1 files changed, 31 insertions, 64 deletions
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 2a9714fc19..f616763830 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -158,24 +158,8 @@ extern "C" {
 #define SSL3_RT_MAX_PACKET_SIZE         (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
 #define SSL3_RT_MAX_DATA_SIZE                   (1024*1024)
-/* the states that a SSL3_RECORD can be in
+#define SSL3_MD_CLIENT_FINISHED_CONST   "\x43\x4C\x4E\x54"
- * For SSL_read it goes
+#define SSL3_MD_SERVER_FINISHED_CONST   "\x53\x52\x56\x52"
- * rbuf->ENCODED        -> read 
- * ENCODED              -> we need to decode everything - call decode_record
- */
- 
-#define SSL3_RS_BLANK                   1
-#define SSL3_RS_DATA
-#define SSL3_RS_ENCODED                 2
-#define SSL3_RS_READ_MORE               3
-#define SSL3_RS_WRITE_MORE
-#define SSL3_RS_PLAIN                   3
-#define SSL3_RS_PART_READ               4
-#define SSL3_RS_PART_WRITE              5
-#define SSL3_MD_CLIENT_FINISHED_CONST   {0x43,0x4C,0x4E,0x54}
-#define SSL3_MD_SERVER_FINISHED_CONST   {0x53,0x52,0x56,0x52}
 #define SSL3_VERSION                    0x0300
 #define SSL3_VERSION_MAJOR              0x03
@@ -204,22 +188,20 @@ extern "C" {
 typedef struct ssl3_record_st
        {
-/*r */  int type;               /* type of record */
+/*r */  int type;               /* type of record */
-/*  */  /*int state;*/          /* any data in it? */
+/*rw*/  unsigned int length;    /* How many bytes available */
-/*rw*/  unsigned int length;    /* How many bytes available */
+/*r */  unsigned int off;       /* read/write offset into 'buf' */
-/*r */  unsigned int off;       /* read/write offset into 'buf' */
+/*rw*/  unsigned char *data;    /* pointer to the record data */
-/*rw*/  unsigned char *data;    /* pointer to the record data */
+/*rw*/  unsigned char *input;   /* where the decode bytes are */
-/*rw*/  unsigned char *input;   /* where the decode bytes are */
+/*r */  unsigned char *comp;    /* only used with decompression - malloc()ed */
-/*r */  unsigned char *comp;    /* only used with decompression - malloc()ed */
        } SSL3_RECORD;
 typedef struct ssl3_buffer_st
        {
-/*r */  int total;              /* used in non-blocking writes */
+        unsigned char *buf;     /* SSL3_RT_MAX_PACKET_SIZE bytes (more if
-/*r */  int wanted;             /* how many more bytes we need */
+                                 * SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER is set) */
-/*rw*/  int left;               /* how many bytes left */
+        int offset;             /* where to 'copy from' */
-/*rw*/  int offset;             /* where to 'copy from' */
+        int left;               /* how many bytes left */
-/*rw*/  unsigned char *buf;     /* SSL3_RT_MAX_PACKET_SIZE bytes */
        } SSL3_BUFFER;
 #define SSL3_CT_RSA_SIGN                        1
@@ -236,34 +218,7 @@ typedef struct ssl3_buffer_st
 #define SSL3_FLAGS_POP_BUFFER                   0x0004
 #define TLS1_FLAGS_TLS_PADDING_BUG              0x0008
-#if 0
+typedef struct ssl3_state_st
-#define AD_CLOSE_NOTIFY                 0
-#define AD_UNEXPECTED_MESSAGE           1
-#define AD_BAD_RECORD_MAC               2
-#define AD_DECRYPTION_FAILED            3
-#define AD_RECORD_OVERFLOW              4
-#define AD_DECOMPRESSION_FAILURE        5       /* fatal */
-#define AD_HANDSHAKE_FAILURE            6       /* fatal */
-#define AD_NO_CERTIFICATE               7       /* Not under TLS */
-#define AD_BAD_CERTIFICATE              8
-#define AD_UNSUPPORTED_CERTIFICATE      9
-#define AD_CERTIFICATE_REVOKED          10      
-#define AD_CERTIFICATE_EXPIRED          11
-#define AD_CERTIFICATE_UNKNOWN          12
-#define AD_ILLEGAL_PARAMETER            13      /* fatal */
-#define AD_UNKNOWN_CA                   14      /* fatal */
-#define AD_ACCESS_DENIED                15      /* fatal */
-#define AD_DECODE_ERROR                 16      /* fatal */
-#define AD_DECRYPT_ERROR                17
-#define AD_EXPORT_RESTRICION            18      /* fatal */
-#define AD_PROTOCOL_VERSION             19      /* fatal */
-#define AD_INSUFFICIENT_SECURITY        20      /* fatal */
-#define AD_INTERNAL_ERROR               21      /* fatal */
-#define AD_USER_CANCLED                 22
-#define AD_NO_RENEGOTIATION             23
-#endif
-typedef struct ssl3_ctx_st
        {
        long flags;
        int delay_buf_pop_ret;
@@ -278,10 +233,16 @@ typedef struct ssl3_ctx_st
        SSL3_BUFFER rbuf;       /* read IO goes into here */
        SSL3_BUFFER wbuf;       /* write IO goes into here */
        SSL3_RECORD rrec;       /* each decoded record goes in here */
        SSL3_RECORD wrec;       /* goes out from here */
-                                /* Used by ssl3_read_n to point
-                                 * to input data packet */
+        /* storage for Alert/Handshake protocol data received but not
+         * yet processed by ssl3_read_bytes: */
+        unsigned char alert_fragment[2];
+        unsigned int alert_fragment_len;
+        unsigned char handshake_fragment[4];
+        unsigned int handshake_fragment_len;
        /* partial write - check the numbers match */
        unsigned int wnum;      /* number of bytes sent so far */
@@ -300,7 +261,7 @@ typedef struct ssl3_ctx_st
        int warn_alert;
        int fatal_alert;
-        /* we alow one fatal and one warning alert to be outstanding,
+        /* we allow one fatal and one warning alert to be outstanding,
         * send close alert via the warning alert */
        int alert_dispatch;
        unsigned char send_alert[2];
@@ -314,8 +275,14 @@ typedef struct ssl3_ctx_st
        int in_read_app_data;
        struct  {
-                /* Actually only needs to be 16+20 for SSLv3 and 12 for TLS */
+                /* actually only needs to be 16+20 */
+                unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
+                /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
                unsigned char finish_md[EVP_MAX_MD_SIZE*2];
+                int finish_md_len;
+                unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
+                int peer_finish_md_len;
                
                unsigned long message_size;
                int message_type;
@@ -351,7 +318,7 @@ typedef struct ssl3_ctx_st
                int cert_request;
                } tmp;
-        } SSL3_CTX;
+        } SSL3_STATE;
 /* SSLv3 */
 /*client */
@@ -429,7 +396,7 @@ typedef struct ssl3_ctx_st
 #define SSL3_ST_SW_FINISHED_A           (0x1E0|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_FINISHED_B           (0x1E1|SSL_ST_ACCEPT)
-#define SSL3_MT_CLIENT_REQUEST                  0
+#define SSL3_MT_HELLO_REQUEST                   0
 #define SSL3_MT_CLIENT_HELLO                    1
 #define SSL3_MT_SERVER_HELLO                    2
 #define SSL3_MT_CERTIFICATE                     11

diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index 2a9714fc19..f616763830 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h
@@ -158,24 +158,8 @@ extern "C" {
158	#define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)	158	#define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
159	#define SSL3_RT_MAX_DATA_SIZE (1024*1024)	159	#define SSL3_RT_MAX_DATA_SIZE (1024*1024)
160		160
161	/* the states that a SSL3_RECORD can be in	161	#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
162	* For SSL_read it goes	162	#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
163	* rbuf->ENCODED -> read
164	* ENCODED -> we need to decode everything - call decode_record
165	*/
166
167	#define SSL3_RS_BLANK 1
168	#define SSL3_RS_DATA
169
170	#define SSL3_RS_ENCODED 2
171	#define SSL3_RS_READ_MORE 3
172	#define SSL3_RS_WRITE_MORE
173	#define SSL3_RS_PLAIN 3
174	#define SSL3_RS_PART_READ 4
175	#define SSL3_RS_PART_WRITE 5
176
177	#define SSL3_MD_CLIENT_FINISHED_CONST {0x43,0x4C,0x4E,0x54}
178	#define SSL3_MD_SERVER_FINISHED_CONST {0x53,0x52,0x56,0x52}
179		163
180	#define SSL3_VERSION 0x0300	164	#define SSL3_VERSION 0x0300
181	#define SSL3_VERSION_MAJOR 0x03	165	#define SSL3_VERSION_MAJOR 0x03
@@ -204,22 +188,20 @@ extern "C" {
204		188
205	typedef struct ssl3_record_st	189	typedef struct ssl3_record_st
206	{	190	{
207	/r / int type; /* type of record */	191	/r / int type; /* type of record */
208	/* / /int state;/ / any data in it? */	192	/rw/ unsigned int length; /* How many bytes available */
209	/rw/ unsigned int length; /* How many bytes available */	193	/r / unsigned int off; /* read/write offset into 'buf' */
210	/r / unsigned int off; /* read/write offset into 'buf' */	194	/rw/ unsigned char data; / pointer to the record data */
211	/rw/ unsigned char data; / pointer to the record data */	195	/rw/ unsigned char input; / where the decode bytes are */
212	/rw/ unsigned char input; / where the decode bytes are */	196	/r / unsigned char comp; / only used with decompression - malloc()ed */
213	/r / unsigned char comp; / only used with decompression - malloc()ed */
214	} SSL3_RECORD;	197	} SSL3_RECORD;
215		198
216	typedef struct ssl3_buffer_st	199	typedef struct ssl3_buffer_st
217	{	200	{
218	/r / int total; /* used in non-blocking writes */	201	unsigned char buf; / SSL3_RT_MAX_PACKET_SIZE bytes (more if
219	/r / int wanted; /* how many more bytes we need */	202	* SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER is set) */
220	/rw/ int left; /* how many bytes left */	203	int offset; /* where to 'copy from' */
221	/rw/ int offset; /* where to 'copy from' */	204	int left; /* how many bytes left */
222	/rw/ unsigned char buf; / SSL3_RT_MAX_PACKET_SIZE bytes */
223	} SSL3_BUFFER;	205	} SSL3_BUFFER;
224		206
225	#define SSL3_CT_RSA_SIGN 1	207	#define SSL3_CT_RSA_SIGN 1
@@ -236,34 +218,7 @@ typedef struct ssl3_buffer_st
236	#define SSL3_FLAGS_POP_BUFFER 0x0004	218	#define SSL3_FLAGS_POP_BUFFER 0x0004
237	#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008	219	#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
238		220
239	#if 0	221	typedef struct ssl3_state_st
240	#define AD_CLOSE_NOTIFY 0
241	#define AD_UNEXPECTED_MESSAGE 1
242	#define AD_BAD_RECORD_MAC 2
243	#define AD_DECRYPTION_FAILED 3
244	#define AD_RECORD_OVERFLOW 4
245	#define AD_DECOMPRESSION_FAILURE 5 /* fatal */
246	#define AD_HANDSHAKE_FAILURE 6 /* fatal */
247	#define AD_NO_CERTIFICATE 7 /* Not under TLS */
248	#define AD_BAD_CERTIFICATE 8
249	#define AD_UNSUPPORTED_CERTIFICATE 9
250	#define AD_CERTIFICATE_REVOKED 10
251	#define AD_CERTIFICATE_EXPIRED 11
252	#define AD_CERTIFICATE_UNKNOWN 12
253	#define AD_ILLEGAL_PARAMETER 13 /* fatal */
254	#define AD_UNKNOWN_CA 14 /* fatal */
255	#define AD_ACCESS_DENIED 15 /* fatal */
256	#define AD_DECODE_ERROR 16 /* fatal */
257	#define AD_DECRYPT_ERROR 17
258	#define AD_EXPORT_RESTRICION 18 /* fatal */
259	#define AD_PROTOCOL_VERSION 19 /* fatal */
260	#define AD_INSUFFICIENT_SECURITY 20 /* fatal */
261	#define AD_INTERNAL_ERROR 21 /* fatal */
262	#define AD_USER_CANCLED 22
263	#define AD_NO_RENEGOTIATION 23
264	#endif
265
266	typedef struct ssl3_ctx_st
267	{	222	{
268	long flags;	223	long flags;
269	int delay_buf_pop_ret;	224	int delay_buf_pop_ret;
@@ -278,10 +233,16 @@ typedef struct ssl3_ctx_st
278		233
279	SSL3_BUFFER rbuf; /* read IO goes into here */	234	SSL3_BUFFER rbuf; /* read IO goes into here */
280	SSL3_BUFFER wbuf; /* write IO goes into here */	235	SSL3_BUFFER wbuf; /* write IO goes into here */
		236
281	SSL3_RECORD rrec; /* each decoded record goes in here */	237	SSL3_RECORD rrec; /* each decoded record goes in here */
282	SSL3_RECORD wrec; /* goes out from here */	238	SSL3_RECORD wrec; /* goes out from here */
283	/* Used by ssl3_read_n to point	239
284	* to input data packet */	240	/* storage for Alert/Handshake protocol data received but not
		241	* yet processed by ssl3_read_bytes: */
		242	unsigned char alert_fragment[2];
		243	unsigned int alert_fragment_len;
		244	unsigned char handshake_fragment[4];
		245	unsigned int handshake_fragment_len;
285		246
286	/* partial write - check the numbers match */	247	/* partial write - check the numbers match */
287	unsigned int wnum; /* number of bytes sent so far */	248	unsigned int wnum; /* number of bytes sent so far */
@@ -300,7 +261,7 @@ typedef struct ssl3_ctx_st
300		261
301	int warn_alert;	262	int warn_alert;
302	int fatal_alert;	263	int fatal_alert;
303	/* we alow one fatal and one warning alert to be outstanding,	264	/* we allow one fatal and one warning alert to be outstanding,
304	* send close alert via the warning alert */	265	* send close alert via the warning alert */
305	int alert_dispatch;	266	int alert_dispatch;
306	unsigned char send_alert[2];	267	unsigned char send_alert[2];
@@ -314,8 +275,14 @@ typedef struct ssl3_ctx_st
314	int in_read_app_data;	275	int in_read_app_data;
315		276
316	struct {	277	struct {
317	/* Actually only needs to be 16+20 for SSLv3 and 12 for TLS */	278	/* actually only needs to be 16+20 */
		279	unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
		280
		281	/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
318	unsigned char finish_md[EVP_MAX_MD_SIZE*2];	282	unsigned char finish_md[EVP_MAX_MD_SIZE*2];
		283	int finish_md_len;
		284	unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
		285	int peer_finish_md_len;
319		286
320	unsigned long message_size;	287	unsigned long message_size;
321	int message_type;	288	int message_type;
@@ -351,7 +318,7 @@ typedef struct ssl3_ctx_st
351	int cert_request;	318	int cert_request;
352	} tmp;	319	} tmp;
353		320
354	} SSL3_CTX;	321	} SSL3_STATE;
355		322
356	/* SSLv3 */	323	/* SSLv3 */
357	/client /	324	/client /
@@ -429,7 +396,7 @@ typedef struct ssl3_ctx_st
429	#define SSL3_ST_SW_FINISHED_A (0x1E0\|SSL_ST_ACCEPT)	396	#define SSL3_ST_SW_FINISHED_A (0x1E0\|SSL_ST_ACCEPT)
430	#define SSL3_ST_SW_FINISHED_B (0x1E1\|SSL_ST_ACCEPT)	397	#define SSL3_ST_SW_FINISHED_B (0x1E1\|SSL_ST_ACCEPT)
431		398
432	#define SSL3_MT_CLIENT_REQUEST 0	399	#define SSL3_MT_HELLO_REQUEST 0
433	#define SSL3_MT_CLIENT_HELLO 1	400	#define SSL3_MT_CLIENT_HELLO 1
434	#define SSL3_MT_SERVER_HELLO 2	401	#define SSL3_MT_SERVER_HELLO 2
435	#define SSL3_MT_CERTIFICATE 11	402	#define SSL3_MT_CERTIFICATE 11