]>
Commit | Line | Data |
---|---|---|
d02b48c6 | 1 | /* ssl/s3_lib.c */ |
58964a49 | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
d02b48c6 RE |
3 | * All rights reserved. |
4 | * | |
5 | * This package is an SSL implementation written | |
6 | * by Eric Young (eay@cryptsoft.com). | |
7 | * The implementation was written so as to conform with Netscapes SSL. | |
8 | * | |
9 | * This library is free for commercial and non-commercial use as long as | |
10 | * the following conditions are aheared to. The following conditions | |
11 | * apply to all code found in this distribution, be it the RC4, RSA, | |
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
13 | * included with this distribution is covered by the same copyright terms | |
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
15 | * | |
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | |
17 | * the code are not to be removed. | |
18 | * If this package is used in a product, Eric Young should be given attribution | |
19 | * as the author of the parts of the library used. | |
20 | * This can be in the form of a textual message at program startup or | |
21 | * in documentation (online or textual) provided with the package. | |
22 | * | |
23 | * Redistribution and use in source and binary forms, with or without | |
24 | * modification, are permitted provided that the following conditions | |
25 | * are met: | |
26 | * 1. Redistributions of source code must retain the copyright | |
27 | * notice, this list of conditions and the following disclaimer. | |
28 | * 2. Redistributions in binary form must reproduce the above copyright | |
29 | * notice, this list of conditions and the following disclaimer in the | |
30 | * documentation and/or other materials provided with the distribution. | |
31 | * 3. All advertising materials mentioning features or use of this software | |
32 | * must display the following acknowledgement: | |
33 | * "This product includes cryptographic software written by | |
34 | * Eric Young (eay@cryptsoft.com)" | |
35 | * The word 'cryptographic' can be left out if the rouines from the library | |
36 | * being used are not cryptographic related :-). | |
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | |
38 | * the apps directory (application code) you must include an acknowledgement: | |
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
40 | * | |
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
51 | * SUCH DAMAGE. | |
52 | * | |
53 | * The licence and distribution terms for any publically available version or | |
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
55 | * copied and put under another distribution licence | |
56 | * [including the GNU Public Licence.] | |
57 | */ | |
58 | ||
59 | #include <stdio.h> | |
ec577822 | 60 | #include <openssl/objects.h> |
d02b48c6 RE |
61 | #include "ssl_locl.h" |
62 | ||
e778802f | 63 | const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT; |
d02b48c6 RE |
64 | |
65 | #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) | |
66 | ||
67 | #ifndef NOPROTO | |
68 | static long ssl3_default_timeout(void ); | |
69 | #else | |
70 | static long ssl3_default_timeout(); | |
71 | #endif | |
72 | ||
73 | SSL_CIPHER ssl3_ciphers[]={ | |
74 | /* The RSA ciphers */ | |
75 | /* Cipher 01 */ | |
76 | { | |
77 | 1, | |
78 | SSL3_TXT_RSA_NULL_MD5, | |
79 | SSL3_CK_RSA_NULL_MD5, | |
a040ea82 | 80 | SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3, |
d02b48c6 RE |
81 | 0, |
82 | SSL_ALL_CIPHERS, | |
83 | }, | |
84 | /* Cipher 02 */ | |
85 | { | |
86 | 1, | |
87 | SSL3_TXT_RSA_NULL_SHA, | |
88 | SSL3_CK_RSA_NULL_SHA, | |
a040ea82 | 89 | SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, |
d02b48c6 RE |
90 | 0, |
91 | SSL_ALL_CIPHERS, | |
92 | }, | |
93 | ||
94 | /* anon DH */ | |
95 | /* Cipher 17 */ | |
96 | { | |
97 | 1, | |
98 | SSL3_TXT_ADH_RC4_40_MD5, | |
99 | SSL3_CK_ADH_RC4_40_MD5, | |
06ab81f9 | 100 | SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_EXP40|SSL_SSLV3, |
d02b48c6 RE |
101 | 0, |
102 | SSL_ALL_CIPHERS, | |
103 | }, | |
104 | /* Cipher 18 */ | |
105 | { | |
106 | 1, | |
107 | SSL3_TXT_ADH_RC4_128_MD5, | |
108 | SSL3_CK_ADH_RC4_128_MD5, | |
a040ea82 | 109 | SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3, |
d02b48c6 RE |
110 | 0, |
111 | SSL_ALL_CIPHERS, | |
112 | }, | |
113 | /* Cipher 19 */ | |
114 | { | |
115 | 1, | |
116 | SSL3_TXT_ADH_DES_40_CBC_SHA, | |
117 | SSL3_CK_ADH_DES_40_CBC_SHA, | |
06ab81f9 | 118 | SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, |
d02b48c6 RE |
119 | 0, |
120 | SSL_ALL_CIPHERS, | |
121 | }, | |
122 | /* Cipher 1A */ | |
123 | { | |
124 | 1, | |
125 | SSL3_TXT_ADH_DES_64_CBC_SHA, | |
126 | SSL3_CK_ADH_DES_64_CBC_SHA, | |
a040ea82 | 127 | SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, |
d02b48c6 RE |
128 | 0, |
129 | SSL_ALL_CIPHERS, | |
130 | }, | |
131 | /* Cipher 1B */ | |
132 | { | |
133 | 1, | |
58964a49 RE |
134 | SSL3_TXT_ADH_DES_192_CBC_SHA, |
135 | SSL3_CK_ADH_DES_192_CBC_SHA, | |
a040ea82 | 136 | SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, |
d02b48c6 RE |
137 | 0, |
138 | SSL_ALL_CIPHERS, | |
139 | }, | |
140 | ||
141 | /* RSA again */ | |
142 | /* Cipher 03 */ | |
143 | { | |
144 | 1, | |
145 | SSL3_TXT_RSA_RC4_40_MD5, | |
146 | SSL3_CK_RSA_RC4_40_MD5, | |
06ab81f9 | 147 | SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_EXP40|SSL_SSLV3, |
d02b48c6 RE |
148 | 0, |
149 | SSL_ALL_CIPHERS, | |
150 | }, | |
151 | /* Cipher 04 */ | |
152 | { | |
153 | 1, | |
154 | SSL3_TXT_RSA_RC4_128_MD5, | |
155 | SSL3_CK_RSA_RC4_128_MD5, | |
a040ea82 | 156 | SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, |
d02b48c6 RE |
157 | 0, |
158 | SSL_ALL_CIPHERS, | |
159 | }, | |
160 | /* Cipher 05 */ | |
161 | { | |
162 | 1, | |
163 | SSL3_TXT_RSA_RC4_128_SHA, | |
164 | SSL3_CK_RSA_RC4_128_SHA, | |
a040ea82 | 165 | SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, |
d02b48c6 RE |
166 | 0, |
167 | SSL_ALL_CIPHERS, | |
168 | }, | |
169 | /* Cipher 06 */ | |
170 | { | |
171 | 1, | |
172 | SSL3_TXT_RSA_RC2_40_MD5, | |
173 | SSL3_CK_RSA_RC2_40_MD5, | |
06ab81f9 | 174 | SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_EXP40|SSL_SSLV3, |
d02b48c6 RE |
175 | 0, |
176 | SSL_ALL_CIPHERS, | |
177 | }, | |
178 | /* Cipher 07 */ | |
179 | { | |
180 | 1, | |
181 | SSL3_TXT_RSA_IDEA_128_SHA, | |
182 | SSL3_CK_RSA_IDEA_128_SHA, | |
a040ea82 | 183 | SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, |
d02b48c6 RE |
184 | 0, |
185 | SSL_ALL_CIPHERS, | |
186 | }, | |
187 | /* Cipher 08 */ | |
188 | { | |
189 | 1, | |
190 | SSL3_TXT_RSA_DES_40_CBC_SHA, | |
191 | SSL3_CK_RSA_DES_40_CBC_SHA, | |
06ab81f9 | 192 | SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, |
d02b48c6 RE |
193 | 0, |
194 | SSL_ALL_CIPHERS, | |
195 | }, | |
196 | /* Cipher 09 */ | |
197 | { | |
198 | 1, | |
199 | SSL3_TXT_RSA_DES_64_CBC_SHA, | |
200 | SSL3_CK_RSA_DES_64_CBC_SHA, | |
a040ea82 | 201 | SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, |
d02b48c6 RE |
202 | 0, |
203 | SSL_ALL_CIPHERS, | |
204 | }, | |
205 | /* Cipher 0A */ | |
206 | { | |
207 | 1, | |
208 | SSL3_TXT_RSA_DES_192_CBC3_SHA, | |
209 | SSL3_CK_RSA_DES_192_CBC3_SHA, | |
a040ea82 | 210 | SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, |
d02b48c6 RE |
211 | 0, |
212 | SSL_ALL_CIPHERS, | |
213 | }, | |
214 | ||
215 | /* The DH ciphers */ | |
216 | /* Cipher 0B */ | |
217 | { | |
218 | 0, | |
219 | SSL3_TXT_DH_DSS_DES_40_CBC_SHA, | |
220 | SSL3_CK_DH_DSS_DES_40_CBC_SHA, | |
06ab81f9 | 221 | SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, |
d02b48c6 RE |
222 | 0, |
223 | SSL_ALL_CIPHERS, | |
224 | }, | |
225 | /* Cipher 0C */ | |
226 | { | |
227 | 0, | |
228 | SSL3_TXT_DH_DSS_DES_64_CBC_SHA, | |
229 | SSL3_CK_DH_DSS_DES_64_CBC_SHA, | |
a040ea82 | 230 | SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, |
d02b48c6 RE |
231 | 0, |
232 | SSL_ALL_CIPHERS, | |
233 | }, | |
234 | /* Cipher 0D */ | |
235 | { | |
236 | 0, | |
237 | SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, | |
238 | SSL3_CK_DH_DSS_DES_192_CBC3_SHA, | |
a040ea82 | 239 | SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, |
d02b48c6 RE |
240 | 0, |
241 | SSL_ALL_CIPHERS, | |
242 | }, | |
243 | /* Cipher 0E */ | |
244 | { | |
245 | 0, | |
246 | SSL3_TXT_DH_RSA_DES_40_CBC_SHA, | |
247 | SSL3_CK_DH_RSA_DES_40_CBC_SHA, | |
06ab81f9 | 248 | SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, |
d02b48c6 RE |
249 | 0, |
250 | SSL_ALL_CIPHERS, | |
251 | }, | |
252 | /* Cipher 0F */ | |
253 | { | |
254 | 0, | |
255 | SSL3_TXT_DH_RSA_DES_64_CBC_SHA, | |
256 | SSL3_CK_DH_RSA_DES_64_CBC_SHA, | |
a040ea82 | 257 | SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, |
d02b48c6 RE |
258 | 0, |
259 | SSL_ALL_CIPHERS, | |
260 | }, | |
261 | /* Cipher 10 */ | |
262 | { | |
263 | 0, | |
264 | SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, | |
265 | SSL3_CK_DH_RSA_DES_192_CBC3_SHA, | |
a040ea82 | 266 | SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, |
d02b48c6 RE |
267 | 0, |
268 | SSL_ALL_CIPHERS, | |
269 | }, | |
270 | ||
271 | /* The Ephemeral DH ciphers */ | |
272 | /* Cipher 11 */ | |
273 | { | |
274 | 1, | |
275 | SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, | |
276 | SSL3_CK_EDH_DSS_DES_40_CBC_SHA, | |
06ab81f9 | 277 | SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, |
d02b48c6 RE |
278 | 0, |
279 | SSL_ALL_CIPHERS, | |
280 | }, | |
281 | /* Cipher 12 */ | |
282 | { | |
283 | 1, | |
284 | SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, | |
285 | SSL3_CK_EDH_DSS_DES_64_CBC_SHA, | |
a040ea82 | 286 | SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, |
d02b48c6 RE |
287 | 0, |
288 | SSL_ALL_CIPHERS, | |
289 | }, | |
290 | /* Cipher 13 */ | |
291 | { | |
292 | 1, | |
293 | SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, | |
294 | SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, | |
a040ea82 | 295 | SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, |
d02b48c6 RE |
296 | 0, |
297 | SSL_ALL_CIPHERS, | |
298 | }, | |
299 | /* Cipher 14 */ | |
300 | { | |
301 | 1, | |
302 | SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, | |
303 | SSL3_CK_EDH_RSA_DES_40_CBC_SHA, | |
06ab81f9 | 304 | SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, |
d02b48c6 RE |
305 | 0, |
306 | SSL_ALL_CIPHERS, | |
307 | }, | |
308 | /* Cipher 15 */ | |
309 | { | |
310 | 1, | |
311 | SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, | |
312 | SSL3_CK_EDH_RSA_DES_64_CBC_SHA, | |
a040ea82 | 313 | SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, |
d02b48c6 RE |
314 | 0, |
315 | SSL_ALL_CIPHERS, | |
316 | }, | |
317 | /* Cipher 16 */ | |
318 | { | |
319 | 1, | |
320 | SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, | |
321 | SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, | |
a040ea82 | 322 | SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, |
d02b48c6 RE |
323 | 0, |
324 | SSL_ALL_CIPHERS, | |
325 | }, | |
326 | ||
327 | /* Fortezza */ | |
328 | /* Cipher 1C */ | |
329 | { | |
330 | 0, | |
331 | SSL3_TXT_FZA_DMS_NULL_SHA, | |
332 | SSL3_CK_FZA_DMS_NULL_SHA, | |
a040ea82 | 333 | SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, |
d02b48c6 RE |
334 | 0, |
335 | SSL_ALL_CIPHERS, | |
336 | }, | |
337 | ||
338 | /* Cipher 1D */ | |
339 | { | |
340 | 0, | |
341 | SSL3_TXT_FZA_DMS_FZA_SHA, | |
342 | SSL3_CK_FZA_DMS_FZA_SHA, | |
a040ea82 | 343 | SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, |
d02b48c6 RE |
344 | 0, |
345 | SSL_ALL_CIPHERS, | |
346 | }, | |
347 | ||
348 | /* Cipher 1E */ | |
349 | { | |
350 | 0, | |
351 | SSL3_TXT_FZA_DMS_RC4_SHA, | |
352 | SSL3_CK_FZA_DMS_RC4_SHA, | |
a040ea82 | 353 | SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, |
d02b48c6 RE |
354 | 0, |
355 | SSL_ALL_CIPHERS, | |
356 | }, | |
357 | ||
bc348244 | 358 | #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES |
06ab81f9 BL |
359 | /* New TLS Export CipherSuites */ |
360 | /* Cipher 60 */ | |
361 | { | |
362 | 1, | |
abed0b8a BL |
363 | TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, |
364 | TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, | |
06ab81f9 BL |
365 | SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP56|SSL_TLSV1, |
366 | 0, | |
367 | SSL_ALL_CIPHERS | |
368 | }, | |
369 | /* Cipher 61 */ | |
370 | { | |
371 | 1, | |
abed0b8a BL |
372 | TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, |
373 | TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, | |
06ab81f9 BL |
374 | SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP56|SSL_TLSV1, |
375 | 0, | |
376 | SSL_ALL_CIPHERS | |
377 | }, | |
378 | /* Cipher 62 */ | |
379 | { | |
380 | 1, | |
abed0b8a BL |
381 | TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, |
382 | TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, | |
06ab81f9 BL |
383 | SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1, |
384 | 0, | |
385 | SSL_ALL_CIPHERS | |
386 | }, | |
abed0b8a BL |
387 | /* Cipher 63 */ |
388 | { | |
389 | 1, | |
390 | TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, | |
391 | TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, | |
392 | SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1, | |
393 | 0, | |
394 | SSL_ALL_CIPHERS | |
395 | }, | |
396 | /* Cipher 64 */ | |
397 | { | |
398 | 1, | |
399 | TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, | |
400 | TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, | |
401 | SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_EXP56|SSL_TLSV1, | |
402 | 0, | |
403 | SSL_ALL_CIPHERS | |
404 | }, | |
405 | /* Cipher 65 */ | |
406 | { | |
407 | 1, | |
408 | TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, | |
409 | TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, | |
410 | SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_EXP56|SSL_TLSV1, | |
411 | 0, | |
412 | SSL_ALL_CIPHERS | |
413 | }, | |
414 | /* Cipher 66 */ | |
415 | { | |
416 | 1, | |
417 | TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, | |
418 | TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, | |
419 | SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, | |
420 | 0, | |
421 | SSL_ALL_CIPHERS | |
422 | }, | |
bc348244 | 423 | #endif |
06ab81f9 | 424 | |
d02b48c6 RE |
425 | /* end of list */ |
426 | }; | |
427 | ||
58964a49 RE |
428 | static SSL3_ENC_METHOD SSLv3_enc_data={ |
429 | ssl3_enc, | |
430 | ssl3_mac, | |
431 | ssl3_setup_key_block, | |
432 | ssl3_generate_master_secret, | |
433 | ssl3_change_cipher_state, | |
434 | ssl3_final_finish_mac, | |
435 | MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, | |
436 | ssl3_cert_verify_mac, | |
437 | SSL3_MD_CLIENT_FINISHED_CONST,4, | |
438 | SSL3_MD_SERVER_FINISHED_CONST,4, | |
439 | ssl3_alert_code, | |
440 | }; | |
441 | ||
d02b48c6 | 442 | static SSL_METHOD SSLv3_data= { |
58964a49 | 443 | SSL3_VERSION, |
d02b48c6 RE |
444 | ssl3_new, |
445 | ssl3_clear, | |
446 | ssl3_free, | |
447 | ssl_undefined_function, | |
448 | ssl_undefined_function, | |
449 | ssl3_read, | |
450 | ssl3_peek, | |
451 | ssl3_write, | |
452 | ssl3_shutdown, | |
453 | ssl3_renegotiate, | |
dfeab068 | 454 | ssl3_renegotiate_check, |
d02b48c6 RE |
455 | ssl3_ctrl, |
456 | ssl3_ctx_ctrl, | |
457 | ssl3_get_cipher_by_char, | |
458 | ssl3_put_cipher_by_char, | |
459 | ssl3_pending, | |
460 | ssl3_num_ciphers, | |
461 | ssl3_get_cipher, | |
462 | ssl_bad_method, | |
463 | ssl3_default_timeout, | |
58964a49 | 464 | &SSLv3_enc_data, |
d02b48c6 RE |
465 | }; |
466 | ||
6b691a5c | 467 | static long ssl3_default_timeout(void) |
d02b48c6 RE |
468 | { |
469 | /* 2 hours, the 24 hours mentioned in the SSLv3 spec | |
470 | * is way too long for http, the cache would over fill */ | |
471 | return(60*60*2); | |
472 | } | |
473 | ||
6b691a5c | 474 | SSL_METHOD *sslv3_base_method(void) |
d02b48c6 RE |
475 | { |
476 | return(&SSLv3_data); | |
477 | } | |
478 | ||
6b691a5c | 479 | int ssl3_num_ciphers(void) |
d02b48c6 RE |
480 | { |
481 | return(SSL3_NUM_CIPHERS); | |
482 | } | |
483 | ||
6b691a5c | 484 | SSL_CIPHER *ssl3_get_cipher(unsigned int u) |
d02b48c6 RE |
485 | { |
486 | if (u < SSL3_NUM_CIPHERS) | |
487 | return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); | |
488 | else | |
489 | return(NULL); | |
490 | } | |
491 | ||
492 | /* The problem is that it may not be the correct record type */ | |
6b691a5c | 493 | int ssl3_pending(SSL *s) |
d02b48c6 RE |
494 | { |
495 | return(s->s3->rrec.length); | |
496 | } | |
497 | ||
6b691a5c | 498 | int ssl3_new(SSL *s) |
d02b48c6 RE |
499 | { |
500 | SSL3_CTX *s3; | |
501 | ||
502 | if ((s3=(SSL3_CTX *)Malloc(sizeof(SSL3_CTX))) == NULL) goto err; | |
58964a49 | 503 | memset(s3,0,sizeof(SSL3_CTX)); |
d02b48c6 RE |
504 | |
505 | s->s3=s3; | |
58964a49 | 506 | /* |
d02b48c6 RE |
507 | s->s3->tmp.ca_names=NULL; |
508 | s->s3->tmp.key_block=NULL; | |
58964a49 | 509 | s->s3->tmp.key_block_length=0; |
d02b48c6 RE |
510 | s->s3->rbuf.buf=NULL; |
511 | s->s3->wbuf.buf=NULL; | |
58964a49 | 512 | */ |
d02b48c6 | 513 | |
58964a49 | 514 | s->method->ssl_clear(s); |
d02b48c6 RE |
515 | return(1); |
516 | err: | |
517 | return(0); | |
518 | } | |
519 | ||
6b691a5c | 520 | void ssl3_free(SSL *s) |
d02b48c6 | 521 | { |
e03ddfae BL |
522 | if(s == NULL) |
523 | return; | |
524 | ||
d02b48c6 RE |
525 | ssl3_cleanup_key_block(s); |
526 | if (s->s3->rbuf.buf != NULL) | |
527 | Free(s->s3->rbuf.buf); | |
528 | if (s->s3->wbuf.buf != NULL) | |
529 | Free(s->s3->wbuf.buf); | |
dfeab068 RE |
530 | if (s->s3->rrec.comp != NULL) |
531 | Free(s->s3->rrec.comp); | |
d02b48c6 RE |
532 | #ifndef NO_DH |
533 | if (s->s3->tmp.dh != NULL) | |
534 | DH_free(s->s3->tmp.dh); | |
535 | #endif | |
536 | if (s->s3->tmp.ca_names != NULL) | |
f73e07cf | 537 | sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); |
d02b48c6 RE |
538 | memset(s->s3,0,sizeof(SSL3_CTX)); |
539 | Free(s->s3); | |
540 | s->s3=NULL; | |
541 | } | |
542 | ||
6b691a5c | 543 | void ssl3_clear(SSL *s) |
d02b48c6 RE |
544 | { |
545 | unsigned char *rp,*wp; | |
546 | ||
547 | ssl3_cleanup_key_block(s); | |
548 | if (s->s3->tmp.ca_names != NULL) | |
f73e07cf | 549 | sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); |
d02b48c6 | 550 | |
413c4f45 MC |
551 | if (s->s3->rrec.comp != NULL) |
552 | { | |
553 | Free(s->s3->rrec.comp); | |
554 | s->s3->rrec.comp=NULL; | |
555 | } | |
556 | ||
d02b48c6 RE |
557 | rp=s->s3->rbuf.buf; |
558 | wp=s->s3->wbuf.buf; | |
559 | ||
560 | memset(s->s3,0,sizeof(SSL3_CTX)); | |
58964a49 RE |
561 | if (rp != NULL) s->s3->rbuf.buf=rp; |
562 | if (wp != NULL) s->s3->wbuf.buf=wp; | |
dfeab068 | 563 | |
413c4f45 | 564 | ssl_free_wbio_buffer(s); |
dfeab068 | 565 | |
d02b48c6 | 566 | s->packet_length=0; |
58964a49 RE |
567 | s->s3->renegotiate=0; |
568 | s->s3->total_renegotiations=0; | |
569 | s->s3->num_renegotiations=0; | |
570 | s->s3->in_read_app_data=0; | |
571 | s->version=SSL3_VERSION; | |
d02b48c6 RE |
572 | } |
573 | ||
6b691a5c | 574 | long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg) |
d02b48c6 | 575 | { |
58964a49 RE |
576 | int ret=0; |
577 | ||
15d21c2d RE |
578 | #if !defined(NO_DSA) || !defined(NO_RSA) |
579 | if ( | |
580 | #ifndef NO_RSA | |
581 | cmd == SSL_CTRL_SET_TMP_RSA || | |
582 | cmd == SSL_CTRL_SET_TMP_RSA_CB || | |
583 | #endif | |
584 | #ifndef NO_DSA | |
585 | cmd == SSL_CTRL_SET_TMP_DH || | |
586 | cmd == SSL_CTRL_SET_TMP_DH_CB || | |
587 | #endif | |
588 | 0) | |
589 | { | |
590 | if (!ssl_cert_instantiate(&s->cert, s->ctx->default_cert)) | |
591 | { | |
592 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); | |
593 | return(0); | |
594 | } | |
595 | } | |
596 | #endif | |
597 | ||
58964a49 RE |
598 | switch (cmd) |
599 | { | |
600 | case SSL_CTRL_GET_SESSION_REUSED: | |
601 | ret=s->hit; | |
602 | break; | |
603 | case SSL_CTRL_GET_CLIENT_CERT_REQUEST: | |
604 | break; | |
605 | case SSL_CTRL_GET_NUM_RENEGOTIATIONS: | |
606 | ret=s->s3->num_renegotiations; | |
607 | break; | |
608 | case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: | |
609 | ret=s->s3->num_renegotiations; | |
610 | s->s3->num_renegotiations=0; | |
611 | break; | |
612 | case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: | |
613 | ret=s->s3->total_renegotiations; | |
614 | break; | |
dfeab068 | 615 | case SSL_CTRL_GET_FLAGS: |
651d0aff | 616 | ret=(int)(s->s3->flags); |
dfeab068 | 617 | break; |
15d21c2d RE |
618 | #ifndef NO_RSA |
619 | case SSL_CTRL_NEED_TMP_RSA: | |
620 | if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && | |
621 | ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || | |
622 | (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))) | |
623 | ret = 1; | |
624 | break; | |
625 | case SSL_CTRL_SET_TMP_RSA: | |
626 | { | |
627 | RSA *rsa = (RSA *)parg; | |
628 | if (rsa == NULL) { | |
629 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); | |
630 | return(ret); | |
631 | } | |
632 | if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) { | |
633 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); | |
634 | return(ret); | |
635 | } | |
636 | if (s->cert->rsa_tmp != NULL) | |
637 | RSA_free(s->cert->rsa_tmp); | |
638 | s->cert->rsa_tmp = rsa; | |
639 | ret = 1; | |
640 | } | |
641 | break; | |
642 | case SSL_CTRL_SET_TMP_RSA_CB: | |
643 | #ifndef NOPROTO | |
644 | s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))parg; | |
645 | #else | |
646 | s->cert->rsa_tmp_cb = (RSA *(*)())parg; | |
647 | #endif | |
648 | break; | |
649 | #endif | |
650 | #ifndef NO_DH | |
651 | case SSL_CTRL_SET_TMP_DH: | |
652 | { | |
653 | DH *dh = (DH *)parg; | |
654 | if (dh == NULL) { | |
655 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); | |
656 | return(ret); | |
657 | } | |
658 | if ((dh = DHparams_dup(dh)) == NULL) { | |
659 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); | |
660 | return(ret); | |
661 | } | |
662 | if (!DH_generate_key(dh)) { | |
663 | DH_free(dh); | |
664 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); | |
665 | return(ret); | |
666 | } | |
667 | if (s->cert->dh_tmp != NULL) | |
668 | DH_free(s->cert->dh_tmp); | |
669 | s->cert->dh_tmp = dh; | |
670 | ret = 1; | |
671 | } | |
672 | break; | |
673 | case SSL_CTRL_SET_TMP_DH_CB: | |
674 | #ifndef NOPROTO | |
675 | s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))parg; | |
676 | #else | |
677 | s->cert->dh_tmp_cb = (DH *(*)())parg; | |
678 | #endif | |
679 | break; | |
680 | #endif | |
58964a49 RE |
681 | default: |
682 | break; | |
683 | } | |
684 | return(ret); | |
d02b48c6 RE |
685 | } |
686 | ||
6b691a5c | 687 | long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg) |
d02b48c6 RE |
688 | { |
689 | CERT *cert; | |
690 | ||
691 | cert=ctx->default_cert; | |
692 | ||
693 | switch (cmd) | |
694 | { | |
695 | #ifndef NO_RSA | |
696 | case SSL_CTRL_NEED_TMP_RSA: | |
697 | if ( (cert->rsa_tmp == NULL) && | |
698 | ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || | |
699 | (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))) | |
700 | ) | |
701 | return(1); | |
702 | else | |
703 | return(0); | |
dfeab068 | 704 | /* break; */ |
d02b48c6 RE |
705 | case SSL_CTRL_SET_TMP_RSA: |
706 | { | |
707 | RSA *rsa; | |
708 | int i; | |
709 | ||
710 | rsa=(RSA *)parg; | |
711 | i=1; | |
712 | if (rsa == NULL) | |
713 | i=0; | |
714 | else | |
715 | { | |
716 | if ((rsa=RSAPrivateKey_dup(rsa)) == NULL) | |
717 | i=0; | |
718 | } | |
719 | if (!i) | |
720 | { | |
721 | SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB); | |
722 | return(0); | |
723 | } | |
724 | else | |
725 | { | |
726 | if (cert->rsa_tmp != NULL) | |
727 | RSA_free(cert->rsa_tmp); | |
728 | cert->rsa_tmp=rsa; | |
729 | return(1); | |
730 | } | |
731 | } | |
dfeab068 | 732 | /* break; */ |
d02b48c6 | 733 | case SSL_CTRL_SET_TMP_RSA_CB: |
e527ba09 DSH |
734 | #ifndef NOPROTO |
735 | cert->rsa_tmp_cb=(RSA *(*)(SSL *, int, int))parg; | |
736 | #else | |
d02b48c6 | 737 | cert->rsa_tmp_cb=(RSA *(*)())parg; |
e527ba09 | 738 | #endif |
d02b48c6 RE |
739 | break; |
740 | #endif | |
741 | #ifndef NO_DH | |
742 | case SSL_CTRL_SET_TMP_DH: | |
743 | { | |
744 | DH *new=NULL,*dh; | |
dfeab068 | 745 | int rret=0; |
d02b48c6 RE |
746 | |
747 | dh=(DH *)parg; | |
748 | if ( ((new=DHparams_dup(dh)) == NULL) || | |
749 | (!DH_generate_key(new))) | |
750 | { | |
751 | SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); | |
752 | if (new != NULL) DH_free(new); | |
d02b48c6 RE |
753 | } |
754 | else | |
755 | { | |
756 | if (cert->dh_tmp != NULL) | |
757 | DH_free(cert->dh_tmp); | |
758 | cert->dh_tmp=new; | |
dfeab068 | 759 | rret=1; |
d02b48c6 | 760 | } |
dfeab068 | 761 | return(rret); |
d02b48c6 | 762 | } |
dfeab068 | 763 | /*break; */ |
d02b48c6 | 764 | case SSL_CTRL_SET_TMP_DH_CB: |
e527ba09 DSH |
765 | #ifndef NOPROTO |
766 | cert->dh_tmp_cb=(DH *(*)(SSL *, int, int))parg; | |
767 | #else | |
d02b48c6 | 768 | cert->dh_tmp_cb=(DH *(*)())parg; |
e527ba09 | 769 | #endif |
d02b48c6 RE |
770 | break; |
771 | #endif | |
651d0aff | 772 | /* A Thawte special :-) */ |
dfeab068 RE |
773 | case SSL_CTRL_EXTRA_CHAIN_CERT: |
774 | if (ctx->extra_certs == NULL) | |
775 | { | |
f73e07cf | 776 | if ((ctx->extra_certs=sk_X509_new_null()) == NULL) |
dfeab068 RE |
777 | return(0); |
778 | } | |
f73e07cf | 779 | sk_X509_push(ctx->extra_certs,(X509 *)parg); |
dfeab068 RE |
780 | break; |
781 | ||
d02b48c6 RE |
782 | default: |
783 | return(0); | |
784 | } | |
785 | return(1); | |
786 | } | |
787 | ||
788 | /* This function needs to check if the ciphers required are actually | |
789 | * available */ | |
6b691a5c | 790 | SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) |
d02b48c6 RE |
791 | { |
792 | static int init=1; | |
793 | static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS]; | |
794 | SSL_CIPHER c,*cp= &c,**cpp; | |
795 | unsigned long id; | |
796 | int i; | |
797 | ||
798 | if (init) | |
799 | { | |
5cc146f3 | 800 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); |
d02b48c6 RE |
801 | |
802 | for (i=0; i<SSL3_NUM_CIPHERS; i++) | |
803 | sorted[i]= &(ssl3_ciphers[i]); | |
804 | ||
805 | qsort( (char *)sorted, | |
806 | SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *), | |
807 | FP_ICC ssl_cipher_ptr_id_cmp); | |
5cc146f3 BM |
808 | |
809 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | |
810 | ||
811 | init=0; | |
d02b48c6 RE |
812 | } |
813 | ||
814 | id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; | |
815 | c.id=id; | |
816 | cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp, | |
817 | (char *)sorted, | |
818 | SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *), | |
819 | (int (*)())ssl_cipher_ptr_id_cmp); | |
820 | if ((cpp == NULL) || !(*cpp)->valid) | |
821 | return(NULL); | |
822 | else | |
823 | return(*cpp); | |
824 | } | |
825 | ||
6b691a5c | 826 | int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) |
d02b48c6 RE |
827 | { |
828 | long l; | |
829 | ||
830 | if (p != NULL) | |
831 | { | |
832 | l=c->id; | |
833 | if ((l & 0xff000000) != 0x03000000) return(0); | |
834 | p[0]=((unsigned char)(l>> 8L))&0xFF; | |
835 | p[1]=((unsigned char)(l ))&0xFF; | |
836 | } | |
837 | return(2); | |
838 | } | |
839 | ||
6b691a5c | 840 | int ssl3_part_read(SSL *s, int i) |
d02b48c6 RE |
841 | { |
842 | s->rwstate=SSL_READING; | |
843 | ||
844 | if (i < 0) | |
845 | { | |
846 | return(i); | |
847 | } | |
848 | else | |
849 | { | |
850 | s->init_num+=i; | |
851 | return(0); | |
852 | } | |
853 | } | |
854 | ||
6b691a5c UM |
855 | SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *have, |
856 | STACK_OF(SSL_CIPHER) *pref) | |
d02b48c6 RE |
857 | { |
858 | SSL_CIPHER *c,*ret=NULL; | |
859 | int i,j,ok; | |
860 | CERT *cert; | |
861 | unsigned long alg,mask,emask; | |
862 | ||
863 | /* Lets see which ciphers we can supported */ | |
864 | if (s->cert != NULL) | |
865 | cert=s->cert; | |
866 | else | |
867 | cert=s->ctx->default_cert; | |
868 | ||
f73e07cf | 869 | sk_SSL_CIPHER_set_cmp_func(pref,ssl_cipher_ptr_id_cmp); |
d02b48c6 | 870 | |
f415fa32 BL |
871 | #ifdef CIPHER_DEBUG |
872 | printf("Have:\n"); | |
873 | for(i=0 ; i < sk_num(pref) ; ++i) | |
874 | { | |
875 | c=(SSL_CIPHER *)sk_value(pref,i); | |
876 | printf("%p:%s\n",c,c->name); | |
877 | } | |
878 | #endif | |
879 | ||
f73e07cf | 880 | for (i=0; i<sk_SSL_CIPHER_num(have); i++) |
d02b48c6 | 881 | { |
f73e07cf | 882 | c=sk_SSL_CIPHER_value(have,i); |
60e31c3a | 883 | |
f415fa32 | 884 | ssl_set_cert_masks(cert,s->ctx->default_cert,c); |
60e31c3a BL |
885 | mask=cert->mask; |
886 | emask=cert->export_mask; | |
887 | ||
d02b48c6 | 888 | alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); |
90a52cec | 889 | if (SSL_IS_EXPORT(c->algorithms)) |
d02b48c6 RE |
890 | { |
891 | ok=((alg & emask) == alg)?1:0; | |
892 | #ifdef CIPHER_DEBUG | |
f415fa32 BL |
893 | printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask, |
894 | c,c->name); | |
d02b48c6 RE |
895 | #endif |
896 | } | |
897 | else | |
898 | { | |
899 | ok=((alg & mask) == alg)?1:0; | |
900 | #ifdef CIPHER_DEBUG | |
f415fa32 BL |
901 | printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c, |
902 | c->name); | |
d02b48c6 RE |
903 | #endif |
904 | } | |
905 | ||
906 | if (!ok) continue; | |
907 | ||
f73e07cf | 908 | j=sk_SSL_CIPHER_find(pref,c); |
d02b48c6 RE |
909 | if (j >= 0) |
910 | { | |
f73e07cf | 911 | ret=sk_SSL_CIPHER_value(pref,j); |
d02b48c6 RE |
912 | break; |
913 | } | |
914 | } | |
915 | return(ret); | |
916 | } | |
917 | ||
6b691a5c | 918 | int ssl3_get_req_cert_type(SSL *s, unsigned char *p) |
d02b48c6 RE |
919 | { |
920 | int ret=0; | |
921 | unsigned long alg; | |
922 | ||
923 | alg=s->s3->tmp.new_cipher->algorithms; | |
924 | ||
925 | #ifndef NO_DH | |
926 | if (alg & (SSL_kDHr|SSL_kEDH)) | |
927 | { | |
dfeab068 | 928 | # ifndef NO_RSA |
d02b48c6 | 929 | p[ret++]=SSL3_CT_RSA_FIXED_DH; |
dfeab068 RE |
930 | # endif |
931 | # ifndef NO_DSA | |
d02b48c6 | 932 | p[ret++]=SSL3_CT_DSS_FIXED_DH; |
dfeab068 | 933 | # endif |
d02b48c6 | 934 | } |
58964a49 RE |
935 | if ((s->version == SSL3_VERSION) && |
936 | (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) | |
d02b48c6 | 937 | { |
dfeab068 | 938 | # ifndef NO_RSA |
d02b48c6 | 939 | p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; |
dfeab068 RE |
940 | # endif |
941 | # ifndef NO_DSA | |
d02b48c6 | 942 | p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH; |
dfeab068 | 943 | # endif |
d02b48c6 RE |
944 | } |
945 | #endif /* !NO_DH */ | |
946 | #ifndef NO_RSA | |
947 | p[ret++]=SSL3_CT_RSA_SIGN; | |
948 | #endif | |
dfeab068 | 949 | #ifndef NO_DSA |
58964a49 | 950 | p[ret++]=SSL3_CT_DSS_SIGN; |
dfeab068 | 951 | #endif |
d02b48c6 RE |
952 | return(ret); |
953 | } | |
954 | ||
6b691a5c | 955 | int ssl3_shutdown(SSL *s) |
d02b48c6 RE |
956 | { |
957 | ||
958 | /* Don't do anything much if we have not done the handshake or | |
959 | * we don't want to send messages :-) */ | |
960 | if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) | |
961 | { | |
962 | s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); | |
963 | return(1); | |
964 | } | |
965 | ||
966 | if (!(s->shutdown & SSL_SENT_SHUTDOWN)) | |
967 | { | |
968 | s->shutdown|=SSL_SENT_SHUTDOWN; | |
969 | #if 1 | |
58964a49 | 970 | ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY); |
d02b48c6 RE |
971 | #endif |
972 | /* our shutdown alert has been sent now, and if it still needs | |
973 | * to be written, s->s3->alert_dispatch will be true */ | |
974 | } | |
975 | else if (s->s3->alert_dispatch) | |
976 | { | |
977 | /* resend it if not sent */ | |
978 | #if 1 | |
979 | ssl3_dispatch_alert(s); | |
980 | #endif | |
981 | } | |
982 | else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) | |
983 | { | |
984 | /* If we are waiting for a close from our peer, we are closed */ | |
985 | ssl3_read_bytes(s,0,NULL,0); | |
986 | } | |
987 | ||
988 | if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && | |
989 | !s->s3->alert_dispatch) | |
990 | return(1); | |
991 | else | |
992 | return(0); | |
993 | } | |
994 | ||
61f5b6f3 | 995 | int ssl3_write(SSL *s, const void *buf, int len) |
d02b48c6 RE |
996 | { |
997 | int ret,n; | |
d02b48c6 RE |
998 | |
999 | #if 0 | |
1000 | if (s->shutdown & SSL_SEND_SHUTDOWN) | |
1001 | { | |
1002 | s->rwstate=SSL_NOTHING; | |
1003 | return(0); | |
1004 | } | |
1005 | #endif | |
58964a49 RE |
1006 | clear_sys_error(); |
1007 | if (s->s3->renegotiate) ssl3_renegotiate_check(s); | |
d02b48c6 RE |
1008 | |
1009 | /* This is an experimental flag that sends the | |
1010 | * last handshake message in the same packet as the first | |
1011 | * use data - used to see if it helps the TCP protocol during | |
1012 | * session-id reuse */ | |
1013 | /* The second test is because the buffer may have been removed */ | |
1014 | if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) | |
1015 | { | |
1016 | /* First time through, we write into the buffer */ | |
1017 | if (s->s3->delay_buf_pop_ret == 0) | |
1018 | { | |
1019 | ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, | |
e778802f | 1020 | buf,len); |
d02b48c6 RE |
1021 | if (ret <= 0) return(ret); |
1022 | ||
1023 | s->s3->delay_buf_pop_ret=ret; | |
1024 | } | |
1025 | ||
1026 | s->rwstate=SSL_WRITING; | |
1027 | n=BIO_flush(s->wbio); | |
1028 | if (n <= 0) return(n); | |
1029 | s->rwstate=SSL_NOTHING; | |
1030 | ||
413c4f45 MC |
1031 | /* We have flushed the buffer, so remove it */ |
1032 | ssl_free_wbio_buffer(s); | |
1033 | s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; | |
1034 | ||
d02b48c6 RE |
1035 | ret=s->s3->delay_buf_pop_ret; |
1036 | s->s3->delay_buf_pop_ret=0; | |
d02b48c6 RE |
1037 | } |
1038 | else | |
1039 | { | |
1040 | ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, | |
e778802f | 1041 | buf,len); |
d02b48c6 RE |
1042 | if (ret <= 0) return(ret); |
1043 | } | |
58964a49 | 1044 | |
d02b48c6 RE |
1045 | return(ret); |
1046 | } | |
1047 | ||
61f5b6f3 | 1048 | int ssl3_read(SSL *s, void *buf, int len) |
d02b48c6 | 1049 | { |
58964a49 RE |
1050 | int ret; |
1051 | ||
1052 | clear_sys_error(); | |
1053 | if (s->s3->renegotiate) ssl3_renegotiate_check(s); | |
1054 | s->s3->in_read_app_data=1; | |
1055 | ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len); | |
1056 | if ((ret == -1) && (s->s3->in_read_app_data == 0)) | |
1057 | { | |
1058 | ERR_get_error(); /* clear the error */ | |
1059 | s->s3->in_read_app_data=0; | |
1060 | s->in_handshake++; | |
1061 | ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len); | |
1062 | s->in_handshake--; | |
1063 | } | |
1064 | else | |
1065 | s->s3->in_read_app_data=0; | |
1066 | ||
1067 | return(ret); | |
d02b48c6 RE |
1068 | } |
1069 | ||
6b691a5c | 1070 | int ssl3_peek(SSL *s, char *buf, int len) |
d02b48c6 RE |
1071 | { |
1072 | SSL3_RECORD *rr; | |
1073 | int n; | |
1074 | ||
1075 | rr= &(s->s3->rrec); | |
1076 | if ((rr->length == 0) || (rr->type != SSL3_RT_APPLICATION_DATA)) | |
58964a49 RE |
1077 | { |
1078 | n=ssl3_read(s,buf,1); | |
1079 | if (n <= 0) return(n); | |
1080 | rr->length++; | |
1081 | rr->off--; | |
1082 | } | |
d02b48c6 RE |
1083 | |
1084 | if ((unsigned int)len > rr->length) | |
1085 | n=rr->length; | |
1086 | else | |
1087 | n=len; | |
1088 | memcpy(buf,&(rr->data[rr->off]),(unsigned int)n); | |
1089 | return(n); | |
1090 | } | |
1091 | ||
6b691a5c | 1092 | int ssl3_renegotiate(SSL *s) |
d02b48c6 RE |
1093 | { |
1094 | if (s->handshake_func == NULL) | |
1095 | return(1); | |
1096 | ||
1097 | if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) | |
1098 | return(0); | |
1099 | ||
58964a49 | 1100 | s->s3->renegotiate=1; |
d02b48c6 RE |
1101 | return(1); |
1102 | } | |
1103 | ||
6b691a5c | 1104 | int ssl3_renegotiate_check(SSL *s) |
58964a49 RE |
1105 | { |
1106 | int ret=0; | |
1107 | ||
1108 | if (s->s3->renegotiate) | |
1109 | { | |
1110 | if ( (s->s3->rbuf.left == 0) && | |
1111 | (s->s3->wbuf.left == 0) && | |
1112 | !SSL_in_init(s)) | |
1113 | { | |
1114 | /* | |
1115 | if we are the server, and we have sent a 'RENEGOTIATE' message, we | |
1116 | need to go to SSL_ST_ACCEPT.\1e | |
1117 | */ | |
1118 | /* SSL_ST_ACCEPT */ | |
1119 | s->state=SSL_ST_RENEGOTIATE; | |
1120 | s->s3->renegotiate=0; | |
1121 | s->s3->num_renegotiations++; | |
1122 | s->s3->total_renegotiations++; | |
1123 | ret=1; | |
1124 | } | |
1125 | } | |
1126 | return(ret); | |
1127 | } | |
1128 |