summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
authorbeck <>1999-09-29 04:37:45 +0000
committerbeck <>1999-09-29 04:37:45 +0000
commitde8f24ea083384bb66b32ec105dc4743c5663cdf (patch)
tree1412176ae62a3cab2cf2b0b92150fcbceaac6092 /src/lib/libssl/s3_lib.c
parentcb929d29896bcb87c2a97417fbd03e50078fc178 (diff)
downloadopenbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.tar.gz
openbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.tar.bz2
openbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.zip
OpenSSL 0.9.4 merge
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
-rw-r--r--src/lib/libssl/s3_lib.c382
1 files changed, 264 insertions, 118 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 0fd945025d..aeff6b5c5b 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -57,20 +57,18 @@
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "objects.h" 60#include <openssl/md5.h>
61#include <openssl/sha.h>
62#include <openssl/objects.h>
61#include "ssl_locl.h" 63#include "ssl_locl.h"
62 64
63char *ssl3_version_str="SSLv3 part of SSLeay 0.9.0b 29-Jun-1998"; 65const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
64 66
65#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) 67#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
66 68
67#ifndef NOPROTO
68static long ssl3_default_timeout(void ); 69static long ssl3_default_timeout(void );
69#else
70static long ssl3_default_timeout();
71#endif
72 70
73SSL_CIPHER ssl3_ciphers[]={ 71OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
74/* The RSA ciphers */ 72/* The RSA ciphers */
75/* Cipher 01 */ 73/* Cipher 01 */
76 { 74 {
@@ -97,7 +95,7 @@ SSL_CIPHER ssl3_ciphers[]={
97 1, 95 1,
98 SSL3_TXT_ADH_RC4_40_MD5, 96 SSL3_TXT_ADH_RC4_40_MD5,
99 SSL3_CK_ADH_RC4_40_MD5, 97 SSL3_CK_ADH_RC4_40_MD5,
100 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_EXP|SSL_SSLV3, 98 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
101 0, 99 0,
102 SSL_ALL_CIPHERS, 100 SSL_ALL_CIPHERS,
103 }, 101 },
@@ -115,7 +113,7 @@ SSL_CIPHER ssl3_ciphers[]={
115 1, 113 1,
116 SSL3_TXT_ADH_DES_40_CBC_SHA, 114 SSL3_TXT_ADH_DES_40_CBC_SHA,
117 SSL3_CK_ADH_DES_40_CBC_SHA, 115 SSL3_CK_ADH_DES_40_CBC_SHA,
118 SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, 116 SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
119 0, 117 0,
120 SSL_ALL_CIPHERS, 118 SSL_ALL_CIPHERS,
121 }, 119 },
@@ -144,7 +142,7 @@ SSL_CIPHER ssl3_ciphers[]={
144 1, 142 1,
145 SSL3_TXT_RSA_RC4_40_MD5, 143 SSL3_TXT_RSA_RC4_40_MD5,
146 SSL3_CK_RSA_RC4_40_MD5, 144 SSL3_CK_RSA_RC4_40_MD5,
147 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_EXP|SSL_SSLV3, 145 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
148 0, 146 0,
149 SSL_ALL_CIPHERS, 147 SSL_ALL_CIPHERS,
150 }, 148 },
@@ -171,7 +169,7 @@ SSL_CIPHER ssl3_ciphers[]={
171 1, 169 1,
172 SSL3_TXT_RSA_RC2_40_MD5, 170 SSL3_TXT_RSA_RC2_40_MD5,
173 SSL3_CK_RSA_RC2_40_MD5, 171 SSL3_CK_RSA_RC2_40_MD5,
174 SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_EXP|SSL_SSLV3, 172 SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
175 0, 173 0,
176 SSL_ALL_CIPHERS, 174 SSL_ALL_CIPHERS,
177 }, 175 },
@@ -189,7 +187,7 @@ SSL_CIPHER ssl3_ciphers[]={
189 1, 187 1,
190 SSL3_TXT_RSA_DES_40_CBC_SHA, 188 SSL3_TXT_RSA_DES_40_CBC_SHA,
191 SSL3_CK_RSA_DES_40_CBC_SHA, 189 SSL3_CK_RSA_DES_40_CBC_SHA,
192 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, 190 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
193 0, 191 0,
194 SSL_ALL_CIPHERS, 192 SSL_ALL_CIPHERS,
195 }, 193 },
@@ -218,7 +216,7 @@ SSL_CIPHER ssl3_ciphers[]={
218 0, 216 0,
219 SSL3_TXT_DH_DSS_DES_40_CBC_SHA, 217 SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
220 SSL3_CK_DH_DSS_DES_40_CBC_SHA, 218 SSL3_CK_DH_DSS_DES_40_CBC_SHA,
221 SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, 219 SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
222 0, 220 0,
223 SSL_ALL_CIPHERS, 221 SSL_ALL_CIPHERS,
224 }, 222 },
@@ -245,7 +243,7 @@ SSL_CIPHER ssl3_ciphers[]={
245 0, 243 0,
246 SSL3_TXT_DH_RSA_DES_40_CBC_SHA, 244 SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
247 SSL3_CK_DH_RSA_DES_40_CBC_SHA, 245 SSL3_CK_DH_RSA_DES_40_CBC_SHA,
248 SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, 246 SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
249 0, 247 0,
250 SSL_ALL_CIPHERS, 248 SSL_ALL_CIPHERS,
251 }, 249 },
@@ -274,7 +272,7 @@ SSL_CIPHER ssl3_ciphers[]={
274 1, 272 1,
275 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 273 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
276 SSL3_CK_EDH_DSS_DES_40_CBC_SHA, 274 SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
277 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, 275 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
278 0, 276 0,
279 SSL_ALL_CIPHERS, 277 SSL_ALL_CIPHERS,
280 }, 278 },
@@ -301,7 +299,7 @@ SSL_CIPHER ssl3_ciphers[]={
301 1, 299 1,
302 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 300 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
303 SSL3_CK_EDH_RSA_DES_40_CBC_SHA, 301 SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
304 SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, 302 SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
305 0, 303 0,
306 SSL_ALL_CIPHERS, 304 SSL_ALL_CIPHERS,
307 }, 305 },
@@ -355,6 +353,73 @@ SSL_CIPHER ssl3_ciphers[]={
355 SSL_ALL_CIPHERS, 353 SSL_ALL_CIPHERS,
356 }, 354 },
357 355
356#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
357 /* New TLS Export CipherSuites */
358 /* Cipher 60 */
359 {
360 1,
361 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
362 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
363 SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP56|SSL_TLSV1,
364 0,
365 SSL_ALL_CIPHERS
366 },
367 /* Cipher 61 */
368 {
369 1,
370 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
371 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
372 SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP56|SSL_TLSV1,
373 0,
374 SSL_ALL_CIPHERS
375 },
376 /* Cipher 62 */
377 {
378 1,
379 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
380 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
381 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1,
382 0,
383 SSL_ALL_CIPHERS
384 },
385 /* Cipher 63 */
386 {
387 1,
388 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
389 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
390 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1,
391 0,
392 SSL_ALL_CIPHERS
393 },
394 /* Cipher 64 */
395 {
396 1,
397 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
398 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
399 SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_EXP56|SSL_TLSV1,
400 0,
401 SSL_ALL_CIPHERS
402 },
403 /* Cipher 65 */
404 {
405 1,
406 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
407 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
408 SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_EXP56|SSL_TLSV1,
409 0,
410 SSL_ALL_CIPHERS
411 },
412 /* Cipher 66 */
413 {
414 1,
415 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
416 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
417 SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
418 0,
419 SSL_ALL_CIPHERS
420 },
421#endif
422
358/* end of list */ 423/* end of list */
359 }; 424 };
360 425
@@ -384,6 +449,7 @@ static SSL_METHOD SSLv3_data= {
384 ssl3_write, 449 ssl3_write,
385 ssl3_shutdown, 450 ssl3_shutdown,
386 ssl3_renegotiate, 451 ssl3_renegotiate,
452 ssl3_renegotiate_check,
387 ssl3_ctrl, 453 ssl3_ctrl,
388 ssl3_ctx_ctrl, 454 ssl3_ctx_ctrl,
389 ssl3_get_cipher_by_char, 455 ssl3_get_cipher_by_char,
@@ -396,25 +462,24 @@ static SSL_METHOD SSLv3_data= {
396 &SSLv3_enc_data, 462 &SSLv3_enc_data,
397 }; 463 };
398 464
399static long ssl3_default_timeout() 465static long ssl3_default_timeout(void)
400 { 466 {
401 /* 2 hours, the 24 hours mentioned in the SSLv3 spec 467 /* 2 hours, the 24 hours mentioned in the SSLv3 spec
402 * is way too long for http, the cache would over fill */ 468 * is way too long for http, the cache would over fill */
403 return(60*60*2); 469 return(60*60*2);
404 } 470 }
405 471
406SSL_METHOD *sslv3_base_method() 472SSL_METHOD *sslv3_base_method(void)
407 { 473 {
408 return(&SSLv3_data); 474 return(&SSLv3_data);
409 } 475 }
410 476
411int ssl3_num_ciphers() 477int ssl3_num_ciphers(void)
412 { 478 {
413 return(SSL3_NUM_CIPHERS); 479 return(SSL3_NUM_CIPHERS);
414 } 480 }
415 481
416SSL_CIPHER *ssl3_get_cipher(u) 482SSL_CIPHER *ssl3_get_cipher(unsigned int u)
417unsigned int u;
418 { 483 {
419 if (u < SSL3_NUM_CIPHERS) 484 if (u < SSL3_NUM_CIPHERS)
420 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); 485 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
@@ -423,14 +488,12 @@ unsigned int u;
423 } 488 }
424 489
425/* The problem is that it may not be the correct record type */ 490/* The problem is that it may not be the correct record type */
426int ssl3_pending(s) 491int ssl3_pending(SSL *s)
427SSL *s;
428 { 492 {
429 return(s->s3->rrec.length); 493 return(s->s3->rrec.length);
430 } 494 }
431 495
432int ssl3_new(s) 496int ssl3_new(SSL *s)
433SSL *s;
434 { 497 {
435 SSL3_CTX *s3; 498 SSL3_CTX *s3;
436 499
@@ -452,33 +515,42 @@ err:
452 return(0); 515 return(0);
453 } 516 }
454 517
455void ssl3_free(s) 518void ssl3_free(SSL *s)
456SSL *s;
457 { 519 {
520 if(s == NULL)
521 return;
522
458 ssl3_cleanup_key_block(s); 523 ssl3_cleanup_key_block(s);
459 if (s->s3->rbuf.buf != NULL) 524 if (s->s3->rbuf.buf != NULL)
460 Free(s->s3->rbuf.buf); 525 Free(s->s3->rbuf.buf);
461 if (s->s3->wbuf.buf != NULL) 526 if (s->s3->wbuf.buf != NULL)
462 Free(s->s3->wbuf.buf); 527 Free(s->s3->wbuf.buf);
528 if (s->s3->rrec.comp != NULL)
529 Free(s->s3->rrec.comp);
463#ifndef NO_DH 530#ifndef NO_DH
464 if (s->s3->tmp.dh != NULL) 531 if (s->s3->tmp.dh != NULL)
465 DH_free(s->s3->tmp.dh); 532 DH_free(s->s3->tmp.dh);
466#endif 533#endif
467 if (s->s3->tmp.ca_names != NULL) 534 if (s->s3->tmp.ca_names != NULL)
468 sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 535 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
469 memset(s->s3,0,sizeof(SSL3_CTX)); 536 memset(s->s3,0,sizeof(SSL3_CTX));
470 Free(s->s3); 537 Free(s->s3);
471 s->s3=NULL; 538 s->s3=NULL;
472 } 539 }
473 540
474void ssl3_clear(s) 541void ssl3_clear(SSL *s)
475SSL *s;
476 { 542 {
477 unsigned char *rp,*wp; 543 unsigned char *rp,*wp;
478 544
479 ssl3_cleanup_key_block(s); 545 ssl3_cleanup_key_block(s);
480 if (s->s3->tmp.ca_names != NULL) 546 if (s->s3->tmp.ca_names != NULL)
481 sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 547 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
548
549 if (s->s3->rrec.comp != NULL)
550 {
551 Free(s->s3->rrec.comp);
552 s->s3->rrec.comp=NULL;
553 }
482 554
483 rp=s->s3->rbuf.buf; 555 rp=s->s3->rbuf.buf;
484 wp=s->s3->wbuf.buf; 556 wp=s->s3->wbuf.buf;
@@ -486,6 +558,9 @@ SSL *s;
486 memset(s->s3,0,sizeof(SSL3_CTX)); 558 memset(s->s3,0,sizeof(SSL3_CTX));
487 if (rp != NULL) s->s3->rbuf.buf=rp; 559 if (rp != NULL) s->s3->rbuf.buf=rp;
488 if (wp != NULL) s->s3->wbuf.buf=wp; 560 if (wp != NULL) s->s3->wbuf.buf=wp;
561
562 ssl_free_wbio_buffer(s);
563
489 s->packet_length=0; 564 s->packet_length=0;
490 s->s3->renegotiate=0; 565 s->s3->renegotiate=0;
491 s->s3->total_renegotiations=0; 566 s->s3->total_renegotiations=0;
@@ -494,14 +569,30 @@ SSL *s;
494 s->version=SSL3_VERSION; 569 s->version=SSL3_VERSION;
495 } 570 }
496 571
497long ssl3_ctrl(s,cmd,larg,parg) 572long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg)
498SSL *s;
499int cmd;
500long larg;
501char *parg;
502 { 573 {
503 int ret=0; 574 int ret=0;
504 575
576#if !defined(NO_DSA) || !defined(NO_RSA)
577 if (
578#ifndef NO_RSA
579 cmd == SSL_CTRL_SET_TMP_RSA ||
580 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
581#endif
582#ifndef NO_DSA
583 cmd == SSL_CTRL_SET_TMP_DH ||
584 cmd == SSL_CTRL_SET_TMP_DH_CB ||
585#endif
586 0)
587 {
588 if (!ssl_cert_inst(&s->cert))
589 {
590 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
591 return(0);
592 }
593 }
594#endif
595
505 switch (cmd) 596 switch (cmd)
506 { 597 {
507 case SSL_CTRL_GET_SESSION_REUSED: 598 case SSL_CTRL_GET_SESSION_REUSED:
@@ -519,21 +610,75 @@ char *parg;
519 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: 610 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
520 ret=s->s3->total_renegotiations; 611 ret=s->s3->total_renegotiations;
521 break; 612 break;
613 case SSL_CTRL_GET_FLAGS:
614 ret=(int)(s->s3->flags);
615 break;
616#ifndef NO_RSA
617 case SSL_CTRL_NEED_TMP_RSA:
618 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
619 ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
620 (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
621 ret = 1;
622 break;
623 case SSL_CTRL_SET_TMP_RSA:
624 {
625 RSA *rsa = (RSA *)parg;
626 if (rsa == NULL) {
627 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
628 return(ret);
629 }
630 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
631 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
632 return(ret);
633 }
634 if (s->cert->rsa_tmp != NULL)
635 RSA_free(s->cert->rsa_tmp);
636 s->cert->rsa_tmp = rsa;
637 ret = 1;
638 }
639 break;
640 case SSL_CTRL_SET_TMP_RSA_CB:
641 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))parg;
642 break;
643#endif
644#ifndef NO_DH
645 case SSL_CTRL_SET_TMP_DH:
646 {
647 DH *dh = (DH *)parg;
648 if (dh == NULL) {
649 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
650 return(ret);
651 }
652 if ((dh = DHparams_dup(dh)) == NULL) {
653 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
654 return(ret);
655 }
656 if (!DH_generate_key(dh)) {
657 DH_free(dh);
658 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
659 return(ret);
660 }
661 if (s->cert->dh_tmp != NULL)
662 DH_free(s->cert->dh_tmp);
663 s->cert->dh_tmp = dh;
664 ret = 1;
665 }
666 break;
667 case SSL_CTRL_SET_TMP_DH_CB:
668 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))parg;
669 break;
670#endif
522 default: 671 default:
523 break; 672 break;
524 } 673 }
525 return(ret); 674 return(ret);
526 } 675 }
527 676
528long ssl3_ctx_ctrl(ctx,cmd,larg,parg) 677long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
529SSL_CTX *ctx;
530int cmd;
531long larg;
532char *parg;
533 { 678 {
534 CERT *cert; 679 CERT *cert;
535 680
536 cert=ctx->default_cert; 681 cert=ctx->cert;
537 682
538 switch (cmd) 683 switch (cmd)
539 { 684 {
@@ -546,7 +691,7 @@ char *parg;
546 return(1); 691 return(1);
547 else 692 else
548 return(0); 693 return(0);
549 break; 694 /* break; */
550 case SSL_CTRL_SET_TMP_RSA: 695 case SSL_CTRL_SET_TMP_RSA:
551 { 696 {
552 RSA *rsa; 697 RSA *rsa;
@@ -574,15 +719,16 @@ char *parg;
574 return(1); 719 return(1);
575 } 720 }
576 } 721 }
577 break; 722 /* break; */
578 case SSL_CTRL_SET_TMP_RSA_CB: 723 case SSL_CTRL_SET_TMP_RSA_CB:
579 cert->rsa_tmp_cb=(RSA *(*)())parg; 724 cert->rsa_tmp_cb=(RSA *(*)(SSL *, int, int))parg;
580 break; 725 break;
581#endif 726#endif
582#ifndef NO_DH 727#ifndef NO_DH
583 case SSL_CTRL_SET_TMP_DH: 728 case SSL_CTRL_SET_TMP_DH:
584 { 729 {
585 DH *new=NULL,*dh; 730 DH *new=NULL,*dh;
731 int rret=0;
586 732
587 dh=(DH *)parg; 733 dh=(DH *)parg;
588 if ( ((new=DHparams_dup(dh)) == NULL) || 734 if ( ((new=DHparams_dup(dh)) == NULL) ||
@@ -590,21 +736,31 @@ char *parg;
590 { 736 {
591 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); 737 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
592 if (new != NULL) DH_free(new); 738 if (new != NULL) DH_free(new);
593 return(0);
594 } 739 }
595 else 740 else
596 { 741 {
597 if (cert->dh_tmp != NULL) 742 if (cert->dh_tmp != NULL)
598 DH_free(cert->dh_tmp); 743 DH_free(cert->dh_tmp);
599 cert->dh_tmp=new; 744 cert->dh_tmp=new;
600 return(1); 745 rret=1;
601 } 746 }
747 return(rret);
602 } 748 }
603 break; 749 /*break; */
604 case SSL_CTRL_SET_TMP_DH_CB: 750 case SSL_CTRL_SET_TMP_DH_CB:
605 cert->dh_tmp_cb=(DH *(*)())parg; 751 cert->dh_tmp_cb=(DH *(*)(SSL *, int, int))parg;
606 break; 752 break;
607#endif 753#endif
754 /* A Thawte special :-) */
755 case SSL_CTRL_EXTRA_CHAIN_CERT:
756 if (ctx->extra_certs == NULL)
757 {
758 if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
759 return(0);
760 }
761 sk_X509_push(ctx->extra_certs,(X509 *)parg);
762 break;
763
608 default: 764 default:
609 return(0); 765 return(0);
610 } 766 }
@@ -613,8 +769,7 @@ char *parg;
613 769
614/* This function needs to check if the ciphers required are actually 770/* This function needs to check if the ciphers required are actually
615 * available */ 771 * available */
616SSL_CIPHER *ssl3_get_cipher_by_char(p) 772SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
617unsigned char *p;
618 { 773 {
619 static int init=1; 774 static int init=1;
620 static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS]; 775 static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
@@ -624,7 +779,7 @@ unsigned char *p;
624 779
625 if (init) 780 if (init)
626 { 781 {
627 init=0; 782 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
628 783
629 for (i=0; i<SSL3_NUM_CIPHERS; i++) 784 for (i=0; i<SSL3_NUM_CIPHERS; i++)
630 sorted[i]= &(ssl3_ciphers[i]); 785 sorted[i]= &(ssl3_ciphers[i]);
@@ -632,6 +787,10 @@ unsigned char *p;
632 qsort( (char *)sorted, 787 qsort( (char *)sorted,
633 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *), 788 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
634 FP_ICC ssl_cipher_ptr_id_cmp); 789 FP_ICC ssl_cipher_ptr_id_cmp);
790
791 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
792
793 init=0;
635 } 794 }
636 795
637 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; 796 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
@@ -646,9 +805,7 @@ unsigned char *p;
646 return(*cpp); 805 return(*cpp);
647 } 806 }
648 807
649int ssl3_put_cipher_by_char(c,p) 808int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
650SSL_CIPHER *c;
651unsigned char *p;
652 { 809 {
653 long l; 810 long l;
654 811
@@ -662,9 +819,7 @@ unsigned char *p;
662 return(2); 819 return(2);
663 } 820 }
664 821
665int ssl3_part_read(s,i) 822int ssl3_part_read(SSL *s, int i)
666SSL *s;
667int i;
668 { 823 {
669 s->rwstate=SSL_READING; 824 s->rwstate=SSL_READING;
670 825
@@ -679,61 +834,67 @@ int i;
679 } 834 }
680 } 835 }
681 836
682SSL_CIPHER *ssl3_choose_cipher(s,have,pref) 837SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *have,
683SSL *s; 838 STACK_OF(SSL_CIPHER) *pref)
684STACK *have,*pref;
685 { 839 {
686 SSL_CIPHER *c,*ret=NULL; 840 SSL_CIPHER *c,*ret=NULL;
687 int i,j,ok; 841 int i,j,ok;
688 CERT *cert; 842 CERT *cert;
689 unsigned long alg,mask,emask; 843 unsigned long alg,mask,emask;
690 844
691 /* Lets see which ciphers we can supported */ 845 /* Let's see which ciphers we can support */
692 if (s->cert != NULL) 846 cert=s->cert;
693 cert=s->cert;
694 else
695 cert=s->ctx->default_cert;
696 847
697 ssl_set_cert_masks(cert); 848 sk_SSL_CIPHER_set_cmp_func(pref,ssl_cipher_ptr_id_cmp);
698 mask=cert->mask;
699 emask=cert->export_mask;
700
701 sk_set_cmp_func(pref,ssl_cipher_ptr_id_cmp);
702 849
703 for (i=0; i<sk_num(have); i++) 850#ifdef CIPHER_DEBUG
851 printf("Have:\n");
852 for(i=0 ; i < sk_num(pref) ; ++i)
853 {
854 c=(SSL_CIPHER *)sk_value(pref,i);
855 printf("%p:%s\n",c,c->name);
856 }
857#endif
858
859 for (i=0; i<sk_SSL_CIPHER_num(have); i++)
704 { 860 {
705 c=(SSL_CIPHER *)sk_value(have,i); 861 c=sk_SSL_CIPHER_value(have,i);
862
863 ssl_set_cert_masks(cert,c);
864 mask=cert->mask;
865 emask=cert->export_mask;
866
706 alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); 867 alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
707 if (alg & SSL_EXPORT) 868 if (SSL_IS_EXPORT(c->algorithms))
708 { 869 {
709 ok=((alg & emask) == alg)?1:0; 870 ok=((alg & emask) == alg)?1:0;
710#ifdef CIPHER_DEBUG 871#ifdef CIPHER_DEBUG
711 printf("%d:[%08lX:%08lX]%s\n",ok,alg,mask,c->name); 872 printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,
873 c,c->name);
712#endif 874#endif
713 } 875 }
714 else 876 else
715 { 877 {
716 ok=((alg & mask) == alg)?1:0; 878 ok=((alg & mask) == alg)?1:0;
717#ifdef CIPHER_DEBUG 879#ifdef CIPHER_DEBUG
718 printf("%d:[%08lX:%08lX]%s\n",ok,alg,mask,c->name); 880 printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,
881 c->name);
719#endif 882#endif
720 } 883 }
721 884
722 if (!ok) continue; 885 if (!ok) continue;
723 886
724 j=sk_find(pref,(char *)c); 887 j=sk_SSL_CIPHER_find(pref,c);
725 if (j >= 0) 888 if (j >= 0)
726 { 889 {
727 ret=(SSL_CIPHER *)sk_value(pref,j); 890 ret=sk_SSL_CIPHER_value(pref,j);
728 break; 891 break;
729 } 892 }
730 } 893 }
731 return(ret); 894 return(ret);
732 } 895 }
733 896
734int ssl3_get_req_cert_type(s,p) 897int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
735SSL *s;
736unsigned char *p;
737 { 898 {
738 int ret=0; 899 int ret=0;
739 unsigned long alg; 900 unsigned long alg;
@@ -743,33 +904,34 @@ unsigned char *p;
743#ifndef NO_DH 904#ifndef NO_DH
744 if (alg & (SSL_kDHr|SSL_kEDH)) 905 if (alg & (SSL_kDHr|SSL_kEDH))
745 { 906 {
746#ifndef NO_RSA 907# ifndef NO_RSA
747 p[ret++]=SSL3_CT_RSA_FIXED_DH; 908 p[ret++]=SSL3_CT_RSA_FIXED_DH;
748#endif 909# endif
749#ifndef NO_DSA 910# ifndef NO_DSA
750 p[ret++]=SSL3_CT_DSS_FIXED_DH; 911 p[ret++]=SSL3_CT_DSS_FIXED_DH;
751#endif 912# endif
752 } 913 }
753 if ((s->version == SSL3_VERSION) && 914 if ((s->version == SSL3_VERSION) &&
754 (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) 915 (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
755 { 916 {
756#ifndef NO_RSA 917# ifndef NO_RSA
757 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; 918 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
758#endif 919# endif
759#ifndef NO_DSA 920# ifndef NO_DSA
760 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH; 921 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
761#endif 922# endif
762 } 923 }
763#endif /* !NO_DH */ 924#endif /* !NO_DH */
764#ifndef NO_RSA 925#ifndef NO_RSA
765 p[ret++]=SSL3_CT_RSA_SIGN; 926 p[ret++]=SSL3_CT_RSA_SIGN;
766#endif 927#endif
928#ifndef NO_DSA
767 p[ret++]=SSL3_CT_DSS_SIGN; 929 p[ret++]=SSL3_CT_DSS_SIGN;
930#endif
768 return(ret); 931 return(ret);
769 } 932 }
770 933
771int ssl3_shutdown(s) 934int ssl3_shutdown(SSL *s)
772SSL *s;
773 { 935 {
774 936
775 /* Don't do anything much if we have not done the handshake or 937 /* Don't do anything much if we have not done the handshake or
@@ -809,13 +971,9 @@ SSL *s;
809 return(0); 971 return(0);
810 } 972 }
811 973
812int ssl3_write(s,buf,len) 974int ssl3_write(SSL *s, const void *buf, int len)
813SSL *s;
814char *buf;
815int len;
816 { 975 {
817 int ret,n; 976 int ret,n;
818 BIO *under;
819 977
820#if 0 978#if 0
821 if (s->shutdown & SSL_SEND_SHUTDOWN) 979 if (s->shutdown & SSL_SEND_SHUTDOWN)
@@ -838,7 +996,7 @@ int len;
838 if (s->s3->delay_buf_pop_ret == 0) 996 if (s->s3->delay_buf_pop_ret == 0)
839 { 997 {
840 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, 998 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
841 (char *)buf,len); 999 buf,len);
842 if (ret <= 0) return(ret); 1000 if (ret <= 0) return(ret);
843 1001
844 s->s3->delay_buf_pop_ret=ret; 1002 s->s3->delay_buf_pop_ret=ret;
@@ -849,30 +1007,24 @@ int len;
849 if (n <= 0) return(n); 1007 if (n <= 0) return(n);
850 s->rwstate=SSL_NOTHING; 1008 s->rwstate=SSL_NOTHING;
851 1009
852 /* We have flushed the buffer */ 1010 /* We have flushed the buffer, so remove it */
853 under=BIO_pop(s->wbio); 1011 ssl_free_wbio_buffer(s);
854 s->wbio=under; 1012 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
855 BIO_free(s->bbio); 1013
856 s->bbio=NULL;
857 ret=s->s3->delay_buf_pop_ret; 1014 ret=s->s3->delay_buf_pop_ret;
858 s->s3->delay_buf_pop_ret=0; 1015 s->s3->delay_buf_pop_ret=0;
859
860 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
861 } 1016 }
862 else 1017 else
863 { 1018 {
864 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, 1019 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
865 (char *)buf,len); 1020 buf,len);
866 if (ret <= 0) return(ret); 1021 if (ret <= 0) return(ret);
867 } 1022 }
868 1023
869 return(ret); 1024 return(ret);
870 } 1025 }
871 1026
872int ssl3_read(s,buf,len) 1027int ssl3_read(SSL *s, void *buf, int len)
873SSL *s;
874char *buf;
875int len;
876 { 1028 {
877 int ret; 1029 int ret;
878 1030
@@ -894,10 +1046,7 @@ int len;
894 return(ret); 1046 return(ret);
895 } 1047 }
896 1048
897int ssl3_peek(s,buf,len) 1049int ssl3_peek(SSL *s, char *buf, int len)
898SSL *s;
899char *buf;
900int len;
901 { 1050 {
902 SSL3_RECORD *rr; 1051 SSL3_RECORD *rr;
903 int n; 1052 int n;
@@ -919,8 +1068,7 @@ int len;
919 return(n); 1068 return(n);
920 } 1069 }
921 1070
922int ssl3_renegotiate(s) 1071int ssl3_renegotiate(SSL *s)
923SSL *s;
924 { 1072 {
925 if (s->handshake_func == NULL) 1073 if (s->handshake_func == NULL)
926 return(1); 1074 return(1);
@@ -932,8 +1080,7 @@ SSL *s;
932 return(1); 1080 return(1);
933 } 1081 }
934 1082
935int ssl3_renegotiate_check(s) 1083int ssl3_renegotiate_check(SSL *s)
936SSL *s;
937 { 1084 {
938 int ret=0; 1085 int ret=0;
939 1086
@@ -958,4 +1105,3 @@ need to go to SSL_ST_ACCEPT.
958 return(ret); 1105 return(ret);
959 } 1106 }
960 1107
961
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-25 14:53:50 +0000