113
113
* ECC cipher suite support in OpenSSL originally developed by
114
114
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
116
/* ====================================================================
117
* Copyright 2005 Nokia. All rights reserved.
119
* The portions of the attached software ("Contribution") is developed by
120
* Nokia Corporation and is licensed pursuant to the OpenSSL open source
123
* The Contribution, originally written by Mika Kousa and Pasi Eronen of
124
* Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125
* support (see RFC 4279) to OpenSSL.
127
* No patent licenses or other rights except those expressly stated in
128
* the OpenSSL open source license shall be deemed granted or received
129
* expressly, by implication, estoppel, or otherwise.
131
* No assurances are provided by Nokia that the Contribution does not
132
* infringe the patent or other intellectual property rights of any third
133
* party or that the license provides you with all the necessary rights
134
* to make use of the Contribution.
136
* THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137
* ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138
* SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139
* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
117
143
#ifndef HEADER_SSL_LOCL_H
118
144
#define HEADER_SSL_LOCL_H
251
277
* that the different entities within are mutually exclusive:
252
278
* ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
254
#define SSL_MKEY_MASK 0x000000FFL
281
/* Bits for algorithm_mkey (key exchange algorithm) */
255
282
#define SSL_kRSA 0x00000001L /* RSA key exchange */
256
#define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */
257
#define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */
258
#define SSL_kFZA 0x00000008L
259
#define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */
260
#define SSL_kKRB5 0x00000020L /* Kerberos5 key exchange */
261
#define SSL_kECDH 0x00000040L /* ECDH w/ long-term keys */
262
#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */
263
#define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL))
265
#define SSL_AUTH_MASK 0x00007F00L
266
#define SSL_aRSA 0x00000100L /* Authenticate with RSA */
267
#define SSL_aDSS 0x00000200L /* Authenticate with DSS */
268
#define SSL_DSS SSL_aDSS
269
#define SSL_aFZA 0x00000400L
270
#define SSL_aNULL 0x00000800L /* no Authenticate, ADH */
271
#define SSL_aDH 0x00001000L /* no Authenticate, ADH */
272
#define SSL_aKRB5 0x00002000L /* Authenticate with KRB5 */
273
#define SSL_aECDSA 0x00004000L /* Authenticate with ECDSA */
275
#define SSL_NULL (SSL_eNULL)
276
#define SSL_ADH (SSL_kEDH|SSL_aNULL)
277
#define SSL_RSA (SSL_kRSA|SSL_aRSA)
278
#define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH)
279
#define SSL_ECDH (SSL_kECDH|SSL_kECDHE)
280
#define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA)
281
#define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5)
283
#define SSL_ENC_MASK 0x1C3F8000L
284
#define SSL_DES 0x00008000L
285
#define SSL_3DES 0x00010000L
286
#define SSL_RC4 0x00020000L
287
#define SSL_RC2 0x00040000L
288
#define SSL_IDEA 0x00080000L
289
#define SSL_eFZA 0x00100000L
290
#define SSL_eNULL 0x00200000L
291
#define SSL_AES 0x04000000L
292
#define SSL_CAMELLIA 0x08000000L
293
#define SSL_SEED 0x10000000L
295
#define SSL_MAC_MASK 0x00c00000L
296
#define SSL_MD5 0x00400000L
297
#define SSL_SHA1 0x00800000L
298
#define SSL_SHA (SSL_SHA1)
300
#define SSL_SSL_MASK 0x03000000L
301
#define SSL_SSLV2 0x01000000L
302
#define SSL_SSLV3 0x02000000L
283
#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */
284
#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */
285
#define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */
286
#define SSL_kKRB5 0x00000010L /* Kerberos5 key exchange */
287
#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */
288
#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */
289
#define SSL_kEECDH 0x00000080L /* ephemeral ECDH */
290
#define SSL_kPSK 0x00000100L /* PSK */
291
#define SSL_kGOST 0x00000200L /* GOST key exchange */
293
/* Bits for algorithm_auth (server authentication) */
294
#define SSL_aRSA 0x00000001L /* RSA auth */
295
#define SSL_aDSS 0x00000002L /* DSS auth */
296
#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */
297
#define SSL_aDH 0x00000008L /* Fixed DH auth (kDHd or kDHr) */ /* no such ciphersuites supported! */
298
#define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */
299
#define SSL_aKRB5 0x00000020L /* KRB5 auth */
300
#define SSL_aECDSA 0x00000040L /* ECDSA auth*/
301
#define SSL_aPSK 0x00000080L /* PSK auth */
302
#define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */
303
#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */
306
/* Bits for algorithm_enc (symmetric encryption) */
307
#define SSL_DES 0x00000001L
308
#define SSL_3DES 0x00000002L
309
#define SSL_RC4 0x00000004L
310
#define SSL_RC2 0x00000008L
311
#define SSL_IDEA 0x00000010L
312
#define SSL_eNULL 0x00000020L
313
#define SSL_AES128 0x00000040L
314
#define SSL_AES256 0x00000080L
315
#define SSL_CAMELLIA128 0x00000100L
316
#define SSL_CAMELLIA256 0x00000200L
317
#define SSL_eGOST2814789CNT 0x00000400L
318
#define SSL_SEED 0x00000800L
320
#define SSL_AES (SSL_AES128|SSL_AES256)
321
#define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
324
/* Bits for algorithm_mac (symmetric authentication) */
325
#define SSL_MD5 0x00000001L
326
#define SSL_SHA1 0x00000002L
327
#define SSL_GOST94 0x00000004L
328
#define SSL_GOST89MAC 0x00000008L
330
/* Bits for algorithm_ssl (protocol version) */
331
#define SSL_SSLV2 0x00000001L
332
#define SSL_SSLV3 0x00000002L
303
333
#define SSL_TLSV1 SSL_SSLV3 /* for now */
305
/* we have used 1fffffff - 3 bits left to go. */
336
/* Bits for algorithm2 (handshake digests and other extra flags) */
338
#define SSL_HANDSHAKE_MAC_MD5 0x10
339
#define SSL_HANDSHAKE_MAC_SHA 0x20
340
#define SSL_HANDSHAKE_MAC_GOST94 0x40
341
#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
343
/* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX
344
* make sure to update this constant too */
345
#define SSL_MAX_DIGEST 4
347
#define TLS1_PRF_DGST_SHIFT 8
348
#define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT)
349
#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
350
#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
351
#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
353
/* Stream MAC for GOST ciphersuites from cryptopro draft
354
* (currently this also goes into algorithm2) */
355
#define TLS1_STREAM_MAC 0x04
308
360
* Export and cipher strength information. For each cipher we have to decide
569
#ifndef OPENSSL_NO_BUF_FREELISTS
570
typedef struct ssl3_buf_freelist_st
574
struct ssl3_buf_freelist_entry_st *head;
577
typedef struct ssl3_buf_freelist_entry_st
579
struct ssl3_buf_freelist_entry_st *next;
580
} SSL3_BUF_FREELIST_ENTRY;
515
583
extern SSL3_ENC_METHOD ssl3_undef_enc_method;
516
OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
584
OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];
517
585
OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
520
588
SSL_METHOD *ssl_bad_method(int ver);
521
SSL_METHOD *sslv2_base_method(void);
522
SSL_METHOD *sslv23_base_method(void);
523
SSL_METHOD *sslv3_base_method(void);
525
590
extern SSL3_ENC_METHOD TLSv1_enc_data;
526
591
extern SSL3_ENC_METHOD SSLv3_enc_data;
527
592
extern SSL3_ENC_METHOD DTLSv1_enc_data;
529
594
#define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
530
SSL_METHOD *func_name(void) \
595
const SSL_METHOD *func_name(void) \
532
static SSL_METHOD func_name##_data= { \
597
static const SSL_METHOD func_name##_data= { \
735
802
const char *rule_str);
736
803
void ssl_update_cache(SSL *s, int mode);
737
804
int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
738
const EVP_MD **md,SSL_COMP **comp);
805
const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp);
806
int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);
739
807
int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
740
808
int ssl_undefined_function(SSL *s);
741
809
int ssl_undefined_void_function(void);
742
810
int ssl_undefined_const_function(const SSL *s);
743
811
X509 *ssl_get_server_send_cert(SSL *);
744
EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
812
EVP_PKEY *ssl_get_sign_pkey(SSL *,const SSL_CIPHER *);
745
813
int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
746
void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
814
void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
747
815
STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
748
816
int ssl_verify_alarm_type(long type);
749
817
void ssl_load_ciphers(void);
796
864
long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
797
865
int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
798
866
int ssl3_num_ciphers(void);
799
SSL_CIPHER *ssl3_get_cipher(unsigned int u);
867
const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
800
868
int ssl3_renegotiate(SSL *ssl);
801
869
int ssl3_renegotiate_check(SSL *ssl);
802
870
int ssl3_dispatch_alert(SSL *s);
803
871
int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
804
872
int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
805
int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
806
const char *sender, int slen,unsigned char *p);
807
int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
873
int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,unsigned char *p);
874
int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
808
875
void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
809
876
int ssl3_enc(SSL *s, int send_data);
810
int ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
877
int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
878
void ssl3_free_digest_list(SSL *s);
811
879
unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
812
880
SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
813
881
STACK_OF(SSL_CIPHER) *srvr);
814
882
int ssl3_setup_buffers(SSL *s);
883
int ssl3_setup_read_buffer(SSL *s);
884
int ssl3_setup_write_buffer(SSL *s);
885
int ssl3_release_read_buffer(SSL *s);
886
int ssl3_release_write_buffer(SSL *s);
887
int ssl3_digest_cached_records(SSL *s);
815
888
int ssl3_new(SSL *s);
816
889
void ssl3_free(SSL *s);
817
890
int ssl3_accept(SSL *s);