]>
Commit | Line | Data |
---|---|---|
d02b48c6 | 1 | /* ssl/s3_lib.c */ |
58964a49 | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
d02b48c6 RE |
3 | * All rights reserved. |
4 | * | |
5 | * This package is an SSL implementation written | |
6 | * by Eric Young (eay@cryptsoft.com). | |
7 | * The implementation was written so as to conform with Netscapes SSL. | |
8 | * | |
9 | * This library is free for commercial and non-commercial use as long as | |
10 | * the following conditions are aheared to. The following conditions | |
11 | * apply to all code found in this distribution, be it the RC4, RSA, | |
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
13 | * included with this distribution is covered by the same copyright terms | |
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
15 | * | |
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | |
17 | * the code are not to be removed. | |
18 | * If this package is used in a product, Eric Young should be given attribution | |
19 | * as the author of the parts of the library used. | |
20 | * This can be in the form of a textual message at program startup or | |
21 | * in documentation (online or textual) provided with the package. | |
22 | * | |
23 | * Redistribution and use in source and binary forms, with or without | |
24 | * modification, are permitted provided that the following conditions | |
25 | * are met: | |
26 | * 1. Redistributions of source code must retain the copyright | |
27 | * notice, this list of conditions and the following disclaimer. | |
28 | * 2. Redistributions in binary form must reproduce the above copyright | |
29 | * notice, this list of conditions and the following disclaimer in the | |
30 | * documentation and/or other materials provided with the distribution. | |
31 | * 3. All advertising materials mentioning features or use of this software | |
32 | * must display the following acknowledgement: | |
33 | * "This product includes cryptographic software written by | |
34 | * Eric Young (eay@cryptsoft.com)" | |
35 | * The word 'cryptographic' can be left out if the rouines from the library | |
36 | * being used are not cryptographic related :-). | |
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | |
38 | * the apps directory (application code) you must include an acknowledgement: | |
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
40 | * | |
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
51 | * SUCH DAMAGE. | |
52 | * | |
53 | * The licence and distribution terms for any publically available version or | |
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
55 | * copied and put under another distribution licence | |
56 | * [including the GNU Public Licence.] | |
57 | */ | |
5a4fbc69 BM |
58 | /* ==================================================================== |
59 | * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. | |
60 | * | |
61 | * Redistribution and use in source and binary forms, with or without | |
62 | * modification, are permitted provided that the following conditions | |
63 | * are met: | |
64 | * | |
65 | * 1. Redistributions of source code must retain the above copyright | |
66 | * notice, this list of conditions and the following disclaimer. | |
67 | * | |
68 | * 2. Redistributions in binary form must reproduce the above copyright | |
69 | * notice, this list of conditions and the following disclaimer in | |
70 | * the documentation and/or other materials provided with the | |
71 | * distribution. | |
72 | * | |
73 | * 3. All advertising materials mentioning features or use of this | |
74 | * software must display the following acknowledgment: | |
75 | * "This product includes software developed by the OpenSSL Project | |
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
77 | * | |
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
79 | * endorse or promote products derived from this software without | |
80 | * prior written permission. For written permission, please contact | |
81 | * openssl-core@openssl.org. | |
82 | * | |
83 | * 5. Products derived from this software may not be called "OpenSSL" | |
84 | * nor may "OpenSSL" appear in their names without prior written | |
85 | * permission of the OpenSSL Project. | |
86 | * | |
87 | * 6. Redistributions of any form whatsoever must retain the following | |
88 | * acknowledgment: | |
89 | * "This product includes software developed by the OpenSSL Project | |
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
91 | * | |
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
104 | * ==================================================================== | |
105 | * | |
106 | * This product includes cryptographic software written by Eric Young | |
107 | * (eay@cryptsoft.com). This product includes software written by Tim | |
108 | * Hudson (tjh@cryptsoft.com). | |
109 | * | |
110 | */ | |
d02b48c6 RE |
111 | |
112 | #include <stdio.h> | |
ec577822 | 113 | #include <openssl/objects.h> |
d02b48c6 RE |
114 | #include "ssl_locl.h" |
115 | ||
e778802f | 116 | const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT; |
d02b48c6 RE |
117 | |
118 | #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) | |
119 | ||
d02b48c6 | 120 | static long ssl3_default_timeout(void ); |
7d7d2cbc | 121 | |
7f0dae32 | 122 | OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ |
d02b48c6 RE |
123 | /* The RSA ciphers */ |
124 | /* Cipher 01 */ | |
125 | { | |
126 | 1, | |
127 | SSL3_TXT_RSA_NULL_MD5, | |
128 | SSL3_CK_RSA_NULL_MD5, | |
018e57c7 DSH |
129 | SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3, |
130 | SSL_NOT_EXP, | |
131 | 0, | |
132 | 0, | |
d02b48c6 RE |
133 | 0, |
134 | SSL_ALL_CIPHERS, | |
018e57c7 | 135 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
136 | }, |
137 | /* Cipher 02 */ | |
138 | { | |
139 | 1, | |
140 | SSL3_TXT_RSA_NULL_SHA, | |
141 | SSL3_CK_RSA_NULL_SHA, | |
018e57c7 DSH |
142 | SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, |
143 | SSL_NOT_EXP, | |
144 | 0, | |
145 | 0, | |
d02b48c6 RE |
146 | 0, |
147 | SSL_ALL_CIPHERS, | |
018e57c7 | 148 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
149 | }, |
150 | ||
151 | /* anon DH */ | |
152 | /* Cipher 17 */ | |
153 | { | |
154 | 1, | |
155 | SSL3_TXT_ADH_RC4_40_MD5, | |
156 | SSL3_CK_ADH_RC4_40_MD5, | |
018e57c7 DSH |
157 | SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, |
158 | SSL_EXPORT|SSL_EXP40, | |
d02b48c6 | 159 | 0, |
018e57c7 DSH |
160 | 40, |
161 | 128, | |
d02b48c6 | 162 | SSL_ALL_CIPHERS, |
018e57c7 | 163 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
164 | }, |
165 | /* Cipher 18 */ | |
166 | { | |
167 | 1, | |
168 | SSL3_TXT_ADH_RC4_128_MD5, | |
169 | SSL3_CK_ADH_RC4_128_MD5, | |
018e57c7 DSH |
170 | SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, |
171 | SSL_NOT_EXP, | |
d02b48c6 | 172 | 0, |
018e57c7 DSH |
173 | 128, |
174 | 128, | |
d02b48c6 | 175 | SSL_ALL_CIPHERS, |
018e57c7 | 176 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
177 | }, |
178 | /* Cipher 19 */ | |
179 | { | |
180 | 1, | |
181 | SSL3_TXT_ADH_DES_40_CBC_SHA, | |
182 | SSL3_CK_ADH_DES_40_CBC_SHA, | |
018e57c7 DSH |
183 | SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3, |
184 | SSL_EXPORT|SSL_EXP40, | |
d02b48c6 | 185 | 0, |
018e57c7 DSH |
186 | 40, |
187 | 128, | |
d02b48c6 | 188 | SSL_ALL_CIPHERS, |
018e57c7 | 189 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
190 | }, |
191 | /* Cipher 1A */ | |
192 | { | |
193 | 1, | |
194 | SSL3_TXT_ADH_DES_64_CBC_SHA, | |
195 | SSL3_CK_ADH_DES_64_CBC_SHA, | |
018e57c7 DSH |
196 | SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3, |
197 | SSL_NOT_EXP, | |
d02b48c6 | 198 | 0, |
018e57c7 DSH |
199 | 56, |
200 | 56, | |
d02b48c6 | 201 | SSL_ALL_CIPHERS, |
018e57c7 | 202 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
203 | }, |
204 | /* Cipher 1B */ | |
205 | { | |
206 | 1, | |
58964a49 RE |
207 | SSL3_TXT_ADH_DES_192_CBC_SHA, |
208 | SSL3_CK_ADH_DES_192_CBC_SHA, | |
018e57c7 DSH |
209 | SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, |
210 | SSL_NOT_EXP, | |
d02b48c6 | 211 | 0, |
018e57c7 DSH |
212 | 168, |
213 | 168, | |
d02b48c6 | 214 | SSL_ALL_CIPHERS, |
018e57c7 | 215 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
216 | }, |
217 | ||
218 | /* RSA again */ | |
219 | /* Cipher 03 */ | |
220 | { | |
221 | 1, | |
222 | SSL3_TXT_RSA_RC4_40_MD5, | |
223 | SSL3_CK_RSA_RC4_40_MD5, | |
018e57c7 DSH |
224 | SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_SSLV3, |
225 | SSL_EXPORT|SSL_EXP40, | |
d02b48c6 | 226 | 0, |
018e57c7 DSH |
227 | 40, |
228 | 128, | |
d02b48c6 | 229 | SSL_ALL_CIPHERS, |
018e57c7 | 230 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
231 | }, |
232 | /* Cipher 04 */ | |
233 | { | |
234 | 1, | |
235 | SSL3_TXT_RSA_RC4_128_MD5, | |
236 | SSL3_CK_RSA_RC4_128_MD5, | |
018e57c7 DSH |
237 | SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_SSLV3, |
238 | SSL_NOT_EXP|SSL_MEDIUM, | |
d02b48c6 | 239 | 0, |
018e57c7 DSH |
240 | 128, |
241 | 128, | |
d02b48c6 | 242 | SSL_ALL_CIPHERS, |
018e57c7 | 243 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
244 | }, |
245 | /* Cipher 05 */ | |
246 | { | |
247 | 1, | |
248 | SSL3_TXT_RSA_RC4_128_SHA, | |
249 | SSL3_CK_RSA_RC4_128_SHA, | |
018e57c7 DSH |
250 | SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3, |
251 | SSL_NOT_EXP|SSL_MEDIUM, | |
d02b48c6 | 252 | 0, |
018e57c7 DSH |
253 | 128, |
254 | 128, | |
d02b48c6 | 255 | SSL_ALL_CIPHERS, |
018e57c7 | 256 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
257 | }, |
258 | /* Cipher 06 */ | |
259 | { | |
260 | 1, | |
261 | SSL3_TXT_RSA_RC2_40_MD5, | |
262 | SSL3_CK_RSA_RC2_40_MD5, | |
018e57c7 DSH |
263 | SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_SSLV3, |
264 | SSL_EXPORT|SSL_EXP40, | |
d02b48c6 | 265 | 0, |
018e57c7 DSH |
266 | 40, |
267 | 128, | |
d02b48c6 | 268 | SSL_ALL_CIPHERS, |
018e57c7 | 269 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
270 | }, |
271 | /* Cipher 07 */ | |
272 | { | |
273 | 1, | |
274 | SSL3_TXT_RSA_IDEA_128_SHA, | |
275 | SSL3_CK_RSA_IDEA_128_SHA, | |
018e57c7 DSH |
276 | SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3, |
277 | SSL_NOT_EXP|SSL_MEDIUM, | |
d02b48c6 | 278 | 0, |
018e57c7 DSH |
279 | 128, |
280 | 128, | |
d02b48c6 | 281 | SSL_ALL_CIPHERS, |
018e57c7 | 282 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
283 | }, |
284 | /* Cipher 08 */ | |
285 | { | |
286 | 1, | |
287 | SSL3_TXT_RSA_DES_40_CBC_SHA, | |
288 | SSL3_CK_RSA_DES_40_CBC_SHA, | |
018e57c7 DSH |
289 | SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, |
290 | SSL_EXPORT|SSL_EXP40, | |
d02b48c6 | 291 | 0, |
018e57c7 DSH |
292 | 40, |
293 | 56, | |
d02b48c6 | 294 | SSL_ALL_CIPHERS, |
018e57c7 | 295 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
296 | }, |
297 | /* Cipher 09 */ | |
298 | { | |
299 | 1, | |
300 | SSL3_TXT_RSA_DES_64_CBC_SHA, | |
301 | SSL3_CK_RSA_DES_64_CBC_SHA, | |
018e57c7 DSH |
302 | SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, |
303 | SSL_NOT_EXP|SSL_LOW, | |
d02b48c6 | 304 | 0, |
018e57c7 DSH |
305 | 56, |
306 | 56, | |
d02b48c6 | 307 | SSL_ALL_CIPHERS, |
018e57c7 | 308 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
309 | }, |
310 | /* Cipher 0A */ | |
311 | { | |
312 | 1, | |
313 | SSL3_TXT_RSA_DES_192_CBC3_SHA, | |
314 | SSL3_CK_RSA_DES_192_CBC3_SHA, | |
018e57c7 DSH |
315 | SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, |
316 | SSL_NOT_EXP|SSL_HIGH, | |
d02b48c6 | 317 | 0, |
018e57c7 DSH |
318 | 168, |
319 | 168, | |
d02b48c6 | 320 | SSL_ALL_CIPHERS, |
018e57c7 | 321 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
322 | }, |
323 | ||
324 | /* The DH ciphers */ | |
325 | /* Cipher 0B */ | |
326 | { | |
327 | 0, | |
328 | SSL3_TXT_DH_DSS_DES_40_CBC_SHA, | |
329 | SSL3_CK_DH_DSS_DES_40_CBC_SHA, | |
018e57c7 DSH |
330 | SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, |
331 | SSL_EXPORT|SSL_EXP40, | |
d02b48c6 | 332 | 0, |
018e57c7 DSH |
333 | 40, |
334 | 56, | |
d02b48c6 | 335 | SSL_ALL_CIPHERS, |
018e57c7 | 336 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
337 | }, |
338 | /* Cipher 0C */ | |
339 | { | |
340 | 0, | |
341 | SSL3_TXT_DH_DSS_DES_64_CBC_SHA, | |
342 | SSL3_CK_DH_DSS_DES_64_CBC_SHA, | |
018e57c7 DSH |
343 | SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, |
344 | SSL_NOT_EXP|SSL_LOW, | |
d02b48c6 | 345 | 0, |
018e57c7 DSH |
346 | 56, |
347 | 56, | |
d02b48c6 | 348 | SSL_ALL_CIPHERS, |
018e57c7 | 349 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
350 | }, |
351 | /* Cipher 0D */ | |
352 | { | |
353 | 0, | |
354 | SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, | |
355 | SSL3_CK_DH_DSS_DES_192_CBC3_SHA, | |
018e57c7 DSH |
356 | SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, |
357 | SSL_NOT_EXP|SSL_HIGH, | |
d02b48c6 | 358 | 0, |
018e57c7 DSH |
359 | 168, |
360 | 168, | |
d02b48c6 | 361 | SSL_ALL_CIPHERS, |
018e57c7 | 362 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
363 | }, |
364 | /* Cipher 0E */ | |
365 | { | |
366 | 0, | |
367 | SSL3_TXT_DH_RSA_DES_40_CBC_SHA, | |
368 | SSL3_CK_DH_RSA_DES_40_CBC_SHA, | |
018e57c7 DSH |
369 | SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, |
370 | SSL_EXPORT|SSL_EXP40, | |
d02b48c6 | 371 | 0, |
018e57c7 DSH |
372 | 40, |
373 | 56, | |
d02b48c6 | 374 | SSL_ALL_CIPHERS, |
018e57c7 | 375 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
376 | }, |
377 | /* Cipher 0F */ | |
378 | { | |
379 | 0, | |
380 | SSL3_TXT_DH_RSA_DES_64_CBC_SHA, | |
381 | SSL3_CK_DH_RSA_DES_64_CBC_SHA, | |
018e57c7 DSH |
382 | SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, |
383 | SSL_NOT_EXP|SSL_LOW, | |
d02b48c6 | 384 | 0, |
018e57c7 DSH |
385 | 56, |
386 | 56, | |
d02b48c6 | 387 | SSL_ALL_CIPHERS, |
018e57c7 | 388 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
389 | }, |
390 | /* Cipher 10 */ | |
391 | { | |
392 | 0, | |
393 | SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, | |
394 | SSL3_CK_DH_RSA_DES_192_CBC3_SHA, | |
018e57c7 DSH |
395 | SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, |
396 | SSL_NOT_EXP|SSL_HIGH, | |
d02b48c6 | 397 | 0, |
018e57c7 DSH |
398 | 168, |
399 | 168, | |
d02b48c6 | 400 | SSL_ALL_CIPHERS, |
018e57c7 | 401 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
402 | }, |
403 | ||
404 | /* The Ephemeral DH ciphers */ | |
405 | /* Cipher 11 */ | |
406 | { | |
407 | 1, | |
408 | SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, | |
409 | SSL3_CK_EDH_DSS_DES_40_CBC_SHA, | |
018e57c7 DSH |
410 | SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3, |
411 | SSL_EXPORT|SSL_EXP40, | |
d02b48c6 | 412 | 0, |
018e57c7 DSH |
413 | 40, |
414 | 56, | |
d02b48c6 | 415 | SSL_ALL_CIPHERS, |
018e57c7 | 416 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
417 | }, |
418 | /* Cipher 12 */ | |
419 | { | |
420 | 1, | |
421 | SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, | |
422 | SSL3_CK_EDH_DSS_DES_64_CBC_SHA, | |
018e57c7 DSH |
423 | SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3, |
424 | SSL_NOT_EXP|SSL_LOW, | |
d02b48c6 | 425 | 0, |
018e57c7 DSH |
426 | 56, |
427 | 56, | |
d02b48c6 | 428 | SSL_ALL_CIPHERS, |
018e57c7 | 429 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
430 | }, |
431 | /* Cipher 13 */ | |
432 | { | |
433 | 1, | |
434 | SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, | |
435 | SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, | |
018e57c7 DSH |
436 | SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3, |
437 | SSL_NOT_EXP|SSL_HIGH, | |
d02b48c6 | 438 | 0, |
018e57c7 DSH |
439 | 168, |
440 | 168, | |
d02b48c6 | 441 | SSL_ALL_CIPHERS, |
018e57c7 | 442 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
443 | }, |
444 | /* Cipher 14 */ | |
445 | { | |
446 | 1, | |
447 | SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, | |
448 | SSL3_CK_EDH_RSA_DES_40_CBC_SHA, | |
018e57c7 DSH |
449 | SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, |
450 | SSL_EXPORT|SSL_EXP40, | |
d02b48c6 | 451 | 0, |
018e57c7 DSH |
452 | 40, |
453 | 56, | |
d02b48c6 | 454 | SSL_ALL_CIPHERS, |
018e57c7 | 455 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
456 | }, |
457 | /* Cipher 15 */ | |
458 | { | |
459 | 1, | |
460 | SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, | |
461 | SSL3_CK_EDH_RSA_DES_64_CBC_SHA, | |
018e57c7 DSH |
462 | SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, |
463 | SSL_NOT_EXP|SSL_LOW, | |
d02b48c6 | 464 | 0, |
018e57c7 DSH |
465 | 56, |
466 | 56, | |
d02b48c6 | 467 | SSL_ALL_CIPHERS, |
018e57c7 | 468 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
469 | }, |
470 | /* Cipher 16 */ | |
471 | { | |
472 | 1, | |
473 | SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, | |
474 | SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, | |
018e57c7 DSH |
475 | SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, |
476 | SSL_NOT_EXP|SSL_HIGH, | |
d02b48c6 | 477 | 0, |
018e57c7 DSH |
478 | 168, |
479 | 168, | |
d02b48c6 | 480 | SSL_ALL_CIPHERS, |
018e57c7 | 481 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
482 | }, |
483 | ||
484 | /* Fortezza */ | |
485 | /* Cipher 1C */ | |
486 | { | |
487 | 0, | |
488 | SSL3_TXT_FZA_DMS_NULL_SHA, | |
489 | SSL3_CK_FZA_DMS_NULL_SHA, | |
018e57c7 DSH |
490 | SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3, |
491 | SSL_NOT_EXP, | |
492 | 0, | |
493 | 0, | |
d02b48c6 RE |
494 | 0, |
495 | SSL_ALL_CIPHERS, | |
018e57c7 | 496 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
497 | }, |
498 | ||
499 | /* Cipher 1D */ | |
500 | { | |
501 | 0, | |
502 | SSL3_TXT_FZA_DMS_FZA_SHA, | |
503 | SSL3_CK_FZA_DMS_FZA_SHA, | |
018e57c7 DSH |
504 | SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3, |
505 | SSL_NOT_EXP, | |
506 | 0, | |
507 | 0, | |
d02b48c6 RE |
508 | 0, |
509 | SSL_ALL_CIPHERS, | |
018e57c7 | 510 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
511 | }, |
512 | ||
513 | /* Cipher 1E */ | |
514 | { | |
515 | 0, | |
516 | SSL3_TXT_FZA_DMS_RC4_SHA, | |
517 | SSL3_CK_FZA_DMS_RC4_SHA, | |
018e57c7 DSH |
518 | SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3, |
519 | SSL_NOT_EXP, | |
d02b48c6 | 520 | 0, |
018e57c7 DSH |
521 | 128, |
522 | 128, | |
d02b48c6 | 523 | SSL_ALL_CIPHERS, |
018e57c7 | 524 | SSL_ALL_STRENGTHS, |
d02b48c6 RE |
525 | }, |
526 | ||
bc36ee62 | 527 | #ifndef OPENSSL_NO_KRB5 |
f9b3bff6 RL |
528 | /* The Kerberos ciphers |
529 | ** 20000107 VRS: And the first shall be last, | |
530 | ** in hopes of avoiding the lynx ssl renegotiation problem. | |
531 | */ | |
532 | /* Cipher 21 VRS */ | |
533 | { | |
534 | 1, | |
535 | SSL3_TXT_KRB5_DES_40_CBC_SHA, | |
536 | SSL3_CK_KRB5_DES_40_CBC_SHA, | |
537 | SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, | |
538 | SSL_EXPORT|SSL_EXP40, | |
539 | 0, | |
540 | 40, | |
541 | 56, | |
542 | SSL_ALL_CIPHERS, | |
543 | SSL_ALL_STRENGTHS, | |
544 | }, | |
545 | ||
546 | /* Cipher 22 VRS */ | |
547 | { | |
548 | 1, | |
549 | SSL3_TXT_KRB5_DES_40_CBC_MD5, | |
550 | SSL3_CK_KRB5_DES_40_CBC_MD5, | |
551 | SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, | |
552 | SSL_EXPORT|SSL_EXP40, | |
553 | 0, | |
554 | 40, | |
555 | 56, | |
556 | SSL_ALL_CIPHERS, | |
557 | SSL_ALL_STRENGTHS, | |
558 | }, | |
559 | ||
560 | /* Cipher 23 VRS */ | |
561 | { | |
562 | 1, | |
563 | SSL3_TXT_KRB5_DES_64_CBC_SHA, | |
564 | SSL3_CK_KRB5_DES_64_CBC_SHA, | |
565 | SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, | |
566 | SSL_NOT_EXP|SSL_LOW, | |
567 | 0, | |
568 | 56, | |
569 | 56, | |
570 | SSL_ALL_CIPHERS, | |
571 | SSL_ALL_STRENGTHS, | |
572 | }, | |
573 | ||
574 | /* Cipher 24 VRS */ | |
575 | { | |
576 | 1, | |
577 | SSL3_TXT_KRB5_DES_64_CBC_MD5, | |
578 | SSL3_CK_KRB5_DES_64_CBC_MD5, | |
579 | SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, | |
580 | SSL_NOT_EXP|SSL_LOW, | |
581 | 0, | |
582 | 56, | |
583 | 56, | |
584 | SSL_ALL_CIPHERS, | |
585 | SSL_ALL_STRENGTHS, | |
586 | }, | |
587 | ||
588 | /* Cipher 25 VRS */ | |
589 | { | |
590 | 1, | |
591 | SSL3_TXT_KRB5_DES_192_CBC3_SHA, | |
592 | SSL3_CK_KRB5_DES_192_CBC3_SHA, | |
593 | SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, | |
594 | SSL_NOT_EXP|SSL_HIGH, | |
595 | 0, | |
596 | 112, | |
597 | 168, | |
598 | SSL_ALL_CIPHERS, | |
599 | SSL_ALL_STRENGTHS, | |
600 | }, | |
601 | ||
602 | /* Cipher 26 VRS */ | |
603 | { | |
604 | 1, | |
605 | SSL3_TXT_KRB5_DES_192_CBC3_MD5, | |
606 | SSL3_CK_KRB5_DES_192_CBC3_MD5, | |
607 | SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3, | |
608 | SSL_NOT_EXP|SSL_HIGH, | |
609 | 0, | |
610 | 112, | |
611 | 168, | |
612 | SSL_ALL_CIPHERS, | |
613 | SSL_ALL_STRENGTHS, | |
614 | }, | |
bc36ee62 | 615 | #endif /* OPENSSL_NO_KRB5 */ |
deb2c1a1 DSH |
616 | |
617 | ||
bc348244 | 618 | #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES |
06ab81f9 BL |
619 | /* New TLS Export CipherSuites */ |
620 | /* Cipher 60 */ | |
621 | { | |
622 | 1, | |
abed0b8a BL |
623 | TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, |
624 | TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, | |
018e57c7 DSH |
625 | SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1, |
626 | SSL_EXPORT|SSL_EXP56, | |
06ab81f9 | 627 | 0, |
018e57c7 DSH |
628 | 56, |
629 | 128, | |
630 | SSL_ALL_CIPHERS, | |
631 | SSL_ALL_STRENGTHS, | |
06ab81f9 BL |
632 | }, |
633 | /* Cipher 61 */ | |
634 | { | |
635 | 1, | |
abed0b8a BL |
636 | TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, |
637 | TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, | |
018e57c7 DSH |
638 | SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1, |
639 | SSL_EXPORT|SSL_EXP56, | |
06ab81f9 | 640 | 0, |
018e57c7 DSH |
641 | 56, |
642 | 128, | |
643 | SSL_ALL_CIPHERS, | |
644 | SSL_ALL_STRENGTHS, | |
06ab81f9 BL |
645 | }, |
646 | /* Cipher 62 */ | |
647 | { | |
648 | 1, | |
abed0b8a BL |
649 | TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, |
650 | TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, | |
018e57c7 DSH |
651 | SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, |
652 | SSL_EXPORT|SSL_EXP56, | |
06ab81f9 | 653 | 0, |
018e57c7 DSH |
654 | 56, |
655 | 56, | |
656 | SSL_ALL_CIPHERS, | |
657 | SSL_ALL_STRENGTHS, | |
06ab81f9 | 658 | }, |
abed0b8a BL |
659 | /* Cipher 63 */ |
660 | { | |
661 | 1, | |
662 | TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, | |
663 | TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, | |
018e57c7 DSH |
664 | SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1, |
665 | SSL_EXPORT|SSL_EXP56, | |
abed0b8a | 666 | 0, |
018e57c7 DSH |
667 | 56, |
668 | 56, | |
669 | SSL_ALL_CIPHERS, | |
670 | SSL_ALL_STRENGTHS, | |
abed0b8a BL |
671 | }, |
672 | /* Cipher 64 */ | |
673 | { | |
674 | 1, | |
675 | TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, | |
676 | TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, | |
018e57c7 DSH |
677 | SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, |
678 | SSL_EXPORT|SSL_EXP56, | |
abed0b8a | 679 | 0, |
018e57c7 DSH |
680 | 56, |
681 | 128, | |
682 | SSL_ALL_CIPHERS, | |
683 | SSL_ALL_STRENGTHS, | |
abed0b8a BL |
684 | }, |
685 | /* Cipher 65 */ | |
686 | { | |
687 | 1, | |
688 | TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, | |
689 | TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, | |
018e57c7 DSH |
690 | SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, |
691 | SSL_EXPORT|SSL_EXP56, | |
abed0b8a | 692 | 0, |
018e57c7 DSH |
693 | 56, |
694 | 128, | |
695 | SSL_ALL_CIPHERS, | |
696 | SSL_ALL_STRENGTHS, | |
abed0b8a BL |
697 | }, |
698 | /* Cipher 66 */ | |
699 | { | |
700 | 1, | |
701 | TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, | |
702 | TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, | |
703 | SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, | |
018e57c7 | 704 | SSL_NOT_EXP, |
abed0b8a | 705 | 0, |
018e57c7 DSH |
706 | 128, |
707 | 128, | |
708 | SSL_ALL_CIPHERS, | |
709 | SSL_ALL_STRENGTHS | |
abed0b8a | 710 | }, |
deb2c1a1 DSH |
711 | #endif |
712 | /* New AES ciphersuites */ | |
713 | ||
714 | /* Cipher 2F */ | |
259810e0 BL |
715 | { |
716 | 1, | |
deb2c1a1 DSH |
717 | TLS1_TXT_RSA_WITH_AES_128_SHA, |
718 | TLS1_CK_RSA_WITH_AES_128_SHA, | |
719 | SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, | |
720 | SSL_NOT_EXP|SSL_MEDIUM, | |
259810e0 BL |
721 | 0, |
722 | 128, | |
723 | 128, | |
724 | SSL_ALL_CIPHERS, | |
725 | SSL_ALL_STRENGTHS, | |
726 | }, | |
deb2c1a1 DSH |
727 | /* Cipher 30 */ |
728 | { | |
729 | 0, | |
730 | TLS1_TXT_DH_DSS_WITH_AES_128_SHA, | |
731 | TLS1_CK_DH_DSS_WITH_AES_128_SHA, | |
732 | SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | |
733 | SSL_NOT_EXP|SSL_MEDIUM, | |
734 | 0, | |
735 | 128, | |
736 | 128, | |
737 | SSL_ALL_CIPHERS, | |
738 | SSL_ALL_STRENGTHS, | |
739 | }, | |
740 | /* Cipher 31 */ | |
741 | { | |
742 | 0, | |
743 | TLS1_TXT_DH_RSA_WITH_AES_128_SHA, | |
744 | TLS1_CK_DH_RSA_WITH_AES_128_SHA, | |
745 | SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | |
746 | SSL_NOT_EXP|SSL_MEDIUM, | |
747 | 0, | |
748 | 128, | |
749 | 128, | |
750 | SSL_ALL_CIPHERS, | |
751 | SSL_ALL_STRENGTHS, | |
752 | }, | |
753 | /* Cipher 32 */ | |
754 | { | |
755 | 1, | |
756 | TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, | |
757 | TLS1_CK_DHE_DSS_WITH_AES_128_SHA, | |
758 | SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, | |
759 | SSL_NOT_EXP|SSL_MEDIUM, | |
760 | 0, | |
761 | 128, | |
762 | 128, | |
763 | SSL_ALL_CIPHERS, | |
764 | SSL_ALL_STRENGTHS, | |
765 | }, | |
766 | /* Cipher 33 */ | |
767 | { | |
768 | 1, | |
769 | TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, | |
770 | TLS1_CK_DHE_RSA_WITH_AES_128_SHA, | |
771 | SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | |
772 | SSL_NOT_EXP|SSL_MEDIUM, | |
773 | 0, | |
774 | 128, | |
775 | 128, | |
776 | SSL_ALL_CIPHERS, | |
777 | SSL_ALL_STRENGTHS, | |
778 | }, | |
779 | /* Cipher 34 */ | |
780 | { | |
781 | 1, | |
782 | TLS1_TXT_ADH_WITH_AES_128_SHA, | |
783 | TLS1_CK_ADH_WITH_AES_128_SHA, | |
784 | SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, | |
785 | SSL_NOT_EXP|SSL_MEDIUM, | |
786 | 0, | |
787 | 128, | |
788 | 128, | |
789 | SSL_ALL_CIPHERS, | |
790 | SSL_ALL_STRENGTHS, | |
791 | }, | |
792 | ||
793 | /* Cipher 35 */ | |
794 | { | |
795 | 1, | |
796 | TLS1_TXT_RSA_WITH_AES_256_SHA, | |
797 | TLS1_CK_RSA_WITH_AES_256_SHA, | |
798 | SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, | |
799 | SSL_NOT_EXP|SSL_HIGH, | |
800 | 0, | |
801 | 256, | |
802 | 256, | |
803 | SSL_ALL_CIPHERS, | |
804 | SSL_ALL_STRENGTHS, | |
805 | }, | |
806 | /* Cipher 36 */ | |
807 | { | |
808 | 0, | |
809 | TLS1_TXT_DH_DSS_WITH_AES_256_SHA, | |
810 | TLS1_CK_DH_DSS_WITH_AES_256_SHA, | |
811 | SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | |
812 | SSL_NOT_EXP|SSL_HIGH, | |
813 | 0, | |
814 | 256, | |
815 | 256, | |
816 | SSL_ALL_CIPHERS, | |
817 | SSL_ALL_STRENGTHS, | |
818 | }, | |
819 | /* Cipher 37 */ | |
820 | { | |
821 | 0, | |
822 | TLS1_TXT_DH_RSA_WITH_AES_256_SHA, | |
823 | TLS1_CK_DH_RSA_WITH_AES_256_SHA, | |
824 | SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | |
825 | SSL_NOT_EXP|SSL_HIGH, | |
826 | 0, | |
827 | 256, | |
828 | 256, | |
829 | SSL_ALL_CIPHERS, | |
830 | SSL_ALL_STRENGTHS, | |
831 | }, | |
832 | /* Cipher 38 */ | |
833 | { | |
834 | 1, | |
835 | TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, | |
836 | TLS1_CK_DHE_DSS_WITH_AES_256_SHA, | |
837 | SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, | |
838 | SSL_NOT_EXP|SSL_HIGH, | |
839 | 0, | |
840 | 256, | |
841 | 256, | |
842 | SSL_ALL_CIPHERS, | |
843 | SSL_ALL_STRENGTHS, | |
844 | }, | |
845 | /* Cipher 39 */ | |
846 | { | |
847 | 1, | |
848 | TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, | |
849 | TLS1_CK_DHE_RSA_WITH_AES_256_SHA, | |
850 | SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | |
851 | SSL_NOT_EXP|SSL_HIGH, | |
852 | 0, | |
853 | 256, | |
854 | 256, | |
855 | SSL_ALL_CIPHERS, | |
856 | SSL_ALL_STRENGTHS, | |
857 | }, | |
858 | /* Cipher 3A */ | |
859 | { | |
860 | 1, | |
861 | TLS1_TXT_ADH_WITH_AES_256_SHA, | |
862 | TLS1_CK_ADH_WITH_AES_256_SHA, | |
863 | SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, | |
864 | SSL_NOT_EXP|SSL_HIGH, | |
865 | 0, | |
866 | 256, | |
867 | 256, | |
868 | SSL_ALL_CIPHERS, | |
869 | SSL_ALL_STRENGTHS, | |
870 | }, | |
06ab81f9 | 871 | |
d02b48c6 RE |
872 | /* end of list */ |
873 | }; | |
874 | ||
58964a49 RE |
875 | static SSL3_ENC_METHOD SSLv3_enc_data={ |
876 | ssl3_enc, | |
877 | ssl3_mac, | |
878 | ssl3_setup_key_block, | |
879 | ssl3_generate_master_secret, | |
880 | ssl3_change_cipher_state, | |
881 | ssl3_final_finish_mac, | |
882 | MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, | |
883 | ssl3_cert_verify_mac, | |
884 | SSL3_MD_CLIENT_FINISHED_CONST,4, | |
885 | SSL3_MD_SERVER_FINISHED_CONST,4, | |
886 | ssl3_alert_code, | |
887 | }; | |
888 | ||
d02b48c6 | 889 | static SSL_METHOD SSLv3_data= { |
58964a49 | 890 | SSL3_VERSION, |
d02b48c6 RE |
891 | ssl3_new, |
892 | ssl3_clear, | |
893 | ssl3_free, | |
894 | ssl_undefined_function, | |
895 | ssl_undefined_function, | |
896 | ssl3_read, | |
897 | ssl3_peek, | |
898 | ssl3_write, | |
899 | ssl3_shutdown, | |
900 | ssl3_renegotiate, | |
dfeab068 | 901 | ssl3_renegotiate_check, |
d02b48c6 RE |
902 | ssl3_ctrl, |
903 | ssl3_ctx_ctrl, | |
904 | ssl3_get_cipher_by_char, | |
905 | ssl3_put_cipher_by_char, | |
906 | ssl3_pending, | |
907 | ssl3_num_ciphers, | |
908 | ssl3_get_cipher, | |
909 | ssl_bad_method, | |
910 | ssl3_default_timeout, | |
58964a49 | 911 | &SSLv3_enc_data, |
d3442bc7 RL |
912 | ssl_undefined_function, |
913 | ssl3_callback_ctrl, | |
914 | ssl3_ctx_callback_ctrl, | |
a9188d4e RL |
915 | }; |
916 | ||
6b691a5c | 917 | static long ssl3_default_timeout(void) |
d02b48c6 RE |
918 | { |
919 | /* 2 hours, the 24 hours mentioned in the SSLv3 spec | |
920 | * is way too long for http, the cache would over fill */ | |
921 | return(60*60*2); | |
922 | } | |
923 | ||
6b691a5c | 924 | SSL_METHOD *sslv3_base_method(void) |
d02b48c6 RE |
925 | { |
926 | return(&SSLv3_data); | |
927 | } | |
928 | ||
6b691a5c | 929 | int ssl3_num_ciphers(void) |
d02b48c6 RE |
930 | { |
931 | return(SSL3_NUM_CIPHERS); | |
932 | } | |
933 | ||
6b691a5c | 934 | SSL_CIPHER *ssl3_get_cipher(unsigned int u) |
d02b48c6 RE |
935 | { |
936 | if (u < SSL3_NUM_CIPHERS) | |
937 | return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); | |
938 | else | |
939 | return(NULL); | |
940 | } | |
941 | ||
6b691a5c | 942 | int ssl3_pending(SSL *s) |
d02b48c6 | 943 | { |
a0aae68c | 944 | return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; |
d02b48c6 RE |
945 | } |
946 | ||
6b691a5c | 947 | int ssl3_new(SSL *s) |
d02b48c6 | 948 | { |
b35e9050 | 949 | SSL3_STATE *s3; |
d02b48c6 | 950 | |
26a3a48d | 951 | if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err; |
b35e9050 | 952 | memset(s3,0,sizeof *s3); |
d02b48c6 RE |
953 | |
954 | s->s3=s3; | |
d02b48c6 | 955 | |
58964a49 | 956 | s->method->ssl_clear(s); |
d02b48c6 RE |
957 | return(1); |
958 | err: | |
959 | return(0); | |
960 | } | |
961 | ||
6b691a5c | 962 | void ssl3_free(SSL *s) |
d02b48c6 | 963 | { |
e03ddfae BL |
964 | if(s == NULL) |
965 | return; | |
966 | ||
d02b48c6 RE |
967 | ssl3_cleanup_key_block(s); |
968 | if (s->s3->rbuf.buf != NULL) | |
26a3a48d | 969 | OPENSSL_free(s->s3->rbuf.buf); |
d02b48c6 | 970 | if (s->s3->wbuf.buf != NULL) |
26a3a48d | 971 | OPENSSL_free(s->s3->wbuf.buf); |
dfeab068 | 972 | if (s->s3->rrec.comp != NULL) |
26a3a48d | 973 | OPENSSL_free(s->s3->rrec.comp); |
bc36ee62 | 974 | #ifndef OPENSSL_NO_DH |
d02b48c6 RE |
975 | if (s->s3->tmp.dh != NULL) |
976 | DH_free(s->s3->tmp.dh); | |
977 | #endif | |
978 | if (s->s3->tmp.ca_names != NULL) | |
f73e07cf | 979 | sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); |
b35e9050 | 980 | memset(s->s3,0,sizeof *s->s3); |
26a3a48d | 981 | OPENSSL_free(s->s3); |
d02b48c6 RE |
982 | s->s3=NULL; |
983 | } | |
984 | ||
6b691a5c | 985 | void ssl3_clear(SSL *s) |
d02b48c6 RE |
986 | { |
987 | unsigned char *rp,*wp; | |
988 | ||
989 | ssl3_cleanup_key_block(s); | |
990 | if (s->s3->tmp.ca_names != NULL) | |
f73e07cf | 991 | sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); |
d02b48c6 | 992 | |
413c4f45 MC |
993 | if (s->s3->rrec.comp != NULL) |
994 | { | |
26a3a48d | 995 | OPENSSL_free(s->s3->rrec.comp); |
413c4f45 MC |
996 | s->s3->rrec.comp=NULL; |
997 | } | |
bc36ee62 | 998 | #ifndef OPENSSL_NO_DH |
a2a01589 BM |
999 | if (s->s3->tmp.dh != NULL) |
1000 | DH_free(s->s3->tmp.dh); | |
1001 | #endif | |
413c4f45 | 1002 | |
d02b48c6 RE |
1003 | rp=s->s3->rbuf.buf; |
1004 | wp=s->s3->wbuf.buf; | |
1005 | ||
b35e9050 | 1006 | memset(s->s3,0,sizeof *s->s3); |
58964a49 RE |
1007 | if (rp != NULL) s->s3->rbuf.buf=rp; |
1008 | if (wp != NULL) s->s3->wbuf.buf=wp; | |
dfeab068 | 1009 | |
413c4f45 | 1010 | ssl_free_wbio_buffer(s); |
dfeab068 | 1011 | |
d02b48c6 | 1012 | s->packet_length=0; |
58964a49 RE |
1013 | s->s3->renegotiate=0; |
1014 | s->s3->total_renegotiations=0; | |
1015 | s->s3->num_renegotiations=0; | |
1016 | s->s3->in_read_app_data=0; | |
1017 | s->version=SSL3_VERSION; | |
d02b48c6 RE |
1018 | } |
1019 | ||
6b691a5c | 1020 | long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg) |
d02b48c6 | 1021 | { |
58964a49 RE |
1022 | int ret=0; |
1023 | ||
bc36ee62 | 1024 | #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) |
15d21c2d | 1025 | if ( |
bc36ee62 | 1026 | #ifndef OPENSSL_NO_RSA |
15d21c2d RE |
1027 | cmd == SSL_CTRL_SET_TMP_RSA || |
1028 | cmd == SSL_CTRL_SET_TMP_RSA_CB || | |
1029 | #endif | |
bc36ee62 | 1030 | #ifndef OPENSSL_NO_DSA |
15d21c2d RE |
1031 | cmd == SSL_CTRL_SET_TMP_DH || |
1032 | cmd == SSL_CTRL_SET_TMP_DH_CB || | |
1033 | #endif | |
1034 | 0) | |
1035 | { | |
ca8e5b9b | 1036 | if (!ssl_cert_inst(&s->cert)) |
15d21c2d RE |
1037 | { |
1038 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); | |
1039 | return(0); | |
1040 | } | |
1041 | } | |
1042 | #endif | |
1043 | ||
58964a49 RE |
1044 | switch (cmd) |
1045 | { | |
1046 | case SSL_CTRL_GET_SESSION_REUSED: | |
1047 | ret=s->hit; | |
1048 | break; | |
1049 | case SSL_CTRL_GET_CLIENT_CERT_REQUEST: | |
1050 | break; | |
1051 | case SSL_CTRL_GET_NUM_RENEGOTIATIONS: | |
1052 | ret=s->s3->num_renegotiations; | |
1053 | break; | |
1054 | case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: | |
1055 | ret=s->s3->num_renegotiations; | |
1056 | s->s3->num_renegotiations=0; | |
1057 | break; | |
1058 | case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: | |
1059 | ret=s->s3->total_renegotiations; | |
1060 | break; | |
dfeab068 | 1061 | case SSL_CTRL_GET_FLAGS: |
651d0aff | 1062 | ret=(int)(s->s3->flags); |
dfeab068 | 1063 | break; |
bc36ee62 | 1064 | #ifndef OPENSSL_NO_RSA |
15d21c2d RE |
1065 | case SSL_CTRL_NEED_TMP_RSA: |
1066 | if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && | |
1067 | ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || | |
1068 | (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))) | |
1069 | ret = 1; | |
1070 | break; | |
1071 | case SSL_CTRL_SET_TMP_RSA: | |
1072 | { | |
1073 | RSA *rsa = (RSA *)parg; | |
e11f0de6 BM |
1074 | if (rsa == NULL) |
1075 | { | |
15d21c2d RE |
1076 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); |
1077 | return(ret); | |
e11f0de6 BM |
1078 | } |
1079 | if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) | |
1080 | { | |
15d21c2d RE |
1081 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); |
1082 | return(ret); | |
e11f0de6 | 1083 | } |
15d21c2d RE |
1084 | if (s->cert->rsa_tmp != NULL) |
1085 | RSA_free(s->cert->rsa_tmp); | |
1086 | s->cert->rsa_tmp = rsa; | |
1087 | ret = 1; | |
1088 | } | |
1089 | break; | |
1090 | case SSL_CTRL_SET_TMP_RSA_CB: | |
a9188d4e | 1091 | { |
d3442bc7 RL |
1092 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
1093 | return(ret); | |
a9188d4e | 1094 | } |
15d21c2d RE |
1095 | break; |
1096 | #endif | |
bc36ee62 | 1097 | #ifndef OPENSSL_NO_DH |
15d21c2d RE |
1098 | case SSL_CTRL_SET_TMP_DH: |
1099 | { | |
1100 | DH *dh = (DH *)parg; | |
e11f0de6 BM |
1101 | if (dh == NULL) |
1102 | { | |
15d21c2d RE |
1103 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); |
1104 | return(ret); | |
e11f0de6 BM |
1105 | } |
1106 | if ((dh = DHparams_dup(dh)) == NULL) | |
1107 | { | |
15d21c2d RE |
1108 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); |
1109 | return(ret); | |
e11f0de6 BM |
1110 | } |
1111 | if (!(s->options & SSL_OP_SINGLE_DH_USE)) | |
1112 | { | |
1113 | if (!DH_generate_key(dh)) | |
1114 | { | |
1115 | DH_free(dh); | |
1116 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); | |
1117 | return(ret); | |
1118 | } | |
1119 | } | |
15d21c2d RE |
1120 | if (s->cert->dh_tmp != NULL) |
1121 | DH_free(s->cert->dh_tmp); | |
1122 | s->cert->dh_tmp = dh; | |
1123 | ret = 1; | |
1124 | } | |
1125 | break; | |
1126 | case SSL_CTRL_SET_TMP_DH_CB: | |
a9188d4e | 1127 | { |
d3442bc7 RL |
1128 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
1129 | return(ret); | |
1130 | } | |
1131 | break; | |
1132 | #endif | |
1133 | default: | |
1134 | break; | |
1135 | } | |
1136 | return(ret); | |
1137 | } | |
a9188d4e | 1138 | |
d3442bc7 RL |
1139 | long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)()) |
1140 | { | |
1141 | int ret=0; | |
1142 | ||
bc36ee62 | 1143 | #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) |
d3442bc7 | 1144 | if ( |
bc36ee62 | 1145 | #ifndef OPENSSL_NO_RSA |
d3442bc7 RL |
1146 | cmd == SSL_CTRL_SET_TMP_RSA_CB || |
1147 | #endif | |
bc36ee62 | 1148 | #ifndef OPENSSL_NO_DSA |
d3442bc7 RL |
1149 | cmd == SSL_CTRL_SET_TMP_DH_CB || |
1150 | #endif | |
1151 | 0) | |
1152 | { | |
1153 | if (!ssl_cert_inst(&s->cert)) | |
e11f0de6 | 1154 | { |
448e2f9b | 1155 | SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); |
d3442bc7 RL |
1156 | return(0); |
1157 | } | |
1158 | } | |
1159 | #endif | |
1160 | ||
1161 | switch (cmd) | |
1162 | { | |
bc36ee62 | 1163 | #ifndef OPENSSL_NO_RSA |
d3442bc7 RL |
1164 | case SSL_CTRL_SET_TMP_RSA_CB: |
1165 | { | |
1166 | s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; | |
1167 | } | |
1168 | break; | |
1169 | #endif | |
bc36ee62 | 1170 | #ifndef OPENSSL_NO_DH |
d3442bc7 RL |
1171 | case SSL_CTRL_SET_TMP_DH_CB: |
1172 | { | |
1173 | s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; | |
a9188d4e | 1174 | } |
15d21c2d RE |
1175 | break; |
1176 | #endif | |
58964a49 RE |
1177 | default: |
1178 | break; | |
1179 | } | |
1180 | return(ret); | |
d02b48c6 RE |
1181 | } |
1182 | ||
6b691a5c | 1183 | long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg) |
d02b48c6 RE |
1184 | { |
1185 | CERT *cert; | |
1186 | ||
ca8e5b9b | 1187 | cert=ctx->cert; |
d02b48c6 RE |
1188 | |
1189 | switch (cmd) | |
1190 | { | |
bc36ee62 | 1191 | #ifndef OPENSSL_NO_RSA |
d02b48c6 RE |
1192 | case SSL_CTRL_NEED_TMP_RSA: |
1193 | if ( (cert->rsa_tmp == NULL) && | |
1194 | ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || | |
1195 | (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))) | |
1196 | ) | |
1197 | return(1); | |
1198 | else | |
1199 | return(0); | |
dfeab068 | 1200 | /* break; */ |
d02b48c6 RE |
1201 | case SSL_CTRL_SET_TMP_RSA: |
1202 | { | |
1203 | RSA *rsa; | |
1204 | int i; | |
1205 | ||
1206 | rsa=(RSA *)parg; | |
1207 | i=1; | |
1208 | if (rsa == NULL) | |
1209 | i=0; | |
1210 | else | |
1211 | { | |
1212 | if ((rsa=RSAPrivateKey_dup(rsa)) == NULL) | |
1213 | i=0; | |
1214 | } | |
1215 | if (!i) | |
1216 | { | |
1217 | SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB); | |
1218 | return(0); | |
1219 | } | |
1220 | else | |
1221 | { | |
1222 | if (cert->rsa_tmp != NULL) | |
1223 | RSA_free(cert->rsa_tmp); | |
1224 | cert->rsa_tmp=rsa; | |
1225 | return(1); | |
1226 | } | |
1227 | } | |
dfeab068 | 1228 | /* break; */ |
d02b48c6 | 1229 | case SSL_CTRL_SET_TMP_RSA_CB: |
a9188d4e | 1230 | { |
d3442bc7 RL |
1231 | SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
1232 | return(0); | |
a9188d4e | 1233 | } |
d02b48c6 RE |
1234 | break; |
1235 | #endif | |
bc36ee62 | 1236 | #ifndef OPENSSL_NO_DH |
d02b48c6 RE |
1237 | case SSL_CTRL_SET_TMP_DH: |
1238 | { | |
1239 | DH *new=NULL,*dh; | |
1240 | ||
1241 | dh=(DH *)parg; | |
e11f0de6 | 1242 | if ((new=DHparams_dup(dh)) == NULL) |
d02b48c6 RE |
1243 | { |
1244 | SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); | |
e11f0de6 | 1245 | return 0; |
d02b48c6 | 1246 | } |
e11f0de6 | 1247 | if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) |
d02b48c6 | 1248 | { |
e11f0de6 BM |
1249 | if (!DH_generate_key(new)) |
1250 | { | |
1251 | SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); | |
1252 | DH_free(new); | |
1253 | return 0; | |
1254 | } | |
d02b48c6 | 1255 | } |
e11f0de6 BM |
1256 | if (cert->dh_tmp != NULL) |
1257 | DH_free(cert->dh_tmp); | |
1258 | cert->dh_tmp=new; | |
1259 | return 1; | |
d02b48c6 | 1260 | } |
dfeab068 | 1261 | /*break; */ |
d02b48c6 | 1262 | case SSL_CTRL_SET_TMP_DH_CB: |
a9188d4e | 1263 | { |
d3442bc7 RL |
1264 | SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
1265 | return(0); | |
a9188d4e | 1266 | } |
d02b48c6 RE |
1267 | break; |
1268 | #endif | |
651d0aff | 1269 | /* A Thawte special :-) */ |
dfeab068 RE |
1270 | case SSL_CTRL_EXTRA_CHAIN_CERT: |
1271 | if (ctx->extra_certs == NULL) | |
1272 | { | |
f73e07cf | 1273 | if ((ctx->extra_certs=sk_X509_new_null()) == NULL) |
dfeab068 RE |
1274 | return(0); |
1275 | } | |
f73e07cf | 1276 | sk_X509_push(ctx->extra_certs,(X509 *)parg); |
dfeab068 RE |
1277 | break; |
1278 | ||
d02b48c6 RE |
1279 | default: |
1280 | return(0); | |
1281 | } | |
1282 | return(1); | |
1283 | } | |
1284 | ||
d3442bc7 RL |
1285 | long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) |
1286 | { | |
1287 | CERT *cert; | |
1288 | ||
1289 | cert=ctx->cert; | |
1290 | ||
1291 | switch (cmd) | |
1292 | { | |
bc36ee62 | 1293 | #ifndef OPENSSL_NO_RSA |
d3442bc7 RL |
1294 | case SSL_CTRL_SET_TMP_RSA_CB: |
1295 | { | |
1296 | cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; | |
1297 | } | |
1298 | break; | |
1299 | #endif | |
bc36ee62 | 1300 | #ifndef OPENSSL_NO_DH |
d3442bc7 RL |
1301 | case SSL_CTRL_SET_TMP_DH_CB: |
1302 | { | |
1303 | cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; | |
1304 | } | |
1305 | break; | |
1306 | #endif | |
1307 | default: | |
1308 | return(0); | |
1309 | } | |
1310 | return(1); | |
1311 | } | |
1312 | ||
d02b48c6 RE |
1313 | /* This function needs to check if the ciphers required are actually |
1314 | * available */ | |
6b691a5c | 1315 | SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) |
d02b48c6 RE |
1316 | { |
1317 | static int init=1; | |
1318 | static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS]; | |
1319 | SSL_CIPHER c,*cp= &c,**cpp; | |
1320 | unsigned long id; | |
1321 | int i; | |
1322 | ||
1323 | if (init) | |
1324 | { | |
5cc146f3 | 1325 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); |
d02b48c6 RE |
1326 | |
1327 | for (i=0; i<SSL3_NUM_CIPHERS; i++) | |
1328 | sorted[i]= &(ssl3_ciphers[i]); | |
1329 | ||
1330 | qsort( (char *)sorted, | |
1331 | SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *), | |
1332 | FP_ICC ssl_cipher_ptr_id_cmp); | |
5cc146f3 BM |
1333 | |
1334 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | |
1335 | ||
1336 | init=0; | |
d02b48c6 RE |
1337 | } |
1338 | ||
1339 | id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; | |
1340 | c.id=id; | |
1341 | cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp, | |
1342 | (char *)sorted, | |
1343 | SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *), | |
13083215 | 1344 | FP_ICC ssl_cipher_ptr_id_cmp); |
d02b48c6 RE |
1345 | if ((cpp == NULL) || !(*cpp)->valid) |
1346 | return(NULL); | |
1347 | else | |
1348 | return(*cpp); | |
1349 | } | |
1350 | ||
6b691a5c | 1351 | int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) |
d02b48c6 RE |
1352 | { |
1353 | long l; | |
1354 | ||
1355 | if (p != NULL) | |
1356 | { | |
1357 | l=c->id; | |
1358 | if ((l & 0xff000000) != 0x03000000) return(0); | |
1359 | p[0]=((unsigned char)(l>> 8L))&0xFF; | |
1360 | p[1]=((unsigned char)(l ))&0xFF; | |
1361 | } | |
1362 | return(2); | |
1363 | } | |
1364 | ||
836f9960 LJ |
1365 | SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, |
1366 | STACK_OF(SSL_CIPHER) *srvr) | |
d02b48c6 RE |
1367 | { |
1368 | SSL_CIPHER *c,*ret=NULL; | |
836f9960 | 1369 | STACK_OF(SSL_CIPHER) *prio, *allow; |
d02b48c6 RE |
1370 | int i,j,ok; |
1371 | CERT *cert; | |
1372 | unsigned long alg,mask,emask; | |
1373 | ||
ca8e5b9b BM |
1374 | /* Let's see which ciphers we can support */ |
1375 | cert=s->cert; | |
d02b48c6 | 1376 | |
836f9960 LJ |
1377 | #if 0 |
1378 | /* Do not set the compare functions, because this may lead to a | |
1379 | * reordering by "id". We want to keep the original ordering. | |
1380 | * We may pay a price in performance during sk_SSL_CIPHER_find(), | |
1381 | * but would have to pay with the price of sk_SSL_CIPHER_dup(). | |
1382 | */ | |
1383 | sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp); | |
1384 | sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp); | |
1385 | #endif | |
d02b48c6 | 1386 | |
f415fa32 | 1387 | #ifdef CIPHER_DEBUG |
836f9960 LJ |
1388 | printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr); |
1389 | for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i) | |
f415fa32 | 1390 | { |
836f9960 LJ |
1391 | c=sk_SSL_CIPHER_value(srvr,i); |
1392 | printf("%p:%s\n",c,c->name); | |
1393 | } | |
1394 | printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt); | |
1395 | for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i) | |
1396 | { | |
1397 | c=sk_SSL_CIPHER_value(clnt,i); | |
f415fa32 BL |
1398 | printf("%p:%s\n",c,c->name); |
1399 | } | |
1400 | #endif | |
1401 | ||
836f9960 LJ |
1402 | if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) |
1403 | { | |
1404 | prio = srvr; | |
1405 | allow = clnt; | |
1406 | } | |
1407 | else | |
1408 | { | |
1409 | prio = clnt; | |
1410 | allow = srvr; | |
1411 | } | |
1412 | ||
1413 | for (i=0; i<sk_SSL_CIPHER_num(prio); i++) | |
d02b48c6 | 1414 | { |
836f9960 | 1415 | c=sk_SSL_CIPHER_value(prio,i); |
60e31c3a | 1416 | |
ca8e5b9b | 1417 | ssl_set_cert_masks(cert,c); |
60e31c3a BL |
1418 | mask=cert->mask; |
1419 | emask=cert->export_mask; | |
1420 | ||
f9b3bff6 RL |
1421 | #ifdef KSSL_DEBUG |
1422 | printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms); | |
1423 | #endif /* KSSL_DEBUG */ | |
1424 | ||
d02b48c6 | 1425 | alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); |
018e57c7 | 1426 | if (SSL_C_IS_EXPORT(c)) |
d02b48c6 RE |
1427 | { |
1428 | ok=((alg & emask) == alg)?1:0; | |
1429 | #ifdef CIPHER_DEBUG | |
f415fa32 BL |
1430 | printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask, |
1431 | c,c->name); | |
d02b48c6 RE |
1432 | #endif |
1433 | } | |
1434 | else | |
1435 | { | |
1436 | ok=((alg & mask) == alg)?1:0; | |
1437 | #ifdef CIPHER_DEBUG | |
f415fa32 BL |
1438 | printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c, |
1439 | c->name); | |
d02b48c6 RE |
1440 | #endif |
1441 | } | |
1442 | ||
1443 | if (!ok) continue; | |
1444 | ||
836f9960 | 1445 | j=sk_SSL_CIPHER_find(allow,c); |
d02b48c6 RE |
1446 | if (j >= 0) |
1447 | { | |
836f9960 | 1448 | ret=sk_SSL_CIPHER_value(allow,j); |
d02b48c6 RE |
1449 | break; |
1450 | } | |
1451 | } | |
1452 | return(ret); | |
1453 | } | |
1454 | ||
6b691a5c | 1455 | int ssl3_get_req_cert_type(SSL *s, unsigned char *p) |
d02b48c6 RE |
1456 | { |
1457 | int ret=0; | |
1458 | unsigned long alg; | |
1459 | ||
1460 | alg=s->s3->tmp.new_cipher->algorithms; | |
1461 | ||
bc36ee62 | 1462 | #ifndef OPENSSL_NO_DH |
d02b48c6 RE |
1463 | if (alg & (SSL_kDHr|SSL_kEDH)) |
1464 | { | |
bc36ee62 | 1465 | # ifndef OPENSSL_NO_RSA |
d02b48c6 | 1466 | p[ret++]=SSL3_CT_RSA_FIXED_DH; |
dfeab068 | 1467 | # endif |
bc36ee62 | 1468 | # ifndef OPENSSL_NO_DSA |
d02b48c6 | 1469 | p[ret++]=SSL3_CT_DSS_FIXED_DH; |
dfeab068 | 1470 | # endif |
d02b48c6 | 1471 | } |
58964a49 RE |
1472 | if ((s->version == SSL3_VERSION) && |
1473 | (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) | |
d02b48c6 | 1474 | { |
bc36ee62 | 1475 | # ifndef OPENSSL_NO_RSA |
d02b48c6 | 1476 | p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; |
dfeab068 | 1477 | # endif |
bc36ee62 | 1478 | # ifndef OPENSSL_NO_DSA |
d02b48c6 | 1479 | p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH; |
dfeab068 | 1480 | # endif |
d02b48c6 | 1481 | } |
bc36ee62 RL |
1482 | #endif /* !OPENSSL_NO_DH */ |
1483 | #ifndef OPENSSL_NO_RSA | |
d02b48c6 RE |
1484 | p[ret++]=SSL3_CT_RSA_SIGN; |
1485 | #endif | |
bc36ee62 | 1486 | #ifndef OPENSSL_NO_DSA |
58964a49 | 1487 | p[ret++]=SSL3_CT_DSS_SIGN; |
dfeab068 | 1488 | #endif |
d02b48c6 RE |
1489 | return(ret); |
1490 | } | |
1491 | ||
6b691a5c | 1492 | int ssl3_shutdown(SSL *s) |
d02b48c6 RE |
1493 | { |
1494 | ||
1495 | /* Don't do anything much if we have not done the handshake or | |
1496 | * we don't want to send messages :-) */ | |
1497 | if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) | |
1498 | { | |
1499 | s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); | |
1500 | return(1); | |
1501 | } | |
1502 | ||
1503 | if (!(s->shutdown & SSL_SENT_SHUTDOWN)) | |
1504 | { | |
1505 | s->shutdown|=SSL_SENT_SHUTDOWN; | |
1506 | #if 1 | |
58964a49 | 1507 | ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY); |
d02b48c6 RE |
1508 | #endif |
1509 | /* our shutdown alert has been sent now, and if it still needs | |
1510 | * to be written, s->s3->alert_dispatch will be true */ | |
1511 | } | |
1512 | else if (s->s3->alert_dispatch) | |
1513 | { | |
1514 | /* resend it if not sent */ | |
1515 | #if 1 | |
1516 | ssl3_dispatch_alert(s); | |
1517 | #endif | |
1518 | } | |
1519 | else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) | |
1520 | { | |
1521 | /* If we are waiting for a close from our peer, we are closed */ | |
5a4fbc69 | 1522 | ssl3_read_bytes(s,0,NULL,0,0); |
d02b48c6 RE |
1523 | } |
1524 | ||
1525 | if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && | |
1526 | !s->s3->alert_dispatch) | |
1527 | return(1); | |
1528 | else | |
1529 | return(0); | |
1530 | } | |
1531 | ||
61f5b6f3 | 1532 | int ssl3_write(SSL *s, const void *buf, int len) |
d02b48c6 RE |
1533 | { |
1534 | int ret,n; | |
d02b48c6 RE |
1535 | |
1536 | #if 0 | |
1537 | if (s->shutdown & SSL_SEND_SHUTDOWN) | |
1538 | { | |
1539 | s->rwstate=SSL_NOTHING; | |
1540 | return(0); | |
1541 | } | |
1542 | #endif | |
58964a49 RE |
1543 | clear_sys_error(); |
1544 | if (s->s3->renegotiate) ssl3_renegotiate_check(s); | |
d02b48c6 RE |
1545 | |
1546 | /* This is an experimental flag that sends the | |
1547 | * last handshake message in the same packet as the first | |
1548 | * use data - used to see if it helps the TCP protocol during | |
1549 | * session-id reuse */ | |
1550 | /* The second test is because the buffer may have been removed */ | |
1551 | if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) | |
1552 | { | |
1553 | /* First time through, we write into the buffer */ | |
1554 | if (s->s3->delay_buf_pop_ret == 0) | |
1555 | { | |
1556 | ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, | |
e778802f | 1557 | buf,len); |
d02b48c6 RE |
1558 | if (ret <= 0) return(ret); |
1559 | ||
1560 | s->s3->delay_buf_pop_ret=ret; | |
1561 | } | |
1562 | ||
1563 | s->rwstate=SSL_WRITING; | |
1564 | n=BIO_flush(s->wbio); | |
1565 | if (n <= 0) return(n); | |
1566 | s->rwstate=SSL_NOTHING; | |
1567 | ||
413c4f45 MC |
1568 | /* We have flushed the buffer, so remove it */ |
1569 | ssl_free_wbio_buffer(s); | |
1570 | s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; | |
1571 | ||
d02b48c6 RE |
1572 | ret=s->s3->delay_buf_pop_ret; |
1573 | s->s3->delay_buf_pop_ret=0; | |
d02b48c6 RE |
1574 | } |
1575 | else | |
1576 | { | |
1577 | ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, | |
e778802f | 1578 | buf,len); |
d02b48c6 RE |
1579 | if (ret <= 0) return(ret); |
1580 | } | |
58964a49 | 1581 | |
d02b48c6 RE |
1582 | return(ret); |
1583 | } | |
1584 | ||
5a4fbc69 | 1585 | static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) |
d02b48c6 | 1586 | { |
58964a49 RE |
1587 | int ret; |
1588 | ||
1589 | clear_sys_error(); | |
1590 | if (s->s3->renegotiate) ssl3_renegotiate_check(s); | |
1591 | s->s3->in_read_app_data=1; | |
5a4fbc69 | 1592 | ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); |
58964a49 RE |
1593 | if ((ret == -1) && (s->s3->in_read_app_data == 0)) |
1594 | { | |
b35e9050 BM |
1595 | /* ssl3_read_bytes decided to call s->handshake_func, which |
1596 | * called ssl3_read_bytes to read handshake data. | |
1597 | * However, ssl3_read_bytes actually found application data | |
1598 | * and thinks that application data makes sense here (signalled | |
1599 | * by resetting 'in_read_app_data', strangely); so disable | |
1600 | * handshake processing and try to read application data again. */ | |
58964a49 | 1601 | s->in_handshake++; |
5a4fbc69 | 1602 | ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); |
58964a49 RE |
1603 | s->in_handshake--; |
1604 | } | |
1605 | else | |
1606 | s->s3->in_read_app_data=0; | |
1607 | ||
1608 | return(ret); | |
d02b48c6 RE |
1609 | } |
1610 | ||
5a4fbc69 | 1611 | int ssl3_read(SSL *s, void *buf, int len) |
d02b48c6 | 1612 | { |
5a4fbc69 BM |
1613 | return ssl3_read_internal(s, buf, len, 0); |
1614 | } | |
d02b48c6 | 1615 | |
e34cfcf7 | 1616 | int ssl3_peek(SSL *s, void *buf, int len) |
5a4fbc69 | 1617 | { |
bdcfe1d1 | 1618 | return ssl3_read_internal(s, buf, len, 1); |
d02b48c6 RE |
1619 | } |
1620 | ||
6b691a5c | 1621 | int ssl3_renegotiate(SSL *s) |
d02b48c6 RE |
1622 | { |
1623 | if (s->handshake_func == NULL) | |
1624 | return(1); | |
1625 | ||
1626 | if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) | |
1627 | return(0); | |
1628 | ||
58964a49 | 1629 | s->s3->renegotiate=1; |
d02b48c6 RE |
1630 | return(1); |
1631 | } | |
1632 | ||
6b691a5c | 1633 | int ssl3_renegotiate_check(SSL *s) |
58964a49 RE |
1634 | { |
1635 | int ret=0; | |
1636 | ||
1637 | if (s->s3->renegotiate) | |
1638 | { | |
1639 | if ( (s->s3->rbuf.left == 0) && | |
1640 | (s->s3->wbuf.left == 0) && | |
1641 | !SSL_in_init(s)) | |
1642 | { | |
1643 | /* | |
1644 | if we are the server, and we have sent a 'RENEGOTIATE' message, we | |
de808df4 | 1645 | need to go to SSL_ST_ACCEPT. |
58964a49 RE |
1646 | */ |
1647 | /* SSL_ST_ACCEPT */ | |
1648 | s->state=SSL_ST_RENEGOTIATE; | |
1649 | s->s3->renegotiate=0; | |
1650 | s->s3->num_renegotiations++; | |
1651 | s->s3->total_renegotiations++; | |
1652 | ret=1; | |
1653 | } | |
1654 | } | |
1655 | return(ret); | |
1656 | } | |
1657 |