK_X509);
- }
-
- if (cert->pkeys[i].privatekey != NULL)
- {
- ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
- CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,
- CRYPTO_LOCK_EVP_PKEY);
-
- switch(i)
- {
- /* If there was anything special to do for
- * certain types of keys, we'd do it here.
- * (Nothing at the moment, I think.) */
-
- case SSL_PKEY_RSA_ENC:
- case SSL_PKEY_RSA_SIGN:
- /* We have an RSA key. */
- break;
-
- case SSL_PKEY_DSA_SIGN:
- /* We have a DSA key. */
- break;
-
- case SSL_PKEY_DH_RSA:
- case SSL_PKEY_DH_DSA:
- /* We have a DH key. */
- break;
-
- default:
- /* Can't happen. */
- SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
- }
- }
- }
-
- /* ret->extra_certs *should* exist, but currently the own certificate
- * chain is held inside SSL_CTX */
-
- ret->references=1;
-
- return(ret);
-
-#ifndef NO_DH /* avoid 'unreferenced label' warning if NO_DH is defined */
-err:
-#endif
-#ifndef NO_RSA
- if (ret->rsa_tmp != NULL)
- RSA_free(ret->rsa_tmp);
-#endif
-#ifndef NO_DH
- if (ret->dh_tmp != NULL)
- DH_free(ret->dh_tmp);
-#endif
-
- for (i = 0; i < SSL_PKEY_NUM; i++)
- {
- if (ret->pkeys[i].x509 != NULL)
- X509_free(ret->pkeys[i].x509);
- if (ret->pkeys[i].privatekey != NULL)
- EVP_PKEY_free(ret->pkeys[i].privatekey);
- }
-
- return NULL;
- }
-
-
-void ssl_cert_free(CERT *c)
- {
- int i;
-
- if(c == NULL)
- return;
-
- i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
-#ifdef REF_PRINT
- REF_PRINT("CERT",c);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"ssl_cert_free, bad reference count\n");
- abort(); /* ok */
- }
-#endif
-
-#ifndef NO_RSA
- if (c->rsa_tmp) RSA_free(c->rsa_tmp);
-#endif
-#ifndef NO_DH
- if (c->dh_tmp) DH_free(c->dh_tmp);
-#endif
-
- for (i=0; i<SSL_PKEY_NUM; i++)
- {
- if (c->pkeys[i].x509 != NULL)
- X509_free(c->pkeys[i].x509);
- if (c->pkeys[i].privatekey != NULL)
- EVP_PKEY_free(c->pkeys[i].privatekey);
-#if 0
- if (c->pkeys[i].publickey != NULL)
- EVP_PKEY_free(c->pkeys[i].publickey);
-#endif
- }
- OPENSSL_free(c);
- }
-
-int ssl_cert_inst(CERT **o)
- {
- /* Create a CERT if there isn't already one
- * (which cannot really happen, as it is initially created in
- * SSL_CTX_new; but the earlier code usually allows for that one
- * being non-existant, so we follow that behaviour, as it might
- * turn out that there actually is a reason for it -- but I'm
- * not sure that *all* of the existing code could cope with
- * s->cert being NULL, otherwise we could do without the
- * initialization in SSL_CTX_new).
- */
-
- if (o == NULL)
- {
- SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (*o == NULL)
- {
- if ((*o = ssl_cert_new()) == NULL)
- {
- SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
- return(0);
- }
- }
- return(1);
- }
-
-
-SESS_CERT *ssl_sess_cert_new(void)
- {
- SESS_CERT *ret;
-
- ret = OPENSSL_malloc(sizeof *ret);
- if (ret == NULL)
- {
- SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- memset(ret, 0 ,sizeof *ret);
- ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
- ret->references = 1;
-
- return ret;
- }
-
-void ssl_sess_cert_free(SESS_CERT *sc)
- {
- int i;
-
- if (sc == NULL)
- return;
-
- i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);
-#ifdef REF_PRINT
- REF_PRINT("SESS_CERT", sc);
-#endif
- if (i > 0)
- return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"ssl_sess_cert_free, bad reference count\n");
- abort(); /* ok */
- }
-#endif
-
- /* i == 0 */
- if (sc->cert_chain != NULL)
- sk_X509_pop_free(sc->cert_chain, X509_free);
- for (i = 0; i < SSL_PKEY_NUM; i++)
- {
- if (sc->peer_pkeys[i].x509 != NULL)
- X509_free(sc->peer_pkeys[i].x509);
-#if 0 /* We don't have the peer's private key. These lines are just
- * here as a reminder that we're still using a not-quite-appropriate
- * data structure. */
- if (sc->peer_pkeys[i].privatekey != NULL)
- EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
-#endif
- }
-
-#ifndef NO_RSA
- if (sc->peer_rsa_tmp != NULL)
- RSA_free(sc->peer_rsa_tmp);
-#endif
-#ifndef NO_DH
- if (sc->peer_dh_tmp != NULL)
- DH_free(sc->peer_dh_tmp);
-#endif
-
- OPENSSL_free(sc);
- }
-
-int ssl_set_peer_cert_type(SESS_CERT *sc,int type)
- {
- sc->peer_cert_type = type;
- return(1);
- }
-
-int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
- {
- X509 *x;
- int i;
- X509_STORE_CTX ctx;
-
- if ((sk == NULL) || (sk_X509_num(sk) == 0))
- return(0);
-
- x=sk_X509_value(sk,0);
- X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
- if (SSL_get_verify_depth(s) >= 0)
- X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
- X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
- /* We need to set the verify purpose. The purpose can be determined by
- * the context: if its a server it will verify SSL client certificates
- * or vice versa.
- */
-
- if(s->server) i = X509_PURPOSE_SSL_CLIENT;
- else i = X509_PURPOSE_SSL_SERVER;
-
- X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust);
-
- if (s->verify_callback)
- X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
-
- if (s->ctx->app_verify_callback != NULL)
- i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
- else
- {
-#ifndef NO_X509_VERIFY
- i=X509_verify_cert(&ctx);
-#else
- i=0;
- ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;
- SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK);
-#endif
- }
-
- s->verify_result=ctx.error;
- X509_STORE_CTX_cleanup(&ctx);
-
- return(i);
- }
-
-static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list)
- {
- if (*ca_list != NULL)
- sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
-
- *ca_list=list;
- }
-
-STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
- {
- int i;
- STACK_OF(X509_NAME) *ret;
- X509_NAME *name;
-
- ret=sk_X509_NAME_new_null();
- for (i=0; i<sk_X509_NAME_num(sk); i++)
- {
- name=X509_NAME_dup(sk_X509_NAME_value(sk,i));
- if ((name == NULL) || !sk_X509_NAME_push(ret,name))
- {
- sk_X509_NAME_pop_free(ret,X509_NAME_free);
- return(NULL);
- }
- }
- return(ret);
- }
-
-void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list)
- {
- set_client_CA_list(&(s->client_CA),list);
- }
-
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list)
- {
- set_client_CA_list(&(ctx->client_CA),list);
- }
-
-STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx)
- {
- return(ctx->client_CA);
- }
-
-STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s)
- {
- if (s->type == SSL_ST_CONNECT)
- { /* we are in the client */
- if (((s->version>>8) == SSL3_VERSION_MAJOR) &&
- (s->s3 != NULL))
- return(s->s3->tmp.ca_names);
- else
- return(NULL);
- }
- else
- {
- if (s->client_CA != NULL)
- return(s->client_CA);
- else
- return(s->ctx->client_CA);
- }
- }
-
-static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x)
- {
- X509_NAME *name;
-
- if (x == NULL) return(0);
- if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL))
- return(0);
-
- if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL)
- return(0);
-
- if (!sk_X509_NAME_push(*sk,name))
- {
- X509_NAME_free(name);
- return(0);
- }
- return(1);
- }
-
-int SSL_add_client_CA(SSL *ssl,X509 *x)
- {
- return(add_client_CA(&(ssl->client_CA),x));
- }
-
-int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x)
- {
- return(add_client_CA(&(ctx->client_CA),x));
- }
-
-static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
- {
- return(X509_NAME_cmp(*a,*b));
- }
-
-#ifndef NO_STDIO
-/*!
- * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
- * it doesn't really have anything to do with clients (except that a common use
- * for a stack of CAs is to send it to the client). Actually, it doesn't have
- * much to do with CAs, either, since it will load any old cert.
- * \param file the file containing one or more certs.
- * \return a ::STACK containing the certs.
- */
-STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
- {
- BIO *in;
- X509 *x=NULL;
- X509_NAME *xn=NULL;
- STACK_OF(X509_NAME) *ret,*sk;
-
- ret=sk_X509_NAME_new_null();
- sk=sk_X509_NAME_new(xname_cmp);
-
- in=BIO_new(BIO_s_file_internal());
-
- if ((ret == NULL) || (sk == NULL) || (in == NULL))
- {
- SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!BIO_read_filename(in,file))
- goto err;
-
- for (;;)
- {
- if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
- break;
- if ((xn=X509_get_subject_name(x)) == NULL) goto err;
- /* check for duplicates */
- xn=X509_NAME_dup(xn);
- if (xn == NULL) goto err;
- if (sk_X509_NAME_find(sk,xn) >= 0)
- X509_NAME_free(xn);
- else
- {
- sk_X509_NAME_push(sk,xn);
- sk_X509_NAME_push(ret,xn);
- }
- }
-
- if (0)
- {
-err:
- if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free);
- ret=NULL;
- }
- if (sk != NULL) sk_X509_NAME_free(sk);
- if (in != NULL) BIO_free(in);
- if (x != NULL) X509_free(x);
- return(ret);
- }
-#endif
-
-/*!
- * Add a file of certs to a stack.
- * \param stack the stack to add to.
- * \param file the file to add from. All certs in this file that are not
- * already in the stack will be added.
- * \return 1 for success, 0 for failure. Note that in the case of failure some
- * certs may have been added to \c stack.
- */
-
-int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
- const char *file)
- {
- BIO *in;
- X509 *x=NULL;
- X509_NAME *xn=NULL;
- int ret=1;
- int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b);
-
- oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
-
- in=BIO_new(BIO_s_file_internal());
-
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!BIO_read_filename(in,file))
- goto err;
-
- for (;;)
- {
- if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
- break;
- if ((xn=X509_get_subject_name(x)) == NULL) goto err;
- xn=X509_NAME_dup(xn);
- if (xn == NULL) goto err;
- if (sk_X509_NAME_find(stack,xn) >= 0)
- X509_NAME_free(xn);
- else
- sk_X509_NAME_push(stack,xn);
- }
-
- if (0)
- {
-err:
- ret=0;
- }
- if(in != NULL)
- BIO_free(in);
- if(x != NULL)
- X509_free(x);
-
- sk_X509_NAME_set_cmp_func(stack,oldcmp);
-
- return ret;
- }
-
-/*!
- * Add a directory of certs to a stack.
- * \param stack the stack to append to.
- * \param dir the directory to append from. All files in this directory will be
- * examined as potential certs. Any that are acceptable to
- * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be
- * included.
- * \return 1 for success, 0 for failure. Note that in the case of failure some
- * certs may have been added to \c stack.
- */
-
-#ifndef WIN32
-#ifndef VMS /* XXXX This may be fixed in the future */
-#ifndef MAC_OS_pre_X
-
-int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
- const char *dir)
- {
- DIR *d;
- struct dirent *dstruct;
- int ret = 0;
-
- CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
- d = opendir(dir);
-
- /* Note that a side effect is that the CAs will be sorted by name */
- if(!d)
- {
- SYSerr(SYS_F_OPENDIR, get_last_sys_error());
- ERR_add_error_data(3, "opendir('", dir, "')");
- SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
- goto err;
- }
-
- while((dstruct=readdir(d)))
- {
- char buf[1024];
- int r;
-
- if(strlen(dir)+strlen(dstruct->d_name)+2 > sizeof buf)
- {
- SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
- goto err;
- }
-
- r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,dstruct->d_name);
- if (r <= 0 || r >= sizeof buf)
- goto err;
- if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
- goto err;
- }
- ret = 1;
-
-err:
- if (d) closedir(d);
- CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
- return ret;
- }
-
-#endif
-#endif
-#endif
diff --git a/crypto/openssl/ssl/ssl_ciph.c b/crypto/openssl/ssl/ssl_ciph.c
deleted file mode 100644
index f63163f26c38..000000000000
--- a/crypto/openssl/ssl/ssl_ciph.c
+++ /dev/null
@@ -1,1071 +0,0 @@
-/* ssl/ssl_ciph.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include <openssl/comp.h>
-#include "ssl_locl.h"
-
-#define SSL_ENC_DES_IDX 0
-#define SSL_ENC_3DES_IDX 1
-#define SSL_ENC_RC4_IDX 2
-#define SSL_ENC_RC2_IDX 3
-#define SSL_ENC_IDEA_IDX 4
-#define SSL_ENC_eFZA_IDX 5
-#define SSL_ENC_NULL_IDX 6
-#define SSL_ENC_NUM_IDX 7
-
-static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
- NULL,NULL,NULL,NULL,NULL,NULL,
- };
-
-static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
-
-#define SSL_MD_MD5_IDX 0
-#define SSL_MD_SHA1_IDX 1
-#define SSL_MD_NUM_IDX 2
-static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
- NULL,NULL,
- };
-
-#define CIPHER_ADD 1
-#define CIPHER_KILL 2
-#define CIPHER_DEL 3
-#define CIPHER_ORD 4
-#define CIPHER_SPECIAL 5
-
-typedef struct cipher_order_st
- {
- SSL_CIPHER *cipher;
- int active;
- int dead;
- struct cipher_order_st *next,*prev;
- } CIPHER_ORDER;
-
-static const SSL_CIPHER cipher_aliases[]={
- /* Don't include eNULL unless specifically enabled */
- {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
- {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0},
- {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0},
- {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0},
- {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0},
- {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0},
- {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0},
- {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
-
- {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0},
- {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0},
- {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,0,0,0,SSL_AUTH_MASK,0},
- {0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0},
- {0,SSL_TXT_aDH, 0,SSL_aDH, 0,0,0,0,SSL_AUTH_MASK,0},
- {0,SSL_TXT_DSS, 0,SSL_DSS, 0,0,0,0,SSL_AUTH_MASK,0},
-
- {0,SSL_TXT_DES, 0,SSL_DES, 0,0,0,0,SSL_ENC_MASK,0},
- {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0},
- {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0},
- {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0},
- {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0},
- {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
- {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0},
-
- {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0},
- {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0},
- {0,SSL_TXT_SHA, 0,SSL_SHA, 0,0,0,0,SSL_MAC_MASK,0},
-
- {0,SSL_TXT_NULL,0,SSL_NULL, 0,0,0,0,SSL_ENC_MASK,0},
- {0,SSL_TXT_RSA, 0,SSL_RSA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
- {0,SSL_TXT_ADH, 0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
- {0,SSL_TXT_FZA, 0,SSL_FZA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0},
-
- {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0},
- {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,0,0,0,SSL_SSL_MASK,0},
- {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,0,0,0,SSL_SSL_MASK,0},
-
- {0,SSL_TXT_EXP ,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
- {0,SSL_TXT_EXPORT,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
- {0,SSL_TXT_EXP40, 0, 0, SSL_EXP40, 0,0,0,0,SSL_STRONG_MASK},
- {0,SSL_TXT_EXP56, 0, 0, SSL_EXP56, 0,0,0,0,SSL_STRONG_MASK},
- {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK},
- {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK},
- {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK},
- };
-
-static int init_ciphers=1;
-
-static void load_ciphers(void)
- {
- init_ciphers=0;
- ssl_cipher_methods[SSL_ENC_DES_IDX]=
- EVP_get_cipherbyname(SN_des_cbc);
- ssl_cipher_methods[SSL_ENC_3DES_IDX]=
- EVP_get_cipherbyname(SN_des_ede3_cbc);
- ssl_cipher_methods[SSL_ENC_RC4_IDX]=
- EVP_get_cipherbyname(SN_rc4);
- ssl_cipher_methods[SSL_ENC_RC2_IDX]=
- EVP_get_cipherbyname(SN_rc2_cbc);
- ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
- EVP_get_cipherbyname(SN_idea_cbc);
-
- ssl_digest_methods[SSL_MD_MD5_IDX]=
- EVP_get_digestbyname(SN_md5);
- ssl_digest_methods[SSL_MD_SHA1_IDX]=
- EVP_get_digestbyname(SN_sha1);
- }
-
-int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc,
- const EVP_MD **md, SSL_COMP **comp)
- {
- int i;
- SSL_CIPHER *c;
-
- c=s->cipher;
- if (c == NULL) return(0);
- if (comp != NULL)
- {
- SSL_COMP ctmp;
-
- if (s->compress_meth == 0)
- *comp=NULL;
- else if (ssl_comp_methods == NULL)
- {
- /* bad */
- *comp=NULL;
- }
- else
- {
-
- ctmp.id=s->compress_meth;
- i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
- if (i >= 0)
- *comp=sk_SSL_COMP_value(ssl_comp_methods,i);
- else
- *comp=NULL;
- }
- }
-
- if ((enc == NULL) || (md == NULL)) return(0);
-
- switch (c->algorithms & SSL_ENC_MASK)
- {
- case SSL_DES:
- i=SSL_ENC_DES_IDX;
- break;
- case SSL_3DES:
- i=SSL_ENC_3DES_IDX;
- break;
- case SSL_RC4:
- i=SSL_ENC_RC4_IDX;
- break;
- case SSL_RC2:
- i=SSL_ENC_RC2_IDX;
- break;
- case SSL_IDEA:
- i=SSL_ENC_IDEA_IDX;
- break;
- case SSL_eNULL:
- i=SSL_ENC_NULL_IDX;
- break;
- default:
- i= -1;
- break;
- }
-
- if ((i < 0) || (i > SSL_ENC_NUM_IDX))
- *enc=NULL;
- else
- {
- if (i == SSL_ENC_NULL_IDX)
- *enc=EVP_enc_null();
- else
- *enc=ssl_cipher_methods[i];
- }
-
- switch (c->algorithms & SSL_MAC_MASK)
- {
- case SSL_MD5:
- i=SSL_MD_MD5_IDX;
- break;
- case SSL_SHA1:
- i=SSL_MD_SHA1_IDX;
- break;
- default:
- i= -1;
- break;
- }
- if ((i < 0) || (i > SSL_MD_NUM_IDX))
- *md=NULL;
- else
- *md=ssl_digest_methods[i];
-
- if ((*enc != NULL) && (*md != NULL))
- return(1);
- else
- return(0);
- }
-
-#define ITEM_SEP(a) \
- (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
-
-static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
- CIPHER_ORDER **tail)
- {
- if (curr == *tail) return;
- if (curr == *head)
- *head=curr->next;
- if (curr->prev != NULL)
- curr->prev->next=curr->next;
- if (curr->next != NULL) /* should always be true */
- curr->next->prev=curr->prev;
- (*tail)->next=curr;
- curr->prev= *tail;
- curr->next=NULL;
- *tail=curr;
- }
-
-static unsigned long ssl_cipher_get_disabled(void)
- {
- unsigned long mask;
-
- mask = SSL_kFZA;
-#ifdef NO_RSA
- mask |= SSL_aRSA|SSL_kRSA;
-#endif
-#ifdef NO_DSA
- mask |= SSL_aDSS;
-#endif
-#ifdef NO_DH
- mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
-#endif
-
-#ifdef SSL_FORBID_ENULL
- mask |= SSL_eNULL;
-#endif
-
- mask |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
- mask |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
- mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
- mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
- mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
- mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
-
- mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
- mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
-
- return(mask);
- }
-
-static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
- int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list,
- CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
- {
- int i, list_num;
- SSL_CIPHER *c;
-
- /*
- * We have num_of_ciphers descriptions compiled in, depending on the
- * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
- * These will later be sorted in a linked list with at most num
- * entries.
- */
-
- /* Get the initial list of ciphers */
- list_num = 0; /* actual count of ciphers */
- for (i = 0; i < num_of_ciphers; i++)
- {
- c = ssl_method->get_cipher(i);
- /* drop those that use any of that is not available */
- if ((c != NULL) && c->valid && !(c->algorithms & mask))
- {
- list[list_num].cipher = c;
- list[list_num].next = NULL;
- list[list_num].prev = NULL;
- list[list_num].active = 0;
- list_num++;
- /*
- if (!sk_push(ca_list,(char *)c)) goto err;
- */
- }
- }
-
- /*
- * Prepare linked list from list entries
- */
- for (i = 1; i < list_num - 1; i++)
- {
- list[i].prev = &(list[i-1]);
- list[i].next = &(list[i+1]);
- }
- if (list_num > 0)
- {
- (*head_p) = &(list[0]);
- (*head_p)->prev = NULL;
- (*head_p)->next = &(list[1]);
- (*tail_p) = &(list[list_num - 1]);
- (*tail_p)->prev = &(list[list_num - 2]);
- (*tail_p)->next = NULL;
- }
- }
-
-static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
- int num_of_group_aliases, unsigned long mask,
- CIPHER_ORDER *head)
- {
- CIPHER_ORDER *ciph_curr;
- SSL_CIPHER **ca_curr;
- int i;
-
- /*
- * First, add the real ciphers as already collected
- */
- ciph_curr = head;
- ca_curr = ca_list;
- while (ciph_curr != NULL)
- {
- *ca_curr = ciph_curr->cipher;
- ca_curr++;
- ciph_curr = ciph_curr->next;
- }
-
- /*
- * Now we add the available ones from the cipher_aliases[] table.
- * They represent either an algorithm, that must be fully
- * supported (not match any bit in mask) or represent a cipher
- * strength value (will be added in any case because algorithms=0).
- */
- for (i = 0; i < num_of_group_aliases; i++)
- {
- if ((i == 0) || /* always fetch "ALL" */
- !(cipher_aliases[i].algorithms & mask))
- {
- *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
- ca_curr++;
- }
- }
-
- *ca_curr = NULL; /* end of list */
- }
-
-static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
- unsigned long algo_strength, unsigned long mask_strength,
- int rule, int strength_bits, CIPHER_ORDER *list,
- CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
- {
- CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
- SSL_CIPHER *cp;
- unsigned long ma, ma_s;
-
-#ifdef CIPHER_DEBUG
- printf("Applying rule %d with %08lx %08lx %08lx %08lx (%d)\n",
- rule, algorithms, mask, algo_strength, mask_strength,
- strength_bits);
-#endif
-
- curr = head = *head_p;
- curr2 = head;
- tail2 = tail = *tail_p;
- for (;;)
- {
- if ((curr == NULL) || (curr == tail2)) break;
- curr = curr2;
- curr2 = curr->next;
-
- cp = curr->cipher;
-
- /*
- * Selection criteria is either the number of strength_bits
- * or the algorithm used.
- */
- if (strength_bits == -1)
- {
- ma = mask & cp->algorithms;
- ma_s = mask_strength & cp->algo_strength;
-
-#ifdef CIPHER_DEBUG
- printf("\nName: %s:\nAlgo = %08lx Algo_strength = %08lx\nMask = %08lx Mask_strength %08lx\n", cp->name, cp->algorithms, cp->algo_strength, mask, mask_strength);
- printf("ma = %08lx ma_s %08lx, ma&algo=%08lx, ma_s&algos=%08lx\n", ma, ma_s, ma&algorithms, ma_s&algo_strength);
-#endif
- /*
- * Select: if none of the mask bit was met from the
- * cipher or not all of the bits were met, the
- * selection does not apply.
- */
- if (((ma == 0) && (ma_s == 0)) ||
- ((ma & algorithms) != ma) ||
- ((ma_s & algo_strength) != ma_s))
- continue; /* does not apply */
- }
- else if (strength_bits != cp->strength_bits)
- continue; /* does not apply */
-
-#ifdef CIPHER_DEBUG
- printf("Action = %d\n", rule);
-#endif
-
- /* add the cipher if it has not been added yet. */
- if (rule == CIPHER_ADD)
- {
- if (!curr->active)
- {
- ll_append_tail(&head, curr, &tail);
- curr->active = 1;
- }
- }
- /* Move the added cipher to this location */
- else if (rule == CIPHER_ORD)
- {
- if (curr->active)
- {
- ll_append_tail(&head, curr, &tail);
- }
- }
- else if (rule == CIPHER_DEL)
- curr->active = 0;
- else if (rule == CIPHER_KILL)
- {
- if (head == curr)
- head = curr->next;
- else
- curr->prev->next = curr->next;
- if (tail == curr)
- tail = curr->prev;
- curr->active = 0;
- if (curr->next != NULL)
- curr->next->prev = curr->prev;
- if (curr->prev != NULL)
- curr->prev->next = curr->next;
- curr->next = NULL;
- curr->prev = NULL;
- }
- }
-
- *head_p = head;
- *tail_p = tail;
- }
-
-static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
- CIPHER_ORDER **tail_p)
- {
- int max_strength_bits, i, *number_uses;
- CIPHER_ORDER *curr;
-
- /*
- * This routine sorts the ciphers with descending strength. The sorting
- * must keep the pre-sorted sequence, so we apply the normal sorting
- * routine as '+' movement to the end of the list.
- */
- max_strength_bits = 0;
- curr = *head_p;
- while (curr != NULL)
- {
- if (curr->active &&
- (curr->cipher->strength_bits > max_strength_bits))
- max_strength_bits = curr->cipher->strength_bits;
- curr = curr->next;
- }
-
- number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
- if (!number_uses)
- {
- SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
-
- /*
- * Now find the strength_bits values actually used
- */
- curr = *head_p;
- while (curr != NULL)
- {
- if (curr->active)
- number_uses[curr->cipher->strength_bits]++;
- curr = curr->next;
- }
- /*
- * Go through the list of used strength_bits values in descending
- * order.
- */
- for (i = max_strength_bits; i >= 0; i--)
- if (number_uses[i] > 0)
- ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
- list, head_p, tail_p);
-
- OPENSSL_free(number_uses);
- return(1);
- }
-
-static int ssl_cipher_process_rulestr(const char *rule_str,
- CIPHER_ORDER *list, CIPHER_ORDER **head_p,
- CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
- {
- unsigned long algorithms, mask, algo_strength, mask_strength;
- const char *l, *start, *buf;
- int j, multi, found, rule, retval, ok, buflen;
- char ch;
-
- retval = 1;
- l = rule_str;
- for (;;)
- {
- ch = *l;
-
- if (ch == '\0')
- break; /* done */
- if (ch == '-')
- { rule = CIPHER_DEL; l++; }
- else if (ch == '+')
- { rule = CIPHER_ORD; l++; }
- else if (ch == '!')
- { rule = CIPHER_KILL; l++; }
- else if (ch == '@')
- { rule = CIPHER_SPECIAL; l++; }
- else
- { rule = CIPHER_ADD; }
-
- if (ITEM_SEP(ch))
- {
- l++;
- continue;
- }
-
- algorithms = mask = algo_strength = mask_strength = 0;
-
- start=l;
- for (;;)
- {
- ch = *l;
- buf = l;
- buflen = 0;
-#ifndef CHARSET_EBCDIC
- while ( ((ch >= 'A') && (ch <= 'Z')) ||
- ((ch >= '0') && (ch <= '9')) ||
- ((ch >= 'a') && (ch <= 'z')) ||
- (ch == '-'))
-#else
- while ( isalnum(ch) || (ch == '-'))
-#endif
- {
- ch = *(++l);
- buflen++;
- }
-
- if (buflen == 0)
- {
- /*
- * We hit something we cannot deal with,
- * it is no command or separator nor
- * alphanumeric, so we call this an error.
- */
- SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
- SSL_R_INVALID_COMMAND);
- retval = found = 0;
- l++;
- break;
- }
-
- if (rule == CIPHER_SPECIAL)
- {
- found = 0; /* unused -- avoid compiler warning */
- break; /* special treatment */
- }
-
- /* check for multi-part specification */
- if (ch == '+')
- {
- multi=1;
- l++;
- }
- else
- multi=0;
-
- /*
- * Now search for the cipher alias in the ca_list. Be careful
- * with the strncmp, because the "buflen" limitation
- * will make the rule "ADH:SOME" and the cipher
- * "ADH-MY-CIPHER" look like a match for buflen=3.
- * So additionally check whether the cipher name found
- * has the correct length. We can save a strlen() call:
- * just checking for the '\0' at the right place is
- * sufficient, we have to strncmp() anyway.
- */
- j = found = 0;
- while (ca_list[j])
- {
- if ((ca_list[j]->name[buflen] == '\0') &&
- !strncmp(buf, ca_list[j]->name, buflen))
- {
- found = 1;
- break;
- }
- else
- j++;
- }
- if (!found)
- break; /* ignore this entry */
-
- algorithms |= ca_list[j]->algorithms;
- mask |= ca_list[j]->mask;
- algo_strength |= ca_list[j]->algo_strength;
- mask_strength |= ca_list[j]->mask_strength;
-
- if (!multi) break;
- }
-
- /*
- * Ok, we have the rule, now apply it
- */
- if (rule == CIPHER_SPECIAL)
- { /* special command */
- ok = 0;
- if ((buflen == 8) &&
- !strncmp(buf, "STRENGTH", 8))
- ok = ssl_cipher_strength_sort(list,
- head_p, tail_p);
- else
- SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
- SSL_R_INVALID_COMMAND);
- if (ok == 0)
- retval = 0;
- /*
- * We do not support any "multi" options
- * together with "@", so throw away the
- * rest of the command, if any left, until
- * end or ':' is found.
- */
- while ((*l != '\0') && ITEM_SEP(*l))
- l++;
- }
- else if (found)
- {
- ssl_cipher_apply_rule(algorithms, mask,
- algo_strength, mask_strength, rule, -1,
- list, head_p, tail_p);
- }
- else
- {
- while ((*l != '\0') && ITEM_SEP(*l))
- l++;
- }
- if (*l == '\0') break; /* done */
- }
-
- return(retval);
- }
-
-STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
- STACK_OF(SSL_CIPHER) **cipher_list,
- STACK_OF(SSL_CIPHER) **cipher_list_by_id,
- const char *rule_str)
- {
- int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
- unsigned long disabled_mask;
- STACK_OF(SSL_CIPHER) *cipherstack;
- const char *rule_p;
- CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr;
- SSL_CIPHER **ca_list = NULL;
-
- /*
- * Return with error if nothing to do.
- */
- if (rule_str == NULL) return(NULL);
-
- if (init_ciphers) load_ciphers();
-
- /*
- * To reduce the work to do we only want to process the compiled
- * in algorithms, so we first get the mask of disabled ciphers.
- */
- disabled_mask = ssl_cipher_get_disabled();
-
- /*
- * Now we have to collect the available ciphers from the compiled
- * in ciphers. We cannot get more than the number compiled in, so
- * it is used for allocation.
- */
- num_of_ciphers = ssl_method->num_ciphers();
- list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
- if (list == NULL)
- {
- SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
- return(NULL); /* Failure */
- }
-
- ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
- list, &head, &tail);
-
- /*
- * We also need cipher aliases for selecting based on the rule_str.
- * There might be two types of entries in the rule_str: 1) names
- * of ciphers themselves 2) aliases for groups of ciphers.
- * For 1) we need the available ciphers and for 2) the cipher
- * groups of cipher_aliases added together in one list (otherwise
- * we would be happy with just the cipher_aliases table).
- */
- num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
- num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
- ca_list =
- (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
- if (ca_list == NULL)
- {
- OPENSSL_free(list);
- SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
- return(NULL); /* Failure */
- }
- ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mask,
- head);
-
- /*
- * If the rule_string begins with DEFAULT, apply the default rule
- * before using the (possibly available) additional rules.
- */
- ok = 1;
- rule_p = rule_str;
- if (strncmp(rule_str,"DEFAULT",7) == 0)
- {
- ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
- list, &head, &tail, ca_list);
- rule_p += 7;
- if (*rule_p == ':')
- rule_p++;
- }
-
- if (ok && (strlen(rule_p) > 0))
- ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail,
- ca_list);
-
- OPENSSL_free(ca_list); /* Not needed anymore */
-
- if (!ok)
- { /* Rule processing failure */
- OPENSSL_free(list);
- return(NULL);
- }
- /*
- * Allocate new "cipherstack" for the result, return with error
- * if we cannot get one.
- */
- if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
- {
- OPENSSL_free(list);
- return(NULL);
- }
-
- /*
- * The cipher selection for the list is done. The ciphers are added
- * to the resulting precedence to the STACK_OF(SSL_CIPHER).
- */
- for (curr = head; curr != NULL; curr = curr->next)
- {
- if (curr->active)
- {
- sk_SSL_CIPHER_push(cipherstack, curr->cipher);
-#ifdef CIPHER_DEBUG
- printf("<%s>\n",curr->cipher->name);
-#endif
- }
- }
- OPENSSL_free(list); /* Not needed any longer */
-
- /*
- * The following passage is a little bit odd. If pointer variables
- * were supplied to hold STACK_OF(SSL_CIPHER) return information,
- * the old memory pointed to is free()ed. Then, however, the
- * cipher_list entry will be assigned just a copy of the returned
- * cipher stack. For cipher_list_by_id a copy of the cipher stack
- * will be created. See next comment...
- */
- if (cipher_list != NULL)
- {
- if (*cipher_list != NULL)
- sk_SSL_CIPHER_free(*cipher_list);
- *cipher_list = cipherstack;
- }
-
- if (cipher_list_by_id != NULL)
- {
- if (*cipher_list_by_id != NULL)
- sk_SSL_CIPHER_free(*cipher_list_by_id);
- *cipher_list_by_id = sk_SSL_CIPHER_dup(cipherstack);
- }
-
- /*
- * Now it is getting really strange. If something failed during
- * the previous pointer assignment or if one of the pointers was
- * not requested, the error condition is met. That might be
- * discussable. The strange thing is however that in this case
- * the memory "ret" pointed to is "free()ed" and hence the pointer
- * cipher_list becomes wild. The memory reserved for
- * cipher_list_by_id however is not "free()ed" and stays intact.
- */
- if ( (cipher_list_by_id == NULL) ||
- (*cipher_list_by_id == NULL) ||
- (cipher_list == NULL) ||
- (*cipher_list == NULL))
- {
- sk_SSL_CIPHER_free(cipherstack);
- return(NULL);
- }
-
- sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
-
- return(cipherstack);
- }
-
-char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
- {
- int is_export,pkl,kl;
- char *ver,*exp;
- char *kx,*au,*enc,*mac;
- unsigned long alg,alg2,alg_s;
- static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
-
- alg=cipher->algorithms;
- alg_s=cipher->algo_strength;
- alg2=cipher->algorithm2;
-
- is_export=SSL_C_IS_EXPORT(cipher);
- pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
- kl=SSL_C_EXPORT_KEYLENGTH(cipher);
- exp=is_export?" export":"";
-
- if (alg & SSL_SSLV2)
- ver="SSLv2";
- else if (alg & SSL_SSLV3)
- ver="SSLv3";
- else
- ver="unknown";
-
- switch (alg&SSL_MKEY_MASK)
- {
- case SSL_kRSA:
- kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
- break;
- case SSL_kDHr:
- kx="DH/RSA";
- break;
- case SSL_kDHd:
- kx="DH/DSS";
- break;
- case SSL_kFZA:
- kx="Fortezza";
- break;
- case SSL_kEDH:
- kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
- break;
- default:
- kx="unknown";
- }
-
- switch (alg&SSL_AUTH_MASK)
- {
- case SSL_aRSA:
- au="RSA";
- break;
- case SSL_aDSS:
- au="DSS";
- break;
- case SSL_aDH:
- au="DH";
- break;
- case SSL_aFZA:
- case SSL_aNULL:
- au="None";
- break;
- default:
- au="unknown";
- break;
- }
-
- switch (alg&SSL_ENC_MASK)
- {
- case SSL_DES:
- enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
- break;
- case SSL_3DES:
- enc="3DES(168)";
- break;
- case SSL_RC4:
- enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
- :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
- break;
- case SSL_RC2:
- enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
- break;
- case SSL_IDEA:
- enc="IDEA(128)";
- break;
- case SSL_eFZA:
- enc="Fortezza";
- break;
- case SSL_eNULL:
- enc="None";
- break;
- default:
- enc="unknown";
- break;
- }
-
- switch (alg&SSL_MAC_MASK)
- {
- case SSL_MD5:
- mac="MD5";
- break;
- case SSL_SHA1:
- mac="SHA1";
- break;
- default:
- mac="unknown";
- break;
- }
-
- if (buf == NULL)
- {
- len=128;
- buf=OPENSSL_malloc(len);
- if (buf == NULL) return("OPENSSL_malloc Error");
- }
- else if (len < 128)
- return("Buffer too small");
-
- BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp);
- return(buf);
- }
-
-char *SSL_CIPHER_get_version(SSL_CIPHER *c)
- {
- int i;
-
- if (c == NULL) return("(NONE)");
- i=(int)(c->id>>24L);
- if (i == 3)
- return("TLSv1/SSLv3");
- else if (i == 2)
- return("SSLv2");
- else
- return("unknown");
- }
-
-/* return the actual cipher being used */
-const char *SSL_CIPHER_get_name(SSL_CIPHER *c)
- {
- if (c != NULL)
- return(c->name);
- return("(NONE)");
- }
-
-/* number of bits for symmetric cipher */
-int SSL_CIPHER_get_bits(SSL_CIPHER *c, int *alg_bits)
- {
- int ret=0;
-
- if (c != NULL)
- {
- if (alg_bits != NULL) *alg_bits = c->alg_bits;
- ret = c->strength_bits;
- }
- return(ret);
- }
-
-SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
- {
- SSL_COMP *ctmp;
- int i,nn;
-
- if ((n == 0) || (sk == NULL)) return(NULL);
- nn=sk_SSL_COMP_num(sk);
- for (i=0; i<nn; i++)
- {
- ctmp=sk_SSL_COMP_value(sk,i);
- if (ctmp->id == n)
- return(ctmp);
- }
- return(NULL);
- }
-
-static int sk_comp_cmp(const SSL_COMP * const *a,
- const SSL_COMP * const *b)
- {
- return((*a)->id-(*b)->id);
- }
-
-STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
- {
- return(ssl_comp_methods);
- }
-
-int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
- {
- SSL_COMP *comp;
- STACK_OF(SSL_COMP) *sk;
-
- comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
- comp->id=id;
- comp->method=cm;
- if (ssl_comp_methods == NULL)
- sk=ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
- else
- sk=ssl_comp_methods;
- if ((sk == NULL) || !sk_SSL_COMP_push(sk,comp))
- {
- SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- else
- return(1);
- }
-
diff --git a/crypto/openssl/ssl/ssl_err.c b/crypto/openssl/ssl/ssl_err.c
deleted file mode 100644
index b1b7c22e6b86..000000000000
--- a/crypto/openssl/ssl/ssl_err.c
+++ /dev/null
@@ -1,440 +0,0 @@
-/* ssl/ssl_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-/* BEGIN ERROR CODES */
-#ifndef NO_ERR
-static ERR_STRING_DATA SSL_str_functs[]=
- {
-{ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"},
-{ERR_PACK(0,SSL_F_CLIENT_HELLO,0), "CLIENT_HELLO"},
-{ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"},
-{ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0), "d2i_SSL_SESSION"},
-{ERR_PACK(0,SSL_F_DO_SSL3_WRITE,0), "DO_SSL3_WRITE"},
-{ERR_PACK(0,SSL_F_GET_CLIENT_FINISHED,0), "GET_CLIENT_FINISHED"},
-{ERR_PACK(0,SSL_F_GET_CLIENT_HELLO,0), "GET_CLIENT_HELLO"},
-{ERR_PACK(0,SSL_F_GET_CLIENT_MASTER_KEY,0), "GET_CLIENT_MASTER_KEY"},
-{ERR_PACK(0,SSL_F_GET_SERVER_FINISHED,0), "GET_SERVER_FINISHED"},
-{ERR_PACK(0,SSL_F_GET_SERVER_HELLO,0), "GET_SERVER_HELLO"},
-{ERR_PACK(0,SSL_F_GET_SERVER_VERIFY,0), "GET_SERVER_VERIFY"},
-{ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0), "i2d_SSL_SESSION"},
-{ERR_PACK(0,SSL_F_READ_N,0), "READ_N"},
-{ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0), "REQUEST_CERTIFICATE"},
-{ERR_PACK(0,SSL_F_SERVER_HELLO,0), "SERVER_HELLO"},
-{ERR_PACK(0,SSL_F_SSL23_ACCEPT,0), "SSL23_ACCEPT"},
-{ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0), "SSL23_CLIENT_HELLO"},
-{ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"},
-{ERR_PACK(0,SSL_F_SSL23_GET_CLIENT_HELLO,0), "SSL23_GET_CLIENT_HELLO"},
-{ERR_PACK(0,SSL_F_SSL23_GET_SERVER_HELLO,0), "SSL23_GET_SERVER_HELLO"},
-{ERR_PACK(0,SSL_F_SSL23_PEEK,0), "SSL23_PEEK"},
-{ERR_PACK(0,SSL_F_SSL23_READ,0), "SSL23_READ"},
-{ERR_PACK(0,SSL_F_SSL23_WRITE,0), "SSL23_WRITE"},
-{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"},
-{ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"},
-{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"},
-{ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"},
-{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"},
-{ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"},
-{ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0), "SSL2_SET_CERTIFICATE"},
-{ERR_PACK(0,SSL_F_SSL2_WRITE,0), "SSL2_WRITE"},
-{ERR_PACK(0,SSL_F_SSL3_ACCEPT,0), "SSL3_ACCEPT"},
-{ERR_PACK(0,SSL_F_SSL3_CALLBACK_CTRL,0), "SSL3_CALLBACK_CTRL"},
-{ERR_PACK(0,SSL_F_SSL3_CHANGE_CIPHER_STATE,0), "SSL3_CHANGE_CIPHER_STATE"},
-{ERR_PACK(0,SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,0), "SSL3_CHECK_CERT_AND_ALGORITHM"},
-{ERR_PACK(0,SSL_F_SSL3_CLIENT_HELLO,0), "SSL3_CLIENT_HELLO"},
-{ERR_PACK(0,SSL_F_SSL3_CONNECT,0), "SSL3_CONNECT"},
-{ERR_PACK(0,SSL_F_SSL3_CTRL,0), "SSL3_CTRL"},
-{ERR_PACK(0,SSL_F_SSL3_CTX_CTRL,0), "SSL3_CTX_CTRL"},
-{ERR_PACK(0,SSL_F_SSL3_ENC,0), "SSL3_ENC"},
-{ERR_PACK(0,SSL_F_SSL3_GET_CERTIFICATE_REQUEST,0), "SSL3_GET_CERTIFICATE_REQUEST"},
-{ERR_PACK(0,SSL_F_SSL3_GET_CERT_VERIFY,0), "SSL3_GET_CERT_VERIFY"},
-{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_CERTIFICATE,0), "SSL3_GET_CLIENT_CERTIFICATE"},
-{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_HELLO,0), "SSL3_GET_CLIENT_HELLO"},
-{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,0), "SSL3_GET_CLIENT_KEY_EXCHANGE"},
-{ERR_PACK(0,SSL_F_SSL3_GET_FINISHED,0), "SSL3_GET_FINISHED"},
-{ERR_PACK(0,SSL_F_SSL3_GET_KEY_EXCHANGE,0), "SSL3_GET_KEY_EXCHANGE"},
-{ERR_PACK(0,SSL_F_SSL3_GET_MESSAGE,0), "SSL3_GET_MESSAGE"},
-{ERR_PACK(0,SSL_F_SSL3_GET_RECORD,0), "SSL3_GET_RECORD"},
-{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_CERTIFICATE,0), "SSL3_GET_SERVER_CERTIFICATE"},
-{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_DONE,0), "SSL3_GET_SERVER_DONE"},
-{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_HELLO,0), "SSL3_GET_SERVER_HELLO"},
-{ERR_PACK(0,SSL_F_SSL3_OUTPUT_CERT_CHAIN,0), "SSL3_OUTPUT_CERT_CHAIN"},
-{ERR_PACK(0,SSL_F_SSL3_PEEK,0), "SSL3_PEEK"},
-{ERR_PACK(0,SSL_F_SSL3_READ_BYTES,0), "SSL3_READ_BYTES"},
-{ERR_PACK(0,SSL_F_SSL3_READ_N,0), "SSL3_READ_N"},
-{ERR_PACK(0,SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,0), "SSL3_SEND_CERTIFICATE_REQUEST"},
-{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,0), "SSL3_SEND_CLIENT_CERTIFICATE"},
-{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
-{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0), "SSL3_SEND_CLIENT_VERIFY"},
-{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0), "SSL3_SEND_SERVER_CERTIFICATE"},
-{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
-{ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0), "SSL3_SETUP_BUFFERS"},
-{ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"},
-{ERR_PACK(0,SSL_F_SSL3_WRITE_BYTES,0), "SSL3_WRITE_BYTES"},
-{ERR_PACK(0,SSL_F_SSL3_WRITE_PENDING,0), "SSL3_WRITE_PENDING"},
-{ERR_PACK(0,SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,0), "SSL_add_dir_cert_subjects_to_stack"},
-{ERR_PACK(0,SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,0), "SSL_add_file_cert_subjects_to_stack"},
-{ERR_PACK(0,SSL_F_SSL_BAD_METHOD,0), "SSL_BAD_METHOD"},
-{ERR_PACK(0,SSL_F_SSL_BYTES_TO_CIPHER_LIST,0), "SSL_BYTES_TO_CIPHER_LIST"},
-{ERR_PACK(0,SSL_F_SSL_CERT_DUP,0), "SSL_CERT_DUP"},
-{ERR_PACK(0,SSL_F_SSL_CERT_INST,0), "SSL_CERT_INST"},
-{ERR_PACK(0,SSL_F_SSL_CERT_INSTANTIATE,0), "SSL_CERT_INSTANTIATE"},
-{ERR_PACK(0,SSL_F_SSL_CERT_NEW,0), "SSL_CERT_NEW"},
-{ERR_PACK(0,SSL_F_SSL_CHECK_PRIVATE_KEY,0), "SSL_check_private_key"},
-{ERR_PACK(0,SSL_F_SSL_CIPHER_PROCESS_RULESTR,0), "SSL_CIPHER_PROCESS_RULESTR"},
-{ERR_PACK(0,SSL_F_SSL_CIPHER_STRENGTH_SORT,0), "SSL_CIPHER_STRENGTH_SORT"},
-{ERR_PACK(0,SSL_F_SSL_CLEAR,0), "SSL_clear"},
-{ERR_PACK(0,SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,0), "SSL_COMP_add_compression_method"},
-{ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0), "SSL_CREATE_CIPHER_LIST"},
-{ERR_PACK(0,SSL_F_SSL_CTRL,0), "SSL_ctrl"},
-{ERR_PACK(0,SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,0), "SSL_CTX_check_private_key"},
-{ERR_PACK(0,SSL_F_SSL_CTX_NEW,0), "SSL_CTX_new"},
-{ERR_PACK(0,SSL_F_SSL_CTX_SET_PURPOSE,0), "SSL_CTX_set_purpose"},
-{ERR_PACK(0,SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,0), "SSL_CTX_set_session_id_context"},
-{ERR_PACK(0,SSL_F_SSL_CTX_SET_SSL_VERSION,0), "SSL_CTX_set_ssl_version"},
-{ERR_PACK(0,SSL_F_SSL_CTX_SET_TRUST,0), "SSL_CTX_set_trust"},
-{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE,0), "SSL_CTX_use_certificate"},
-{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,0), "SSL_CTX_use_certificate_ASN1"},
-{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,0), "SSL_CTX_use_certificate_chain_file"},
-{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,0), "SSL_CTX_use_certificate_file"},
-{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY,0), "SSL_CTX_use_PrivateKey"},
-{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,0), "SSL_CTX_use_PrivateKey_ASN1"},
-{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,0), "SSL_CTX_use_PrivateKey_file"},
-{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,0), "SSL_CTX_use_RSAPrivateKey"},
-{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,0), "SSL_CTX_use_RSAPrivateKey_ASN1"},
-{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,0), "SSL_CTX_use_RSAPrivateKey_file"},
-{ERR_PACK(0,SSL_F_SSL_DO_HANDSHAKE,0), "SSL_do_handshake"},
-{ERR_PACK(0,SSL_F_SSL_GET_NEW_SESSION,0), "SSL_GET_NEW_SESSION"},
-{ERR_PACK(0,SSL_F_SSL_GET_PREV_SESSION,0), "SSL_GET_PREV_SESSION"},
-{ERR_PACK(0,SSL_F_SSL_GET_SERVER_SEND_CERT,0), "SSL_GET_SERVER_SEND_CERT"},
-{ERR_PACK(0,SSL_F_SSL_GET_SIGN_PKEY,0), "SSL_GET_SIGN_PKEY"},
-{ERR_PACK(0,SSL_F_SSL_INIT_WBIO_BUFFER,0), "SSL_INIT_WBIO_BUFFER"},
-{ERR_PACK(0,SSL_F_SSL_LOAD_CLIENT_CA_FILE,0), "SSL_load_client_CA_file"},
-{ERR_PACK(0,SSL_F_SSL_NEW,0), "SSL_new"},
-{ERR_PACK(0,SSL_F_SSL_READ,0), "SSL_read"},
-{ERR_PACK(0,SSL_F_SSL_RSA_PRIVATE_DECRYPT,0), "SSL_RSA_PRIVATE_DECRYPT"},
-{ERR_PACK(0,SSL_F_SSL_RSA_PUBLIC_ENCRYPT,0), "SSL_RSA_PUBLIC_ENCRYPT"},
-{ERR_PACK(0,SSL_F_SSL_SESSION_NEW,0), "SSL_SESSION_new"},
-{ERR_PACK(0,SSL_F_SSL_SESSION_PRINT_FP,0), "SSL_SESSION_print_fp"},
-{ERR_PACK(0,SSL_F_SSL_SESS_CERT_NEW,0), "SSL_SESS_CERT_NEW"},
-{ERR_PACK(0,SSL_F_SSL_SET_CERT,0), "SSL_SET_CERT"},
-{ERR_PACK(0,SSL_F_SSL_SET_FD,0), "SSL_set_fd"},
-{ERR_PACK(0,SSL_F_SSL_SET_PKEY,0), "SSL_SET_PKEY"},
-{ERR_PACK(0,SSL_F_SSL_SET_PURPOSE,0), "SSL_set_purpose"},
-{ERR_PACK(0,SSL_F_SSL_SET_RFD,0), "SSL_set_rfd"},
-{ERR_PACK(0,SSL_F_SSL_SET_SESSION,0), "SSL_set_session"},
-{ERR_PACK(0,SSL_F_SSL_SET_SESSION_ID_CONTEXT,0), "SSL_set_session_id_context"},
-{ERR_PACK(0,SSL_F_SSL_SET_TRUST,0), "SSL_set_trust"},
-{ERR_PACK(0,SSL_F_SSL_SET_WFD,0), "SSL_set_wfd"},
-{ERR_PACK(0,SSL_F_SSL_SHUTDOWN,0), "SSL_shutdown"},
-{ERR_PACK(0,SSL_F_SSL_UNDEFINED_FUNCTION,0), "SSL_UNDEFINED_FUNCTION"},
-{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE,0), "SSL_use_certificate"},
-{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_ASN1,0), "SSL_use_certificate_ASN1"},
-{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_FILE,0), "SSL_use_certificate_file"},
-{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY,0), "SSL_use_PrivateKey"},
-{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY_ASN1,0), "SSL_use_PrivateKey_ASN1"},
-{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY_FILE,0), "SSL_use_PrivateKey_file"},
-{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY,0), "SSL_use_RSAPrivateKey"},
-{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,0), "SSL_use_RSAPrivateKey_ASN1"},
-{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,0), "SSL_use_RSAPrivateKey_file"},
-{ERR_PACK(0,SSL_F_SSL_VERIFY_CERT_CHAIN,0), "SSL_VERIFY_CERT_CHAIN"},
-{ERR_PACK(0,SSL_F_SSL_WRITE,0), "SSL_write"},
-{ERR_PACK(0,SSL_F_TLS1_CHANGE_CIPHER_STATE,0), "TLS1_CHANGE_CIPHER_STATE"},
-{ERR_PACK(0,SSL_F_TLS1_ENC,0), "TLS1_ENC"},
-{ERR_PACK(0,SSL_F_TLS1_SETUP_KEY_BLOCK,0), "TLS1_SETUP_KEY_BLOCK"},
-{ERR_PACK(0,SSL_F_WRITE_PENDING,0), "WRITE_PENDING"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA SSL_str_reasons[]=
- {
-{SSL_R_APP_DATA_IN_HANDSHAKE ,"app data in handshake"},
-{SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT,"attempt to reuse session in different context"},
-{SSL_R_BAD_ALERT_RECORD ,"bad alert record"},
-{SSL_R_BAD_AUTHENTICATION_TYPE ,"bad authentication type"},
-{SSL_R_BAD_CHANGE_CIPHER_SPEC ,"bad change cipher spec"},
-{SSL_R_BAD_CHECKSUM ,"bad checksum"},
-{SSL_R_BAD_DATA_RETURNED_BY_CALLBACK ,"bad data returned by callback"},
-{SSL_R_BAD_DECOMPRESSION ,"bad decompression"},
-{SSL_R_BAD_DH_G_LENGTH ,"bad dh g length"},
-{SSL_R_BAD_DH_PUB_KEY_LENGTH ,"bad dh pub key length"},
-{SSL_R_BAD_DH_P_LENGTH ,"bad dh p length"},
-{SSL_R_BAD_DIGEST_LENGTH ,"bad digest length"},
-{SSL_R_BAD_DSA_SIGNATURE ,"bad dsa signature"},
-{SSL_R_BAD_HELLO_REQUEST ,"bad hello request"},
-{SSL_R_BAD_LENGTH ,"bad length"},
-{SSL_R_BAD_MAC_DECODE ,"bad mac decode"},
-{SSL_R_BAD_MESSAGE_TYPE ,"bad message type"},
-{SSL_R_BAD_PACKET_LENGTH ,"bad packet length"},
-{SSL_R_BAD_PROTOCOL_VERSION_NUMBER ,"bad protocol version number"},
-{SSL_R_BAD_RESPONSE_ARGUMENT ,"bad response argument"},
-{SSL_R_BAD_RSA_DECRYPT ,"bad rsa decrypt"},
-{SSL_R_BAD_RSA_ENCRYPT ,"bad rsa encrypt"},
-{SSL_R_BAD_RSA_E_LENGTH ,"bad rsa e length"},
-{SSL_R_BAD_RSA_MODULUS_LENGTH ,"bad rsa modulus length"},
-{SSL_R_BAD_RSA_SIGNATURE ,"bad rsa signature"},
-{SSL_R_BAD_SIGNATURE ,"bad signature"},
-{SSL_R_BAD_SSL_FILETYPE ,"bad ssl filetype"},
-{SSL_R_BAD_SSL_SESSION_ID_LENGTH ,"bad ssl session id length"},
-{SSL_R_BAD_STATE ,"bad state"},
-{SSL_R_BAD_WRITE_RETRY ,"bad write retry"},
-{SSL_R_BIO_NOT_SET ,"bio not set"},
-{SSL_R_BLOCK_CIPHER_PAD_IS_WRONG ,"block cipher pad is wrong"},
-{SSL_R_BN_LIB ,"bn lib"},
-{SSL_R_CA_DN_LENGTH_MISMATCH ,"ca dn length mismatch"},
-{SSL_R_CA_DN_TOO_LONG ,"ca dn too long"},
-{SSL_R_CCS_RECEIVED_EARLY ,"ccs received early"},
-{SSL_R_CERTIFICATE_VERIFY_FAILED ,"certificate verify failed"},
-{SSL_R_CERT_LENGTH_MISMATCH ,"cert length mismatch"},
-{SSL_R_CHALLENGE_IS_DIFFERENT ,"challenge is different"},
-{SSL_R_CIPHER_CODE_WRONG_LENGTH ,"cipher code wrong length"},
-{SSL_R_CIPHER_OR_HASH_UNAVAILABLE ,"cipher or hash unavailable"},
-{SSL_R_CIPHER_TABLE_SRC_ERROR ,"cipher table src error"},
-{SSL_R_COMPRESSED_LENGTH_TOO_LONG ,"compressed length too long"},
-{SSL_R_COMPRESSION_FAILURE ,"compression failure"},
-{SSL_R_COMPRESSION_LIBRARY_ERROR ,"compression library error"},
-{SSL_R_CONNECTION_ID_IS_DIFFERENT ,"connection id is different"},
-{SSL_R_CONNECTION_TYPE_NOT_SET ,"connection type not set"},
-{SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ,"data between ccs and finished"},
-{SSL_R_DATA_LENGTH_TOO_LONG ,"data length too long"},
-{SSL_R_DECRYPTION_FAILED ,"decryption failed"},
-{SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC,"decryption failed or bad record mac"},
-{SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG ,"dh public value length is wrong"},
-{SSL_R_DIGEST_CHECK_FAILED ,"digest check failed"},
-{SSL_R_ENCRYPTED_LENGTH_TOO_LONG ,"encrypted length too long"},
-{SSL_R_ERROR_GENERATING_TMP_RSA_KEY ,"error generating tmp rsa key"},
-{SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST ,"error in received cipher list"},
-{SSL_R_EXCESSIVE_MESSAGE_SIZE ,"excessive message size"},
-{SSL_R_EXTRA_DATA_IN_MESSAGE ,"extra data in message"},
-{SSL_R_GOT_A_FIN_BEFORE_A_CCS ,"got a fin before a ccs"},
-{SSL_R_HTTPS_PROXY_REQUEST ,"https proxy request"},
-{SSL_R_HTTP_REQUEST ,"http request"},
-{SSL_R_ILLEGAL_PADDING ,"illegal padding"},
-{SSL_R_INTERNAL_ERROR ,"internal error"},
-{SSL_R_INVALID_CHALLENGE_LENGTH ,"invalid challenge length"},
-{SSL_R_INVALID_COMMAND ,"invalid command"},
-{SSL_R_INVALID_PURPOSE ,"invalid purpose"},
-{SSL_R_INVALID_TRUST ,"invalid trust"},
-{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"},
-{SSL_R_LENGTH_MISMATCH ,"length mismatch"},
-{SSL_R_LENGTH_TOO_SHORT ,"length too short"},
-{SSL_R_LIBRARY_BUG ,"library bug"},
-{SSL_R_LIBRARY_HAS_NO_CIPHERS ,"library has no ciphers"},
-{SSL_R_MESSAGE_TOO_LONG ,"message too long"},
-{SSL_R_MISSING_DH_DSA_CERT ,"missing dh dsa cert"},
-{SSL_R_MISSING_DH_KEY ,"missing dh key"},
-{SSL_R_MISSING_DH_RSA_CERT ,"missing dh rsa cert"},
-{SSL_R_MISSING_DSA_SIGNING_CERT ,"missing dsa signing cert"},
-{SSL_R_MISSING_EXPORT_TMP_DH_KEY ,"missing export tmp dh key"},
-{SSL_R_MISSING_EXPORT_TMP_RSA_KEY ,"missing export tmp rsa key"},
-{SSL_R_MISSING_RSA_CERTIFICATE ,"missing rsa certificate"},
-{SSL_R_MISSING_RSA_ENCRYPTING_CERT ,"missing rsa encrypting cert"},
-{SSL_R_MISSING_RSA_SIGNING_CERT ,"missing rsa signing cert"},
-{SSL_R_MISSING_TMP_DH_KEY ,"missing tmp dh key"},
-{SSL_R_MISSING_TMP_RSA_KEY ,"missing tmp rsa key"},
-{SSL_R_MISSING_TMP_RSA_PKEY ,"missing tmp rsa pkey"},
-{SSL_R_MISSING_VERIFY_MESSAGE ,"missing verify message"},
-{SSL_R_NON_SSLV2_INITIAL_PACKET ,"non sslv2 initial packet"},
-{SSL_R_NO_CERTIFICATES_RETURNED ,"no certificates returned"},
-{SSL_R_NO_CERTIFICATE_ASSIGNED ,"no certificate assigned"},
-{SSL_R_NO_CERTIFICATE_RETURNED ,"no certificate returned"},
-{SSL_R_NO_CERTIFICATE_SET ,"no certificate set"},
-{SSL_R_NO_CERTIFICATE_SPECIFIED ,"no certificate specified"},
-{SSL_R_NO_CIPHERS_AVAILABLE ,"no ciphers available"},
-{SSL_R_NO_CIPHERS_PASSED ,"no ciphers passed"},
-{SSL_R_NO_CIPHERS_SPECIFIED ,"no ciphers specified"},
-{SSL_R_NO_CIPHER_LIST ,"no cipher list"},
-{SSL_R_NO_CIPHER_MATCH ,"no cipher match"},
-{SSL_R_NO_CLIENT_CERT_RECEIVED ,"no client cert received"},
-{SSL_R_NO_COMPRESSION_SPECIFIED ,"no compression specified"},
-{SSL_R_NO_METHOD_SPECIFIED ,"no method specified"},
-{SSL_R_NO_PRIVATEKEY ,"no privatekey"},
-{SSL_R_NO_PRIVATE_KEY_ASSIGNED ,"no private key assigned"},
-{SSL_R_NO_PROTOCOLS_AVAILABLE ,"no protocols available"},
-{SSL_R_NO_PUBLICKEY ,"no publickey"},
-{SSL_R_NO_SHARED_CIPHER ,"no shared cipher"},
-{SSL_R_NO_VERIFY_CALLBACK ,"no verify callback"},
-{SSL_R_NULL_SSL_CTX ,"null ssl ctx"},
-{SSL_R_NULL_SSL_METHOD_PASSED ,"null ssl method passed"},
-{SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED ,"old session cipher not returned"},
-{SSL_R_PACKET_LENGTH_TOO_LONG ,"packet length too long"},
-{SSL_R_PATH_TOO_LONG ,"path too long"},
-{SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE ,"peer did not return a certificate"},
-{SSL_R_PEER_ERROR ,"peer error"},
-{SSL_R_PEER_ERROR_CERTIFICATE ,"peer error certificate"},
-{SSL_R_PEER_ERROR_NO_CERTIFICATE ,"peer error no certificate"},
-{SSL_R_PEER_ERROR_NO_CIPHER ,"peer error no cipher"},
-{SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,"peer error unsupported certificate type"},
-{SSL_R_PRE_MAC_LENGTH_TOO_LONG ,"pre mac length too long"},
-{SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS ,"problems mapping cipher functions"},
-{SSL_R_PROTOCOL_IS_SHUTDOWN ,"protocol is shutdown"},
-{SSL_R_PUBLIC_KEY_ENCRYPT_ERROR ,"public key encrypt error"},
-{SSL_R_PUBLIC_KEY_IS_NOT_RSA ,"public key is not rsa"},
-{SSL_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"},
-{SSL_R_READ_BIO_NOT_SET ,"read bio not set"},
-{SSL_R_READ_WRONG_PACKET_TYPE ,"read wrong packet type"},
-{SSL_R_RECORD_LENGTH_MISMATCH ,"record length mismatch"},
-{SSL_R_RECORD_TOO_LARGE ,"record too large"},
-{SSL_R_RECORD_TOO_SMALL ,"record too small"},
-{SSL_R_REQUIRED_CIPHER_MISSING ,"required cipher missing"},
-{SSL_R_REUSE_CERT_LENGTH_NOT_ZERO ,"reuse cert length not zero"},
-{SSL_R_REUSE_CERT_TYPE_NOT_ZERO ,"reuse cert type not zero"},
-{SSL_R_REUSE_CIPHER_LIST_NOT_ZERO ,"reuse cipher list not zero"},
-{SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED ,"session id context uninitialized"},
-{SSL_R_SHORT_READ ,"short read"},
-{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
-{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
-{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
-{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
-{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
-{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
-{SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED ,"sslv3 alert certificate expired"},
-{SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED ,"sslv3 alert certificate revoked"},
-{SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN ,"sslv3 alert certificate unknown"},
-{SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE ,"sslv3 alert decompression failure"},
-{SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE ,"sslv3 alert handshake failure"},
-{SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER ,"sslv3 alert illegal parameter"},
-{SSL_R_SSLV3_ALERT_NO_CERTIFICATE ,"sslv3 alert no certificate"},
-{SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE,"sslv3 alert peer error certificate"},
-{SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE,"sslv3 alert peer error no certificate"},
-{SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER ,"sslv3 alert peer error no cipher"},
-{SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,"sslv3 alert peer error unsupported certificate type"},
-{SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE ,"sslv3 alert unexpected message"},
-{SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE,"sslv3 alert unknown remote error type"},
-{SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE,"sslv3 alert unsupported certificate"},
-{SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION,"ssl ctx has no default ssl version"},
-{SSL_R_SSL_HANDSHAKE_FAILURE ,"ssl handshake failure"},
-{SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS ,"ssl library has no ciphers"},
-{SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG ,"ssl session id context too long"},
-{SSL_R_SSL_SESSION_ID_IS_DIFFERENT ,"ssl session id is different"},
-{SSL_R_TLSV1_ALERT_ACCESS_DENIED ,"tlsv1 alert access denied"},
-{SSL_R_TLSV1_ALERT_DECODE_ERROR ,"tlsv1 alert decode error"},
-{SSL_R_TLSV1_ALERT_DECRYPTION_FAILED ,"tlsv1 alert decryption failed"},
-{SSL_R_TLSV1_ALERT_DECRYPT_ERROR ,"tlsv1 alert decrypt error"},
-{SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION ,"tlsv1 alert export restriction"},
-{SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY ,"tlsv1 alert insufficient security"},
-{SSL_R_TLSV1_ALERT_INTERNAL_ERROR ,"tlsv1 alert internal error"},
-{SSL_R_TLSV1_ALERT_NO_RENEGOTIATION ,"tlsv1 alert no renegotiation"},
-{SSL_R_TLSV1_ALERT_PROTOCOL_VERSION ,"tlsv1 alert protocol version"},
-{SSL_R_TLSV1_ALERT_RECORD_OVERFLOW ,"tlsv1 alert record overflow"},
-{SSL_R_TLSV1_ALERT_UNKNOWN_CA ,"tlsv1 alert unknown ca"},
-{SSL_R_TLSV1_ALERT_USER_CANCELLED ,"tlsv1 alert user cancelled"},
-{SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER,"tls client cert req with anon cipher"},
-{SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST,"tls peer did not respond with certificate list"},
-{SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG,"tls rsa encrypted value length is wrong"},
-{SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER ,"tried to use unsupported cipher"},
-{SSL_R_UNABLE_TO_DECODE_DH_CERTS ,"unable to decode dh certs"},
-{SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY ,"unable to extract public key"},
-{SSL_R_UNABLE_TO_FIND_DH_PARAMETERS ,"unable to find dh parameters"},
-{SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS,"unable to find public key parameters"},
-{SSL_R_UNABLE_TO_FIND_SSL_METHOD ,"unable to find ssl method"},
-{SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES ,"unable to load ssl2 md5 routines"},
-{SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES ,"unable to load ssl3 md5 routines"},
-{SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES ,"unable to load ssl3 sha1 routines"},
-{SSL_R_UNEXPECTED_MESSAGE ,"unexpected message"},
-{SSL_R_UNEXPECTED_RECORD ,"unexpected record"},
-{SSL_R_UNINITIALIZED ,"uninitialized"},
-{SSL_R_UNKNOWN_ALERT_TYPE ,"unknown alert type"},
-{SSL_R_UNKNOWN_CERTIFICATE_TYPE ,"unknown certificate type"},
-{SSL_R_UNKNOWN_CIPHER_RETURNED ,"unknown cipher returned"},
-{SSL_R_UNKNOWN_CIPHER_TYPE ,"unknown cipher type"},
-{SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE ,"unknown key exchange type"},
-{SSL_R_UNKNOWN_PKEY_TYPE ,"unknown pkey type"},
-{SSL_R_UNKNOWN_PROTOCOL ,"unknown protocol"},
-{SSL_R_UNKNOWN_REMOTE_ERROR_TYPE ,"unknown remote error type"},
-{SSL_R_UNKNOWN_SSL_VERSION ,"unknown ssl version"},
-{SSL_R_UNKNOWN_STATE ,"unknown state"},
-{SSL_R_UNSUPPORTED_CIPHER ,"unsupported cipher"},
-{SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM ,"unsupported compression algorithm"},
-{SSL_R_UNSUPPORTED_OPTION ,"unsupported option"},
-{SSL_R_UNSUPPORTED_PROTOCOL ,"unsupported protocol"},
-{SSL_R_UNSUPPORTED_SSL_VERSION ,"unsupported ssl version"},
-{SSL_R_WRITE_BIO_NOT_SET ,"write bio not set"},
-{SSL_R_WRONG_CIPHER_RETURNED ,"wrong cipher returned"},
-{SSL_R_WRONG_MESSAGE_TYPE ,"wrong message type"},
-{SSL_R_WRONG_NUMBER_OF_KEY_BITS ,"wrong number of key bits"},
-{SSL_R_WRONG_SIGNATURE_LENGTH ,"wrong signature length"},
-{SSL_R_WRONG_SIGNATURE_SIZE ,"wrong signature size"},
-{SSL_R_WRONG_SSL_VERSION ,"wrong ssl version"},
-{SSL_R_WRONG_VERSION_NUMBER ,"wrong version number"},
-{SSL_R_X509_LIB ,"x509 lib"},
-{SSL_R_X509_VERIFICATION_SETUP_PROBLEMS ,"x509 verification setup problems"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_SSL_strings(void)
- {
- static int init=1;
-
- if (init)
- {
- init=0;
-#ifndef NO_ERR
- ERR_load_strings(ERR_LIB_SSL,SSL_str_functs);
- ERR_load_strings(ERR_LIB_SSL,SSL_str_reasons);
-#endif
-
- }
- }
diff --git a/crypto/openssl/ssl/ssl_err2.c b/crypto/openssl/ssl/ssl_err2.c
deleted file mode 100644
index cc089a612b10..000000000000
--- a/crypto/openssl/ssl/ssl_err2.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/* ssl/ssl_err2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-void SSL_load_error_strings(void)
- {
-#ifndef NO_ERR
- ERR_load_crypto_strings();
- ERR_load_SSL_strings();
-#endif
- }
-
diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c
deleted file mode 100644
index 4f84a3476da0..000000000000
--- a/crypto/openssl/ssl/ssl_lib.c
+++ /dev/null
@@ -1,2090 +0,0 @@
-/*! \file ssl/ssl_lib.c
- * \brief Version independent SSL functions.
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-
-#include <assert.h>
-#include <stdio.h>
-#include <openssl/objects.h>
-#include <openssl/lhash.h>
-#include <openssl/x509v3.h>
-#include "ssl_locl.h"
-
-const char *SSL_version_str=OPENSSL_VERSION_TEXT;
-
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_meth=NULL;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_ctx_meth=NULL;
-static int ssl_meth_num=0;
-static int ssl_ctx_meth_num=0;
-
-OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={
- /* evil casts, but these functions are only called if there's a library bug */
- (int (*)(SSL *,int))ssl_undefined_function,
- (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
- ssl_undefined_function,
- (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
- (int (*)(SSL*, int))ssl_undefined_function,
- (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function
- };
-
-int SSL_clear(SSL *s)
- {
-
- if (s->method == NULL)
- {
- SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
- return(0);
- }
-
- if (ssl_clear_bad_session(s))
- {
- SSL_SESSION_free(s->session);
- s->session=NULL;
- }
-
- s->error=0;
- s->hit=0;
- s->shutdown=0;
-
-#if 0 /* Disabled since version 1.10 of this file (early return not
- * needed because SSL_clear is not called when doing renegotiation) */
- /* This is set if we are doing dynamic renegotiation so keep
- * the old cipher. It is sort of a SSL_clear_lite :-) */
- if (s->new_session) return(1);
-#else
- if (s->new_session)
- {
- SSLerr(SSL_F_SSL_CLEAR,SSL_R_INTERNAL_ERROR);
- return 0;
- }
-#endif
-
- s->type=0;
-
- s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
-
- s->version=s->method->version;
- s->client_version=s->version;
- s->rwstate=SSL_NOTHING;
- s->rstate=SSL_ST_READ_HEADER;
-#if 0
- s->read_ahead=s->ctx->read_ahead;
-#endif
-
- if (s->init_buf != NULL)
- {
- BUF_MEM_free(s->init_buf);
- s->init_buf=NULL;
- }
-
- ssl_clear_cipher_ctx(s);
-
- s->first_packet=0;
-
-#if 1
- /* Check to see if we were changed into a different method, if
- * so, revert back if we are not doing session-id reuse. */
- if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
- {
- s->method->ssl_free(s);
- s->method=s->ctx->method;
- if (!s->method->ssl_new(s))
- return(0);
- }
- else
-#endif
- s->method->ssl_clear(s);
- return(1);
- }
-
-/** Used to change an SSL_CTXs default SSL method type */
-int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth)
- {
- STACK_OF(SSL_CIPHER) *sk;
-
- ctx->method=meth;
-
- sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
- &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);
- if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
- {
- SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
- return(0);
- }
- return(1);
- }
-
-SSL *SSL_new(SSL_CTX *ctx)
- {
- SSL *s;
-
- if (ctx == NULL)
- {
- SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);
- return(NULL);
- }
- if (ctx->method == NULL)
- {
- SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
- return(NULL);
- }
-
- s=(SSL *)OPENSSL_malloc(sizeof(SSL));
- if (s == NULL) goto err;
- memset(s,0,sizeof(SSL));
-
- if (ctx->cert != NULL)
- {
- /* Earlier library versions used to copy the pointer to
- * the CERT, not its contents; only when setting new
- * parameters for the per-SSL copy, ssl_cert_new would be
- * called (and the direct reference to the per-SSL_CTX
- * settings would be lost, but those still were indirectly
- * accessed for various purposes, and for that reason they
- * used to be known as s->ctx->default_cert).
- * Now we don't look at the SSL_CTX's CERT after having
- * duplicated it once. */
-
- s->cert = ssl_cert_dup(ctx->cert);
- if (s->cert == NULL)
- goto err;
- }
- else
- s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
- s->sid_ctx_length=ctx->sid_ctx_length;
- memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
- s->verify_mode=ctx->verify_mode;
- s->verify_depth=ctx->verify_depth;
- s->verify_callback=ctx->default_verify_callback;
- s->purpose = ctx->purpose;
- s->trust = ctx->trust;
- CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
- s->ctx=ctx;
-
- s->verify_result=X509_V_OK;
-
- s->method=ctx->method;
-
- if (!s->method->ssl_new(s))
- goto err;
-
- s->quiet_shutdown=ctx->quiet_shutdown;
- s->references=1;
- s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
- s->options=ctx->options;
- s->mode=ctx->mode;
- s->read_ahead=ctx->read_ahead; /* used to happen in SSL_clear */
- SSL_clear(s);
-
- CRYPTO_new_ex_data(ssl_meth,s,&s->ex_data);
-
- return(s);
-err:
- if (s != NULL)
- {
- if (s->cert != NULL)
- ssl_cert_free(s->cert);
- if (s->ctx != NULL)
- SSL_CTX_free(s->ctx); /* decrement reference count */
- OPENSSL_free(s);
- }
- SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
-
-int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
- unsigned int sid_ctx_len)
- {
- if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
- {
- SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
- return 0;
- }
- ctx->sid_ctx_length=sid_ctx_len;
- memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
-
- return 1;
- }
-
-int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
- unsigned int sid_ctx_len)
- {
- if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
- {
- SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
- return 0;
- }
- ssl->sid_ctx_length=sid_ctx_len;
- memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
-
- return 1;
- }
-
-int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
-{
- if(X509_PURPOSE_get_by_id(purpose) == -1) {
- SSLerr(SSL_F_SSL_CTX_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
- return 0;
- }
- s->purpose = purpose;
- return 1;
-}
-
-int SSL_set_purpose(SSL *s, int purpose)
-{
- if(X509_PURPOSE_get_by_id(purpose) == -1) {
- SSLerr(SSL_F_SSL_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
- return 0;
- }
- s->purpose = purpose;
- return 1;
-}
-
-int SSL_CTX_set_trust(SSL_CTX *s, int trust)
-{
- if(X509_TRUST_get_by_id(trust) == -1) {
- SSLerr(SSL_F_SSL_CTX_SET_TRUST, SSL_R_INVALID_TRUST);
- return 0;
- }
- s->trust = trust;
- return 1;
-}
-
-int SSL_set_trust(SSL *s, int trust)
-{
- if(X509_TRUST_get_by_id(trust) == -1) {
- SSLerr(SSL_F_SSL_SET_TRUST, SSL_R_INVALID_TRUST);
- return 0;
- }
- s->trust = trust;
- return 1;
-}
-
-void SSL_free(SSL *s)
- {
- int i;
-
- if(s == NULL)
- return;
-
- i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
-#ifdef REF_PRINT
- REF_PRINT("SSL",s);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"SSL_free, bad reference count\n");
- abort(); /* ok */
- }
-#endif
-
- CRYPTO_free_ex_data(ssl_meth,(char *)s,&s->ex_data);
-
- if (s->bbio != NULL)
- {
- /* If the buffering BIO is in place, pop it off */
- if (s->bbio == s->wbio)
- {
- s->wbio=BIO_pop(s->wbio);
- }
- BIO_free(s->bbio);
- s->bbio=NULL;
- }
- if (s->rbio != NULL)
- BIO_free_all(s->rbio);
- if ((s->wbio != NULL) && (s->wbio != s->rbio))
- BIO_free_all(s->wbio);
-
- if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
-
- /* add extra stuff */
- if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
- if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
-
- /* Make the next call work :-) */
- if (s->session != NULL)
- {
- ssl_clear_bad_session(s);
- SSL_SESSION_free(s->session);
- }
-
- ssl_clear_cipher_ctx(s);
-
- if (s->cert != NULL) ssl_cert_free(s->cert);
- /* Free up if allocated */
-
- if (s->ctx) SSL_CTX_free(s->ctx);
-
- if (s->client_CA != NULL)
- sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
-
- if (s->method != NULL) s->method->ssl_free(s);
-
- OPENSSL_free(s);
- }
-
-void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
- {
- /* If the output buffering BIO is still in place, remove it
- */
- if (s->bbio != NULL)
- {
- if (s->wbio == s->bbio)
- {
- s->wbio=s->wbio->next_bio;
- s->bbio->next_bio=NULL;
- }
- }
- if ((s->rbio != NULL) && (s->rbio != rbio))
- BIO_free_all(s->rbio);
- if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
- BIO_free_all(s->wbio);
- s->rbio=rbio;
- s->wbio=wbio;
- }
-
-BIO *SSL_get_rbio(SSL *s)
- { return(s->rbio); }
-
-BIO *SSL_get_wbio(SSL *s)
- { return(s->wbio); }
-
-int SSL_get_fd(SSL *s)
- {
- return(SSL_get_rfd(s));
- }
-
-int SSL_get_rfd(SSL *s)
- {
- int ret= -1;
- BIO *b,*r;
-
- b=SSL_get_rbio(s);
- r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
- if (r != NULL)
- BIO_get_fd(r,&ret);
- return(ret);
- }
-
-int SSL_get_wfd(SSL *s)
- {
- int ret= -1;
- BIO *b,*r;
-
- b=SSL_get_wbio(s);
- r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
- if (r != NULL)
- BIO_get_fd(r,&ret);
- return(ret);
- }
-
-#ifndef NO_SOCK
-int SSL_set_fd(SSL *s,int fd)
- {
- int ret=0;
- BIO *bio=NULL;
-
- bio=BIO_new(BIO_s_socket());
-
- if (bio == NULL)
- {
- SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
- goto err;
- }
- BIO_set_fd(bio,fd,BIO_NOCLOSE);
- SSL_set_bio(s,bio,bio);
- ret=1;
-err:
- return(ret);
- }
-
-int SSL_set_wfd(SSL *s,int fd)
- {
- int ret=0;
- BIO *bio=NULL;
-
- if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
- || ((int)BIO_get_fd(s->rbio,NULL) != fd))
- {
- bio=BIO_new(BIO_s_socket());
-
- if (bio == NULL)
- { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
- BIO_set_fd(bio,fd,BIO_NOCLOSE);
- SSL_set_bio(s,SSL_get_rbio(s),bio);
- }
- else
- SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
- ret=1;
-err:
- return(ret);
- }
-
-int SSL_set_rfd(SSL *s,int fd)
- {
- int ret=0;
- BIO *bio=NULL;
-
- if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
- || ((int)BIO_get_fd(s->wbio,NULL) != fd))
- {
- bio=BIO_new(BIO_s_socket());
-
- if (bio == NULL)
- {
- SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
- goto err;
- }
- BIO_set_fd(bio,fd,BIO_NOCLOSE);
- SSL_set_bio(s,bio,SSL_get_wbio(s));
- }
- else
- SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
- ret=1;
-err:
- return(ret);
- }
-#endif
-
-
-/* return length of latest Finished message we sent, copy to 'buf' */
-size_t SSL_get_finished(SSL *s, void *buf, size_t count)
- {
- size_t ret = 0;
-
- if (s->s3 != NULL)
- {
- ret = s->s3->tmp.finish_md_len;
- if (count > ret)
- count = ret;
- memcpy(buf, s->s3->tmp.finish_md, count);
- }
- return ret;
- }
-
-/* return length of latest Finished message we expected, copy to 'buf' */
-size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count)
- {
- size_t ret = 0;
-
- if (s->s3 != NULL)
- {
- ret = s->s3->tmp.peer_finish_md_len;
- if (count > ret)
- count = ret;
- memcpy(buf, s->s3->tmp.peer_finish_md, count);
- }
- return ret;
- }
-
-
-int SSL_get_verify_mode(SSL *s)
- {
- return(s->verify_mode);
- }
-
-int SSL_get_verify_depth(SSL *s)
- {
- return(s->verify_depth);
- }
-
-int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *)
- {
- return(s->verify_callback);
- }
-
-int SSL_CTX_get_verify_mode(SSL_CTX *ctx)
- {
- return(ctx->verify_mode);
- }
-
-int SSL_CTX_get_verify_depth(SSL_CTX *ctx)
- {
- return(ctx->verify_depth);
- }
-
-int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *)
- {
- return(ctx->default_verify_callback);
- }
-
-void SSL_set_verify(SSL *s,int mode,
- int (*callback)(int ok,X509_STORE_CTX *ctx))
- {
- s->verify_mode=mode;
- if (callback != NULL)
- s->verify_callback=callback;
- }
-
-void SSL_set_verify_depth(SSL *s,int depth)
- {
- s->verify_depth=depth;
- }
-
-void SSL_set_read_ahead(SSL *s,int yes)
- {
- s->read_ahead=yes;
- }
-
-int SSL_get_read_ahead(SSL *s)
- {
- return(s->read_ahead);
- }
-
-int SSL_pending(SSL *s)
- {
- return(s->method->ssl_pending(s));
- }
-
-X509 *SSL_get_peer_certificate(SSL *s)
- {
- X509 *r;
-
- if ((s == NULL) || (s->session == NULL))
- r=NULL;
- else
- r=s->session->peer;
-
- if (r == NULL) return(r);
-
- CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);
-
- return(r);
- }
-
-STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s)
- {
- STACK_OF(X509) *r;
-
- if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
- r=NULL;
- else
- r=s->session->sess_cert->cert_chain;
-
- /* If we are a client, cert_chain includes the peer's own
- * certificate; if we are a server, it does not. */
-
- return(r);
- }
-
-/* Now in theory, since the calling process own 't' it should be safe to
- * modify. We need to be able to read f without being hassled */
-void SSL_copy_session_id(SSL *t,SSL *f)
- {
- CERT *tmp;
-
- /* Do we need to to SSL locking? */
- SSL_set_session(t,SSL_get_session(f));
-
- /* what if we are setup as SSLv2 but want to talk SSLv3 or
- * vice-versa */
- if (t->method != f->method)
- {
- t->method->ssl_free(t); /* cleanup current */
- t->method=f->method; /* change method */
- t->method->ssl_new(t); /* setup new */
- }
-
- tmp=t->cert;
- if (f->cert != NULL)
- {
- CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
- t->cert=f->cert;
- }
- else
- t->cert=NULL;
- if (tmp != NULL) ssl_cert_free(tmp);
- SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
- }
-
-/* Fix this so it checks all the valid key/cert options */
-int SSL_CTX_check_private_key(SSL_CTX *ctx)
- {
- if ( (ctx == NULL) ||
- (ctx->cert == NULL) ||
- (ctx->cert->key->x509 == NULL))
- {
- SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
- return(0);
- }
- if (ctx->cert->key->privatekey == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
- return(0);
- }
- return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
- }
-
-/* Fix this function so that it takes an optional type parameter */
-int SSL_check_private_key(SSL *ssl)
- {
- if (ssl == NULL)
- {
- SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (ssl->cert == NULL)
- {
- SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
- return 0;
- }
- if (ssl->cert->key->x509 == NULL)
- {
- SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
- return(0);
- }
- if (ssl->cert->key->privatekey == NULL)
- {
- SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
- return(0);
- }
- return(X509_check_private_key(ssl->cert->key->x509,
- ssl->cert->key->privatekey));
- }
-
-int SSL_accept(SSL *s)
- {
- if (s->handshake_func == 0)
- /* Not properly initialized yet */
- SSL_set_accept_state(s);
-
- return(s->method->ssl_accept(s));
- }
-
-int SSL_connect(SSL *s)
- {
- if (s->handshake_func == 0)
- /* Not properly initialized yet */
- SSL_set_connect_state(s);
-
- return(s->method->ssl_connect(s));
- }
-
-long SSL_get_default_timeout(SSL *s)
- {
- return(s->method->get_timeout());
- }
-
-int SSL_read(SSL *s,void *buf,int num)
- {
- if (s->handshake_func == 0)
- {
- SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
- return -1;
- }
-
- if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
- {
- s->rwstate=SSL_NOTHING;
- return(0);
- }
- return(s->method->ssl_read(s,buf,num));
- }
-
-int SSL_peek(SSL *s,void *buf,int num)
- {
- if (s->handshake_func == 0)
- {
- SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
- return -1;
- }
-
- if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
- {
- return(0);
- }
- return(s->method->ssl_peek(s,buf,num));
- }
-
-int SSL_write(SSL *s,const void *buf,int num)
- {
- if (s->handshake_func == 0)
- {
- SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
- return -1;
- }
-
- if (s->shutdown & SSL_SENT_SHUTDOWN)
- {
- s->rwstate=SSL_NOTHING;
- SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN);
- return(-1);
- }
- return(s->method->ssl_write(s,buf,num));
- }
-
-int SSL_shutdown(SSL *s)
- {
- /* Note that this function behaves differently from what one might
- * expect. Return values are 0 for no success (yet),
- * 1 for success; but calling it once is usually not enough,
- * even if blocking I/O is used (see ssl3_shutdown).
- */
-
- if (s->handshake_func == 0)
- {
- SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
- return -1;
- }
-
- if ((s != NULL) && !SSL_in_init(s))
- return(s->method->ssl_shutdown(s));
- else
- return(1);
- }
-
-int SSL_renegotiate(SSL *s)
- {
- if (s->new_session == 0)
- {
- s->new_session=1;
- }
- return(s->method->ssl_renegotiate(s));
- }
-
-long SSL_ctrl(SSL *s,int cmd,long larg,char *parg)
- {
- long l;
-
- switch (cmd)
- {
- case SSL_CTRL_GET_READ_AHEAD:
- return(s->read_ahead);
- case SSL_CTRL_SET_READ_AHEAD:
- l=s->read_ahead;
- s->read_ahead=larg;
- return(l);
- case SSL_CTRL_OPTIONS:
- return(s->options|=larg);
- case SSL_CTRL_MODE:
- return(s->mode|=larg);
- default:
- return(s->method->ssl_ctrl(s,cmd,larg,parg));
- }
- }
-
-long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)())
- {
- switch(cmd)
- {
- default:
- return(s->method->ssl_callback_ctrl(s,cmd,fp));
- }
- }
-
-struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx)
- {
- return ctx->sessions;
- }
-
-long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,char *parg)
- {
- long l;
-
- switch (cmd)
- {
- case SSL_CTRL_GET_READ_AHEAD:
- return(ctx->read_ahead);
- case SSL_CTRL_SET_READ_AHEAD:
- l=ctx->read_ahead;
- ctx->read_ahead=larg;
- return(l);
-
- case SSL_CTRL_SET_SESS_CACHE_SIZE:
- l=ctx->session_cache_size;
- ctx->session_cache_size=larg;
- return(l);
- case SSL_CTRL_GET_SESS_CACHE_SIZE:
- return(ctx->session_cache_size);
- case SSL_CTRL_SET_SESS_CACHE_MODE:
- l=ctx->session_cache_mode;
- ctx->session_cache_mode=larg;
- return(l);
- case SSL_CTRL_GET_SESS_CACHE_MODE:
- return(ctx->session_cache_mode);
-
- case SSL_CTRL_SESS_NUMBER:
- return(ctx->sessions->num_items);
- case SSL_CTRL_SESS_CONNECT:
- return(ctx->stats.sess_connect);
- case SSL_CTRL_SESS_CONNECT_GOOD:
- return(ctx->stats.sess_connect_good);
- case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
- return(ctx->stats.sess_connect_renegotiate);
- case SSL_CTRL_SESS_ACCEPT:
- return(ctx->stats.sess_accept);
- case SSL_CTRL_SESS_ACCEPT_GOOD:
- return(ctx->stats.sess_accept_good);
- case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
- return(ctx->stats.sess_accept_renegotiate);
- case SSL_CTRL_SESS_HIT:
- return(ctx->stats.sess_hit);
- case SSL_CTRL_SESS_CB_HIT:
- return(ctx->stats.sess_cb_hit);
- case SSL_CTRL_SESS_MISSES:
- return(ctx->stats.sess_miss);
- case SSL_CTRL_SESS_TIMEOUTS:
- return(ctx->stats.sess_timeout);
- case SSL_CTRL_SESS_CACHE_FULL:
- return(ctx->stats.sess_cache_full);
- case SSL_CTRL_OPTIONS:
- return(ctx->options|=larg);
- case SSL_CTRL_MODE:
- return(ctx->mode|=larg);
- default:
- return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
- }
- }
-
-long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
- {
- switch(cmd)
- {
- default:
- return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp));
- }
- }
-
-int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
- {
- long l;
-
- l=a->id-b->id;
- if (l == 0L)
- return(0);
- else
- return((l > 0)?1:-1);
- }
-
-int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
- const SSL_CIPHER * const *bp)
- {
- long l;
-
- l=(*ap)->id-(*bp)->id;
- if (l == 0L)
- return(0);
- else
- return((l > 0)?1:-1);
- }
-
-/** return a STACK of the ciphers available for the SSL and in order of
- * preference */
-STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s)
- {
- if ((s != NULL) && (s->cipher_list != NULL))
- {
- return(s->cipher_list);
- }
- else if ((s->ctx != NULL) &&
- (s->ctx->cipher_list != NULL))
- {
- return(s->ctx->cipher_list);
- }
- return(NULL);
- }
-
-/** return a STACK of the ciphers available for the SSL and in order of
- * algorithm id */
-STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
- {
- if ((s != NULL) && (s->cipher_list_by_id != NULL))
- {
- return(s->cipher_list_by_id);
- }
- else if ((s != NULL) && (s->ctx != NULL) &&
- (s->ctx->cipher_list_by_id != NULL))
- {
- return(s->ctx->cipher_list_by_id);
- }
- return(NULL);
- }
-
-/** The old interface to get the same thing as SSL_get_ciphers() */
-const char *SSL_get_cipher_list(SSL *s,int n)
- {
- SSL_CIPHER *c;
- STACK_OF(SSL_CIPHER) *sk;
-
- if (s == NULL) return(NULL);
- sk=SSL_get_ciphers(s);
- if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
- return(NULL);
- c=sk_SSL_CIPHER_value(sk,n);
- if (c == NULL) return(NULL);
- return(c->name);
- }
-
-/** specify the ciphers to be used by default by the SSL_CTX */
-int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
- {
- STACK_OF(SSL_CIPHER) *sk;
-
- sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
- &ctx->cipher_list_by_id,str);
-/* XXXX */
- return((sk == NULL)?0:1);
- }
-
-/** specify the ciphers to be used by the SSL */
-int SSL_set_cipher_list(SSL *s,const char *str)
- {
- STACK_OF(SSL_CIPHER) *sk;
-
- sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
- &s->cipher_list_by_id,str);
-/* XXXX */
- return((sk == NULL)?0:1);
- }
-
-/* works well for SSLv2, not so good for SSLv3 */
-char *SSL_get_shared_ciphers(SSL *s,char *buf,int len)
- {
- char *p;
- const char *cp;
- STACK_OF(SSL_CIPHER) *sk;
- SSL_CIPHER *c;
- int i;
-
- if ((s->session == NULL) || (s->session->ciphers == NULL) ||
- (len < 2))
- return(NULL);
-
- p=buf;
- sk=s->session->ciphers;
- for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
- {
- /* Decrement for either the ':' or a '\0' */
- len--;
- c=sk_SSL_CIPHER_value(sk,i);
- for (cp=c->name; *cp; )
- {
- if (len-- == 0)
- {
- *p='\0';
- return(buf);
- }
- else
- *(p++)= *(cp++);
- }
- *(p++)=':';
- }
- p[-1]='\0';
- return(buf);
- }
-
-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
- {
- int i,j=0;
- SSL_CIPHER *c;
- unsigned char *q;
-
- if (sk == NULL) return(0);
- q=p;
-
- for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
- {
- c=sk_SSL_CIPHER_value(sk,i);
- j=ssl_put_cipher_by_char(s,c,p);
- p+=j;
- }
- return(p-q);
- }
-
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
- STACK_OF(SSL_CIPHER) **skp)
- {
- SSL_CIPHER *c;
- STACK_OF(SSL_CIPHER) *sk;
- int i,n;
-
- n=ssl_put_cipher_by_char(s,NULL,NULL);
- if ((num%n) != 0)
- {
- SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
- return(NULL);
- }
- if ((skp == NULL) || (*skp == NULL))
- sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
- else
- {
- sk= *skp;
- sk_SSL_CIPHER_zero(sk);
- }
-
- for (i=0; i<num; i+=n)
- {
- c=ssl_get_cipher_by_char(s,p);
- p+=n;
- if (c != NULL)
- {
- if (!sk_SSL_CIPHER_push(sk,c))
- {
- SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- }
-
- if (skp != NULL)
- *skp=sk;
- return(sk);
-err:
- if ((skp == NULL) || (*skp == NULL))
- sk_SSL_CIPHER_free(sk);
- return(NULL);
- }
-
-unsigned long SSL_SESSION_hash(SSL_SESSION *a)
- {
- unsigned long l;
-
- l=(unsigned long)
- ((unsigned int) a->session_id[0] )|
- ((unsigned int) a->session_id[1]<< 8L)|
- ((unsigned long)a->session_id[2]<<16L)|
- ((unsigned long)a->session_id[3]<<24L);
- return(l);
- }
-
-int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b)
- {
- if (a->ssl_version != b->ssl_version)
- return(1);
- if (a->session_id_length != b->session_id_length)
- return(1);
- return(memcmp(a->session_id,b->session_id,a->session_id_length));
- }
-
-SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
- {
- SSL_CTX *ret=NULL;
-
- if (meth == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
- return(NULL);
- }
-
- if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
- {
- SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
- goto err;
- }
- ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
- if (ret == NULL)
- goto err;
-
- memset(ret,0,sizeof(SSL_CTX));
-
- ret->method=meth;
-
- ret->cert_store=NULL;
- ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
- ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
- ret->session_cache_head=NULL;
- ret->session_cache_tail=NULL;
-
- /* We take the system default */
- ret->session_timeout=meth->get_timeout();
-
- ret->new_session_cb=NULL;
- ret->remove_session_cb=NULL;
- ret->get_session_cb=NULL;
-
- memset((char *)&ret->stats,0,sizeof(ret->stats));
-
- ret->references=1;
- ret->quiet_shutdown=0;
-
-/* ret->cipher=NULL;*/
-/* ret->s2->challenge=NULL;
- ret->master_key=NULL;
- ret->key_arg=NULL;
- ret->s2->conn_id=NULL; */
-
- ret->info_callback=NULL;
-
- ret->app_verify_callback=NULL;
- ret->app_verify_arg=NULL;
-
- ret->read_ahead=0;
- ret->verify_mode=SSL_VERIFY_NONE;
- ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
- ret->default_verify_callback=NULL;
- if ((ret->cert=ssl_cert_new()) == NULL)
- goto err;
-
- ret->default_passwd_callback=NULL;
- ret->default_passwd_callback_userdata=NULL;
- ret->client_cert_cb=NULL;
-
- ret->sessions=lh_new(SSL_SESSION_hash,SSL_SESSION_cmp);
- if (ret->sessions == NULL) goto err;
- ret->cert_store=X509_STORE_new();
- if (ret->cert_store == NULL) goto err;
-
- ssl_create_cipher_list(ret->method,
- &ret->cipher_list,&ret->cipher_list_by_id,
- SSL_DEFAULT_CIPHER_LIST);
- if (ret->cipher_list == NULL
- || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
- {
- SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
- goto err2;
- }
-
- if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
- goto err2;
- }
- if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
- goto err2;
- }
- if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
- goto err2;
- }
-
- if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
- goto err;
-
- CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data);
-
- ret->extra_certs=NULL;
- ret->comp_methods=SSL_COMP_get_compression_methods();
-
- return(ret);
-err:
- SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
-err2:
- if (ret != NULL) SSL_CTX_free(ret);
- return(NULL);
- }
-
-static void SSL_COMP_free(SSL_COMP *comp)
- { OPENSSL_free(comp); }
-
-void SSL_CTX_free(SSL_CTX *a)
- {
- int i;
-
- if (a == NULL) return;
-
- i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);
-#ifdef REF_PRINT
- REF_PRINT("SSL_CTX",a);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"SSL_CTX_free, bad reference count\n");
- abort(); /* ok */
- }
-#endif
- CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
-
- if (a->sessions != NULL)
- {
- SSL_CTX_flush_sessions(a,0);
- lh_free(a->sessions);
- }
- if (a->cert_store != NULL)
- X509_STORE_free(a->cert_store);
- if (a->cipher_list != NULL)
- sk_SSL_CIPHER_free(a->cipher_list);
- if (a->cipher_list_by_id != NULL)
- sk_SSL_CIPHER_free(a->cipher_list_by_id);
- if (a->cert != NULL)
- ssl_cert_free(a->cert);
- if (a->client_CA != NULL)
- sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
- if (a->extra_certs != NULL)
- sk_X509_pop_free(a->extra_certs,X509_free);
- if (a->comp_methods != NULL)
- sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
- OPENSSL_free(a);
- }
-
-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
- {
- ctx->default_passwd_callback=cb;
- }
-
-void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
- {
- ctx->default_passwd_callback_userdata=u;
- }
-
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,int (*cb)(),char *arg)
- {
- /* now
- * int (*cb)(X509_STORE_CTX *),
- * but should be
- * int (*cb)(X509_STORE_CTX *, void *arg)
- */
- ctx->app_verify_callback=cb;
- ctx->app_verify_arg=arg; /* never used */
- }
-
-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
- {
- ctx->verify_mode=mode;
- ctx->default_verify_callback=cb;
- }
-
-void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
- {
- ctx->verify_depth=depth;
- }
-
-void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
- {
- CERT_PKEY *cpk;
- int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
- int rsa_enc_export,dh_rsa_export,dh_dsa_export;
- int rsa_tmp_export,dh_tmp_export,kl;
- unsigned long mask,emask;
-
- if (c == NULL) return;
-
- kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
-
-#ifndef NO_RSA
- rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
- rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
- (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
-#else
- rsa_tmp=rsa_tmp_export=0;
-#endif
-#ifndef NO_DH
- dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
- dh_tmp_export=(c->dh_tmp_cb != NULL ||
- (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
-#else
- dh_tmp=dh_tmp_export=0;
-#endif
-
- cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
- rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
- rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
- cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
- rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
- cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
- dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
- cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
- dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
- dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
- cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
-/* FIX THIS EAY EAY EAY */
- dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
- dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
-
- mask=0;
- emask=0;
-
-#ifdef CIPHER_DEBUG
- printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
- rsa_tmp,rsa_tmp_export,dh_tmp,
- rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
-#endif
-
- if (rsa_enc || (rsa_tmp && rsa_sign))
- mask|=SSL_kRSA;
- if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
- emask|=SSL_kRSA;
-
-#if 0
- /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
- if ( (dh_tmp || dh_rsa || dh_dsa) &&
- (rsa_enc || rsa_sign || dsa_sign))
- mask|=SSL_kEDH;
- if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
- (rsa_enc || rsa_sign || dsa_sign))
- emask|=SSL_kEDH;
-#endif
-
- if (dh_tmp_export)
- emask|=SSL_kEDH;
-
- if (dh_tmp)
- mask|=SSL_kEDH;
-
- if (dh_rsa) mask|=SSL_kDHr;
- if (dh_rsa_export) emask|=SSL_kDHr;
-
- if (dh_dsa) mask|=SSL_kDHd;
- if (dh_dsa_export) emask|=SSL_kDHd;
-
- if (rsa_enc || rsa_sign)
- {
- mask|=SSL_aRSA;
- emask|=SSL_aRSA;
- }
-
- if (dsa_sign)
- {
- mask|=SSL_aDSS;
- emask|=SSL_aDSS;
- }
-
- mask|=SSL_aNULL;
- emask|=SSL_aNULL;
-
- c->mask=mask;
- c->export_mask=emask;
- c->valid=1;
- }
-
-/* THIS NEEDS CLEANING UP */
-X509 *ssl_get_server_send_cert(SSL *s)
- {
- unsigned long alg,mask,kalg;
- CERT *c;
- int i,is_export;
-
- c=s->cert;
- ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
- alg=s->s3->tmp.new_cipher->algorithms;
- is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
- mask=is_export?c->export_mask:c->mask;
- kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
-
- if (kalg & SSL_kDHr)
- i=SSL_PKEY_DH_RSA;
- else if (kalg & SSL_kDHd)
- i=SSL_PKEY_DH_DSA;
- else if (kalg & SSL_aDSS)
- i=SSL_PKEY_DSA_SIGN;
- else if (kalg & SSL_aRSA)
- {
- if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
- i=SSL_PKEY_RSA_SIGN;
- else
- i=SSL_PKEY_RSA_ENC;
- }
- else /* if (kalg & SSL_aNULL) */
- {
- SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,SSL_R_INTERNAL_ERROR);
- return(NULL);
- }
- if (c->pkeys[i].x509 == NULL) return(NULL);
- return(c->pkeys[i].x509);
- }
-
-EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
- {
- unsigned long alg;
- CERT *c;
-
- alg=cipher->algorithms;
- c=s->cert;
-
- if ((alg & SSL_aDSS) &&
- (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
- return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);
- else if (alg & SSL_aRSA)
- {
- if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
- return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);
- else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
- return(c->pkeys[SSL_PKEY_RSA_ENC].privatekey);
- else
- return(NULL);
- }
- else /* if (alg & SSL_aNULL) */
- {
- SSLerr(SSL_F_SSL_GET_SIGN_PKEY,SSL_R_INTERNAL_ERROR);
- return(NULL);
- }
- }
-
-void ssl_update_cache(SSL *s,int mode)
- {
- int i;
-
- /* If the session_id_length is 0, we are not supposed to cache it,
- * and it would be rather hard to do anyway :-) */
- if (s->session->session_id_length == 0) return;
-
- i=s->ctx->session_cache_mode;
- if ((i & mode) && (!s->hit)
- && ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)
- || SSL_CTX_add_session(s->ctx,s->session))
- && (s->ctx->new_session_cb != NULL))
- {
- CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
- if (!s->ctx->new_session_cb(s,s->session))
- SSL_SESSION_free(s->session);
- }
-
- /* auto flush every 255 connections */
- if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
- ((i & mode) == mode))
- {
- if ( (((mode & SSL_SESS_CACHE_CLIENT)
- ?s->ctx->stats.sess_connect_good
- :s->ctx->stats.sess_accept_good) & 0xff) == 0xff)
- {
- SSL_CTX_flush_sessions(s->ctx,time(NULL));
- }
- }
- }
-
-SSL_METHOD *SSL_get_ssl_method(SSL *s)
- {
- return(s->method);
- }
-
-int SSL_set_ssl_method(SSL *s,SSL_METHOD *meth)
- {
- int conn= -1;
- int ret=1;
-
- if (s->method != meth)
- {
- if (s->handshake_func != NULL)
- conn=(s->handshake_func == s->method->ssl_connect);
-
- if (s->method->version == meth->version)
- s->method=meth;
- else
- {
- s->method->ssl_free(s);
- s->method=meth;
- ret=s->method->ssl_new(s);
- }
-
- if (conn == 1)
- s->handshake_func=meth->ssl_connect;
- else if (conn == 0)
- s->handshake_func=meth->ssl_accept;
- }
- return(ret);
- }
-
-int SSL_get_error(SSL *s,int i)
- {
- int reason;
- unsigned long l;
- BIO *bio;
-
- if (i > 0) return(SSL_ERROR_NONE);
-
- /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
- * etc, where we do encode the error */
- if ((l=ERR_peek_error()) != 0)
- {
- if (ERR_GET_LIB(l) == ERR_LIB_SYS)
- return(SSL_ERROR_SYSCALL);
- else
- return(SSL_ERROR_SSL);
- }
-
- if ((i < 0) && SSL_want_read(s))
- {
- bio=SSL_get_rbio(s);
- if (BIO_should_read(bio))
- return(SSL_ERROR_WANT_READ);
- else if (BIO_should_write(bio))
- /* This one doesn't make too much sense ... We never try
- * to write to the rbio, and an application program where
- * rbio and wbio are separate couldn't even know what it
- * should wait for.
- * However if we ever set s->rwstate incorrectly
- * (so that we have SSL_want_read(s) instead of
- * SSL_want_write(s)) and rbio and wbio *are* the same,
- * this test works around that bug; so it might be safer
- * to keep it. */
- return(SSL_ERROR_WANT_WRITE);
- else if (BIO_should_io_special(bio))
- {
- reason=BIO_get_retry_reason(bio);
- if (reason == BIO_RR_CONNECT)
- return(SSL_ERROR_WANT_CONNECT);
- else
- return(SSL_ERROR_SYSCALL); /* unknown */
- }
- }
-
- if ((i < 0) && SSL_want_write(s))
- {
- bio=SSL_get_wbio(s);
- if (BIO_should_write(bio))
- return(SSL_ERROR_WANT_WRITE);
- else if (BIO_should_read(bio))
- /* See above (SSL_want_read(s) with BIO_should_write(bio)) */
- return(SSL_ERROR_WANT_READ);
- else if (BIO_should_io_special(bio))
- {
- reason=BIO_get_retry_reason(bio);
- if (reason == BIO_RR_CONNECT)
- return(SSL_ERROR_WANT_CONNECT);
- else
- return(SSL_ERROR_SYSCALL);
- }
- }
- if ((i < 0) && SSL_want_x509_lookup(s))
- {
- return(SSL_ERROR_WANT_X509_LOOKUP);
- }
-
- if (i == 0)
- {
- if (s->version == SSL2_VERSION)
- {
- /* assume it is the socket being closed */
- return(SSL_ERROR_ZERO_RETURN);
- }
- else
- {
- if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
- (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
- return(SSL_ERROR_ZERO_RETURN);
- }
- }
- return(SSL_ERROR_SYSCALL);
- }
-
-int SSL_do_handshake(SSL *s)
- {
- int ret=1;
-
- if (s->handshake_func == NULL)
- {
- SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
- return(-1);
- }
-
- s->method->ssl_renegotiate_check(s);
-
- if (SSL_in_init(s) || SSL_in_before(s))
- {
- ret=s->handshake_func(s);
- }
- return(ret);
- }
-
-/* For the next 2 functions, SSL_clear() sets shutdown and so
- * one of these calls will reset it */
-void SSL_set_accept_state(SSL *s)
- {
- s->server=1;
- s->shutdown=0;
- s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
- s->handshake_func=s->method->ssl_accept;
- /* clear the current cipher */
- ssl_clear_cipher_ctx(s);
- }
-
-void SSL_set_connect_state(SSL *s)
- {
- s->server=0;
- s->shutdown=0;
- s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
- s->handshake_func=s->method->ssl_connect;
- /* clear the current cipher */
- ssl_clear_cipher_ctx(s);
- }
-
-int ssl_undefined_function(SSL *s)
- {
- SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(0);
- }
-
-SSL_METHOD *ssl_bad_method(int ver)
- {
- SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(NULL);
- }
-
-const char *SSL_get_version(SSL *s)
- {
- if (s->version == TLS1_VERSION)
- return("TLSv1");
- else if (s->version == SSL3_VERSION)
- return("SSLv3");
- else if (s->version == SSL2_VERSION)
- return("SSLv2");
- else
- return("unknown");
- }
-
-SSL *SSL_dup(SSL *s)
- {
- STACK_OF(X509_NAME) *sk;
- X509_NAME *xn;
- SSL *ret;
- int i;
-
- if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
- return(NULL);
-
- if (s->session != NULL)
- {
- /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
- SSL_copy_session_id(ret,s);
- }
- else
- {
- /* No session has been established yet, so we have to expect
- * that s->cert or ret->cert will be changed later --
- * they should not both point to the same object,
- * and thus we can't use SSL_copy_session_id. */
-
- ret->method = s->method;
- ret->method->ssl_new(ret);
-
- if (s->cert != NULL)
- {
- if (ret->cert != NULL)
- {
- ssl_cert_free(ret->cert);
- }
- ret->cert = ssl_cert_dup(s->cert);
- if (ret->cert == NULL)
- goto err;
- }
-
- SSL_set_session_id_context(ret,
- s->sid_ctx, s->sid_ctx_length);
- }
-
- SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
- SSL_set_verify(ret,SSL_get_verify_mode(s),
- SSL_get_verify_callback(s));
- SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
-
- SSL_set_info_callback(ret,SSL_get_info_callback(s));
-
- ret->debug=s->debug;
- ret->options=s->options;
-
- /* copy app data, a little dangerous perhaps */
- if (!CRYPTO_dup_ex_data(ssl_meth,&ret->ex_data,&s->ex_data))
- goto err;
-
- /* setup rbio, and wbio */
- if (s->rbio != NULL)
- {
- if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
- goto err;
- }
- if (s->wbio != NULL)
- {
- if (s->wbio != s->rbio)
- {
- if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
- goto err;
- }
- else
- ret->wbio=ret->rbio;
- }
-
- /* dup the cipher_list and cipher_list_by_id stacks */
- if (s->cipher_list != NULL)
- {
- if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
- goto err;
- }
- if (s->cipher_list_by_id != NULL)
- if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id))
- == NULL)
- goto err;
-
- /* Dup the client_CA list */
- if (s->client_CA != NULL)
- {
- if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
- ret->client_CA=sk;
- for (i=0; i<sk_X509_NAME_num(sk); i++)
- {
- xn=sk_X509_NAME_value(sk,i);
- if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL)
- {
- X509_NAME_free(xn);
- goto err;
- }
- }
- }
-
- ret->shutdown=s->shutdown;
- ret->state=s->state;
- ret->handshake_func=s->handshake_func;
- ret->server=s->server;
-
- if (0)
- {
-err:
- if (ret != NULL) SSL_free(ret);
- ret=NULL;
- }
- return(ret);
- }
-
-void ssl_clear_cipher_ctx(SSL *s)
- {
- if (s->enc_read_ctx != NULL)
- {
- EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
- OPENSSL_free(s->enc_read_ctx);
- s->enc_read_ctx=NULL;
- }
- if (s->enc_write_ctx != NULL)
- {
- EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
- OPENSSL_free(s->enc_write_ctx);
- s->enc_write_ctx=NULL;
- }
- if (s->expand != NULL)
- {
- COMP_CTX_free(s->expand);
- s->expand=NULL;
- }
- if (s->compress != NULL)
- {
- COMP_CTX_free(s->compress);
- s->compress=NULL;
- }
- }
-
-/* Fix this function so that it takes an optional type parameter */
-X509 *SSL_get_certificate(SSL *s)
- {
- if (s->cert != NULL)
- return(s->cert->key->x509);
- else
- return(NULL);
- }
-
-/* Fix this function so that it takes an optional type parameter */
-EVP_PKEY *SSL_get_privatekey(SSL *s)
- {
- if (s->cert != NULL)
- return(s->cert->key->privatekey);
- else
- return(NULL);
- }
-
-SSL_CIPHER *SSL_get_current_cipher(SSL *s)
- {
- if ((s->session != NULL) && (s->session->cipher != NULL))
- return(s->session->cipher);
- return(NULL);
- }
-
-int ssl_init_wbio_buffer(SSL *s,int push)
- {
- BIO *bbio;
-
- if (s->bbio == NULL)
- {
- bbio=BIO_new(BIO_f_buffer());
- if (bbio == NULL) return(0);
- s->bbio=bbio;
- }
- else
- {
- bbio=s->bbio;
- if (s->bbio == s->wbio)
- s->wbio=BIO_pop(s->wbio);
- }
- (void)BIO_reset(bbio);
-/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
- if (!BIO_set_read_buffer_size(bbio,1))
- {
- SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB);
- return(0);
- }
- if (push)
- {
- if (s->wbio != bbio)
- s->wbio=BIO_push(bbio,s->wbio);
- }
- else
- {
- if (s->wbio == bbio)
- s->wbio=BIO_pop(bbio);
- }
- return(1);
- }
-
-void ssl_free_wbio_buffer(SSL *s)
- {
- if (s->bbio == NULL) return;
-
- if (s->bbio == s->wbio)
- {
- /* remove buffering */
- s->wbio=BIO_pop(s->wbio);
-#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
- assert(s->wbio != NULL);
-#endif
- }
- BIO_free(s->bbio);
- s->bbio=NULL;
- }
-
-void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
- {
- ctx->quiet_shutdown=mode;
- }
-
-int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx)
- {
- return(ctx->quiet_shutdown);
- }
-
-void SSL_set_quiet_shutdown(SSL *s,int mode)
- {
- s->quiet_shutdown=mode;
- }
-
-int SSL_get_quiet_shutdown(SSL *s)
- {
- return(s->quiet_shutdown);
- }
-
-void SSL_set_shutdown(SSL *s,int mode)
- {
- s->shutdown=mode;
- }
-
-int SSL_get_shutdown(SSL *s)
- {
- return(s->shutdown);
- }
-
-int SSL_version(SSL *s)
- {
- return(s->version);
- }
-
-SSL_CTX *SSL_get_SSL_CTX(SSL *ssl)
- {
- return(ssl->ctx);
- }
-
-#ifndef NO_STDIO
-int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
- {
- return(X509_STORE_set_default_paths(ctx->cert_store));
- }
-
-int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
- const char *CApath)
- {
- return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
- }
-#endif
-
-void SSL_set_info_callback(SSL *ssl,void (*cb)())
- {
- ssl->info_callback=cb;
- }
-
-void (*SSL_get_info_callback(SSL *ssl))(void)
- {
- return((void (*)())ssl->info_callback);
- }
-
-int SSL_state(SSL *ssl)
- {
- return(ssl->state);
- }
-
-void SSL_set_verify_result(SSL *ssl,long arg)
- {
- ssl->verify_result=arg;
- }
-
-long SSL_get_verify_result(SSL *ssl)
- {
- return(ssl->verify_result);
- }
-
-int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
- {
- ssl_meth_num++;
- return(CRYPTO_get_ex_new_index(ssl_meth_num-1,
- &ssl_meth,argl,argp,new_func,dup_func,free_func));
- }
-
-int SSL_set_ex_data(SSL *s,int idx,void *arg)
- {
- return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
- }
-
-void *SSL_get_ex_data(SSL *s,int idx)
- {
- return(CRYPTO_get_ex_data(&s->ex_data,idx));
- }
-
-int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
- {
- ssl_ctx_meth_num++;
- return(CRYPTO_get_ex_new_index(ssl_ctx_meth_num-1,
- &ssl_ctx_meth,argl,argp,new_func,dup_func,free_func));
- }
-
-int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
- {
- return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
- }
-
-void *SSL_CTX_get_ex_data(SSL_CTX *s,int idx)
- {
- return(CRYPTO_get_ex_data(&s->ex_data,idx));
- }
-
-int ssl_ok(SSL *s)
- {
- return(1);
- }
-
-X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx)
- {
- return(ctx->cert_store);
- }
-
-void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store)
- {
- if (ctx->cert_store != NULL)
- X509_STORE_free(ctx->cert_store);
- ctx->cert_store=store;
- }
-
-int SSL_want(SSL *s)
- {
- return(s->rwstate);
- }
-
-/*!
- * \brief Set the callback for generating temporary RSA keys.
- * \param ctx the SSL context.
- * \param cb the callback
- */
-
-#ifndef NO_RSA
-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
- int is_export,
- int keylength))
- {
- SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb);
- }
-
-void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
- int is_export,
- int keylength))
- {
- SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb);
- }
-#endif
-
-#ifdef DOXYGEN
-/*!
- * \brief The RSA temporary key callback function.
- * \param ssl the SSL session.
- * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
- * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
- * of the required key in bits.
- * \return the temporary RSA key.
- * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
- */
-
-RSA *cb(SSL *ssl,int is_export,int keylength)
- {}
-#endif
-
-/*!
- * \brief Set the callback for generating temporary DH keys.
- * \param ctx the SSL context.
- * \param dh the callback
- */
-
-#ifndef NO_DH
-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
- int keylength))
- {
- SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
- }
-
-void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
- int keylength))
- {
- SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
- }
-#endif
-
-#if defined(_WINDLL) && defined(WIN16)
-#include "../crypto/bio/bss_file.c"
-#endif
-
-IMPLEMENT_STACK_OF(SSL_CIPHER)
-IMPLEMENT_STACK_OF(SSL_COMP)
diff --git a/crypto/openssl/ssl/ssl_locl.h b/crypto/openssl/ssl/ssl_locl.h
deleted file mode 100644
index 9297cd2dc34a..000000000000
--- a/crypto/openssl/ssl/ssl_locl.h
+++ /dev/null
@@ -1,610 +0,0 @@
-/* ssl/ssl_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_SSL_LOCL_H
-#define HEADER_SSL_LOCL_H
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <errno.h>
-
-#include "openssl/e_os.h"
-
-#include <openssl/buffer.h>
-#include <openssl/comp.h>
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/evp.h>
-#include <openssl/stack.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-#define PKCS1_CHECK
-
-#define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \
- l|=(((unsigned long)(*((c)++)))<< 8), \
- l|=(((unsigned long)(*((c)++)))<<16), \
- l|=(((unsigned long)(*((c)++)))<<24))
-
-/* NOTE - c is not incremented as per c2l */
-#define c2ln(c,l1,l2,n) { \
- c+=n; \
- l1=l2=0; \
- switch (n) { \
- case 8: l2 =((unsigned long)(*(--(c))))<<24; \
- case 7: l2|=((unsigned long)(*(--(c))))<<16; \
- case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
- case 5: l2|=((unsigned long)(*(--(c)))); \
- case 4: l1 =((unsigned long)(*(--(c))))<<24; \
- case 3: l1|=((unsigned long)(*(--(c))))<<16; \
- case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
- case 1: l1|=((unsigned long)(*(--(c)))); \
- } \
- }
-
-#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16)&0xff), \
- *((c)++)=(unsigned char)(((l)>>24)&0xff))
-
-#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \
- l|=((unsigned long)(*((c)++)))<<16, \
- l|=((unsigned long)(*((c)++)))<< 8, \
- l|=((unsigned long)(*((c)++))))
-
-#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16)&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
- *((c)++)=(unsigned char)(((l) )&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-#define l2cn(l1,l2,c,n) { \
- c+=n; \
- switch (n) { \
- case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
- case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
- case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
- case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
- case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
- case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
- case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
- case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
- } \
- }
-
-#define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \
- (((unsigned int)(c[1])) )),c+=2)
-#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
- c[1]=(unsigned char)(((s) )&0xff)),c+=2)
-
-#define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \
- (((unsigned long)(c[1]))<< 8)| \
- (((unsigned long)(c[2])) )),c+=3)
-
-#define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \
- c[1]=(unsigned char)(((l)>> 8)&0xff), \
- c[2]=(unsigned char)(((l) )&0xff)),c+=3)
-
-/* LOCAL STUFF */
-
-#define SSL_DECRYPT 0
-#define SSL_ENCRYPT 1
-
-#define TWO_BYTE_BIT 0x80
-#define SEC_ESC_BIT 0x40
-#define TWO_BYTE_MASK 0x7fff
-#define THREE_BYTE_MASK 0x3fff
-
-#define INC32(a) ((a)=((a)+1)&0xffffffffL)
-#define DEC32(a) ((a)=((a)-1)&0xffffffffL)
-#define MAX_MAC_SIZE 20 /* up from 16 for SSLv3 */
-
-/*
- * Define the Bitmasks for SSL_CIPHER.algorithms.
- * This bits are used packed as dense as possible. If new methods/ciphers
- * etc will be added, the bits a likely to change, so this information
- * is for internal library use only, even though SSL_CIPHER.algorithms
- * can be publicly accessed.
- * Use the according functions for cipher management instead.
- *
- * The bit mask handling in the selection and sorting scheme in
- * ssl_create_cipher_list() has only limited capabilities, reflecting
- * that the different entities within are mutually exclusive:
- * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
- */
-#define SSL_MKEY_MASK 0x0000001FL
-#define SSL_kRSA 0x00000001L /* RSA key exchange */
-#define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */
-#define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */
-#define SSL_kFZA 0x00000008L
-#define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */
-#define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL))
-
-#define SSL_AUTH_MASK 0x000003e0L
-#define SSL_aRSA 0x00000020L /* Authenticate with RSA */
-#define SSL_aDSS 0x00000040L /* Authenticate with DSS */
-#define SSL_DSS SSL_aDSS
-#define SSL_aFZA 0x00000080L
-#define SSL_aNULL 0x00000100L /* no Authenticate, ADH */
-#define SSL_aDH 0x00000200L /* no Authenticate, ADH */
-
-#define SSL_NULL (SSL_eNULL)
-#define SSL_ADH (SSL_kEDH|SSL_aNULL)
-#define SSL_RSA (SSL_kRSA|SSL_aRSA)
-#define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH)
-#define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA)
-
-#define SSL_ENC_MASK 0x0001Fc00L
-#define SSL_DES 0x00000400L
-#define SSL_3DES 0x00000800L
-#define SSL_RC4 0x00001000L
-#define SSL_RC2 0x00002000L
-#define SSL_IDEA 0x00004000L
-#define SSL_eFZA 0x00008000L
-#define SSL_eNULL 0x00010000L
-
-#define SSL_MAC_MASK 0x00060000L
-#define SSL_MD5 0x00020000L
-#define SSL_SHA1 0x00040000L
-#define SSL_SHA (SSL_SHA1)
-
-#define SSL_SSL_MASK 0x00180000L
-#define SSL_SSLV2 0x00080000L
-#define SSL_SSLV3 0x00100000L
-#define SSL_TLSV1 SSL_SSLV3 /* for now */
-
-/* we have used 001fffff - 11 bits left to go */
-
-/*
- * Export and cipher strength information. For each cipher we have to decide
- * whether it is exportable or not. This information is likely to change
- * over time, since the export control rules are no static technical issue.
- *
- * Independent of the export flag the cipher strength is sorted into classes.
- * SSL_EXP40 was denoting the 40bit US export limit of past times, which now
- * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
- * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
- * since SSL_EXP64 could be similar to SSL_LOW.
- * For this reason SSL_MICRO and SSL_MINI macros are included to widen the
- * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
- * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
- * be possible.
- */
-#define SSL_EXP_MASK 0x00000003L
-#define SSL_NOT_EXP 0x00000001L
-#define SSL_EXPORT 0x00000002L
-
-#define SSL_STRONG_MASK 0x000000fcL
-#define SSL_STRONG_NONE 0x00000004L
-#define SSL_EXP40 0x00000008L
-#define SSL_MICRO (SSL_EXP40)
-#define SSL_EXP56 0x00000010L
-#define SSL_MINI (SSL_EXP56)
-#define SSL_LOW 0x00000020L
-#define SSL_MEDIUM 0x00000040L
-#define SSL_HIGH 0x00000080L
-
-/* we have used 000000ff - 24 bits left to go */
-
-/*
- * Macros to check the export status and cipher strength for export ciphers.
- * Even though the macros for EXPORT and EXPORT40/56 have similar names,
- * their meaning is different:
- * *_EXPORT macros check the 'exportable' status.
- * *_EXPORT40/56 macros are used to check whether a certain cipher strength
- * is given.
- * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
- * algorithm structure element to be passed (algorithms, algo_strength) and no
- * typechecking can be done as they are all of type unsigned long, their
- * direct usage is discouraged.
- * Use the SSL_C_* macros instead.
- */
-#define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT)
-#define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56)
-#define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40)
-#define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength)
-#define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength)
-#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength)
-
-#define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \
- ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7)
-#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
-#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithms, \
- (c)->algo_strength)
-#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
-
-
-#define SSL_ALL 0xffffffffL
-#define SSL_ALL_CIPHERS (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\
- SSL_MAC_MASK)
-#define SSL_ALL_STRENGTHS (SSL_EXP_MASK|SSL_STRONG_MASK)
-
-/* Mostly for SSLv3 */
-#define SSL_PKEY_RSA_ENC 0
-#define SSL_PKEY_RSA_SIGN 1
-#define SSL_PKEY_DSA_SIGN 2
-#define SSL_PKEY_DH_RSA 3
-#define SSL_PKEY_DH_DSA 4
-#define SSL_PKEY_NUM 5
-
-/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
- * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
- * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
- * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
- * SSL_aRSA <- RSA_ENC | RSA_SIGN
- * SSL_aDSS <- DSA_SIGN
- */
-
-/*
-#define CERT_INVALID 0
-#define CERT_PUBLIC_KEY 1
-#define CERT_PRIVATE_KEY 2
-*/
-
-typedef struct cert_pkey_st
- {
- X509 *x509;
- EVP_PKEY *privatekey;
- } CERT_PKEY;
-
-typedef struct cert_st
- {
- /* Current active set */
- CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
- * Probably it would make more sense to store
- * an index, not a pointer. */
-
- /* The following masks are for the key and auth
- * algorithms that are supported by the certs below */
- int valid;
- unsigned long mask;
- unsigned long export_mask;
-#ifndef NO_RSA
- RSA *rsa_tmp;
- RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
-#endif
-#ifndef NO_DH
- DH *dh_tmp;
- DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
-#endif
-
- CERT_PKEY pkeys[SSL_PKEY_NUM];
-
- int references; /* >1 only if SSL_copy_session_id is used */
- } CERT;
-
-
-typedef struct sess_cert_st
- {
- STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
-
- /* The 'peer_...' members are used only by clients. */
- int peer_cert_type;
-
- CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
- CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
- /* Obviously we don't have the private keys of these,
- * so maybe we shouldn't even use the CERT_PKEY type here. */
-
-#ifndef NO_RSA
- RSA *peer_rsa_tmp; /* not used for SSL 2 */
-#endif
-#ifndef NO_DH
- DH *peer_dh_tmp; /* not used for SSL 2 */
-#endif
-
- int references; /* actually always 1 at the moment */
- } SESS_CERT;
-
-
-/*#define MAC_DEBUG */
-
-/*#define ERR_DEBUG */
-/*#define ABORT_DEBUG */
-/*#define PKT_DEBUG 1 */
-/*#define DES_DEBUG */
-/*#define DES_OFB_DEBUG */
-/*#define SSL_DEBUG */
-/*#define RSA_DEBUG */
-/*#define IDEA_DEBUG */
-
-#define FP_ICC (int (*)(const void *,const void *))
-#define ssl_put_cipher_by_char(ssl,ciph,ptr) \
- ((ssl)->method->put_cipher_by_char((ciph),(ptr)))
-#define ssl_get_cipher_by_char(ssl,ptr) \
- ((ssl)->method->get_cipher_by_char(ptr))
-
-/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
- * It is a bit of a mess of functions, but hell, think of it as
- * an opaque structure :-) */
-typedef struct ssl3_enc_method
- {
- int (*enc)(SSL *, int);
- int (*mac)(SSL *, unsigned char *, int);
- int (*setup_key_block)(SSL *);
- int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
- int (*change_cipher_state)(SSL *, int);
- int (*final_finish_mac)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char *, int, unsigned char *);
- int finish_mac_length;
- int (*cert_verify_mac)(SSL *, EVP_MD_CTX *, unsigned char *);
- const char *client_finished_label;
- int client_finished_label_len;
- const char *server_finished_label;
- int server_finished_label_len;
- int (*alert_value)(int);
- } SSL3_ENC_METHOD;
-
-/* Used for holding the relevant compression methods loaded into SSL_CTX */
-typedef struct ssl3_comp_st
- {
- int comp_id; /* The identifier byte for this compression type */
- char *name; /* Text name used for the compression type */
- COMP_METHOD *method; /* The method :-) */
- } SSL3_COMP;
-
-OPENSSL_EXTERN SSL3_ENC_METHOD ssl3_undef_enc_method;
-OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
-OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
-
-#ifdef VMS
-#undef SSL_COMP_get_compression_methods
-#define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods
-#endif
-
-
-SSL_METHOD *ssl_bad_method(int ver);
-SSL_METHOD *sslv2_base_method(void);
-SSL_METHOD *sslv23_base_method(void);
-SSL_METHOD *sslv3_base_method(void);
-
-void ssl_clear_cipher_ctx(SSL *s);
-int ssl_clear_bad_session(SSL *s);
-CERT *ssl_cert_new(void);
-CERT *ssl_cert_dup(CERT *cert);
-int ssl_cert_inst(CERT **o);
-void ssl_cert_free(CERT *c);
-SESS_CERT *ssl_sess_cert_new(void);
-void ssl_sess_cert_free(SESS_CERT *sc);
-int ssl_set_peer_cert_type(SESS_CERT *c, int type);
-int ssl_get_new_session(SSL *s, int session);
-int ssl_get_prev_session(SSL *s, unsigned char *session,int len);
-int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
-int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
- const SSL_CIPHER * const *bp);
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
- STACK_OF(SSL_CIPHER) **skp);
-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p);
-STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
- STACK_OF(SSL_CIPHER) **pref,
- STACK_OF(SSL_CIPHER) **sorted,
- const char *rule_str);
-void ssl_update_cache(SSL *s, int mode);
-int ssl_cipher_get_evp(SSL_SESSION *s,const EVP_CIPHER **enc,const EVP_MD **md,
- SSL_COMP **comp);
-int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
-int ssl_undefined_function(SSL *s);
-X509 *ssl_get_server_send_cert(SSL *);
-EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
-int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
-void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
-STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
-int ssl_verify_alarm_type(long type);
-
-int ssl2_enc_init(SSL *s, int client);
-void ssl2_generate_key_material(SSL *s);
-void ssl2_enc(SSL *s,int send_data);
-void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
-SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
-int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
-int ssl2_part_read(SSL *s, unsigned long f, int i);
-int ssl2_do_write(SSL *s);
-int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data);
-void ssl2_return_error(SSL *s,int reason);
-void ssl2_write_error(SSL *s);
-int ssl2_num_ciphers(void);
-SSL_CIPHER *ssl2_get_cipher(unsigned int u);
-int ssl2_new(SSL *s);
-void ssl2_free(SSL *s);
-int ssl2_accept(SSL *s);
-int ssl2_connect(SSL *s);
-int ssl2_read(SSL *s, void *buf, int len);
-int ssl2_peek(SSL *s, void *buf, int len);
-int ssl2_write(SSL *s, const void *buf, int len);
-int ssl2_shutdown(SSL *s);
-void ssl2_clear(SSL *s);
-long ssl2_ctrl(SSL *s,int cmd, long larg, char *parg);
-long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, char *parg);
-long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)());
-long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)());
-int ssl2_pending(SSL *s);
-
-SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
-int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
-void ssl3_init_finished_mac(SSL *s);
-int ssl3_send_server_certificate(SSL *s);
-int ssl3_get_finished(SSL *s,int state_a,int state_b);
-int ssl3_setup_key_block(SSL *s);
-int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
-int ssl3_change_cipher_state(SSL *s,int which);
-void ssl3_cleanup_key_block(SSL *s);
-int ssl3_do_write(SSL *s,int type);
-void ssl3_send_alert(SSL *s,int level, int desc);
-int ssl3_generate_master_secret(SSL *s, unsigned char *out,
- unsigned char *p, int len);
-int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
-long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
-int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
-int ssl3_num_ciphers(void);
-SSL_CIPHER *ssl3_get_cipher(unsigned int u);
-int ssl3_renegotiate(SSL *ssl);
-int ssl3_renegotiate_check(SSL *ssl);
-int ssl3_dispatch_alert(SSL *s);
-int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
-int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
- const char *sender, int slen,unsigned char *p);
-int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
-void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
-int ssl3_enc(SSL *s, int send_data);
-int ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
-unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
-SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *have,
- STACK_OF(SSL_CIPHER) *pref);
-int ssl3_setup_buffers(SSL *s);
-int ssl3_new(SSL *s);
-void ssl3_free(SSL *s);
-int ssl3_accept(SSL *s);
-int ssl3_connect(SSL *s);
-int ssl3_read(SSL *s, void *buf, int len);
-int ssl3_peek(SSL *s, void *buf, int len);
-int ssl3_write(SSL *s, const void *buf, int len);
-int ssl3_shutdown(SSL *s);
-void ssl3_clear(SSL *s);
-long ssl3_ctrl(SSL *s,int cmd, long larg, char *parg);
-long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, char *parg);
-long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)());
-long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)());
-int ssl3_pending(SSL *s);
-
-int ssl23_accept(SSL *s);
-int ssl23_connect(SSL *s);
-int ssl23_read_bytes(SSL *s, int n);
-int ssl23_write_bytes(SSL *s);
-
-int tls1_new(SSL *s);
-void tls1_free(SSL *s);
-void tls1_clear(SSL *s);
-long tls1_ctrl(SSL *s,int cmd, long larg, char *parg);
-long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)());
-SSL_METHOD *tlsv1_base_method(void );
-
-int ssl_init_wbio_buffer(SSL *s, int push);
-void ssl_free_wbio_buffer(SSL *s);
-
-int tls1_change_cipher_state(SSL *s, int which);
-int tls1_setup_key_block(SSL *s);
-int tls1_enc(SSL *s, int snd);
-int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
- const char *str, int slen, unsigned char *p);
-int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
-int tls1_mac(SSL *ssl, unsigned char *md, int snd);
-int tls1_generate_master_secret(SSL *s, unsigned char *out,
- unsigned char *p, int len);
-int tls1_alert_code(int code);
-int ssl3_alert_code(int code);
-int ssl_ok(SSL *s);
-
-SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
-STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
-
-
-#endif
diff --git a/crypto/openssl/ssl/ssl_rsa.c b/crypto/openssl/ssl/ssl_rsa.c
deleted file mode 100644
index 6ec7a5cdb195..000000000000
--- a/crypto/openssl/ssl/ssl_rsa.c
+++ /dev/null
@@ -1,815 +0,0 @@
-/* ssl/ssl_rsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/bio.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include "ssl_locl.h"
-
-static int ssl_set_cert(CERT *c, X509 *x509);
-static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
-int SSL_use_certificate(SSL *ssl, X509 *x)
- {
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (!ssl_cert_inst(&ssl->cert))
- {
- SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- return(ssl_set_cert(ssl->cert,x));
- }
-
-#ifndef NO_STDIO
-int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
- {
- int j;
- BIO *in;
- int ret=0;
- X509 *x=NULL;
-
- in=BIO_new(BIO_s_file_internal());
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in,file) <= 0)
- {
- SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
- goto end;
- }
- if (type == SSL_FILETYPE_ASN1)
- {
- j=ERR_R_ASN1_LIB;
- x=d2i_X509_bio(in,NULL);
- }
- else if (type == SSL_FILETYPE_PEM)
- {
- j=ERR_R_PEM_LIB;
- x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
- }
- else
- {
- SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
- goto end;
- }
-
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
- goto end;
- }
-
- ret=SSL_use_certificate(ssl,x);
-end:
- if (x != NULL) X509_free(x);
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-#endif
-
-int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len)
- {
- X509 *x;
- int ret;
-
- x=d2i_X509(NULL,&d,(long)len);
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
- return(0);
- }
-
- ret=SSL_use_certificate(ssl,x);
- X509_free(x);
- return(ret);
- }
-
-#ifndef NO_RSA
-int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
- {
- EVP_PKEY *pkey;
- int ret;
-
- if (rsa == NULL)
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (!ssl_cert_inst(&ssl->cert))
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- if ((pkey=EVP_PKEY_new()) == NULL)
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
- return(0);
- }
-
- CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
- EVP_PKEY_assign_RSA(pkey,rsa);
-
- ret=ssl_set_pkey(ssl->cert,pkey);
- EVP_PKEY_free(pkey);
- return(ret);
- }
-#endif
-
-static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
- {
- int i,ok=0,bad=0;
-
- i=ssl_cert_type(NULL,pkey);
- if (i < 0)
- {
- SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
- return(0);
- }
-
- if (c->pkeys[i].x509 != NULL)
- {
- EVP_PKEY *pktmp;
- pktmp = X509_get_pubkey(c->pkeys[i].x509);
- EVP_PKEY_copy_parameters(pktmp,pkey);
- EVP_PKEY_free(pktmp);
- ERR_clear_error();
-
-#ifndef NO_RSA
- /* Don't check the public/private key, this is mostly
- * for smart cards. */
- if ((pkey->type == EVP_PKEY_RSA) &&
- (RSA_flags(pkey->pkey.rsa) &
- RSA_METHOD_FLAG_NO_CHECK))
- ok=1;
- else
-#endif
- if (!X509_check_private_key(c->pkeys[i].x509,pkey))
- {
- if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
- {
- i=(i == SSL_PKEY_DH_RSA)?
- SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
-
- if (c->pkeys[i].x509 == NULL)
- ok=1;
- else
- {
- if (!X509_check_private_key(
- c->pkeys[i].x509,pkey))
- bad=1;
- else
- ok=1;
- }
- }
- else
- bad=1;
- }
- else
- ok=1;
- }
- else
- ok=1;
-
- if (bad)
- {
- X509_free(c->pkeys[i].x509);
- c->pkeys[i].x509=NULL;
- return(0);
- }
-
- if (c->pkeys[i].privatekey != NULL)
- EVP_PKEY_free(c->pkeys[i].privatekey);
- CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
- c->pkeys[i].privatekey=pkey;
- c->key= &(c->pkeys[i]);
-
- c->valid=0;
- return(1);
- }
-
-#ifndef NO_RSA
-#ifndef NO_STDIO
-int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
- {
- int j,ret=0;
- BIO *in;
- RSA *rsa=NULL;
-
- in=BIO_new(BIO_s_file_internal());
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in,file) <= 0)
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
- goto end;
- }
- if (type == SSL_FILETYPE_ASN1)
- {
- j=ERR_R_ASN1_LIB;
- rsa=d2i_RSAPrivateKey_bio(in,NULL);
- }
- else if (type == SSL_FILETYPE_PEM)
- {
- j=ERR_R_PEM_LIB;
- rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
- ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
- }
- else
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
- goto end;
- }
- if (rsa == NULL)
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
- goto end;
- }
- ret=SSL_use_RSAPrivateKey(ssl,rsa);
- RSA_free(rsa);
-end:
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-#endif
-
-int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
- {
- int ret;
- unsigned char *p;
- RSA *rsa;
-
- p=d;
- if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
- return(0);
- }
-
- ret=SSL_use_RSAPrivateKey(ssl,rsa);
- RSA_free(rsa);
- return(ret);
- }
-#endif /* !NO_RSA */
-
-int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
- {
- int ret;
-
- if (pkey == NULL)
- {
- SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (!ssl_cert_inst(&ssl->cert))
- {
- SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- ret=ssl_set_pkey(ssl->cert,pkey);
- return(ret);
- }
-
-#ifndef NO_STDIO
-int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
- {
- int j,ret=0;
- BIO *in;
- EVP_PKEY *pkey=NULL;
-
- in=BIO_new(BIO_s_file_internal());
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in,file) <= 0)
- {
- SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
- goto end;
- }
- if (type == SSL_FILETYPE_PEM)
- {
- j=ERR_R_PEM_LIB;
- pkey=PEM_read_bio_PrivateKey(in,NULL,
- ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
- }
- else
- {
- SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
- goto end;
- }
- if (pkey == NULL)
- {
- SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
- goto end;
- }
- ret=SSL_use_PrivateKey(ssl,pkey);
- EVP_PKEY_free(pkey);
-end:
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-#endif
-
-int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len)
- {
- int ret;
- unsigned char *p;
- EVP_PKEY *pkey;
-
- p=d;
- if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
- {
- SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
- return(0);
- }
-
- ret=SSL_use_PrivateKey(ssl,pkey);
- EVP_PKEY_free(pkey);
- return(ret);
- }
-
-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
- {
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (!ssl_cert_inst(&ctx->cert))
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- return(ssl_set_cert(ctx->cert, x));
- }
-
-static int ssl_set_cert(CERT *c, X509 *x)
- {
- EVP_PKEY *pkey;
- int i,ok=0,bad=0;
-
- pkey=X509_get_pubkey(x);
- if (pkey == NULL)
- {
- SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
- return(0);
- }
-
- i=ssl_cert_type(x,pkey);
- if (i < 0)
- {
- SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
- EVP_PKEY_free(pkey);
- return(0);
- }
-
- if (c->pkeys[i].privatekey != NULL)
- {
- EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
- ERR_clear_error();
-
-#ifndef NO_RSA
- /* Don't check the public/private key, this is mostly
- * for smart cards. */
- if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
- (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
- RSA_METHOD_FLAG_NO_CHECK))
- ok=1;
- else
-#endif
- {
- if (!X509_check_private_key(x,c->pkeys[i].privatekey))
- {
- if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
- {
- i=(i == SSL_PKEY_DH_RSA)?
- SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
-
- if (c->pkeys[i].privatekey == NULL)
- ok=1;
- else
- {
- if (!X509_check_private_key(x,
- c->pkeys[i].privatekey))
- bad=1;
- else
- ok=1;
- }
- }
- else
- bad=1;
- }
- else
- ok=1;
- } /* NO_RSA */
- }
- else
- ok=1;
-
- EVP_PKEY_free(pkey);
- if (bad)
- {
- EVP_PKEY_free(c->pkeys[i].privatekey);
- c->pkeys[i].privatekey=NULL;
- }
-
- if (c->pkeys[i].x509 != NULL)
- X509_free(c->pkeys[i].x509);
- CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
- c->pkeys[i].x509=x;
- c->key= &(c->pkeys[i]);
-
- c->valid=0;
- return(1);
- }
-
-#ifndef NO_STDIO
-int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
- {
- int j;
- BIO *in;
- int ret=0;
- X509 *x=NULL;
-
- in=BIO_new(BIO_s_file_internal());
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in,file) <= 0)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
- goto end;
- }
- if (type == SSL_FILETYPE_ASN1)
- {
- j=ERR_R_ASN1_LIB;
- x=d2i_X509_bio(in,NULL);
- }
- else if (type == SSL_FILETYPE_PEM)
- {
- j=ERR_R_PEM_LIB;
- x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
- }
- else
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
- goto end;
- }
-
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
- goto end;
- }
-
- ret=SSL_CTX_use_certificate(ctx,x);
-end:
- if (x != NULL) X509_free(x);
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-#endif
-
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d)
- {
- X509 *x;
- int ret;
-
- x=d2i_X509(NULL,&d,(long)len);
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
- return(0);
- }
-
- ret=SSL_CTX_use_certificate(ctx,x);
- X509_free(x);
- return(ret);
- }
-
-#ifndef NO_RSA
-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
- {
- int ret;
- EVP_PKEY *pkey;
-
- if (rsa == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (!ssl_cert_inst(&ctx->cert))
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- if ((pkey=EVP_PKEY_new()) == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
- return(0);
- }
-
- CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
- EVP_PKEY_assign_RSA(pkey,rsa);
-
- ret=ssl_set_pkey(ctx->cert, pkey);
- EVP_PKEY_free(pkey);
- return(ret);
- }
-
-#ifndef NO_STDIO
-int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
- {
- int j,ret=0;
- BIO *in;
- RSA *rsa=NULL;
-
- in=BIO_new(BIO_s_file_internal());
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in,file) <= 0)
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
- goto end;
- }
- if (type == SSL_FILETYPE_ASN1)
- {
- j=ERR_R_ASN1_LIB;
- rsa=d2i_RSAPrivateKey_bio(in,NULL);
- }
- else if (type == SSL_FILETYPE_PEM)
- {
- j=ERR_R_PEM_LIB;
- rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
- ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
- }
- else
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
- goto end;
- }
- if (rsa == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
- goto end;
- }
- ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
- RSA_free(rsa);
-end:
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-#endif
-
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len)
- {
- int ret;
- unsigned char *p;
- RSA *rsa;
-
- p=d;
- if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
- return(0);
- }
-
- ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
- RSA_free(rsa);
- return(ret);
- }
-#endif /* !NO_RSA */
-
-int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
- {
- if (pkey == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (!ssl_cert_inst(&ctx->cert))
- {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- return(ssl_set_pkey(ctx->cert,pkey));
- }
-
-#ifndef NO_STDIO
-int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
- {
- int j,ret=0;
- BIO *in;
- EVP_PKEY *pkey=NULL;
-
- in=BIO_new(BIO_s_file_internal());
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in,file) <= 0)
- {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
- goto end;
- }
- if (type == SSL_FILETYPE_PEM)
- {
- j=ERR_R_PEM_LIB;
- pkey=PEM_read_bio_PrivateKey(in,NULL,
- ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
- }
- else
- {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
- goto end;
- }
- if (pkey == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
- goto end;
- }
- ret=SSL_CTX_use_PrivateKey(ctx,pkey);
- EVP_PKEY_free(pkey);
-end:
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-#endif
-
-int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d,
- long len)
- {
- int ret;
- unsigned char *p;
- EVP_PKEY *pkey;
-
- p=d;
- if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
- return(0);
- }
-
- ret=SSL_CTX_use_PrivateKey(ctx,pkey);
- EVP_PKEY_free(pkey);
- return(ret);
- }
-
-
-#ifndef NO_STDIO
-/* Read a file that contains our certificate in "PEM" format,
- * possibly followed by a sequence of CA certificates that should be
- * sent to the peer in the Certificate message.
- */
-int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
- {
- BIO *in;
- int ret=0;
- X509 *x=NULL;
-
- in=BIO_new(BIO_s_file_internal());
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in,file) <= 0)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
- goto end;
- }
-
- x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
- goto end;
- }
-
- ret=SSL_CTX_use_certificate(ctx,x);
- if (ERR_peek_error() != 0)
- ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */
- if (ret)
- {
- /* If we could set up our certificate, now proceed to
- * the CA certificates.
- */
- X509 *ca;
- int r;
- unsigned long err;
-
- if (ctx->extra_certs != NULL)
- {
- sk_X509_pop_free(ctx->extra_certs, X509_free);
- ctx->extra_certs = NULL;
- }
-
- while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
- != NULL)
- {
- r = SSL_CTX_add_extra_chain_cert(ctx, ca);
- if (!r)
- {
- X509_free(ca);
- ret = 0;
- goto end;
- }
- /* Note that we must not free r if it was successfully
- * added to the chain (while we must free the main
- * certificate, since its reference count is increased
- * by SSL_CTX_use_certificate). */
- }
- /* When the while loop ends, it's usually just EOF. */
- err = ERR_peek_error();
- if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
- (void) ERR_get_error();
- else
- ret = 0; /* some real error */
- }
-
-end:
- if (x != NULL) X509_free(x);
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-#endif
diff --git a/crypto/openssl/ssl/ssl_sess.c b/crypto/openssl/ssl/ssl_sess.c
deleted file mode 100644
index 87cd8a9b86c0..000000000000
--- a/crypto/openssl/ssl/ssl_sess.c
+++ /dev/null
@@ -1,683 +0,0 @@
-/* ssl/ssl_sess.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/lhash.h>
-#include <openssl/rand.h>
-#include "ssl_locl.h"
-#include "cryptlib.h"
-
-static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
-static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
-static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
-static int ssl_session_num=0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_session_meth=NULL;
-
-SSL_SESSION *SSL_get_session(SSL *ssl)
-/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
- {
- return(ssl->session);
- }
-
-SSL_SESSION *SSL_get1_session(SSL *ssl)
-/* variant of SSL_get_session: caller really gets something */
- {
- SSL_SESSION *sess;
- /* Need to lock this all up rather than just use CRYPTO_add so that
- * somebody doesn't free ssl->session between when we check it's
- * non-null and when we up the reference count. */
- CRYPTO_r_lock(CRYPTO_LOCK_SSL_SESSION);
- sess = ssl->session;
- if(sess)
- sess->references++;
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL_SESSION);
- return(sess);
- }
-
-int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
- {
- ssl_session_num++;
- return(CRYPTO_get_ex_new_index(ssl_session_num-1,
- &ssl_session_meth,
- argl,argp,new_func,dup_func,free_func));
- }
-
-int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
- {
- return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
- }
-
-void *SSL_SESSION_get_ex_data(SSL_SESSION *s, int idx)
- {
- return(CRYPTO_get_ex_data(&s->ex_data,idx));
- }
-
-SSL_SESSION *SSL_SESSION_new(void)
- {
- SSL_SESSION *ss;
-
- ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION));
- if (ss == NULL)
- {
- SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- memset(ss,0,sizeof(SSL_SESSION));
-
- ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
- ss->references=1;
- ss->timeout=60*5+4; /* 5 minute timeout by default */
- ss->time=time(NULL);
- ss->prev=NULL;
- ss->next=NULL;
- ss->compress_meth=0;
- CRYPTO_new_ex_data(ssl_session_meth,ss,&ss->ex_data);
- return(ss);
- }
-
-int ssl_get_new_session(SSL *s, int session)
- {
- /* This gets used by clients and servers. */
-
- SSL_SESSION *ss=NULL;
-
- if ((ss=SSL_SESSION_new()) == NULL) return(0);
-
- /* If the context has a default timeout, use it */
- if (s->ctx->session_timeout == 0)
- ss->timeout=SSL_get_default_timeout(s);
- else
- ss->timeout=s->ctx->session_timeout;
-
- if (s->session != NULL)
- {
- SSL_SESSION_free(s->session);
- s->session=NULL;
- }
-
- if (session)
- {
- if (s->version == SSL2_VERSION)
- {
- ss->ssl_version=SSL2_VERSION;
- ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
- }
- else if (s->version == SSL3_VERSION)
- {
- ss->ssl_version=SSL3_VERSION;
- ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
- }
- else if (s->version == TLS1_VERSION)
- {
- ss->ssl_version=TLS1_VERSION;
- ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
- }
- else
- {
- SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
- SSL_SESSION_free(ss);
- return(0);
- }
-
- for (;;)
- {
- SSL_SESSION *r;
-
- RAND_pseudo_bytes(ss->session_id,ss->session_id_length);
- CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
- r=(SSL_SESSION *)lh_retrieve(s->ctx->sessions, ss);
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
- if (r == NULL) break;
- /* else - woops a session_id match */
- /* XXX We should also check the external cache --
- * but the probability of a collision is negligible, and
- * we could not prevent the concurrent creation of sessions
- * with identical IDs since we currently don't have means
- * to atomically check whether a session ID already exists
- * and make a reservation for it if it does not
- * (this problem applies to the internal cache as well).
- */
- }
- }
- else
- {
- ss->session_id_length=0;
- }
-
- die(s->sid_ctx_length <= sizeof ss->sid_ctx);
- memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
- ss->sid_ctx_length=s->sid_ctx_length;
- s->session=ss;
- ss->ssl_version=s->version;
- ss->verify_result = X509_V_OK;
-
- return(1);
- }
-
-int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
- {
- /* This is used only by servers. */
-
- SSL_SESSION *ret=NULL,data;
- int fatal = 0;
-
- data.ssl_version=s->version;
- data.session_id_length=len;
- if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
- goto err;
- memcpy(data.session_id,session_id,len);
-
- if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
- {
- CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
- ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data);
- if (ret != NULL)
- /* don't allow other threads to steal it: */
- CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
- }
-
- if (ret == NULL)
- {
- int copy=1;
-
- s->ctx->stats.sess_miss++;
- ret=NULL;
- if (s->ctx->get_session_cb != NULL
- && (ret=s->ctx->get_session_cb(s,session_id,len,&copy))
- != NULL)
- {
- s->ctx->stats.sess_cb_hit++;
-
- /* Increment reference count now if the session callback
- * asks us to do so (note that if the session structures
- * returned by the callback are shared between threads,
- * it must handle the reference count itself [i.e. copy == 0],
- * or things won't be thread-safe). */
- if (copy)
- CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
-
- /* The following should not return 1, otherwise,
- * things are very strange */
- SSL_CTX_add_session(s->ctx,ret);
- }
- if (ret == NULL)
- goto err;
- }
-
- /* Now ret is non-NULL, and we own one of its reference counts. */
-
- if((s->verify_mode&SSL_VERIFY_PEER)
- && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length
- || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
- {
- /* We've found the session named by the client, but we don't
- * want to use it in this context. */
-
- if (s->sid_ctx_length == 0)
- {
- /* application should have used SSL[_CTX]_set_session_id_context
- * -- we could tolerate this and just pretend we never heard
- * of this session, but then applications could effectively
- * disable the session cache by accident without anyone noticing */
-
- SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
- fatal = 1;
- goto err;
- }
- else
- {
-#if 0 /* The client cannot always know when a session is not appropriate,
- * so we shouldn't generate an error message. */
-
- SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
-#endif
- goto err; /* treat like cache miss */
- }
- }
-
- if (ret->cipher == NULL)
- {
- unsigned char buf[5],*p;
- unsigned long l;
-
- p=buf;
- l=ret->cipher_id;
- l2n(l,p);
- if ((ret->ssl_version>>8) == SSL3_VERSION_MAJOR)
- ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
- else
- ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
- if (ret->cipher == NULL)
- goto err;
- }
-
-
-#if 0 /* This is way too late. */
-
- /* If a thread got the session, then 'swaped', and another got
- * it and then due to a time-out decided to 'OPENSSL_free' it we could
- * be in trouble. So I'll increment it now, then double decrement
- * later - am I speaking rubbish?. */
- CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
-#endif
-
- if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */
- {
- s->ctx->stats.sess_timeout++;
- /* remove it from the cache */
- SSL_CTX_remove_session(s->ctx,ret);
- goto err;
- }
-
- s->ctx->stats.sess_hit++;
-
- /* ret->time=time(NULL); */ /* rezero timeout? */
- /* again, just leave the session
- * if it is the same session, we have just incremented and
- * then decremented the reference count :-) */
- if (s->session != NULL)
- SSL_SESSION_free(s->session);
- s->session=ret;
- s->verify_result = s->session->verify_result;
- return(1);
-
- err:
- if (ret != NULL)
- SSL_SESSION_free(ret);
- if (fatal)
- return -1;
- else
- return 0;
- }
-
-int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
- {
- int ret=0;
- SSL_SESSION *s;
-
- /* add just 1 reference count for the SSL_CTX's session cache
- * even though it has two ways of access: each session is in a
- * doubly linked list and an lhash */
- CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION);
- /* if session c is in already in cache, we take back the increment later */
-
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- s=(SSL_SESSION *)lh_insert(ctx->sessions,c);
-
- /* s != NULL iff we already had a session with the given PID.
- * In this case, s == c should hold (then we did not really modify
- * ctx->sessions), or we're in trouble. */
- if (s != NULL && s != c)
- {
- /* We *are* in trouble ... */
- SSL_SESSION_list_remove(ctx,s);
- SSL_SESSION_free(s);
- /* ... so pretend the other session did not exist in cache
- * (we cannot handle two SSL_SESSION structures with identical
- * session ID in the same cache, which could happen e.g. when
- * two threads concurrently obtain the same session from an external
- * cache) */
- s = NULL;
- }
-
- /* Put at the head of the queue unless it is already in the cache */
- if (s == NULL)
- SSL_SESSION_list_add(ctx,c);
-
- if (s != NULL)
- {
- /* existing cache entry -- decrement previously incremented reference
- * count because it already takes into account the cache */
-
- SSL_SESSION_free(s); /* s == c */
- ret=0;
- }
- else
- {
- /* new cache entry -- remove old ones if cache has become too large */
-
- ret=1;
-
- if (SSL_CTX_sess_get_cache_size(ctx) > 0)
- {
- while (SSL_CTX_sess_number(ctx) >
- SSL_CTX_sess_get_cache_size(ctx))
- {
- if (!remove_session_lock(ctx,
- ctx->session_cache_tail, 0))
- break;
- else
- ctx->stats.sess_cache_full++;
- }
- }
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
- return(ret);
- }
-
-int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
-{
- return remove_session_lock(ctx, c, 1);
-}
-
-static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
- {
- SSL_SESSION *r;
- int ret=0;
-
- if ((c != NULL) && (c->session_id_length != 0))
- {
- if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- if ((r = (SSL_SESSION *)lh_retrieve(ctx->sessions,c)) == c)
- {
- ret=1;
- r=(SSL_SESSION *)lh_delete(ctx->sessions,c);
- SSL_SESSION_list_remove(ctx,c);
- }
-
- if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-
- if (ret)
- {
- r->not_resumable=1;
- if (ctx->remove_session_cb != NULL)
- ctx->remove_session_cb(ctx,r);
- SSL_SESSION_free(r);
- }
- }
- else
- ret=0;
- return(ret);
- }
-
-void SSL_SESSION_free(SSL_SESSION *ss)
- {
- int i;
-
- if(ss == NULL)
- return;
-
- i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION);
-#ifdef REF_PRINT
- REF_PRINT("SSL_SESSION",ss);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"SSL_SESSION_free, bad reference count\n");
- abort(); /* ok */
- }
-#endif
-
- CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data);
-
- memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
- memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
- memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
- if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
- if (ss->peer != NULL) X509_free(ss->peer);
- if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
- memset(ss,0,sizeof(*ss));
- OPENSSL_free(ss);
- }
-
-int SSL_set_session(SSL *s, SSL_SESSION *session)
- {
- int ret=0;
- SSL_METHOD *meth;
-
- if (session != NULL)
- {
- meth=s->ctx->method->get_ssl_method(session->ssl_version);
- if (meth == NULL)
- meth=s->method->get_ssl_method(session->ssl_version);
- if (meth == NULL)
- {
- SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD);
- return(0);
- }
-
- if (meth != s->method)
- {
- if (!SSL_set_ssl_method(s,meth))
- return(0);
- if (s->ctx->session_timeout == 0)
- session->timeout=SSL_get_default_timeout(s);
- else
- session->timeout=s->ctx->session_timeout;
- }
-
- /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
- CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION);
- if (s->session != NULL)
- SSL_SESSION_free(s->session);
- s->session=session;
- s->verify_result = s->session->verify_result;
- /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
- ret=1;
- }
- else
- {
- if (s->session != NULL)
- {
- SSL_SESSION_free(s->session);
- s->session=NULL;
- }
-
- meth=s->ctx->method;
- if (meth != s->method)
- {
- if (!SSL_set_ssl_method(s,meth))
- return(0);
- }
- ret=1;
- }
- return(ret);
- }
-
-long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
- {
- if (s == NULL) return(0);
- s->timeout=t;
- return(1);
- }
-
-long SSL_SESSION_get_timeout(SSL_SESSION *s)
- {
- if (s == NULL) return(0);
- return(s->timeout);
- }
-
-long SSL_SESSION_get_time(SSL_SESSION *s)
- {
- if (s == NULL) return(0);
- return(s->time);
- }
-
-long SSL_SESSION_set_time(SSL_SESSION *s, long t)
- {
- if (s == NULL) return(0);
- s->time=t;
- return(t);
- }
-
-long SSL_CTX_set_timeout(SSL_CTX *s, long t)
- {
- long l;
- if (s == NULL) return(0);
- l=s->session_timeout;
- s->session_timeout=t;
- return(l);
- }
-
-long SSL_CTX_get_timeout(SSL_CTX *s)
- {
- if (s == NULL) return(0);
- return(s->session_timeout);
- }
-
-typedef struct timeout_param_st
- {
- SSL_CTX *ctx;
- long time;
- LHASH *cache;
- } TIMEOUT_PARAM;
-
-static void timeout(SSL_SESSION *s, TIMEOUT_PARAM *p)
- {
- if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
- {
- /* The reason we don't call SSL_CTX_remove_session() is to
- * save on locking overhead */
- lh_delete(p->cache,s);
- SSL_SESSION_list_remove(p->ctx,s);
- s->not_resumable=1;
- if (p->ctx->remove_session_cb != NULL)
- p->ctx->remove_session_cb(p->ctx,s);
- SSL_SESSION_free(s);
- }
- }
-
-void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
- {
- unsigned long i;
- TIMEOUT_PARAM tp;
-
- tp.ctx=s;
- tp.cache=s->sessions;
- if (tp.cache == NULL) return;
- tp.time=t;
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- i=tp.cache->down_load;
- tp.cache->down_load=0;
- lh_doall_arg(tp.cache,(void (*)())timeout,&tp);
- tp.cache->down_load=i;
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
- }
-
-int ssl_clear_bad_session(SSL *s)
- {
- if ( (s->session != NULL) &&
- !(s->shutdown & SSL_SENT_SHUTDOWN) &&
- !(SSL_in_init(s) || SSL_in_before(s)))
- {
- SSL_CTX_remove_session(s->ctx,s->session);
- return(1);
- }
- else
- return(0);
- }
-
-/* locked by SSL_CTX in the calling function */
-static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
- {
- if ((s->next == NULL) || (s->prev == NULL)) return;
-
- if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail))
- { /* last element in list */
- if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
- { /* only one element in list */
- ctx->session_cache_head=NULL;
- ctx->session_cache_tail=NULL;
- }
- else
- {
- ctx->session_cache_tail=s->prev;
- s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail);
- }
- }
- else
- {
- if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
- { /* first element in list */
- ctx->session_cache_head=s->next;
- s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head);
- }
- else
- { /* middle of list */
- s->next->prev=s->prev;
- s->prev->next=s->next;
- }
- }
- s->prev=s->next=NULL;
- }
-
-static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
- {
- if ((s->next != NULL) && (s->prev != NULL))
- SSL_SESSION_list_remove(ctx,s);
-
- if (ctx->session_cache_head == NULL)
- {
- ctx->session_cache_head=s;
- ctx->session_cache_tail=s;
- s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
- s->next=(SSL_SESSION *)&(ctx->session_cache_tail);
- }
- else
- {
- s->next=ctx->session_cache_head;
- s->next->prev=s;
- s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
- ctx->session_cache_head=s;
- }
- }
-
diff --git a/crypto/openssl/ssl/ssl_stat.c b/crypto/openssl/ssl/ssl_stat.c
deleted file mode 100644
index 893c98e050ab..000000000000
--- a/crypto/openssl/ssl/ssl_stat.c
+++ /dev/null
@@ -1,502 +0,0 @@
-/* ssl/ssl_stat.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-
-char *SSL_state_string_long(SSL *s)
- {
- char *str;
-
- switch (s->state)
- {
-case SSL_ST_BEFORE: str="before SSL initialization"; break;
-case SSL_ST_ACCEPT: str="before accept initialization"; break;
-case SSL_ST_CONNECT: str="before connect initialization"; break;
-case SSL_ST_OK: str="SSL negotiation finished successfully"; break;
-case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break;
-case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;
-case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
-case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
-case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
-#ifndef NO_SSL2
-case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
-case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
-case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break;
-case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break;
-case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break;
-case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break;
-case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break;
-case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break;
-case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break;
-case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break;
-case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break;
-case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break;
-case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break;
-case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break;
-case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break;
-case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break;
-case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break;
-case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break;
-case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break;
-case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break;
-case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break;
-case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break;
-case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break;
-case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break;
-case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break;
-case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break;
-case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break;
-#endif
-
-#ifndef NO_SSL3
-/* SSLv3 additions */
-case SSL3_ST_CW_CLNT_HELLO_A: str="SSLv3 write client hello A"; break;
-case SSL3_ST_CW_CLNT_HELLO_B: str="SSLv3 write client hello B"; break;
-case SSL3_ST_CR_SRVR_HELLO_A: str="SSLv3 read server hello A"; break;
-case SSL3_ST_CR_SRVR_HELLO_B: str="SSLv3 read server hello B"; break;
-case SSL3_ST_CR_CERT_A: str="SSLv3 read server certificate A"; break;
-case SSL3_ST_CR_CERT_B: str="SSLv3 read server certificate B"; break;
-case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break;
-case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break;
-case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break;
-case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break;
-case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break;
-case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break;
-case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break;
-case SSL3_ST_CW_CERT_B: str="SSLv3 write client certificate B"; break;
-case SSL3_ST_CW_CERT_C: str="SSLv3 write client certificate C"; break;
-case SSL3_ST_CW_CERT_D: str="SSLv3 write client certificate D"; break;
-case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break;
-case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break;
-case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break;
-case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify B"; break;
-
-case SSL3_ST_CW_CHANGE_A:
-case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break;
-case SSL3_ST_CW_CHANGE_B:
-case SSL3_ST_SW_CHANGE_B: str="SSLv3 write change cipher spec B"; break;
-case SSL3_ST_CW_FINISHED_A:
-case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break;
-case SSL3_ST_CW_FINISHED_B:
-case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished B"; break;
-case SSL3_ST_CR_CHANGE_A:
-case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break;
-case SSL3_ST_CR_CHANGE_B:
-case SSL3_ST_SR_CHANGE_B: str="SSLv3 read change cipher spec B"; break;
-case SSL3_ST_CR_FINISHED_A:
-case SSL3_ST_SR_FINISHED_A: str="SSLv3 read finished A"; break;
-case SSL3_ST_CR_FINISHED_B:
-case SSL3_ST_SR_FINISHED_B: str="SSLv3 read finished B"; break;
-
-case SSL3_ST_CW_FLUSH:
-case SSL3_ST_SW_FLUSH: str="SSLv3 flush data"; break;
-
-case SSL3_ST_SR_CLNT_HELLO_A: str="SSLv3 read client hello A"; break;
-case SSL3_ST_SR_CLNT_HELLO_B: str="SSLv3 read client hello B"; break;
-case SSL3_ST_SR_CLNT_HELLO_C: str="SSLv3 read client hello C"; break;
-case SSL3_ST_SW_HELLO_REQ_A: str="SSLv3 write hello request A"; break;
-case SSL3_ST_SW_HELLO_REQ_B: str="SSLv3 write hello request B"; break;
-case SSL3_ST_SW_HELLO_REQ_C: str="SSLv3 write hello request C"; break;
-case SSL3_ST_SW_SRVR_HELLO_A: str="SSLv3 write server hello A"; break;
-case SSL3_ST_SW_SRVR_HELLO_B: str="SSLv3 write server hello B"; break;
-case SSL3_ST_SW_CERT_A: str="SSLv3 write certificate A"; break;
-case SSL3_ST_SW_CERT_B: str="SSLv3 write certificate B"; break;
-case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break;
-case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break;
-case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break;
-case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break;
-case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break;
-case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break;
-case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break;
-case SSL3_ST_SR_CERT_B: str="SSLv3 read client certificate B"; break;
-case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break;
-case SSL3_ST_SR_KEY_EXCH_B: str="SSLv3 read client key exchange B"; break;
-case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certificate verify A"; break;
-case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break;
-#endif
-
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
-/* SSLv2/v3 compatibility states */
-/* client */
-case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break;
-case SSL23_ST_CW_CLNT_HELLO_B: str="SSLv2/v3 write client hello B"; break;
-case SSL23_ST_CR_SRVR_HELLO_A: str="SSLv2/v3 read server hello A"; break;
-case SSL23_ST_CR_SRVR_HELLO_B: str="SSLv2/v3 read server hello B"; break;
-/* server */
-case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break;
-case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break;
-#endif
-
-default: str="unknown state"; break;
- }
- return(str);
- }
-
-char *SSL_rstate_string_long(SSL *s)
- {
- char *str;
-
- switch (s->rstate)
- {
- case SSL_ST_READ_HEADER: str="read header"; break;
- case SSL_ST_READ_BODY: str="read body"; break;
- case SSL_ST_READ_DONE: str="read done"; break;
- default: str="unknown"; break;
- }
- return(str);
- }
-
-char *SSL_state_string(SSL *s)
- {
- char *str;
-
- switch (s->state)
- {
-case SSL_ST_BEFORE: str="PINIT "; break;
-case SSL_ST_ACCEPT: str="AINIT "; break;
-case SSL_ST_CONNECT: str="CINIT "; break;
-case SSL_ST_OK: str="SSLOK "; break;
-#ifndef NO_SSL2
-case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break;
-case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break;
-case SSL2_ST_SEND_CLIENT_HELLO_A: str="2SCH_A"; break;
-case SSL2_ST_SEND_CLIENT_HELLO_B: str="2SCH_B"; break;
-case SSL2_ST_GET_SERVER_HELLO_A: str="2GSH_A"; break;
-case SSL2_ST_GET_SERVER_HELLO_B: str="2GSH_B"; break;
-case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="2SCMKA"; break;
-case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="2SCMKB"; break;
-case SSL2_ST_SEND_CLIENT_FINISHED_A: str="2SCF_A"; break;
-case SSL2_ST_SEND_CLIENT_FINISHED_B: str="2SCF_B"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="2SCC_A"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="2SCC_B"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="2SCC_C"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="2SCC_D"; break;
-case SSL2_ST_GET_SERVER_VERIFY_A: str="2GSV_A"; break;
-case SSL2_ST_GET_SERVER_VERIFY_B: str="2GSV_B"; break;
-case SSL2_ST_GET_SERVER_FINISHED_A: str="2GSF_A"; break;
-case SSL2_ST_GET_SERVER_FINISHED_B: str="2GSF_B"; break;
-case SSL2_ST_GET_CLIENT_HELLO_A: str="2GCH_A"; break;
-case SSL2_ST_GET_CLIENT_HELLO_B: str="2GCH_B"; break;
-case SSL2_ST_GET_CLIENT_HELLO_C: str="2GCH_C"; break;
-case SSL2_ST_SEND_SERVER_HELLO_A: str="2SSH_A"; break;
-case SSL2_ST_SEND_SERVER_HELLO_B: str="2SSH_B"; break;
-case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="2GCMKA"; break;
-case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="2GCMKA"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_A: str="2SSV_A"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_B: str="2SSV_B"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_C: str="2SSV_C"; break;
-case SSL2_ST_GET_CLIENT_FINISHED_A: str="2GCF_A"; break;
-case SSL2_ST_GET_CLIENT_FINISHED_B: str="2GCF_B"; break;
-case SSL2_ST_SEND_SERVER_FINISHED_A: str="2SSF_A"; break;
-case SSL2_ST_SEND_SERVER_FINISHED_B: str="2SSF_B"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="2SRC_A"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="2SRC_B"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="2SRC_C"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="2SRC_D"; break;
-case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="2X9GSC"; break;
-case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="2X9GCC"; break;
-#endif
-
-#ifndef NO_SSL3
-/* SSLv3 additions */
-case SSL3_ST_SW_FLUSH:
-case SSL3_ST_CW_FLUSH: str="3FLUSH"; break;
-case SSL3_ST_CW_CLNT_HELLO_A: str="3WCH_A"; break;
-case SSL3_ST_CW_CLNT_HELLO_B: str="3WCH_B"; break;
-case SSL3_ST_CR_SRVR_HELLO_A: str="3RSH_A"; break;
-case SSL3_ST_CR_SRVR_HELLO_B: str="3RSH_B"; break;
-case SSL3_ST_CR_CERT_A: str="3RSC_A"; break;
-case SSL3_ST_CR_CERT_B: str="3RSC_B"; break;
-case SSL3_ST_CR_KEY_EXCH_A: str="3RSKEA"; break;
-case SSL3_ST_CR_KEY_EXCH_B: str="3RSKEB"; break;
-case SSL3_ST_CR_CERT_REQ_A: str="3RCR_A"; break;
-case SSL3_ST_CR_CERT_REQ_B: str="3RCR_B"; break;
-case SSL3_ST_CR_SRVR_DONE_A: str="3RSD_A"; break;
-case SSL3_ST_CR_SRVR_DONE_B: str="3RSD_B"; break;
-case SSL3_ST_CW_CERT_A: str="3WCC_A"; break;
-case SSL3_ST_CW_CERT_B: str="3WCC_B"; break;
-case SSL3_ST_CW_CERT_C: str="3WCC_C"; break;
-case SSL3_ST_CW_CERT_D: str="3WCC_D"; break;
-case SSL3_ST_CW_KEY_EXCH_A: str="3WCKEA"; break;
-case SSL3_ST_CW_KEY_EXCH_B: str="3WCKEB"; break;
-case SSL3_ST_CW_CERT_VRFY_A: str="3WCV_A"; break;
-case SSL3_ST_CW_CERT_VRFY_B: str="3WCV_B"; break;
-
-case SSL3_ST_SW_CHANGE_A:
-case SSL3_ST_CW_CHANGE_A: str="3WCCSA"; break;
-case SSL3_ST_SW_CHANGE_B:
-case SSL3_ST_CW_CHANGE_B: str="3WCCSB"; break;
-case SSL3_ST_SW_FINISHED_A:
-case SSL3_ST_CW_FINISHED_A: str="3WFINA"; break;
-case SSL3_ST_SW_FINISHED_B:
-case SSL3_ST_CW_FINISHED_B: str="3WFINB"; break;
-case SSL3_ST_SR_CHANGE_A:
-case SSL3_ST_CR_CHANGE_A: str="3RCCSA"; break;
-case SSL3_ST_SR_CHANGE_B:
-case SSL3_ST_CR_CHANGE_B: str="3RCCSB"; break;
-case SSL3_ST_SR_FINISHED_A:
-case SSL3_ST_CR_FINISHED_A: str="3RFINA"; break;
-case SSL3_ST_SR_FINISHED_B:
-case SSL3_ST_CR_FINISHED_B: str="3RFINB"; break;
-
-case SSL3_ST_SW_HELLO_REQ_A: str="3WHR_A"; break;
-case SSL3_ST_SW_HELLO_REQ_B: str="3WHR_B"; break;
-case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break;
-case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break;
-case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break;
-case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break;
-case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break;
-case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break;
-case SSL3_ST_SW_CERT_A: str="3WSC_A"; break;
-case SSL3_ST_SW_CERT_B: str="3WSC_B"; break;
-case SSL3_ST_SW_KEY_EXCH_A: str="3WSKEA"; break;
-case SSL3_ST_SW_KEY_EXCH_B: str="3WSKEB"; break;
-case SSL3_ST_SW_CERT_REQ_A: str="3WCR_A"; break;
-case SSL3_ST_SW_CERT_REQ_B: str="3WCR_B"; break;
-case SSL3_ST_SW_SRVR_DONE_A: str="3WSD_A"; break;
-case SSL3_ST_SW_SRVR_DONE_B: str="3WSD_B"; break;
-case SSL3_ST_SR_CERT_A: str="3RCC_A"; break;
-case SSL3_ST_SR_CERT_B: str="3RCC_B"; break;
-case SSL3_ST_SR_KEY_EXCH_A: str="3RCKEA"; break;
-case SSL3_ST_SR_KEY_EXCH_B: str="3RCKEB"; break;
-case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break;
-case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break;
-#endif
-
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
-/* SSLv2/v3 compatibility states */
-/* client */
-case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break;
-case SSL23_ST_CW_CLNT_HELLO_B: str="23WCHB"; break;
-case SSL23_ST_CR_SRVR_HELLO_A: str="23RSHA"; break;
-case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; break;
-/* server */
-case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break;
-case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break;
-#endif
-
-default: str="UNKWN "; break;
- }
- return(str);
- }
-
-char *SSL_alert_type_string_long(int value)
- {
- value>>=8;
- if (value == SSL3_AL_WARNING)
- return("warning");
- else if (value == SSL3_AL_FATAL)
- return("fatal");
- else
- return("unknown");
- }
-
-char *SSL_alert_type_string(int value)
- {
- value>>=8;
- if (value == SSL3_AL_WARNING)
- return("W");
- else if (value == SSL3_AL_FATAL)
- return("F");
- else
- return("U");
- }
-
-char *SSL_alert_desc_string(int value)
- {
- char *str;
-
- switch (value & 0xff)
- {
- case SSL3_AD_CLOSE_NOTIFY: str="CN"; break;
- case SSL3_AD_UNEXPECTED_MESSAGE: str="UM"; break;
- case SSL3_AD_BAD_RECORD_MAC: str="BM"; break;
- case SSL3_AD_DECOMPRESSION_FAILURE: str="DF"; break;
- case SSL3_AD_HANDSHAKE_FAILURE: str="HF"; break;
- case SSL3_AD_NO_CERTIFICATE: str="NC"; break;
- case SSL3_AD_BAD_CERTIFICATE: str="BC"; break;
- case SSL3_AD_UNSUPPORTED_CERTIFICATE: str="UC"; break;
- case SSL3_AD_CERTIFICATE_REVOKED: str="CR"; break;
- case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break;
- case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break;
- case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break;
- case TLS1_AD_DECRYPTION_FAILED: str="DC"; break;
- case TLS1_AD_RECORD_OVERFLOW: str="RO"; break;
- case TLS1_AD_UNKNOWN_CA: str="CA"; break;
- case TLS1_AD_ACCESS_DENIED: str="AD"; break;
- case TLS1_AD_DECODE_ERROR: str="DE"; break;
- case TLS1_AD_DECRYPT_ERROR: str="CY"; break;
- case TLS1_AD_EXPORT_RESTRICTION: str="ER"; break;
- case TLS1_AD_PROTOCOL_VERSION: str="PV"; break;
- case TLS1_AD_INSUFFICIENT_SECURITY: str="IS"; break;
- case TLS1_AD_INTERNAL_ERROR: str="IE"; break;
- case TLS1_AD_USER_CANCELLED: str="US"; break;
- case TLS1_AD_NO_RENEGOTIATION: str="NR"; break;
- default: str="UK"; break;
- }
- return(str);
- }
-
-char *SSL_alert_desc_string_long(int value)
- {
- char *str;
-
- switch (value & 0xff)
- {
- case SSL3_AD_CLOSE_NOTIFY:
- str="close notify";
- break;
- case SSL3_AD_UNEXPECTED_MESSAGE:
- str="unexpected_message";
- break;
- case SSL3_AD_BAD_RECORD_MAC:
- str="bad record mac";
- break;
- case SSL3_AD_DECOMPRESSION_FAILURE:
- str="decompression failure";
- break;
- case SSL3_AD_HANDSHAKE_FAILURE:
- str="handshake failure";
- break;
- case SSL3_AD_NO_CERTIFICATE:
- str="no certificate";
- break;
- case SSL3_AD_BAD_CERTIFICATE:
- str="bad certificate";
- break;
- case SSL3_AD_UNSUPPORTED_CERTIFICATE:
- str="unsupported certificate";
- break;
- case SSL3_AD_CERTIFICATE_REVOKED:
- str="certificate revoked";
- break;
- case SSL3_AD_CERTIFICATE_EXPIRED:
- str="certificate expired";
- break;
- case SSL3_AD_CERTIFICATE_UNKNOWN:
- str="certificate unknown";
- break;
- case SSL3_AD_ILLEGAL_PARAMETER:
- str="illegal parameter";
- break;
- case TLS1_AD_DECRYPTION_FAILED:
- str="decryption failed";
- break;
- case TLS1_AD_RECORD_OVERFLOW:
- str="record overflow";
- break;
- case TLS1_AD_UNKNOWN_CA:
- str="unknown CA";
- break;
- case TLS1_AD_ACCESS_DENIED:
- str="access denied";
- break;
- case TLS1_AD_DECODE_ERROR:
- str="decode error";
- break;
- case TLS1_AD_DECRYPT_ERROR:
- str="decrypt error";
- break;
- case TLS1_AD_EXPORT_RESTRICTION:
- str="export restriction";
- break;
- case TLS1_AD_PROTOCOL_VERSION:
- str="protocol version";
- break;
- case TLS1_AD_INSUFFICIENT_SECURITY:
- str="insufficient security";
- break;
- case TLS1_AD_INTERNAL_ERROR:
- str="internal error";
- break;
- case TLS1_AD_USER_CANCELLED:
- str="user canceled";
- break;
- case TLS1_AD_NO_RENEGOTIATION:
- str="no renegotiation";
- break;
- default: str="unknown"; break;
- }
- return(str);
- }
-
-char *SSL_rstate_string(SSL *s)
- {
- char *str;
-
- switch (s->rstate)
- {
- case SSL_ST_READ_HEADER:str="RH"; break;
- case SSL_ST_READ_BODY: str="RB"; break;
- case SSL_ST_READ_DONE: str="RD"; break;
- default: str="unknown"; break;
- }
- return(str);
- }
diff --git a/crypto/openssl/ssl/ssl_task.c b/crypto/openssl/ssl/ssl_task.c
deleted file mode 100644
index cac701a798b4..000000000000
--- a/crypto/openssl/ssl/ssl_task.c
+++ /dev/null
@@ -1,369 +0,0 @@
-/* ssl/ssl_task.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* VMS */
-/*
- * DECnet object for servicing SSL. We accept the inbound and speak a
- * simple protocol for multiplexing the 2 data streams (application and
- * ssl data) over this logical link.
- *
- * Logical names:
- * SSL_CIPHER Defines a list of cipher specifications the server
- * will support in order of preference.
- * SSL_SERVER_CERTIFICATE
- * Points to PEM (privacy enhanced mail) file that
- * contains the server certificate and private password.
- * SYS$NET Logical created by netserver.exe as hook for completing
- * DECnet logical link.
- *
- * Each NSP message sent over the DECnet link has the following structure:
- * struct rpc_msg {
- * char channel;
- * char function;
- * short length;
- * char data[MAX_DATA];
- * } msg;
- *
- * The channel field designates the virtual data stream this message applies
- * to and is one of:
- * A - Application data (payload).
- * R - Remote client connection that initiated the SSL connection. Encrypted
- * data is sent over this connection.
- * G - General data, reserved for future use.
- *
- * The data streams are half-duplex read/write and have following functions:
- * G - Get, requests that up to msg.length bytes of data be returned. The
- * data is returned in the next 'C' function response that matches the
- * requesting channel.
- * P - Put, requests that the first msg.length bytes of msg.data be appended
- * to the designated stream.
- * C - Confirms a get or put. Every get and put will get a confirm response,
- * you cannot initiate another function on a channel until the previous
- * operation has been confirmed.
- *
- * The 2 channels may interleave their operations, for example:
- * Server msg Client msg
- * A, Get, 4092 ---->
- * <---- R, get, 4092
- * R, Confirm, {hello} ---->
- * <---- R, put, {srv hello}
- * R, Confirm, 0 ---->
- * . (SSL handshake completed)
- * . (read first app data).
- * <---- A, confirm, {http data}
- * A, Put, {http data} ---->
- * <---- A, confirm, 0
- *
- * The length field is not permitted to be larger that 4092 bytes.
- *
- * Author: Dave Jones
- * Date: 22-JUL-1996
- */
-#include <stdlib.h>
-#include <stdio.h>
-#include <iodef.h> /* VMS IO$_ definitions */
-#include <descrip.h> /* VMS string descriptors */
-extern int SYS$QIOW(), SYS$ASSIGN();
-int LIB$INIT_TIMER(), LIB$SHOW_TIMER();
-
-#include <string.h> /* from ssltest.c */
-#include <errno.h>
-
-#include "openssl/e_os.h"
-
-#include <openssl/buffer.h>
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
-int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
- int error);
-BIO *bio_err=NULL;
-BIO *bio_stdout=NULL;
-BIO_METHOD *BIO_s_rtcp();
-
-static char *cipher=NULL;
-int verbose=1;
-#ifdef FIONBIO
-static int s_nbio=0;
-#endif
-#define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE"
-/*************************************************************************/
-struct rpc_msg { /* Should have member alignment inhibited */
- char channel; /* 'A'-app data. 'R'-remote client 'G'-global */
- char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
- unsigned short int length; /* Amount of data returned or max to return */
- char data[4092]; /* variable data */
-};
-#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
-
-static $DESCRIPTOR(sysnet, "SYS$NET");
-typedef unsigned short io_channel;
-
-struct io_status {
- unsigned short status;
- unsigned short count;
- unsigned long stsval;
-};
-int doit(io_channel chan, SSL_CTX *s_ctx );
-/*****************************************************************************/
-/* Decnet I/O routines.
- */
-static int get ( io_channel chan, char *buffer, int maxlen, int *length )
-{
- int status;
- struct io_status iosb;
- status = SYS$QIOW ( 0, chan, IO$_READVBLK, &iosb, 0, 0,
- buffer, maxlen, 0, 0, 0, 0 );
- if ( (status&1) == 1 ) status = iosb.status;
- if ( (status&1) == 1 ) *length = iosb.count;
- return status;
-}
-
-static int put ( io_channel chan, char *buffer, int length )
-{
- int status;
- struct io_status iosb;
- status = SYS$QIOW ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0,
- buffer, length, 0, 0, 0, 0 );
- if ( (status&1) == 1 ) status = iosb.status;
- return status;
-}
-/***************************************************************************/
-/* Handle operations on the 'G' channel.
- */
-static int general_request ( io_channel chan, struct rpc_msg *msg, int length )
-{
- return 48;
-}
-/***************************************************************************/
-int main ( int argc, char **argv )
-{
- int status, length;
- io_channel chan;
- struct rpc_msg msg;
-
- char *CApath=NULL,*CAfile=NULL;
- int badop=0;
- int ret=1;
- int client_auth=0;
- int server_auth=0;
- SSL_CTX *s_ctx=NULL;
- /*
- * Confirm logical link with initiating client.
- */
- LIB$INIT_TIMER();
- status = SYS$ASSIGN ( &sysnet, &chan, 0, 0, 0 );
- printf("status of assign to SYS$NET: %d\n", status );
- /*
- * Initialize standard out and error files.
- */
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
- if (bio_stdout == NULL)
- if ((bio_stdout=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_stdout,stdout,BIO_NOCLOSE);
- /*
- * get the preferred cipher list and other initialization
- */
- if (cipher == NULL) cipher=getenv("SSL_CIPHER");
- printf("cipher list: %s\n", cipher ? cipher : "{undefined}" );
-
- SSL_load_error_strings();
- OpenSSL_add_all_algorithms();
-
-/* DRM, this was the original, but there is no such thing as SSLv2()
- s_ctx=SSL_CTX_new(SSLv2());
-*/
- s_ctx=SSL_CTX_new(SSLv2_server_method());
-
- if (s_ctx == NULL) goto end;
-
- SSL_CTX_use_certificate_file(s_ctx,TEST_SERVER_CERT,SSL_FILETYPE_PEM);
- SSL_CTX_use_RSAPrivateKey_file(s_ctx,TEST_SERVER_CERT,SSL_FILETYPE_PEM);
- printf("Loaded server certificate: '%s'\n", TEST_SERVER_CERT );
-
- /*
- * Take commands from client until bad status.
- */
- LIB$SHOW_TIMER();
- status = doit ( chan, s_ctx );
- LIB$SHOW_TIMER();
- /*
- * do final cleanup and exit.
- */
-end:
- if (s_ctx != NULL) SSL_CTX_free(s_ctx);
- LIB$SHOW_TIMER();
- return 1;
-}
-
-int doit(io_channel chan, SSL_CTX *s_ctx )
-{
- int status, length, link_state;
- struct rpc_msg msg;
- static char cbuf[200],sbuf[200];
- SSL *s_ssl=NULL;
- BIO *c_to_s=NULL;
- BIO *s_to_c=NULL;
- BIO *c_bio=NULL;
- BIO *s_bio=NULL;
- int i;
- int done=0;
-
- s_ssl=SSL_new(s_ctx);
- if (s_ssl == NULL) goto err;
-
- c_to_s=BIO_new(BIO_s_rtcp());
- s_to_c=BIO_new(BIO_s_rtcp());
- if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;
-/* original, DRM 24-SEP-1997
- BIO_set_fd ( c_to_s, "", chan );
- BIO_set_fd ( s_to_c, "", chan );
-*/
- BIO_set_fd ( c_to_s, 0, chan );
- BIO_set_fd ( s_to_c, 0, chan );
-
- c_bio=BIO_new(BIO_f_ssl());
- s_bio=BIO_new(BIO_f_ssl());
- if ((c_bio == NULL) || (s_bio == NULL)) goto err;
-
- SSL_set_accept_state(s_ssl);
- SSL_set_bio(s_ssl,c_to_s,s_to_c);
- BIO_set_ssl(s_bio,s_ssl,BIO_CLOSE);
-
- /* We can always do writes */
- printf("Begin doit main loop\n");
- /*
- * Link states: 0-idle, 1-read pending, 2-write pending, 3-closed.
- */
- for (link_state = 0; link_state < 3; ) {
- /*
- * Wait for remote end to request data action on A channel.
- */
- while ( link_state == 0 ) {
- status = get ( chan, (char *) &msg, sizeof(msg), &length );
- if ( (status&1) == 0 ) {
- printf("Error in main loop get: %d\n", status );
- link_state = 3;
- break;
- }
- if ( length < RPC_HDR_SIZE ) {
- printf("Error in main loop get size: %d\n", length );
- break;
- link_state = 3;
- }
- if ( msg.channel != 'A' ) {
- printf("Error in main loop, unexpected channel: %c\n",
- msg.channel );
- break;
- link_state = 3;
- }
- if ( msg.function == 'G' ) {
- link_state = 1;
- } else if ( msg.function == 'P' ) {
- link_state = 2; /* write pending */
- } else if ( msg.function == 'X' ) {
- link_state = 3;
- } else {
- link_state = 3;
- }
- }
- if ( link_state == 1 ) {
- i = BIO_read ( s_bio, msg.data, msg.length );
- if ( i < 0 ) link_state = 3;
- else {
- msg.channel = 'A';
- msg.function = 'C'; /* confirm */
- msg.length = i;
- status = put ( chan, (char *) &msg, i+RPC_HDR_SIZE );
- if ( (status&1) == 0 ) break;
- link_state = 0;
- }
- } else if ( link_state == 2 ) {
- i = BIO_write ( s_bio, msg.data, msg.length );
- if ( i < 0 ) link_state = 3;
- else {
- msg.channel = 'A';
- msg.function = 'C'; /* confirm */
- msg.length = 0;
- status = put ( chan, (char *) &msg, RPC_HDR_SIZE );
- if ( (status&1) == 0 ) break;
- link_state = 0;
- }
- }
- }
- fprintf(stdout,"DONE\n");
-err:
- /* We have to set the BIO's to NULL otherwise they will be
- * free()ed twice. Once when th s_ssl is SSL_free()ed and
- * again when c_ssl is SSL_free()ed.
- * This is a hack required because s_ssl and c_ssl are sharing the same
- * BIO structure and SSL_set_bio() and SSL_free() automatically
- * BIO_free non NULL entries.
- * You should not normally do this or be required to do this */
- s_ssl->rbio=NULL;
- s_ssl->wbio=NULL;
-
- if (c_to_s != NULL) BIO_free(c_to_s);
- if (s_to_c != NULL) BIO_free(s_to_c);
- if (c_bio != NULL) BIO_free(c_bio);
- if (s_bio != NULL) BIO_free(s_bio);
- return(0);
-}
diff --git a/crypto/openssl/ssl/ssl_txt.c b/crypto/openssl/ssl/ssl_txt.c
deleted file mode 100644
index 6e33eec3e4f7..000000000000
--- a/crypto/openssl/ssl/ssl_txt.c
+++ /dev/null
@@ -1,174 +0,0 @@
-/* ssl/ssl_txt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/buffer.h>
-#include "ssl_locl.h"
-
-#ifndef NO_FP_API
-int SSL_SESSION_print_fp(FILE *fp, SSL_SESSION *x)
- {
- BIO *b;
- int ret;
-
- if ((b=BIO_new(BIO_s_file_internal())) == NULL)
- {
- SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB);
- return(0);
- }
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- ret=SSL_SESSION_print(b,x);
- BIO_free(b);
- return(ret);
- }
-#endif
-
-int SSL_SESSION_print(BIO *bp, SSL_SESSION *x)
- {
- unsigned int i;
- char *s;
-
- if (x == NULL) goto err;
- if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
- if (x->ssl_version == SSL2_VERSION)
- s="SSLv2";
- else if (x->ssl_version == SSL3_VERSION)
- s="SSLv3";
- else if (x->ssl_version == TLS1_VERSION)
- s="TLSv1";
- else
- s="unknown";
- if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err;
-
- if (x->cipher == NULL)
- {
- if (((x->cipher_id) & 0xff000000) == 0x02000000)
- {
- if (BIO_printf(bp," Cipher : %06lX\n",x->cipher_id&0xffffff) <= 0)
- goto err;
- }
- else
- {
- if (BIO_printf(bp," Cipher : %04lX\n",x->cipher_id&0xffff) <= 0)
- goto err;
- }
- }
- else
- {
- if (BIO_printf(bp," Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0)
- goto err;
- }
- if (BIO_puts(bp," Session-ID: ") <= 0) goto err;
- for (i=0; i<x->session_id_length; i++)
- {
- if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err;
- }
- if (BIO_puts(bp,"\n Session-ID-ctx: ") <= 0) goto err;
- for (i=0; i<x->sid_ctx_length; i++)
- {
- if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0)
- goto err;
- }
- if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err;
- for (i=0; i<(unsigned int)x->master_key_length; i++)
- {
- if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err;
- }
- if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err;
- if (x->key_arg_length == 0)
- {
- if (BIO_puts(bp,"None") <= 0) goto err;
- }
- else
- for (i=0; i<x->key_arg_length; i++)
- {
- if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err;
- }
- if (x->compress_meth != 0)
- {
- SSL_COMP *comp;
-
- ssl_cipher_get_evp(x,NULL,NULL,&comp);
- if (comp == NULL)
- {
- if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err;
- }
- else
- {
- if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
- }
- }
- if (x->time != 0L)
- {
- if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err;
- }
- if (x->timeout != 0L)
- {
- if (BIO_printf(bp, "\n Timeout : %ld (sec)",x->timeout) <= 0) goto err;
- }
- if (BIO_puts(bp,"\n") <= 0) goto err;
-
- if (BIO_puts(bp, " Verify return code: ") <= 0) goto err;
- if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
- X509_verify_cert_error_string(x->verify_result)) <= 0) goto err;
-
- return(1);
-err:
- return(0);
- }
-
diff --git a/crypto/openssl/ssl/ssltest.c b/crypto/openssl/ssl/ssltest.c
deleted file mode 100644
index 5f91ed19c737..000000000000
--- a/crypto/openssl/ssl/ssltest.c
+++ /dev/null
@@ -1,1377 +0,0 @@
-/* ssl/ssltest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <assert.h>
-#include <errno.h>
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-
-#include "openssl/e_os.h"
-
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#ifdef WINDOWS
-#include "../crypto/bio/bss_file.c"
-#endif
-
-#ifdef VMS
-# define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
-# define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
-#else
-# define TEST_SERVER_CERT "../apps/server.pem"
-# define TEST_CLIENT_CERT "../apps/client.pem"
-#endif
-
-static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
-#ifndef NO_RSA
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
-static void free_tmp_rsa(void);
-#endif
-#ifndef NO_DH
-static DH *get_dh512(void);
-static DH *get_dh1024(void);
-static DH *get_dh1024dsa(void);
-#endif
-
-static BIO *bio_err=NULL;
-static BIO *bio_stdout=NULL;
-
-static char *cipher=NULL;
-static int verbose=0;
-static int debug=0;
-#if 0
-/* Not used yet. */
-#ifdef FIONBIO
-static int s_nbio=0;
-#endif
-#endif
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time);
-int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
-static void sv_usage(void)
- {
- fprintf(stderr,"usage: ssltest [args ...]\n");
- fprintf(stderr,"\n");
- fprintf(stderr," -server_auth - check server certificate\n");
- fprintf(stderr," -client_auth - do client authentication\n");
- fprintf(stderr," -v - more output\n");
- fprintf(stderr," -d - debug output\n");
- fprintf(stderr," -reuse - use session-id reuse\n");
- fprintf(stderr," -num <val> - number of connections to perform\n");
- fprintf(stderr," -bytes <val> - number of bytes to swap between client/server\n");
-#ifndef NO_DH
- fprintf(stderr," -dhe1024 - use 1024 bit key (safe prime) for DHE\n");
- fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
- fprintf(stderr," -no_dhe - disable DHE\n");
-#endif
-#ifndef NO_SSL2
- fprintf(stderr," -ssl2 - use SSLv2\n");
-#endif
-#ifndef NO_SSL3
- fprintf(stderr," -ssl3 - use SSLv3\n");
-#endif
-#ifndef NO_TLS1
- fprintf(stderr," -tls1 - use TLSv1\n");
-#endif
- fprintf(stderr," -CApath arg - PEM format directory of CA's\n");
- fprintf(stderr," -CAfile arg - PEM format file of CA's\n");
- fprintf(stderr," -cert arg - Server certificate file\n");
- fprintf(stderr," -key arg - Server key file (default: same as -cert)\n");
- fprintf(stderr," -c_cert arg - Client certificate file\n");
- fprintf(stderr," -c_key arg - Client key file (default: same as -c_cert)\n");
- fprintf(stderr," -cipher arg - The cipher list\n");
- fprintf(stderr," -bio_pair - Use BIO pairs\n");
- fprintf(stderr," -f - Test even cases that can't work\n");
- fprintf(stderr," -time - measure processor time used by client and server\n");
- }
-
-static void print_details(SSL *c_ssl, const char *prefix)
- {
- SSL_CIPHER *ciph;
- X509 *cert;
-
- ciph=SSL_get_current_cipher(c_ssl);
- BIO_printf(bio_stdout,"%s%s, cipher %s %s",
- prefix,
- SSL_get_version(c_ssl),
- SSL_CIPHER_get_version(ciph),
- SSL_CIPHER_get_name(ciph));
- cert=SSL_get_peer_certificate(c_ssl);
- if (cert != NULL)
- {
- EVP_PKEY *pkey = X509_get_pubkey(cert);
- if (pkey != NULL)
- {
- if (0)
- ;
-#ifndef NO_RSA
- else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
- && pkey->pkey.rsa->n != NULL)
- {
- BIO_printf(bio_stdout, ", %d bit RSA",
- BN_num_bits(pkey->pkey.rsa->n));
- }
-#endif
-#ifndef NO_DSA
- else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
- && pkey->pkey.dsa->p != NULL)
- {
- BIO_printf(bio_stdout, ", %d bit DSA",
- BN_num_bits(pkey->pkey.dsa->p));
- }
-#endif
- EVP_PKEY_free(pkey);
- }
- X509_free(cert);
- }
- /* The SSL API does not allow us to look at temporary RSA/DH keys,
- * otherwise we should print their lengths too */
- BIO_printf(bio_stdout,"\n");
- }
-
-int main(int argc, char *argv[])
- {
- char *CApath=NULL,*CAfile=NULL;
- int badop=0;
- int bio_pair=0;
- int force=0;
- int tls1=0,ssl2=0,ssl3=0,ret=1;
- int client_auth=0;
- int server_auth=0,i;
- char *server_cert=TEST_SERVER_CERT;
- char *server_key=NULL;
- char *client_cert=TEST_CLIENT_CERT;
- char *client_key=NULL;
- SSL_CTX *s_ctx=NULL;
- SSL_CTX *c_ctx=NULL;
- SSL_METHOD *meth=NULL;
- SSL *c_ssl,*s_ssl;
- int number=1,reuse=0;
- long bytes=1L;
-#ifndef NO_DH
- DH *dh;
- int dhe1024 = 0, dhe1024dsa = 0;
-#endif
- int no_dhe = 0;
- int print_time = 0;
- clock_t s_time = 0, c_time = 0;
-
- verbose = 0;
- debug = 0;
- cipher = 0;
-
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
- RAND_seed(rnd_seed, sizeof rnd_seed);
-
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
- bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
-
- argc--;
- argv++;
-
- while (argc >= 1)
- {
- if (strcmp(*argv,"-server_auth") == 0)
- server_auth=1;
- else if (strcmp(*argv,"-client_auth") == 0)
- client_auth=1;
- else if (strcmp(*argv,"-v") == 0)
- verbose=1;
- else if (strcmp(*argv,"-d") == 0)
- debug=1;
- else if (strcmp(*argv,"-reuse") == 0)
- reuse=1;
-#ifndef NO_DH
- else if (strcmp(*argv,"-dhe1024") == 0)
- dhe1024=1;
- else if (strcmp(*argv,"-dhe1024dsa") == 0)
- dhe1024dsa=1;
-#endif
- else if (strcmp(*argv,"-no_dhe") == 0)
- no_dhe=1;
- else if (strcmp(*argv,"-ssl2") == 0)
- ssl2=1;
- else if (strcmp(*argv,"-tls1") == 0)
- tls1=1;
- else if (strcmp(*argv,"-ssl3") == 0)
- ssl3=1;
- else if (strncmp(*argv,"-num",4) == 0)
- {
- if (--argc < 1) goto bad;
- number= atoi(*(++argv));
- if (number == 0) number=1;
- }
- else if (strcmp(*argv,"-bytes") == 0)
- {
- if (--argc < 1) goto bad;
- bytes= atol(*(++argv));
- if (bytes == 0L) bytes=1L;
- i=strlen(argv[0]);
- if (argv[0][i-1] == 'k') bytes*=1024L;
- if (argv[0][i-1] == 'm') bytes*=1024L*1024L;
- }
- else if (strcmp(*argv,"-cert") == 0)
- {
- if (--argc < 1) goto bad;
- server_cert= *(++argv);
- }
- else if (strcmp(*argv,"-s_cert") == 0)
- {
- if (--argc < 1) goto bad;
- server_cert= *(++argv);
- }
- else if (strcmp(*argv,"-key") == 0)
- {
- if (--argc < 1) goto bad;
- server_key= *(++argv);
- }
- else if (strcmp(*argv,"-s_key") == 0)
- {
- if (--argc < 1) goto bad;
- server_key= *(++argv);
- }
- else if (strcmp(*argv,"-c_cert") == 0)
- {
- if (--argc < 1) goto bad;
- client_cert= *(++argv);
- }
- else if (strcmp(*argv,"-c_key") == 0)
- {
- if (--argc < 1) goto bad;
- client_key= *(++argv);
- }
- else if (strcmp(*argv,"-cipher") == 0)
- {
- if (--argc < 1) goto bad;
- cipher= *(++argv);
- }
- else if (strcmp(*argv,"-CApath") == 0)
- {
- if (--argc < 1) goto bad;
- CApath= *(++argv);
- }
- else if (strcmp(*argv,"-CAfile") == 0)
- {
- if (--argc < 1) goto bad;
- CAfile= *(++argv);
- }
- else if (strcmp(*argv,"-bio_pair") == 0)
- {
- bio_pair = 1;
- }
- else if (strcmp(*argv,"-f") == 0)
- {
- force = 1;
- }
- else if (strcmp(*argv,"-time") == 0)
- {
- print_time = 1;
- }
- else
- {
- fprintf(stderr,"unknown option %s\n",*argv);
- badop=1;
- break;
- }
- argc--;
- argv++;
- }
- if (badop)
- {
-bad:
- sv_usage();
- goto end;
- }
-
- if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
- {
- fprintf(stderr, "This case cannot work. Use -f to perform "
- "the test anyway (and\n-d to see what happens), "
- "or add one of -ssl2, -ssl3, -tls1, -reuse\n"
- "to avoid protocol mismatch.\n");
- exit(1);
- }
-
- if (print_time)
- {
- if (!bio_pair)
- {
- fprintf(stderr, "Using BIO pair (-bio_pair)\n");
- bio_pair = 1;
- }
- if (number < 50 && !force)
- fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
- }
-
-/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
-
- SSL_library_init();
- SSL_load_error_strings();
-
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
- if (ssl2)
- meth=SSLv2_method();
- else
- if (tls1)
- meth=TLSv1_method();
- else
- if (ssl3)
- meth=SSLv3_method();
- else
- meth=SSLv23_method();
-#else
-#ifdef NO_SSL2
- meth=SSLv3_method();
-#else
- meth=SSLv2_method();
-#endif
-#endif
-
- c_ctx=SSL_CTX_new(meth);
- s_ctx=SSL_CTX_new(meth);
- if ((c_ctx == NULL) || (s_ctx == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (cipher != NULL)
- {
- SSL_CTX_set_cipher_list(c_ctx,cipher);
- SSL_CTX_set_cipher_list(s_ctx,cipher);
- }
-
-#ifndef NO_DH
- if (!no_dhe)
- {
- if (dhe1024dsa)
- {
- /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
- SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
- dh=get_dh1024dsa();
- }
- else if (dhe1024)
- dh=get_dh1024();
- else
- dh=get_dh512();
- SSL_CTX_set_tmp_dh(s_ctx,dh);
- DH_free(dh);
- }
-#else
- (void)no_dhe;
-#endif
-
-#ifndef NO_RSA
- SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
-#endif
-
- if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
- {
- ERR_print_errors(bio_err);
- }
- else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
- (server_key?server_key:server_cert), SSL_FILETYPE_PEM))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (client_auth)
- {
- SSL_CTX_use_certificate_file(c_ctx,client_cert,
- SSL_FILETYPE_PEM);
- SSL_CTX_use_PrivateKey_file(c_ctx,
- (client_key?client_key:client_cert),
- SSL_FILETYPE_PEM);
- }
-
- if ( (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
- (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(c_ctx)))
- {
- /* fprintf(stderr,"SSL_load_verify_locations\n"); */
- ERR_print_errors(bio_err);
- /* goto end; */
- }
-
- if (client_auth)
- {
- BIO_printf(bio_err,"client authentication\n");
- SSL_CTX_set_verify(s_ctx,
- SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
- verify_callback);
- }
- if (server_auth)
- {
- BIO_printf(bio_err,"server authentication\n");
- SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
- verify_callback);
- }
-
- {
- int session_id_context = 0;
- SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context);
- }
-
- c_ssl=SSL_new(c_ctx);
- s_ssl=SSL_new(s_ctx);
-
- for (i=0; i<number; i++)
- {
- if (!reuse) SSL_set_session(c_ssl,NULL);
- if (bio_pair)
- ret=doit_biopair(s_ssl,c_ssl,bytes,&s_time,&c_time);
- else
- ret=doit(s_ssl,c_ssl,bytes);
- }
-
- if (!verbose)
- {
- print_details(c_ssl, "");
- }
- if ((number > 1) || (bytes > 1L))
- BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",number,bytes);
- if (print_time)
- {
-#ifdef CLOCKS_PER_SEC
- /* "To determine the time in seconds, the value returned
- * by the clock function should be divided by the value
- * of the macro CLOCKS_PER_SEC."
- * -- ISO/IEC 9899 */
- BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
- "Approximate total client time: %6.2f s\n",
- (double)s_time/CLOCKS_PER_SEC,
- (double)c_time/CLOCKS_PER_SEC);
-#else
- /* "`CLOCKS_PER_SEC' undeclared (first use this function)"
- * -- cc on NeXTstep/OpenStep */
- BIO_printf(bio_stdout,
- "Approximate total server time: %6.2f units\n"
- "Approximate total client time: %6.2f units\n",
- (double)s_time,
- (double)c_time);
-#endif
- }
-
- SSL_free(s_ssl);
- SSL_free(c_ssl);
-
-end:
- if (s_ctx != NULL) SSL_CTX_free(s_ctx);
- if (c_ctx != NULL) SSL_CTX_free(c_ctx);
-
- if (bio_stdout != NULL) BIO_free(bio_stdout);
-
-#ifndef NO_RSA
- free_tmp_rsa();
-#endif
- ERR_free_strings();
- ERR_remove_state(0);
- EVP_cleanup();
- CRYPTO_mem_leaks(bio_err);
- if (bio_err != NULL) BIO_free(bio_err);
- EXIT(ret);
- }
-
-int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
- clock_t *s_time, clock_t *c_time)
- {
- long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
- BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
- BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
- int ret = 1;
-
- size_t bufsiz = 256; /* small buffer for testing */
-
- if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
- goto err;
- if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
- goto err;
-
- s_ssl_bio = BIO_new(BIO_f_ssl());
- if (!s_ssl_bio)
- goto err;
-
- c_ssl_bio = BIO_new(BIO_f_ssl());
- if (!c_ssl_bio)
- goto err;
-
- SSL_set_connect_state(c_ssl);
- SSL_set_bio(c_ssl, client, client);
- (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
-
- SSL_set_accept_state(s_ssl);
- SSL_set_bio(s_ssl, server, server);
- (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
-
- do
- {
- /* c_ssl_bio: SSL filter BIO
- *
- * client: pseudo-I/O for SSL library
- *
- * client_io: client's SSL communication; usually to be
- * relayed over some I/O facility, but in this
- * test program, we're the server, too:
- *
- * server_io: server's SSL communication
- *
- * server: pseudo-I/O for SSL library
- *
- * s_ssl_bio: SSL filter BIO
- *
- * The client and the server each employ a "BIO pair":
- * client + client_io, server + server_io.
- * BIO pairs are symmetric. A BIO pair behaves similar
- * to a non-blocking socketpair (but both endpoints must
- * be handled by the same thread).
- * [Here we could connect client and server to the ends
- * of a single BIO pair, but then this code would be less
- * suitable as an example for BIO pairs in general.]
- *
- * Useful functions for querying the state of BIO pair endpoints:
- *
- * BIO_ctrl_pending(bio) number of bytes we can read now
- * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
- * other side's read attempt
- * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
- *
- * ..._read_request is never more than ..._write_guarantee;
- * it depends on the application which one you should use.
- */
-
- /* We have non-blocking behaviour throughout this test program, but
- * can be sure that there is *some* progress in each iteration; so
- * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE
- * -- we just try everything in each iteration
- */
-
- {
- /* CLIENT */
-
- MS_STATIC char cbuf[1024*8];
- int i, r;
- clock_t c_clock = clock();
-
- if (debug)
- if (SSL_in_init(c_ssl))
- printf("client waiting in SSL_connect - %s\n",
- SSL_state_string_long(c_ssl));
-
- if (cw_num > 0)
- {
- /* Write to server. */
-
- if (cw_num > (long)sizeof cbuf)
- i = sizeof cbuf;
- else
- i = (int)cw_num;
- r = BIO_write(c_ssl_bio, cbuf, i);
- if (r < 0)
- {
- if (!BIO_should_retry(c_ssl_bio))
- {
- fprintf(stderr,"ERROR in CLIENT\n");
- goto err;
- }
- /* BIO_should_retry(...) can just be ignored here.
- * The library expects us to call BIO_write with
- * the same arguments again, and that's what we will
- * do in the next iteration. */
- }
- else if (r == 0)
- {
- fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("client wrote %d\n", r);
- cw_num -= r;
- }
- }
-
- if (cr_num > 0)
- {
- /* Read from server. */
-
- r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
- if (r < 0)
- {
- if (!BIO_should_retry(c_ssl_bio))
- {
- fprintf(stderr,"ERROR in CLIENT\n");
- goto err;
- }
- /* Again, "BIO_should_retry" can be ignored. */
- }
- else if (r == 0)
- {
- fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("client read %d\n", r);
- cr_num -= r;
- }
- }
-
- /* c_time and s_time increments will typically be very small
- * (depending on machine speed and clock tick intervals),
- * but sampling over a large number of connections should
- * result in fairly accurate figures. We cannot guarantee
- * a lot, however -- if each connection lasts for exactly
- * one clock tick, it will be counted only for the client
- * or only for the server or even not at all.
- */
- *c_time += (clock() - c_clock);
- }
-
- {
- /* SERVER */
-
- MS_STATIC char sbuf[1024*8];
- int i, r;
- clock_t s_clock = clock();
-
- if (debug)
- if (SSL_in_init(s_ssl))
- printf("server waiting in SSL_accept - %s\n",
- SSL_state_string_long(s_ssl));
-
- if (sw_num > 0)
- {
- /* Write to client. */
-
- if (sw_num > (long)sizeof sbuf)
- i = sizeof sbuf;
- else
- i = (int)sw_num;
- r = BIO_write(s_ssl_bio, sbuf, i);
- if (r < 0)
- {
- if (!BIO_should_retry(s_ssl_bio))
- {
- fprintf(stderr,"ERROR in SERVER\n");
- goto err;
- }
- /* Ignore "BIO_should_retry". */
- }
- else if (r == 0)
- {
- fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("server wrote %d\n", r);
- sw_num -= r;
- }
- }
-
- if (sr_num > 0)
- {
- /* Read from client. */
-
- r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
- if (r < 0)
- {
- if (!BIO_should_retry(s_ssl_bio))
- {
- fprintf(stderr,"ERROR in SERVER\n");
- goto err;
- }
- /* blah, blah */
- }
- else if (r == 0)
- {
- fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("server read %d\n", r);
- sr_num -= r;
- }
- }
-
- *s_time += (clock() - s_clock);
- }
-
- {
- /* "I/O" BETWEEN CLIENT AND SERVER. */
-
- size_t r1, r2;
- BIO *io1 = server_io, *io2 = client_io;
- /* we use the non-copying interface for io1
- * and the standard BIO_write/BIO_read interface for io2
- */
-
- static int prev_progress = 1;
- int progress = 0;
-
- /* io1 to io2 */
- do
- {
- size_t num;
- int r;
-
- r1 = BIO_ctrl_pending(io1);
- r2 = BIO_ctrl_get_write_guarantee(io2);
-
- num = r1;
- if (r2 < num)
- num = r2;
- if (num)
- {
- char *dataptr;
-
- if (INT_MAX < num) /* yeah, right */
- num = INT_MAX;
-
- r = BIO_nread(io1, &dataptr, (int)num);
- assert(r > 0);
- assert(r <= (int)num);
- /* possibly r < num (non-contiguous data) */
- num = r;
- r = BIO_write(io2, dataptr, (int)num);
- if (r != (int)num) /* can't happen */
- {
- fprintf(stderr, "ERROR: BIO_write could not write "
- "BIO_ctrl_get_write_guarantee() bytes");
- goto err;
- }
- progress = 1;
-
- if (debug)
- printf((io1 == client_io) ?
- "C->S relaying: %d bytes\n" :
- "S->C relaying: %d bytes\n",
- (int)num);
- }
- }
- while (r1 && r2);
-
- /* io2 to io1 */
- {
- size_t num;
- int r;
-
- r1 = BIO_ctrl_pending(io2);
- r2 = BIO_ctrl_get_read_request(io1);
- /* here we could use ..._get_write_guarantee instead of
- * ..._get_read_request, but by using the latter
- * we test restartability of the SSL implementation
- * more thoroughly */
- num = r1;
- if (r2 < num)
- num = r2;
- if (num)
- {
- char *dataptr;
-
- if (INT_MAX < num)
- num = INT_MAX;
-
- if (num > 1)
- --num; /* test restartability even more thoroughly */
-
- r = BIO_nwrite0(io1, &dataptr);
- assert(r > 0);
- if (r < (int)num)
- num = r;
- r = BIO_read(io2, dataptr, (int)num);
- if (r != (int)num) /* can't happen */
- {
- fprintf(stderr, "ERROR: BIO_read could not read "
- "BIO_ctrl_pending() bytes");
- goto err;
- }
- progress = 1;
- r = BIO_nwrite(io1, &dataptr, (int)num);
- if (r != (int)num) /* can't happen */
- {
- fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
- "BIO_nwrite0() bytes");
- goto err;
- }
-
- if (debug)
- printf((io2 == client_io) ?
- "C->S relaying: %d bytes\n" :
- "S->C relaying: %d bytes\n",
- (int)num);
- }
- } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
-
- if (!progress && !prev_progress)
- if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0)
- {
- fprintf(stderr, "ERROR: got stuck\n");
- if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0)
- {
- fprintf(stderr, "This can happen for SSL2 because "
- "CLIENT-FINISHED and SERVER-VERIFY are written \n"
- "concurrently ...");
- if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0
- && strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0)
- {
- fprintf(stderr, " ok.\n");
- goto end;
- }
- }
- fprintf(stderr, " ERROR.\n");
- goto err;
- }
- prev_progress = progress;
- }
- }
- while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
-
- if (verbose)
- print_details(c_ssl, "DONE via BIO pair: ");
-end:
- ret = 0;
-
- err:
- ERR_print_errors(bio_err);
-
- if (server)
- BIO_free(server);
- if (server_io)
- BIO_free(server_io);
- if (client)
- BIO_free(client);
- if (client_io)
- BIO_free(client_io);
- if (s_ssl_bio)
- BIO_free(s_ssl_bio);
- if (c_ssl_bio)
- BIO_free(c_ssl_bio);
-
- return ret;
- }
-
-
-#define W_READ 1
-#define W_WRITE 2
-#define C_DONE 1
-#define S_DONE 2
-
-int doit(SSL *s_ssl, SSL *c_ssl, long count)
- {
- MS_STATIC char cbuf[1024*8],sbuf[1024*8];
- long cw_num=count,cr_num=count;
- long sw_num=count,sr_num=count;
- int ret=1;
- BIO *c_to_s=NULL;
- BIO *s_to_c=NULL;
- BIO *c_bio=NULL;
- BIO *s_bio=NULL;
- int c_r,c_w,s_r,s_w;
- int c_want,s_want;
- int i,j;
- int done=0;
- int c_write,s_write;
- int do_server=0,do_client=0;
-
- c_to_s=BIO_new(BIO_s_mem());
- s_to_c=BIO_new(BIO_s_mem());
- if ((s_to_c == NULL) || (c_to_s == NULL))
- {
- ERR_print_errors(bio_err);
- goto err;
- }
-
- c_bio=BIO_new(BIO_f_ssl());
- s_bio=BIO_new(BIO_f_ssl());
- if ((c_bio == NULL) || (s_bio == NULL))
- {
- ERR_print_errors(bio_err);
- goto err;
- }
-
- SSL_set_connect_state(c_ssl);
- SSL_set_bio(c_ssl,s_to_c,c_to_s);
- BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE);
-
- SSL_set_accept_state(s_ssl);
- SSL_set_bio(s_ssl,c_to_s,s_to_c);
- BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE);
-
- c_r=0; s_r=1;
- c_w=1; s_w=0;
- c_want=W_WRITE;
- s_want=0;
- c_write=1,s_write=0;
-
- /* We can always do writes */
- for (;;)
- {
- do_server=0;
- do_client=0;
-
- i=(int)BIO_pending(s_bio);
- if ((i && s_r) || s_w) do_server=1;
-
- i=(int)BIO_pending(c_bio);
- if ((i && c_r) || c_w) do_client=1;
-
- if (do_server && debug)
- {
- if (SSL_in_init(s_ssl))
- printf("server waiting in SSL_accept - %s\n",
- SSL_state_string_long(s_ssl));
-/* else if (s_write)
- printf("server:SSL_write()\n");
- else
- printf("server:SSL_read()\n"); */
- }
-
- if (do_client && debug)
- {
- if (SSL_in_init(c_ssl))
- printf("client waiting in SSL_connect - %s\n",
- SSL_state_string_long(c_ssl));
-/* else if (c_write)
- printf("client:SSL_write()\n");
- else
- printf("client:SSL_read()\n"); */
- }
-
- if (!do_client && !do_server)
- {
- fprintf(stdout,"ERROR IN STARTUP\n");
- ERR_print_errors(bio_err);
- break;
- }
- if (do_client && !(done & C_DONE))
- {
- if (c_write)
- {
- j=(cw_num > (long)sizeof(cbuf))
- ?sizeof(cbuf):(int)cw_num;
- i=BIO_write(c_bio,cbuf,j);
- if (i < 0)
- {
- c_r=0;
- c_w=0;
- if (BIO_should_retry(c_bio))
- {
- if (BIO_should_read(c_bio))
- c_r=1;
- if (BIO_should_write(c_bio))
- c_w=1;
- }
- else
- {
- fprintf(stderr,"ERROR in CLIENT\n");
- ERR_print_errors(bio_err);
- goto err;
- }
- }
- else if (i == 0)
- {
- fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("client wrote %d\n",i);
- /* ok */
- s_r=1;
- c_write=0;
- cw_num-=i;
- }
- }
- else
- {
- i=BIO_read(c_bio,cbuf,sizeof(cbuf));
- if (i < 0)
- {
- c_r=0;
- c_w=0;
- if (BIO_should_retry(c_bio))
- {
- if (BIO_should_read(c_bio))
- c_r=1;
- if (BIO_should_write(c_bio))
- c_w=1;
- }
- else
- {
- fprintf(stderr,"ERROR in CLIENT\n");
- ERR_print_errors(bio_err);
- goto err;
- }
- }
- else if (i == 0)
- {
- fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("client read %d\n",i);
- cr_num-=i;
- if (sw_num > 0)
- {
- s_write=1;
- s_w=1;
- }
- if (cr_num <= 0)
- {
- s_write=1;
- s_w=1;
- done=S_DONE|C_DONE;
- }
- }
- }
- }
-
- if (do_server && !(done & S_DONE))
- {
- if (!s_write)
- {
- i=BIO_read(s_bio,sbuf,sizeof(cbuf));
- if (i < 0)
- {
- s_r=0;
- s_w=0;
- if (BIO_should_retry(s_bio))
- {
- if (BIO_should_read(s_bio))
- s_r=1;
- if (BIO_should_write(s_bio))
- s_w=1;
- }
- else
- {
- fprintf(stderr,"ERROR in SERVER\n");
- ERR_print_errors(bio_err);
- goto err;
- }
- }
- else if (i == 0)
- {
- ERR_print_errors(bio_err);
- fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("server read %d\n",i);
- sr_num-=i;
- if (cw_num > 0)
- {
- c_write=1;
- c_w=1;
- }
- if (sr_num <= 0)
- {
- s_write=1;
- s_w=1;
- c_write=0;
- }
- }
- }
- else
- {
- j=(sw_num > (long)sizeof(sbuf))?
- sizeof(sbuf):(int)sw_num;
- i=BIO_write(s_bio,sbuf,j);
- if (i < 0)
- {
- s_r=0;
- s_w=0;
- if (BIO_should_retry(s_bio))
- {
- if (BIO_should_read(s_bio))
- s_r=1;
- if (BIO_should_write(s_bio))
- s_w=1;
- }
- else
- {
- fprintf(stderr,"ERROR in SERVER\n");
- ERR_print_errors(bio_err);
- goto err;
- }
- }
- else if (i == 0)
- {
- ERR_print_errors(bio_err);
- fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("server wrote %d\n",i);
- sw_num-=i;
- s_write=0;
- c_r=1;
- if (sw_num <= 0)
- done|=S_DONE;
- }
- }
- }
-
- if ((done & S_DONE) && (done & C_DONE)) break;
- }
-
- if (verbose)
- print_details(c_ssl, "DONE: ");
- ret=0;
-err:
- /* We have to set the BIO's to NULL otherwise they will be
- * OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and
- * again when c_ssl is SSL_free()ed.
- * This is a hack required because s_ssl and c_ssl are sharing the same
- * BIO structure and SSL_set_bio() and SSL_free() automatically
- * BIO_free non NULL entries.
- * You should not normally do this or be required to do this */
- if (s_ssl != NULL)
- {
- s_ssl->rbio=NULL;
- s_ssl->wbio=NULL;
- }
- if (c_ssl != NULL)
- {
- c_ssl->rbio=NULL;
- c_ssl->wbio=NULL;
- }
-
- if (c_to_s != NULL) BIO_free(c_to_s);
- if (s_to_c != NULL) BIO_free(s_to_c);
- if (c_bio != NULL) BIO_free_all(c_bio);
- if (s_bio != NULL) BIO_free_all(s_bio);
- return(ret);
- }
-
-static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
- {
- char *s,buf[256];
-
- s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,256);
- if (s != NULL)
- {
- if (ok)
- fprintf(stderr,"depth=%d %s\n",ctx->error_depth,buf);
- else
- fprintf(stderr,"depth=%d error=%d %s\n",
- ctx->error_depth,ctx->error,buf);
- }
-
- if (ok == 0)
- {
- switch (ctx->error)
- {
- case X509_V_ERR_CERT_NOT_YET_VALID:
- case X509_V_ERR_CERT_HAS_EXPIRED:
- case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
- ok=1;
- }
- }
-
- return(ok);
- }
-
-#ifndef NO_RSA
-static RSA *rsa_tmp=NULL;
-
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
- {
- if (rsa_tmp == NULL)
- {
- BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
- (void)BIO_flush(bio_err);
- rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
- BIO_printf(bio_err,"\n");
- (void)BIO_flush(bio_err);
- }
- return(rsa_tmp);
- }
-
-static void free_tmp_rsa(void)
- {
- if (rsa_tmp != NULL)
- {
- RSA_free(rsa_tmp);
- rsa_tmp = NULL;
- }
- }
-#endif
-
-#ifndef NO_DH
-/* These DH parameters have been generated as follows:
- * $ openssl dhparam -C -noout 512
- * $ openssl dhparam -C -noout 1024
- * $ openssl dhparam -C -noout -dsaparam 1024
- * (The third function has been renamed to avoid name conflicts.)
- */
-DH *get_dh512()
- {
- static unsigned char dh512_p[]={
- 0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6,
- 0x1F,0x0D,0xAC,0xB6,0x25,0x3E,0x06,0x39,0xCA,0x72,0x04,0xB0,
- 0x6E,0xDA,0xC0,0x61,0xE6,0x7A,0x77,0x25,0xE8,0x3B,0xB9,0x5F,
- 0x9A,0xB6,0xB5,0xFE,0x99,0x0B,0xA1,0x93,0x4E,0x35,0x33,0xB8,
- 0xE1,0xF1,0x13,0x4F,0x59,0x1A,0xD2,0x57,0xC0,0x26,0x21,0x33,
- 0x02,0xC5,0xAE,0x23,
- };
- static unsigned char dh512_g[]={
- 0x02,
- };
- DH *dh;
-
- if ((dh=DH_new()) == NULL) return(NULL);
- dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
- dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
- { DH_free(dh); return(NULL); }
- return(dh);
- }
-
-DH *get_dh1024()
- {
- static unsigned char dh1024_p[]={
- 0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A,
- 0xE4,0x90,0xF4,0xFC,0x73,0xFB,0x34,0xB5,0xFA,0x4C,0x56,0xA2,
- 0xEA,0xA7,0xE9,0xC0,0xC0,0xCE,0x89,0xE1,0xFA,0x63,0x3F,0xB0,
- 0x6B,0x32,0x66,0xF1,0xD1,0x7B,0xB0,0x00,0x8F,0xCA,0x87,0xC2,
- 0xAE,0x98,0x89,0x26,0x17,0xC2,0x05,0xD2,0xEC,0x08,0xD0,0x8C,
- 0xFF,0x17,0x52,0x8C,0xC5,0x07,0x93,0x03,0xB1,0xF6,0x2F,0xB8,
- 0x1C,0x52,0x47,0x27,0x1B,0xDB,0xD1,0x8D,0x9D,0x69,0x1D,0x52,
- 0x4B,0x32,0x81,0xAA,0x7F,0x00,0xC8,0xDC,0xE6,0xD9,0xCC,0xC1,
- 0x11,0x2D,0x37,0x34,0x6C,0xEA,0x02,0x97,0x4B,0x0E,0xBB,0xB1,
- 0x71,0x33,0x09,0x15,0xFD,0xDD,0x23,0x87,0x07,0x5E,0x89,0xAB,
- 0x6B,0x7C,0x5F,0xEC,0xA6,0x24,0xDC,0x53,
- };
- static unsigned char dh1024_g[]={
- 0x02,
- };
- DH *dh;
-
- if ((dh=DH_new()) == NULL) return(NULL);
- dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
- dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
- { DH_free(dh); return(NULL); }
- return(dh);
- }
-
-DH *get_dh1024dsa()
- {
- static unsigned char dh1024_p[]={
- 0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00,
- 0x21,0x1B,0xF7,0x31,0xA6,0xA2,0xDA,0x23,0x9A,0xC7,0x87,0x19,
- 0x3B,0x47,0xB6,0x8C,0x04,0x6F,0xFF,0xC6,0x9B,0xB8,0x65,0xD2,
- 0xC2,0x5F,0x31,0x83,0x4A,0xA7,0x5F,0x2F,0x88,0x38,0xB6,0x55,
- 0xCF,0xD9,0x87,0x6D,0x6F,0x9F,0xDA,0xAC,0xA6,0x48,0xAF,0xFC,
- 0x33,0x84,0x37,0x5B,0x82,0x4A,0x31,0x5D,0xE7,0xBD,0x52,0x97,
- 0xA1,0x77,0xBF,0x10,0x9E,0x37,0xEA,0x64,0xFA,0xCA,0x28,0x8D,
- 0x9D,0x3B,0xD2,0x6E,0x09,0x5C,0x68,0xC7,0x45,0x90,0xFD,0xBB,
- 0x70,0xC9,0x3A,0xBB,0xDF,0xD4,0x21,0x0F,0xC4,0x6A,0x3C,0xF6,
- 0x61,0xCF,0x3F,0xD6,0x13,0xF1,0x5F,0xBC,0xCF,0xBC,0x26,0x9E,
- 0xBC,0x0B,0xBD,0xAB,0x5D,0xC9,0x54,0x39,
- };
- static unsigned char dh1024_g[]={
- 0x3B,0x40,0x86,0xE7,0xF3,0x6C,0xDE,0x67,0x1C,0xCC,0x80,0x05,
- 0x5A,0xDF,0xFE,0xBD,0x20,0x27,0x74,0x6C,0x24,0xC9,0x03,0xF3,
- 0xE1,0x8D,0xC3,0x7D,0x98,0x27,0x40,0x08,0xB8,0x8C,0x6A,0xE9,
- 0xBB,0x1A,0x3A,0xD6,0x86,0x83,0x5E,0x72,0x41,0xCE,0x85,0x3C,
- 0xD2,0xB3,0xFC,0x13,0xCE,0x37,0x81,0x9E,0x4C,0x1C,0x7B,0x65,
- 0xD3,0xE6,0xA6,0x00,0xF5,0x5A,0x95,0x43,0x5E,0x81,0xCF,0x60,
- 0xA2,0x23,0xFC,0x36,0xA7,0x5D,0x7A,0x4C,0x06,0x91,0x6E,0xF6,
- 0x57,0xEE,0x36,0xCB,0x06,0xEA,0xF5,0x3D,0x95,0x49,0xCB,0xA7,
- 0xDD,0x81,0xDF,0x80,0x09,0x4A,0x97,0x4D,0xA8,0x22,0x72,0xA1,
- 0x7F,0xC4,0x70,0x56,0x70,0xE8,0x20,0x10,0x18,0x8F,0x2E,0x60,
- 0x07,0xE7,0x68,0x1A,0x82,0x5D,0x32,0xA2,
- };
- DH *dh;
-
- if ((dh=DH_new()) == NULL) return(NULL);
- dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
- dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
- { DH_free(dh); return(NULL); }
- dh->length = 160;
- return(dh);
- }
-#endif
diff --git a/crypto/openssl/ssl/t1_clnt.c b/crypto/openssl/ssl/t1_clnt.c
deleted file mode 100644
index 9745630a008c..000000000000
--- a/crypto/openssl/ssl/t1_clnt.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/* ssl/t1_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include "ssl_locl.h"
-
-static SSL_METHOD *tls1_get_client_method(int ver);
-static SSL_METHOD *tls1_get_client_method(int ver)
- {
- if (ver == TLS1_VERSION)
- return(TLSv1_client_method());
- else
- return(NULL);
- }
-
-SSL_METHOD *TLSv1_client_method(void)
- {
- static int init=1;
- static SSL_METHOD TLSv1_client_data;
-
- if (init)
- {
- memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
- sizeof(SSL_METHOD));
- TLSv1_client_data.ssl_connect=ssl3_connect;
- TLSv1_client_data.get_ssl_method=tls1_get_client_method;
- init=0;
- }
- return(&TLSv1_client_data);
- }
-
diff --git a/crypto/openssl/ssl/t1_enc.c b/crypto/openssl/ssl/t1_enc.c
deleted file mode 100644
index f3ecc5f5869e..000000000000
--- a/crypto/openssl/ssl/t1_enc.c
+++ /dev/null
@@ -1,721 +0,0 @@
-/* ssl/t1_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/comp.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include "ssl_locl.h"
-
-static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
- int sec_len, unsigned char *seed, int seed_len,
- unsigned char *out, int olen)
- {
- int chunk,n;
- unsigned int j;
- HMAC_CTX ctx;
- HMAC_CTX ctx_tmp;
- unsigned char A1[HMAC_MAX_MD_CBLOCK];
- unsigned int A1_len;
-
- chunk=EVP_MD_size(md);
-
- HMAC_Init(&ctx,sec,sec_len,md);
- HMAC_Update(&ctx,seed,seed_len);
- HMAC_Final(&ctx,A1,&A1_len);
-
- n=0;
- for (;;)
- {
- HMAC_Init(&ctx,NULL,0,NULL); /* re-init */
- HMAC_Update(&ctx,A1,A1_len);
- memcpy(&ctx_tmp,&ctx,sizeof(ctx)); /* Copy for A2 */ /* not needed for last one */
- HMAC_Update(&ctx,seed,seed_len);
-
- if (olen > chunk)
- {
- HMAC_Final(&ctx,out,&j);
- out+=j;
- olen-=j;
- HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */
- }
- else /* last one */
- {
- HMAC_Final(&ctx,A1,&A1_len);
- memcpy(out,A1,olen);
- break;
- }
- }
- HMAC_cleanup(&ctx);
- HMAC_cleanup(&ctx_tmp);
- memset(A1,0,sizeof(A1));
- }
-
-static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
- unsigned char *label, int label_len,
- const unsigned char *sec, int slen, unsigned char *out1,
- unsigned char *out2, int olen)
- {
- int len,i;
- const unsigned char *S1,*S2;
-
- len=slen/2;
- S1=sec;
- S2= &(sec[len]);
- len+=(slen&1); /* add for odd, make longer */
-
-
- tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
- tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
-
- for (i=0; i<olen; i++)
- out1[i]^=out2[i];
- }
-
-static void tls1_generate_key_block(SSL *s, unsigned char *km,
- unsigned char *tmp, int num)
- {
- unsigned char *p;
- unsigned char buf[SSL3_RANDOM_SIZE*2+
- TLS_MD_MAX_CONST_SIZE];
- p=buf;
-
- memcpy(p,TLS_MD_KEY_EXPANSION_CONST,
- TLS_MD_KEY_EXPANSION_CONST_SIZE);
- p+=TLS_MD_KEY_EXPANSION_CONST_SIZE;
- memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
- memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
-
- tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
- s->session->master_key,s->session->master_key_length,
- km,tmp,num);
- }
-
-int tls1_change_cipher_state(SSL *s, int which)
- {
- static const unsigned char empty[]="";
- unsigned char *p,*key_block,*mac_secret;
- unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+
- SSL3_RANDOM_SIZE*2];
- unsigned char tmp1[EVP_MAX_KEY_LENGTH];
- unsigned char tmp2[EVP_MAX_KEY_LENGTH];
- unsigned char iv1[EVP_MAX_IV_LENGTH*2];
- unsigned char iv2[EVP_MAX_IV_LENGTH*2];
- unsigned char *ms,*key,*iv,*er1,*er2;
- int client_write;
- EVP_CIPHER_CTX *dd;
- const EVP_CIPHER *c;
- const SSL_COMP *comp;
- const EVP_MD *m;
- int _exp,n,i,j,k,exp_label_len,cl;
-
- _exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
- c=s->s3->tmp.new_sym_enc;
- m=s->s3->tmp.new_hash;
- comp=s->s3->tmp.new_compression;
- key_block=s->s3->tmp.key_block;
-
- if (which & SSL3_CC_READ)
- {
- if ((s->enc_read_ctx == NULL) &&
- ((s->enc_read_ctx=(EVP_CIPHER_CTX *)
- OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
- goto err;
- dd= s->enc_read_ctx;
- s->read_hash=m;
- if (s->expand != NULL)
- {
- COMP_CTX_free(s->expand);
- s->expand=NULL;
- }
- if (comp != NULL)
- {
- s->expand=COMP_CTX_new(comp->method);
- if (s->expand == NULL)
- {
- SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
- goto err2;
- }
- if (s->s3->rrec.comp == NULL)
- s->s3->rrec.comp=(unsigned char *)
- OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
- if (s->s3->rrec.comp == NULL)
- goto err;
- }
- memset(&(s->s3->read_sequence[0]),0,8);
- mac_secret= &(s->s3->read_mac_secret[0]);
- }
- else
- {
- if ((s->enc_write_ctx == NULL) &&
- ((s->enc_write_ctx=(EVP_CIPHER_CTX *)
- OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
- goto err;
- dd= s->enc_write_ctx;
- s->write_hash=m;
- if (s->compress != NULL)
- {
- COMP_CTX_free(s->compress);
- s->compress=NULL;
- }
- if (comp != NULL)
- {
- s->compress=COMP_CTX_new(comp->method);
- if (s->compress == NULL)
- {
- SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
- goto err2;
- }
- }
- memset(&(s->s3->write_sequence[0]),0,8);
- mac_secret= &(s->s3->write_mac_secret[0]);
- }
-
- EVP_CIPHER_CTX_init(dd);
-
- p=s->s3->tmp.key_block;
- i=EVP_MD_size(m);
- cl=EVP_CIPHER_key_length(c);
- j=_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
- cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
- /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
- k=EVP_CIPHER_iv_length(c);
- er1= &(s->s3->client_random[0]);
- er2= &(s->s3->server_random[0]);
- if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
- (which == SSL3_CHANGE_CIPHER_SERVER_READ))
- {
- ms= &(p[ 0]); n=i+i;
- key= &(p[ n]); n+=j+j;
- iv= &(p[ n]); n+=k+k;
- exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
- exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
- client_write=1;
- }
- else
- {
- n=i;
- ms= &(p[ n]); n+=i+j;
- key= &(p[ n]); n+=j+k;
- iv= &(p[ n]); n+=k;
- exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
- exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
- client_write=0;
- }
-
- if (n > s->s3->tmp.key_block_length)
- {
- SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_INTERNAL_ERROR);
- goto err2;
- }
-
- memcpy(mac_secret,ms,i);
-#ifdef TLS_DEBUG
-printf("which = %04X\nmac key=",which);
-{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
-#endif
- if (_exp)
- {
- /* In here I set both the read and write key/iv to the
- * same value since only the correct one will be used :-).
- */
- p=buf;
- memcpy(p,exp_label,exp_label_len);
- p+=exp_label_len;
- memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
- memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
- tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
- tmp1,tmp2,EVP_CIPHER_key_length(c));
- key=tmp1;
-
- if (k > 0)
- {
- p=buf;
- memcpy(p,TLS_MD_IV_BLOCK_CONST,
- TLS_MD_IV_BLOCK_CONST_SIZE);
- p+=TLS_MD_IV_BLOCK_CONST_SIZE;
- memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
- memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
- tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0,
- iv1,iv2,k*2);
- if (client_write)
- iv=iv1;
- else
- iv= &(iv1[k]);
- }
- }
-
- s->session->key_arg_length=0;
-
- EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
-#ifdef TLS_DEBUG
-printf("which = %04X\nkey=",which);
-{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
-printf("\niv=");
-{ int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); }
-printf("\n");
-#endif
-
- memset(tmp1,0,sizeof(tmp1));
- memset(tmp2,0,sizeof(tmp1));
- memset(iv1,0,sizeof(iv1));
- memset(iv2,0,sizeof(iv2));
- return(1);
-err:
- SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
-err2:
- return(0);
- }
-
-int tls1_setup_key_block(SSL *s)
- {
- unsigned char *p1,*p2;
- const EVP_CIPHER *c;
- const EVP_MD *hash;
- int num;
- SSL_COMP *comp;
-
- if (s->s3->tmp.key_block_length != 0)
- return(1);
-
- if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
- {
- SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
- return(0);
- }
-
- s->s3->tmp.new_sym_enc=c;
- s->s3->tmp.new_hash=hash;
-
- num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
- num*=2;
-
- ssl3_cleanup_key_block(s);
-
- if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
- goto err;
- if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
- goto err;
-
- s->s3->tmp.key_block_length=num;
- s->s3->tmp.key_block=p1;
-
-
-#ifdef TLS_DEBUG
-printf("client random\n");
-{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
-printf("server random\n");
-{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
-printf("pre-master\n");
-{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
-#endif
- tls1_generate_key_block(s,p1,p2,num);
- memset(p2,0,num);
- OPENSSL_free(p2);
-#ifdef TLS_DEBUG
-printf("\nkey block\n");
-{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
-#endif
-
- if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
- {
- /* enable vulnerability countermeasure for CBC ciphers with
- * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
- */
- s->s3->need_empty_fragments = 1;
-
- if (s->session->cipher != NULL)
- {
- if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
- s->s3->need_empty_fragments = 0;
-
-#ifndef NO_RC4
- if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
- s->s3->need_empty_fragments = 0;
-#endif
- }
- }
-
- return(1);
-err:
- SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
- return(0);
- }
-
-int tls1_enc(SSL *s, int send)
- {
- SSL3_RECORD *rec;
- EVP_CIPHER_CTX *ds;
- unsigned long l;
- int bs,i,ii,j,k,n=0;
- const EVP_CIPHER *enc;
-
- if (send)
- {
- if (s->write_hash != NULL)
- n=EVP_MD_size(s->write_hash);
- ds=s->enc_write_ctx;
- rec= &(s->s3->wrec);
- if (s->enc_write_ctx == NULL)
- enc=NULL;
- else
- enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
- }
- else
- {
- if (s->read_hash != NULL)
- n=EVP_MD_size(s->read_hash);
- ds=s->enc_read_ctx;
- rec= &(s->s3->rrec);
- if (s->enc_read_ctx == NULL)
- enc=NULL;
- else
- enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
- }
-
- if ((s->session == NULL) || (ds == NULL) ||
- (enc == NULL))
- {
- memmove(rec->data,rec->input,rec->length);
- rec->input=rec->data;
- }
- else
- {
- l=rec->length;
- bs=EVP_CIPHER_block_size(ds->cipher);
-
- if ((bs != 1) && send)
- {
- i=bs-((int)l%bs);
-
- /* Add weird padding of upto 256 bytes */
-
- /* we need to add 'i' padding bytes of value j */
- j=i-1;
- if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
- {
- if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
- j++;
- }
- for (k=(int)l; k<(int)(l+i); k++)
- rec->input[k]=j;
- l+=i;
- rec->length+=i;
- }
-
- if (!send)
- {
- if (l == 0 || l%bs != 0)
- {
- SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
- return 0;
- }
- }
-
- EVP_Cipher(ds,rec->data,rec->input,l);
-
- if ((bs != 1) && !send)
- {
- ii=i=rec->data[l-1]; /* padding_length */
- i++;
- if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
- {
- /* First packet is even in size, so check */
- if ((memcmp(s->s3->read_sequence,
- "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
- s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
- if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
- i--;
- }
- /* TLS 1.0 does not bound the number of padding bytes by the block size.
- * All of them must have value 'padding_length'. */
- if (i > (int)rec->length)
- {
- /* Incorrect padding. SSLerr() and ssl3_alert are done
- * by caller: we don't want to reveal whether this is
- * a decryption error or a MAC verification failure
- * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
- return -1;
- }
- for (j=(int)(l-i); j<(int)l; j++)
- {
- if (rec->data[j] != ii)
- {
- /* Incorrect padding */
- return -1;
- }
- }
- rec->length-=i;
- }
- }
- return(1);
- }
-
-int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
- {
- unsigned int ret;
- EVP_MD_CTX ctx;
-
- EVP_MD_CTX_copy(&ctx,in_ctx);
- EVP_DigestFinal(&ctx,out,&ret);
- return((int)ret);
- }
-
-int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
- const char *str, int slen, unsigned char *out)
- {
- unsigned int i;
- EVP_MD_CTX ctx;
- unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
- unsigned char *q,buf2[12];
-
- q=buf;
- memcpy(q,str,slen);
- q+=slen;
-
- EVP_MD_CTX_copy(&ctx,in1_ctx);
- EVP_DigestFinal(&ctx,q,&i);
- q+=i;
- EVP_MD_CTX_copy(&ctx,in2_ctx);
- EVP_DigestFinal(&ctx,q,&i);
- q+=i;
-
- tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
- s->session->master_key,s->session->master_key_length,
- out,buf2,12);
- memset(&ctx,0,sizeof(EVP_MD_CTX));
-
- return((int)12);
- }
-
-int tls1_mac(SSL *ssl, unsigned char *md, int send)
- {
- SSL3_RECORD *rec;
- unsigned char *mac_sec,*seq;
- const EVP_MD *hash;
- unsigned int md_size;
- int i;
- HMAC_CTX hmac;
- unsigned char buf[5];
-
- if (send)
- {
- rec= &(ssl->s3->wrec);
- mac_sec= &(ssl->s3->write_mac_secret[0]);
- seq= &(ssl->s3->write_sequence[0]);
- hash=ssl->write_hash;
- }
- else
- {
- rec= &(ssl->s3->rrec);
- mac_sec= &(ssl->s3->read_mac_secret[0]);
- seq= &(ssl->s3->read_sequence[0]);
- hash=ssl->read_hash;
- }
-
- md_size=EVP_MD_size(hash);
-
- buf[0]=rec->type;
- buf[1]=TLS1_VERSION_MAJOR;
- buf[2]=TLS1_VERSION_MINOR;
- buf[3]=rec->length>>8;
- buf[4]=rec->length&0xff;
-
- /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
- HMAC_Init(&hmac,mac_sec,EVP_MD_size(hash),hash);
- HMAC_Update(&hmac,seq,8);
- HMAC_Update(&hmac,buf,5);
- HMAC_Update(&hmac,rec->input,rec->length);
- HMAC_Final(&hmac,md,&md_size);
-
-#ifdef TLS_DEBUG
-printf("sec=");
-{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
-printf("seq=");
-{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
-printf("buf=");
-{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
-printf("rec=");
-{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
-#endif
-
- for (i=7; i>=0; i--)
- {
- ++seq[i];
- if (seq[i] != 0) break;
- }
-
-#ifdef TLS_DEBUG
-{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
-#endif
- return(md_size);
- }
-
-int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
- int len)
- {
- unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE];
- unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
-
- /* Setup the stuff to munge */
- memcpy(buf,TLS_MD_MASTER_SECRET_CONST,
- TLS_MD_MASTER_SECRET_CONST_SIZE);
- memcpy(&(buf[TLS_MD_MASTER_SECRET_CONST_SIZE]),
- s->s3->client_random,SSL3_RANDOM_SIZE);
- memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]),
- s->s3->server_random,SSL3_RANDOM_SIZE);
- tls1_PRF(s->ctx->md5,s->ctx->sha1,
- buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
- s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE);
- return(SSL3_MASTER_SECRET_SIZE);
- }
-
-int tls1_alert_code(int code)
- {
- switch (code)
- {
- case SSL_AD_CLOSE_NOTIFY: return(SSL3_AD_CLOSE_NOTIFY);
- case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE);
- case SSL_AD_BAD_RECORD_MAC: return(SSL3_AD_BAD_RECORD_MAC);
- case SSL_AD_DECRYPTION_FAILED: return(TLS1_AD_DECRYPTION_FAILED);
- case SSL_AD_RECORD_OVERFLOW: return(TLS1_AD_RECORD_OVERFLOW);
- case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
- case SSL_AD_HANDSHAKE_FAILURE: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_NO_CERTIFICATE: return(-1);
- case SSL_AD_BAD_CERTIFICATE: return(SSL3_AD_BAD_CERTIFICATE);
- case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
- case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
- case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
- case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
- case SSL_AD_ILLEGAL_PARAMETER: return(SSL3_AD_ILLEGAL_PARAMETER);
- case SSL_AD_UNKNOWN_CA: return(TLS1_AD_UNKNOWN_CA);
- case SSL_AD_ACCESS_DENIED: return(TLS1_AD_ACCESS_DENIED);
- case SSL_AD_DECODE_ERROR: return(TLS1_AD_DECODE_ERROR);
- case SSL_AD_DECRYPT_ERROR: return(TLS1_AD_DECRYPT_ERROR);
- case SSL_AD_EXPORT_RESTRICTION: return(TLS1_AD_EXPORT_RESTRICTION);
- case SSL_AD_PROTOCOL_VERSION: return(TLS1_AD_PROTOCOL_VERSION);
- case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);
- case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR);
- case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED);
- case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION);
- default: return(-1);
- }
- }
-
diff --git a/crypto/openssl/ssl/t1_lib.c b/crypto/openssl/ssl/t1_lib.c
deleted file mode 100644
index ca6c03d5af18..000000000000
--- a/crypto/openssl/ssl/t1_lib.c
+++ /dev/null
@@ -1,149 +0,0 @@
-/* ssl/t1_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-const char *tls1_version_str="TLSv1" OPENSSL_VERSION_PTEXT;
-
-static long tls1_default_timeout(void);
-
-static SSL3_ENC_METHOD TLSv1_enc_data={
- tls1_enc,
- tls1_mac,
- tls1_setup_key_block,
- tls1_generate_master_secret,
- tls1_change_cipher_state,
- tls1_final_finish_mac,
- TLS1_FINISH_MAC_LENGTH,
- tls1_cert_verify_mac,
- TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
- TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
- tls1_alert_code,
- };
-
-static SSL_METHOD TLSv1_data= {
- TLS1_VERSION,
- tls1_new,
- tls1_clear,
- tls1_free,
- ssl_undefined_function,
- ssl_undefined_function,
- ssl3_read,
- ssl3_peek,
- ssl3_write,
- ssl3_shutdown,
- ssl3_renegotiate,
- ssl3_renegotiate_check,
- ssl3_ctrl,
- ssl3_ctx_ctrl,
- ssl3_get_cipher_by_char,
- ssl3_put_cipher_by_char,
- ssl3_pending,
- ssl3_num_ciphers,
- ssl3_get_cipher,
- ssl_bad_method,
- tls1_default_timeout,
- &TLSv1_enc_data,
- ssl_undefined_function,
- ssl3_callback_ctrl,
- ssl3_ctx_callback_ctrl,
- };
-
-static long tls1_default_timeout(void)
- {
- /* 2 hours, the 24 hours mentioned in the TLSv1 spec
- * is way too long for http, the cache would over fill */
- return(60*60*2);
- }
-
-SSL_METHOD *tlsv1_base_method(void)
- {
- return(&TLSv1_data);
- }
-
-int tls1_new(SSL *s)
- {
- if (!ssl3_new(s)) return(0);
- s->method->ssl_clear(s);
- return(1);
- }
-
-void tls1_free(SSL *s)
- {
- ssl3_free(s);
- }
-
-void tls1_clear(SSL *s)
- {
- ssl3_clear(s);
- s->version=TLS1_VERSION;
- }
-
-#if 0
-long tls1_ctrl(SSL *s, int cmd, long larg, char *parg)
- {
- return(0);
- }
-
-long tls1_callback_ctrl(SSL *s, int cmd, void *(*fp)())
- {
- return(0);
- }
-#endif
diff --git a/crypto/openssl/ssl/t1_meth.c b/crypto/openssl/ssl/t1_meth.c
deleted file mode 100644
index 9bb36a7d1ca9..000000000000
--- a/crypto/openssl/ssl/t1_meth.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/* ssl/t1_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-static SSL_METHOD *tls1_get_method(int ver);
-static SSL_METHOD *tls1_get_method(int ver)
- {
- if (ver == TLS1_VERSION)
- return(TLSv1_method());
- else
- return(NULL);
- }
-
-SSL_METHOD *TLSv1_method(void)
- {
- static int init=1;
- static SSL_METHOD TLSv1_data;
-
- if (init)
- {
- memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
- sizeof(SSL_METHOD));
- TLSv1_data.ssl_connect=ssl3_connect;
- TLSv1_data.ssl_accept=ssl3_accept;
- TLSv1_data.get_ssl_method=tls1_get_method;
- init=0;
- }
- return(&TLSv1_data);
- }
-
diff --git a/crypto/openssl/ssl/t1_srvr.c b/crypto/openssl/ssl/t1_srvr.c
deleted file mode 100644
index 996b7ca8e2ef..000000000000
--- a/crypto/openssl/ssl/t1_srvr.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/* ssl/t1_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include "ssl_locl.h"
-
-static SSL_METHOD *tls1_get_server_method(int ver);
-static SSL_METHOD *tls1_get_server_method(int ver)
- {
- if (ver == TLS1_VERSION)
- return(TLSv1_server_method());
- else
- return(NULL);
- }
-
-SSL_METHOD *TLSv1_server_method(void)
- {
- static int init=1;
- static SSL_METHOD TLSv1_server_data;
-
- if (init)
- {
- memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
- sizeof(SSL_METHOD));
- TLSv1_server_data.ssl_accept=ssl3_accept;
- TLSv1_server_data.get_ssl_method=tls1_get_server_method;
- init=0;
- }
- return(&TLSv1_server_data);
- }
-
diff --git a/crypto/openssl/ssl/tls1.h b/crypto/openssl/ssl/tls1.h
deleted file mode 100644
index cf92ae034f0b..000000000000
--- a/crypto/openssl/ssl/tls1.h
+++ /dev/null
@@ -1,164 +0,0 @@
-/* ssl/tls1.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_TLS1_H
-#define HEADER_TLS1_H
-
-#include <openssl/buffer.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1
-
-#define TLS1_VERSION 0x0301
-#define TLS1_VERSION_MAJOR 0x03
-#define TLS1_VERSION_MINOR 0x01
-
-#define TLS1_AD_DECRYPTION_FAILED 21
-#define TLS1_AD_RECORD_OVERFLOW 22
-#define TLS1_AD_UNKNOWN_CA 48 /* fatal */
-#define TLS1_AD_ACCESS_DENIED 49 /* fatal */
-#define TLS1_AD_DECODE_ERROR 50 /* fatal */
-#define TLS1_AD_DECRYPT_ERROR 51
-#define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */
-#define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */
-#define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */
-#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */
-#define TLS1_AD_USER_CANCELLED 90
-#define TLS1_AD_NO_RENEGOTIATION 100
-
-/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
- * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
- * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably
- * shouldn't. */
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061
-#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062
-#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064
-#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065
-#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
-
-/* XXX
- * Inconsistency alert:
- * The OpenSSL names of ciphers with ephemeral DH here include the string
- * "DHE", while elsewhere it has always been "EDH".
- * (The alias for the list of all such ciphers also is "EDH".)
- * The specifications speak of "EDH"; maybe we should allow both forms
- * for everything. */
-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"
-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"
-#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"
-#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA"
-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA"
-#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA"
-
-
-#define TLS_CT_RSA_SIGN 1
-#define TLS_CT_DSS_SIGN 2
-#define TLS_CT_RSA_FIXED_DH 3
-#define TLS_CT_DSS_FIXED_DH 4
-#define TLS_CT_NUMBER 4
-
-#define TLS1_FINISH_MAC_LENGTH 12
-
-#define TLS_MD_MAX_CONST_SIZE 20
-#define TLS_MD_CLIENT_FINISH_CONST "client finished"
-#define TLS_MD_CLIENT_FINISH_CONST_SIZE 15
-#define TLS_MD_SERVER_FINISH_CONST "server finished"
-#define TLS_MD_SERVER_FINISH_CONST_SIZE 15
-#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
-#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
-#define TLS_MD_KEY_EXPANSION_CONST "key expansion"
-#define TLS_MD_KEY_EXPANSION_CONST_SIZE 13
-#define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key"
-#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16
-#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
-#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
-#define TLS_MD_IV_BLOCK_CONST "IV block"
-#define TLS_MD_IV_BLOCK_CONST_SIZE 8
-#define TLS_MD_MASTER_SECRET_CONST "master secret"
-#define TLS_MD_MASTER_SECRET_CONST_SIZE 13
-
-#ifdef CHARSET_EBCDIC
-#undef TLS_MD_CLIENT_FINISH_CONST
-#define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*client finished*/
-#undef TLS_MD_SERVER_FINISH_CONST
-#define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*server finished*/
-#undef TLS_MD_SERVER_WRITE_KEY_CONST
-#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/
-#undef TLS_MD_KEY_EXPANSION_CONST
-#define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" /*key expansion*/
-#undef TLS_MD_CLIENT_WRITE_KEY_CONST
-#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*client write key*/
-#undef TLS_MD_SERVER_WRITE_KEY_CONST
-#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/
-#undef TLS_MD_IV_BLOCK_CONST
-#define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" /*IV block*/
-#undef TLS_MD_MASTER_SECRET_CONST
-#define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-10 16:10:08 +0000