},
#endif /* OPENSSL_NO_CAMELLIA */
-#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
- /* New TLS Export CipherSuites from expired ID */
-# if 0
- /* Cipher 60 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
- TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
- SSL_kRSA,
- SSL_aRSA,
- SSL_RC4,
- SSL_MD5,
- SSL_TLSV1,
- SSL_EXPORT | SSL_EXP56,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 56,
- 128,
- },
-
- /* Cipher 61 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
- TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
- SSL_kRSA,
- SSL_aRSA,
- SSL_RC2,
- SSL_MD5,
- SSL_TLSV1,
- SSL_EXPORT | SSL_EXP56,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 56,
- 128,
- },
-# endif
-
- /* Cipher 62 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
- TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
- SSL_kRSA,
- SSL_aRSA,
- SSL_DES,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_EXPORT | SSL_EXP56,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 56,
- 56,
- },
-
- /* Cipher 63 */
- {
- 1,
- TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
- TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
- SSL_kDHE,
- SSL_aDSS,
- SSL_DES,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_EXPORT | SSL_EXP56,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 56,
- 56,
- },
-
- /* Cipher 64 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
- TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
- SSL_kRSA,
- SSL_aRSA,
- SSL_RC4,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_EXPORT | SSL_EXP56,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 56,
- 128,
- },
-
- /* Cipher 65 */
- {
- 1,
- TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
- TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
- SSL_kDHE,
- SSL_aDSS,
- SSL_RC4,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_EXPORT | SSL_EXP56,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 56,
- 128,
- },
-
- /* Cipher 66 */
- {
- 1,
- TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
- TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
- SSL_kDHE,
- SSL_aDSS,
- SSL_RC4,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-#endif
-
/* TLS v1.2 ciphersuites */
/* Cipher 67 */
{
},
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
/* Cipher C001 */
{
1,
256,
256,
},
-#endif /* OPENSSL_NO_ECDH */
+#endif /* OPENSSL_NO_EC */
#ifndef OPENSSL_NO_SRP
/* Cipher C01A */
256,
},
#endif /* OPENSSL_NO_SRP */
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
/* HMAC based TLS v1.2 ciphersuites from RFC5289 */
256,
256},
# endif /* OPENSSL_NO_CAMELLIA */
-#endif /* OPENSSL_NO_ECDH */
+#endif /* OPENSSL_NO_EC */
#ifdef TEMP_GOST_TLS
/* Cipher FF00 */
return (NULL);
}
-int ssl3_pending(const SSL *s)
-{
- if (s->rstate == SSL_ST_READ_BODY)
- return 0;
-
- return (s->s3->rrec.type ==
- SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
-}
-
-void ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
+int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
{
unsigned char *p = (unsigned char *)s->init_buf->data;
*(p++) = htype;
l2n3(len, p);
s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
s->init_off = 0;
+
+ return 1;
}
int ssl3_handshake_write(SSL *s)
if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL)
goto err;
memset(s3, 0, sizeof *s3);
- memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
- memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
-
s->s3 = s3;
-
+
#ifndef OPENSSL_NO_SRP
- SSL_SRP_CTX_init(s);
+ if(!SSL_SRP_CTX_init(s))
+ goto err;
#endif
s->method->ssl_clear(s);
return (1);
if (s == NULL)
return;
-#ifdef TLSEXT_TYPE_opaque_prf_input
- if (s->s3->client_opaque_prf_input != NULL)
- OPENSSL_free(s->s3->client_opaque_prf_input);
- if (s->s3->server_opaque_prf_input != NULL)
- OPENSSL_free(s->s3->server_opaque_prf_input);
-#endif
-
ssl3_cleanup_key_block(s);
- if (s->s3->rbuf.buf != NULL)
- ssl3_release_read_buffer(s);
- if (s->s3->wbuf.buf != NULL)
- ssl3_release_write_buffer(s);
- if (s->s3->rrec.comp != NULL)
- OPENSSL_free(s->s3->rrec.comp);
#ifndef OPENSSL_NO_DH
- if (s->s3->tmp.dh != NULL)
- DH_free(s->s3->tmp.dh);
+ DH_free(s->s3->tmp.dh);
#endif
-#ifndef OPENSSL_NO_ECDH
- if (s->s3->tmp.ecdh != NULL)
- EC_KEY_free(s->s3->tmp.ecdh);
+#ifndef OPENSSL_NO_EC
+ EC_KEY_free(s->s3->tmp.ecdh);
#endif
if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
- if (s->s3->handshake_buffer) {
- BIO_free(s->s3->handshake_buffer);
- }
+ BIO_free(s->s3->handshake_buffer);
if (s->s3->handshake_dgst)
ssl3_free_digest_list(s);
#ifndef OPENSSL_NO_TLSEXT
void ssl3_clear(SSL *s)
{
- unsigned char *rp, *wp;
- size_t rlen, wlen;
int init_extra;
-#ifdef TLSEXT_TYPE_opaque_prf_input
- if (s->s3->client_opaque_prf_input != NULL)
- OPENSSL_free(s->s3->client_opaque_prf_input);
- s->s3->client_opaque_prf_input = NULL;
- if (s->s3->server_opaque_prf_input != NULL)
- OPENSSL_free(s->s3->server_opaque_prf_input);
- s->s3->server_opaque_prf_input = NULL;
-#endif
-
ssl3_cleanup_key_block(s);
if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
- if (s->s3->rrec.comp != NULL) {
- OPENSSL_free(s->s3->rrec.comp);
- s->s3->rrec.comp = NULL;
- }
+ SSL3_RECORD_release(RECORD_LAYER_get_rrec(&s->rlayer));
#ifndef OPENSSL_NO_DH
- if (s->s3->tmp.dh != NULL) {
- DH_free(s->s3->tmp.dh);
- s->s3->tmp.dh = NULL;
- }
+ DH_free(s->s3->tmp.dh);
+ s->s3->tmp.dh = NULL;
#endif
-#ifndef OPENSSL_NO_ECDH
- if (s->s3->tmp.ecdh != NULL) {
- EC_KEY_free(s->s3->tmp.ecdh);
- s->s3->tmp.ecdh = NULL;
- }
+#ifndef OPENSSL_NO_EC
+ EC_KEY_free(s->s3->tmp.ecdh);
+ s->s3->tmp.ecdh = NULL;
#endif
#ifndef OPENSSL_NO_TLSEXT
# ifndef OPENSSL_NO_EC
# endif /* !OPENSSL_NO_EC */
#endif /* !OPENSSL_NO_TLSEXT */
- rp = s->s3->rbuf.buf;
- wp = s->s3->wbuf.buf;
- rlen = s->s3->rbuf.len;
- wlen = s->s3->wbuf.len;
init_extra = s->s3->init_extra;
- if (s->s3->handshake_buffer) {
- BIO_free(s->s3->handshake_buffer);
- s->s3->handshake_buffer = NULL;
- }
+ BIO_free(s->s3->handshake_buffer);
+ s->s3->handshake_buffer = NULL;
if (s->s3->handshake_dgst) {
ssl3_free_digest_list(s);
}
}
#endif
memset(s->s3, 0, sizeof *s->s3);
- s->s3->rbuf.buf = rp;
- s->s3->wbuf.buf = wp;
- s->s3->rbuf.len = rlen;
- s->s3->wbuf.len = wlen;
s->s3->init_extra = init_extra;
ssl_free_wbio_buffer(s);
{
int ret = 0;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
- if (
-# ifndef OPENSSL_NO_RSA
- cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-# endif
-# ifndef OPENSSL_NO_DSA
- cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB ||
-# endif
- 0) {
- if (!ssl_cert_inst(&s->cert)) {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
- return (0);
- }
- }
-#endif
-
switch (cmd) {
case SSL_CTRL_GET_SESSION_REUSED:
ret = s->hit;
SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
return (ret);
}
- if (s->cert->rsa_tmp != NULL)
- RSA_free(s->cert->rsa_tmp);
+ RSA_free(s->cert->rsa_tmp);
s->cert->rsa_tmp = rsa;
ret = 1;
}
SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (ret);
}
- break;
#endif
#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH:
return (ret);
}
}
- if (s->cert->dh_tmp != NULL)
- DH_free(s->cert->dh_tmp);
+ DH_free(s->cert->dh_tmp);
s->cert->dh_tmp = dh;
ret = 1;
}
SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (ret);
}
- break;
case SSL_CTRL_SET_DH_AUTO:
s->cert->dh_tmp_auto = larg;
return 1;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_TMP_ECDH:
{
EC_KEY *ecdh = NULL;
return (ret);
}
}
- if (s->cert->ecdh_tmp != NULL)
- EC_KEY_free(s->cert->ecdh_tmp);
+ EC_KEY_free(s->cert->ecdh_tmp);
s->cert->ecdh_tmp = ecdh;
ret = 1;
}
SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (ret);
}
- break;
-#endif /* !OPENSSL_NO_ECDH */
+#endif /* !OPENSSL_NO_EC */
#ifndef OPENSSL_NO_TLSEXT
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
if (larg == TLSEXT_NAMETYPE_host_name) {
ret = 1;
break;
-# ifdef TLSEXT_TYPE_opaque_prf_input
- case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
- if (larg > 12288) { /* actual internal limit is 2^16 for the
- * complete hello message * (including the
- * cert chain and everything) */
- SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
- break;
- }
- if (s->tlsext_opaque_prf_input != NULL)
- OPENSSL_free(s->tlsext_opaque_prf_input);
- if ((size_t)larg == 0)
- s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte
- * just to get
- * non-NULL */
- else
- s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
- if (s->tlsext_opaque_prf_input != NULL) {
- s->tlsext_opaque_prf_input_len = (size_t)larg;
- ret = 1;
- } else
- s->tlsext_opaque_prf_input_len = 0;
- break;
-# endif
-
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
s->tlsext_status_type = larg;
ret = 1;
case SSL_CTRL_GET_SHARED_CURVE:
return tls1_shared_curve(s, larg);
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_ECDH_AUTO:
s->cert->ecdh_tmp_auto = larg;
return 1;
EVP_PKEY *ptmp;
int rv = 0;
sc = s->session->sess_cert;
-#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDH)
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp && !sc->peer_ecdh_tmp)
return 0;
#endif
else if (sc->peer_dh_tmp)
rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
else if (sc->peer_ecdh_tmp)
rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);
#endif
{
int ret = 0;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
- if (
-# ifndef OPENSSL_NO_RSA
- cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-# endif
-# ifndef OPENSSL_NO_DSA
- cmd == SSL_CTRL_SET_TMP_DH_CB ||
-# endif
- 0) {
- if (!ssl_cert_inst(&s->cert)) {
- SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
- return (0);
- }
- }
-#endif
-
switch (cmd) {
#ifndef OPENSSL_NO_RSA
case SSL_CTRL_SET_TMP_RSA_CB:
}
break;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_TMP_ECDH_CB:
{
s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB);
return (0);
} else {
- if (cert->rsa_tmp != NULL)
- RSA_free(cert->rsa_tmp);
+ RSA_free(cert->rsa_tmp);
cert->rsa_tmp = rsa;
return (1);
}
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (0);
}
- break;
#endif
#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH:
return 0;
}
}
- if (cert->dh_tmp != NULL)
- DH_free(cert->dh_tmp);
+ DH_free(cert->dh_tmp);
cert->dh_tmp = new;
return 1;
}
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (0);
}
- break;
case SSL_CTRL_SET_DH_AUTO:
ctx->cert->dh_tmp_auto = larg;
return 1;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_TMP_ECDH:
{
EC_KEY *ecdh = NULL;
}
}
- if (cert->ecdh_tmp != NULL) {
- EC_KEY_free(cert->ecdh_tmp);
- }
+ EC_KEY_free(cert->ecdh_tmp);
cert->ecdh_tmp = ecdh;
return 1;
}
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (0);
}
- break;
-#endif /* !OPENSSL_NO_ECDH */
+#endif /* !OPENSSL_NO_EC */
#ifndef OPENSSL_NO_TLSEXT
case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
ctx->tlsext_servername_arg = parg;
return 1;
}
-# ifdef TLSEXT_TYPE_opaque_prf_input
- case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
- ctx->tlsext_opaque_prf_input_callback_arg = parg;
- return 1;
-# endif
-
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
ctx->tlsext_status_arg = parg;
return 1;
- break;
# ifndef OPENSSL_NO_SRP
case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
&ctx->tlsext_ellipticcurvelist_length,
parg);
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_ECDH_AUTO:
ctx->cert->ecdh_tmp_auto = larg;
return 1;
}
break;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_TMP_ECDH_CB:
{
cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
break;
-# ifdef TLSEXT_TYPE_opaque_prf_input
- case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
- ctx->tlsext_opaque_prf_input_callback =
- (int (*)(SSL *, void *, size_t, void *))fp;
- break;
-# endif
-
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
break;
#ifndef OPENSSL_NO_TLSEXT
# ifndef OPENSSL_NO_EC
-# ifndef OPENSSL_NO_ECDH
/*
* if we are considering an ECC cipher suite that uses an ephemeral
* EC key check it
*/
if (alg_k & SSL_kECDHE)
ok = ok && tls1_check_ec_tmp_key(s, c->id);
-# endif /* OPENSSL_NO_ECDH */
# endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_TLSEXT */
if (!(alg_a & SSL_aDSS))
p[ret++] = SSL3_CT_DSS_SIGN;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
if (nostrict || !(alg_a & SSL_aRSA))
p[ret++] = TLS_CT_RSA_FIXED_ECDH;
if (nostrict || !(alg_a & SSL_aECDSA))
p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
}
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
/*
* ECDSA certs can be used with RSA cipher suites as well so we don't
* need to check for SSL_kECDH or SSL_kECDHE
if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
s->shutdown |= SSL_SENT_SHUTDOWN;
-#if 1
ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
-#endif
/*
* our shutdown alert has been sent now, and if it still needs to be
* written, s->s3->alert_dispatch will be true
return (-1); /* return WANT_WRITE */
} else if (s->s3->alert_dispatch) {
/* resend it if not sent */
-#if 1
ret = s->method->ssl_dispatch_alert(s);
if (ret == -1) {
/*
*/
return (ret);
}
-#endif
} else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
/*
* If we are waiting for a close from our peer, we are closed
int ret = 0;
if (s->s3->renegotiate) {
- if ((s->s3->rbuf.left == 0) &&
- (s->s3->wbuf.left == 0) && !SSL_in_init(s)) {
+ if (!RECORD_LAYER_read_pending(&s->rlayer)
+ && !RECORD_LAYER_write_pending(&s->rlayer)
+ && !SSL_in_init(s)) {
/*
* if we are the server, and we have sent a 'RENEGOTIATE'
* message, we need to go to SSL_ST_ACCEPT.
projects / openssl.git / blobdiff