mono/linux-packaging-mono
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Imported Upstream version 4.8.0.309

Browse Source 
Former-commit-id: 5f9c6ae75f295e057a7d2971f3a6df4656fa8850
This commit is contained in:
Xamarin Public Jenkins (auto-signing)
2016-11-10 13:04:39 +00:00
parent ee1447783b
commit 94b2861243
4912 changed files with 390737 additions and 49310 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
external/boringssl/ssl/CMakeLists.txt vendored Normal file
View File

@@ -0,0 +1,92 @@
include_directories(../include)
add_subdirectory(pqueue)
set(
ssl_objects_dependencies
$<TARGET_OBJECTS:pqueue>
PARENT_SCOPE
)
add_library(
ssl-objects OBJECT
custom_extensions.c
handshake_server.c
handshake_client.c
d1_both.c
d1_lib.c
d1_meth.c
d1_pkt.c
d1_srtp.c
dtls_record.c
s3_both.c
s3_enc.c
s3_lib.c
s3_meth.c
s3_pkt.c
ssl_aead_ctx.c
ssl_asn1.c
ssl_buffer.c
ssl_cert.c
ssl_cipher.c
ssl_ecdh.c
ssl_file.c
ssl_lib.c
ssl_rsa.c
ssl_session.c
ssl_stat.c
t1_enc.c
t1_lib.c
tls_record.c
)
add_library(
ssl
custom_extensions.c
handshake_server.c
handshake_client.c
d1_both.c
d1_lib.c
d1_meth.c
d1_pkt.c
d1_srtp.c
dtls_record.c
s3_both.c
s3_enc.c
s3_lib.c
s3_meth.c
s3_pkt.c
ssl_aead_ctx.c
ssl_asn1.c
ssl_buffer.c
ssl_cert.c
ssl_cipher.c
ssl_ecdh.c
ssl_file.c
ssl_lib.c
ssl_rsa.c
ssl_session.c
ssl_stat.c
t1_enc.c
t1_lib.c
tls_record.c
$<TARGET_OBJECTS:pqueue>
)
target_link_libraries(ssl crypto)
if(ENABLE_TESTS)
add_executable(
ssl_test
ssl_test.cc
$<TARGET_OBJECTS:test_support>
)
target_link_libraries(ssl_test ssl crypto)
add_dependencies(all_tests ssl_test)
endif()

257
external/boringssl/ssl/custom_extensions.c vendored Normal file
View File

@@ -0,0 +1,257 @@
/* Copyright (c) 2014, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#include <openssl/ssl.h>
#include <assert.h>
#include <string.h>
#include <openssl/bytestring.h>
#include <openssl/err.h>
#include <openssl/mem.h>
#include <openssl/stack.h>
#include "internal.h"
void SSL_CUSTOM_EXTENSION_free(SSL_CUSTOM_EXTENSION *custom_extension) {
OPENSSL_free(custom_extension);
}
static const SSL_CUSTOM_EXTENSION *custom_ext_find(
STACK_OF(SSL_CUSTOM_EXTENSION) *stack,
unsigned *out_index, uint16_t value) {
size_t i;
for (i = 0; i < sk_SSL_CUSTOM_EXTENSION_num(stack); i++) {
const SSL_CUSTOM_EXTENSION *ext = sk_SSL_CUSTOM_EXTENSION_value(stack, i);
if (ext->value == value) {
if (out_index != NULL) {
*out_index = i;
}
return ext;
}
}
return NULL;
}
/* default_add_callback is used as the |add_callback| when the user doesn't
* provide one. For servers, it does nothing while, for clients, it causes an
* empty extension to be included. */
static int default_add_callback(SSL *ssl, unsigned extension_value,
const uint8_t **out, size_t *out_len,
int *out_alert_value, void *add_arg) {
if (ssl->server) {
return 0;
}
*out_len = 0;
return 1;
}
static int custom_ext_add_hello(SSL *ssl, CBB *extensions) {
STACK_OF(SSL_CUSTOM_EXTENSION) *stack = ssl->ctx->client_custom_extensions;
if (ssl->server) {
stack = ssl->ctx->server_custom_extensions;
}
if (stack == NULL) {
return 1;
}
size_t i;
for (i = 0; i < sk_SSL_CUSTOM_EXTENSION_num(stack); i++) {
const SSL_CUSTOM_EXTENSION *ext = sk_SSL_CUSTOM_EXTENSION_value(stack, i);
if (ssl->server &&
!(ssl->s3->tmp.custom_extensions.received & (1u << i))) {
/* Servers cannot echo extensions that the client didn't send. */
continue;
}
const uint8_t *contents;
size_t contents_len;
int alert = SSL_AD_DECODE_ERROR;
CBB contents_cbb;
switch (ext->add_callback(ssl, ext->value, &contents, &contents_len, &alert,
ext->add_arg)) {
case 1:
if (!CBB_add_u16(extensions, ext->value) ||
!CBB_add_u16_length_prefixed(extensions, &contents_cbb) ||
!CBB_add_bytes(&contents_cbb, contents, contents_len) ||
!CBB_flush(extensions)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
ERR_add_error_dataf("extension: %u", (unsigned) ext->value);
if (ext->free_callback && 0 < contents_len) {
ext->free_callback(ssl, ext->value, contents, ext->add_arg);
}
return 0;
}
if (ext->free_callback && 0 < contents_len) {
ext->free_callback(ssl, ext->value, contents, ext->add_arg);
}
if (!ssl->server) {
assert((ssl->s3->tmp.custom_extensions.sent & (1u << i)) == 0);
ssl->s3->tmp.custom_extensions.sent |= (1u << i);
}
break;
case 0:
break;
default:
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
OPENSSL_PUT_ERROR(SSL, SSL_R_CUSTOM_EXTENSION_ERROR);
ERR_add_error_dataf("extension: %u", (unsigned) ext->value);
return 0;
}
}
return 1;
}
int custom_ext_add_clienthello(SSL *ssl, CBB *extensions) {
return custom_ext_add_hello(ssl, extensions);
}
int custom_ext_parse_serverhello(SSL *ssl, int *out_alert, uint16_t value,
const CBS *extension) {
unsigned index;
const SSL_CUSTOM_EXTENSION *ext =
custom_ext_find(ssl->ctx->client_custom_extensions, &index, value);
if (/* Unknown extensions are not allowed in a ServerHello. */
ext == NULL ||
/* Also, if we didn't send the extension, that's also unacceptable. */
!(ssl->s3->tmp.custom_extensions.sent & (1u << index))) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
ERR_add_error_dataf("extension: %u", (unsigned)value);
*out_alert = SSL_AD_DECODE_ERROR;
return 0;
}
if (ext->parse_callback != NULL &&
!ext->parse_callback(ssl, value, CBS_data(extension), CBS_len(extension),
out_alert, ext->parse_arg)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_CUSTOM_EXTENSION_ERROR);
ERR_add_error_dataf("extension: %u", (unsigned)ext->value);
return 0;
}
return 1;
}
int custom_ext_parse_clienthello(SSL *ssl, int *out_alert, uint16_t value,
const CBS *extension) {
unsigned index;
const SSL_CUSTOM_EXTENSION *ext =
custom_ext_find(ssl->ctx->server_custom_extensions, &index, value);
if (ext == NULL) {
return 1;
}
assert((ssl->s3->tmp.custom_extensions.received & (1u << index)) == 0);
ssl->s3->tmp.custom_extensions.received |= (1u << index);
if (ext->parse_callback &&
!ext->parse_callback(ssl, value, CBS_data(extension), CBS_len(extension),
out_alert, ext->parse_arg)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_CUSTOM_EXTENSION_ERROR);
ERR_add_error_dataf("extension: %u", (unsigned)ext->value);
return 0;
}
return 1;
}
int custom_ext_add_serverhello(SSL *ssl, CBB *extensions) {
return custom_ext_add_hello(ssl, extensions);
}
/* MAX_NUM_CUSTOM_EXTENSIONS is the maximum number of custom extensions that
* can be set on an |SSL_CTX|. It's determined by the size of the bitset used
* to track when an extension has been sent. */
#define MAX_NUM_CUSTOM_EXTENSIONS \
(sizeof(((struct ssl3_state_st *)NULL)->tmp.custom_extensions.sent) * 8)
static int custom_ext_append(STACK_OF(SSL_CUSTOM_EXTENSION) **stack,
unsigned extension_value,
SSL_custom_ext_add_cb add_cb,
SSL_custom_ext_free_cb free_cb, void *add_arg,
SSL_custom_ext_parse_cb parse_cb,
void *parse_arg) {
if (add_cb == NULL ||
0xffff < extension_value ||
SSL_extension_supported(extension_value) ||
/* Specifying a free callback without an add callback is nonsensical
* and an error. */
(*stack != NULL &&
(MAX_NUM_CUSTOM_EXTENSIONS <= sk_SSL_CUSTOM_EXTENSION_num(*stack) ||
custom_ext_find(*stack, NULL, extension_value) != NULL))) {
return 0;
}
SSL_CUSTOM_EXTENSION *ext = OPENSSL_malloc(sizeof(SSL_CUSTOM_EXTENSION));
if (ext == NULL) {
return 0;
}
ext->add_callback = add_cb;
ext->add_arg = add_arg;
ext->free_callback = free_cb;
ext->parse_callback = parse_cb;
ext->parse_arg = parse_arg;
ext->value = extension_value;
if (*stack == NULL) {
*stack = sk_SSL_CUSTOM_EXTENSION_new_null();
if (*stack == NULL) {
SSL_CUSTOM_EXTENSION_free(ext);
return 0;
}
}
if (!sk_SSL_CUSTOM_EXTENSION_push(*stack, ext)) {
SSL_CUSTOM_EXTENSION_free(ext);
if (sk_SSL_CUSTOM_EXTENSION_num(*stack) == 0) {
sk_SSL_CUSTOM_EXTENSION_free(*stack);
*stack = NULL;
}
return 0;
}
return 1;
}
int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned extension_value,
SSL_custom_ext_add_cb add_cb,
SSL_custom_ext_free_cb free_cb, void *add_arg,
SSL_custom_ext_parse_cb parse_cb,
void *parse_arg) {
return custom_ext_append(&ctx->client_custom_extensions, extension_value,
add_cb ? add_cb : default_add_callback, free_cb,
add_arg, parse_cb, parse_arg);
}
int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned extension_value,
SSL_custom_ext_add_cb add_cb,
SSL_custom_ext_free_cb free_cb, void *add_arg,
SSL_custom_ext_parse_cb parse_cb,
void *parse_arg) {
return custom_ext_append(&ctx->server_custom_extensions, extension_value,
add_cb ? add_cb : default_add_callback, free_cb,
add_arg, parse_cb, parse_arg);
}

851
external/boringssl/ssl/d1_both.c vendored Normal file
View File

File diff suppressed because it is too large Load Diff

360
external/boringssl/ssl/d1_lib.c vendored Normal file
View File

@@ -0,0 +1,360 @@
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
*/
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com). */
#include <openssl/ssl.h>
#include <limits.h>
#include <string.h>
#include <openssl/err.h>
#include <openssl/mem.h>
#include <openssl/nid.h>
#include "internal.h"
#if defined(OPENSSL_WINDOWS)
#include <sys/timeb.h>
#else
#include <sys/socket.h>
#include <sys/time.h>
#endif
/* DTLS1_MTU_TIMEOUTS is the maximum number of timeouts to expire
* before starting to decrease the MTU. */
#define DTLS1_MTU_TIMEOUTS 2
/* DTLS1_MAX_TIMEOUTS is the maximum number of timeouts to expire
* before failing the DTLS handshake. */
#define DTLS1_MAX_TIMEOUTS 12
static void get_current_time(const SSL *ssl, struct timeval *out_clock);
int dtls1_new(SSL *ssl) {
DTLS1_STATE *d1;
if (!ssl3_new(ssl)) {
return 0;
}
d1 = OPENSSL_malloc(sizeof *d1);
if (d1 == NULL) {
ssl3_free(ssl);
return 0;
}
memset(d1, 0, sizeof *d1);
d1->buffered_messages = pqueue_new();
d1->sent_messages = pqueue_new();
if (!d1->buffered_messages || !d1->sent_messages) {
pqueue_free(d1->buffered_messages);
pqueue_free(d1->sent_messages);
OPENSSL_free(d1);
ssl3_free(ssl);
return 0;
}
ssl->d1 = d1;
/* Set the version to the highest supported version.
*
* TODO(davidben): Move this field into |s3|, have it store the normalized
* protocol version, and implement this pre-negotiation quirk in |SSL_version|
* at the API boundary rather than in internal state. */
ssl->version = DTLS1_2_VERSION;
return 1;
}
static void dtls1_clear_queues(SSL *ssl) {
pitem *item = NULL;
hm_fragment *frag = NULL;
while ((item = pqueue_pop(ssl->d1->buffered_messages)) != NULL) {
frag = (hm_fragment *)item->data;
dtls1_hm_fragment_free(frag);
pitem_free(item);
}
while ((item = pqueue_pop(ssl->d1->sent_messages)) != NULL) {
frag = (hm_fragment *)item->data;
dtls1_hm_fragment_free(frag);
pitem_free(item);
}
}
void dtls1_free(SSL *ssl) {
ssl3_free(ssl);
if (ssl == NULL || ssl->d1 == NULL) {
return;
}
dtls1_clear_queues(ssl);
pqueue_free(ssl->d1->buffered_messages);
pqueue_free(ssl->d1->sent_messages);
OPENSSL_free(ssl->d1);
ssl->d1 = NULL;
}
int dtls1_supports_cipher(const SSL_CIPHER *cipher) {
/* DTLS does not support stream ciphers. The NULL cipher is rejected because
* it's not needed. */
return cipher->algorithm_enc != SSL_RC4 && cipher->algorithm_enc != SSL_eNULL;
}
void DTLSv1_set_initial_timeout_duration(SSL *ssl, unsigned int duration_ms) {
ssl->initial_timeout_duration_ms = duration_ms;
}
void dtls1_start_timer(SSL *ssl) {
/* If timer is not set, initialize duration (by default, 1 second) */
if (ssl->d1->next_timeout.tv_sec == 0 && ssl->d1->next_timeout.tv_usec == 0) {
ssl->d1->timeout_duration_ms = ssl->initial_timeout_duration_ms;
}
/* Set timeout to current time */
get_current_time(ssl, &ssl->d1->next_timeout);
/* Add duration to current time */
ssl->d1->next_timeout.tv_sec += ssl->d1->timeout_duration_ms / 1000;
ssl->d1->next_timeout.tv_usec += (ssl->d1->timeout_duration_ms % 1000) * 1000;
if (ssl->d1->next_timeout.tv_usec >= 1000000) {
ssl->d1->next_timeout.tv_sec++;
ssl->d1->next_timeout.tv_usec -= 1000000;
}
BIO_ctrl(ssl->rbio, BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
&ssl->d1->next_timeout);
}
int DTLSv1_get_timeout(const SSL *ssl, struct timeval *out) {
if (!SSL_IS_DTLS(ssl)) {
return 0;
}
/* If no timeout is set, just return NULL */
if (ssl->d1->next_timeout.tv_sec == 0 && ssl->d1->next_timeout.tv_usec == 0) {
return 0;
}
/* Get current time */
struct timeval timenow;
get_current_time(ssl, &timenow);
/* If timer already expired, set remaining time to 0 */
if (ssl->d1->next_timeout.tv_sec < timenow.tv_sec ||
(ssl->d1->next_timeout.tv_sec == timenow.tv_sec &&
ssl->d1->next_timeout.tv_usec <= timenow.tv_usec)) {
memset(out, 0, sizeof(struct timeval));
return 1;
}
/* Calculate time left until timer expires */
memcpy(out, &ssl->d1->next_timeout, sizeof(struct timeval));
out->tv_sec -= timenow.tv_sec;
out->tv_usec -= timenow.tv_usec;
if (out->tv_usec < 0) {
out->tv_sec--;
out->tv_usec += 1000000;
}
/* If remaining time is less than 15 ms, set it to 0 to prevent issues
* because of small devergences with socket timeouts. */
if (out->tv_sec == 0 && out->tv_usec < 15000) {
memset(out, 0, sizeof(struct timeval));
}
return 1;
}
int dtls1_is_timer_expired(SSL *ssl) {
struct timeval timeleft;
/* Get time left until timeout, return false if no timer running */
if (!DTLSv1_get_timeout(ssl, &timeleft)) {
return 0;
}
/* Return false if timer is not expired yet */
if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) {
return 0;
}
/* Timer expired, so return true */
return 1;
}
void dtls1_double_timeout(SSL *ssl) {
ssl->d1->timeout_duration_ms *= 2;
if (ssl->d1->timeout_duration_ms > 60000) {
ssl->d1->timeout_duration_ms = 60000;
}
dtls1_start_timer(ssl);
}
void dtls1_stop_timer(SSL *ssl) {
/* Reset everything */
ssl->d1->num_timeouts = 0;
memset(&ssl->d1->next_timeout, 0, sizeof(struct timeval));
ssl->d1->timeout_duration_ms = ssl->initial_timeout_duration_ms;
BIO_ctrl(ssl->rbio, BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
&ssl->d1->next_timeout);
/* Clear retransmission buffer */
dtls1_clear_record_buffer(ssl);
}
int dtls1_check_timeout_num(SSL *ssl) {
ssl->d1->num_timeouts++;
/* Reduce MTU after 2 unsuccessful retransmissions */
if (ssl->d1->num_timeouts > DTLS1_MTU_TIMEOUTS &&
!(SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) {
long mtu = BIO_ctrl(ssl->wbio, BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
if (mtu >= 0 && mtu <= (1 << 30) && (unsigned)mtu >= dtls1_min_mtu()) {
ssl->d1->mtu = (unsigned)mtu;
}
}
if (ssl->d1->num_timeouts > DTLS1_MAX_TIMEOUTS) {
/* fail the connection, enough alerts have been sent */
OPENSSL_PUT_ERROR(SSL, SSL_R_READ_TIMEOUT_EXPIRED);
return -1;
}
return 0;
}
int DTLSv1_handle_timeout(SSL *ssl) {
ssl->rwstate = SSL_NOTHING;
/* Functions which use SSL_get_error must clear the error queue on entry. */
ERR_clear_error();
if (!SSL_IS_DTLS(ssl)) {
return -1;
}
/* if no timer is expired, don't do anything */
if (!dtls1_is_timer_expired(ssl)) {
return 0;
}
dtls1_double_timeout(ssl);
if (dtls1_check_timeout_num(ssl) < 0) {
return -1;
}
dtls1_start_timer(ssl);
return dtls1_retransmit_buffered_messages(ssl);
}
static void get_current_time(const SSL *ssl, struct timeval *out_clock) {
if (ssl->ctx->current_time_cb != NULL) {
ssl->ctx->current_time_cb(ssl, out_clock);
return;
}
#if defined(OPENSSL_WINDOWS)
struct _timeb time;
_ftime(&time);
out_clock->tv_sec = time.time;
out_clock->tv_usec = time.millitm * 1000;
#else
gettimeofday(out_clock, NULL);
#endif
}
int dtls1_set_handshake_header(SSL *ssl, int htype, unsigned long len) {
uint8_t *message = (uint8_t *)ssl->init_buf->data;
const struct hm_header_st *msg_hdr = &ssl->d1->w_msg_hdr;
uint8_t serialised_header[DTLS1_HM_HEADER_LENGTH];
uint8_t *p = serialised_header;
ssl->d1->handshake_write_seq = ssl->d1->next_handshake_write_seq;
ssl->d1->next_handshake_write_seq++;
dtls1_set_message_header(ssl, htype, len, ssl->d1->handshake_write_seq, 0,
len);
ssl->init_num = (int)len + DTLS1_HM_HEADER_LENGTH;
ssl->init_off = 0;
/* Buffer the message to handle re-xmits */
dtls1_buffer_message(ssl);
/* Add the new message to the handshake hash. Serialize the message
* header as if it were a single fragment. */
*p++ = msg_hdr->type;
l2n3(msg_hdr->msg_len, p);
s2n(msg_hdr->seq, p);
l2n3(0, p);
l2n3(msg_hdr->msg_len, p);
return ssl3_update_handshake_hash(ssl, serialised_header,
sizeof(serialised_header)) &&
ssl3_update_handshake_hash(ssl, message + DTLS1_HM_HEADER_LENGTH, len);
}
int dtls1_handshake_write(SSL *ssl) {
return dtls1_do_handshake_write(ssl, dtls1_use_current_epoch);
}
void dtls1_expect_flight(SSL *ssl) {
dtls1_start_timer(ssl);
}
void dtls1_received_flight(SSL *ssl) {
dtls1_stop_timer(ssl);
}

131
external/boringssl/ssl/d1_meth.c vendored Normal file
View File

@@ -0,0 +1,131 @@
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
*/
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com). */
#include <openssl/ssl.h>
#include "internal.h"
static const SSL_PROTOCOL_METHOD DTLS_protocol_method = {
1 /* is_dtls */,
dtls1_new,
dtls1_free,
dtls1_get_message,
dtls1_read_app_data,
dtls1_read_change_cipher_spec,
dtls1_read_close_notify,
dtls1_write_app_data,
dtls1_dispatch_alert,
dtls1_supports_cipher,
DTLS1_HM_HEADER_LENGTH,
dtls1_set_handshake_header,
dtls1_handshake_write,
dtls1_send_change_cipher_spec,
dtls1_expect_flight,
dtls1_received_flight,
};
const SSL_METHOD *DTLS_method(void) {
static const SSL_METHOD method = {
0,
&DTLS_protocol_method,
};
return &method;
}
/* Legacy version-locked methods. */
const SSL_METHOD *DTLSv1_2_method(void) {
static const SSL_METHOD method = {
DTLS1_2_VERSION,
&DTLS_protocol_method,
};
return &method;
}
const SSL_METHOD *DTLSv1_method(void) {
static const SSL_METHOD method = {
DTLS1_VERSION,
&DTLS_protocol_method,
};
return &method;
}
/* Legacy side-specific methods. */
const SSL_METHOD *DTLSv1_2_server_method(void) {
return DTLSv1_2_method();
}
const SSL_METHOD *DTLSv1_server_method(void) {
return DTLSv1_method();
}
const SSL_METHOD *DTLSv1_2_client_method(void) {
return DTLSv1_2_method();
}
const SSL_METHOD *DTLSv1_client_method(void) {
return DTLSv1_method();
}
const SSL_METHOD *DTLS_server_method(void) {
return DTLS_method();
}
const SSL_METHOD *DTLS_client_method(void) {
return DTLS_method();
}

416
external/boringssl/ssl/d1_pkt.c vendored Normal file
View File

@@ -0,0 +1,416 @@
/* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005. */
/* ====================================================================
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
#include <openssl/ssl.h>
#include <assert.h>
#include <string.h>
#include <openssl/bio.h>
#include <openssl/buf.h>
#include <openssl/bytestring.h>
#include <openssl/mem.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include "internal.h"
int dtls1_get_record(SSL *ssl) {
again:
switch (ssl->s3->recv_shutdown) {
case ssl_shutdown_none:
break;
case ssl_shutdown_fatal_alert:
OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
return -1;
case ssl_shutdown_close_notify:
return 0;
}
/* Read a new packet if there is no unconsumed one. */
if (ssl_read_buffer_len(ssl) == 0) {
int read_ret = ssl_read_buffer_extend_to(ssl, 0 /* unused */);
if (read_ret < 0 && dtls1_is_timer_expired(ssl)) {
/* For blocking BIOs, retransmits must be handled internally. */
int timeout_ret = DTLSv1_handle_timeout(ssl);
if (timeout_ret <= 0) {
return timeout_ret;
}
goto again;
}
if (read_ret <= 0) {
return read_ret;
}
}
assert(ssl_read_buffer_len(ssl) > 0);
CBS body;
uint8_t type, alert;
size_t consumed;
enum ssl_open_record_t open_ret =
dtls_open_record(ssl, &type, &body, &consumed, &alert,
ssl_read_buffer(ssl), ssl_read_buffer_len(ssl));
ssl_read_buffer_consume(ssl, consumed);
switch (open_ret) {
case ssl_open_record_partial:
/* Impossible in DTLS. */
break;
case ssl_open_record_success:
if (CBS_len(&body) > 0xffff) {
OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
return -1;
}
SSL3_RECORD *rr = &ssl->s3->rrec;
rr->type = type;
rr->length = (uint16_t)CBS_len(&body);
rr->data = (uint8_t *)CBS_data(&body);
return 1;
case ssl_open_record_discard:
goto again;
case ssl_open_record_close_notify:
return 0;
case ssl_open_record_fatal_alert:
return -1;
case ssl_open_record_error:
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
return -1;
}
assert(0);
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
return -1;
}
int dtls1_read_app_data(SSL *ssl, uint8_t *buf, int len, int peek) {
assert(!SSL_in_init(ssl));
SSL3_RECORD *rr = &ssl->s3->rrec;
again:
if (rr->length == 0) {
int ret = dtls1_get_record(ssl);
if (ret <= 0) {
return ret;
}
}
if (rr->type == SSL3_RT_HANDSHAKE) {
/* Parse the first fragment header to determine if this is a pre-CCS or
* post-CCS handshake record. DTLS resets handshake message numbers on each
* handshake, so renegotiations and retransmissions are ambiguous. */
CBS cbs, body;
struct hm_header_st msg_hdr;
CBS_init(&cbs, rr->data, rr->length);
if (!dtls1_parse_fragment(&cbs, &msg_hdr, &body)) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_HANDSHAKE_RECORD);
return -1;
}
if (msg_hdr.type == SSL3_MT_FINISHED) {
if (msg_hdr.frag_off == 0) {
/* Retransmit our last flight of messages. If the peer sends the second
* Finished, they may not have received ours. Only do this for the
* first fragment, in case the Finished was fragmented. */
if (dtls1_check_timeout_num(ssl) < 0) {
return -1;
}
dtls1_retransmit_buffered_messages(ssl);
}
rr->length = 0;
goto again;
}
/* Otherwise, this is a pre-CCS handshake message from an unsupported
* renegotiation attempt. Fall through to the error path. */
}
if (rr->type != SSL3_RT_APPLICATION_DATA) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
return -1;
}
/* Discard empty records. */
if (rr->length == 0) {
goto again;
}
if (len <= 0) {
return len;
}
if ((unsigned)len > rr->length) {
len = rr->length;
}
memcpy(buf, rr->data, len);
if (!peek) {
/* TODO(davidben): Should the record be truncated instead? This is a
* datagram transport. See https://crbug.com/boringssl/65. */
rr->length -= len;
rr->data += len;
if (rr->length == 0) {
/* The record has been consumed, so we may now clear the buffer. */
ssl_read_buffer_discard(ssl);
}
}
return len;
}
int dtls1_read_change_cipher_spec(SSL *ssl) {
SSL3_RECORD *rr = &ssl->s3->rrec;
again:
if (rr->length == 0) {
int ret = dtls1_get_record(ssl);
if (ret <= 0) {
return ret;
}
}
/* Drop handshake records silently. The epochs match, so this must be a
* retransmit of a message we already received. */
if (rr->type == SSL3_RT_HANDSHAKE) {
rr->length = 0;
goto again;
}
/* Other record types are illegal in this epoch. Note all application data
* records come in the encrypted epoch. */
if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
return -1;
}
if (rr->length != 1 || rr->data[0] != SSL3_MT_CCS) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_CHANGE_CIPHER_SPEC);
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return -1;
}
ssl_do_msg_callback(ssl, 0 /* read */, ssl->version,
SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, rr->length);
rr->length = 0;
ssl_read_buffer_discard(ssl);
return 1;
}
void dtls1_read_close_notify(SSL *ssl) {
/* Bidirectional shutdown doesn't make sense for an unordered transport. DTLS
* alerts also aren't delivered reliably, so we may even time out because the
* peer never received our close_notify. Report to the caller that the channel
* has fully shut down. */
if (ssl->s3->recv_shutdown == ssl_shutdown_none) {
ssl->s3->recv_shutdown = ssl_shutdown_close_notify;
}
}
int dtls1_write_app_data(SSL *ssl, const void *buf_, int len) {
assert(!SSL_in_init(ssl));
if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DTLS_MESSAGE_TOO_BIG);
return -1;
}
if (len < 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_LENGTH);
return -1;
}
if (len == 0) {
return 0;
}
int ret = dtls1_write_record(ssl, SSL3_RT_APPLICATION_DATA, buf_, (size_t)len,
dtls1_use_current_epoch);
if (ret <= 0) {
return ret;
}
return len;
}
int dtls1_write_record(SSL *ssl, int type, const uint8_t *buf, size_t len,
enum dtls1_use_epoch_t use_epoch) {
assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
/* There should never be a pending write buffer in DTLS. One can't write half
* a datagram, so the write buffer is always dropped in
* |ssl_write_buffer_flush|. */
assert(!ssl_write_buffer_is_pending(ssl));
/* If we have an alert to send, lets send it */
if (ssl->s3->alert_dispatch) {
int ret = ssl->method->ssl_dispatch_alert(ssl);
if (ret <= 0) {
return ret;
}
/* if it went, fall through and send more stuff */
}
if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
return -1;
}
size_t max_out = len + ssl_max_seal_overhead(ssl);
uint8_t *out;
size_t ciphertext_len;
if (!ssl_write_buffer_init(ssl, &out, max_out) ||
!dtls_seal_record(ssl, out, &ciphertext_len, max_out, type, buf, len,
use_epoch)) {
ssl_write_buffer_clear(ssl);
return -1;
}
ssl_write_buffer_set_len(ssl, ciphertext_len);
int ret = ssl_write_buffer_flush(ssl);
if (ret <= 0) {
return ret;
}
return 1;
}
int dtls1_dispatch_alert(SSL *ssl) {
ssl->s3->alert_dispatch = 0;
int ret = dtls1_write_record(ssl, SSL3_RT_ALERT, &ssl->s3->send_alert[0], 2,
dtls1_use_current_epoch);
if (ret <= 0) {
ssl->s3->alert_dispatch = 1;
return ret;
}
/* If the alert is fatal, flush the BIO now. */
if (ssl->s3->send_alert[0] == SSL3_AL_FATAL) {
BIO_flush(ssl->wbio);
}
ssl_do_msg_callback(ssl, 1 /* write */, ssl->version, SSL3_RT_ALERT,
ssl->s3->send_alert, 2);
int alert = (ssl->s3->send_alert[0] << 8) | ssl->s3->send_alert[1];
ssl_do_info_callback(ssl, SSL_CB_WRITE_ALERT, alert);
return 1;
}

233
external/boringssl/ssl/d1_srtp.c vendored Normal file
View File

@@ -0,0 +1,233 @@
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
DTLS code by Eric Rescorla <ekr@rtfm.com>
Copyright (C) 2006, Network Resonance, Inc.
Copyright (C) 2011, RTFM, Inc.
*/
#include <openssl/ssl.h>
#include <string.h>
#include <openssl/bytestring.h>
#include <openssl/err.h>
#include "internal.h"
static const SRTP_PROTECTION_PROFILE kSRTPProfiles[] = {
{
"SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80,
},
{
"SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32,
},
{
"SRTP_AEAD_AES_128_GCM", SRTP_AEAD_AES_128_GCM,
},
{
"SRTP_AEAD_AES_256_GCM", SRTP_AEAD_AES_256_GCM,
},
{0, 0},
};
static int find_profile_by_name(const char *profile_name,
const SRTP_PROTECTION_PROFILE **pptr,
size_t len) {
const SRTP_PROTECTION_PROFILE *p;
p = kSRTPProfiles;
while (p->name) {
if (len == strlen(p->name) && !strncmp(p->name, profile_name, len)) {
*pptr = p;
return 1;
}
p++;
}
return 0;
}
static int ssl_ctx_make_profiles(const char *profiles_string,
STACK_OF(SRTP_PROTECTION_PROFILE) **out) {
STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
const char *col;
const char *ptr = profiles_string;
profiles = sk_SRTP_PROTECTION_PROFILE_new_null();
if (profiles == NULL) {
OPENSSL_PUT_ERROR(SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
return 0;
}
do {
const SRTP_PROTECTION_PROFILE *p;
col = strchr(ptr, ':');
if (find_profile_by_name(ptr, &p,
col ? (size_t)(col - ptr) : strlen(ptr))) {
sk_SRTP_PROTECTION_PROFILE_push(profiles, p);
} else {
OPENSSL_PUT_ERROR(SSL, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
return 0;
}
if (col) {
ptr = col + 1;
}
} while (col);
sk_SRTP_PROTECTION_PROFILE_free(*out);
*out = profiles;
return 1;
}
int SSL_CTX_set_srtp_profiles(SSL_CTX *ctx, const char *profiles) {
return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
}
int SSL_set_srtp_profiles(SSL *ssl, const char *profiles) {
return ssl_ctx_make_profiles(profiles, &ssl->srtp_profiles);
}
STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl) {
if (ssl == NULL) {
return NULL;
}
if (ssl->srtp_profiles != NULL) {
return ssl->srtp_profiles;
}
if (ssl->ctx->srtp_profiles != NULL) {
return ssl->ctx->srtp_profiles;
}
return NULL;
}
const SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *ssl) {
return ssl->srtp_profile;
}
int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles) {
/* This API inverts its return value. */
return !SSL_CTX_set_srtp_profiles(ctx, profiles);
}
int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles) {
/* This API inverts its return value. */
return !SSL_set_srtp_profiles(ssl, profiles);
}

309
external/boringssl/ssl/dtls_record.c vendored Normal file
View File

@@ -0,0 +1,309 @@
/* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005. */
/* ====================================================================
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
#include <openssl/ssl.h>
#include <assert.h>
#include <string.h>
#include <openssl/bytestring.h>
#include <openssl/err.h>
#include "internal.h"
#include "../crypto/internal.h"
/* to_u64_be treats |in| as a 8-byte big-endian integer and returns the value as
* a |uint64_t|. */
static uint64_t to_u64_be(const uint8_t in[8]) {
uint64_t ret = 0;
unsigned i;
for (i = 0; i < 8; i++) {
ret <<= 8;
ret |= in[i];
}
return ret;
}
/* dtls1_bitmap_should_discard returns one if |seq_num| has been seen in |bitmap|
* or is stale. Otherwise it returns zero. */
static int dtls1_bitmap_should_discard(DTLS1_BITMAP *bitmap,
const uint8_t seq_num[8]) {
const unsigned kWindowSize = sizeof(bitmap->map) * 8;
uint64_t seq_num_u = to_u64_be(seq_num);
if (seq_num_u > bitmap->max_seq_num) {
return 0;
}
uint64_t idx = bitmap->max_seq_num - seq_num_u;
return idx >= kWindowSize || (bitmap->map & (((uint64_t)1) << idx));
}
/* dtls1_bitmap_record updates |bitmap| to record receipt of sequence number
* |seq_num|. It slides the window forward if needed. It is an error to call
* this function on a stale sequence number. */
static void dtls1_bitmap_record(DTLS1_BITMAP *bitmap,
const uint8_t seq_num[8]) {
const unsigned kWindowSize = sizeof(bitmap->map) * 8;
uint64_t seq_num_u = to_u64_be(seq_num);
/* Shift the window if necessary. */
if (seq_num_u > bitmap->max_seq_num) {
uint64_t shift = seq_num_u - bitmap->max_seq_num;
if (shift >= kWindowSize) {
bitmap->map = 0;
} else {
bitmap->map <<= shift;
}
bitmap->max_seq_num = seq_num_u;
}
uint64_t idx = bitmap->max_seq_num - seq_num_u;
if (idx < kWindowSize) {
bitmap->map |= ((uint64_t)1) << idx;
}
}
enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type, CBS *out,
size_t *out_consumed,
uint8_t *out_alert, uint8_t *in,
size_t in_len) {
*out_consumed = 0;
CBS cbs;
CBS_init(&cbs, in, in_len);
/* Decode the record. */
uint8_t type;
uint16_t version;
uint8_t sequence[8];
CBS body;
if (!CBS_get_u8(&cbs, &type) ||
!CBS_get_u16(&cbs, &version) ||
!CBS_copy_bytes(&cbs, sequence, 8) ||
!CBS_get_u16_length_prefixed(&cbs, &body) ||
(ssl->s3->have_version && version != ssl->version) ||
(version >> 8) != DTLS1_VERSION_MAJOR ||
CBS_len(&body) > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
/* The record header was incomplete or malformed. Drop the entire packet. */
*out_consumed = in_len;
return ssl_open_record_discard;
}
ssl_do_msg_callback(ssl, 0 /* read */, 0, SSL3_RT_HEADER, in,
DTLS1_RT_HEADER_LENGTH);
uint16_t epoch = (((uint16_t)sequence[0]) << 8) | sequence[1];
if (epoch != ssl->d1->r_epoch ||
dtls1_bitmap_should_discard(&ssl->d1->bitmap, sequence)) {
/* Drop this record. It's from the wrong epoch or is a replay. Note that if
* |epoch| is the next epoch, the record could be buffered for later. For
* simplicity, drop it and expect retransmit to handle it later; DTLS must
* handle packet loss anyway. */
*out_consumed = in_len - CBS_len(&cbs);
return ssl_open_record_discard;
}
/* Decrypt the body in-place. */
if (!SSL_AEAD_CTX_open(ssl->s3->aead_read_ctx, out, type, version, sequence,
(uint8_t *)CBS_data(&body), CBS_len(&body))) {
/* Bad packets are silently dropped in DTLS. See section 4.2.1 of RFC 6347.
* Clear the error queue of any errors decryption may have added. Drop the
* entire packet as it must not have come from the peer.
*
* TODO(davidben): This doesn't distinguish malloc failures from encryption
* failures. */
ERR_clear_error();
*out_consumed = in_len - CBS_len(&cbs);
return ssl_open_record_discard;
}
*out_consumed = in_len - CBS_len(&cbs);
/* Check the plaintext length. */
if (CBS_len(out) > SSL3_RT_MAX_PLAIN_LENGTH) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
*out_alert = SSL_AD_RECORD_OVERFLOW;
return ssl_open_record_error;
}
dtls1_bitmap_record(&ssl->d1->bitmap, sequence);
/* TODO(davidben): Limit the number of empty records as in TLS? This is only
* useful if we also limit discarded packets. */
if (type == SSL3_RT_ALERT) {
return ssl_process_alert(ssl, out_alert, CBS_data(out), CBS_len(out));
}
ssl->s3->warning_alert_count = 0;
*out_type = type;
return ssl_open_record_success;
}
int dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
uint8_t type, const uint8_t *in, size_t in_len,
enum dtls1_use_epoch_t use_epoch) {
if (buffers_alias(in, in_len, out, max_out)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_OUTPUT_ALIASES_INPUT);
return 0;
}
/* Determine the parameters for the current epoch. */
uint16_t epoch = ssl->d1->w_epoch;
SSL_AEAD_CTX *aead = ssl->s3->aead_write_ctx;
uint8_t *seq = ssl->s3->write_sequence;
if (use_epoch == dtls1_use_previous_epoch) {
/* DTLS renegotiation is unsupported, so only epochs 0 (NULL cipher) and 1
* (negotiated cipher) exist. */
assert(ssl->d1->w_epoch == 1);
epoch = ssl->d1->w_epoch - 1;
aead = NULL;
seq = ssl->d1->last_write_sequence;
}
if (max_out < DTLS1_RT_HEADER_LENGTH) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL);
return 0;
}
out[0] = type;
uint16_t wire_version = ssl->s3->have_version ? ssl->version : DTLS1_VERSION;
out[1] = wire_version >> 8;
out[2] = wire_version & 0xff;
out[3] = epoch >> 8;
out[4] = epoch & 0xff;
memcpy(&out[5], &seq[2], 6);
size_t ciphertext_len;
if (!SSL_AEAD_CTX_seal(aead, out + DTLS1_RT_HEADER_LENGTH, &ciphertext_len,
max_out - DTLS1_RT_HEADER_LENGTH, type, wire_version,
&out[3] /* seq */, in, in_len) ||
!ssl_record_sequence_update(&seq[2], 6)) {
return 0;
}
if (ciphertext_len >= 1 << 16) {
OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
return 0;
}
out[11] = ciphertext_len >> 8;
out[12] = ciphertext_len & 0xff;
*out_len = DTLS1_RT_HEADER_LENGTH + ciphertext_len;
ssl_do_msg_callback(ssl, 1 /* write */, 0, SSL3_RT_HEADER, out,
DTLS1_RT_HEADER_LENGTH);
return 1;
}

2107
external/boringssl/ssl/handshake_client.c vendored Normal file
View File

File diff suppressed because it is too large Load Diff

2225
external/boringssl/ssl/handshake_server.c vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1253
external/boringssl/ssl/internal.h vendored Normal file
View File

File diff suppressed because it is too large Load Diff

22
external/boringssl/ssl/pqueue/CMakeLists.txt vendored Normal file
View File

@@ -0,0 +1,22 @@
include_directories(../../include)
add_library(
pqueue
OBJECT
pqueue.c
)
if(ENABLE_TESTS)
add_executable(
pqueue_test
pqueue_test.c
$<TARGET_OBJECTS:test_support>
)
target_link_libraries(pqueue_test ssl crypto)
add_dependencies(all_tests pqueue_test)
endif()

197
external/boringssl/ssl/pqueue/pqueue.c vendored Normal file
View File

@@ -0,0 +1,197 @@
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
*/
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com). */
#include <openssl/pqueue.h>
#include <assert.h>
#include <string.h>
#include <openssl/mem.h>
typedef struct _pqueue {
pitem *items;
unsigned count;
} pqueue_s;
pitem *pitem_new(uint8_t prio64be[8], void *data) {
pitem *item = OPENSSL_malloc(sizeof(pitem));
if (item == NULL) {
return NULL;
}
memcpy(item->priority, prio64be, sizeof(item->priority));
item->data = data;
item->next = NULL;
return item;
}
void pitem_free(pitem *item) {
if (item == NULL) {
return;
}
OPENSSL_free(item);
}
pqueue pqueue_new(void) {
pqueue_s *pq = OPENSSL_malloc(sizeof(pqueue_s));
if (pq == NULL) {
return NULL;
}
memset(pq, 0, sizeof(pqueue_s));
return pq;
}
void pqueue_free(pqueue_s *pq) {
if (pq == NULL) {
return;
}
/* The queue must be empty. */
assert(pq->items == NULL);
OPENSSL_free(pq);
}
pitem *pqueue_peek(pqueue_s *pq) { return pq->items; }
pitem *pqueue_find(pqueue_s *pq, uint8_t *prio64be) {
pitem *curr;
for (curr = pq->items; curr; curr = curr->next) {
if (memcmp(curr->priority, prio64be, sizeof(curr->priority)) == 0) {
return curr;
}
}
return NULL;
}
size_t pqueue_size(pqueue_s *pq) {
pitem *item = pq->items;
size_t count = 0;
while (item != NULL) {
count++;
item = item->next;
}
return count;
}
piterator pqueue_iterator(pqueue_s *pq) { return pq->items; }
pitem *pqueue_next(piterator *item) {
pitem *ret;
if (item == NULL || *item == NULL) {
return NULL;
}
ret = *item;
*item = (*item)->next;
return ret;
}
pitem *pqueue_insert(pqueue_s *pq, pitem *item) {
pitem *curr, *next;
if (pq->items == NULL) {
pq->items = item;
return item;
}
for (curr = NULL, next = pq->items; next != NULL;
curr = next, next = next->next) {
/* we can compare 64-bit value in big-endian encoding with memcmp. */
int cmp = memcmp(next->priority, item->priority, sizeof(item->priority));
if (cmp > 0) {
/* next > item */
item->next = next;
if (curr == NULL) {
pq->items = item;
} else {
curr->next = item;
}
return item;
} else if (cmp == 0) {
/* duplicates not allowed */
return NULL;
}
}
item->next = NULL;
curr->next = item;
return item;
}
pitem *pqueue_pop(pqueue_s *pq) {
pitem *item = pq->items;
if (pq->items != NULL) {
pq->items = pq->items->next;
}
return item;
}

129
external/boringssl/ssl/pqueue/pqueue_test.c vendored Normal file
View File

@@ -0,0 +1,129 @@
/* Copyright (c) 2014, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/pqueue.h>
#include <openssl/ssl.h>
static void clear_and_free_queue(pqueue q) {
for (;;) {
pitem *item = pqueue_pop(q);
if (item == NULL) {
break;
}
pitem_free(item);
}
pqueue_free(q);
}
static int trivial(void) {
pqueue q = pqueue_new();
if (q == NULL) {
return 0;
}
int32_t data = 0xdeadbeef;
uint8_t priority[8] = {0};
pitem *item = pitem_new(priority, &data);
if (item == NULL ||
pqueue_insert(q, item) != item ||
pqueue_size(q) != 1 ||
pqueue_peek(q) != item ||
pqueue_pop(q) != item ||
pqueue_size(q) != 0 ||
pqueue_pop(q) != NULL) {
return 0;
}
pitem_free(item);
clear_and_free_queue(q);
return 1;
}
#define NUM_ITEMS 10
static int fixed_random(void) {
/* Random order of 10 elements, chosen by
* random.choice(list(itertools.permutations(range(10)))) */
int ordering[NUM_ITEMS] = {9, 6, 3, 4, 0, 2, 7, 1, 8, 5};
int i;
pqueue q = pqueue_new();
uint8_t priority[8] = {0};
piterator iter;
pitem *curr, *item;
if (q == NULL) {
return 0;
}
/* Insert the elements */
for (i = 0; i < NUM_ITEMS; i++) {
priority[7] = ordering[i];
item = pitem_new(priority, &ordering[i]);
if (item == NULL || pqueue_insert(q, item) != item) {
return 0;
}
}
/* Insert the elements again. This inserts duplicates and should
* fail. */
for (i = 0; i < NUM_ITEMS; i++) {
priority[7] = ordering[i];
item = pitem_new(priority, &ordering[i]);
if (item == NULL || pqueue_insert(q, item) != NULL) {
return 0;
}
pitem_free(item);
}
if (pqueue_size(q) != NUM_ITEMS) {
return 0;
}
/* Iterate over the elements. */
iter = pqueue_iterator(q);
curr = pqueue_next(&iter);
if (curr == NULL) {
return 0;
}
while (1) {
pitem *next = pqueue_next(&iter);
int *curr_data, *next_data;
if (next == NULL) {
break;
}
curr_data = (int*)curr->data;
next_data = (int*)next->data;
if (*curr_data >= *next_data) {
return 0;
}
curr = next;
}
clear_and_free_queue(q);
return 1;
}
int main(void) {
CRYPTO_library_init();
if (!trivial() || !fixed_random()) {
return 1;
}
printf("PASS\n");
return 0;
}

551
external/boringssl/ssl/s3_both.c vendored Normal file
View File

File diff suppressed because it is too large Load Diff

394
external/boringssl/ssl/s3_enc.c vendored Normal file
View File

@@ -0,0 +1,394 @@
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* ====================================================================
* Copyright 2005 Nokia. All rights reserved.
*
* The portions of the attached software ("Contribution") is developed by
* Nokia Corporation and is licensed pursuant to the OpenSSL open source
* license.
*
* The Contribution, originally written by Mika Kousa and Pasi Eronen of
* Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
* support (see RFC 4279) to OpenSSL.
*
* No patent licenses or other rights except those expressly stated in
* the OpenSSL open source license shall be deemed granted or received
* expressly, by implication, estoppel, or otherwise.
*
* No assurances are provided by Nokia that the Contribution does not
* infringe the patent or other intellectual property rights of any third
* party or that the license provides you with all the necessary rights
* to make use of the Contribution.
*
* THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
* ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
* SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
* OTHERWISE. */
#include <openssl/ssl.h>
#include <assert.h>
#include <string.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/mem.h>
#include <openssl/md5.h>
#include <openssl/nid.h>
#include "internal.h"
static int ssl3_handshake_mac(SSL *ssl, int md_nid, const char *sender,
size_t sender_len, uint8_t *p);
static int ssl3_prf(const SSL *ssl, uint8_t *out, size_t out_len,
const uint8_t *secret, size_t secret_len, const char *label,
size_t label_len, const uint8_t *seed1, size_t seed1_len,
const uint8_t *seed2, size_t seed2_len) {
EVP_MD_CTX md5;
EVP_MD_CTX sha1;
uint8_t buf[16], smd[SHA_DIGEST_LENGTH];
uint8_t c = 'A';
size_t i, j, k;
k = 0;
EVP_MD_CTX_init(&md5);
EVP_MD_CTX_init(&sha1);
for (i = 0; i < out_len; i += MD5_DIGEST_LENGTH) {
k++;
if (k > sizeof(buf)) {
/* bug: 'buf' is too small for this ciphersuite */
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
for (j = 0; j < k; j++) {
buf[j] = c;
}
c++;
if (!EVP_DigestInit_ex(&sha1, EVP_sha1(), NULL)) {
OPENSSL_PUT_ERROR(SSL, ERR_LIB_EVP);
return 0;
}
EVP_DigestUpdate(&sha1, buf, k);
EVP_DigestUpdate(&sha1, secret, secret_len);
/* |label| is ignored for SSLv3. */
if (seed1_len) {
EVP_DigestUpdate(&sha1, seed1, seed1_len);
}
if (seed2_len) {
EVP_DigestUpdate(&sha1, seed2, seed2_len);
}
EVP_DigestFinal_ex(&sha1, smd, NULL);
if (!EVP_DigestInit_ex(&md5, EVP_md5(), NULL)) {
OPENSSL_PUT_ERROR(SSL, ERR_LIB_EVP);
return 0;
}
EVP_DigestUpdate(&md5, secret, secret_len);
EVP_DigestUpdate(&md5, smd, SHA_DIGEST_LENGTH);
if (i + MD5_DIGEST_LENGTH > out_len) {
EVP_DigestFinal_ex(&md5, smd, NULL);
memcpy(out, smd, out_len - i);
} else {
EVP_DigestFinal_ex(&md5, out, NULL);
}
out += MD5_DIGEST_LENGTH;
}
OPENSSL_cleanse(smd, SHA_DIGEST_LENGTH);
EVP_MD_CTX_cleanup(&md5);
EVP_MD_CTX_cleanup(&sha1);
return 1;
}
void ssl3_cleanup_key_block(SSL *ssl) {
if (ssl->s3->tmp.key_block != NULL) {
OPENSSL_cleanse(ssl->s3->tmp.key_block, ssl->s3->tmp.key_block_length);
OPENSSL_free(ssl->s3->tmp.key_block);
ssl->s3->tmp.key_block = NULL;
}
ssl->s3->tmp.key_block_length = 0;
}
int ssl3_init_handshake_buffer(SSL *ssl) {
ssl3_free_handshake_buffer(ssl);
ssl3_free_handshake_hash(ssl);
ssl->s3->handshake_buffer = BUF_MEM_new();
return ssl->s3->handshake_buffer != NULL;
}
/* init_digest_with_data calls |EVP_DigestInit_ex| on |ctx| with |md| and then
* writes the data in |buf| to it. */
static int init_digest_with_data(EVP_MD_CTX *ctx, const EVP_MD *md,
const BUF_MEM *buf) {
if (!EVP_DigestInit_ex(ctx, md, NULL)) {
return 0;
}
EVP_DigestUpdate(ctx, buf->data, buf->length);
return 1;
}
int ssl3_init_handshake_hash(SSL *ssl) {
ssl3_free_handshake_hash(ssl);
uint32_t algorithm_prf = ssl_get_algorithm_prf(ssl);
if (!init_digest_with_data(&ssl->s3->handshake_hash,
ssl_get_handshake_digest(algorithm_prf),
ssl->s3->handshake_buffer)) {
return 0;
}
if (algorithm_prf == SSL_HANDSHAKE_MAC_DEFAULT &&
!init_digest_with_data(&ssl->s3->handshake_md5, EVP_md5(),
ssl->s3->handshake_buffer)) {
return 0;
}
return 1;
}
void ssl3_free_handshake_hash(SSL *ssl) {
EVP_MD_CTX_cleanup(&ssl->s3->handshake_hash);
EVP_MD_CTX_cleanup(&ssl->s3->handshake_md5);
}
void ssl3_free_handshake_buffer(SSL *ssl) {
BUF_MEM_free(ssl->s3->handshake_buffer);
ssl->s3->handshake_buffer = NULL;
}
int ssl3_update_handshake_hash(SSL *ssl, const uint8_t *in, size_t in_len) {
/* Depending on the state of the handshake, either the handshake buffer may be
* active, the rolling hash, or both. */
if (ssl->s3->handshake_buffer != NULL) {
size_t new_len = ssl->s3->handshake_buffer->length + in_len;
if (new_len < in_len) {
OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
return 0;
}
if (!BUF_MEM_grow(ssl->s3->handshake_buffer, new_len)) {
return 0;
}
memcpy(ssl->s3->handshake_buffer->data + new_len - in_len, in, in_len);
}
if (EVP_MD_CTX_md(&ssl->s3->handshake_hash) != NULL) {
EVP_DigestUpdate(&ssl->s3->handshake_hash, in, in_len);
}
if (EVP_MD_CTX_md(&ssl->s3->handshake_md5) != NULL) {
EVP_DigestUpdate(&ssl->s3->handshake_md5, in, in_len);
}
return 1;
}
static int ssl3_cert_verify_mac(SSL *ssl, int md_nid, uint8_t *p) {
return ssl3_handshake_mac(ssl, md_nid, NULL, 0, p);
}
static int ssl3_final_finish_mac(SSL *ssl, int from_server, uint8_t *out) {
const char *sender = from_server ? SSL3_MD_SERVER_FINISHED_CONST
: SSL3_MD_CLIENT_FINISHED_CONST;
const size_t sender_len = 4;
int ret, sha1len;
ret = ssl3_handshake_mac(ssl, NID_md5, sender, sender_len, out);
if (ret == 0) {
return 0;
}
out += ret;
sha1len = ssl3_handshake_mac(ssl, NID_sha1, sender, sender_len, out);
if (sha1len == 0) {
return 0;
}
ret += sha1len;
return ret;
}
static int ssl3_handshake_mac(SSL *ssl, int md_nid, const char *sender,
size_t sender_len, uint8_t *p) {
unsigned int ret;
size_t npad, n;
unsigned int i;
uint8_t md_buf[EVP_MAX_MD_SIZE];
EVP_MD_CTX ctx;
const EVP_MD_CTX *ctx_template;
if (md_nid == NID_md5) {
ctx_template = &ssl->s3->handshake_md5;
} else if (md_nid == EVP_MD_CTX_type(&ssl->s3->handshake_hash)) {
ctx_template = &ssl->s3->handshake_hash;
} else {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_REQUIRED_DIGEST);
return 0;
}
EVP_MD_CTX_init(&ctx);
if (!EVP_MD_CTX_copy_ex(&ctx, ctx_template)) {
EVP_MD_CTX_cleanup(&ctx);
OPENSSL_PUT_ERROR(SSL, ERR_LIB_EVP);
return 0;
}
static const uint8_t kPad1[48] = {
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
};
static const uint8_t kPad2[48] = {
0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
};
n = EVP_MD_CTX_size(&ctx);
npad = (48 / n) * n;
if (sender != NULL) {
EVP_DigestUpdate(&ctx, sender, sender_len);
}
EVP_DigestUpdate(&ctx, ssl->session->master_key,
ssl->session->master_key_length);
EVP_DigestUpdate(&ctx, kPad1, npad);
EVP_DigestFinal_ex(&ctx, md_buf, &i);
if (!EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL)) {
EVP_MD_CTX_cleanup(&ctx);
OPENSSL_PUT_ERROR(SSL, ERR_LIB_EVP);
return 0;
}
EVP_DigestUpdate(&ctx, ssl->session->master_key,
ssl->session->master_key_length);
EVP_DigestUpdate(&ctx, kPad2, npad);
EVP_DigestUpdate(&ctx, md_buf, i);
EVP_DigestFinal_ex(&ctx, p, &ret);
EVP_MD_CTX_cleanup(&ctx);
return ret;
}
const SSL3_ENC_METHOD SSLv3_enc_data = {
ssl3_prf,
ssl3_final_finish_mac,
ssl3_cert_verify_mac,
};

375
external/boringssl/ssl/s3_lib.c vendored Normal file
View File

@@ -0,0 +1,375 @@
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* Portions of the attached software ("Contribution") are developed by
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
*
* The Contribution is licensed pursuant to the OpenSSL open source
* license provided above.
*
* ECC cipher suite support in OpenSSL originally written by
* Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
*
*/
/* ====================================================================
* Copyright 2005 Nokia. All rights reserved.
*
* The portions of the attached software ("Contribution") is developed by
* Nokia Corporation and is licensed pursuant to the OpenSSL open source
* license.
*
* The Contribution, originally written by Mika Kousa and Pasi Eronen of
* Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
* support (see RFC 4279) to OpenSSL.
*
* No patent licenses or other rights except those expressly stated in
* the OpenSSL open source license shall be deemed granted or received
* expressly, by implication, estoppel, or otherwise.
*
* No assurances are provided by Nokia that the Contribution does not
* infringe the patent or other intellectual property rights of any third
* party or that the license provides you with all the necessary rights
* to make use of the Contribution.
*
* THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
* ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
* SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
* OTHERWISE. */
#include <openssl/ssl.h>
#include <assert.h>
#include <string.h>
#include <openssl/buf.h>
#include <openssl/dh.h>
#include <openssl/digest.h>
#include <openssl/err.h>
#include <openssl/md5.h>
#include <openssl/mem.h>
#include <openssl/nid.h>
#include "internal.h"
int ssl3_supports_cipher(const SSL_CIPHER *cipher) {
return 1;
}
int ssl3_set_handshake_header(SSL *ssl, int htype, unsigned long len) {
uint8_t *p = (uint8_t *)ssl->init_buf->data;
*(p++) = htype;
l2n3(len, p);
ssl->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
/* Add the message to the handshake hash. */
return ssl3_update_handshake_hash(ssl, (uint8_t *)ssl->init_buf->data,
ssl->init_num);
}
int ssl3_handshake_write(SSL *ssl) {
return ssl3_do_write(ssl, SSL3_RT_HANDSHAKE);
}
void ssl3_expect_flight(SSL *ssl) {}
void ssl3_received_flight(SSL *ssl) {}
int ssl3_new(SSL *ssl) {
SSL3_STATE *s3;
s3 = OPENSSL_malloc(sizeof *s3);
if (s3 == NULL) {
goto err;
}
memset(s3, 0, sizeof *s3);
EVP_MD_CTX_init(&s3->handshake_hash);
EVP_MD_CTX_init(&s3->handshake_md5);
ssl->s3 = s3;
/* Set the version to the highest supported version.
*
* TODO(davidben): Move this field into |s3|, have it store the normalized
* protocol version, and implement this pre-negotiation quirk in |SSL_version|
* at the API boundary rather than in internal state. */
ssl->version = TLS1_2_VERSION;
return 1;
err:
return 0;
}
void ssl3_free(SSL *ssl) {
if (ssl == NULL || ssl->s3 == NULL) {
return;
}
ssl3_cleanup_key_block(ssl);
ssl_read_buffer_clear(ssl);
ssl_write_buffer_clear(ssl);
SSL_ECDH_CTX_cleanup(&ssl->s3->tmp.ecdh_ctx);
OPENSSL_free(ssl->s3->tmp.peer_key);
sk_X509_NAME_pop_free(ssl->s3->tmp.ca_names, X509_NAME_free);
OPENSSL_free(ssl->s3->tmp.certificate_types);
OPENSSL_free(ssl->s3->tmp.peer_supported_group_list);
OPENSSL_free(ssl->s3->tmp.peer_psk_identity_hint);
ssl3_free_handshake_buffer(ssl);
ssl3_free_handshake_hash(ssl);
OPENSSL_free(ssl->s3->next_proto_negotiated);
OPENSSL_free(ssl->s3->alpn_selected);
SSL_AEAD_CTX_free(ssl->s3->aead_read_ctx);
SSL_AEAD_CTX_free(ssl->s3->aead_write_ctx);
OPENSSL_cleanse(ssl->s3, sizeof *ssl->s3);
OPENSSL_free(ssl->s3);
ssl->s3 = NULL;
}
struct ssl_cipher_preference_list_st *ssl_get_cipher_preferences(SSL *ssl) {
if (ssl->cipher_list != NULL) {
return ssl->cipher_list;
}
if (ssl->version >= TLS1_1_VERSION && ssl->ctx->cipher_list_tls11 != NULL) {
return ssl->ctx->cipher_list_tls11;
}
if (ssl->version >= TLS1_VERSION && ssl->ctx->cipher_list_tls10 != NULL) {
return ssl->ctx->cipher_list_tls10;
}
if (ssl->ctx->cipher_list != NULL) {
return ssl->ctx->cipher_list;
}
return NULL;
}
const SSL_CIPHER *ssl3_choose_cipher(
SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
struct ssl_cipher_preference_list_st *server_pref) {
const SSL_CIPHER *c, *ret = NULL;
STACK_OF(SSL_CIPHER) *srvr = server_pref->ciphers, *prio, *allow;
size_t i;
int ok;
size_t cipher_index;
uint32_t alg_k, alg_a, mask_k, mask_a;
/* in_group_flags will either be NULL, or will point to an array of bytes
* which indicate equal-preference groups in the |prio| stack. See the
* comment about |in_group_flags| in the |ssl_cipher_preference_list_st|
* struct. */
const uint8_t *in_group_flags;
/* group_min contains the minimal index so far found in a group, or -1 if no
* such value exists yet. */
int group_min = -1;
if (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
prio = srvr;
in_group_flags = server_pref->in_group_flags;
allow = clnt;
} else {
prio = clnt;
in_group_flags = NULL;
allow = srvr;
}
ssl_get_compatible_server_ciphers(ssl, &mask_k, &mask_a);
for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
c = sk_SSL_CIPHER_value(prio, i);
ok = 1;
/* Check the TLS version. */
if (SSL_CIPHER_get_min_version(c) > ssl3_protocol_version(ssl)) {
ok = 0;
}
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
ok = ok && (alg_k & mask_k) && (alg_a & mask_a);
if (ok && sk_SSL_CIPHER_find(allow, &cipher_index, c)) {
if (in_group_flags != NULL && in_group_flags[i] == 1) {
/* This element of |prio| is in a group. Update the minimum index found
* so far and continue looking. */
if (group_min == -1 || (size_t)group_min > cipher_index) {
group_min = cipher_index;
}
} else {
if (group_min != -1 && (size_t)group_min < cipher_index) {
cipher_index = group_min;
}
ret = sk_SSL_CIPHER_value(allow, cipher_index);
break;
}
}
if (in_group_flags != NULL && in_group_flags[i] == 0 && group_min != -1) {
/* We are about to leave a group, but we found a match in it, so that's
* our answer. */
ret = sk_SSL_CIPHER_value(allow, group_min);
break;
}
}
return ret;
}
int ssl3_get_req_cert_type(SSL *ssl, uint8_t *p) {
int ret = 0;
const uint8_t *sig;
size_t i, siglen;
int have_rsa_sign = 0;
int have_ecdsa_sign = 0;
/* get configured sigalgs */
siglen = tls12_get_psigalgs(ssl, &sig);
for (i = 0; i < siglen; i += 2, sig += 2) {
switch (sig[1]) {
case TLSEXT_signature_rsa:
have_rsa_sign = 1;
break;
case TLSEXT_signature_ecdsa:
have_ecdsa_sign = 1;
break;
}
}
if (have_rsa_sign) {
p[ret++] = SSL3_CT_RSA_SIGN;
}
/* ECDSA certs can be used with RSA cipher suites as well so we don't need to
* check for SSL_kECDH or SSL_kECDHE. */
if (ssl->version >= TLS1_VERSION && have_ecdsa_sign) {
p[ret++] = TLS_CT_ECDSA_SIGN;
}
return ret;
}
/* If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
* handshake macs if required. */
uint32_t ssl_get_algorithm_prf(const SSL *ssl) {
uint32_t algorithm_prf = ssl->s3->tmp.new_cipher->algorithm_prf;
if (algorithm_prf == SSL_HANDSHAKE_MAC_DEFAULT &&
ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
return SSL_HANDSHAKE_MAC_SHA256;
}
return algorithm_prf;
}

167
external/boringssl/ssl/s3_meth.c vendored Normal file
View File

@@ -0,0 +1,167 @@
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
#include <openssl/ssl.h>
#include "internal.h"
static const SSL_PROTOCOL_METHOD TLS_protocol_method = {
0 /* is_dtls */,
ssl3_new,
ssl3_free,
ssl3_get_message,
ssl3_read_app_data,
ssl3_read_change_cipher_spec,
ssl3_read_close_notify,
ssl3_write_app_data,
ssl3_dispatch_alert,
ssl3_supports_cipher,
SSL3_HM_HEADER_LENGTH,
ssl3_set_handshake_header,
ssl3_handshake_write,
ssl3_send_change_cipher_spec,
ssl3_expect_flight,
ssl3_received_flight,
};
const SSL_METHOD *TLS_method(void) {
static const SSL_METHOD method = {
0,
&TLS_protocol_method,
};
return &method;
}
const SSL_METHOD *SSLv23_method(void) {
return TLS_method();
}
/* Legacy version-locked methods. */
const SSL_METHOD *TLSv1_2_method(void) {
static const SSL_METHOD method = {
TLS1_2_VERSION,
&TLS_protocol_method,
};
return &method;
}
const SSL_METHOD *TLSv1_1_method(void) {
static const SSL_METHOD method = {
TLS1_1_VERSION,
&TLS_protocol_method,
};
return &method;
}
const SSL_METHOD *TLSv1_method(void) {
static const SSL_METHOD method = {
TLS1_VERSION,
&TLS_protocol_method,
};
return &method;
}
const SSL_METHOD *SSLv3_method(void) {
static const SSL_METHOD method = {
SSL3_VERSION,
&TLS_protocol_method,
};
return &method;
}
/* Legacy side-specific methods. */
const SSL_METHOD *TLSv1_2_server_method(void) {
return TLSv1_2_method();
}
const SSL_METHOD *TLSv1_1_server_method(void) {
return TLSv1_1_method();
}
const SSL_METHOD *TLSv1_server_method(void) {
return TLSv1_method();
}
const SSL_METHOD *SSLv3_server_method(void) {
return SSLv3_method();
}
const SSL_METHOD *TLSv1_2_client_method(void) {
return TLSv1_2_method();
}
const SSL_METHOD *TLSv1_1_client_method(void) {
return TLSv1_1_method();
}
const SSL_METHOD *TLSv1_client_method(void) {
return TLSv1_method();
}
const SSL_METHOD *SSLv3_client_method(void) {
return SSLv3_method();
}
const SSL_METHOD *SSLv23_server_method(void) {
return SSLv23_method();
}
const SSL_METHOD *SSLv23_client_method(void) {
return SSLv23_method();
}

559
external/boringssl/ssl/s3_pkt.c vendored Normal file
View File

File diff suppressed because it is too large Load Diff

331
external/boringssl/ssl/ssl_aead_ctx.c vendored Normal file
View File

@@ -0,0 +1,331 @@
/* Copyright (c) 2015, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#include <openssl/ssl.h>
#include <assert.h>
#include <string.h>
#include <openssl/aead.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/type_check.h>
#include "internal.h"
OPENSSL_COMPILE_ASSERT(EVP_AEAD_MAX_NONCE_LENGTH < 256,
variable_nonce_len_doesnt_fit_in_uint8_t);
SSL_AEAD_CTX *SSL_AEAD_CTX_new(enum evp_aead_direction_t direction,
uint16_t version, const SSL_CIPHER *cipher,
const uint8_t *enc_key, size_t enc_key_len,
const uint8_t *mac_key, size_t mac_key_len,
const uint8_t *fixed_iv, size_t fixed_iv_len) {
const EVP_AEAD *aead;
size_t discard;
if (!ssl_cipher_get_evp_aead(&aead, &discard, &discard, cipher, version)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
uint8_t merged_key[EVP_AEAD_MAX_KEY_LENGTH];
if (mac_key_len > 0) {
/* This is a "stateful" AEAD (for compatibility with pre-AEAD cipher
* suites). */
if (mac_key_len + enc_key_len + fixed_iv_len > sizeof(merged_key)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
memcpy(merged_key, mac_key, mac_key_len);
memcpy(merged_key + mac_key_len, enc_key, enc_key_len);
memcpy(merged_key + mac_key_len + enc_key_len, fixed_iv, fixed_iv_len);
enc_key = merged_key;
enc_key_len += mac_key_len;
enc_key_len += fixed_iv_len;
}
SSL_AEAD_CTX *aead_ctx = OPENSSL_malloc(sizeof(SSL_AEAD_CTX));
if (aead_ctx == NULL) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
return NULL;
}
memset(aead_ctx, 0, sizeof(SSL_AEAD_CTX));
aead_ctx->cipher = cipher;
if (!EVP_AEAD_CTX_init_with_direction(
&aead_ctx->ctx, aead, enc_key, enc_key_len,
EVP_AEAD_DEFAULT_TAG_LENGTH, direction)) {
OPENSSL_free(aead_ctx);
return NULL;
}
assert(EVP_AEAD_nonce_length(aead) <= EVP_AEAD_MAX_NONCE_LENGTH);
aead_ctx->variable_nonce_len = (uint8_t)EVP_AEAD_nonce_length(aead);
if (mac_key_len == 0) {
assert(fixed_iv_len <= sizeof(aead_ctx->fixed_nonce));
memcpy(aead_ctx->fixed_nonce, fixed_iv, fixed_iv_len);
aead_ctx->fixed_nonce_len = fixed_iv_len;
if (cipher->algorithm_enc & SSL_CHACHA20POLY1305) {
/* The fixed nonce into the actual nonce (the sequence number). */
aead_ctx->xor_fixed_nonce = 1;
aead_ctx->variable_nonce_len = 8;
} else {
/* The fixed IV is prepended to the nonce. */
assert(fixed_iv_len <= aead_ctx->variable_nonce_len);
aead_ctx->variable_nonce_len -= fixed_iv_len;
}
/* AES-GCM uses an explicit nonce. */
if (cipher->algorithm_enc & (SSL_AES128GCM | SSL_AES256GCM)) {
aead_ctx->variable_nonce_included_in_record = 1;
}
/* The TLS 1.3 construction XORs the fixed nonce into the sequence number
* and omits the additional data. */
if (version >= TLS1_3_VERSION) {
aead_ctx->xor_fixed_nonce = 1;
aead_ctx->variable_nonce_len = 8;
aead_ctx->variable_nonce_included_in_record = 0;
aead_ctx->omit_ad = 1;
assert(fixed_iv_len >= aead_ctx->variable_nonce_len);
}
} else {
assert(version < TLS1_3_VERSION);
aead_ctx->variable_nonce_included_in_record = 1;
aead_ctx->random_variable_nonce = 1;
aead_ctx->omit_length_in_ad = 1;
aead_ctx->omit_version_in_ad = (version == SSL3_VERSION);
}
return aead_ctx;
}
void SSL_AEAD_CTX_free(SSL_AEAD_CTX *aead) {
if (aead == NULL) {
return;
}
EVP_AEAD_CTX_cleanup(&aead->ctx);
OPENSSL_free(aead);
}
size_t SSL_AEAD_CTX_explicit_nonce_len(SSL_AEAD_CTX *aead) {
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
aead = NULL;
#endif
if (aead != NULL && aead->variable_nonce_included_in_record) {
return aead->variable_nonce_len;
}
return 0;
}
size_t SSL_AEAD_CTX_max_overhead(SSL_AEAD_CTX *aead) {
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
aead = NULL;
#endif
if (aead == NULL) {
return 0;
}
return EVP_AEAD_max_overhead(aead->ctx.aead) +
SSL_AEAD_CTX_explicit_nonce_len(aead);
}
/* ssl_aead_ctx_get_ad writes the additional data for |aead| into |out| and
* returns the number of bytes written. */
static size_t ssl_aead_ctx_get_ad(SSL_AEAD_CTX *aead, uint8_t out[13],
uint8_t type, uint16_t wire_version,
const uint8_t seqnum[8],
size_t plaintext_len) {
if (aead->omit_ad) {
return 0;
}
memcpy(out, seqnum, 8);
size_t len = 8;
out[len++] = type;
if (!aead->omit_version_in_ad) {
out[len++] = (uint8_t)(wire_version >> 8);
out[len++] = (uint8_t)wire_version;
}
if (!aead->omit_length_in_ad) {
out[len++] = (uint8_t)(plaintext_len >> 8);
out[len++] = (uint8_t)plaintext_len;
}
return len;
}
int SSL_AEAD_CTX_open(SSL_AEAD_CTX *aead, CBS *out, uint8_t type,
uint16_t wire_version, const uint8_t seqnum[8],
uint8_t *in, size_t in_len) {
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
aead = NULL;
#endif
if (aead == NULL) {
/* Handle the initial NULL cipher. */
CBS_init(out, in, in_len);
return 1;
}
/* TLS 1.2 AEADs include the length in the AD and are assumed to have fixed
* overhead. Otherwise the parameter is unused. */
size_t plaintext_len = 0;
if (!aead->omit_length_in_ad) {
size_t overhead = SSL_AEAD_CTX_max_overhead(aead);
if (in_len < overhead) {
/* Publicly invalid. */
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_PACKET_LENGTH);
return 0;
}
plaintext_len = in_len - overhead;
}
uint8_t ad[13];
size_t ad_len = ssl_aead_ctx_get_ad(aead, ad, type, wire_version, seqnum,
plaintext_len);
/* Assemble the nonce. */
uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH];
size_t nonce_len = 0;
/* Prepend the fixed nonce, or left-pad with zeros if XORing. */
if (aead->xor_fixed_nonce) {
nonce_len = aead->fixed_nonce_len - aead->variable_nonce_len;
memset(nonce, 0, nonce_len);
} else {
memcpy(nonce, aead->fixed_nonce, aead->fixed_nonce_len);
nonce_len += aead->fixed_nonce_len;
}
/* Add the variable nonce. */
if (aead->variable_nonce_included_in_record) {
if (in_len < aead->variable_nonce_len) {
/* Publicly invalid. */
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_PACKET_LENGTH);
return 0;
}
memcpy(nonce + nonce_len, in, aead->variable_nonce_len);
in += aead->variable_nonce_len;
in_len -= aead->variable_nonce_len;
} else {
assert(aead->variable_nonce_len == 8);
memcpy(nonce + nonce_len, seqnum, aead->variable_nonce_len);
}
nonce_len += aead->variable_nonce_len;
/* XOR the fixed nonce, if necessary. */
if (aead->xor_fixed_nonce) {
assert(nonce_len == aead->fixed_nonce_len);
size_t i;
for (i = 0; i < aead->fixed_nonce_len; i++) {
nonce[i] ^= aead->fixed_nonce[i];
}
}
/* Decrypt in-place. */
size_t len;
if (!EVP_AEAD_CTX_open(&aead->ctx, in, &len, in_len, nonce, nonce_len,
in, in_len, ad, ad_len)) {
return 0;
}
CBS_init(out, in, len);
return 1;
}
int SSL_AEAD_CTX_seal(SSL_AEAD_CTX *aead, uint8_t *out, size_t *out_len,
size_t max_out, uint8_t type, uint16_t wire_version,
const uint8_t seqnum[8], const uint8_t *in,
size_t in_len) {
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
aead = NULL;
#endif
if (aead == NULL) {
/* Handle the initial NULL cipher. */
if (in_len > max_out) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL);
return 0;
}
memmove(out, in, in_len);
*out_len = in_len;
return 1;
}
uint8_t ad[13];
size_t ad_len = ssl_aead_ctx_get_ad(aead, ad, type, wire_version, seqnum,
in_len);
/* Assemble the nonce. */
uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH];
size_t nonce_len = 0;
/* Prepend the fixed nonce, or left-pad with zeros if XORing. */
if (aead->xor_fixed_nonce) {
nonce_len = aead->fixed_nonce_len - aead->variable_nonce_len;
memset(nonce, 0, nonce_len);
} else {
memcpy(nonce, aead->fixed_nonce, aead->fixed_nonce_len);
nonce_len += aead->fixed_nonce_len;
}
/* Select the variable nonce. */
if (aead->random_variable_nonce) {
assert(aead->variable_nonce_included_in_record);
if (!RAND_bytes(nonce + nonce_len, aead->variable_nonce_len)) {
return 0;
}
} else {
/* When sending we use the sequence number as the variable part of the
* nonce. */
assert(aead->variable_nonce_len == 8);
memcpy(nonce + nonce_len, seqnum, aead->variable_nonce_len);
}
nonce_len += aead->variable_nonce_len;
/* Emit the variable nonce if included in the record. */
size_t extra_len = 0;
if (aead->variable_nonce_included_in_record) {
assert(!aead->xor_fixed_nonce);
if (max_out < aead->variable_nonce_len) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL);
return 0;
}
if (out < in + in_len && in < out + aead->variable_nonce_len) {
OPENSSL_PUT_ERROR(SSL, SSL_R_OUTPUT_ALIASES_INPUT);
return 0;
}
memcpy(out, nonce + aead->fixed_nonce_len, aead->variable_nonce_len);
extra_len = aead->variable_nonce_len;
out += aead->variable_nonce_len;
max_out -= aead->variable_nonce_len;
}
/* XOR the fixed nonce, if necessary. */
if (aead->xor_fixed_nonce) {
assert(nonce_len == aead->fixed_nonce_len);
size_t i;
for (i = 0; i < aead->fixed_nonce_len; i++) {
nonce[i] ^= aead->fixed_nonce[i];
}
}
if (!EVP_AEAD_CTX_seal(&aead->ctx, out, out_len, max_out, nonce, nonce_len,
in, in_len, ad, ad_len)) {
return 0;
}
*out_len += extra_len;
return 1;
}

Some files were not shown because too many files have changed in this diff Show More