generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

This commit was manufactured by cvs2svn to create branch 'OpenSSL-engine-

Browse Source 
0_9_6-stable'.
This commit is contained in:
cvs2svn
2001-11-10 02:12:57 +00:00
parent 5aa14f636f 65123f8064
commit d8616888ee
21 changed files with 3952 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1498
crypto/bn/asm/ia64.S Normal file
View File

File diff suppressed because it is too large Load Diff

922
crypto/engine/hw_ubsec.c Normal file
View File

@@ -0,0 +1,922 @@
/* crypto/engine/hw_ubsec.c */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
* project 2000.
*
* Cloned shamelessly by Joe Tardo.
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <openssl/crypto.h>
#include "cryptlib.h"
#include <openssl/dso.h>
#include <openssl/engine.h>
#ifndef OPENSSL_NO_HW
#ifndef OPENSSL_NO_HW_UBSEC
#ifdef FLAT_INC
#include "hw_ubsec.h"
#else
#include "vendor_defns/hw_ubsec.h"
#endif
static int ubsec_destroy(ENGINE *e);
static int ubsec_init(ENGINE *e);
static int ubsec_finish(ENGINE *e);
static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dp,
const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx);
#ifndef OPENSSL_NO_RSA
static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
#endif
static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
#ifndef OPENSSL_NO_DSA
#if NOT_USED
static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *in_mont);
static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
#endif
static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
#endif
#ifndef OPENSSL_NO_DH
static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
static int ubsec_dh_generate_key(DH *dh);
#endif
#if NOT_USED
static int ubsec_rand_bytes(unsigned char *buf, int num);
static int ubsec_rand_status(void);
#endif
#define UBSEC_CMD_SO_PATH ENGINE_CMD_BASE
static const ENGINE_CMD_DEFN ubsec_cmd_defns[] = {
{UBSEC_CMD_SO_PATH,
"SO_PATH",
"Specifies the path to the 'ubsec' shared library",
ENGINE_CMD_FLAG_STRING},
{0, NULL, NULL, 0}
};
#ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD ubsec_rsa =
{
"UBSEC RSA method",
NULL,
NULL,
NULL,
NULL,
ubsec_rsa_mod_exp,
ubsec_mod_exp_mont,
NULL,
NULL,
0,
NULL,
NULL,
NULL
};
#endif
#ifndef OPENSSL_NO_DSA
/* Our internal DSA_METHOD that we provide pointers to */
static DSA_METHOD ubsec_dsa =
{
"UBSEC DSA method",
ubsec_dsa_do_sign, /* dsa_do_sign */
NULL, /* dsa_sign_setup */
ubsec_dsa_verify, /* dsa_do_verify */
NULL, /* ubsec_dsa_mod_exp */ /* dsa_mod_exp */
NULL, /* ubsec_mod_exp_dsa */ /* bn_mod_exp */
NULL, /* init */
NULL, /* finish */
0, /* flags */
NULL /* app_data */
};
#endif
#ifndef OPENSSL_NO_DH
/* Our internal DH_METHOD that we provide pointers to */
static DH_METHOD ubsec_dh =
{
"UBSEC DH method",
ubsec_dh_generate_key,
ubsec_dh_compute_key,
ubsec_mod_exp_dh,
NULL,
NULL,
0,
NULL
};
#endif
#ifndef OPENSSL_NO_ERR
/* Error function codes for use in ubsec operation */
#define UBSEC_F_UBSEC_INIT 100
#define UBSEC_F_UBSEC_FINISH 101
#define UBSEC_F_UBSEC_CTRL 102
#define UBSEC_F_UBSEC_MOD_EXP 103
#define UBSEC_F_UBSEC_RSA_MOD_EXP 104
#define UBSEC_F_UBSEC_RSA_MOD_EXP_CRT 105
#define UBSEC_F_UBSEC_DSA_SIGN 106
#define UBSEC_F_UBSEC_DSA_VERIFY 107
/* Error reason codes */
#define UBSEC_R_ALREADY_LOADED 108
#define UBSEC_R_DSO_FAILURE 109
#define UBSEC_R_UNIT_FAILURE 110
#define UBSEC_R_NOT_LOADED 111
#define UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED 112
#define UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL 113
#define UBSEC_R_BN_EXPAND_FAIL 114
#define UBSEC_R_REQUEST_FAILED 115
#define UBSEC_R_MISSING_KEY_COMPONENTS 116
static ERR_STRING_DATA ubsec_str_functs[] =
{
/* This first element is changed to match the dynamic 'lib' number */
{ERR_PACK(0,0,0), "ubsec engine code"},
{ERR_PACK(0,UBSEC_F_UBSEC_INIT,0), "ubsec_init"},
{ERR_PACK(0,UBSEC_F_UBSEC_FINISH,0), "ubsec_finish"},
{ERR_PACK(0,UBSEC_F_UBSEC_CTRL,0), "ubsec_ctrl"},
{ERR_PACK(0,UBSEC_F_UBSEC_MOD_EXP,0), "ubsec_mod_exp"},
{ERR_PACK(0,UBSEC_F_UBSEC_RSA_MOD_EXP,0), "ubsec_rsa_mod_exp"},
{ERR_PACK(0,UBSEC_F_UBSEC_RSA_MOD_EXP_CRT,0), "ubsec_rsa_mod_exp_crt"},
{ERR_PACK(0,UBSEC_F_UBSEC_DSA_SIGN,0), "ubsec_dsa_sign"},
{ERR_PACK(0,UBSEC_F_UBSEC_DSA_VERIFY,0), "ubsec_dsa_verify"},
/* Error reason codes */
{UBSEC_R_ALREADY_LOADED ,"already loaded"},
{UBSEC_R_DSO_FAILURE ,"DSO failure"},
{UBSEC_R_UNIT_FAILURE ,"unit failure"},
{UBSEC_R_NOT_LOADED ,"not loaded"},
{UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
{UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"},
{UBSEC_R_BN_EXPAND_FAIL ,"bn_expand fail"},
{UBSEC_R_REQUEST_FAILED ,"request failed"},
{UBSEC_R_MISSING_KEY_COMPONENTS ,"missing key components"},
{0,NULL}
};
/* The library number we obtain dynamically from the ERR code */
static int ubsec_err_lib = -1;
#define UBSECerr(f,r) ERR_PUT_error(ubsec_err_lib,(f),(r),__FILE__,__LINE__)
static void ubsec_load_error_strings(void)
{
if(ubsec_err_lib < 0)
{
if((ubsec_err_lib = ERR_get_next_error_library()) <= 0)
return;
ubsec_str_functs[0].error = ERR_PACK(ubsec_err_lib,0,0);
ERR_load_strings(ubsec_err_lib, ubsec_str_functs);
}
}
static void ubsec_unload_error_strings(void)
{
if(ubsec_err_lib >= 0)
{
ERR_unload_strings(ubsec_err_lib, ubsec_str_functs);
ubsec_err_lib = -1;
}
}
#else
#define UBSECerr(f,r) /* NOP */
static void ubsec_load_error_strings(void) { } /* NOP */
static void ubsec_unload_error_strings(void) { } /* NOP */
#endif
/* Constants used when creating the ENGINE */
static const char *engine_ubsec_id = "ubsec";
static const char *engine_ubsec_name = "UBSEC hardware engine support";
/* This internal function is used by ENGINE_ubsec() and possibly by the
* "dynamic" ENGINE support too */
static int bind_helper(ENGINE *e)
{
#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
#endif
#ifndef OPENSSL_NO_DH
#ifndef HAVE_UBSEC_DH
const DH_METHOD *meth3;
#endif /* HAVE_UBSEC_DH */
#endif
if(!ENGINE_set_id(e, engine_ubsec_id) ||
!ENGINE_set_name(e, engine_ubsec_name) ||
#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &ubsec_rsa) ||
#endif
#ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(e, &ubsec_dsa) ||
#endif
#ifndef OPENSSL_NO_DH
!ENGINE_set_DH(e, &ubsec_dh) ||
#endif
!ENGINE_set_destroy_function(e, ubsec_destroy) ||
!ENGINE_set_init_function(e, ubsec_init) ||
!ENGINE_set_finish_function(e, ubsec_finish) ||
!ENGINE_set_ctrl_function(e, ubsec_ctrl) ||
!ENGINE_set_cmd_defns(e, ubsec_cmd_defns))
return 0;
#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the Broadcom-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
* anything "more generic" because something like the RSAref
* code may not hook properly, and if you own one of these
* cards then you have the right to do RSA operations on it
* anyway! */
meth1 = RSA_PKCS1_SSLeay();
ubsec_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
#endif
#ifndef OPENSSL_NO_DH
#ifndef HAVE_UBSEC_DH
/* Much the same for Diffie-Hellman */
meth3 = DH_OpenSSL();
ubsec_dh.generate_key = meth3->generate_key;
ubsec_dh.compute_key = meth3->compute_key;
#endif /* HAVE_UBSEC_DH */
#endif
/* Ensure the ubsec error handling is set up */
ubsec_load_error_strings();
return 1;
}
static ENGINE *engine_ubsec(void)
{
ENGINE *ret = ENGINE_new();
if(!ret)
return NULL;
if(!bind_helper(ret))
{
ENGINE_free(ret);
return NULL;
}
return ret;
}
void ENGINE_load_ubsec(void)
{
/* Copied from eng_[openssl|dyn].c */
ENGINE *toadd = engine_ubsec();
if(!toadd) return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}
/* This is a process-global DSO handle used for loading and unloading
* the UBSEC library. NB: This is only set (or unset) during an
* init() or finish() call (reference counts permitting) and they're
* operating with global locks, so this should be thread-safe
* implicitly. */
static DSO *ubsec_dso = NULL;
/* These are the function pointers that are (un)set when the library has
* successfully (un)loaded. */
static t_UBSEC_ubsec_bytes_to_bits *p_UBSEC_ubsec_bytes_to_bits = NULL;
static t_UBSEC_ubsec_bits_to_bytes *p_UBSEC_ubsec_bits_to_bytes = NULL;
static t_UBSEC_ubsec_open *p_UBSEC_ubsec_open = NULL;
static t_UBSEC_ubsec_close *p_UBSEC_ubsec_close = NULL;
#ifndef OPENSSL_NO_DH
static t_UBSEC_diffie_hellman_generate_ioctl
*p_UBSEC_diffie_hellman_generate_ioctl = NULL;
static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL;
#endif
/* #ifndef OPENSSL_NO_RSA */
static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;
static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
/* #endif */
#ifndef OPENSSL_NO_DSA
static t_UBSEC_dsa_sign_ioctl *p_UBSEC_dsa_sign_ioctl = NULL;
static t_UBSEC_dsa_verify_ioctl *p_UBSEC_dsa_verify_ioctl = NULL;
#endif
static t_UBSEC_math_accelerate_ioctl *p_UBSEC_math_accelerate_ioctl = NULL;
static t_UBSEC_rng_ioctl *p_UBSEC_rng_ioctl = NULL;
/*
* These are the static string constants for the DSO file name and the function
* symbol names to bind to.
*/
static const char *UBSEC_LIBNAME = "ubsec";
static const char *UBSEC_F1 = "ubsec_bytes_to_bits";
static const char *UBSEC_F2 = "ubsec_bits_to_bytes";
static const char *UBSEC_F3 = "ubsec_open";
static const char *UBSEC_F4 = "ubsec_close";
#ifndef OPENSSL_NO_DH
static const char *UBSEC_F5 = "diffie_hellman_generate_ioctl";
static const char *UBSEC_F6 = "diffie_hellman_agree_ioctl";
#endif
/* #ifndef OPENSSL_NO_RSA */
static const char *UBSEC_F7 = "rsa_mod_exp_ioctl";
static const char *UBSEC_F8 = "rsa_mod_exp_crt_ioctl";
/* #endif */
#ifndef OPENSSL_NO_DSA
static const char *UBSEC_F9 = "dsa_sign_ioctl";
static const char *UBSEC_F10 = "dsa_verify_ioctl";
#endif
static const char *UBSEC_F11 = "math_accelerate_ioctl";
static const char *UBSEC_F12 = "rng_ioctl";
/* Destructor (complements the "ENGINE_ubsec()" constructor) */
static int ubsec_destroy(ENGINE *e)
{
ubsec_unload_error_strings();
return 1;
}
/* (de)initialisation functions. */
static int ubsec_init(ENGINE *e)
{
t_UBSEC_ubsec_bytes_to_bits *p1;
t_UBSEC_ubsec_bits_to_bytes *p2;
t_UBSEC_ubsec_open *p3;
t_UBSEC_ubsec_close *p4;
#ifndef OPENSSL_NO_DH
t_UBSEC_diffie_hellman_generate_ioctl *p5;
t_UBSEC_diffie_hellman_agree_ioctl *p6;
#endif
/* #ifndef OPENSSL_NO_RSA */
t_UBSEC_rsa_mod_exp_ioctl *p7;
t_UBSEC_rsa_mod_exp_crt_ioctl *p8;
/* #endif */
#ifndef OPENSSL_NO_DSA
t_UBSEC_dsa_sign_ioctl *p9;
t_UBSEC_dsa_verify_ioctl *p10;
#endif
t_UBSEC_math_accelerate_ioctl *p11;
t_UBSEC_rng_ioctl *p12;
int fd = 0;
if(ubsec_dso != NULL)
{
UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_ALREADY_LOADED);
goto err;
}
/*
* Attempt to load libubsec.so/ubsec.dll/whatever.
*/
ubsec_dso = DSO_load(NULL, UBSEC_LIBNAME, NULL, 0);
if(ubsec_dso == NULL)
{
UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
goto err;
}
if (
!(p1 = (t_UBSEC_ubsec_bytes_to_bits *) DSO_bind_func(ubsec_dso, UBSEC_F1)) ||
!(p2 = (t_UBSEC_ubsec_bits_to_bytes *) DSO_bind_func(ubsec_dso, UBSEC_F2)) ||
!(p3 = (t_UBSEC_ubsec_open *) DSO_bind_func(ubsec_dso, UBSEC_F3)) ||
!(p4 = (t_UBSEC_ubsec_close *) DSO_bind_func(ubsec_dso, UBSEC_F4)) ||
#ifndef OPENSSL_NO_DH
!(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *)
DSO_bind_func(ubsec_dso, UBSEC_F5)) ||
!(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *)
DSO_bind_func(ubsec_dso, UBSEC_F6)) ||
#endif
/* #ifndef OPENSSL_NO_RSA */
!(p7 = (t_UBSEC_rsa_mod_exp_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F7)) ||
!(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F8)) ||
/* #endif */
#ifndef OPENSSL_NO_DSA
!(p9 = (t_UBSEC_dsa_sign_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F9)) ||
!(p10 = (t_UBSEC_dsa_verify_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F10)) ||
#endif
!(p11 = (t_UBSEC_math_accelerate_ioctl *)
DSO_bind_func(ubsec_dso, UBSEC_F11)) ||
!(p12 = (t_UBSEC_rng_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F12)))
{
UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
goto err;
}
/* Copy the pointers */
p_UBSEC_ubsec_bytes_to_bits = p1;
p_UBSEC_ubsec_bits_to_bytes = p2;
p_UBSEC_ubsec_open = p3;
p_UBSEC_ubsec_close = p4;
#ifndef OPENSSL_NO_DH
p_UBSEC_diffie_hellman_generate_ioctl = p5;
p_UBSEC_diffie_hellman_agree_ioctl = p6;
#endif
#ifndef OPENSSL_NO_RSA
p_UBSEC_rsa_mod_exp_ioctl = p7;
p_UBSEC_rsa_mod_exp_crt_ioctl = p8;
#endif
#ifndef OPENSSL_NO_DSA
p_UBSEC_dsa_sign_ioctl = p9;
p_UBSEC_dsa_verify_ioctl = p10;
#endif
p_UBSEC_math_accelerate_ioctl = p11;
p_UBSEC_rng_ioctl = p12;
/* Perform an open to see if there's actually any unit running. */
if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) > 0)
{
p_UBSEC_ubsec_close(fd);
return 1;
}
else
{
UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
}
err:
if(ubsec_dso)
DSO_free(ubsec_dso);
p_UBSEC_ubsec_bytes_to_bits = NULL;
p_UBSEC_ubsec_bits_to_bytes = NULL;
p_UBSEC_ubsec_open = NULL;
p_UBSEC_ubsec_close = NULL;
#ifndef OPENSSL_NO_DH
p_UBSEC_diffie_hellman_generate_ioctl = NULL;
p_UBSEC_diffie_hellman_agree_ioctl = NULL;
#endif
#ifndef OPENSSL_NO_RSA
p_UBSEC_rsa_mod_exp_ioctl = NULL;
p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
#endif
#ifndef OPENSSL_NO_DSA
p_UBSEC_dsa_sign_ioctl = NULL;
p_UBSEC_dsa_verify_ioctl = NULL;
#endif
p_UBSEC_math_accelerate_ioctl = NULL;
p_UBSEC_rng_ioctl = NULL;
return 0;
}
static int ubsec_finish(ENGINE *e)
{
if(ubsec_dso == NULL)
{
UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_NOT_LOADED);
return 0;
}
if(!DSO_free(ubsec_dso))
{
UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_DSO_FAILURE);
return 0;
}
ubsec_dso = NULL;
p_UBSEC_ubsec_bytes_to_bits = NULL;
p_UBSEC_ubsec_bits_to_bytes = NULL;
p_UBSEC_ubsec_open = NULL;
p_UBSEC_ubsec_close = NULL;
#ifndef OPENSSL_NO_DH
p_UBSEC_diffie_hellman_generate_ioctl = NULL;
p_UBSEC_diffie_hellman_agree_ioctl = NULL;
#endif
#ifndef OPENSSL_NO_RSA
p_UBSEC_rsa_mod_exp_ioctl = NULL;
p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
#endif
#ifndef OPENSSL_NO_DSA
p_UBSEC_dsa_sign_ioctl = NULL;
p_UBSEC_dsa_verify_ioctl = NULL;
#endif
p_UBSEC_math_accelerate_ioctl = NULL;
p_UBSEC_rng_ioctl = NULL;
return 1;
}
static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
{
int initialised = ((ubsec_dso == NULL) ? 0 : 1);
switch(cmd)
{
case UBSEC_CMD_SO_PATH:
if(p == NULL)
{
UBSECerr(UBSEC_F_UBSEC_CTRL,ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if(initialised)
{
UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_ALREADY_LOADED);
return 0;
}
UBSEC_LIBNAME = (const char *)p;
return 1;
default:
break;
}
UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED);
return 0;
}
static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx)
{
int y_len = 0;
int fd;
if(ubsec_dso == NULL)
{
UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_NOT_LOADED);
return 0;
}
/* Check if hardware can't handle this argument. */
y_len = BN_num_bits(m);
if (y_len > 1024) {
UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
return 0;
}
if(!bn_wexpand(r, m->top))
{
UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
return 0;
}
memset(r->d, 0, BN_num_bytes(m));
if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
fd = 0;
UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
return 0;
}
if (p_UBSEC_rsa_mod_exp_ioctl(fd, (unsigned char *)a->d, BN_num_bits(a),
(unsigned char *)m->d, BN_num_bits(m), (unsigned char *)p->d,
BN_num_bits(p), (unsigned char *)r->d, &y_len) != 0)
{
UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
return 0;
}
p_UBSEC_ubsec_close(fd);
r->top = (BN_num_bits(m)+BN_BITS2-1)/BN_BITS2;
return 1;
}
#ifndef OPENSSL_NO_RSA
static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
BN_CTX *ctx;
int to_return = 0;
if((ctx = BN_CTX_new()) == NULL)
goto err;
if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
{
UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS);
goto err;
}
/*
* Do in software if argument is too large for hardware.
*/
if ((BN_num_bits(rsa->p)+BN_num_bits(rsa->q)) > 1024) {
const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
to_return = (*meth->rsa_mod_exp)(r0, I, rsa);
} else {
to_return = ubsec_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
rsa->dmq1, rsa->iqmp, ctx);
}
err:
if(ctx)
BN_CTX_free(ctx);
return to_return;
}
#endif
static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dp,
const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx)
{
int y_len,
m_len,
fd;
m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1;
y_len = BN_num_bits(p) + BN_num_bits(q);
/* Check if hardware can't handle this argument. */
if (y_len > 1024) {
UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
return 0;
}
if (!bn_wexpand(r, p->top + q->top + 1)) {
UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL);
return 0;
}
if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
fd = 0;
UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
return 0;
}
if (p_UBSEC_rsa_mod_exp_crt_ioctl(fd,
(unsigned char *)a->d, BN_num_bits(a),
(unsigned char *)qinv->d, BN_num_bits(qinv),
(unsigned char *)dp->d, BN_num_bits(dp),
(unsigned char *)p->d, BN_num_bits(p),
(unsigned char *)dq->d, BN_num_bits(dq),
(unsigned char *)q->d, BN_num_bits(q),
(unsigned char *)r->d, &y_len) != 0) {
UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
return 0;
}
p_UBSEC_ubsec_close(fd);
r->top = (BN_num_bits(p) + BN_num_bits(q) + BN_BITS2 - 1)/BN_BITS2;
return 1;
}
#ifndef OPENSSL_NO_DSA
#if NOT_USED
static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *in_mont)
{
BIGNUM t;
int to_return = 0;
BN_init(&t);
/* let rr = a1 ^ p1 mod m */
if (!ubsec_mod_exp(rr,a1,p1,m,ctx)) goto end;
/* let t = a2 ^ p2 mod m */
if (!ubsec_mod_exp(&t,a2,p2,m,ctx)) goto end;
/* let rr = rr * t mod m */
if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
to_return = 1;
end:
BN_free(&t);
return to_return;
}
static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
return ubsec_mod_exp(r, a, p, m, ctx);
}
#endif
#endif
/*
* This function is aliased to mod_exp (with the mont stuff dropped).
*/
static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
int ret = 0;
#ifndef OPENSSL_NO_RSA
/* Do in software if the key is too large for the hardware. */
if (BN_num_bits(m) > 1024)
{
const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
ret = (*meth->bn_mod_exp)(r, a, p, m, ctx, m_ctx);
}
else
#endif
{
ret = ubsec_mod_exp(r, a, p, m, ctx);
}
return ret;
}
#ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
return ubsec_mod_exp(r, a, p, m, ctx);
}
#endif
#ifndef OPENSSL_NO_DSA
static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
DSA_SIG *to_return = NULL;
int s_len = 160, r_len = 160, d_len, fd;
BIGNUM m, *r=NULL, *s=NULL;
BN_init(&m);
s = BN_new();
r = BN_new();
if ((s == NULL) || (r==NULL))
goto err;
d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dlen);
if(!bn_wexpand(r, (160+BN_BITS2-1)/BN_BITS2) ||
(!bn_wexpand(s, (160+BN_BITS2-1)/BN_BITS2))) {
UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
goto err;
}
if (BN_bin2bn(dgst,dlen,&m) == NULL) {
UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
goto err;
}
if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
fd = 0;
UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
return 0;
}
if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */
(unsigned char *)dgst, d_len,
NULL, 0, /* compute random value */
(unsigned char *)dsa->p->d, BN_num_bits(dsa->p),
(unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
(unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
(unsigned char *)dsa->priv_key->d, BN_num_bits(dsa->priv_key),
(unsigned char *)r->d, &r_len,
(unsigned char *)s->d, &s_len ) != 0) {
UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_REQUEST_FAILED);
goto err;
}
p_UBSEC_ubsec_close(fd);
r->top = (160+BN_BITS2-1)/BN_BITS2;
s->top = (160+BN_BITS2-1)/BN_BITS2;
to_return = DSA_SIG_new();
if(to_return == NULL) {
UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
goto err;
}
to_return->r = r;
to_return->s = s;
err:
if (!to_return) {
if (r) BN_free(r);
if (s) BN_free(s);
}
BN_clear_free(&m);
return to_return;
}
static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa)
{
int v_len, d_len;
int to_return = 0;
int fd;
BIGNUM v;
BN_init(&v);
if(!bn_wexpand(&v, dsa->p->top)) {
UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY ,UBSEC_R_BN_EXPAND_FAIL);
goto err;
}
v_len = BN_num_bits(dsa->p);
d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dgst_len);
if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
fd = 0;
UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
return 0;
}
if (p_UBSEC_dsa_verify_ioctl(fd, 0, /* compute hash before signing */
(unsigned char *)dgst, d_len,
(unsigned char *)dsa->p->d, BN_num_bits(dsa->p),
(unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
(unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
(unsigned char *)dsa->pub_key->d, BN_num_bits(dsa->pub_key),
(unsigned char *)sig->r->d, BN_num_bits(sig->r),
(unsigned char *)sig->s->d, BN_num_bits(sig->s),
(unsigned char *)v.d, &v_len) != 0) {
UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY , UBSEC_R_REQUEST_FAILED);
goto err;
}
p_UBSEC_ubsec_close(fd);
to_return = 1;
err:
BN_clear_free(&v);
return to_return;
}
#endif
#ifndef OPENSSL_NO_DH
static int ubsec_dh_compute_key (unsigned char *key,const BIGNUM *pub_key,DH *dh)
{
return 0;
}
static int ubsec_dh_generate_key (DH *dh)
{
return 0;
}
#endif
#ifdef NOT_USED
static int ubsec_rand_bytes(unsigned char *buf, int num)
{
return 0;
}
static int ubsec_rand_status(void)
{
return 0;
}
#endif
/* This stuff is needed if this ENGINE is being compiled into a self-contained
* shared-library. */
#ifdef ENGINE_DYNAMIC_SUPPORT
static int bind_fn(ENGINE *e, const char *id)
{
if(id && (strcmp(id, engine_ubsec_id) != 0))
return 0;
if(!bind_helper(e))
return 0;
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
#endif /* ENGINE_DYNAMIC_SUPPORT */
#endif /* !OPENSSL_NO_HW_UBSEC */
#endif /* !OPENSSL_NO_HW */

99
crypto/engine/vendor_defns/hw_ubsec.h Normal file
View File

@@ -0,0 +1,99 @@
/******************************************************************************
*
* Copyright 2000
* Broadcom Corporation
* 16215 Alton Parkway
* PO Box 57013
* Irvine CA 92619-7013
*
*****************************************************************************/
/*
* Broadcom Corporation uBSec SDK
*/
/*
* Character device header file.
*/
/*
* Revision History:
*
* October 2000 JTT Created.
*/
#define MAX_PUBLIC_KEY_BITS (1024)
#define MAX_PUBLIC_KEY_BYTES (1024/8)
#define SHA_BIT_SIZE (160)
#define MAX_CRYPTO_KEY_LENGTH 24
#define MAX_MAC_KEY_LENGTH 64
#define UBSEC_CRYPTO_DEVICE_NAME ((unsigned char *)"/dev/ubscrypt")
#define UBSEC_KEY_DEVICE_NAME ((unsigned char *)"/dev/ubskey")
/* Math command types. */
#define UBSEC_MATH_MODADD 0x0001
#define UBSEC_MATH_MODSUB 0x0002
#define UBSEC_MATH_MODMUL 0x0004
#define UBSEC_MATH_MODEXP 0x0008
#define UBSEC_MATH_MODREM 0x0010
#define UBSEC_MATH_MODINV 0x0020
typedef long ubsec_MathCommand_t;
typedef long ubsec_RNGCommand_t;
typedef struct ubsec_crypto_context_s {
unsigned int flags;
unsigned char crypto[MAX_CRYPTO_KEY_LENGTH];
unsigned char auth[MAX_MAC_KEY_LENGTH];
} ubsec_crypto_context_t, *ubsec_crypto_context_p;
/*
* Predeclare the function pointer types that we dynamically load from the DSO.
*/
typedef int t_UBSEC_ubsec_bytes_to_bits(unsigned char *n, int bytes);
typedef int t_UBSEC_ubsec_bits_to_bytes(int bits);
typedef int t_UBSEC_ubsec_open(unsigned char *device);
typedef int t_UBSEC_ubsec_close(int fd);
typedef int t_UBSEC_diffie_hellman_generate_ioctl (int fd,
unsigned char *x, int *x_len, unsigned char *y, int *y_len,
unsigned char *g, int g_len, unsigned char *m, int m_len,
unsigned char *userX, int userX_len, int random_bits);
typedef int t_UBSEC_diffie_hellman_agree_ioctl (int fd,
unsigned char *x, int x_len, unsigned char *y, int y_len,
unsigned char *m, int m_len, unsigned char *k, int *k_len);
typedef int t_UBSEC_rsa_mod_exp_ioctl (int fd,
unsigned char *x, int x_len, unsigned char *m, int m_len,
unsigned char *e, int e_len, unsigned char *y, int *y_len);
typedef int t_UBSEC_rsa_mod_exp_crt_ioctl (int fd,
unsigned char *x, int x_len, unsigned char *qinv, int qinv_len,
unsigned char *edq, int edq_len, unsigned char *q, int q_len,
unsigned char *edp, int edp_len, unsigned char *p, int p_len,
unsigned char *y, int *y_len);
typedef int t_UBSEC_dsa_sign_ioctl (int fd,
int hash, unsigned char *data, int data_len,
unsigned char *rndom, int random_len,
unsigned char *p, int p_len, unsigned char *q, int q_len,
unsigned char *g, int g_len, unsigned char *key, int key_len,
unsigned char *r, int *r_len, unsigned char *s, int *s_len);
typedef int t_UBSEC_dsa_verify_ioctl (int fd,
int hash, unsigned char *data, int data_len,
unsigned char *p, int p_len, unsigned char *q, int q_len,
unsigned char *g, int g_len, unsigned char *key, int key_len,
unsigned char *r, int r_len, unsigned char *s, int s_len,
unsigned char *v, int *v_len);
typedef int t_UBSEC_math_accelerate_ioctl(int fd, ubsec_MathCommand_t command,
unsigned char *ModN, int *ModN_len, unsigned char *ExpE, int *ExpE_len,
unsigned char *ParamA, int *ParamA_len, unsigned char *ParamB, int *ParamB_len,
unsigned char *Result, int *Result_len);
typedef int t_UBSEC_rng_ioctl(int fd, ubsec_RNGCommand_t command,
unsigned char *Result, int *Result_len);

70
doc/ssl/SSL_COMP_add_compression_method.pod Normal file
View File

@@ -0,0 +1,70 @@
=pod
=head1 NAME
SSL_COMP_add_compression_method - handle SSL/TLS integrated compression methods
=head1 SYNOPSIS
#include <openssl/ssl.h>
int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
=head1 DESCRIPTION
SSL_COMP_add_compression_method() adds the compression method B<cm> with
the identifier B<id> to the list of available compression methods. This
list is globally maintained for all SSL operations within this application.
It cannot be set for specific SSL_CTX or SSL objects.
=head1 NOTES
The TLS standard (or SSLv3) allows the integration of compression methods
into the communication. The TLS RFC does however not specify compression
methods or their corresponding identifiers, so there is currently no compatible
way to integrate compression with unknown peers. It is therefore currently not
recommended to integrate compression into applications. Applications for
non-public use may agree on certain compression methods. Using different
compression methods with the same identifier will lead to connection failure.
An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1)
will unconditionally send the list of all compression methods enabled with
SSL_COMP_add_compression_method() to the server during the handshake.
Unlike the mechanisms to set a cipher list, there is no method available to
restrict the list of compression method on a per connection basis.
An OpenSSL server will match the identifiers listed by a client against
its own compression methods and will unconditionally activate compression
when a matching identifier is found. There is no way to restrict the list
of compression methods supported on a per connection basis.
The OpenSSL library has the compression methods B<COMP_rle()> and (when
especially enabled during compilation) B<COMP_zlib()> available.
=head1 WARNINGS
Once the identities of the compression methods for the TLS protocol have
been standardized, the compression API will most likely be changed. Using
it in the current state is not recommended.
=head1 RETURN VALUES
SSL_COMP_add_compression_method() may return the following values:
=over 4
=item 1
The operation succeeded.
=item 0
The operation failed. Check the error queue to find out the reason.
=back
=head1 SEE ALSO
L<ssl(3)|ssl(3)>
=cut

34
doc/ssl/SSL_CTX_ctrl.pod Normal file
View File

@@ -0,0 +1,34 @@
=pod
=head1 NAME
SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl - internal handling functions for SSL_CTX and SSL objects
=head1 SYNOPSIS
#include <openssl/ssl.h>
long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)());
long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
long SSL_callback_ctrl(SSL *, int cmd, void (*fp)());
=head1 DESCRIPTION
The SSL_*_ctrl() family of functions is used to manipulate settings of
the SSL_CTX and SSL objects. Depending on the command B<cmd> the arguments
B<larg>, B<parg>, or B<fp> are evaluated. These functions should never
be called directly. All functionalities needed are made available via
other functions or macros.
=head1 RETURN VALUES
The return values of the SSL*_ctrl() functions depend on the command
supplied via the B<cmd> parameter.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>
=cut

57
doc/ssl/SSL_CTX_set_cert_store.pod Normal file
View File

@@ -0,0 +1,57 @@
=pod
=head1 NAME
SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage
=head1 SYNOPSIS
#include <openssl/ssl.h>
void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store);
X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx);
=head1 DESCRIPTION
SSL_CTX_set_cert_store() sets/replaces the certificate verification storage
of B<ctx> to/with B<store>. If another X505_STORE object is currently
set in B<ctx>, it will be X509_STORE_free()ed.
SSL_CTX_get_cert_store() returns a pointer to the current certificate
verification storage.
=head1 NOTES
In order to verify the certificates presented by the peer, trusted CA
certificates must be accessed. These CA certificates are made available
via lookup methods, handled inside the X509_STORE. From the X509_STORE
the X509_STORE_CTX used when verifying certificates is created.
Typically the trusted certificate store is handled indirectly via using
L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.
Using the SSL_CTX_set_cert_store() and SSL_CTX_get_cert_store() functions
it is possible to manipulate the X509_STORE object beyond the
L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
call.
Currently no detailed documentation on how to use the X509_STORE
object is available. Not all members of the X509_STORE are used when
the verification takes place. So will e.g. the verify_callback() be
overridden with the verify_callback() set via the
L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> family of functions.
This document must therefore be updated when documentation about the
X509_STORE object and its handling becomes available.
=head1 RETURN VALUES
SSL_CTX_set_cert_store() does not return diagnostic output.
SSL_CTX_get_cert_store() returns the current setting.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>,
L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>,
L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
=cut

75
doc/ssl/SSL_CTX_set_cert_verify_callback.pod Normal file
View File

@@ -0,0 +1,75 @@
=pod
=head1 NAME
SSL_CTX_set_cert_verify_callback - set peer certificate verification procedure
=head1 SYNOPSIS
#include <openssl/ssl.h>
void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(),
char *arg);
int (*callback)();
=head1 DESCRIPTION
SSL_CTX_set_cert_verify_callback() sets the verification callback function for
B<ctx>. SSL objects, that are created from B<ctx> inherit the setting valid at
the time, L<SSL_new(3)|SSL_new(3)> is called. B<arg> is currently ignored.
=head1 NOTES
Whenever a certificate is verified during a SSL/TLS handshake, a verification
function is called. If the application does not explicitly specify a
verification callback function, the built-in verification function is used.
If a verification callback B<callback> is specified via
SSL_CTX_set_cert_verify_callback(), the supplied callback function is called
instead. By setting B<callback> to NULL, the default behaviour is restored.
When the verification must be performed, B<callback> will be called with
the argument callback(X509_STORE_CTX *x509_store_ctx). The arguments B<arg>
that can be specified when setting B<callback> are currently ignored.
B<callback> should return 1 to indicate verification success and 0 to
indicate verification failure. If SSL_VERIFY_PEER is set and B<callback>
returns 0, the handshake will fail. As the verification procedure may
allow to continue the connection in case of failure (by always returning 1)
the verification result must be set in any case using the B<error>
member of B<x509_store_ctx>, so that the calling application will be informed
about the detailed result of the verification procedure!
Within B<x509_store_ctx>, B<callback> has access to the B<verify_callback>
function set using L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>.
=head1 WARNINGS
Do not mix the verification callback described in this function with the
B<verify_callback> function called during the verification process. The
latter is set using the L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
family of functions.
Providing a complete verification procedure including certificate purpose
settings etc is a complex task. The built-in procedure is quite powerful
and in most cases it should be sufficient to modify its behaviour using
the B<verify_callback> function.
=head1 BUGS
It is possible to specify arguments to be passed to the verification callback.
Currently they are however not passed but ignored.
The B<callback> function is not specified via a prototype, so that no
type checking takes place.
=head1 RETURN VALUES
SSL_CTX_set_cert_verify_callback() does not provide diagnostic information.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
=cut

153
doc/ssl/SSL_CTX_set_info_callback.pod Normal file
View File

@@ -0,0 +1,153 @@
=pod
=head1 NAME
SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback - handle information callback for SSL connections
=head1 SYNOPSIS
#include <openssl/ssl.h>
void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)());
void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))();
void SSL_set_info_callback(SSL *ssl, void (*callback)());
void (*SSL_get_info_callback(SSL *ssl))();
=head1 DESCRIPTION
SSL_CTX_set_info_callback() sets the B<callback> function, that can be used to
obtain state information for SSL objects created from B<ctx> during connection
setup and use. The setting for B<ctx> is overridden from the setting for
a specific SSL object, if specified.
When B<callback> is NULL, not callback function is used.
SSL_set_info_callback() sets the B<callback> function, that can be used to
obtain state information for B<ssl> during connection setup and use.
When B<callback> is NULL, the callback setting currently valid for
B<ctx> is used.
SSL_CTX_get_info_callback() returns a pointer to the currently set information
callback function for B<ctx>.
SSL_get_info_callback() returns a pointer to the currently set information
callback function for B<ssl>.
=head1 NOTES
When setting up a connection and during use, it is possible to obtain state
information from the SSL/TLS engine. When set, an information callback function
is called whenever the state changes, an alert appears, or an error occurs.
The callback function is called as B<callback(SSL *ssl, int where, int ret)>.
The B<where> argument specifies information about where (in which context)
the callback function was called. If B<ret> is 0, an error condition occurred.
If an alert is handled, SSL_CB_ALERT is set and B<ret> specifies the alert
information.
B<where> is a bitmask made up of the following bits:
=over 4
=item SSL_CB_LOOP
Callback has been called to indicate state change inside a loop.
=item SSL_CB_EXIT
Callback has been called to indicate error exit of a handshake function.
(May be soft error with retry option for non-blocking setups.)
=item SSL_CB_READ
Callback has been called during read operation.
=item SSL_CB_WRITE
Callback has been called during write operation.
=item SSL_CB_ALERT
Callback has been called due to an alert being sent or received.
=item SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
=item SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
=item SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
=item SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
=item SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
=item SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
=item SSL_CB_HANDSHAKE_START
Callback has been called because a new handshake is started.
=item SSL_CB_HANDSHAKE_DONE 0x20
Callback has been called because a handshake is finished.
=back
The current state information can be obtained using the
L<SSL_state_string(3)|SSL_state_string(3)> family of functions.
The B<ret> information can be evaluated using the
L<SSL_alert_type_string(3)|SSL_alert_type_string(3)> family of functions.
=head1 RETURN VALUES
SSL_set_info_callback() does not provide diagnostic information.
SSL_get_info_callback() returns the current setting.
=head1 EXAMPLES
The following example callback function prints state strings, information
about alerts being handled and error messages to the B<bio_err> BIO.
void apps_ssl_info_callback(SSL *s, int where, int ret)
{
const char *str;
int w;
w=where& ~SSL_ST_MASK;
if (w & SSL_ST_CONNECT) str="SSL_connect";
else if (w & SSL_ST_ACCEPT) str="SSL_accept";
else str="undefined";
if (where & SSL_CB_LOOP)
{
BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
}
else if (where & SSL_CB_ALERT)
{
str=(where & SSL_CB_READ)?"read":"write";
BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
str,
SSL_alert_type_string_long(ret),
SSL_alert_desc_string_long(ret));
}
else if (where & SSL_CB_EXIT)
{
if (ret == 0)
BIO_printf(bio_err,"%s:failed in %s\n",
str,SSL_state_string_long(s));
else if (ret < 0)
{
BIO_printf(bio_err,"%s:error in %s\n",
str,SSL_state_string_long(s));
}
}
}
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_state_string(3)|SSL_state_string(3)>,
L<SSL_alert_type_string(3)|SSL_alert_type_string(3)>
=cut

63
doc/ssl/SSL_CTX_set_quiet_shutdown.pod Normal file
View File

@@ -0,0 +1,63 @@
=pod
=head1 NAME
SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown - manipulate shutdown behaviour
=head1 SYNOPSIS
#include <openssl/ssl.h>
void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx);
void SSL_set_quiet_shutdown(SSL *ssl, int mode);
int SSL_get_quiet_shutdown(SSL *ssl);
=head1 DESCRIPTION
SSL_CTX_set_quiet_shutdown() sets the "quiet shutdown" flag for B<ctx> to be
B<mode>. SSL objects created from B<ctx> inherit the B<mode> valid at the time
L<SSL_new(3)|SSL_new(3)> is called. B<mode> may be 0 or 1.
SSL_CTX_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ctx>.
SSL_set_quiet_shutdown() sets the "quiet shutdown" flag for B<ssl> to be
B<mode>. The setting stays valid until B<ssl> is removed with
L<SSL_free(3)|SSL_free(3)> or SSL_set_quiet_shutdown() is called again.
It is not changed when L<SSL_clear(3)|SSL_clear(3)> is called.
B<mode> may be 0 or 1.
SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ssl>.
=head1 NOTES
Normally when a SSL connection is finished, the parties must send out
"close notify" alert messages using L<SSL_shutdown(3)|SSL_shutdown(3)>
for a clean shutdown.
When setting the "quiet shutdown" flag to 1, L<SSL_shutdown(3)|SSL_shutdown(3)>
will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.
(L<SSL_shutdown(3)|SSL_shutdown(3)> then behaves like
L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> called with
SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.)
The session is thus considered to be shutdown, but no "close notify" alert
is sent to the peer. This behaviour violates the TLS standard.
The default is normal shutdown behaviour as described by the TLS standard.
=head1 RETURN VALUES
SSL_CTX_set_quiet_shutdown() and SSL_set_quiet_shutdown() do not return
diagnostic information.
SSL_CTX_get_quiet_shutdown() and SSL_get_quiet_shutdown return the current
setting.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_shutdown(3)|SSL_shutdown(3)>,
L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, L<SSL_new(3)|SSL_new(3)>,
L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>
=cut

170
doc/ssl/SSL_CTX_set_tmp_dh_callback.pod Normal file
View File

@@ -0,0 +1,170 @@
=pod
=head1 NAME
SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh - handle DH keys for ephemeral key exchange
=head1 SYNOPSIS
#include <openssl/ssl.h>
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
void SSL_set_tmp_dh_callback(SSL_CTX *ctx,
DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
long SSL_set_tmp_dh(SSL *ssl, DH *dh)
DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
=head1 DESCRIPTION
SSL_CTX_set_tmp_dh_callback() sets the callback function for B<ctx> to be
used when a DH parameters are required to B<tmp_dh_callback>.
The callback is inherited by all B<ssl> objects created from B<ctx>.
SSL_CTX_set_tmp_dh() sets DH parameters to be used to be B<dh>.
The key is inherited by all B<ssl> objects created from B<ctx>.
SSL_set_tmp_dh_callback() sets the callback only for B<ssl>.
SSL_set_tmp_dh() sets the parameters only for B<ssl>.
These functions apply to SSL/TLS servers only.
=head1 NOTES
When using a cipher with RSA authentication, an ephemeral DH key exchange
can take place. Ciphers with DSA keys always use ephemeral DH keys as well.
In these cases, the session data are negotiated using the
ephemeral/temporary DH key and the key supplied and certified
by the certificate chain is only used for signing.
Anonymous ciphers (without a permanent server key) also use ephemeral DH keys.
Using ephemeral DH key exchange yields forward secrecy, as the connection
can only be decrypted, when the DH key is known. By generating a temporary
DH key inside the server application that is lost when the application
is left, it becomes impossible for an attacker to decrypt past sessions,
even if he gets hold of the normal (certified) key, as this key was
only used for signing.
In order to perform a DH key exchange the server must use a DH group
(DH parameters) and generate a DH key. The server will always generate a new
DH key during the negotiation, when the DH parameters are supplied via
callback and/or when the SSL_OP_SINGLE_DH_USE option of
L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)> is set. It will
immediately create a DH key, when DH parameters are supplied via
SSL_CTX_set_tmp_dh() and SSL_OP_SINGLE_DH_USE is not set. In this case,
it may happen that a key is generated on initialization without later
being needed, while on the other hand the computer time during the
negotiation is being saved.
If "strong" primes were used to generate the DH parameters, it is not strictly
necessary to generate a new key for each handshake but it does improve forward
secrecy. If it is not assured, that "strong" primes were used (see especially
the section about DSA parameters below), SSL_OP_SINGLE_DH_USE must be used
in order to prevent small subgroup attacks. Always using SSL_OP_SINGLE_DH_USE
has an impact on the computer time needed during negotiation, but it is not
very large, so application authors/users should consider to always enable
this option.
As generating DH parameters is extremely time consuming, an application
should not generate the parameters on the fly but supply the parameters.
DH parameters can be reused, as the actual key is newly generated during
the negotiation. The risk in reusing DH parameters is that an attacker
may specialize on a very often used DH group. Applications should therefore
generate their own DH parameters during the installation process using the
openssl L<dhparam(1)|dhparam(1)> application. In order to reduce the computer
time needed for this generation, it is possible to use DSA parameters
instead (see L<dhparam(1)|dhparam(1)>), but in this case SSL_OP_SINGLE_DH_USE
is mandatory.
Application authors may compile in DH parameters. Files dh512.pem,
dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current
version of the OpenSSL distribution contain the 'SKIP' DH parameters,
which use safe primes and were generated verifiably pseudo-randomly.
These files can be converted into C code using the B<-C> option of the
L<dhparam(1)|dhparam(1)> application.
Authors may also generate their own set of parameters using
L<dhparam(1)|dhparam(1)>, but a user may not be sure how the parameters were
generated. The generation of DH parameters during installation is therefore
recommended.
An application may either directly specify the DH parameters or
can supply the DH parameters via a callback function. The callback approach
has the advantage, that the callback may supply DH parameters for different
key lengths.
The B<tmp_dh_callback> is called with the B<keylength> needed and
the B<is_export> information. The B<is_export> flag is set, when the
ephemeral DH key exchange is performed with an export cipher.
=head1 EXAMPLES
Handle DH parameters for key lengths of 512 and 1024 bits. (Error handling
partly left out.)
...
/* Set up ephemeral DH stuff */
DH *dh_512 = NULL;
DH *dh_1024 = NULL;
FILE *paramfile;
...
/* "openssl dhparam -out dh_param_512.pem -2 512" */
paramfile = fopen("dh_param_512.pem", "r");
if (paramfile) {
dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
fclose(paramfile);
}
/* "openssl dhparam -out dh_param_1024.pem -2 1024" */
paramfile = fopen("dh_param_1024.pem", "r");
if (paramfile) {
dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
fclose(paramfile);
}
...
/* "openssl dhparam -C -2 512" etc... */
DH *get_dh512() { ... }
DH *get_dh1024() { ... }
DH *tmp_dh_callback(SSL *s, int is_export, int keylength)
{
DH *dh_tmp=NULL;
switch (keylength) {
case 512:
if (!dh_512)
dh_512 = get_dh512();
dh_tmp = dh_512;
break;
case 1024:
if (!dh_1024)
dh_1024 = get_dh1024();
dh_tmp = dh_1024;
break;
default:
/* Generating a key on the fly is very costly, so use what is there */
setup_dh_parameters_like_above();
}
return(dh_tmp);
}
=head1 RETURN VALUES
SSL_CTX_set_tmp_dh_callback() and SSL_set_tmp_dh_callback() do not return
diagnostic output.
SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() do return 1 on success and 0
on failure. Check the error queue to find out the reason of failure.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
L<ciphers(1)|ciphers(1)>, L<dhparam(1)|dhparam(1)>
=cut

166
doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod Normal file
View File

@@ -0,0 +1,166 @@
=pod
=head1 NAME
SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa - handle RSA keys for ephemeral key exchange
=head1 SYNOPSIS
#include <openssl/ssl.h>
void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa);
long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx);
void SSL_set_tmp_rsa_callback(SSL_CTX *ctx,
RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa)
long SSL_need_tmp_rsa(SSL *ssl)
RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
=head1 DESCRIPTION
SSL_CTX_set_tmp_rsa_callback() sets the callback function for B<ctx> to be
used when a temporary/ephemeral RSA key is required to B<tmp_rsa_callback>.
The callback is inherited by all SSL objects newly created from B<ctx>
with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected.
SSL_CTX_set_tmp_rsa() sets the temporary/ephemeral RSA key to be used to be
B<rsa>. The key is inherited by all SSL objects newly created from B<ctx>
with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected.
SSL_CTX_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed
for RSA-based strength-limited 'exportable' ciphersuites because a RSA key
with a keysize larger than 512 bits is installed.
SSL_set_tmp_rsa_callback() sets the callback only for B<ssl>.
SSL_set_tmp_rsa() sets the key only for B<ssl>.
SSL_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed,
for RSA-based strength-limited 'exportable' ciphersuites because a RSA key
with a keysize larger than 512 bits is installed.
These functions apply to SSL/TLS servers only.
=head1 NOTES
When using a cipher with RSA authentication, an ephemeral RSA key exchange
can take place. In this case the session data are negotiated using the
ephemeral/temporary RSA key and the RSA key supplied and certified
by the certificate chain is only used for signing.
Under previous export restrictions, ciphers with RSA keys shorter (512 bits)
than the usual key length of 1024 bits were created. To use these ciphers
with RSA keys of usual length, an ephemeral key exchange must be performed,
as the normal (certified) key cannot be directly used.
Using ephemeral RSA key exchange yields forward secrecy, as the connection
can only be decrypted, when the RSA key is known. By generating a temporary
RSA key inside the server application that is lost when the application
is left, it becomes impossible for an attacker to decrypt past sessions,
even if he gets hold of the normal (certified) RSA key, as this key was
used for signing only. The downside is that creating a RSA key is
computationally expensive.
Additionally, the use of ephemeral RSA key exchange is only allowed in
the TLS standard, when the RSA key can be used for signing only, that is
for export ciphers. Using ephemeral RSA key exchange for other purposes
violates the standard and can break interoperability with clients.
It is therefore strongly recommended to not use ephemeral RSA key
exchange and use EDH (Ephemeral Diffie-Hellman) key exchange instead
in order to achieve forward secrecy (see
L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default
and must be explicitly enabled using the SSL_OP_EPHEMERAL_RSA option of
L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, violating the TLS/SSL
standard. When ephemeral RSA key exchange is required for export ciphers,
it will automatically be used without this option!
An application may either directly specify the key or can supply the key via
a callback function. The callback approach has the advantage, that the
callback may generate the key only in case it is actually needed. As the
generation of a RSA key is however costly, it will lead to a significant
delay in the handshake procedure. Another advantage of the callback function
is that it can supply keys of different size (e.g. for SSL_OP_EPHEMERAL_RSA
usage) while the explicit setting of the key is only useful for key size of
512 bits to satisfy the export restricted ciphers and does give away key length
if a longer key would be allowed.
The B<tmp_rsa_callback> is called with the B<keylength> needed and
the B<is_export> information. The B<is_export> flag is set, when the
ephemeral RSA key exchange is performed with an export cipher.
=head1 EXAMPLES
Generate temporary RSA keys to prepare ephemeral RSA key exchange. As the
generation of a RSA key costs a lot of computer time, they saved for later
reuse. For demonstration purposes, two keys for 512 bits and 1024 bits
respectively are generated.
...
/* Set up ephemeral RSA stuff */
RSA *rsa_512 = NULL;
RSA *rsa_1024 = NULL;
rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL);
if (rsa_512 == NULL)
evaluate_error_queue();
rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL);
if (rsa_1024 == NULL)
evaluate_error_queue();
...
RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength)
{
RSA *rsa_tmp=NULL;
switch (keylength) {
case 512:
if (rsa_512)
rsa_tmp = rsa_512;
else { /* generate on the fly, should not happen in this example */
rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL);
rsa_512 = rsa_tmp; /* Remember for later reuse */
}
break;
case 1024:
if (rsa_1024)
rsa_tmp=rsa_1024;
else
should_not_happen_in_this_example();
break;
default:
/* Generating a key on the fly is very costly, so use what is there */
if (rsa_1024)
rsa_tmp=rsa_1024;
else
rsa_tmp=rsa_512; /* Use at least a shorter key */
}
return(rsa_tmp);
}
=head1 RETURN VALUES
SSL_CTX_set_tmp_rsa_callback() and SSL_set_tmp_rsa_callback() do not return
diagnostic output.
SSL_CTX_set_tmp_rsa() and SSL_set_tmp_rsa() do return 1 on success and 0
on failure. Check the error queue to find out the reason of failure.
SSL_CTX_need_tmp_rsa() and SSL_need_tmp_rsa() return 1 if a temporary
RSA key is needed and 0 otherwise.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
L<SSL_new(3)|SSL_new(3)>, L<ciphers(1)|ciphers(1)>
=cut

228
doc/ssl/SSL_alert_type_string.pod Normal file
View File

@@ -0,0 +1,228 @@
=pod
=head1 NAME
SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long - get textual description of alert information
=head1 SYNOPSIS
#include <openssl/ssl.h>
const char *SSL_alert_type_string(int value);
const char *SSL_alert_type_string_long(int value);
const char *SSL_alert_desc_string(int value);
const char *SSL_alert_desc_string_long(int value);
=head1 DESCRIPTION
SSL_alert_type_string() returns a one letter string indicating the
type of the alert specified by B<value>.
SSL_alert_type_string_long() returns a string indicating the type of the alert
specified by B<value>.
SSL_alert_desc_string() returns a two letter string as a short form
describing the reason of the alert specified by B<value>.
SSL_alert_desc_string_long() returns a string describing the reason
of the alert specified by B<value>.
=head1 NOTES
When one side of an SSL/TLS communication wants to inform the peer about
a special situation, it sends an alert. The alert is sent as a special message
and does not influence the normal data stream (unless its contents results
in the communication being canceled).
A warning alert is sent, when a non-fatal error condition occurs. The
"close notify" alert is sent as a warning alert. Other examples for
non-fatal errors are certificate errors ("certificate expired",
"unsupported certificate"), for which a warning alert may be sent.
(The sending party may however decide to send a fatal error.) The
receiving side may cancel the connection on reception of a warning
alert on it discretion.
Several alert messages must be sent as fatal alert messages as specified
by the TLS RFC. A fatal alert always leads to a connection abort.
=head1 RETURN VALUES
The following strings can occur for SSL_alert_type_string() or
SSL_alert_type_string_long():
=over 4
=item "W"/"warning"
=item "F"/"fatal"
=item "U"/"unknown"
This indicates that no support is available for this alert type.
Probably B<value> does not contain a correct alert message.
=back
The following strings can occur for SSL_alert_desc_string() or
SSL_alert_desc_string_long():
=over 4
=item "CN"/"close notify"
The connection shall be closed. This is a warning alert.
=item "UM"/"unexpected message"
An inappropriate message was received. This alert is always fatal
and should never be observed in communication between proper
implementations.
=item "BM"/"bad record mac"
This alert is returned if a record is received with an incorrect
MAC. This message is always fatal.
=item "DF"/"decompression failure"
The decompression function received improper input (e.g. data
that would expand to excessive length). This message is always
fatal.
=item "HF"/"handshake failure"
Reception of a handshake_failure alert message indicates that the
sender was unable to negotiate an acceptable set of security
parameters given the options available. This is a fatal error.
=item "NC"/"no certificate"
A client, that was asked to send a certificate, does not send a certificate
(SSLv3 only).
=item "BC"/"bad certificate"
A certificate was corrupt, contained signatures that did not
verify correctly, etc
=item "UC"/"unsupported certificate"
A certificate was of an unsupported type.
=item "CR"/"certificate revoked"
A certificate was revoked by its signer.
=item "CE"/"certificate expired"
A certificate has expired or is not currently valid.
=item "CU"/"certificate unknown"
Some other (unspecified) issue arose in processing the
certificate, rendering it unacceptable.
=item "IP"/"illegal parameter"
A field in the handshake was out of range or inconsistent with
other fields. This is always fatal.
=item "DC"/"decryption failed"
A TLSCiphertext decrypted in an invalid way: either it wasn't an
even multiple of the block length or its padding values, when
checked, weren't correct. This message is always fatal.
=item "RO"/"record overflow"
A TLSCiphertext record was received which had a length more than
2^14+2048 bytes, or a record decrypted to a TLSCompressed record
with more than 2^14+1024 bytes. This message is always fatal.
=item "CA"/"unknown CA"
A valid certificate chain or partial chain was received, but the
certificate was not accepted because the CA certificate could not
be located or couldn't be matched with a known, trusted CA. This
message is always fatal.
=item "AD"/"access denied"
A valid certificate was received, but when access control was
applied, the sender decided not to proceed with negotiation.
This message is always fatal.
=item "DE"/"decode error"
A message could not be decoded because some field was out of the
specified range or the length of the message was incorrect. This
message is always fatal.
=item "CY"/"decrypt error"
A handshake cryptographic operation failed, including being
unable to correctly verify a signature, decrypt a key exchange,
or validate a finished message.
=item "ER"/"export restriction"
A negotiation not in compliance with export restrictions was
detected; for example, attempting to transfer a 1024 bit
ephemeral RSA key for the RSA_EXPORT handshake method. This
message is always fatal.
=item "PV"/"protocol version"
The protocol version the client has attempted to negotiate is
recognized, but not supported. (For example, old protocol
versions might be avoided for security reasons). This message is
always fatal.
=item "IS"/"insufficient security"
Returned instead of handshake_failure when a negotiation has
failed specifically because the server requires ciphers more
secure than those supported by the client. This message is always
fatal.
=item "IE"/"internal error"
An internal error unrelated to the peer or the correctness of the
protocol makes it impossible to continue (such as a memory
allocation failure). This message is always fatal.
=item "US"/"user canceled"
This handshake is being canceled for some reason unrelated to a
protocol failure. If the user cancels an operation after the
handshake is complete, just closing the connection by sending a
close_notify is more appropriate. This alert should be followed
by a close_notify. This message is generally a warning.
=item "NR"/"no renegotiation"
Sent by the client in response to a hello request or by the
server in response to a client hello after initial handshaking.
Either of these would normally lead to renegotiation; when that
is not appropriate, the recipient should respond with this alert;
at that point, the original requester can decide whether to
proceed with the connection. One case where this would be
appropriate would be where a server has spawned a process to
satisfy a request; the process might receive security parameters
(key length, authentication, etc.) at startup and it might be
difficult to communicate changes to these parameters after that
point. This message is always a warning.
=item "UK"/"unknown"
This indicates that no description is available for this alert type.
Probably B<value> does not contain a correct alert message.
=back
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)>
=cut

26
doc/ssl/SSL_get_SSL_CTX.pod Normal file
View File

@@ -0,0 +1,26 @@
=pod
=head1 NAME
SSL_get_SSL_CTX - get the SSL_CTX from which an SSL is created
=head1 SYNOPSIS
#include <openssl/ssl.h>
SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);
=head1 DESCRIPTION
SSL_get_SSL_CTX() returns a pointer to the SSL_CTX object, from which
B<ssl> was created with L<SSL_new(3)|SSL_new(3)>.
=head1 RETURN VALUES
The pointer to the SSL_CTX object is returned.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>
=cut

41
doc/ssl/SSL_get_default_timeout.pod Normal file
View File

@@ -0,0 +1,41 @@
=pod
=head1 NAME
SSL_get_default_timeout - get default session timeout value
=head1 SYNOPSIS
#include <openssl/ssl.h>
long SSL_get_default_timeout(SSL *ssl);
=head1 DESCRIPTION
SSL_get_default_timeout() returns the default timeout value assigned to
SSL_SESSION objects negotiated for the protocol valid for B<ssl>.
=head1 NOTES
Whenever a new session is negotiated, it is assigned a timeout value,
after which it will not be accepted for session reuse. If the timeout
value was not explicitly set using
L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>, the hardcoded default
timeout for the protocol will be used.
SSL_get_default_timeout() return this hardcoded value, which is 300 seconds
for all currently supported protocols (SSLv2, SSLv3, and TLSv1).
=head1 RETURN VALUES
See description.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>,
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>
=cut

59
doc/ssl/SSL_rstate_string.pod Normal file
View File

@@ -0,0 +1,59 @@
=pod
=head1 NAME
SSL_rstate_string, SSL_rstate_string_long - get textual description of state of an SSL object during read operation
=head1 SYNOPSIS
#include <openssl/ssl.h>
const char *SSL_rstate_string(SSL *ssl);
const char *SSL_rstate_string_long(SSL *ssl);
=head1 DESCRIPTION
SSL_rstate_string() returns a 2 letter string indicating the current read state
of the SSL object B<ssl>.
SSL_rstate_string_long() returns a string indicating the current read state of
the SSL object B<ssl>.
=head1 NOTES
When performing a read operation, the SSL/TLS engine must parse the record,
consisting of header and body. When working in a blocking environment,
SSL_rstate_string[_long]() should always return "RD"/"read done".
This function should only seldom be needed in applications.
=head1 RETURN VALUES
SSL_rstate_string() and SSL_rstate_string_long() can return the following
values:
=over 4
=item "RH"/"read header"
The header of the record is being evaluated.
=item "RB"/"read body"
The body of the record is being evaluated.
=item "RD"/"read done"
The record has been completely processed.
=item "unknown"/"unknown"
The read state is unknown. This should never happen.
=back
=head1 SEE ALSO
L<ssl(3)|ssl(3)>
=cut

45
doc/ssl/SSL_session_reused.pod Normal file
View File

@@ -0,0 +1,45 @@
=pod
=head1 NAME
SSL_session_reused - query whether a reused session was negotiated during handshake
=head1 SYNOPSIS
#include <openssl/ssl.h>
int SSL_session_reused(SSL *ssl);
=head1 DESCRIPTION
Query, whether a reused session was negotiated during the handshake.
=head1 NOTES
During the negotiation, a client can propose to reuse a session. The server
then looks up the session in its cache. If both client and server agree
on the session, it will be reused and a flag is being set that can be
queried by the application.
=head1 RETURN VALUES
The following return values can occur:
=over 4
=item 0
A new session was negotiated.
=item 1
A session was reused.
=back
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>
=cut

45
doc/ssl/SSL_state_string.pod Normal file
View File

@@ -0,0 +1,45 @@
=pod
=head1 NAME
SSL_state_string, SSL_state_string_long - get textual description of state of an SSL object
=head1 SYNOPSIS
#include <openssl/ssl.h>
const char *SSL_state_string(SSL *ssl);
const char *SSL_state_string_long(SSL *ssl);
=head1 DESCRIPTION
SSL_state_string() returns a 6 letter string indicating the current state
of the SSL object B<ssl>.
SSL_state_string_long() returns a string indicating the current state of
the SSL object B<ssl>.
=head1 NOTES
During its use, an SSL objects passes several states. The state is internally
maintained. Querying the state information is not very informative before
or when a connection has been established. It however can be of significant
interest during the handshake.
When using non-blocking sockets, the function call performing the handshake
may return with SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition,
so that SSL_state_string[_long]() may be called.
For both blocking or non-blocking sockets, the details state information
can be used within the info_callback function set with the
SSL_set_info_callback() call.
=head1 RETURN VALUES
Detailed description of possible states to be included later.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)>
=cut

77
doc/ssl/SSL_want.pod Normal file
View File

@@ -0,0 +1,77 @@
=pod
=head1 NAME
SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup - obtain state information TLS/SSL I/O operation
=head1 SYNOPSIS
#include <openssl/ssl.h>
int SSL_want(SSL *ssl);
int SSL_want_nothing(SSL *ssl);
int SSL_want_read(SSL *ssl);
int SSL_want_write(SSL *ssl);
int SSL_want_x509_lookup(SSL *ssl);
=head1 DESCRIPTION
SSL_want() returns state information for the SSL object B<ssl>.
The other SSL_want_*() calls are shortcuts for the possible states returned
by SSL_want().
=head1 NOTES
SSL_want() examines the internal state information of the SSL object. Its
return values are similar to that of L<SSL_get_error(3)|SSL_get_error(3)>.
Unlike L<SSL_get_error(3)|SSL_get_error(3)>, which also evaluates the
error queue, the results are obtained by examining an internal state flag
only. The information must therefore only be used for normal operation under
non-blocking I/O. Error conditions are not handled and must be treated
using L<SSL_get_error(3)|SSL_get_error(3)>.
The result returned by SSL_want() should always be consistent with
the result of L<SSL_get_error(3)|SSL_get_error(3)>.
=head1 RETURN VALUES
The following return values can currently occur for SSL_want():
=over 4
=item SSL_NOTHING
There is no data to be written or to be read.
=item SSL_WRITING
There are data in the SSL buffer that must be written to the underlying
B<BIO> layer in order to complete the actual SSL_*() operation.
A call to L<SSL_get_error(3)|SSL_get_error(3)> should return
SSL_ERROR_WANT_WRITE.
=item SSL_READING
More data must be read from the underlying B<BIO> layer in order to
complete the actual SSL_*() operation.
A call to L<SSL_get_error(3)|SSL_get_error(3)> should return
SSL_ERROR_WANT_READ.
=item SSL_X509_LOOKUP
The operation did not complete because an application callback set by
SSL_CTX_set_client_cert_cb() has asked to be called again.
A call to L<SSL_get_error(3)|SSL_get_error(3)> should return
SSL_ERROR_WANT_X509_LOOKUP.
=back
SSL_want_nothing(), SSL_want_read(), SSL_want_write(), SSL_want_x509_lookup()
return 1, when the corresponding condition is true or 0 otherwise.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<err(3)|err(3)>, L<SSL_get_error(3)|SSL_get_error(3)>
=cut

48
shlib/svr5-shared-gcc.sh Executable file
View File

@@ -0,0 +1,48 @@
#!/usr/bin/sh
major="0"
minor="9.7"
slib=libssl
sh_slib=$slib.so.$major.$minor
clib=libcrypto
sh_clib=$clib.so.$major.$minor
FLAGS="-O3 -DFILIO_H -fomit-frame-pointer -pthread
SHFLAGS="-DPIC -fPIC"
touch $sh_clib
touch $sh_slib
echo collecting all object files for $clib.so
OBJS=
find . -name \*.o -print > allobjs
for obj in `ar t libcrypto.a`
do
OBJS="$OBJS `grep $obj allobjs`"
done
echo linking $clib.so
gcc -G -o $sh_clib -h $sh_clib $OBJS -lnsl -lsocket
rm -f $clib.so
ln -s $sh_clib $clib.so
echo collecting all object files for $slib.so
OBJS=
for obj in `ar t libssl.a`
do
OBJS="$OBJS `grep $obj allobjs`"
done
echo linking $slib.so
gcc -G -o $sh_slib -h $sh_slib $OBJS -L. -lcrypto
rm -f $slib.so
ln -s $sh_slib $slib.so
mv libRSAglue.a libRSAglue.a.orig
mv libcrypto.a libcrypto.a.orig
mv libssl.a libssl.a.orig

28
shlib/svr5-shared-installed Executable file
View File

@@ -0,0 +1,28 @@
#!/usr/bin/sh
major="0"
minor="9.7"
slib=libssl
sh_slib=$slib.so.$major.$minor
clib=libcrypto
sh_clib=$clib.so.$major.$minor
# If you want them in /usr/local/lib then change INSTALLTOP to point there.
#INSTALLTOP=/usr/local/ssl/lib
INSTALLTOP=/usr/local/lib
cp -p $sh_clib $INSTALLTOP
cp -p $sh_slib $INSTALLTOP
PWD=`pwd`
cd $INSTALLTOP
rm -f $INSTALLTOP/$clib.so
ln -s $INSTALLTOP/$sh_clib $clib.so
rm -f $INSTALLTOP/$slib.so
ln -s $INSTALLTOP/$sh_slib $slib.so
cd $PWD

48
shlib/svr5-shared.sh Executable file
View File

@@ -0,0 +1,48 @@
#!/usr/bin/sh
major="0"
minor="9.7"
slib=libssl
sh_slib=$slib.so.$major.$minor
clib=libcrypto
sh_clib=$clib.so.$major.$minor
FLAGS="-O -DFILIO_H -Kalloca -Kthread"
SHFLAGS="-Kpic -DPIC"
touch $sh_clib
touch $sh_slib
echo collecting all object files for $clib.so
OBJS=
find . -name \*.o -print > allobjs
for obj in `ar t libcrypto.a`
do
OBJS="$OBJS `grep $obj allobjs`"
done
echo linking $clib.so
cc -G -o $sh_clib -h $sh_clib $OBJS -lnsl -lsocket
rm -f $clib.so
ln -s $sh_clib $clib.so
echo collecting all object files for $slib.so
OBJS=
for obj in `ar t libssl.a`
do
OBJS="$OBJS `grep $obj allobjs`"
done
echo linking $slib.so
cc -G -o $sh_slib -h $sh_slib $OBJS -L. -lcrypto
rm -f $slib.so
ln -s $sh_slib $slib.so
mv libRSAglue.a libRSAglue.a.orig
mv libcrypto.a libcrypto.a.orig
mv libssl.a libssl.a.orig