summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
authorryker <>1998-10-05 20:13:14 +0000
committerryker <>1998-10-05 20:13:14 +0000
commitaeeae06a79815dc190061534d47236cec09f9e32 (patch)
tree851692b9c2f9c04f077666855641900f19fdb217 /src/lib/libssl/s3_lib.c
parenta4f79641824cbf9f60ca9d1168d1fcc46717a82a (diff)
downloadopenbsd-aeeae06a79815dc190061534d47236cec09f9e32.tar.gz
openbsd-aeeae06a79815dc190061534d47236cec09f9e32.tar.bz2
openbsd-aeeae06a79815dc190061534d47236cec09f9e32.zip
Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build
functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
-rw-r--r--src/lib/libssl/s3_lib.c961
1 files changed, 961 insertions, 0 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
new file mode 100644
index 0000000000..0fd945025d
--- /dev/null
+++ b/src/lib/libssl/s3_lib.c
@@ -0,0 +1,961 @@
1/* ssl/s3_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "objects.h"
61#include "ssl_locl.h"
62
63char *ssl3_version_str="SSLv3 part of SSLeay 0.9.0b 29-Jun-1998";
64
65#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
66
67#ifndef NOPROTO
68static long ssl3_default_timeout(void );
69#else
70static long ssl3_default_timeout();
71#endif
72
73SSL_CIPHER ssl3_ciphers[]={
74/* The RSA ciphers */
75/* Cipher 01 */
76 {
77 1,
78 SSL3_TXT_RSA_NULL_MD5,
79 SSL3_CK_RSA_NULL_MD5,
80 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3,
81 0,
82 SSL_ALL_CIPHERS,
83 },
84/* Cipher 02 */
85 {
86 1,
87 SSL3_TXT_RSA_NULL_SHA,
88 SSL3_CK_RSA_NULL_SHA,
89 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
90 0,
91 SSL_ALL_CIPHERS,
92 },
93
94/* anon DH */
95/* Cipher 17 */
96 {
97 1,
98 SSL3_TXT_ADH_RC4_40_MD5,
99 SSL3_CK_ADH_RC4_40_MD5,
100 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_EXP|SSL_SSLV3,
101 0,
102 SSL_ALL_CIPHERS,
103 },
104/* Cipher 18 */
105 {
106 1,
107 SSL3_TXT_ADH_RC4_128_MD5,
108 SSL3_CK_ADH_RC4_128_MD5,
109 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3,
110 0,
111 SSL_ALL_CIPHERS,
112 },
113/* Cipher 19 */
114 {
115 1,
116 SSL3_TXT_ADH_DES_40_CBC_SHA,
117 SSL3_CK_ADH_DES_40_CBC_SHA,
118 SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
119 0,
120 SSL_ALL_CIPHERS,
121 },
122/* Cipher 1A */
123 {
124 1,
125 SSL3_TXT_ADH_DES_64_CBC_SHA,
126 SSL3_CK_ADH_DES_64_CBC_SHA,
127 SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
128 0,
129 SSL_ALL_CIPHERS,
130 },
131/* Cipher 1B */
132 {
133 1,
134 SSL3_TXT_ADH_DES_192_CBC_SHA,
135 SSL3_CK_ADH_DES_192_CBC_SHA,
136 SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
137 0,
138 SSL_ALL_CIPHERS,
139 },
140
141/* RSA again */
142/* Cipher 03 */
143 {
144 1,
145 SSL3_TXT_RSA_RC4_40_MD5,
146 SSL3_CK_RSA_RC4_40_MD5,
147 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_EXP|SSL_SSLV3,
148 0,
149 SSL_ALL_CIPHERS,
150 },
151/* Cipher 04 */
152 {
153 1,
154 SSL3_TXT_RSA_RC4_128_MD5,
155 SSL3_CK_RSA_RC4_128_MD5,
156 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
157 0,
158 SSL_ALL_CIPHERS,
159 },
160/* Cipher 05 */
161 {
162 1,
163 SSL3_TXT_RSA_RC4_128_SHA,
164 SSL3_CK_RSA_RC4_128_SHA,
165 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
166 0,
167 SSL_ALL_CIPHERS,
168 },
169/* Cipher 06 */
170 {
171 1,
172 SSL3_TXT_RSA_RC2_40_MD5,
173 SSL3_CK_RSA_RC2_40_MD5,
174 SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_EXP|SSL_SSLV3,
175 0,
176 SSL_ALL_CIPHERS,
177 },
178/* Cipher 07 */
179 {
180 1,
181 SSL3_TXT_RSA_IDEA_128_SHA,
182 SSL3_CK_RSA_IDEA_128_SHA,
183 SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
184 0,
185 SSL_ALL_CIPHERS,
186 },
187/* Cipher 08 */
188 {
189 1,
190 SSL3_TXT_RSA_DES_40_CBC_SHA,
191 SSL3_CK_RSA_DES_40_CBC_SHA,
192 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
193 0,
194 SSL_ALL_CIPHERS,
195 },
196/* Cipher 09 */
197 {
198 1,
199 SSL3_TXT_RSA_DES_64_CBC_SHA,
200 SSL3_CK_RSA_DES_64_CBC_SHA,
201 SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
202 0,
203 SSL_ALL_CIPHERS,
204 },
205/* Cipher 0A */
206 {
207 1,
208 SSL3_TXT_RSA_DES_192_CBC3_SHA,
209 SSL3_CK_RSA_DES_192_CBC3_SHA,
210 SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
211 0,
212 SSL_ALL_CIPHERS,
213 },
214
215/* The DH ciphers */
216/* Cipher 0B */
217 {
218 0,
219 SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
220 SSL3_CK_DH_DSS_DES_40_CBC_SHA,
221 SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
222 0,
223 SSL_ALL_CIPHERS,
224 },
225/* Cipher 0C */
226 {
227 0,
228 SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
229 SSL3_CK_DH_DSS_DES_64_CBC_SHA,
230 SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
231 0,
232 SSL_ALL_CIPHERS,
233 },
234/* Cipher 0D */
235 {
236 0,
237 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
238 SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
239 SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
240 0,
241 SSL_ALL_CIPHERS,
242 },
243/* Cipher 0E */
244 {
245 0,
246 SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
247 SSL3_CK_DH_RSA_DES_40_CBC_SHA,
248 SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
249 0,
250 SSL_ALL_CIPHERS,
251 },
252/* Cipher 0F */
253 {
254 0,
255 SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
256 SSL3_CK_DH_RSA_DES_64_CBC_SHA,
257 SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
258 0,
259 SSL_ALL_CIPHERS,
260 },
261/* Cipher 10 */
262 {
263 0,
264 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
265 SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
266 SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
267 0,
268 SSL_ALL_CIPHERS,
269 },
270
271/* The Ephemeral DH ciphers */
272/* Cipher 11 */
273 {
274 1,
275 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
276 SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
277 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
278 0,
279 SSL_ALL_CIPHERS,
280 },
281/* Cipher 12 */
282 {
283 1,
284 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
285 SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
286 SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
287 0,
288 SSL_ALL_CIPHERS,
289 },
290/* Cipher 13 */
291 {
292 1,
293 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
294 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
295 SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
296 0,
297 SSL_ALL_CIPHERS,
298 },
299/* Cipher 14 */
300 {
301 1,
302 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
303 SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
304 SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
305 0,
306 SSL_ALL_CIPHERS,
307 },
308/* Cipher 15 */
309 {
310 1,
311 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
312 SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
313 SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
314 0,
315 SSL_ALL_CIPHERS,
316 },
317/* Cipher 16 */
318 {
319 1,
320 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
321 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
322 SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
323 0,
324 SSL_ALL_CIPHERS,
325 },
326
327/* Fortezza */
328/* Cipher 1C */
329 {
330 0,
331 SSL3_TXT_FZA_DMS_NULL_SHA,
332 SSL3_CK_FZA_DMS_NULL_SHA,
333 SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
334 0,
335 SSL_ALL_CIPHERS,
336 },
337
338/* Cipher 1D */
339 {
340 0,
341 SSL3_TXT_FZA_DMS_FZA_SHA,
342 SSL3_CK_FZA_DMS_FZA_SHA,
343 SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
344 0,
345 SSL_ALL_CIPHERS,
346 },
347
348/* Cipher 1E */
349 {
350 0,
351 SSL3_TXT_FZA_DMS_RC4_SHA,
352 SSL3_CK_FZA_DMS_RC4_SHA,
353 SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
354 0,
355 SSL_ALL_CIPHERS,
356 },
357
358/* end of list */
359 };
360
361static SSL3_ENC_METHOD SSLv3_enc_data={
362 ssl3_enc,
363 ssl3_mac,
364 ssl3_setup_key_block,
365 ssl3_generate_master_secret,
366 ssl3_change_cipher_state,
367 ssl3_final_finish_mac,
368 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
369 ssl3_cert_verify_mac,
370 SSL3_MD_CLIENT_FINISHED_CONST,4,
371 SSL3_MD_SERVER_FINISHED_CONST,4,
372 ssl3_alert_code,
373 };
374
375static SSL_METHOD SSLv3_data= {
376 SSL3_VERSION,
377 ssl3_new,
378 ssl3_clear,
379 ssl3_free,
380 ssl_undefined_function,
381 ssl_undefined_function,
382 ssl3_read,
383 ssl3_peek,
384 ssl3_write,
385 ssl3_shutdown,
386 ssl3_renegotiate,
387 ssl3_ctrl,
388 ssl3_ctx_ctrl,
389 ssl3_get_cipher_by_char,
390 ssl3_put_cipher_by_char,
391 ssl3_pending,
392 ssl3_num_ciphers,
393 ssl3_get_cipher,
394 ssl_bad_method,
395 ssl3_default_timeout,
396 &SSLv3_enc_data,
397 };
398
399static long ssl3_default_timeout()
400 {
401 /* 2 hours, the 24 hours mentioned in the SSLv3 spec
402 * is way too long for http, the cache would over fill */
403 return(60*60*2);
404 }
405
406SSL_METHOD *sslv3_base_method()
407 {
408 return(&SSLv3_data);
409 }
410
411int ssl3_num_ciphers()
412 {
413 return(SSL3_NUM_CIPHERS);
414 }
415
416SSL_CIPHER *ssl3_get_cipher(u)
417unsigned int u;
418 {
419 if (u < SSL3_NUM_CIPHERS)
420 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
421 else
422 return(NULL);
423 }
424
425/* The problem is that it may not be the correct record type */
426int ssl3_pending(s)
427SSL *s;
428 {
429 return(s->s3->rrec.length);
430 }
431
432int ssl3_new(s)
433SSL *s;
434 {
435 SSL3_CTX *s3;
436
437 if ((s3=(SSL3_CTX *)Malloc(sizeof(SSL3_CTX))) == NULL) goto err;
438 memset(s3,0,sizeof(SSL3_CTX));
439
440 s->s3=s3;
441 /*
442 s->s3->tmp.ca_names=NULL;
443 s->s3->tmp.key_block=NULL;
444 s->s3->tmp.key_block_length=0;
445 s->s3->rbuf.buf=NULL;
446 s->s3->wbuf.buf=NULL;
447 */
448
449 s->method->ssl_clear(s);
450 return(1);
451err:
452 return(0);
453 }
454
455void ssl3_free(s)
456SSL *s;
457 {
458 ssl3_cleanup_key_block(s);
459 if (s->s3->rbuf.buf != NULL)
460 Free(s->s3->rbuf.buf);
461 if (s->s3->wbuf.buf != NULL)
462 Free(s->s3->wbuf.buf);
463#ifndef NO_DH
464 if (s->s3->tmp.dh != NULL)
465 DH_free(s->s3->tmp.dh);
466#endif
467 if (s->s3->tmp.ca_names != NULL)
468 sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
469 memset(s->s3,0,sizeof(SSL3_CTX));
470 Free(s->s3);
471 s->s3=NULL;
472 }
473
474void ssl3_clear(s)
475SSL *s;
476 {
477 unsigned char *rp,*wp;
478
479 ssl3_cleanup_key_block(s);
480 if (s->s3->tmp.ca_names != NULL)
481 sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
482
483 rp=s->s3->rbuf.buf;
484 wp=s->s3->wbuf.buf;
485
486 memset(s->s3,0,sizeof(SSL3_CTX));
487 if (rp != NULL) s->s3->rbuf.buf=rp;
488 if (wp != NULL) s->s3->wbuf.buf=wp;
489 s->packet_length=0;
490 s->s3->renegotiate=0;
491 s->s3->total_renegotiations=0;
492 s->s3->num_renegotiations=0;
493 s->s3->in_read_app_data=0;
494 s->version=SSL3_VERSION;
495 }
496
497long ssl3_ctrl(s,cmd,larg,parg)
498SSL *s;
499int cmd;
500long larg;
501char *parg;
502 {
503 int ret=0;
504
505 switch (cmd)
506 {
507 case SSL_CTRL_GET_SESSION_REUSED:
508 ret=s->hit;
509 break;
510 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
511 break;
512 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
513 ret=s->s3->num_renegotiations;
514 break;
515 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
516 ret=s->s3->num_renegotiations;
517 s->s3->num_renegotiations=0;
518 break;
519 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
520 ret=s->s3->total_renegotiations;
521 break;
522 default:
523 break;
524 }
525 return(ret);
526 }
527
528long ssl3_ctx_ctrl(ctx,cmd,larg,parg)
529SSL_CTX *ctx;
530int cmd;
531long larg;
532char *parg;
533 {
534 CERT *cert;
535
536 cert=ctx->default_cert;
537
538 switch (cmd)
539 {
540#ifndef NO_RSA
541 case SSL_CTRL_NEED_TMP_RSA:
542 if ( (cert->rsa_tmp == NULL) &&
543 ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
544 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
545 )
546 return(1);
547 else
548 return(0);
549 break;
550 case SSL_CTRL_SET_TMP_RSA:
551 {
552 RSA *rsa;
553 int i;
554
555 rsa=(RSA *)parg;
556 i=1;
557 if (rsa == NULL)
558 i=0;
559 else
560 {
561 if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
562 i=0;
563 }
564 if (!i)
565 {
566 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
567 return(0);
568 }
569 else
570 {
571 if (cert->rsa_tmp != NULL)
572 RSA_free(cert->rsa_tmp);
573 cert->rsa_tmp=rsa;
574 return(1);
575 }
576 }
577 break;
578 case SSL_CTRL_SET_TMP_RSA_CB:
579 cert->rsa_tmp_cb=(RSA *(*)())parg;
580 break;
581#endif
582#ifndef NO_DH
583 case SSL_CTRL_SET_TMP_DH:
584 {
585 DH *new=NULL,*dh;
586
587 dh=(DH *)parg;
588 if ( ((new=DHparams_dup(dh)) == NULL) ||
589 (!DH_generate_key(new)))
590 {
591 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
592 if (new != NULL) DH_free(new);
593 return(0);
594 }
595 else
596 {
597 if (cert->dh_tmp != NULL)
598 DH_free(cert->dh_tmp);
599 cert->dh_tmp=new;
600 return(1);
601 }
602 }
603 break;
604 case SSL_CTRL_SET_TMP_DH_CB:
605 cert->dh_tmp_cb=(DH *(*)())parg;
606 break;
607#endif
608 default:
609 return(0);
610 }
611 return(1);
612 }
613
614/* This function needs to check if the ciphers required are actually
615 * available */
616SSL_CIPHER *ssl3_get_cipher_by_char(p)
617unsigned char *p;
618 {
619 static int init=1;
620 static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
621 SSL_CIPHER c,*cp= &c,**cpp;
622 unsigned long id;
623 int i;
624
625 if (init)
626 {
627 init=0;
628
629 for (i=0; i<SSL3_NUM_CIPHERS; i++)
630 sorted[i]= &(ssl3_ciphers[i]);
631
632 qsort( (char *)sorted,
633 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
634 FP_ICC ssl_cipher_ptr_id_cmp);
635 }
636
637 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
638 c.id=id;
639 cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
640 (char *)sorted,
641 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
642 (int (*)())ssl_cipher_ptr_id_cmp);
643 if ((cpp == NULL) || !(*cpp)->valid)
644 return(NULL);
645 else
646 return(*cpp);
647 }
648
649int ssl3_put_cipher_by_char(c,p)
650SSL_CIPHER *c;
651unsigned char *p;
652 {
653 long l;
654
655 if (p != NULL)
656 {
657 l=c->id;
658 if ((l & 0xff000000) != 0x03000000) return(0);
659 p[0]=((unsigned char)(l>> 8L))&0xFF;
660 p[1]=((unsigned char)(l ))&0xFF;
661 }
662 return(2);
663 }
664
665int ssl3_part_read(s,i)
666SSL *s;
667int i;
668 {
669 s->rwstate=SSL_READING;
670
671 if (i < 0)
672 {
673 return(i);
674 }
675 else
676 {
677 s->init_num+=i;
678 return(0);
679 }
680 }
681
682SSL_CIPHER *ssl3_choose_cipher(s,have,pref)
683SSL *s;
684STACK *have,*pref;
685 {
686 SSL_CIPHER *c,*ret=NULL;
687 int i,j,ok;
688 CERT *cert;
689 unsigned long alg,mask,emask;
690
691 /* Lets see which ciphers we can supported */
692 if (s->cert != NULL)
693 cert=s->cert;
694 else
695 cert=s->ctx->default_cert;
696
697 ssl_set_cert_masks(cert);
698 mask=cert->mask;
699 emask=cert->export_mask;
700
701 sk_set_cmp_func(pref,ssl_cipher_ptr_id_cmp);
702
703 for (i=0; i<sk_num(have); i++)
704 {
705 c=(SSL_CIPHER *)sk_value(have,i);
706 alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
707 if (alg & SSL_EXPORT)
708 {
709 ok=((alg & emask) == alg)?1:0;
710#ifdef CIPHER_DEBUG
711 printf("%d:[%08lX:%08lX]%s\n",ok,alg,mask,c->name);
712#endif
713 }
714 else
715 {
716 ok=((alg & mask) == alg)?1:0;
717#ifdef CIPHER_DEBUG
718 printf("%d:[%08lX:%08lX]%s\n",ok,alg,mask,c->name);
719#endif
720 }
721
722 if (!ok) continue;
723
724 j=sk_find(pref,(char *)c);
725 if (j >= 0)
726 {
727 ret=(SSL_CIPHER *)sk_value(pref,j);
728 break;
729 }
730 }
731 return(ret);
732 }
733
734int ssl3_get_req_cert_type(s,p)
735SSL *s;
736unsigned char *p;
737 {
738 int ret=0;
739 unsigned long alg;
740
741 alg=s->s3->tmp.new_cipher->algorithms;
742
743#ifndef NO_DH
744 if (alg & (SSL_kDHr|SSL_kEDH))
745 {
746#ifndef NO_RSA
747 p[ret++]=SSL3_CT_RSA_FIXED_DH;
748#endif
749#ifndef NO_DSA
750 p[ret++]=SSL3_CT_DSS_FIXED_DH;
751#endif
752 }
753 if ((s->version == SSL3_VERSION) &&
754 (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
755 {
756#ifndef NO_RSA
757 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
758#endif
759#ifndef NO_DSA
760 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
761#endif
762 }
763#endif /* !NO_DH */
764#ifndef NO_RSA
765 p[ret++]=SSL3_CT_RSA_SIGN;
766#endif
767 p[ret++]=SSL3_CT_DSS_SIGN;
768 return(ret);
769 }
770
771int ssl3_shutdown(s)
772SSL *s;
773 {
774
775 /* Don't do anything much if we have not done the handshake or
776 * we don't want to send messages :-) */
777 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
778 {
779 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
780 return(1);
781 }
782
783 if (!(s->shutdown & SSL_SENT_SHUTDOWN))
784 {
785 s->shutdown|=SSL_SENT_SHUTDOWN;
786#if 1
787 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
788#endif
789 /* our shutdown alert has been sent now, and if it still needs
790 * to be written, s->s3->alert_dispatch will be true */
791 }
792 else if (s->s3->alert_dispatch)
793 {
794 /* resend it if not sent */
795#if 1
796 ssl3_dispatch_alert(s);
797#endif
798 }
799 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
800 {
801 /* If we are waiting for a close from our peer, we are closed */
802 ssl3_read_bytes(s,0,NULL,0);
803 }
804
805 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
806 !s->s3->alert_dispatch)
807 return(1);
808 else
809 return(0);
810 }
811
812int ssl3_write(s,buf,len)
813SSL *s;
814char *buf;
815int len;
816 {
817 int ret,n;
818 BIO *under;
819
820#if 0
821 if (s->shutdown & SSL_SEND_SHUTDOWN)
822 {
823 s->rwstate=SSL_NOTHING;
824 return(0);
825 }
826#endif
827 clear_sys_error();
828 if (s->s3->renegotiate) ssl3_renegotiate_check(s);
829
830 /* This is an experimental flag that sends the
831 * last handshake message in the same packet as the first
832 * use data - used to see if it helps the TCP protocol during
833 * session-id reuse */
834 /* The second test is because the buffer may have been removed */
835 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
836 {
837 /* First time through, we write into the buffer */
838 if (s->s3->delay_buf_pop_ret == 0)
839 {
840 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
841 (char *)buf,len);
842 if (ret <= 0) return(ret);
843
844 s->s3->delay_buf_pop_ret=ret;
845 }
846
847 s->rwstate=SSL_WRITING;
848 n=BIO_flush(s->wbio);
849 if (n <= 0) return(n);
850 s->rwstate=SSL_NOTHING;
851
852 /* We have flushed the buffer */
853 under=BIO_pop(s->wbio);
854 s->wbio=under;
855 BIO_free(s->bbio);
856 s->bbio=NULL;
857 ret=s->s3->delay_buf_pop_ret;
858 s->s3->delay_buf_pop_ret=0;
859
860 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
861 }
862 else
863 {
864 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
865 (char *)buf,len);
866 if (ret <= 0) return(ret);
867 }
868
869 return(ret);
870 }
871
872int ssl3_read(s,buf,len)
873SSL *s;
874char *buf;
875int len;
876 {
877 int ret;
878
879 clear_sys_error();
880 if (s->s3->renegotiate) ssl3_renegotiate_check(s);
881 s->s3->in_read_app_data=1;
882 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
883 if ((ret == -1) && (s->s3->in_read_app_data == 0))
884 {
885 ERR_get_error(); /* clear the error */
886 s->s3->in_read_app_data=0;
887 s->in_handshake++;
888 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
889 s->in_handshake--;
890 }
891 else
892 s->s3->in_read_app_data=0;
893
894 return(ret);
895 }
896
897int ssl3_peek(s,buf,len)
898SSL *s;
899char *buf;
900int len;
901 {
902 SSL3_RECORD *rr;
903 int n;
904
905 rr= &(s->s3->rrec);
906 if ((rr->length == 0) || (rr->type != SSL3_RT_APPLICATION_DATA))
907 {
908 n=ssl3_read(s,buf,1);
909 if (n <= 0) return(n);
910 rr->length++;
911 rr->off--;
912 }
913
914 if ((unsigned int)len > rr->length)
915 n=rr->length;
916 else
917 n=len;
918 memcpy(buf,&(rr->data[rr->off]),(unsigned int)n);
919 return(n);
920 }
921
922int ssl3_renegotiate(s)
923SSL *s;
924 {
925 if (s->handshake_func == NULL)
926 return(1);
927
928 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
929 return(0);
930
931 s->s3->renegotiate=1;
932 return(1);
933 }
934
935int ssl3_renegotiate_check(s)
936SSL *s;
937 {
938 int ret=0;
939
940 if (s->s3->renegotiate)
941 {
942 if ( (s->s3->rbuf.left == 0) &&
943 (s->s3->wbuf.left == 0) &&
944 !SSL_in_init(s))
945 {
946/*
947if we are the server, and we have sent a 'RENEGOTIATE' message, we
948need to go to SSL_ST_ACCEPT.
949*/
950 /* SSL_ST_ACCEPT */
951 s->state=SSL_ST_RENEGOTIATE;
952 s->s3->renegotiate=0;
953 s->s3->num_renegotiations++;
954 s->s3->total_renegotiations++;
955 ret=1;
956 }
957 }
958 return(ret);
959 }
960
961
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 07:04:16 +0000