summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2003-03-22 08:02:04 +0000
committercvs2svn <admin@example.com>2003-03-22 08:02:04 +0000
commitdf32a1286ae06981a79e30b678165a784696be4b (patch)
tree3d70e9a28e2db2eee8cd542ce0ce859502668178 /src/lib/libssl/s3_lib.c
parent2850ebd15c3cfddf6fb7edcd08cb6b2c6f717be9 (diff)
downloadopenbsd-OPENBSD_3_3_BASE.tar.gz
openbsd-OPENBSD_3_3_BASE.tar.bz2
openbsd-OPENBSD_3_3_BASE.zip
This commit was manufactured by cvs2git to create tag 'OPENBSD_3_3_BASE'.OPENBSD_3_3_BASE
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
-rw-r--r--src/lib/libssl/s3_lib.c1682
1 files changed, 0 insertions, 1682 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
deleted file mode 100644
index cc0aeef511..0000000000
--- a/src/lib/libssl/s3_lib.c
+++ /dev/null
@@ -1,1682 +0,0 @@
1/* ssl/s3_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113#include <openssl/objects.h>
114#include "ssl_locl.h"
115#include "kssl_lcl.h"
116#include <openssl/md5.h>
117
118const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
119
120#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
121
122static long ssl3_default_timeout(void );
123
124OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
125/* The RSA ciphers */
126/* Cipher 01 */
127 {
128 1,
129 SSL3_TXT_RSA_NULL_MD5,
130 SSL3_CK_RSA_NULL_MD5,
131 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
132 SSL_NOT_EXP|SSL_STRONG_NONE,
133 0,
134 0,
135 0,
136 SSL_ALL_CIPHERS,
137 SSL_ALL_STRENGTHS,
138 },
139/* Cipher 02 */
140 {
141 1,
142 SSL3_TXT_RSA_NULL_SHA,
143 SSL3_CK_RSA_NULL_SHA,
144 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
145 SSL_NOT_EXP|SSL_STRONG_NONE,
146 0,
147 0,
148 0,
149 SSL_ALL_CIPHERS,
150 SSL_ALL_STRENGTHS,
151 },
152
153/* anon DH */
154/* Cipher 17 */
155 {
156 1,
157 SSL3_TXT_ADH_RC4_40_MD5,
158 SSL3_CK_ADH_RC4_40_MD5,
159 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
160 SSL_EXPORT|SSL_EXP40,
161 0,
162 40,
163 128,
164 SSL_ALL_CIPHERS,
165 SSL_ALL_STRENGTHS,
166 },
167/* Cipher 18 */
168 {
169 1,
170 SSL3_TXT_ADH_RC4_128_MD5,
171 SSL3_CK_ADH_RC4_128_MD5,
172 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
173 SSL_NOT_EXP|SSL_MEDIUM,
174 0,
175 128,
176 128,
177 SSL_ALL_CIPHERS,
178 SSL_ALL_STRENGTHS,
179 },
180/* Cipher 19 */
181 {
182 1,
183 SSL3_TXT_ADH_DES_40_CBC_SHA,
184 SSL3_CK_ADH_DES_40_CBC_SHA,
185 SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
186 SSL_EXPORT|SSL_EXP40,
187 0,
188 40,
189 128,
190 SSL_ALL_CIPHERS,
191 SSL_ALL_STRENGTHS,
192 },
193/* Cipher 1A */
194 {
195 1,
196 SSL3_TXT_ADH_DES_64_CBC_SHA,
197 SSL3_CK_ADH_DES_64_CBC_SHA,
198 SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3,
199 SSL_NOT_EXP|SSL_LOW,
200 0,
201 56,
202 56,
203 SSL_ALL_CIPHERS,
204 SSL_ALL_STRENGTHS,
205 },
206/* Cipher 1B */
207 {
208 1,
209 SSL3_TXT_ADH_DES_192_CBC_SHA,
210 SSL3_CK_ADH_DES_192_CBC_SHA,
211 SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
212 SSL_NOT_EXP|SSL_HIGH,
213 0,
214 168,
215 168,
216 SSL_ALL_CIPHERS,
217 SSL_ALL_STRENGTHS,
218 },
219
220/* RSA again */
221/* Cipher 03 */
222 {
223 1,
224 SSL3_TXT_RSA_RC4_40_MD5,
225 SSL3_CK_RSA_RC4_40_MD5,
226 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
227 SSL_EXPORT|SSL_EXP40,
228 0,
229 40,
230 128,
231 SSL_ALL_CIPHERS,
232 SSL_ALL_STRENGTHS,
233 },
234/* Cipher 04 */
235 {
236 1,
237 SSL3_TXT_RSA_RC4_128_MD5,
238 SSL3_CK_RSA_RC4_128_MD5,
239 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_SSLV3,
240 SSL_NOT_EXP|SSL_MEDIUM,
241 0,
242 128,
243 128,
244 SSL_ALL_CIPHERS,
245 SSL_ALL_STRENGTHS,
246 },
247/* Cipher 05 */
248 {
249 1,
250 SSL3_TXT_RSA_RC4_128_SHA,
251 SSL3_CK_RSA_RC4_128_SHA,
252 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3,
253 SSL_NOT_EXP|SSL_MEDIUM,
254 0,
255 128,
256 128,
257 SSL_ALL_CIPHERS,
258 SSL_ALL_STRENGTHS,
259 },
260/* Cipher 06 */
261 {
262 1,
263 SSL3_TXT_RSA_RC2_40_MD5,
264 SSL3_CK_RSA_RC2_40_MD5,
265 SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_SSLV3,
266 SSL_EXPORT|SSL_EXP40,
267 0,
268 40,
269 128,
270 SSL_ALL_CIPHERS,
271 SSL_ALL_STRENGTHS,
272 },
273/* Cipher 07 */
274#ifndef OPENSSL_NO_IDEA
275 {
276 1,
277 SSL3_TXT_RSA_IDEA_128_SHA,
278 SSL3_CK_RSA_IDEA_128_SHA,
279 SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3,
280 SSL_NOT_EXP|SSL_MEDIUM,
281 0,
282 128,
283 128,
284 SSL_ALL_CIPHERS,
285 SSL_ALL_STRENGTHS,
286 },
287#endif
288/* Cipher 08 */
289 {
290 1,
291 SSL3_TXT_RSA_DES_40_CBC_SHA,
292 SSL3_CK_RSA_DES_40_CBC_SHA,
293 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
294 SSL_EXPORT|SSL_EXP40,
295 0,
296 40,
297 56,
298 SSL_ALL_CIPHERS,
299 SSL_ALL_STRENGTHS,
300 },
301/* Cipher 09 */
302 {
303 1,
304 SSL3_TXT_RSA_DES_64_CBC_SHA,
305 SSL3_CK_RSA_DES_64_CBC_SHA,
306 SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
307 SSL_NOT_EXP|SSL_LOW,
308 0,
309 56,
310 56,
311 SSL_ALL_CIPHERS,
312 SSL_ALL_STRENGTHS,
313 },
314/* Cipher 0A */
315 {
316 1,
317 SSL3_TXT_RSA_DES_192_CBC3_SHA,
318 SSL3_CK_RSA_DES_192_CBC3_SHA,
319 SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
320 SSL_NOT_EXP|SSL_HIGH,
321 0,
322 168,
323 168,
324 SSL_ALL_CIPHERS,
325 SSL_ALL_STRENGTHS,
326 },
327
328/* The DH ciphers */
329/* Cipher 0B */
330 {
331 0,
332 SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
333 SSL3_CK_DH_DSS_DES_40_CBC_SHA,
334 SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
335 SSL_EXPORT|SSL_EXP40,
336 0,
337 40,
338 56,
339 SSL_ALL_CIPHERS,
340 SSL_ALL_STRENGTHS,
341 },
342/* Cipher 0C */
343 {
344 0,
345 SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
346 SSL3_CK_DH_DSS_DES_64_CBC_SHA,
347 SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
348 SSL_NOT_EXP|SSL_LOW,
349 0,
350 56,
351 56,
352 SSL_ALL_CIPHERS,
353 SSL_ALL_STRENGTHS,
354 },
355/* Cipher 0D */
356 {
357 0,
358 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
359 SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
360 SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
361 SSL_NOT_EXP|SSL_HIGH,
362 0,
363 168,
364 168,
365 SSL_ALL_CIPHERS,
366 SSL_ALL_STRENGTHS,
367 },
368/* Cipher 0E */
369 {
370 0,
371 SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
372 SSL3_CK_DH_RSA_DES_40_CBC_SHA,
373 SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
374 SSL_EXPORT|SSL_EXP40,
375 0,
376 40,
377 56,
378 SSL_ALL_CIPHERS,
379 SSL_ALL_STRENGTHS,
380 },
381/* Cipher 0F */
382 {
383 0,
384 SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
385 SSL3_CK_DH_RSA_DES_64_CBC_SHA,
386 SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
387 SSL_NOT_EXP|SSL_LOW,
388 0,
389 56,
390 56,
391 SSL_ALL_CIPHERS,
392 SSL_ALL_STRENGTHS,
393 },
394/* Cipher 10 */
395 {
396 0,
397 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
398 SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
399 SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
400 SSL_NOT_EXP|SSL_HIGH,
401 0,
402 168,
403 168,
404 SSL_ALL_CIPHERS,
405 SSL_ALL_STRENGTHS,
406 },
407
408/* The Ephemeral DH ciphers */
409/* Cipher 11 */
410 {
411 1,
412 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
413 SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
414 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
415 SSL_EXPORT|SSL_EXP40,
416 0,
417 40,
418 56,
419 SSL_ALL_CIPHERS,
420 SSL_ALL_STRENGTHS,
421 },
422/* Cipher 12 */
423 {
424 1,
425 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
426 SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
427 SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3,
428 SSL_NOT_EXP|SSL_LOW,
429 0,
430 56,
431 56,
432 SSL_ALL_CIPHERS,
433 SSL_ALL_STRENGTHS,
434 },
435/* Cipher 13 */
436 {
437 1,
438 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
439 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
440 SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
441 SSL_NOT_EXP|SSL_HIGH,
442 0,
443 168,
444 168,
445 SSL_ALL_CIPHERS,
446 SSL_ALL_STRENGTHS,
447 },
448/* Cipher 14 */
449 {
450 1,
451 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
452 SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
453 SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
454 SSL_EXPORT|SSL_EXP40,
455 0,
456 40,
457 56,
458 SSL_ALL_CIPHERS,
459 SSL_ALL_STRENGTHS,
460 },
461/* Cipher 15 */
462 {
463 1,
464 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
465 SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
466 SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
467 SSL_NOT_EXP|SSL_LOW,
468 0,
469 56,
470 56,
471 SSL_ALL_CIPHERS,
472 SSL_ALL_STRENGTHS,
473 },
474/* Cipher 16 */
475 {
476 1,
477 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
478 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
479 SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
480 SSL_NOT_EXP|SSL_HIGH,
481 0,
482 168,
483 168,
484 SSL_ALL_CIPHERS,
485 SSL_ALL_STRENGTHS,
486 },
487
488/* Fortezza */
489/* Cipher 1C */
490 {
491 0,
492 SSL3_TXT_FZA_DMS_NULL_SHA,
493 SSL3_CK_FZA_DMS_NULL_SHA,
494 SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
495 SSL_NOT_EXP|SSL_STRONG_NONE,
496 0,
497 0,
498 0,
499 SSL_ALL_CIPHERS,
500 SSL_ALL_STRENGTHS,
501 },
502
503/* Cipher 1D */
504 {
505 0,
506 SSL3_TXT_FZA_DMS_FZA_SHA,
507 SSL3_CK_FZA_DMS_FZA_SHA,
508 SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
509 SSL_NOT_EXP|SSL_STRONG_NONE,
510 0,
511 0,
512 0,
513 SSL_ALL_CIPHERS,
514 SSL_ALL_STRENGTHS,
515 },
516
517/* Cipher 1E */
518 {
519 0,
520 SSL3_TXT_FZA_DMS_RC4_SHA,
521 SSL3_CK_FZA_DMS_RC4_SHA,
522 SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3,
523 SSL_NOT_EXP|SSL_MEDIUM,
524 0,
525 128,
526 128,
527 SSL_ALL_CIPHERS,
528 SSL_ALL_STRENGTHS,
529 },
530
531#ifndef OPENSSL_NO_KRB5
532/* The Kerberos ciphers
533** 20000107 VRS: And the first shall be last,
534** in hopes of avoiding the lynx ssl renegotiation problem.
535*/
536/* Cipher 21 VRS */
537 {
538 1,
539 SSL3_TXT_KRB5_DES_40_CBC_SHA,
540 SSL3_CK_KRB5_DES_40_CBC_SHA,
541 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
542 SSL_EXPORT|SSL_EXP40,
543 0,
544 40,
545 56,
546 SSL_ALL_CIPHERS,
547 SSL_ALL_STRENGTHS,
548 },
549
550/* Cipher 22 VRS */
551 {
552 1,
553 SSL3_TXT_KRB5_DES_40_CBC_MD5,
554 SSL3_CK_KRB5_DES_40_CBC_MD5,
555 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3,
556 SSL_EXPORT|SSL_EXP40,
557 0,
558 40,
559 56,
560 SSL_ALL_CIPHERS,
561 SSL_ALL_STRENGTHS,
562 },
563
564/* Cipher 23 VRS */
565 {
566 1,
567 SSL3_TXT_KRB5_DES_64_CBC_SHA,
568 SSL3_CK_KRB5_DES_64_CBC_SHA,
569 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
570 SSL_NOT_EXP|SSL_LOW,
571 0,
572 56,
573 56,
574 SSL_ALL_CIPHERS,
575 SSL_ALL_STRENGTHS,
576 },
577
578/* Cipher 24 VRS */
579 {
580 1,
581 SSL3_TXT_KRB5_DES_64_CBC_MD5,
582 SSL3_CK_KRB5_DES_64_CBC_MD5,
583 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3,
584 SSL_NOT_EXP|SSL_LOW,
585 0,
586 56,
587 56,
588 SSL_ALL_CIPHERS,
589 SSL_ALL_STRENGTHS,
590 },
591
592/* Cipher 25 VRS */
593 {
594 1,
595 SSL3_TXT_KRB5_DES_192_CBC3_SHA,
596 SSL3_CK_KRB5_DES_192_CBC3_SHA,
597 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3,
598 SSL_NOT_EXP|SSL_HIGH,
599 0,
600 112,
601 168,
602 SSL_ALL_CIPHERS,
603 SSL_ALL_STRENGTHS,
604 },
605
606/* Cipher 26 VRS */
607 {
608 1,
609 SSL3_TXT_KRB5_DES_192_CBC3_MD5,
610 SSL3_CK_KRB5_DES_192_CBC3_MD5,
611 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3,
612 SSL_NOT_EXP|SSL_HIGH,
613 0,
614 112,
615 168,
616 SSL_ALL_CIPHERS,
617 SSL_ALL_STRENGTHS,
618 },
619#endif /* OPENSSL_NO_KRB5 */
620
621
622#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
623 /* New TLS Export CipherSuites */
624 /* Cipher 60 */
625 {
626 1,
627 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
628 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
629 SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
630 SSL_EXPORT|SSL_EXP56,
631 0,
632 56,
633 128,
634 SSL_ALL_CIPHERS,
635 SSL_ALL_STRENGTHS,
636 },
637 /* Cipher 61 */
638 {
639 1,
640 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
641 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
642 SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
643 SSL_EXPORT|SSL_EXP56,
644 0,
645 56,
646 128,
647 SSL_ALL_CIPHERS,
648 SSL_ALL_STRENGTHS,
649 },
650 /* Cipher 62 */
651 {
652 1,
653 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
654 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
655 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
656 SSL_EXPORT|SSL_EXP56,
657 0,
658 56,
659 56,
660 SSL_ALL_CIPHERS,
661 SSL_ALL_STRENGTHS,
662 },
663 /* Cipher 63 */
664 {
665 1,
666 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
667 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
668 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
669 SSL_EXPORT|SSL_EXP56,
670 0,
671 56,
672 56,
673 SSL_ALL_CIPHERS,
674 SSL_ALL_STRENGTHS,
675 },
676 /* Cipher 64 */
677 {
678 1,
679 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
680 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
681 SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
682 SSL_EXPORT|SSL_EXP56,
683 0,
684 56,
685 128,
686 SSL_ALL_CIPHERS,
687 SSL_ALL_STRENGTHS,
688 },
689 /* Cipher 65 */
690 {
691 1,
692 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
693 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
694 SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
695 SSL_EXPORT|SSL_EXP56,
696 0,
697 56,
698 128,
699 SSL_ALL_CIPHERS,
700 SSL_ALL_STRENGTHS,
701 },
702 /* Cipher 66 */
703 {
704 1,
705 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
706 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
707 SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
708 SSL_NOT_EXP|SSL_MEDIUM,
709 0,
710 128,
711 128,
712 SSL_ALL_CIPHERS,
713 SSL_ALL_STRENGTHS
714 },
715#endif
716 /* New AES ciphersuites */
717
718 /* Cipher 2F */
719 {
720 1,
721 TLS1_TXT_RSA_WITH_AES_128_SHA,
722 TLS1_CK_RSA_WITH_AES_128_SHA,
723 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
724 SSL_NOT_EXP|SSL_MEDIUM,
725 0,
726 128,
727 128,
728 SSL_ALL_CIPHERS,
729 SSL_ALL_STRENGTHS,
730 },
731 /* Cipher 30 */
732 {
733 0,
734 TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
735 TLS1_CK_DH_DSS_WITH_AES_128_SHA,
736 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
737 SSL_NOT_EXP|SSL_MEDIUM,
738 0,
739 128,
740 128,
741 SSL_ALL_CIPHERS,
742 SSL_ALL_STRENGTHS,
743 },
744 /* Cipher 31 */
745 {
746 0,
747 TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
748 TLS1_CK_DH_RSA_WITH_AES_128_SHA,
749 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
750 SSL_NOT_EXP|SSL_MEDIUM,
751 0,
752 128,
753 128,
754 SSL_ALL_CIPHERS,
755 SSL_ALL_STRENGTHS,
756 },
757 /* Cipher 32 */
758 {
759 1,
760 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
761 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
762 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
763 SSL_NOT_EXP|SSL_MEDIUM,
764 0,
765 128,
766 128,
767 SSL_ALL_CIPHERS,
768 SSL_ALL_STRENGTHS,
769 },
770 /* Cipher 33 */
771 {
772 1,
773 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
774 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
775 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
776 SSL_NOT_EXP|SSL_MEDIUM,
777 0,
778 128,
779 128,
780 SSL_ALL_CIPHERS,
781 SSL_ALL_STRENGTHS,
782 },
783 /* Cipher 34 */
784 {
785 1,
786 TLS1_TXT_ADH_WITH_AES_128_SHA,
787 TLS1_CK_ADH_WITH_AES_128_SHA,
788 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
789 SSL_NOT_EXP|SSL_MEDIUM,
790 0,
791 128,
792 128,
793 SSL_ALL_CIPHERS,
794 SSL_ALL_STRENGTHS,
795 },
796
797 /* Cipher 35 */
798 {
799 1,
800 TLS1_TXT_RSA_WITH_AES_256_SHA,
801 TLS1_CK_RSA_WITH_AES_256_SHA,
802 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
803 SSL_NOT_EXP|SSL_HIGH,
804 0,
805 256,
806 256,
807 SSL_ALL_CIPHERS,
808 SSL_ALL_STRENGTHS,
809 },
810 /* Cipher 36 */
811 {
812 0,
813 TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
814 TLS1_CK_DH_DSS_WITH_AES_256_SHA,
815 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
816 SSL_NOT_EXP|SSL_HIGH,
817 0,
818 256,
819 256,
820 SSL_ALL_CIPHERS,
821 SSL_ALL_STRENGTHS,
822 },
823 /* Cipher 37 */
824 {
825 0,
826 TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
827 TLS1_CK_DH_RSA_WITH_AES_256_SHA,
828 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
829 SSL_NOT_EXP|SSL_HIGH,
830 0,
831 256,
832 256,
833 SSL_ALL_CIPHERS,
834 SSL_ALL_STRENGTHS,
835 },
836 /* Cipher 38 */
837 {
838 1,
839 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
840 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
841 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
842 SSL_NOT_EXP|SSL_HIGH,
843 0,
844 256,
845 256,
846 SSL_ALL_CIPHERS,
847 SSL_ALL_STRENGTHS,
848 },
849 /* Cipher 39 */
850 {
851 1,
852 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
853 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
854 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
855 SSL_NOT_EXP|SSL_HIGH,
856 0,
857 256,
858 256,
859 SSL_ALL_CIPHERS,
860 SSL_ALL_STRENGTHS,
861 },
862 /* Cipher 3A */
863 {
864 1,
865 TLS1_TXT_ADH_WITH_AES_256_SHA,
866 TLS1_CK_ADH_WITH_AES_256_SHA,
867 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
868 SSL_NOT_EXP|SSL_HIGH,
869 0,
870 256,
871 256,
872 SSL_ALL_CIPHERS,
873 SSL_ALL_STRENGTHS,
874 },
875
876/* end of list */
877 };
878
879static SSL3_ENC_METHOD SSLv3_enc_data={
880 ssl3_enc,
881 ssl3_mac,
882 ssl3_setup_key_block,
883 ssl3_generate_master_secret,
884 ssl3_change_cipher_state,
885 ssl3_final_finish_mac,
886 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
887 ssl3_cert_verify_mac,
888 SSL3_MD_CLIENT_FINISHED_CONST,4,
889 SSL3_MD_SERVER_FINISHED_CONST,4,
890 ssl3_alert_code,
891 };
892
893static SSL_METHOD SSLv3_data= {
894 SSL3_VERSION,
895 ssl3_new,
896 ssl3_clear,
897 ssl3_free,
898 ssl_undefined_function,
899 ssl_undefined_function,
900 ssl3_read,
901 ssl3_peek,
902 ssl3_write,
903 ssl3_shutdown,
904 ssl3_renegotiate,
905 ssl3_renegotiate_check,
906 ssl3_ctrl,
907 ssl3_ctx_ctrl,
908 ssl3_get_cipher_by_char,
909 ssl3_put_cipher_by_char,
910 ssl3_pending,
911 ssl3_num_ciphers,
912 ssl3_get_cipher,
913 ssl_bad_method,
914 ssl3_default_timeout,
915 &SSLv3_enc_data,
916 ssl_undefined_function,
917 ssl3_callback_ctrl,
918 ssl3_ctx_callback_ctrl,
919 };
920
921static long ssl3_default_timeout(void)
922 {
923 /* 2 hours, the 24 hours mentioned in the SSLv3 spec
924 * is way too long for http, the cache would over fill */
925 return(60*60*2);
926 }
927
928SSL_METHOD *sslv3_base_method(void)
929 {
930 return(&SSLv3_data);
931 }
932
933int ssl3_num_ciphers(void)
934 {
935 return(SSL3_NUM_CIPHERS);
936 }
937
938SSL_CIPHER *ssl3_get_cipher(unsigned int u)
939 {
940 if (u < SSL3_NUM_CIPHERS)
941 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
942 else
943 return(NULL);
944 }
945
946int ssl3_pending(SSL *s)
947 {
948 if (s->rstate == SSL_ST_READ_BODY)
949 return 0;
950
951 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
952 }
953
954int ssl3_new(SSL *s)
955 {
956 SSL3_STATE *s3;
957
958 if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
959 memset(s3,0,sizeof *s3);
960 EVP_MD_CTX_init(&s3->finish_dgst1);
961 EVP_MD_CTX_init(&s3->finish_dgst2);
962
963 s->s3=s3;
964
965 s->method->ssl_clear(s);
966 return(1);
967err:
968 return(0);
969 }
970
971void ssl3_free(SSL *s)
972 {
973 if(s == NULL)
974 return;
975
976 ssl3_cleanup_key_block(s);
977 if (s->s3->rbuf.buf != NULL)
978 OPENSSL_free(s->s3->rbuf.buf);
979 if (s->s3->wbuf.buf != NULL)
980 OPENSSL_free(s->s3->wbuf.buf);
981 if (s->s3->rrec.comp != NULL)
982 OPENSSL_free(s->s3->rrec.comp);
983#ifndef OPENSSL_NO_DH
984 if (s->s3->tmp.dh != NULL)
985 DH_free(s->s3->tmp.dh);
986#endif
987 if (s->s3->tmp.ca_names != NULL)
988 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
989 EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
990 EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
991 memset(s->s3,0,sizeof *s->s3);
992 OPENSSL_free(s->s3);
993 s->s3=NULL;
994 }
995
996void ssl3_clear(SSL *s)
997 {
998 unsigned char *rp,*wp;
999 size_t rlen, wlen;
1000
1001 ssl3_cleanup_key_block(s);
1002 if (s->s3->tmp.ca_names != NULL)
1003 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
1004
1005 if (s->s3->rrec.comp != NULL)
1006 {
1007 OPENSSL_free(s->s3->rrec.comp);
1008 s->s3->rrec.comp=NULL;
1009 }
1010#ifndef OPENSSL_NO_DH
1011 if (s->s3->tmp.dh != NULL)
1012 DH_free(s->s3->tmp.dh);
1013#endif
1014
1015 rp = s->s3->rbuf.buf;
1016 wp = s->s3->wbuf.buf;
1017 rlen = s->s3->rbuf.len;
1018 wlen = s->s3->wbuf.len;
1019
1020 EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
1021 EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
1022
1023 memset(s->s3,0,sizeof *s->s3);
1024 s->s3->rbuf.buf = rp;
1025 s->s3->wbuf.buf = wp;
1026 s->s3->rbuf.len = rlen;
1027 s->s3->wbuf.len = wlen;
1028
1029 ssl_free_wbio_buffer(s);
1030
1031 s->packet_length=0;
1032 s->s3->renegotiate=0;
1033 s->s3->total_renegotiations=0;
1034 s->s3->num_renegotiations=0;
1035 s->s3->in_read_app_data=0;
1036 s->version=SSL3_VERSION;
1037 }
1038
1039long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
1040 {
1041 int ret=0;
1042
1043#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
1044 if (
1045#ifndef OPENSSL_NO_RSA
1046 cmd == SSL_CTRL_SET_TMP_RSA ||
1047 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
1048#endif
1049#ifndef OPENSSL_NO_DSA
1050 cmd == SSL_CTRL_SET_TMP_DH ||
1051 cmd == SSL_CTRL_SET_TMP_DH_CB ||
1052#endif
1053 0)
1054 {
1055 if (!ssl_cert_inst(&s->cert))
1056 {
1057 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
1058 return(0);
1059 }
1060 }
1061#endif
1062
1063 switch (cmd)
1064 {
1065 case SSL_CTRL_GET_SESSION_REUSED:
1066 ret=s->hit;
1067 break;
1068 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
1069 break;
1070 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
1071 ret=s->s3->num_renegotiations;
1072 break;
1073 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
1074 ret=s->s3->num_renegotiations;
1075 s->s3->num_renegotiations=0;
1076 break;
1077 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
1078 ret=s->s3->total_renegotiations;
1079 break;
1080 case SSL_CTRL_GET_FLAGS:
1081 ret=(int)(s->s3->flags);
1082 break;
1083#ifndef OPENSSL_NO_RSA
1084 case SSL_CTRL_NEED_TMP_RSA:
1085 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
1086 ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
1087 (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
1088 ret = 1;
1089 break;
1090 case SSL_CTRL_SET_TMP_RSA:
1091 {
1092 RSA *rsa = (RSA *)parg;
1093 if (rsa == NULL)
1094 {
1095 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
1096 return(ret);
1097 }
1098 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
1099 {
1100 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
1101 return(ret);
1102 }
1103 if (s->cert->rsa_tmp != NULL)
1104 RSA_free(s->cert->rsa_tmp);
1105 s->cert->rsa_tmp = rsa;
1106 ret = 1;
1107 }
1108 break;
1109 case SSL_CTRL_SET_TMP_RSA_CB:
1110 {
1111 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1112 return(ret);
1113 }
1114 break;
1115#endif
1116#ifndef OPENSSL_NO_DH
1117 case SSL_CTRL_SET_TMP_DH:
1118 {
1119 DH *dh = (DH *)parg;
1120 if (dh == NULL)
1121 {
1122 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
1123 return(ret);
1124 }
1125 if ((dh = DHparams_dup(dh)) == NULL)
1126 {
1127 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
1128 return(ret);
1129 }
1130 if (!(s->options & SSL_OP_SINGLE_DH_USE))
1131 {
1132 if (!DH_generate_key(dh))
1133 {
1134 DH_free(dh);
1135 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
1136 return(ret);
1137 }
1138 }
1139 if (s->cert->dh_tmp != NULL)
1140 DH_free(s->cert->dh_tmp);
1141 s->cert->dh_tmp = dh;
1142 ret = 1;
1143 }
1144 break;
1145 case SSL_CTRL_SET_TMP_DH_CB:
1146 {
1147 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1148 return(ret);
1149 }
1150 break;
1151#endif
1152 default:
1153 break;
1154 }
1155 return(ret);
1156 }
1157
1158long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
1159 {
1160 int ret=0;
1161
1162#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
1163 if (
1164#ifndef OPENSSL_NO_RSA
1165 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
1166#endif
1167#ifndef OPENSSL_NO_DSA
1168 cmd == SSL_CTRL_SET_TMP_DH_CB ||
1169#endif
1170 0)
1171 {
1172 if (!ssl_cert_inst(&s->cert))
1173 {
1174 SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
1175 return(0);
1176 }
1177 }
1178#endif
1179
1180 switch (cmd)
1181 {
1182#ifndef OPENSSL_NO_RSA
1183 case SSL_CTRL_SET_TMP_RSA_CB:
1184 {
1185 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
1186 }
1187 break;
1188#endif
1189#ifndef OPENSSL_NO_DH
1190 case SSL_CTRL_SET_TMP_DH_CB:
1191 {
1192 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
1193 }
1194 break;
1195#endif
1196 default:
1197 break;
1198 }
1199 return(ret);
1200 }
1201
1202long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
1203 {
1204 CERT *cert;
1205
1206 cert=ctx->cert;
1207
1208 switch (cmd)
1209 {
1210#ifndef OPENSSL_NO_RSA
1211 case SSL_CTRL_NEED_TMP_RSA:
1212 if ( (cert->rsa_tmp == NULL) &&
1213 ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
1214 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
1215 )
1216 return(1);
1217 else
1218 return(0);
1219 /* break; */
1220 case SSL_CTRL_SET_TMP_RSA:
1221 {
1222 RSA *rsa;
1223 int i;
1224
1225 rsa=(RSA *)parg;
1226 i=1;
1227 if (rsa == NULL)
1228 i=0;
1229 else
1230 {
1231 if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
1232 i=0;
1233 }
1234 if (!i)
1235 {
1236 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
1237 return(0);
1238 }
1239 else
1240 {
1241 if (cert->rsa_tmp != NULL)
1242 RSA_free(cert->rsa_tmp);
1243 cert->rsa_tmp=rsa;
1244 return(1);
1245 }
1246 }
1247 /* break; */
1248 case SSL_CTRL_SET_TMP_RSA_CB:
1249 {
1250 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1251 return(0);
1252 }
1253 break;
1254#endif
1255#ifndef OPENSSL_NO_DH
1256 case SSL_CTRL_SET_TMP_DH:
1257 {
1258 DH *new=NULL,*dh;
1259
1260 dh=(DH *)parg;
1261 if ((new=DHparams_dup(dh)) == NULL)
1262 {
1263 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
1264 return 0;
1265 }
1266 if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
1267 {
1268 if (!DH_generate_key(new))
1269 {
1270 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
1271 DH_free(new);
1272 return 0;
1273 }
1274 }
1275 if (cert->dh_tmp != NULL)
1276 DH_free(cert->dh_tmp);
1277 cert->dh_tmp=new;
1278 return 1;
1279 }
1280 /*break; */
1281 case SSL_CTRL_SET_TMP_DH_CB:
1282 {
1283 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1284 return(0);
1285 }
1286 break;
1287#endif
1288 /* A Thawte special :-) */
1289 case SSL_CTRL_EXTRA_CHAIN_CERT:
1290 if (ctx->extra_certs == NULL)
1291 {
1292 if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
1293 return(0);
1294 }
1295 sk_X509_push(ctx->extra_certs,(X509 *)parg);
1296 break;
1297
1298 default:
1299 return(0);
1300 }
1301 return(1);
1302 }
1303
1304long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
1305 {
1306 CERT *cert;
1307
1308 cert=ctx->cert;
1309
1310 switch (cmd)
1311 {
1312#ifndef OPENSSL_NO_RSA
1313 case SSL_CTRL_SET_TMP_RSA_CB:
1314 {
1315 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
1316 }
1317 break;
1318#endif
1319#ifndef OPENSSL_NO_DH
1320 case SSL_CTRL_SET_TMP_DH_CB:
1321 {
1322 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
1323 }
1324 break;
1325#endif
1326 default:
1327 return(0);
1328 }
1329 return(1);
1330 }
1331
1332/* This function needs to check if the ciphers required are actually
1333 * available */
1334SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
1335 {
1336 static int init=1;
1337 static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
1338 SSL_CIPHER c,*cp= &c,**cpp;
1339 unsigned long id;
1340 int i;
1341
1342 if (init)
1343 {
1344 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
1345
1346 for (i=0; i<SSL3_NUM_CIPHERS; i++)
1347 sorted[i]= &(ssl3_ciphers[i]);
1348
1349 qsort( (char *)sorted,
1350 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
1351 FP_ICC ssl_cipher_ptr_id_cmp);
1352
1353 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
1354
1355 init=0;
1356 }
1357
1358 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
1359 c.id=id;
1360 cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
1361 (char *)sorted,
1362 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
1363 FP_ICC ssl_cipher_ptr_id_cmp);
1364 if ((cpp == NULL) || !(*cpp)->valid)
1365 return(NULL);
1366 else
1367 return(*cpp);
1368 }
1369
1370int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
1371 {
1372 long l;
1373
1374 if (p != NULL)
1375 {
1376 l=c->id;
1377 if ((l & 0xff000000) != 0x03000000) return(0);
1378 p[0]=((unsigned char)(l>> 8L))&0xFF;
1379 p[1]=((unsigned char)(l ))&0xFF;
1380 }
1381 return(2);
1382 }
1383
1384SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
1385 STACK_OF(SSL_CIPHER) *srvr)
1386 {
1387 SSL_CIPHER *c,*ret=NULL;
1388 STACK_OF(SSL_CIPHER) *prio, *allow;
1389 int i,j,ok;
1390 CERT *cert;
1391 unsigned long alg,mask,emask;
1392
1393 /* Let's see which ciphers we can support */
1394 cert=s->cert;
1395
1396#if 0
1397 /* Do not set the compare functions, because this may lead to a
1398 * reordering by "id". We want to keep the original ordering.
1399 * We may pay a price in performance during sk_SSL_CIPHER_find(),
1400 * but would have to pay with the price of sk_SSL_CIPHER_dup().
1401 */
1402 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
1403 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
1404#endif
1405
1406#ifdef CIPHER_DEBUG
1407 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr);
1408 for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
1409 {
1410 c=sk_SSL_CIPHER_value(srvr,i);
1411 printf("%p:%s\n",c,c->name);
1412 }
1413 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt);
1414 for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
1415 {
1416 c=sk_SSL_CIPHER_value(clnt,i);
1417 printf("%p:%s\n",c,c->name);
1418 }
1419#endif
1420
1421 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
1422 {
1423 prio = srvr;
1424 allow = clnt;
1425 }
1426 else
1427 {
1428 prio = clnt;
1429 allow = srvr;
1430 }
1431
1432 for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
1433 {
1434 c=sk_SSL_CIPHER_value(prio,i);
1435
1436 ssl_set_cert_masks(cert,c);
1437 mask=cert->mask;
1438 emask=cert->export_mask;
1439
1440#ifdef KSSL_DEBUG
1441 printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);
1442#endif /* KSSL_DEBUG */
1443
1444 alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
1445#ifndef OPENSSL_NO_KRB5
1446 if (alg & SSL_KRB5)
1447 {
1448 if ( !kssl_keytab_is_available(s->kssl_ctx) )
1449 continue;
1450 }
1451#endif /* OPENSSL_NO_KRB5 */
1452 if (SSL_C_IS_EXPORT(c))
1453 {
1454 ok=((alg & emask) == alg)?1:0;
1455#ifdef CIPHER_DEBUG
1456 printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,
1457 c,c->name);
1458#endif
1459 }
1460 else
1461 {
1462 ok=((alg & mask) == alg)?1:0;
1463#ifdef CIPHER_DEBUG
1464 printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,
1465 c->name);
1466#endif
1467 }
1468
1469 if (!ok) continue;
1470
1471 j=sk_SSL_CIPHER_find(allow,c);
1472 if (j >= 0)
1473 {
1474 ret=sk_SSL_CIPHER_value(allow,j);
1475 break;
1476 }
1477 }
1478 return(ret);
1479 }
1480
1481int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
1482 {
1483 int ret=0;
1484 unsigned long alg;
1485
1486 alg=s->s3->tmp.new_cipher->algorithms;
1487
1488#ifndef OPENSSL_NO_DH
1489 if (alg & (SSL_kDHr|SSL_kEDH))
1490 {
1491# ifndef OPENSSL_NO_RSA
1492 p[ret++]=SSL3_CT_RSA_FIXED_DH;
1493# endif
1494# ifndef OPENSSL_NO_DSA
1495 p[ret++]=SSL3_CT_DSS_FIXED_DH;
1496# endif
1497 }
1498 if ((s->version == SSL3_VERSION) &&
1499 (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
1500 {
1501# ifndef OPENSSL_NO_RSA
1502 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
1503# endif
1504# ifndef OPENSSL_NO_DSA
1505 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
1506# endif
1507 }
1508#endif /* !OPENSSL_NO_DH */
1509#ifndef OPENSSL_NO_RSA
1510 p[ret++]=SSL3_CT_RSA_SIGN;
1511#endif
1512#ifndef OPENSSL_NO_DSA
1513 p[ret++]=SSL3_CT_DSS_SIGN;
1514#endif
1515 return(ret);
1516 }
1517
1518int ssl3_shutdown(SSL *s)
1519 {
1520
1521 /* Don't do anything much if we have not done the handshake or
1522 * we don't want to send messages :-) */
1523 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
1524 {
1525 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
1526 return(1);
1527 }
1528
1529 if (!(s->shutdown & SSL_SENT_SHUTDOWN))
1530 {
1531 s->shutdown|=SSL_SENT_SHUTDOWN;
1532#if 1
1533 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
1534#endif
1535 /* our shutdown alert has been sent now, and if it still needs
1536 * to be written, s->s3->alert_dispatch will be true */
1537 }
1538 else if (s->s3->alert_dispatch)
1539 {
1540 /* resend it if not sent */
1541#if 1
1542 ssl3_dispatch_alert(s);
1543#endif
1544 }
1545 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
1546 {
1547 /* If we are waiting for a close from our peer, we are closed */
1548 ssl3_read_bytes(s,0,NULL,0,0);
1549 }
1550
1551 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
1552 !s->s3->alert_dispatch)
1553 return(1);
1554 else
1555 return(0);
1556 }
1557
1558int ssl3_write(SSL *s, const void *buf, int len)
1559 {
1560 int ret,n;
1561
1562#if 0
1563 if (s->shutdown & SSL_SEND_SHUTDOWN)
1564 {
1565 s->rwstate=SSL_NOTHING;
1566 return(0);
1567 }
1568#endif
1569 clear_sys_error();
1570 if (s->s3->renegotiate) ssl3_renegotiate_check(s);
1571
1572 /* This is an experimental flag that sends the
1573 * last handshake message in the same packet as the first
1574 * use data - used to see if it helps the TCP protocol during
1575 * session-id reuse */
1576 /* The second test is because the buffer may have been removed */
1577 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
1578 {
1579 /* First time through, we write into the buffer */
1580 if (s->s3->delay_buf_pop_ret == 0)
1581 {
1582 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
1583 buf,len);
1584 if (ret <= 0) return(ret);
1585
1586 s->s3->delay_buf_pop_ret=ret;
1587 }
1588
1589 s->rwstate=SSL_WRITING;
1590 n=BIO_flush(s->wbio);
1591 if (n <= 0) return(n);
1592 s->rwstate=SSL_NOTHING;
1593
1594 /* We have flushed the buffer, so remove it */
1595 ssl_free_wbio_buffer(s);
1596 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
1597
1598 ret=s->s3->delay_buf_pop_ret;
1599 s->s3->delay_buf_pop_ret=0;
1600 }
1601 else
1602 {
1603 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
1604 buf,len);
1605 if (ret <= 0) return(ret);
1606 }
1607
1608 return(ret);
1609 }
1610
1611static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
1612 {
1613 int ret;
1614
1615 clear_sys_error();
1616 if (s->s3->renegotiate) ssl3_renegotiate_check(s);
1617 s->s3->in_read_app_data=1;
1618 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
1619 if ((ret == -1) && (s->s3->in_read_app_data == 2))
1620 {
1621 /* ssl3_read_bytes decided to call s->handshake_func, which
1622 * called ssl3_read_bytes to read handshake data.
1623 * However, ssl3_read_bytes actually found application data
1624 * and thinks that application data makes sense here; so disable
1625 * handshake processing and try to read application data again. */
1626 s->in_handshake++;
1627 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
1628 s->in_handshake--;
1629 }
1630 else
1631 s->s3->in_read_app_data=0;
1632
1633 return(ret);
1634 }
1635
1636int ssl3_read(SSL *s, void *buf, int len)
1637 {
1638 return ssl3_read_internal(s, buf, len, 0);
1639 }
1640
1641int ssl3_peek(SSL *s, void *buf, int len)
1642 {
1643 return ssl3_read_internal(s, buf, len, 1);
1644 }
1645
1646int ssl3_renegotiate(SSL *s)
1647 {
1648 if (s->handshake_func == NULL)
1649 return(1);
1650
1651 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
1652 return(0);
1653
1654 s->s3->renegotiate=1;
1655 return(1);
1656 }
1657
1658int ssl3_renegotiate_check(SSL *s)
1659 {
1660 int ret=0;
1661
1662 if (s->s3->renegotiate)
1663 {
1664 if ( (s->s3->rbuf.left == 0) &&
1665 (s->s3->wbuf.left == 0) &&
1666 !SSL_in_init(s))
1667 {
1668/*
1669if we are the server, and we have sent a 'RENEGOTIATE' message, we
1670need to go to SSL_ST_ACCEPT.
1671*/
1672 /* SSL_ST_ACCEPT */
1673 s->state=SSL_ST_RENEGOTIATE;
1674 s->s3->renegotiate=0;
1675 s->s3->num_renegotiations++;
1676 s->s3->total_renegotiations++;
1677 ret=1;
1678 }
1679 }
1680 return(ret);
1681 }
1682
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 11:13:24 +0000