GmSSL/ssl/ssl_locl.h at GmSSL-v1 · ChainSQL/GmSSL

History

1566 lines (1451 loc) · 60 KB

Raw

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

454

455

456

457

458

459

460

461

462

463

464

465

466

467

468

469

470

471

472

473

474

475

476

477

478

479

480

481

482

483

484

485

486

487

488

489

490

491

492

493

494

495

496

497

498

499

500

501

502

503

504

505

506

507

508

509

510

511

512

513

514

515

516

517

518

519

520

521

522

523

524

525

526

527

528

529

530

531

532

533

534

535

536

537

538

539

540

541

542

543

544

545

546

547

548

549

550

551

552

553

554

555

556

557

558

559

560

561

562

563

564

565

566

567

568

569

570

571

572

573

574

575

576

577

578

579

580

581

582

583

584

585

586

587

588

589

590

591

592

593

594

595

596

597

598

599

600

601

602

603

604

605

606

607

608

609

610

611

612

613

614

615

616

617

618

619

620

621

622

623

624

625

626

627

628

629

630

631

632

633

634

635

636

637

638

639

640

641

642

643

644

645

646

647

648

649

650

651

652

653

654

655

656

657

658

659

660

661

662

663

664

665

666

667

668

669

670

671

672

673

674

675

676

677

678

679

680

681

682

683

684

685

686

687

688

689

690

691

692

693

694

695

696

697

698

699

700

701

702

703

704

705

706

707

708

709

710

711

712

713

714

715

716

717

718

719

720

721

722

723

724

725

726

727

728

729

730

731

732

733

734

735

736

737

738

739

740

741

742

743

744

745

746

747

748

749

750

751

752

753

754

755

756

757

758

759

760

761

762

763

764

765

766

767

768

769

770

771

772

773

774

775

776

777

778

779

780

781

782

783

784

785

786

787

788

789

790

791

792

793

794

795

796

797

798

799

800

801

802

803

804

805

806

807

808

809

810

811

812

813

814

815

816

817

818

819

820

821

822

823

824

825

826

827

828

829

830

831

832

833

834

835

836

837

838

839

840

841

842

843

844

845

846

847

848

849

850

851

852

853

854

855

856

857

858

859

860

861

862

863

864

865

866

867

868

869

870

871

872

873

874

875

876

877

878

879

880

881

882

883

884

885

886

887

888

889

890

891

892

893

894

895

896

897

898

899

900

901

902

903

904

905

906

907

908

909

910

911

912

913

914

915

916

917

918

919

920

921

922

923

924

925

926

927

928

929

930

931

932

933

934

935

936

937

938

939

940

941

942

943

944

945

946

947

948

949

950

951

952

953

954

955

956

957

958

959

960

961

962

963

964

965

966

967

968

969

970

971

972

973

974

975

976

977

978

979

980

981

982

983

984

985

986

987

988

989

990

991

992

993

994

995

996

997

998

999

1000

/* ssl/ssl_locl.h */

* This package is an SSL implementation written

* by Eric Young ([email protected]).

* The implementation was written so as to conform with Netscapes SSL.

* This library is free for commercial and non-commercial use as long as

* the following conditions are aheared to. The following conditions

* apply to all code found in this distribution, be it the RC4, RSA,

* lhash, DES, etc., code; not just the SSL code. The SSL documentation

* included with this distribution is covered by the same copyright terms

* except that the holder is Tim Hudson ([email protected]).

* Copyright remains Eric Young's, and as such any Copyright notices in

* the code are not to be removed.

* If this package is used in a product, Eric Young should be given attribution

* as the author of the parts of the library used.

* This can be in the form of a textual message at program startup or

* in documentation (online or textual) provided with the package.

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions

* are met:

* 1. Redistributions of source code must retain the copyright

* notice, this list of conditions and the following disclaimer.

* 2. Redistributions in binary form must reproduce the above copyright

* notice, this list of conditions and the following disclaimer in the

* documentation and/or other materials provided with the distribution.

* 3. All advertising materials mentioning features or use of this software

* must display the following acknowledgement:

* "This product includes cryptographic software written by

* Eric Young ([email protected])"

* The word 'cryptographic' can be left out if the rouines from the library

* being used are not cryptographic related :-).

* 4. If you include any Windows specific code (or a derivative thereof) from

* the apps directory (application code) you must include an acknowledgement:

* "This product includes software written by Tim Hudson ([email protected])"

* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

* SUCH DAMAGE.

* The licence and distribution terms for any publically available version or

* derivative of this code cannot be changed. i.e. this code cannot simply be

* copied and put under another distribution licence

* [including the GNU Public Licence.]

/* ====================================================================

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions

* are met:

* 1. Redistributions of source code must retain the above copyright

* notice, this list of conditions and the following disclaimer.

* 2. Redistributions in binary form must reproduce the above copyright

* notice, this list of conditions and the following disclaimer in

* the documentation and/or other materials provided with the

* distribution.

* 3. All advertising materials mentioning features or use of this

* software must display the following acknowledgment:

* "This product includes software developed by the OpenSSL Project

* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

* endorse or promote products derived from this software without

* prior written permission. For written permission, please contact

* [email protected].

* 5. Products derived from this software may not be called "OpenSSL"

* nor may "OpenSSL" appear in their names without prior written

* permission of the OpenSSL Project.

* 6. Redistributions of any form whatsoever must retain the following

* acknowledgment:

* "This product includes software developed by the OpenSSL Project

* for use in the OpenSSL Toolkit (http://www.openssl.org/)"

* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR

* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

* OF THE POSSIBILITY OF SUCH DAMAGE.

* ====================================================================

* This product includes cryptographic software written by Eric Young

* ([email protected]). This product includes software written by Tim

* Hudson ([email protected]).

/* ====================================================================

* ECC cipher suite support in OpenSSL originally developed by

* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

/* ====================================================================

* The portions of the attached software ("Contribution") is developed by

* Nokia Corporation and is licensed pursuant to the OpenSSL open source

* license.

* The Contribution, originally written by Mika Kousa and Pasi Eronen of

* Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites

* support (see RFC 4279) to OpenSSL.

* No patent licenses or other rights except those expressly stated in

* the OpenSSL open source license shall be deemed granted or received

* expressly, by implication, estoppel, or otherwise.

* No assurances are provided by Nokia that the Contribution does not

* infringe the patent or other intellectual property rights of any third

* party or that the license provides you with all the necessary rights

* to make use of the Contribution.

* THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN

* ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA

* SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY

* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR

* OTHERWISE.

#ifndef HEADER_SSL_LOCL_H

# define HEADER_SSL_LOCL_H

# include <stdlib.h>

# include <time.h>

# include <string.h>

# include <errno.h>

# include "e_os.h"

# include <openssl/buffer.h>

# ifndef OPENSSL_NO_COMP

# include <openssl/comp.h>

# endif

# include <openssl/bio.h>

# include <openssl/stack.h>

# ifndef OPENSSL_NO_RSA

# include <openssl/rsa.h>

# endif

# ifndef OPENSSL_NO_DSA

# include <openssl/dsa.h>

# endif

# include <openssl/err.h>

# include <openssl/ssl.h>

# include <openssl/symhacks.h>

# ifdef OPENSSL_BUILD_SHLIBSSL

# undef OPENSSL_EXTERN

# define OPENSSL_EXTERN OPENSSL_EXPORT

# endif

# undef PKCS1_CHECK

# define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \

l|=(((unsigned long)(*((c)++)))<< 8), \

l|=(((unsigned long)(*((c)++)))<<16), \

l|=(((unsigned long)(*((c)++)))<<24))

/* NOTE - c is not incremented as per c2l */

# define c2ln(c,l1,l2,n) { \

c+=n; \

l1=l2=0; \

switch (n) { \

case 8: l2 =((unsigned long)(*(--(c))))<<24; \

case 7: l2|=((unsigned long)(*(--(c))))<<16; \

case 6: l2|=((unsigned long)(*(--(c))))<< 8; \

case 5: l2|=((unsigned long)(*(--(c)))); \

case 4: l1 =((unsigned long)(*(--(c))))<<24; \

case 3: l1|=((unsigned long)(*(--(c))))<<16; \

case 2: l1|=((unsigned long)(*(--(c))))<< 8; \

case 1: l1|=((unsigned long)(*(--(c)))); \

} \

}

# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \

*((c)++)=(unsigned char)(((l)>> 8)&0xff), \

*((c)++)=(unsigned char)(((l)>>16)&0xff), \

*((c)++)=(unsigned char)(((l)>>24)&0xff))

# define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \

l|=((unsigned long)(*((c)++)))<<16, \

l|=((unsigned long)(*((c)++)))<< 8, \

l|=((unsigned long)(*((c)++))))

# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \

*((c)++)=(unsigned char)(((l)>>16)&0xff), \

*((c)++)=(unsigned char)(((l)>> 8)&0xff), \

*((c)++)=(unsigned char)(((l) )&0xff))

# define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \

*((c)++)=(unsigned char)(((l)>>32)&0xff), \

*((c)++)=(unsigned char)(((l)>>24)&0xff), \

*((c)++)=(unsigned char)(((l)>>16)&0xff), \

*((c)++)=(unsigned char)(((l)>> 8)&0xff), \

*((c)++)=(unsigned char)(((l) )&0xff))

# define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \

*((c)++)=(unsigned char)(((l)>>48)&0xff), \

*((c)++)=(unsigned char)(((l)>>40)&0xff), \

*((c)++)=(unsigned char)(((l)>>32)&0xff), \

*((c)++)=(unsigned char)(((l)>>24)&0xff), \

*((c)++)=(unsigned char)(((l)>>16)&0xff), \

*((c)++)=(unsigned char)(((l)>> 8)&0xff), \

*((c)++)=(unsigned char)(((l) )&0xff))

# define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \

l|=((BN_ULLONG)(*((c)++)))<<32, \

l|=((BN_ULLONG)(*((c)++)))<<24, \

l|=((BN_ULLONG)(*((c)++)))<<16, \

l|=((BN_ULLONG)(*((c)++)))<< 8, \

l|=((BN_ULLONG)(*((c)++))))

/* NOTE - c is not incremented as per l2c */

# define l2cn(l1,l2,c,n) { \

c+=n; \

switch (n) { \

case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \

case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \

case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \

case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \

case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \

case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \

case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \

case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \

} \

}

# define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \

(((unsigned int)(c[1])) )),c+=2)

# define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \

c[1]=(unsigned char)(((s) )&0xff)),c+=2)

# define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \

(((unsigned long)(c[1]))<< 8)| \

(((unsigned long)(c[2])) )),c+=3)

# define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \

c[1]=(unsigned char)(((l)>> 8)&0xff), \

c[2]=(unsigned char)(((l) )&0xff)),c+=3)

/* LOCAL STUFF */

# define SSL_DECRYPT 0

# define SSL_ENCRYPT 1

# define TWO_BYTE_BIT 0x80

# define SEC_ESC_BIT 0x40

# define TWO_BYTE_MASK 0x7fff

# define THREE_BYTE_MASK 0x3fff

# define INC32(a) ((a)=((a)+1)&0xffffffffL)

# define DEC32(a) ((a)=((a)-1)&0xffffffffL)

# define MAX_MAC_SIZE 20 /* up from 16 for SSLv3 */

* Define the Bitmasks for SSL_CIPHER.algorithms.

* This bits are used packed as dense as possible. If new methods/ciphers

* etc will be added, the bits a likely to change, so this information

* is for internal library use only, even though SSL_CIPHER.algorithms

* can be publicly accessed.

* Use the according functions for cipher management instead.

* The bit mask handling in the selection and sorting scheme in

* ssl_create_cipher_list() has only limited capabilities, reflecting

* that the different entities within are mutually exclusive:

* ONLY ONE BIT PER MASK CAN BE SET AT A TIME.

/* Bits for algorithm_mkey (key exchange algorithm) */

/* RSA key exchange */

# define SSL_kRSA 0x00000001L

/* DH cert, RSA CA cert */

# define SSL_kDHr 0x00000002L

/* DH cert, DSA CA cert */

# define SSL_kDHd 0x00000004L

/* tmp DH key no DH cert */

# define SSL_kEDH 0x00000008L

/* forward-compatible synonym */

# define SSL_kDHE SSL_kEDH

/* Kerberos5 key exchange */

# define SSL_kKRB5 0x00000010L

/* ECDH cert, RSA CA cert */

# define SSL_kECDHr 0x00000020L

/* ECDH cert, ECDSA CA cert */

# define SSL_kECDHe 0x00000040L

/* ephemeral ECDH */

# define SSL_kEECDH 0x00000080L

/* forward-compatible synonym */

# define SSL_kECDHE SSL_kEECDH

/* PSK */

# define SSL_kPSK 0x00000100L

/* GOST key exchange */

# define SSL_kGOST 0x00000200L

/* SRP */

# define SSL_kSRP 0x00000400L

# ifndef NO_GMSSL

/* GM/T 0024 ECDHE */

# define SSL_kECDHE2 0x00000800L

/* GM/T 0024 ECC */

# define SSL_kECC 0x00001000L

/* GM/T 0024 IBSDH */

# define SSL_kIBSDH 0x00002000L

/* GM/T 0024 IBC */

# define SSL_kIBC 0x00004000L

/* sm2encrypt cert */

# define SSL_kSM2 0x00008000L

# endif

/* Bits for algorithm_auth (server authentication) */

/* RSA auth */

# define SSL_aRSA 0x00000001L

/* DSS auth */

# define SSL_aDSS 0x00000002L

/* no auth (i.e. use ADH or AECDH) */

# define SSL_aNULL 0x00000004L

/* Fixed DH auth (kDHd or kDHr) */

# define SSL_aDH 0x00000008L

/* Fixed ECDH auth (kECDHe or kECDHr) */

# define SSL_aECDH 0x00000010L

/* KRB5 auth */

# define SSL_aKRB5 0x00000020L

/* ECDSA auth*/

# define SSL_aECDSA 0x00000040L

/* PSK auth */

# define SSL_aPSK 0x00000080L

/* GOST R 34.10-94 signature auth */

# define SSL_aGOST94 0x00000100L

/* GOST R 34.10-2001 signature auth */

# define SSL_aGOST01 0x00000200L

/* SRP auth */

# define SSL_aSRP 0x00000400L

# ifndef NO_GMSSL

/* GM/T 0024 ECDHE, ECC, IBSDH, IBC */

# define SSL_aSM2 0x00000800L

# endif

/* Bits for algorithm_enc (symmetric encryption) */

# define SSL_DES 0x00000001L

# define SSL_3DES 0x00000002L

# define SSL_RC4 0x00000004L

# define SSL_RC2 0x00000008L

# define SSL_IDEA 0x00000010L

# define SSL_eNULL 0x00000020L

# define SSL_AES128 0x00000040L

# define SSL_AES256 0x00000080L

# define SSL_CAMELLIA128 0x00000100L

# define SSL_CAMELLIA256 0x00000200L

# define SSL_eGOST2814789CNT 0x00000400L

# define SSL_SEED 0x00000800L

# define SSL_AES128GCM 0x00001000L

# define SSL_AES256GCM 0x00002000L

# ifndef NO_GMSSL

# define SSL_SM4 0x00004000L

# define SSL_SM1 0x00008000L

# endif

# define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM)

# define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)

/* Bits for algorithm_mac (symmetric authentication) */

# define SSL_MD5 0x00000001L

# define SSL_SHA1 0x00000002L

# define SSL_GOST94 0x00000004L

# define SSL_GOST89MAC 0x00000008L

# define SSL_SHA256 0x00000010L

# define SSL_SHA384 0x00000020L

/* Not a real MAC, just an indication it is part of cipher */

# define SSL_AEAD 0x00000040L

# ifndef NO_GMSSL

# define SSL_SM3 0x00000080L

# endif

/* Bits for algorithm_ssl (protocol version) */

# define SSL_SSLV2 0x00000001UL

# define SSL_SSLV3 0x00000002UL

# define SSL_TLSV1 SSL_SSLV3/* for now */

# define SSL_TLSV1_2 0x00000004UL

# ifndef NO_GMSSL

# define SSL_GMV1 0x00000008UL

# endif

/* Bits for algorithm2 (handshake digests and other extra flags) */

# define SSL_HANDSHAKE_MAC_MD5 0x10

# define SSL_HANDSHAKE_MAC_SHA 0x20

# define SSL_HANDSHAKE_MAC_GOST94 0x40

# define SSL_HANDSHAKE_MAC_SHA256 0x80

# define SSL_HANDSHAKE_MAC_SHA384 0x100

# ifndef NO_GMSSL

# define SSL_HANDSHAKE_MAC_SM3 0x200

# endif

# define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)

* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX make

* sure to update this constant too

#ifndef NO_GMSSL

#define SSL_MAX_DIGEST 7

#else

#define SSL_MAX_DIGEST 6

#endif

# define TLS1_PRF_DGST_MASK (0xff << TLS1_PRF_DGST_SHIFT)

# define TLS1_PRF_DGST_SHIFT 10

# define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT)

# define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)

# define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT)

# define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT)

# define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)

# define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)

* Stream MAC for GOST ciphersuites from cryptopro draft (currently this also

* goes into algorithm2)

# define TLS1_STREAM_MAC 0x04

* Export and cipher strength information. For each cipher we have to decide

* whether it is exportable or not. This information is likely to change

* over time, since the export control rules are no static technical issue.

* Independent of the export flag the cipher strength is sorted into classes.

* SSL_EXP40 was denoting the 40bit US export limit of past times, which now

* is at 56bit (SSL_EXP56). If the exportable cipher class is going to change

* again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,

* since SSL_EXP64 could be similar to SSL_LOW.

* For this reason SSL_MICRO and SSL_MINI macros are included to widen the

* namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed

* and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would

* be possible.

# define SSL_EXP_MASK 0x00000003L

# define SSL_STRONG_MASK 0x000001fcL

# define SSL_NOT_EXP 0x00000001L

# define SSL_EXPORT 0x00000002L

# define SSL_STRONG_NONE 0x00000004L

# define SSL_EXP40 0x00000008L

# define SSL_MICRO (SSL_EXP40)

# define SSL_EXP56 0x00000010L

# define SSL_MINI (SSL_EXP56)

# define SSL_LOW 0x00000020L

# define SSL_MEDIUM 0x00000040L

# define SSL_HIGH 0x00000080L

# define SSL_FIPS 0x00000100L

/* we have used 000001ff - 23 bits left to go */

/*-

* Macros to check the export status and cipher strength for export ciphers.

* Even though the macros for EXPORT and EXPORT40/56 have similar names,

* their meaning is different:

* *_EXPORT macros check the 'exportable' status.

* *_EXPORT40/56 macros are used to check whether a certain cipher strength

* is given.

* Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct

* algorithm structure element to be passed (algorithms, algo_strength) and no

* typechecking can be done as they are all of type unsigned long, their

* direct usage is discouraged.

* Use the SSL_C_* macros instead.

# define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT)

# define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56)

# define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40)

# define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength)

# define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength)

# define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength)

# define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \

(a) == SSL_DES ? 8 : 7)

# define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)

# define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \

(c)->algo_strength)

# define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength)

/* Check if an SSL structure is using DTLS */

# define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)

/* See if we need explicit IV */

# define SSL_USE_EXPLICIT_IV(s) \

(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)

* See if we use signature algorithms extension and signature algorithm

* before signatures.

# define SSL_USE_SIGALGS(s) \

(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS)

* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: may

* apply to others in future.

# define SSL_USE_TLS1_2_CIPHERS(s) \

(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)

* Determine if a client can use TLS 1.2 ciphersuites: can't rely on method

* flags because it may not be set to correct version yet.

# define SSL_CLIENT_USE_TLS1_2_CIPHERS(s) \

((SSL_IS_DTLS(s) && s->client_version <= DTLS1_2_VERSION) || \

(!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION))

/* Mostly for SSLv3 */

# define SSL_PKEY_RSA_ENC 0

# define SSL_PKEY_RSA_SIGN 1

# define SSL_PKEY_DSA_SIGN 2

# define SSL_PKEY_DH_RSA 3

# define SSL_PKEY_DH_DSA 4

# define SSL_PKEY_ECC 5

# define SSL_PKEY_GOST94 6

# define SSL_PKEY_GOST01 7

# ifndef NO_GMSSL

# define SSL_PKEY_SM9 8

# define SSL_PKEY_NUM 9

# else

# define SSL_PKEY_NUM 8

# endif

/*-

* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |

* <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)

* SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)

* SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN

* SSL_aRSA <- RSA_ENC | RSA_SIGN

* SSL_aDSS <- DSA_SIGN

/*-

#define CERT_INVALID 0

#define CERT_PUBLIC_KEY 1

#define CERT_PRIVATE_KEY 2

# ifndef OPENSSL_NO_EC

* From ECC-TLS draft, used in encoding the curve type in ECParameters

# define EXPLICIT_PRIME_CURVE_TYPE 1

# define EXPLICIT_CHAR2_CURVE_TYPE 2

# define NAMED_CURVE_TYPE 3

# endif /* OPENSSL_NO_EC */

typedef struct cert_pkey_st {

X509 *x509;

EVP_PKEY *privatekey;

/* Digest to use when signing */

const EVP_MD *digest;

/* Chain for this certificate */

STACK_OF(X509) *chain;

# ifndef OPENSSL_NO_TLSEXT

/*-

* serverinfo data for this certificate. The data is in TLS Extension

* wire format, specifically it's a series of records like:

* uint16_t extension_type; // (RFC 5246, 7.4.1.4, Extension)

* uint16_t length;

* uint8_t data[length];

unsigned char *serverinfo;

size_t serverinfo_length;

# endif

* Set if CERT_PKEY can be used with current SSL session: e.g.

* appropriate curve, signature algorithms etc. If zero it can't be used

* at all.

int valid_flags;

} CERT_PKEY;

/* Retrieve Suite B flags */

# define tls1_suiteb(s) (s->cert->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS)

/* Uses to check strict mode: suite B modes are always strict */

# define SSL_CERT_FLAGS_CHECK_TLS_STRICT \

(SSL_CERT_FLAG_SUITEB_128_LOS|SSL_CERT_FLAG_TLS_STRICT)

typedef struct {

unsigned short ext_type;

* Per-connection flags relating to this extension type: not used if

* part of an SSL_CTX structure.

unsigned short ext_flags;

custom_ext_add_cb add_cb;

custom_ext_free_cb free_cb;

void *add_arg;

custom_ext_parse_cb parse_cb;

void *parse_arg;

} custom_ext_method;

/* ext_flags values */

* Indicates an extension has been received. Used to check for unsolicited or

* duplicate extensions.

# define SSL_EXT_FLAG_RECEIVED 0x1

* Indicates an extension has been sent: used to enable sending of

* corresponding ServerHello extension.

# define SSL_EXT_FLAG_SENT 0x2

typedef struct {

custom_ext_method *meths;

size_t meths_count;

} custom_ext_methods;

typedef struct cert_st {

/* Current active set */

* ALWAYS points to an element of the pkeys array

* Probably it would make more sense to store

* an index, not a pointer.

CERT_PKEY *key;

* For servers the following masks are for the key and auth algorithms

* that are supported by the certs below. For clients they are masks of

* *disabled* algorithms based on the current session.

int valid;

unsigned long mask_k;

unsigned long mask_a;

unsigned long export_mask_k;

unsigned long export_mask_a;

/* Client only */

unsigned long mask_ssl;

# ifndef OPENSSL_NO_RSA

RSA *rsa_tmp;

RSA *(*rsa_tmp_cb) (SSL *ssl, int is_export, int keysize);

# endif

# ifndef OPENSSL_NO_DH

DH *dh_tmp;

DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize);

# endif

# ifndef OPENSSL_NO_ECDH

EC_KEY *ecdh_tmp;

/* Callback for generating ephemeral ECDH keys */

EC_KEY *(*ecdh_tmp_cb) (SSL *ssl, int is_export, int keysize);

/* Select ECDH parameters automatically */

int ecdh_tmp_auto;

# endif

/* Flags related to certificates */

unsigned int cert_flags;

CERT_PKEY pkeys[SSL_PKEY_NUM];

* Certificate types (received or sent) in certificate request message.

* On receive this is only set if number of certificate types exceeds

* SSL3_CT_NUMBER.

unsigned char *ctypes;

size_t ctype_num;

* signature algorithms peer reports: e.g. supported signature algorithms

* extension for server or as part of a certificate request for client.

unsigned char *peer_sigalgs;

/* Size of above array */

size_t peer_sigalgslen;

* suppported signature algorithms. When set on a client this is sent in

* the client hello as the supported signature algorithms extension. For

* servers it represents the signature algorithms we are willing to use.

unsigned char *conf_sigalgs;

/* Size of above array */

size_t conf_sigalgslen;

* Client authentication signature algorithms, if not set then uses

* conf_sigalgs. On servers these will be the signature algorithms sent

* to the client in a cerificate request for TLS 1.2. On a client this

* represents the signature algortithms we are willing to use for client

* authentication.

unsigned char *client_sigalgs;

/* Size of above array */

size_t client_sigalgslen;

* Signature algorithms shared by client and server: cached because these

* are used most often.

TLS_SIGALGS *shared_sigalgs;

size_t shared_sigalgslen;

* Certificate setup callback: if set is called whenever a certificate

* may be required (client or server). the callback can then examine any

* appropriate parameters and setup any certificates required. This

* allows advanced applications to select certificates on the fly: for

* example based on supported signature algorithms or curves.

int (*cert_cb) (SSL *ssl, void *arg);

void *cert_cb_arg;

* Optional X509_STORE for chain building or certificate validation If

* NULL the parent SSL_CTX store is used instead.

X509_STORE *chain_store;

X509_STORE *verify_store;

/* Raw values of the cipher list from a client */

unsigned char *ciphers_raw;

size_t ciphers_rawlen;

/* Custom extension methods for server and client */

custom_ext_methods cli_ext;

custom_ext_methods srv_ext;

int references; /* >1 only if SSL_copy_session_id is used */

} CERT;

typedef struct sess_cert_st {

STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */

/* The 'peer_...' members are used only by clients. */

int peer_cert_type;

CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never

* NULL!) */

CERT_PKEY peer_pkeys[SSL_PKEY_NUM];

* Obviously we don't have the private keys of these, so maybe we

* shouldn't even use the CERT_PKEY type here.

# ifndef OPENSSL_NO_RSA

RSA *peer_rsa_tmp; /* not used for SSL 2 */

# endif

# ifndef OPENSSL_NO_DH

DH *peer_dh_tmp; /* not used for SSL 2 */

# endif

# ifndef OPENSSL_NO_ECDH

EC_KEY *peer_ecdh_tmp;

# endif

int references; /* actually always 1 at the moment */

} SESS_CERT;

/* Structure containing decoded values of signature algorithms extension */

struct tls_sigalgs_st {

/* NID of hash algorithm */

int hash_nid;

/* NID of signature algorithm */

int sign_nid;

/* Combined hash and signature NID */

int signandhash_nid;

/* Raw values used in extension */

unsigned char rsign;

unsigned char rhash;

};

* #define MAC_DEBUG

* #define ERR_DEBUG

* #define ABORT_DEBUG

* #define PKT_DEBUG 1

* #define DES_DEBUG

* #define DES_OFB_DEBUG

* #define SSL_DEBUG

* #define RSA_DEBUG

* #define IDEA_DEBUG

# define FP_ICC (int (*)(const void *,const void *))

# define ssl_put_cipher_by_char(ssl,ciph,ptr) \

((ssl)->method->put_cipher_by_char((ciph),(ptr)))

* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit

* of a mess of functions, but hell, think of it as an opaque structure :-)

typedef struct ssl3_enc_method {

int (*enc) (SSL *, int);

int (*mac) (SSL *, unsigned char *, int);

int (*setup_key_block) (SSL *);

int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *,

int);

int (*change_cipher_state) (SSL *, int);

int (*final_finish_mac) (SSL *, const char *, int, unsigned char *);

int finish_mac_length;

int (*cert_verify_mac) (SSL *, int, unsigned char *);

const char *client_finished_label;

int client_finished_label_len;

const char *server_finished_label;

int server_finished_label_len;

int (*alert_value) (int);

int (*export_keying_material) (SSL *, unsigned char *, size_t,

const char *, size_t,

const unsigned char *, size_t,

int use_context);

/* Various flags indicating protocol version requirements */

unsigned int enc_flags;

/* Handshake header length */

unsigned int hhlen;

/* Set the handshake header */

void (*set_handshake_header) (SSL *s, int type, unsigned long len);

/* Write out handshake message */

int (*do_write) (SSL *s);

} SSL3_ENC_METHOD;

# define SSL_HM_HEADER_LENGTH(s) s->method->ssl3_enc->hhlen

# define ssl_handshake_start(s) \

(((unsigned char *)s->init_buf->data) + s->method->ssl3_enc->hhlen)

# define ssl_set_handshake_header(s, htype, len) \

s->method->ssl3_enc->set_handshake_header(s, htype, len)

# define ssl_do_write(s) s->method->ssl3_enc->do_write(s)

/* Values for enc_flags */

/* Uses explicit IV for CBC mode */

# define SSL_ENC_FLAG_EXPLICIT_IV 0x1

/* Uses signature algorithms extension */

# define SSL_ENC_FLAG_SIGALGS 0x2

/* Uses SHA256 default PRF */

# define SSL_ENC_FLAG_SHA256_PRF 0x4

/* Is DTLS */

# define SSL_ENC_FLAG_DTLS 0x8

* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: may

* apply to others in future.

# define SSL_ENC_FLAG_TLS1_2_CIPHERS 0x10

# ifndef OPENSSL_NO_COMP

/* Used for holding the relevant compression methods loaded into SSL_CTX */

typedef struct ssl3_comp_st {

int comp_id; /* The identifier byte for this compression

* type */

char *name; /* Text name used for the compression type */

COMP_METHOD *method; /* The method :-) */

} SSL3_COMP;

# endif

# ifndef OPENSSL_NO_BUF_FREELISTS

typedef struct ssl3_buf_freelist_st {

size_t chunklen;

unsigned int len;

struct ssl3_buf_freelist_entry_st *head;

} SSL3_BUF_FREELIST;

typedef struct ssl3_buf_freelist_entry_st {

struct ssl3_buf_freelist_entry_st *next;

} SSL3_BUF_FREELIST_ENTRY;

# endif

extern SSL3_ENC_METHOD ssl3_undef_enc_method;

OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];

OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];

SSL_METHOD *ssl_bad_method(int ver);

extern SSL3_ENC_METHOD TLSv1_enc_data;

extern SSL3_ENC_METHOD TLSv1_1_enc_data;

extern SSL3_ENC_METHOD TLSv1_2_enc_data;

extern SSL3_ENC_METHOD SSLv3_enc_data;

extern SSL3_ENC_METHOD DTLSv1_enc_data;

extern SSL3_ENC_METHOD DTLSv1_2_enc_data;

# ifndef NO_GMSSL

extern SSL3_ENC_METHOD GMSSLv1_enc_data;

# endif

# ifndef NO_GMSSL

# define IMPLEMENT_gm1_meth_func(func_name, s_accept, s_connect, \

s_get_meth) \

const SSL_METHOD *func_name(void) \

{ \

static const SSL_METHOD func_name##_data= { \

GM1_VERSION, \

tls1_new, \

tls1_clear, \

tls1_free, \

s_accept, \

s_connect, \

ssl3_read, \

ssl3_peek, \

ssl3_write, \

ssl3_shutdown, \

ssl3_renegotiate, \

ssl3_renegotiate_check, \

ssl3_get_message, \

ssl3_read_bytes, \

ssl3_write_bytes, \

ssl3_dispatch_alert, \

ssl3_ctrl, \

ssl3_ctx_ctrl, \

ssl3_get_cipher_by_char, \

ssl3_put_cipher_by_char, \

ssl3_pending, \

gm1_num_ciphers, \

gm1_get_cipher, \

s_get_meth, \

tls1_default_timeout, \

&GMSSLv1_enc_data, \

ssl_undefined_void_function, \

ssl3_callback_ctrl, \

ssl3_ctx_callback_ctrl, \

}; \

return &func_name##_data; \

}

# endif /* GMSSL */

# define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \

s_get_meth, enc_data) \

const SSL_METHOD *func_name(void) \

{ \

static const SSL_METHOD func_name##_data= { \

version, \

tls1_new, \

tls1_clear, \

tls1_free, \

s_accept, \

s_connect, \

ssl3_read, \

ssl3_peek, \

ssl3_write, \

ssl3_shutdown, \

ssl3_renegotiate, \

ssl3_renegotiate_check, \

ssl3_get_message, \

ssl3_read_bytes, \

ssl3_write_bytes, \

ssl3_dispatch_alert, \

ssl3_ctrl, \

ssl3_ctx_ctrl, \

ssl3_get_cipher_by_char, \

ssl3_put_cipher_by_char, \

ssl3_pending, \

ssl3_num_ciphers, \

ssl3_get_cipher, \

s_get_meth, \

tls1_default_timeout, \

&enc_data, \

ssl_undefined_void_function, \

ssl3_callback_ctrl, \

ssl3_ctx_callback_ctrl, \

}; \

return &func_name##_data; \

}

# define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \

const SSL_METHOD *func_name(void) \

{ \

static const SSL_METHOD func_name##_data= { \

SSL3_VERSION, \

ssl3_new, \

ssl3_clear, \

ssl3_free, \

s_accept, \

s_connect, \

ssl3_read, \

ssl3_peek, \

ssl3_write, \

ssl3_shutdown, \

ssl3_renegotiate, \

ssl3_renegotiate_check, \

ssl3_get_message, \

ssl3_read_bytes, \

ssl3_write_bytes, \

ssl3_dispatch_alert, \

ssl3_ctrl, \

ssl3_ctx_ctrl, \

ssl3_get_cipher_by_char, \

ssl3_put_cipher_by_char, \

ssl3_pending, \

ssl3_num_ciphers, \

ssl3_get_cipher, \

s_get_meth, \

ssl3_default_timeout, \

&SSLv3_enc_data, \

View remainder of file in raw view

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FilesExpand file tree

ssl_locl.h

Latest commit

History

ssl_locl.h

File metadata and controls