summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
-rw-r--r--src/lib/libssl/s3_lib.c1139
1 files changed, 929 insertions, 210 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 0fd945025d..686992406c 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -55,40 +55,99 @@
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
58 111
59#include <stdio.h> 112#include <stdio.h>
60#include "objects.h" 113#include <openssl/objects.h>
61#include "ssl_locl.h" 114#include "ssl_locl.h"
115#include "kssl_lcl.h"
116#include <openssl/md5.h>
62 117
63char *ssl3_version_str="SSLv3 part of SSLeay 0.9.0b 29-Jun-1998"; 118const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
64 119
65#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) 120#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
66 121
67#ifndef NOPROTO
68static long ssl3_default_timeout(void ); 122static long ssl3_default_timeout(void );
69#else
70static long ssl3_default_timeout();
71#endif
72 123
73SSL_CIPHER ssl3_ciphers[]={ 124OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
74/* The RSA ciphers */ 125/* The RSA ciphers */
75/* Cipher 01 */ 126/* Cipher 01 */
76 { 127 {
77 1, 128 1,
78 SSL3_TXT_RSA_NULL_MD5, 129 SSL3_TXT_RSA_NULL_MD5,
79 SSL3_CK_RSA_NULL_MD5, 130 SSL3_CK_RSA_NULL_MD5,
80 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3, 131 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
132 SSL_NOT_EXP,
133 0,
134 0,
81 0, 135 0,
82 SSL_ALL_CIPHERS, 136 SSL_ALL_CIPHERS,
137 SSL_ALL_STRENGTHS,
83 }, 138 },
84/* Cipher 02 */ 139/* Cipher 02 */
85 { 140 {
86 1, 141 1,
87 SSL3_TXT_RSA_NULL_SHA, 142 SSL3_TXT_RSA_NULL_SHA,
88 SSL3_CK_RSA_NULL_SHA, 143 SSL3_CK_RSA_NULL_SHA,
89 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, 144 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
145 SSL_NOT_EXP,
146 0,
147 0,
90 0, 148 0,
91 SSL_ALL_CIPHERS, 149 SSL_ALL_CIPHERS,
150 SSL_ALL_STRENGTHS,
92 }, 151 },
93 152
94/* anon DH */ 153/* anon DH */
@@ -97,45 +156,65 @@ SSL_CIPHER ssl3_ciphers[]={
97 1, 156 1,
98 SSL3_TXT_ADH_RC4_40_MD5, 157 SSL3_TXT_ADH_RC4_40_MD5,
99 SSL3_CK_ADH_RC4_40_MD5, 158 SSL3_CK_ADH_RC4_40_MD5,
100 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_EXP|SSL_SSLV3, 159 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
160 SSL_EXPORT|SSL_EXP40,
101 0, 161 0,
162 40,
163 128,
102 SSL_ALL_CIPHERS, 164 SSL_ALL_CIPHERS,
165 SSL_ALL_STRENGTHS,
103 }, 166 },
104/* Cipher 18 */ 167/* Cipher 18 */
105 { 168 {
106 1, 169 1,
107 SSL3_TXT_ADH_RC4_128_MD5, 170 SSL3_TXT_ADH_RC4_128_MD5,
108 SSL3_CK_ADH_RC4_128_MD5, 171 SSL3_CK_ADH_RC4_128_MD5,
109 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3, 172 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
173 SSL_NOT_EXP|SSL_MEDIUM,
110 0, 174 0,
175 128,
176 128,
111 SSL_ALL_CIPHERS, 177 SSL_ALL_CIPHERS,
178 SSL_ALL_STRENGTHS,
112 }, 179 },
113/* Cipher 19 */ 180/* Cipher 19 */
114 { 181 {
115 1, 182 1,
116 SSL3_TXT_ADH_DES_40_CBC_SHA, 183 SSL3_TXT_ADH_DES_40_CBC_SHA,
117 SSL3_CK_ADH_DES_40_CBC_SHA, 184 SSL3_CK_ADH_DES_40_CBC_SHA,
118 SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, 185 SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
186 SSL_EXPORT|SSL_EXP40,
119 0, 187 0,
188 40,
189 128,
120 SSL_ALL_CIPHERS, 190 SSL_ALL_CIPHERS,
191 SSL_ALL_STRENGTHS,
121 }, 192 },
122/* Cipher 1A */ 193/* Cipher 1A */
123 { 194 {
124 1, 195 1,
125 SSL3_TXT_ADH_DES_64_CBC_SHA, 196 SSL3_TXT_ADH_DES_64_CBC_SHA,
126 SSL3_CK_ADH_DES_64_CBC_SHA, 197 SSL3_CK_ADH_DES_64_CBC_SHA,
127 SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, 198 SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3,
199 SSL_NOT_EXP|SSL_LOW,
128 0, 200 0,
201 56,
202 56,
129 SSL_ALL_CIPHERS, 203 SSL_ALL_CIPHERS,
204 SSL_ALL_STRENGTHS,
130 }, 205 },
131/* Cipher 1B */ 206/* Cipher 1B */
132 { 207 {
133 1, 208 1,
134 SSL3_TXT_ADH_DES_192_CBC_SHA, 209 SSL3_TXT_ADH_DES_192_CBC_SHA,
135 SSL3_CK_ADH_DES_192_CBC_SHA, 210 SSL3_CK_ADH_DES_192_CBC_SHA,
136 SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, 211 SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
212 SSL_NOT_EXP|SSL_HIGH,
137 0, 213 0,
214 168,
215 168,
138 SSL_ALL_CIPHERS, 216 SSL_ALL_CIPHERS,
217 SSL_ALL_STRENGTHS,
139 }, 218 },
140 219
141/* RSA again */ 220/* RSA again */
@@ -144,72 +223,104 @@ SSL_CIPHER ssl3_ciphers[]={
144 1, 223 1,
145 SSL3_TXT_RSA_RC4_40_MD5, 224 SSL3_TXT_RSA_RC4_40_MD5,
146 SSL3_CK_RSA_RC4_40_MD5, 225 SSL3_CK_RSA_RC4_40_MD5,
147 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_EXP|SSL_SSLV3, 226 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
227 SSL_EXPORT|SSL_EXP40,
148 0, 228 0,
229 40,
230 128,
149 SSL_ALL_CIPHERS, 231 SSL_ALL_CIPHERS,
232 SSL_ALL_STRENGTHS,
150 }, 233 },
151/* Cipher 04 */ 234/* Cipher 04 */
152 { 235 {
153 1, 236 1,
154 SSL3_TXT_RSA_RC4_128_MD5, 237 SSL3_TXT_RSA_RC4_128_MD5,
155 SSL3_CK_RSA_RC4_128_MD5, 238 SSL3_CK_RSA_RC4_128_MD5,
156 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, 239 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_SSLV3,
240 SSL_NOT_EXP|SSL_MEDIUM,
157 0, 241 0,
242 128,
243 128,
158 SSL_ALL_CIPHERS, 244 SSL_ALL_CIPHERS,
245 SSL_ALL_STRENGTHS,
159 }, 246 },
160/* Cipher 05 */ 247/* Cipher 05 */
161 { 248 {
162 1, 249 1,
163 SSL3_TXT_RSA_RC4_128_SHA, 250 SSL3_TXT_RSA_RC4_128_SHA,
164 SSL3_CK_RSA_RC4_128_SHA, 251 SSL3_CK_RSA_RC4_128_SHA,
165 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, 252 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3,
253 SSL_NOT_EXP|SSL_MEDIUM,
166 0, 254 0,
255 128,
256 128,
167 SSL_ALL_CIPHERS, 257 SSL_ALL_CIPHERS,
258 SSL_ALL_STRENGTHS,
168 }, 259 },
169/* Cipher 06 */ 260/* Cipher 06 */
170 { 261 {
171 1, 262 1,
172 SSL3_TXT_RSA_RC2_40_MD5, 263 SSL3_TXT_RSA_RC2_40_MD5,
173 SSL3_CK_RSA_RC2_40_MD5, 264 SSL3_CK_RSA_RC2_40_MD5,
174 SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_EXP|SSL_SSLV3, 265 SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_SSLV3,
266 SSL_EXPORT|SSL_EXP40,
175 0, 267 0,
268 40,
269 128,
176 SSL_ALL_CIPHERS, 270 SSL_ALL_CIPHERS,
271 SSL_ALL_STRENGTHS,
177 }, 272 },
178/* Cipher 07 */ 273/* Cipher 07 */
179 { 274 {
180 1, 275 1,
181 SSL3_TXT_RSA_IDEA_128_SHA, 276 SSL3_TXT_RSA_IDEA_128_SHA,
182 SSL3_CK_RSA_IDEA_128_SHA, 277 SSL3_CK_RSA_IDEA_128_SHA,
183 SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, 278 SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3,
279 SSL_NOT_EXP|SSL_MEDIUM,
184 0, 280 0,
281 128,
282 128,
185 SSL_ALL_CIPHERS, 283 SSL_ALL_CIPHERS,
284 SSL_ALL_STRENGTHS,
186 }, 285 },
187/* Cipher 08 */ 286/* Cipher 08 */
188 { 287 {
189 1, 288 1,
190 SSL3_TXT_RSA_DES_40_CBC_SHA, 289 SSL3_TXT_RSA_DES_40_CBC_SHA,
191 SSL3_CK_RSA_DES_40_CBC_SHA, 290 SSL3_CK_RSA_DES_40_CBC_SHA,
192 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, 291 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
292 SSL_EXPORT|SSL_EXP40,
193 0, 293 0,
294 40,
295 56,
194 SSL_ALL_CIPHERS, 296 SSL_ALL_CIPHERS,
297 SSL_ALL_STRENGTHS,
195 }, 298 },
196/* Cipher 09 */ 299/* Cipher 09 */
197 { 300 {
198 1, 301 1,
199 SSL3_TXT_RSA_DES_64_CBC_SHA, 302 SSL3_TXT_RSA_DES_64_CBC_SHA,
200 SSL3_CK_RSA_DES_64_CBC_SHA, 303 SSL3_CK_RSA_DES_64_CBC_SHA,
201 SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, 304 SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
305 SSL_NOT_EXP|SSL_LOW,
202 0, 306 0,
307 56,
308 56,
203 SSL_ALL_CIPHERS, 309 SSL_ALL_CIPHERS,
310 SSL_ALL_STRENGTHS,
204 }, 311 },
205/* Cipher 0A */ 312/* Cipher 0A */
206 { 313 {
207 1, 314 1,
208 SSL3_TXT_RSA_DES_192_CBC3_SHA, 315 SSL3_TXT_RSA_DES_192_CBC3_SHA,
209 SSL3_CK_RSA_DES_192_CBC3_SHA, 316 SSL3_CK_RSA_DES_192_CBC3_SHA,
210 SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, 317 SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
318 SSL_NOT_EXP|SSL_HIGH,
211 0, 319 0,
320 168,
321 168,
212 SSL_ALL_CIPHERS, 322 SSL_ALL_CIPHERS,
323 SSL_ALL_STRENGTHS,
213 }, 324 },
214 325
215/* The DH ciphers */ 326/* The DH ciphers */
@@ -218,54 +329,78 @@ SSL_CIPHER ssl3_ciphers[]={
218 0, 329 0,
219 SSL3_TXT_DH_DSS_DES_40_CBC_SHA, 330 SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
220 SSL3_CK_DH_DSS_DES_40_CBC_SHA, 331 SSL3_CK_DH_DSS_DES_40_CBC_SHA,
221 SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, 332 SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
333 SSL_EXPORT|SSL_EXP40,
222 0, 334 0,
335 40,
336 56,
223 SSL_ALL_CIPHERS, 337 SSL_ALL_CIPHERS,
338 SSL_ALL_STRENGTHS,
224 }, 339 },
225/* Cipher 0C */ 340/* Cipher 0C */
226 { 341 {
227 0, 342 0,
228 SSL3_TXT_DH_DSS_DES_64_CBC_SHA, 343 SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
229 SSL3_CK_DH_DSS_DES_64_CBC_SHA, 344 SSL3_CK_DH_DSS_DES_64_CBC_SHA,
230 SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, 345 SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
346 SSL_NOT_EXP|SSL_LOW,
231 0, 347 0,
348 56,
349 56,
232 SSL_ALL_CIPHERS, 350 SSL_ALL_CIPHERS,
351 SSL_ALL_STRENGTHS,
233 }, 352 },
234/* Cipher 0D */ 353/* Cipher 0D */
235 { 354 {
236 0, 355 0,
237 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, 356 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
238 SSL3_CK_DH_DSS_DES_192_CBC3_SHA, 357 SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
239 SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, 358 SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
359 SSL_NOT_EXP|SSL_HIGH,
240 0, 360 0,
361 168,
362 168,
241 SSL_ALL_CIPHERS, 363 SSL_ALL_CIPHERS,
364 SSL_ALL_STRENGTHS,
242 }, 365 },
243/* Cipher 0E */ 366/* Cipher 0E */
244 { 367 {
245 0, 368 0,
246 SSL3_TXT_DH_RSA_DES_40_CBC_SHA, 369 SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
247 SSL3_CK_DH_RSA_DES_40_CBC_SHA, 370 SSL3_CK_DH_RSA_DES_40_CBC_SHA,
248 SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, 371 SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
372 SSL_EXPORT|SSL_EXP40,
249 0, 373 0,
374 40,
375 56,
250 SSL_ALL_CIPHERS, 376 SSL_ALL_CIPHERS,
377 SSL_ALL_STRENGTHS,
251 }, 378 },
252/* Cipher 0F */ 379/* Cipher 0F */
253 { 380 {
254 0, 381 0,
255 SSL3_TXT_DH_RSA_DES_64_CBC_SHA, 382 SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
256 SSL3_CK_DH_RSA_DES_64_CBC_SHA, 383 SSL3_CK_DH_RSA_DES_64_CBC_SHA,
257 SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, 384 SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
385 SSL_NOT_EXP|SSL_LOW,
258 0, 386 0,
387 56,
388 56,
259 SSL_ALL_CIPHERS, 389 SSL_ALL_CIPHERS,
390 SSL_ALL_STRENGTHS,
260 }, 391 },
261/* Cipher 10 */ 392/* Cipher 10 */
262 { 393 {
263 0, 394 0,
264 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, 395 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
265 SSL3_CK_DH_RSA_DES_192_CBC3_SHA, 396 SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
266 SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, 397 SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
398 SSL_NOT_EXP|SSL_HIGH,
267 0, 399 0,
400 168,
401 168,
268 SSL_ALL_CIPHERS, 402 SSL_ALL_CIPHERS,
403 SSL_ALL_STRENGTHS,
269 }, 404 },
270 405
271/* The Ephemeral DH ciphers */ 406/* The Ephemeral DH ciphers */
@@ -274,54 +409,78 @@ SSL_CIPHER ssl3_ciphers[]={
274 1, 409 1,
275 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 410 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
276 SSL3_CK_EDH_DSS_DES_40_CBC_SHA, 411 SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
277 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, 412 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
413 SSL_EXPORT|SSL_EXP40,
278 0, 414 0,
415 40,
416 56,
279 SSL_ALL_CIPHERS, 417 SSL_ALL_CIPHERS,
418 SSL_ALL_STRENGTHS,
280 }, 419 },
281/* Cipher 12 */ 420/* Cipher 12 */
282 { 421 {
283 1, 422 1,
284 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 423 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
285 SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 424 SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
286 SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, 425 SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3,
426 SSL_NOT_EXP|SSL_LOW,
287 0, 427 0,
428 56,
429 56,
288 SSL_ALL_CIPHERS, 430 SSL_ALL_CIPHERS,
431 SSL_ALL_STRENGTHS,
289 }, 432 },
290/* Cipher 13 */ 433/* Cipher 13 */
291 { 434 {
292 1, 435 1,
293 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 436 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
294 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 437 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
295 SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, 438 SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
439 SSL_NOT_EXP|SSL_HIGH,
296 0, 440 0,
441 168,
442 168,
297 SSL_ALL_CIPHERS, 443 SSL_ALL_CIPHERS,
444 SSL_ALL_STRENGTHS,
298 }, 445 },
299/* Cipher 14 */ 446/* Cipher 14 */
300 { 447 {
301 1, 448 1,
302 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 449 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
303 SSL3_CK_EDH_RSA_DES_40_CBC_SHA, 450 SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
304 SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, 451 SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
452 SSL_EXPORT|SSL_EXP40,
305 0, 453 0,
454 40,
455 56,
306 SSL_ALL_CIPHERS, 456 SSL_ALL_CIPHERS,
457 SSL_ALL_STRENGTHS,
307 }, 458 },
308/* Cipher 15 */ 459/* Cipher 15 */
309 { 460 {
310 1, 461 1,
311 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 462 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
312 SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 463 SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
313 SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, 464 SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
465 SSL_NOT_EXP|SSL_LOW,
314 0, 466 0,
467 56,
468 56,
315 SSL_ALL_CIPHERS, 469 SSL_ALL_CIPHERS,
470 SSL_ALL_STRENGTHS,
316 }, 471 },
317/* Cipher 16 */ 472/* Cipher 16 */
318 { 473 {
319 1, 474 1,
320 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 475 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
321 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 476 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
322 SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, 477 SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
478 SSL_NOT_EXP|SSL_HIGH,
323 0, 479 0,
480 168,
481 168,
324 SSL_ALL_CIPHERS, 482 SSL_ALL_CIPHERS,
483 SSL_ALL_STRENGTHS,
325 }, 484 },
326 485
327/* Fortezza */ 486/* Fortezza */
@@ -330,9 +489,13 @@ SSL_CIPHER ssl3_ciphers[]={
330 0, 489 0,
331 SSL3_TXT_FZA_DMS_NULL_SHA, 490 SSL3_TXT_FZA_DMS_NULL_SHA,
332 SSL3_CK_FZA_DMS_NULL_SHA, 491 SSL3_CK_FZA_DMS_NULL_SHA,
333 SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, 492 SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
493 SSL_NOT_EXP,
494 0,
495 0,
334 0, 496 0,
335 SSL_ALL_CIPHERS, 497 SSL_ALL_CIPHERS,
498 SSL_ALL_STRENGTHS,
336 }, 499 },
337 500
338/* Cipher 1D */ 501/* Cipher 1D */
@@ -340,9 +503,13 @@ SSL_CIPHER ssl3_ciphers[]={
340 0, 503 0,
341 SSL3_TXT_FZA_DMS_FZA_SHA, 504 SSL3_TXT_FZA_DMS_FZA_SHA,
342 SSL3_CK_FZA_DMS_FZA_SHA, 505 SSL3_CK_FZA_DMS_FZA_SHA,
343 SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, 506 SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
507 SSL_NOT_EXP,
508 0,
509 0,
344 0, 510 0,
345 SSL_ALL_CIPHERS, 511 SSL_ALL_CIPHERS,
512 SSL_ALL_STRENGTHS,
346 }, 513 },
347 514
348/* Cipher 1E */ 515/* Cipher 1E */
@@ -350,10 +517,359 @@ SSL_CIPHER ssl3_ciphers[]={
350 0, 517 0,
351 SSL3_TXT_FZA_DMS_RC4_SHA, 518 SSL3_TXT_FZA_DMS_RC4_SHA,
352 SSL3_CK_FZA_DMS_RC4_SHA, 519 SSL3_CK_FZA_DMS_RC4_SHA,
353 SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, 520 SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3,
521 SSL_NOT_EXP|SSL_MEDIUM,
522 0,
523 128,
524 128,
525 SSL_ALL_CIPHERS,
526 SSL_ALL_STRENGTHS,
527 },
528
529#ifndef OPENSSL_NO_KRB5
530/* The Kerberos ciphers
531** 20000107 VRS: And the first shall be last,
532** in hopes of avoiding the lynx ssl renegotiation problem.
533*/
534/* Cipher 21 VRS */
535 {
536 1,
537 SSL3_TXT_KRB5_DES_40_CBC_SHA,
538 SSL3_CK_KRB5_DES_40_CBC_SHA,
539 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
540 SSL_EXPORT|SSL_EXP40,
541 0,
542 40,
543 56,
544 SSL_ALL_CIPHERS,
545 SSL_ALL_STRENGTHS,
546 },
547
548/* Cipher 22 VRS */
549 {
550 1,
551 SSL3_TXT_KRB5_DES_40_CBC_MD5,
552 SSL3_CK_KRB5_DES_40_CBC_MD5,
553 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3,
554 SSL_EXPORT|SSL_EXP40,
555 0,
556 40,
557 56,
558 SSL_ALL_CIPHERS,
559 SSL_ALL_STRENGTHS,
560 },
561
562/* Cipher 23 VRS */
563 {
564 1,
565 SSL3_TXT_KRB5_DES_64_CBC_SHA,
566 SSL3_CK_KRB5_DES_64_CBC_SHA,
567 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
568 SSL_NOT_EXP|SSL_LOW,
569 0,
570 56,
571 56,
572 SSL_ALL_CIPHERS,
573 SSL_ALL_STRENGTHS,
574 },
575
576/* Cipher 24 VRS */
577 {
578 1,
579 SSL3_TXT_KRB5_DES_64_CBC_MD5,
580 SSL3_CK_KRB5_DES_64_CBC_MD5,
581 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3,
582 SSL_NOT_EXP|SSL_LOW,
583 0,
584 56,
585 56,
586 SSL_ALL_CIPHERS,
587 SSL_ALL_STRENGTHS,
588 },
589
590/* Cipher 25 VRS */
591 {
592 1,
593 SSL3_TXT_KRB5_DES_192_CBC3_SHA,
594 SSL3_CK_KRB5_DES_192_CBC3_SHA,
595 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3,
596 SSL_NOT_EXP|SSL_HIGH,
597 0,
598 112,
599 168,
600 SSL_ALL_CIPHERS,
601 SSL_ALL_STRENGTHS,
602 },
603
604/* Cipher 26 VRS */
605 {
606 1,
607 SSL3_TXT_KRB5_DES_192_CBC3_MD5,
608 SSL3_CK_KRB5_DES_192_CBC3_MD5,
609 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3,
610 SSL_NOT_EXP|SSL_HIGH,
354 0, 611 0,
612 112,
613 168,
355 SSL_ALL_CIPHERS, 614 SSL_ALL_CIPHERS,
615 SSL_ALL_STRENGTHS,
356 }, 616 },
617#endif /* OPENSSL_NO_KRB5 */
618
619
620#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
621 /* New TLS Export CipherSuites */
622 /* Cipher 60 */
623 {
624 1,
625 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
626 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
627 SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
628 SSL_EXPORT|SSL_EXP56,
629 0,
630 56,
631 128,
632 SSL_ALL_CIPHERS,
633 SSL_ALL_STRENGTHS,
634 },
635 /* Cipher 61 */
636 {
637 1,
638 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
639 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
640 SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
641 SSL_EXPORT|SSL_EXP56,
642 0,
643 56,
644 128,
645 SSL_ALL_CIPHERS,
646 SSL_ALL_STRENGTHS,
647 },
648 /* Cipher 62 */
649 {
650 1,
651 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
652 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
653 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
654 SSL_EXPORT|SSL_EXP56,
655 0,
656 56,
657 56,
658 SSL_ALL_CIPHERS,
659 SSL_ALL_STRENGTHS,
660 },
661 /* Cipher 63 */
662 {
663 1,
664 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
665 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
666 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
667 SSL_EXPORT|SSL_EXP56,
668 0,
669 56,
670 56,
671 SSL_ALL_CIPHERS,
672 SSL_ALL_STRENGTHS,
673 },
674 /* Cipher 64 */
675 {
676 1,
677 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
678 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
679 SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
680 SSL_EXPORT|SSL_EXP56,
681 0,
682 56,
683 128,
684 SSL_ALL_CIPHERS,
685 SSL_ALL_STRENGTHS,
686 },
687 /* Cipher 65 */
688 {
689 1,
690 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
691 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
692 SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
693 SSL_EXPORT|SSL_EXP56,
694 0,
695 56,
696 128,
697 SSL_ALL_CIPHERS,
698 SSL_ALL_STRENGTHS,
699 },
700 /* Cipher 66 */
701 {
702 1,
703 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
704 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
705 SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
706 SSL_NOT_EXP|SSL_MEDIUM,
707 0,
708 128,
709 128,
710 SSL_ALL_CIPHERS,
711 SSL_ALL_STRENGTHS
712 },
713#endif
714 /* New AES ciphersuites */
715
716 /* Cipher 2F */
717 {
718 1,
719 TLS1_TXT_RSA_WITH_AES_128_SHA,
720 TLS1_CK_RSA_WITH_AES_128_SHA,
721 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
722 SSL_NOT_EXP|SSL_MEDIUM,
723 0,
724 128,
725 128,
726 SSL_ALL_CIPHERS,
727 SSL_ALL_STRENGTHS,
728 },
729 /* Cipher 30 */
730 {
731 0,
732 TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
733 TLS1_CK_DH_DSS_WITH_AES_128_SHA,
734 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
735 SSL_NOT_EXP|SSL_MEDIUM,
736 0,
737 128,
738 128,
739 SSL_ALL_CIPHERS,
740 SSL_ALL_STRENGTHS,
741 },
742 /* Cipher 31 */
743 {
744 0,
745 TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
746 TLS1_CK_DH_RSA_WITH_AES_128_SHA,
747 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
748 SSL_NOT_EXP|SSL_MEDIUM,
749 0,
750 128,
751 128,
752 SSL_ALL_CIPHERS,
753 SSL_ALL_STRENGTHS,
754 },
755 /* Cipher 32 */
756 {
757 1,
758 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
759 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
760 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
761 SSL_NOT_EXP|SSL_MEDIUM,
762 0,
763 128,
764 128,
765 SSL_ALL_CIPHERS,
766 SSL_ALL_STRENGTHS,
767 },
768 /* Cipher 33 */
769 {
770 1,
771 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
772 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
773 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
774 SSL_NOT_EXP|SSL_MEDIUM,
775 0,
776 128,
777 128,
778 SSL_ALL_CIPHERS,
779 SSL_ALL_STRENGTHS,
780 },
781 /* Cipher 34 */
782 {
783 1,
784 TLS1_TXT_ADH_WITH_AES_128_SHA,
785 TLS1_CK_ADH_WITH_AES_128_SHA,
786 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
787 SSL_NOT_EXP|SSL_MEDIUM,
788 0,
789 128,
790 128,
791 SSL_ALL_CIPHERS,
792 SSL_ALL_STRENGTHS,
793 },
794
795 /* Cipher 35 */
796 {
797 1,
798 TLS1_TXT_RSA_WITH_AES_256_SHA,
799 TLS1_CK_RSA_WITH_AES_256_SHA,
800 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
801 SSL_NOT_EXP|SSL_HIGH,
802 0,
803 256,
804 256,
805 SSL_ALL_CIPHERS,
806 SSL_ALL_STRENGTHS,
807 },
808 /* Cipher 36 */
809 {
810 0,
811 TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
812 TLS1_CK_DH_DSS_WITH_AES_256_SHA,
813 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
814 SSL_NOT_EXP|SSL_HIGH,
815 0,
816 256,
817 256,
818 SSL_ALL_CIPHERS,
819 SSL_ALL_STRENGTHS,
820 },
821 /* Cipher 37 */
822 {
823 0,
824 TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
825 TLS1_CK_DH_RSA_WITH_AES_256_SHA,
826 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
827 SSL_NOT_EXP|SSL_HIGH,
828 0,
829 256,
830 256,
831 SSL_ALL_CIPHERS,
832 SSL_ALL_STRENGTHS,
833 },
834 /* Cipher 38 */
835 {
836 1,
837 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
838 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
839 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
840 SSL_NOT_EXP|SSL_HIGH,
841 0,
842 256,
843 256,
844 SSL_ALL_CIPHERS,
845 SSL_ALL_STRENGTHS,
846 },
847 /* Cipher 39 */
848 {
849 1,
850 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
851 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
852 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
853 SSL_NOT_EXP|SSL_HIGH,
854 0,
855 256,
856 256,
857 SSL_ALL_CIPHERS,
858 SSL_ALL_STRENGTHS,
859 },
860 /* Cipher 3A */
861 {
862 1,
863 TLS1_TXT_ADH_WITH_AES_256_SHA,
864 TLS1_CK_ADH_WITH_AES_256_SHA,
865 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
866 SSL_NOT_EXP|SSL_HIGH,
867 0,
868 256,
869 256,
870 SSL_ALL_CIPHERS,
871 SSL_ALL_STRENGTHS,
872 },
357 873
358/* end of list */ 874/* end of list */
359 }; 875 };
@@ -384,6 +900,7 @@ static SSL_METHOD SSLv3_data= {
384 ssl3_write, 900 ssl3_write,
385 ssl3_shutdown, 901 ssl3_shutdown,
386 ssl3_renegotiate, 902 ssl3_renegotiate,
903 ssl3_renegotiate_check,
387 ssl3_ctrl, 904 ssl3_ctrl,
388 ssl3_ctx_ctrl, 905 ssl3_ctx_ctrl,
389 ssl3_get_cipher_by_char, 906 ssl3_get_cipher_by_char,
@@ -394,27 +911,29 @@ static SSL_METHOD SSLv3_data= {
394 ssl_bad_method, 911 ssl_bad_method,
395 ssl3_default_timeout, 912 ssl3_default_timeout,
396 &SSLv3_enc_data, 913 &SSLv3_enc_data,
914 ssl_undefined_function,
915 ssl3_callback_ctrl,
916 ssl3_ctx_callback_ctrl,
397 }; 917 };
398 918
399static long ssl3_default_timeout() 919static long ssl3_default_timeout(void)
400 { 920 {
401 /* 2 hours, the 24 hours mentioned in the SSLv3 spec 921 /* 2 hours, the 24 hours mentioned in the SSLv3 spec
402 * is way too long for http, the cache would over fill */ 922 * is way too long for http, the cache would over fill */
403 return(60*60*2); 923 return(60*60*2);
404 } 924 }
405 925
406SSL_METHOD *sslv3_base_method() 926SSL_METHOD *sslv3_base_method(void)
407 { 927 {
408 return(&SSLv3_data); 928 return(&SSLv3_data);
409 } 929 }
410 930
411int ssl3_num_ciphers() 931int ssl3_num_ciphers(void)
412 { 932 {
413 return(SSL3_NUM_CIPHERS); 933 return(SSL3_NUM_CIPHERS);
414 } 934 }
415 935
416SSL_CIPHER *ssl3_get_cipher(u) 936SSL_CIPHER *ssl3_get_cipher(unsigned int u)
417unsigned int u;
418 { 937 {
419 if (u < SSL3_NUM_CIPHERS) 938 if (u < SSL3_NUM_CIPHERS)
420 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); 939 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
@@ -422,29 +941,24 @@ unsigned int u;
422 return(NULL); 941 return(NULL);
423 } 942 }
424 943
425/* The problem is that it may not be the correct record type */ 944int ssl3_pending(SSL *s)
426int ssl3_pending(s)
427SSL *s;
428 { 945 {
429 return(s->s3->rrec.length); 946 if (s->rstate == SSL_ST_READ_BODY)
947 return 0;
948
949 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
430 } 950 }
431 951
432int ssl3_new(s) 952int ssl3_new(SSL *s)
433SSL *s;
434 { 953 {
435 SSL3_CTX *s3; 954 SSL3_STATE *s3;
436 955
437 if ((s3=(SSL3_CTX *)Malloc(sizeof(SSL3_CTX))) == NULL) goto err; 956 if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
438 memset(s3,0,sizeof(SSL3_CTX)); 957 memset(s3,0,sizeof *s3);
958 EVP_MD_CTX_init(&s3->finish_dgst1);
959 EVP_MD_CTX_init(&s3->finish_dgst2);
439 960
440 s->s3=s3; 961 s->s3=s3;
441 /*
442 s->s3->tmp.ca_names=NULL;
443 s->s3->tmp.key_block=NULL;
444 s->s3->tmp.key_block_length=0;
445 s->s3->rbuf.buf=NULL;
446 s->s3->wbuf.buf=NULL;
447 */
448 962
449 s->method->ssl_clear(s); 963 s->method->ssl_clear(s);
450 return(1); 964 return(1);
@@ -452,40 +966,66 @@ err:
452 return(0); 966 return(0);
453 } 967 }
454 968
455void ssl3_free(s) 969void ssl3_free(SSL *s)
456SSL *s;
457 { 970 {
971 if(s == NULL)
972 return;
973
458 ssl3_cleanup_key_block(s); 974 ssl3_cleanup_key_block(s);
459 if (s->s3->rbuf.buf != NULL) 975 if (s->s3->rbuf.buf != NULL)
460 Free(s->s3->rbuf.buf); 976 OPENSSL_free(s->s3->rbuf.buf);
461 if (s->s3->wbuf.buf != NULL) 977 if (s->s3->wbuf.buf != NULL)
462 Free(s->s3->wbuf.buf); 978 OPENSSL_free(s->s3->wbuf.buf);
463#ifndef NO_DH 979 if (s->s3->rrec.comp != NULL)
980 OPENSSL_free(s->s3->rrec.comp);
981#ifndef OPENSSL_NO_DH
464 if (s->s3->tmp.dh != NULL) 982 if (s->s3->tmp.dh != NULL)
465 DH_free(s->s3->tmp.dh); 983 DH_free(s->s3->tmp.dh);
466#endif 984#endif
467 if (s->s3->tmp.ca_names != NULL) 985 if (s->s3->tmp.ca_names != NULL)
468 sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 986 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
469 memset(s->s3,0,sizeof(SSL3_CTX)); 987 EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
470 Free(s->s3); 988 EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
989 memset(s->s3,0,sizeof *s->s3);
990 OPENSSL_free(s->s3);
471 s->s3=NULL; 991 s->s3=NULL;
472 } 992 }
473 993
474void ssl3_clear(s) 994void ssl3_clear(SSL *s)
475SSL *s;
476 { 995 {
477 unsigned char *rp,*wp; 996 unsigned char *rp,*wp;
997 size_t rlen, wlen;
478 998
479 ssl3_cleanup_key_block(s); 999 ssl3_cleanup_key_block(s);
480 if (s->s3->tmp.ca_names != NULL) 1000 if (s->s3->tmp.ca_names != NULL)
481 sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 1001 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
482 1002
483 rp=s->s3->rbuf.buf; 1003 if (s->s3->rrec.comp != NULL)
484 wp=s->s3->wbuf.buf; 1004 {
1005 OPENSSL_free(s->s3->rrec.comp);
1006 s->s3->rrec.comp=NULL;
1007 }
1008#ifndef OPENSSL_NO_DH
1009 if (s->s3->tmp.dh != NULL)
1010 DH_free(s->s3->tmp.dh);
1011#endif
1012
1013 rp = s->s3->rbuf.buf;
1014 wp = s->s3->wbuf.buf;
1015 rlen = s->s3->rbuf.len;
1016 wlen = s->s3->wbuf.len;
1017
1018 EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
1019 EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
1020
1021 memset(s->s3,0,sizeof *s->s3);
1022 s->s3->rbuf.buf = rp;
1023 s->s3->wbuf.buf = wp;
1024 s->s3->rbuf.len = rlen;
1025 s->s3->wbuf.len = wlen;
1026
1027 ssl_free_wbio_buffer(s);
485 1028
486 memset(s->s3,0,sizeof(SSL3_CTX));
487 if (rp != NULL) s->s3->rbuf.buf=rp;
488 if (wp != NULL) s->s3->wbuf.buf=wp;
489 s->packet_length=0; 1029 s->packet_length=0;
490 s->s3->renegotiate=0; 1030 s->s3->renegotiate=0;
491 s->s3->total_renegotiations=0; 1031 s->s3->total_renegotiations=0;
@@ -494,14 +1034,30 @@ SSL *s;
494 s->version=SSL3_VERSION; 1034 s->version=SSL3_VERSION;
495 } 1035 }
496 1036
497long ssl3_ctrl(s,cmd,larg,parg) 1037long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
498SSL *s;
499int cmd;
500long larg;
501char *parg;
502 { 1038 {
503 int ret=0; 1039 int ret=0;
504 1040
1041#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
1042 if (
1043#ifndef OPENSSL_NO_RSA
1044 cmd == SSL_CTRL_SET_TMP_RSA ||
1045 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
1046#endif
1047#ifndef OPENSSL_NO_DSA
1048 cmd == SSL_CTRL_SET_TMP_DH ||
1049 cmd == SSL_CTRL_SET_TMP_DH_CB ||
1050#endif
1051 0)
1052 {
1053 if (!ssl_cert_inst(&s->cert))
1054 {
1055 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
1056 return(0);
1057 }
1058 }
1059#endif
1060
505 switch (cmd) 1061 switch (cmd)
506 { 1062 {
507 case SSL_CTRL_GET_SESSION_REUSED: 1063 case SSL_CTRL_GET_SESSION_REUSED:
@@ -519,25 +1075,137 @@ char *parg;
519 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: 1075 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
520 ret=s->s3->total_renegotiations; 1076 ret=s->s3->total_renegotiations;
521 break; 1077 break;
1078 case SSL_CTRL_GET_FLAGS:
1079 ret=(int)(s->s3->flags);
1080 break;
1081#ifndef OPENSSL_NO_RSA
1082 case SSL_CTRL_NEED_TMP_RSA:
1083 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
1084 ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
1085 (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
1086 ret = 1;
1087 break;
1088 case SSL_CTRL_SET_TMP_RSA:
1089 {
1090 RSA *rsa = (RSA *)parg;
1091 if (rsa == NULL)
1092 {
1093 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
1094 return(ret);
1095 }
1096 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
1097 {
1098 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
1099 return(ret);
1100 }
1101 if (s->cert->rsa_tmp != NULL)
1102 RSA_free(s->cert->rsa_tmp);
1103 s->cert->rsa_tmp = rsa;
1104 ret = 1;
1105 }
1106 break;
1107 case SSL_CTRL_SET_TMP_RSA_CB:
1108 {
1109 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1110 return(ret);
1111 }
1112 break;
1113#endif
1114#ifndef OPENSSL_NO_DH
1115 case SSL_CTRL_SET_TMP_DH:
1116 {
1117 DH *dh = (DH *)parg;
1118 if (dh == NULL)
1119 {
1120 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
1121 return(ret);
1122 }
1123 if ((dh = DHparams_dup(dh)) == NULL)
1124 {
1125 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
1126 return(ret);
1127 }
1128 if (!(s->options & SSL_OP_SINGLE_DH_USE))
1129 {
1130 if (!DH_generate_key(dh))
1131 {
1132 DH_free(dh);
1133 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
1134 return(ret);
1135 }
1136 }
1137 if (s->cert->dh_tmp != NULL)
1138 DH_free(s->cert->dh_tmp);
1139 s->cert->dh_tmp = dh;
1140 ret = 1;
1141 }
1142 break;
1143 case SSL_CTRL_SET_TMP_DH_CB:
1144 {
1145 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1146 return(ret);
1147 }
1148 break;
1149#endif
522 default: 1150 default:
523 break; 1151 break;
524 } 1152 }
525 return(ret); 1153 return(ret);
526 } 1154 }
527 1155
528long ssl3_ctx_ctrl(ctx,cmd,larg,parg) 1156long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
529SSL_CTX *ctx; 1157 {
530int cmd; 1158 int ret=0;
531long larg; 1159
532char *parg; 1160#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
1161 if (
1162#ifndef OPENSSL_NO_RSA
1163 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
1164#endif
1165#ifndef OPENSSL_NO_DSA
1166 cmd == SSL_CTRL_SET_TMP_DH_CB ||
1167#endif
1168 0)
1169 {
1170 if (!ssl_cert_inst(&s->cert))
1171 {
1172 SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
1173 return(0);
1174 }
1175 }
1176#endif
1177
1178 switch (cmd)
1179 {
1180#ifndef OPENSSL_NO_RSA
1181 case SSL_CTRL_SET_TMP_RSA_CB:
1182 {
1183 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
1184 }
1185 break;
1186#endif
1187#ifndef OPENSSL_NO_DH
1188 case SSL_CTRL_SET_TMP_DH_CB:
1189 {
1190 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
1191 }
1192 break;
1193#endif
1194 default:
1195 break;
1196 }
1197 return(ret);
1198 }
1199
1200long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
533 { 1201 {
534 CERT *cert; 1202 CERT *cert;
535 1203
536 cert=ctx->default_cert; 1204 cert=ctx->cert;
537 1205
538 switch (cmd) 1206 switch (cmd)
539 { 1207 {
540#ifndef NO_RSA 1208#ifndef OPENSSL_NO_RSA
541 case SSL_CTRL_NEED_TMP_RSA: 1209 case SSL_CTRL_NEED_TMP_RSA:
542 if ( (cert->rsa_tmp == NULL) && 1210 if ( (cert->rsa_tmp == NULL) &&
543 ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 1211 ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
@@ -546,7 +1214,7 @@ char *parg;
546 return(1); 1214 return(1);
547 else 1215 else
548 return(0); 1216 return(0);
549 break; 1217 /* break; */
550 case SSL_CTRL_SET_TMP_RSA: 1218 case SSL_CTRL_SET_TMP_RSA:
551 { 1219 {
552 RSA *rsa; 1220 RSA *rsa;
@@ -574,35 +1242,83 @@ char *parg;
574 return(1); 1242 return(1);
575 } 1243 }
576 } 1244 }
577 break; 1245 /* break; */
578 case SSL_CTRL_SET_TMP_RSA_CB: 1246 case SSL_CTRL_SET_TMP_RSA_CB:
579 cert->rsa_tmp_cb=(RSA *(*)())parg; 1247 {
1248 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1249 return(0);
1250 }
580 break; 1251 break;
581#endif 1252#endif
582#ifndef NO_DH 1253#ifndef OPENSSL_NO_DH
583 case SSL_CTRL_SET_TMP_DH: 1254 case SSL_CTRL_SET_TMP_DH:
584 { 1255 {
585 DH *new=NULL,*dh; 1256 DH *new=NULL,*dh;
586 1257
587 dh=(DH *)parg; 1258 dh=(DH *)parg;
588 if ( ((new=DHparams_dup(dh)) == NULL) || 1259 if ((new=DHparams_dup(dh)) == NULL)
589 (!DH_generate_key(new)))
590 { 1260 {
591 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); 1261 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
592 if (new != NULL) DH_free(new); 1262 return 0;
593 return(0);
594 } 1263 }
595 else 1264 if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
596 { 1265 {
597 if (cert->dh_tmp != NULL) 1266 if (!DH_generate_key(new))
598 DH_free(cert->dh_tmp); 1267 {
599 cert->dh_tmp=new; 1268 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
600 return(1); 1269 DH_free(new);
1270 return 0;
1271 }
601 } 1272 }
1273 if (cert->dh_tmp != NULL)
1274 DH_free(cert->dh_tmp);
1275 cert->dh_tmp=new;
1276 return 1;
1277 }
1278 /*break; */
1279 case SSL_CTRL_SET_TMP_DH_CB:
1280 {
1281 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1282 return(0);
602 } 1283 }
603 break; 1284 break;
1285#endif
1286 /* A Thawte special :-) */
1287 case SSL_CTRL_EXTRA_CHAIN_CERT:
1288 if (ctx->extra_certs == NULL)
1289 {
1290 if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
1291 return(0);
1292 }
1293 sk_X509_push(ctx->extra_certs,(X509 *)parg);
1294 break;
1295
1296 default:
1297 return(0);
1298 }
1299 return(1);
1300 }
1301
1302long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
1303 {
1304 CERT *cert;
1305
1306 cert=ctx->cert;
1307
1308 switch (cmd)
1309 {
1310#ifndef OPENSSL_NO_RSA
1311 case SSL_CTRL_SET_TMP_RSA_CB:
1312 {
1313 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
1314 }
1315 break;
1316#endif
1317#ifndef OPENSSL_NO_DH
604 case SSL_CTRL_SET_TMP_DH_CB: 1318 case SSL_CTRL_SET_TMP_DH_CB:
605 cert->dh_tmp_cb=(DH *(*)())parg; 1319 {
1320 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
1321 }
606 break; 1322 break;
607#endif 1323#endif
608 default: 1324 default:
@@ -613,8 +1329,7 @@ char *parg;
613 1329
614/* This function needs to check if the ciphers required are actually 1330/* This function needs to check if the ciphers required are actually
615 * available */ 1331 * available */
616SSL_CIPHER *ssl3_get_cipher_by_char(p) 1332SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
617unsigned char *p;
618 { 1333 {
619 static int init=1; 1334 static int init=1;
620 static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS]; 1335 static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
@@ -624,7 +1339,7 @@ unsigned char *p;
624 1339
625 if (init) 1340 if (init)
626 { 1341 {
627 init=0; 1342 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
628 1343
629 for (i=0; i<SSL3_NUM_CIPHERS; i++) 1344 for (i=0; i<SSL3_NUM_CIPHERS; i++)
630 sorted[i]= &(ssl3_ciphers[i]); 1345 sorted[i]= &(ssl3_ciphers[i]);
@@ -632,6 +1347,10 @@ unsigned char *p;
632 qsort( (char *)sorted, 1347 qsort( (char *)sorted,
633 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *), 1348 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
634 FP_ICC ssl_cipher_ptr_id_cmp); 1349 FP_ICC ssl_cipher_ptr_id_cmp);
1350
1351 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
1352
1353 init=0;
635 } 1354 }
636 1355
637 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; 1356 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
@@ -639,16 +1358,14 @@ unsigned char *p;
639 cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp, 1358 cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
640 (char *)sorted, 1359 (char *)sorted,
641 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *), 1360 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
642 (int (*)())ssl_cipher_ptr_id_cmp); 1361 FP_ICC ssl_cipher_ptr_id_cmp);
643 if ((cpp == NULL) || !(*cpp)->valid) 1362 if ((cpp == NULL) || !(*cpp)->valid)
644 return(NULL); 1363 return(NULL);
645 else 1364 else
646 return(*cpp); 1365 return(*cpp);
647 } 1366 }
648 1367
649int ssl3_put_cipher_by_char(c,p) 1368int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
650SSL_CIPHER *c;
651unsigned char *p;
652 { 1369 {
653 long l; 1370 long l;
654 1371
@@ -662,114 +1379,141 @@ unsigned char *p;
662 return(2); 1379 return(2);
663 } 1380 }
664 1381
665int ssl3_part_read(s,i) 1382SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
666SSL *s; 1383 STACK_OF(SSL_CIPHER) *srvr)
667int i;
668 {
669 s->rwstate=SSL_READING;
670
671 if (i < 0)
672 {
673 return(i);
674 }
675 else
676 {
677 s->init_num+=i;
678 return(0);
679 }
680 }
681
682SSL_CIPHER *ssl3_choose_cipher(s,have,pref)
683SSL *s;
684STACK *have,*pref;
685 { 1384 {
686 SSL_CIPHER *c,*ret=NULL; 1385 SSL_CIPHER *c,*ret=NULL;
1386 STACK_OF(SSL_CIPHER) *prio, *allow;
687 int i,j,ok; 1387 int i,j,ok;
688 CERT *cert; 1388 CERT *cert;
689 unsigned long alg,mask,emask; 1389 unsigned long alg,mask,emask;
690 1390
691 /* Lets see which ciphers we can supported */ 1391 /* Let's see which ciphers we can support */
692 if (s->cert != NULL) 1392 cert=s->cert;
693 cert=s->cert; 1393
1394#if 0
1395 /* Do not set the compare functions, because this may lead to a
1396 * reordering by "id". We want to keep the original ordering.
1397 * We may pay a price in performance during sk_SSL_CIPHER_find(),
1398 * but would have to pay with the price of sk_SSL_CIPHER_dup().
1399 */
1400 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
1401 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
1402#endif
1403
1404#ifdef CIPHER_DEBUG
1405 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr);
1406 for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
1407 {
1408 c=sk_SSL_CIPHER_value(srvr,i);
1409 printf("%p:%s\n",c,c->name);
1410 }
1411 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt);
1412 for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
1413 {
1414 c=sk_SSL_CIPHER_value(clnt,i);
1415 printf("%p:%s\n",c,c->name);
1416 }
1417#endif
1418
1419 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
1420 {
1421 prio = srvr;
1422 allow = clnt;
1423 }
694 else 1424 else
695 cert=s->ctx->default_cert; 1425 {
1426 prio = clnt;
1427 allow = srvr;
1428 }
1429
1430 for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
1431 {
1432 c=sk_SSL_CIPHER_value(prio,i);
696 1433
697 ssl_set_cert_masks(cert); 1434 ssl_set_cert_masks(cert,c);
698 mask=cert->mask; 1435 mask=cert->mask;
699 emask=cert->export_mask; 1436 emask=cert->export_mask;
700 1437
701 sk_set_cmp_func(pref,ssl_cipher_ptr_id_cmp); 1438#ifdef KSSL_DEBUG
1439 printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);
1440#endif /* KSSL_DEBUG */
702 1441
703 for (i=0; i<sk_num(have); i++)
704 {
705 c=(SSL_CIPHER *)sk_value(have,i);
706 alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); 1442 alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
707 if (alg & SSL_EXPORT) 1443#ifndef OPENSSL_NO_KRB5
1444 if (alg & SSL_KRB5)
1445 {
1446 if ( !kssl_keytab_is_available(s->kssl_ctx) )
1447 continue;
1448 }
1449#endif /* OPENSSL_NO_KRB5 */
1450 if (SSL_C_IS_EXPORT(c))
708 { 1451 {
709 ok=((alg & emask) == alg)?1:0; 1452 ok=((alg & emask) == alg)?1:0;
710#ifdef CIPHER_DEBUG 1453#ifdef CIPHER_DEBUG
711 printf("%d:[%08lX:%08lX]%s\n",ok,alg,mask,c->name); 1454 printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,
1455 c,c->name);
712#endif 1456#endif
713 } 1457 }
714 else 1458 else
715 { 1459 {
716 ok=((alg & mask) == alg)?1:0; 1460 ok=((alg & mask) == alg)?1:0;
717#ifdef CIPHER_DEBUG 1461#ifdef CIPHER_DEBUG
718 printf("%d:[%08lX:%08lX]%s\n",ok,alg,mask,c->name); 1462 printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,
1463 c->name);
719#endif 1464#endif
720 } 1465 }
721 1466
722 if (!ok) continue; 1467 if (!ok) continue;
723 1468
724 j=sk_find(pref,(char *)c); 1469 j=sk_SSL_CIPHER_find(allow,c);
725 if (j >= 0) 1470 if (j >= 0)
726 { 1471 {
727 ret=(SSL_CIPHER *)sk_value(pref,j); 1472 ret=sk_SSL_CIPHER_value(allow,j);
728 break; 1473 break;
729 } 1474 }
730 } 1475 }
731 return(ret); 1476 return(ret);
732 } 1477 }
733 1478
734int ssl3_get_req_cert_type(s,p) 1479int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
735SSL *s;
736unsigned char *p;
737 { 1480 {
738 int ret=0; 1481 int ret=0;
739 unsigned long alg; 1482 unsigned long alg;
740 1483
741 alg=s->s3->tmp.new_cipher->algorithms; 1484 alg=s->s3->tmp.new_cipher->algorithms;
742 1485
743#ifndef NO_DH 1486#ifndef OPENSSL_NO_DH
744 if (alg & (SSL_kDHr|SSL_kEDH)) 1487 if (alg & (SSL_kDHr|SSL_kEDH))
745 { 1488 {
746#ifndef NO_RSA 1489# ifndef OPENSSL_NO_RSA
747 p[ret++]=SSL3_CT_RSA_FIXED_DH; 1490 p[ret++]=SSL3_CT_RSA_FIXED_DH;
748#endif 1491# endif
749#ifndef NO_DSA 1492# ifndef OPENSSL_NO_DSA
750 p[ret++]=SSL3_CT_DSS_FIXED_DH; 1493 p[ret++]=SSL3_CT_DSS_FIXED_DH;
751#endif 1494# endif
752 } 1495 }
753 if ((s->version == SSL3_VERSION) && 1496 if ((s->version == SSL3_VERSION) &&
754 (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) 1497 (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
755 { 1498 {
756#ifndef NO_RSA 1499# ifndef OPENSSL_NO_RSA
757 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; 1500 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
758#endif 1501# endif
759#ifndef NO_DSA 1502# ifndef OPENSSL_NO_DSA
760 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH; 1503 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
761#endif 1504# endif
762 } 1505 }
763#endif /* !NO_DH */ 1506#endif /* !OPENSSL_NO_DH */
764#ifndef NO_RSA 1507#ifndef OPENSSL_NO_RSA
765 p[ret++]=SSL3_CT_RSA_SIGN; 1508 p[ret++]=SSL3_CT_RSA_SIGN;
766#endif 1509#endif
1510#ifndef OPENSSL_NO_DSA
767 p[ret++]=SSL3_CT_DSS_SIGN; 1511 p[ret++]=SSL3_CT_DSS_SIGN;
1512#endif
768 return(ret); 1513 return(ret);
769 } 1514 }
770 1515
771int ssl3_shutdown(s) 1516int ssl3_shutdown(SSL *s)
772SSL *s;
773 { 1517 {
774 1518
775 /* Don't do anything much if we have not done the handshake or 1519 /* Don't do anything much if we have not done the handshake or
@@ -799,7 +1543,7 @@ SSL *s;
799 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) 1543 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
800 { 1544 {
801 /* If we are waiting for a close from our peer, we are closed */ 1545 /* If we are waiting for a close from our peer, we are closed */
802 ssl3_read_bytes(s,0,NULL,0); 1546 ssl3_read_bytes(s,0,NULL,0,0);
803 } 1547 }
804 1548
805 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 1549 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
@@ -809,13 +1553,9 @@ SSL *s;
809 return(0); 1553 return(0);
810 } 1554 }
811 1555
812int ssl3_write(s,buf,len) 1556int ssl3_write(SSL *s, const void *buf, int len)
813SSL *s;
814char *buf;
815int len;
816 { 1557 {
817 int ret,n; 1558 int ret,n;
818 BIO *under;
819 1559
820#if 0 1560#if 0
821 if (s->shutdown & SSL_SEND_SHUTDOWN) 1561 if (s->shutdown & SSL_SEND_SHUTDOWN)
@@ -838,7 +1578,7 @@ int len;
838 if (s->s3->delay_buf_pop_ret == 0) 1578 if (s->s3->delay_buf_pop_ret == 0)
839 { 1579 {
840 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, 1580 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
841 (char *)buf,len); 1581 buf,len);
842 if (ret <= 0) return(ret); 1582 if (ret <= 0) return(ret);
843 1583
844 s->s3->delay_buf_pop_ret=ret; 1584 s->s3->delay_buf_pop_ret=ret;
@@ -849,43 +1589,40 @@ int len;
849 if (n <= 0) return(n); 1589 if (n <= 0) return(n);
850 s->rwstate=SSL_NOTHING; 1590 s->rwstate=SSL_NOTHING;
851 1591
852 /* We have flushed the buffer */ 1592 /* We have flushed the buffer, so remove it */
853 under=BIO_pop(s->wbio); 1593 ssl_free_wbio_buffer(s);
854 s->wbio=under; 1594 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
855 BIO_free(s->bbio); 1595
856 s->bbio=NULL;
857 ret=s->s3->delay_buf_pop_ret; 1596 ret=s->s3->delay_buf_pop_ret;
858 s->s3->delay_buf_pop_ret=0; 1597 s->s3->delay_buf_pop_ret=0;
859
860 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
861 } 1598 }
862 else 1599 else
863 { 1600 {
864 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, 1601 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
865 (char *)buf,len); 1602 buf,len);
866 if (ret <= 0) return(ret); 1603 if (ret <= 0) return(ret);
867 } 1604 }
868 1605
869 return(ret); 1606 return(ret);
870 } 1607 }
871 1608
872int ssl3_read(s,buf,len) 1609static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
873SSL *s;
874char *buf;
875int len;
876 { 1610 {
877 int ret; 1611 int ret;
878 1612
879 clear_sys_error(); 1613 clear_sys_error();
880 if (s->s3->renegotiate) ssl3_renegotiate_check(s); 1614 if (s->s3->renegotiate) ssl3_renegotiate_check(s);
881 s->s3->in_read_app_data=1; 1615 s->s3->in_read_app_data=1;
882 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len); 1616 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
883 if ((ret == -1) && (s->s3->in_read_app_data == 0)) 1617 if ((ret == -1) && (s->s3->in_read_app_data == 2))
884 { 1618 {
885 ERR_get_error(); /* clear the error */ 1619 /* ssl3_read_bytes decided to call s->handshake_func, which
886 s->s3->in_read_app_data=0; 1620 * called ssl3_read_bytes to read handshake data.
1621 * However, ssl3_read_bytes actually found application data
1622 * and thinks that application data makes sense here; so disable
1623 * handshake processing and try to read application data again. */
887 s->in_handshake++; 1624 s->in_handshake++;
888 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len); 1625 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
889 s->in_handshake--; 1626 s->in_handshake--;
890 } 1627 }
891 else 1628 else
@@ -894,33 +1631,17 @@ int len;
894 return(ret); 1631 return(ret);
895 } 1632 }
896 1633
897int ssl3_peek(s,buf,len) 1634int ssl3_read(SSL *s, void *buf, int len)
898SSL *s;
899char *buf;
900int len;
901 { 1635 {
902 SSL3_RECORD *rr; 1636 return ssl3_read_internal(s, buf, len, 0);
903 int n; 1637 }
904
905 rr= &(s->s3->rrec);
906 if ((rr->length == 0) || (rr->type != SSL3_RT_APPLICATION_DATA))
907 {
908 n=ssl3_read(s,buf,1);
909 if (n <= 0) return(n);
910 rr->length++;
911 rr->off--;
912 }
913 1638
914 if ((unsigned int)len > rr->length) 1639int ssl3_peek(SSL *s, void *buf, int len)
915 n=rr->length; 1640 {
916 else 1641 return ssl3_read_internal(s, buf, len, 1);
917 n=len;
918 memcpy(buf,&(rr->data[rr->off]),(unsigned int)n);
919 return(n);
920 } 1642 }
921 1643
922int ssl3_renegotiate(s) 1644int ssl3_renegotiate(SSL *s)
923SSL *s;
924 { 1645 {
925 if (s->handshake_func == NULL) 1646 if (s->handshake_func == NULL)
926 return(1); 1647 return(1);
@@ -932,8 +1653,7 @@ SSL *s;
932 return(1); 1653 return(1);
933 } 1654 }
934 1655
935int ssl3_renegotiate_check(s) 1656int ssl3_renegotiate_check(SSL *s)
936SSL *s;
937 { 1657 {
938 int ret=0; 1658 int ret=0;
939 1659
@@ -945,7 +1665,7 @@ SSL *s;
945 { 1665 {
946/* 1666/*
947if we are the server, and we have sent a 'RENEGOTIATE' message, we 1667if we are the server, and we have sent a 'RENEGOTIATE' message, we
948need to go to SSL_ST_ACCEPT. 1668need to go to SSL_ST_ACCEPT.
949*/ 1669*/
950 /* SSL_ST_ACCEPT */ 1670 /* SSL_ST_ACCEPT */
951 s->state=SSL_ST_RENEGOTIATE; 1671 s->state=SSL_ST_RENEGOTIATE;
@@ -958,4 +1678,3 @@ need to go to SSL_ST_ACCEPT.
958 return(ret); 1678 return(ret);
959 } 1679 }
960 1680
961
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-07 02:27:24 +0000