Update from 1.0.0-stable.

[openssl.git] / ssl / ssl_lib.c
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c

index 2c691da0b82a2c12df539cea7422cc3fb9a98e11..7b911ae1eac610d591688c174f45e14651dc3c92 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -58,7 +58,7 @@
   * [including the GNU Public Licence.]
   */
  /* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
@@ -151,9 +151,14 @@
  #include <openssl/objects.h>
  #include <openssl/lhash.h>
  #include <openssl/x509v3.h>
+#include <openssl/rand.h>
+#include <openssl/ocsp.h>
  #ifndef OPENSSL_NO_DH
  #include <openssl/dh.h>
  #endif
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
  
  const char *SSL_version_str=OPENSSL_VERSION_TEXT;
  
@@ -164,9 +169,9 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={
         ssl_undefined_function,
         (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
         (int (*)(SSL*, int))ssl_undefined_function,
-       (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function,
+       (int (*)(SSL *,  const char*, int, unsigned char *))ssl_undefined_function,
         0,      /* finish_mac_length */
-       (int (*)(SSL *, EVP_MD_CTX *, unsigned char *))ssl_undefined_function,
+       (int (*)(SSL *, int, unsigned char *))ssl_undefined_function,
         NULL,   /* client_finished_label */
         0,      /* client_finished_label_len */
         NULL,   /* server_finished_label */
@@ -225,6 +230,8 @@ int SSL_clear(SSL *s)
                 }
  
         ssl_clear_cipher_ctx(s);
+       ssl_clear_hash_ctx(&s->read_hash);
+       ssl_clear_hash_ctx(&s->write_hash);
  
         s->first_packet=0;
  
@@ -252,7 +259,8 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth)
         ctx->method=meth;
  
         sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
-               &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);
+               &(ctx->cipher_list_by_id),
+               meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
         if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
                 {
                 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
@@ -334,6 +342,15 @@ SSL *SSL_new(SSL_CTX *ctx)
         CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
         s->ctx=ctx;
  #ifndef OPENSSL_NO_TLSEXT
+       s->tlsext_debug_cb = 0;
+       s->tlsext_debug_arg = NULL;
+       s->tlsext_ticket_expected = 0;
+       s->tlsext_status_type = -1;
+       s->tlsext_status_expected = 0;
+       s->tlsext_ocsp_ids = NULL;
+       s->tlsext_ocsp_exts = NULL;
+       s->tlsext_ocsp_resp = NULL;
+       s->tlsext_ocsp_resplen = -1;
         CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
         s->initial_ctx=ctx;
  #endif
@@ -444,7 +461,7 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
                 }
  
         CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-       p = (SSL_SESSION *)lh_retrieve(ssl->ctx->sessions, &r);
+       p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
         CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
         return (p != NULL);
         }
@@ -523,13 +540,29 @@ void SSL_free(SSL *s)
                 }
  
         ssl_clear_cipher_ctx(s);
+       ssl_clear_hash_ctx(&s->read_hash);
+       ssl_clear_hash_ctx(&s->write_hash);
  
         if (s->cert != NULL) ssl_cert_free(s->cert);
         /* Free up if allocated */
  
         if (s->ctx) SSL_CTX_free(s->ctx);
  #ifndef OPENSSL_NO_TLSEXT
+       if (s->tlsext_hostname)
+               OPENSSL_free(s->tlsext_hostname);
         if (s->initial_ctx) SSL_CTX_free(s->initial_ctx);
+#ifndef OPENSSL_NO_EC
+       if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist);
+       if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist);
+#endif /* OPENSSL_NO_EC */
+       if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input);
+       if (s->tlsext_ocsp_exts)
+               sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
+                                               X509_EXTENSION_free);
+       if (s->tlsext_ocsp_ids)
+               sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
+       if (s->tlsext_ocsp_resp)
+               OPENSSL_free(s->tlsext_ocsp_resp);
  #endif
  
         if (s->client_CA != NULL)
@@ -854,7 +887,7 @@ int SSL_check_private_key(const SSL *ssl)
                 }
         if (ssl->cert == NULL)
                 {
-                SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
+               SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
                 return 0;
                 }
         if (ssl->cert->key->x509 == NULL)
@@ -1006,7 +1039,8 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
                 s->max_cert_list=larg;
                 return(l);
         case SSL_CTRL_SET_MTU:
-               if (SSL_version(s) == DTLS1_VERSION)
+               if (SSL_version(s) == DTLS1_VERSION ||
+                   SSL_version(s) == DTLS1_BAD_VER)
                         {
                         s->d1->mtu = larg;
                         return larg;
@@ -1035,7 +1069,7 @@ long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
                 }
         }
  
-struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx)
+LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
         {
         return ctx->sessions;
         }
@@ -1078,7 +1112,7 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
                 return(ctx->session_cache_mode);
  
         case SSL_CTRL_SESS_NUMBER:
-               return(ctx->sessions->num_items);
+               return(lh_SSL_SESSION_num_items(ctx->sessions));
         case SSL_CTRL_SESS_CONNECT:
                 return(ctx->stats.sess_connect);
         case SSL_CTRL_SESS_CONNECT_GOOD:
@@ -1214,8 +1248,8 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
         /* ssl_create_cipher_list may return an empty stack if it
          * was unable to find a cipher matching the given rule string
          * (for example if the rule string specifies a cipher which
-        * has been disabled). This is not an error as far as 
-        * ssl_create_cipher_list is concerned, and hence 
+        * has been disabled). This is not an error as far as
+        * ssl_create_cipher_list is concerned, and hence
          * ctx->cipher_list and ctx->cipher_list_by_id has been
          * updated. */
         if (sk == NULL)
@@ -1250,7 +1284,6 @@ int SSL_set_cipher_list(SSL *s,const char *str)
  char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
         {
         char *p;
-       const char *cp;
         STACK_OF(SSL_CIPHER) *sk;
         SSL_CIPHER *c;
         int i;
@@ -1263,33 +1296,34 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
         sk=s->session->ciphers;
         for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
                 {
-               /* Decrement for either the ':' or a '\0' */
-               len--;
+               int n;
+
                 c=sk_SSL_CIPHER_value(sk,i);
-               for (cp=c->name; *cp; )
+               n=strlen(c->name);
+               if (n+1 > len)
                         {
-                       if (len-- == 0)
-                               {
-                               *p='\0';
-                               return(buf);
-                               }
-                       else
-                               *(p++)= *(cp++);
+                       if (p != buf)
+                               --p;
+                       *p='\0';
+                       return buf;
                         }
+               strcpy(p,c->name);
+               p+=n;
                 *(p++)=':';
+               len-=n+1;
                 }
         p[-1]='\0';
         return(buf);
         }
  
  int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
-                             int (*put_cb)(const SSL_CIPHER *, unsigned char *))
+                            int (*put_cb)(const SSL_CIPHER *, unsigned char *))
         {
         int i,j=0;
         SSL_CIPHER *c;
         unsigned char *q;
  #ifndef OPENSSL_NO_KRB5
-        int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
+       int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
  #endif /* OPENSSL_NO_KRB5 */
  
         if (sk == NULL) return(0);
@@ -1299,12 +1333,14 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
                 {
                 c=sk_SSL_CIPHER_value(sk,i);
  #ifndef OPENSSL_NO_KRB5
-                if ((c->algorithms & SSL_KRB5) && nokrb5)
-                    continue;
-#endif /* OPENSSL_NO_KRB5 */                    
+               if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) &&
+                   nokrb5)
+                   continue;
+#endif /* OPENSSL_NO_KRB5 */
  #ifndef OPENSSL_NO_PSK
                 /* with PSK there must be client callback set */
-               if ((c->algorithms & SSL_PSK) && s->psk_client_callback == NULL)
+               if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) &&
+                   s->psk_client_callback == NULL)
                         continue;
  #endif /* OPENSSL_NO_PSK */
                 j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
@@ -1316,7 +1352,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
  STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
                                                STACK_OF(SSL_CIPHER) **skp)
         {
-       SSL_CIPHER *c;
+       const SSL_CIPHER *c;
         STACK_OF(SSL_CIPHER) *sk;
         int i,n;
  
@@ -1358,8 +1394,8 @@ err:
         }
  
  
-#ifndef OPENSSL_TLSEXT
-/** return a servername extension value if provided in Client Hello, or NULL. 
+#ifndef OPENSSL_NO_TLSEXT
+/** return a servername extension value if provided in Client Hello, or NULL.
   * So far, only host_name types are defined (RFC 3546).
   */
  
@@ -1375,13 +1411,13 @@ const char *SSL_get_servername(const SSL *s, const int type)
  
  int SSL_get_servername_type(const SSL *s)
         {
-       if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) 
+       if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname))
                 return TLSEXT_NAMETYPE_host_name;
         return -1;
         }
  #endif
  
-unsigned long SSL_SESSION_hash(const SSL_SESSION *a)
+static unsigned long ssl_session_hash(const SSL_SESSION *a)
         {
         unsigned long l;
  
@@ -1398,7 +1434,7 @@ unsigned long SSL_SESSION_hash(const SSL_SESSION *a)
   * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
   * able to construct an SSL_SESSION that will collide with any existing session
   * with a matching session ID. */
-int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
+static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
         {
         if (a->ssl_version != b->ssl_version)
                 return(1);
@@ -1411,13 +1447,13 @@ int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
   * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
   * variable. The reason is that the functions aren't static, they're exposed via
   * ssl.h. */
-static IMPLEMENT_LHASH_HASH_FN(SSL_SESSION_hash, SSL_SESSION *)
-static IMPLEMENT_LHASH_COMP_FN(SSL_SESSION_cmp, SSL_SESSION *)
+static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)
+static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)
  
  SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
         {
         SSL_CTX *ret=NULL;
-       
+
         if (meth == NULL)
                 {
                 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
@@ -1486,15 +1522,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
         ret->app_gen_cookie_cb=0;
         ret->app_verify_cookie_cb=0;
  
-       ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash),
-                       LHASH_COMP_FN(SSL_SESSION_cmp));
+       ret->sessions=lh_SSL_SESSION_new();
         if (ret->sessions == NULL) goto err;
         ret->cert_store=X509_STORE_new();
         if (ret->cert_store == NULL) goto err;
  
         ssl_create_cipher_list(ret->method,
                 &ret->cipher_list,&ret->cipher_list_by_id,
-               SSL_DEFAULT_CIPHER_LIST);
+               meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
         if (ret->cipher_list == NULL
             || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
                 {
@@ -1535,12 +1570,60 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
  #ifndef OPENSSL_NO_TLSEXT
         ret->tlsext_servername_callback = 0;
         ret->tlsext_servername_arg = NULL;
+       /* Setup RFC4507 ticket keys */
+       if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
+               || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
+               || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
+               ret->options |= SSL_OP_NO_TICKET;
+
+       ret->tlsext_status_cb = 0;
+       ret->tlsext_status_arg = NULL;
+
  #endif
  #ifndef OPENSSL_NO_PSK
         ret->psk_identity_hint=NULL;
         ret->psk_client_callback=NULL;
         ret->psk_server_callback=NULL;
  #endif
+#ifndef OPENSSL_NO_BUF_FREELISTS
+       ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
+       ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
+       if (!ret->rbuf_freelist)
+               goto err;
+       ret->rbuf_freelist->chunklen = 0;
+       ret->rbuf_freelist->len = 0;
+       ret->rbuf_freelist->head = NULL;
+       ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
+       if (!ret->wbuf_freelist)
+               {
+               OPENSSL_free(ret->rbuf_freelist);
+               goto err;
+               }
+       ret->wbuf_freelist->chunklen = 0;
+       ret->wbuf_freelist->len = 0;
+       ret->wbuf_freelist->head = NULL;
+#endif
+#ifndef OPENSSL_NO_ENGINE
+       ret->client_cert_engine = NULL;
+#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
+#define eng_strx(x)    #x
+#define eng_str(x)     eng_strx(x)
+       /* Use specific client engine automatically... ignore errors */
+       {
+       ENGINE *eng;
+       eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
+       if (!eng)
+               {
+               ERR_clear_error();
+               ENGINE_load_builtin_engines();
+               eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
+               }
+       if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
+               ERR_clear_error();
+       }
+#endif
+#endif
+
         return(ret);
  err:
         SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
@@ -1554,6 +1637,20 @@ static void SSL_COMP_free(SSL_COMP *comp)
      { OPENSSL_free(comp); }
  #endif
  
+#ifndef OPENSSL_NO_BUF_FREELISTS
+static void
+ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
+       {
+       SSL3_BUF_FREELIST_ENTRY *ent, *next;
+       for (ent = list->head; ent; ent = next)
+               {
+               next = ent->next;
+               OPENSSL_free(ent);
+               }
+       OPENSSL_free(list);
+       }
+#endif
+
  void SSL_CTX_free(SSL_CTX *a)
         {
         int i;
@@ -1591,7 +1688,7 @@ void SSL_CTX_free(SSL_CTX *a)
         CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
  
         if (a->sessions != NULL)
-               lh_free(a->sessions);
+               lh_SSL_SESSION_free(a->sessions);
  
         if (a->cert_store != NULL)
                 X509_STORE_free(a->cert_store);
@@ -1616,6 +1713,18 @@ void SSL_CTX_free(SSL_CTX *a)
         if (a->psk_identity_hint)
                 OPENSSL_free(a->psk_identity_hint);
  #endif
+#ifndef OPENSSL_NO_ENGINE
+       if (a->client_cert_engine)
+               ENGINE_finish(a->client_cert_engine);
+#endif
+
+#ifndef OPENSSL_NO_BUF_FREELISTS
+       if (a->wbuf_freelist)
+               ssl_buf_freelist_free(a->wbuf_freelist);
+       if (a->rbuf_freelist)
+               ssl_buf_freelist_free(a->rbuf_freelist);
+#endif
+
         OPENSSL_free(a);
         }
  
@@ -1646,13 +1755,13 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
         X509_VERIFY_PARAM_set_depth(ctx->param, depth);
         }
  
-void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
+void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
         {
         CERT_PKEY *cpk;
         int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
         int rsa_enc_export,dh_rsa_export,dh_dsa_export;
         int rsa_tmp_export,dh_tmp_export,kl;
-       unsigned long mask,emask;
+       unsigned long mask_k,mask_a,emask_k,emask_a;
         int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
  #ifndef OPENSSL_NO_ECDH
         int have_ecdh_tmp;
@@ -1699,60 +1808,77 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
         dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
         cpk= &(c->pkeys[SSL_PKEY_ECC]);
         have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL);
-       mask=0;
-       emask=0;
+       mask_k=0;
+       mask_a=0;
+       emask_k=0;
+       emask_a=0;
+
+       
  
  #ifdef CIPHER_DEBUG
-       printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
-               rsa_tmp,rsa_tmp_export,dh_tmp,
+       printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
+               rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp,
                 rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
  #endif
+       
+       cpk = &(c->pkeys[SSL_PKEY_GOST01]);
+       if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
+               mask_k |= SSL_kGOST;
+               mask_a |= SSL_aGOST01;
+       }
+       cpk = &(c->pkeys[SSL_PKEY_GOST94]);
+       if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
+               mask_k |= SSL_kGOST;
+               mask_a |= SSL_aGOST94;
+       }
  
         if (rsa_enc || (rsa_tmp && rsa_sign))
-               mask|=SSL_kRSA;
+               mask_k|=SSL_kRSA;
         if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
-               emask|=SSL_kRSA;
+               emask_k|=SSL_kRSA;
  
  #if 0
         /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
-       if (    (dh_tmp || dh_rsa || dh_dsa) && 
+       if (    (dh_tmp || dh_rsa || dh_dsa) &&
                 (rsa_enc || rsa_sign || dsa_sign))
-               mask|=SSL_kEDH;
+               mask_k|=SSL_kEDH;
         if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
                 (rsa_enc || rsa_sign || dsa_sign))
-               emask|=SSL_kEDH;
+               emask_k|=SSL_kEDH;
  #endif
  
-       if (dh_tmp_export) 
-               emask|=SSL_kEDH;
+       if (dh_tmp_export)
+               emask_k|=SSL_kEDH;
  
         if (dh_tmp)
-               mask|=SSL_kEDH;
+               mask_k|=SSL_kEDH;
  
-       if (dh_rsa) mask|=SSL_kDHr;
-       if (dh_rsa_export) emask|=SSL_kDHr;
+       if (dh_rsa) mask_k|=SSL_kDHr;
+       if (dh_rsa_export) emask_k|=SSL_kDHr;
  
-       if (dh_dsa) mask|=SSL_kDHd;
-       if (dh_dsa_export) emask|=SSL_kDHd;
+       if (dh_dsa) mask_k|=SSL_kDHd;
+       if (dh_dsa_export) emask_k|=SSL_kDHd;
  
         if (rsa_enc || rsa_sign)
                 {
-               mask|=SSL_aRSA;
-               emask|=SSL_aRSA;
+               mask_a|=SSL_aRSA;
+               emask_a|=SSL_aRSA;
                 }
  
         if (dsa_sign)
                 {
-               mask|=SSL_aDSS;
-               emask|=SSL_aDSS;
+               mask_a|=SSL_aDSS;
+               emask_a|=SSL_aDSS;
                 }
  
-       mask|=SSL_aNULL;
-       emask|=SSL_aNULL;
+       mask_a|=SSL_aNULL;
+       emask_a|=SSL_aNULL;
  
  #ifndef OPENSSL_NO_KRB5
-       mask|=SSL_kKRB5|SSL_aKRB5;
-       emask|=SSL_kKRB5|SSL_aKRB5;
+       mask_k|=SSL_kKRB5;
+       mask_a|=SSL_aKRB5;
+       emask_k|=SSL_kKRB5;
+       emask_a|=SSL_aKRB5;
  #endif
  
         /* An ECC certificate may be usable for ECDH and/or
@@ -1760,7 +1886,7 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
          */
         if (have_ecc_cert)
                 {
-                /* This call populates extension flags (ex_flags) */
+               /* This call populates extension flags (ex_flags) */
                 x = (c->pkeys[SSL_PKEY_ECC]).x509;
                 X509_check_purpose(x, -1, 0);
                 ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
@@ -1768,7 +1894,7 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
                 ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
                     (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
                 ecc_pkey = X509_get_pubkey(x);
-               ecc_pkey_size = (ecc_pkey != NULL) ? 
+               ecc_pkey_size = (ecc_pkey != NULL) ?
                     EVP_PKEY_bits(ecc_pkey) : 0;
                 EVP_PKEY_free(ecc_pkey);
                 if ((x->sig_alg) && (x->sig_alg->algorithm))
@@ -1776,27 +1902,41 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
  #ifndef OPENSSL_NO_ECDH
                 if (ecdh_ok)
                         {
-                       if ((signature_nid == NID_md5WithRSAEncryption) ||
-                           (signature_nid == NID_md4WithRSAEncryption) ||
-                           (signature_nid == NID_md2WithRSAEncryption))
+                       const char *sig = OBJ_nid2ln(signature_nid);
+                       if (sig == NULL)
+                               {
+                               ERR_clear_error();
+                               sig = "unknown";
+                               }
+                               
+                       if (strstr(sig, "WithRSA"))
                                 {
-                               mask|=SSL_kECDH|SSL_aRSA;
+                               mask_k|=SSL_kECDHr;
+                               mask_a|=SSL_aECDH;
                                 if (ecc_pkey_size <= 163)
-                                       emask|=SSL_kECDH|SSL_aRSA;
+                                       {
+                                       emask_k|=SSL_kECDHr;
+                                       emask_a|=SSL_aECDH;
+                                       }
                                 }
+
                         if (signature_nid == NID_ecdsa_with_SHA1)
                                 {
-                               mask|=SSL_kECDH|SSL_aECDSA;
+                               mask_k|=SSL_kECDHe;
+                               mask_a|=SSL_aECDH;
                                 if (ecc_pkey_size <= 163)
-                                       emask|=SSL_kECDH|SSL_aECDSA;
+                                       {
+                                       emask_k|=SSL_kECDHe;
+                                       emask_a|=SSL_aECDH;
+                                       }
                                 }
                         }
  #endif
  #ifndef OPENSSL_NO_ECDSA
                 if (ecdsa_ok)
                         {
-                       mask|=SSL_aECDSA;
-                       emask|=SSL_aECDSA;
+                       mask_a|=SSL_aECDSA;
+                       emask_a|=SSL_aECDSA;
                         }
  #endif
                 }
@@ -1804,18 +1944,22 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
  #ifndef OPENSSL_NO_ECDH
         if (have_ecdh_tmp)
                 {
-               mask|=SSL_kECDHE;
-               emask|=SSL_kECDHE;
+               mask_k|=SSL_kEECDH;
+               emask_k|=SSL_kEECDH;
                 }
  #endif
  
  #ifndef OPENSSL_NO_PSK
-       mask  |= SSL_kPSK | SSL_aPSK;
-       emask |= SSL_kPSK | SSL_aPSK;
+       mask_k |= SSL_kPSK;
+       mask_a |= SSL_aPSK;
+       emask_k |= SSL_kPSK;
+       emask_a |= SSL_aPSK;
  #endif
  
-       c->mask=mask;
-       c->export_mask=emask;
+       c->mask_k=mask_k;
+       c->mask_a=mask_a;
+       c->export_mask_k=emask_k;
+       c->export_mask_a=emask_a;
         c->valid=1;
         }
  
@@ -1823,13 +1967,18 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
  #define ku_reject(x, usage) \
         (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
  
-int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
+#ifndef OPENSSL_NO_EC
+
+int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
         {
-       unsigned long alg = cs->algorithms;
+       unsigned long alg_k, alg_a;
         EVP_PKEY *pkey = NULL;
         int keysize = 0;
         int signature_nid = 0;
  
+       alg_k = cs->algorithm_mkey;
+       alg_a = cs->algorithm_auth;
+
         if (SSL_C_IS_EXPORT(cs))
                 {
                 /* ECDH key length in export ciphers must be <= 163 bits */
@@ -1844,37 +1993,46 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
         X509_check_purpose(x, -1, 0);
         if ((x->sig_alg) && (x->sig_alg->algorithm))
                 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
-       if (alg & SSL_kECDH) 
+       if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
                 {
                 /* key usage, if present, must allow key agreement */
                 if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))
                         {
+                       SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
                         return 0;
                         }
-               if (alg & SSL_aECDSA) 
+               if (alg_k & SSL_kECDHe)
                         {
                         /* signature alg must be ECDSA */
                         if (signature_nid != NID_ecdsa_with_SHA1)
                                 {
+                               SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
                                 return 0;
                                 }
                         }
-               if (alg & SSL_aRSA)
+               if (alg_k & SSL_kECDHr)
                         {
                         /* signature alg must be RSA */
-                       if ((signature_nid != NID_md5WithRSAEncryption) &&
-                           (signature_nid != NID_md4WithRSAEncryption) &&
-                           (signature_nid != NID_md2WithRSAEncryption))
+
+                       const char *sig = OBJ_nid2ln(signature_nid);
+                       if (sig == NULL)
+                               {
+                               ERR_clear_error();
+                               sig = "unknown";
+                               }
+                       if (strstr(sig, "WithRSA") == NULL)
                                 {
+                               SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
                                 return 0;
                                 }
                         }
-               } 
-       else if (alg & SSL_aECDSA)
+               }
+       if (alg_a & SSL_aECDSA)
                 {
                 /* key usage, if present, must allow signing */
                 if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))
                         {
+                       SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
                         return 0;
                         }
                 }
@@ -1882,58 +2040,74 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
         return 1;  /* all checks are ok */
         }
  
+#endif
+
  /* THIS NEEDS CLEANING UP */
  X509 *ssl_get_server_send_cert(SSL *s)
         {
-       unsigned long alg,mask,kalg;
+       unsigned long alg_k,alg_a,mask_k,mask_a;
         CERT *c;
         int i,is_export;
  
         c=s->cert;
         ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
-       alg=s->s3->tmp.new_cipher->algorithms;
         is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
-       mask=is_export?c->export_mask:c->mask;
-       kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
+       if (is_export)
+               {
+               mask_k = c->export_mask_k;
+               mask_a = c->export_mask_a;
+               }
+       else
+               {
+               mask_k = c->mask_k;
+               mask_a = c->mask_a;
+               }
+       
+       alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+       alg_a = s->s3->tmp.new_cipher->algorithm_auth;
  
-       if (kalg & SSL_kECDH)
+       if (alg_k & (SSL_kECDHr|SSL_kECDHe))
                 {
-               /* we don't need to look at SSL_kECDHE 
+               /* we don't need to look at SSL_kEECDH
                  * since no certificate is needed for
                  * anon ECDH and for authenticated
-                * ECDHE, the check for the auth 
+                * EECDH, the check for the auth
                  * algorithm will set i correctly
                  * NOTE: For ECDH-RSA, we need an ECC
-                * not an RSA cert but for ECDHE-RSA
+                * not an RSA cert but for EECDH-RSA
                  * we need an RSA cert. Placing the
                  * checks for SSL_kECDH before RSA
                  * checks ensures the correct cert is chosen.
                  */
                 i=SSL_PKEY_ECC;
                 }
-       else if (kalg & SSL_aECDSA)
+       else if (alg_a & SSL_aECDSA)
                 {
                 i=SSL_PKEY_ECC;
                 }
-       else if (kalg & SSL_kDHr)
+       else if (alg_k & SSL_kDHr)
                 i=SSL_PKEY_DH_RSA;
-       else if (kalg & SSL_kDHd)
+       else if (alg_k & SSL_kDHd)
                 i=SSL_PKEY_DH_DSA;
-       else if (kalg & SSL_aDSS)
+       else if (alg_a & SSL_aDSS)
                 i=SSL_PKEY_DSA_SIGN;
-       else if (kalg & SSL_aRSA)
+       else if (alg_a & SSL_aRSA)
                 {
                 if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
                         i=SSL_PKEY_RSA_SIGN;
                 else
                         i=SSL_PKEY_RSA_ENC;
                 }
-       else if (kalg & SSL_aKRB5)
+       else if (alg_a & SSL_aKRB5)
                 {
                 /* VRS something else here? */
                 return(NULL);
                 }
-       else /* if (kalg & SSL_aNULL) */
+       else if (alg_a & SSL_aGOST94) 
+               i=SSL_PKEY_GOST94;
+       else if (alg_a & SSL_aGOST01)
+               i=SSL_PKEY_GOST01;
+       else /* if (alg_a & SSL_aNULL) */
                 {
                 SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
                 return(NULL);
@@ -1943,18 +2117,18 @@ X509 *ssl_get_server_send_cert(SSL *s)
         return(c->pkeys[i].x509);
         }
  
-EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
+EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher)
         {
-       unsigned long alg;
+       unsigned long alg_a;
         CERT *c;
  
-       alg=cipher->algorithms;
+       alg_a = cipher->algorithm_auth;
         c=s->cert;
  
-       if ((alg & SSL_aDSS) &&
+       if ((alg_a & SSL_aDSS) &&
                 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
                 return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);
-       else if (alg & SSL_aRSA)
+       else if (alg_a & SSL_aRSA)
                 {
                 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
                         return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);
@@ -1963,10 +2137,10 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
                 else
                         return(NULL);
                 }
-       else if ((alg & SSL_aECDSA) &&
+       else if ((alg_a & SSL_aECDSA) &&
                  (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
                 return(c->pkeys[SSL_PKEY_ECC].privatekey);
-       else /* if (alg & SSL_aNULL) */
+       else /* if (alg_a & SSL_aNULL) */
                 {
                 SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
                 return(NULL);
@@ -2153,6 +2327,8 @@ void SSL_set_accept_state(SSL *s)
         s->handshake_func=s->method->ssl_accept;
         /* clear the current cipher */
         ssl_clear_cipher_ctx(s);
+       ssl_clear_hash_ctx(&s->read_hash);
+       ssl_clear_hash_ctx(&s->write_hash);
         }
  
  void SSL_set_connect_state(SSL *s)
@@ -2163,6 +2339,8 @@ void SSL_set_connect_state(SSL *s)
         s->handshake_func=s->method->ssl_connect;
         /* clear the current cipher */
         ssl_clear_cipher_ctx(s);
+       ssl_clear_hash_ctx(&s->read_hash);
+       ssl_clear_hash_ctx(&s->write_hash);
         }
  
  int ssl_undefined_function(SSL *s)
@@ -2207,7 +2385,7 @@ SSL *SSL_dup(SSL *s)
         X509_NAME *xn;
         SSL *ret;
         int i;
-                
+       
         if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
             return(NULL);
  
@@ -2377,7 +2555,7 @@ EVP_PKEY *SSL_get_privatekey(SSL *s)
                 return(NULL);
         }
  
-SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
+const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
         {
         if ((s->session != NULL) && (s->session->cipher != NULL))
                 return(s->session->cipher);
@@ -2455,7 +2633,7 @@ void ssl_free_wbio_buffer(SSL *s)
                 s->wbio=BIO_pop(s->wbio);
  #ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
                 assert(s->wbio != NULL);
-#endif 
+#endif
         }
         BIO_free(s->bbio);
         s->bbio=NULL;
@@ -2503,10 +2681,12 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
  
  SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
         {
-       if (ssl->ctx == ctx) 
+       if (ssl->ctx == ctx)
                 return ssl->ctx;
+#ifndef OPENSSL_NO_TLSEXT
         if (ctx == NULL)
                 ctx = ssl->initial_ctx;
+#endif
         if (ssl->cert != NULL)
                 ssl_cert_free(ssl->cert);
         ssl->cert = ssl_cert_dup(ctx->cert);
@@ -2531,7 +2711,7 @@ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
  #endif
  
  void SSL_set_info_callback(SSL *ssl,
-                          void (*cb)(const SSL *ssl,int type,int val))
+       void (*cb)(const SSL *ssl,int type,int val))
         {
         ssl->info_callback=cb;
         }
@@ -2659,13 +2839,13 @@ RSA *cb(SSL *ssl,int is_export,int keylength)
  
  #ifndef OPENSSL_NO_DH
  void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
-                                                       int keylength))
+                                                        int keylength))
         {
         SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
         }
  
  void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
-                                               int keylength))
+                                                int keylength))
         {
         SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
         }
@@ -2673,13 +2853,13 @@ void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
  
  #ifndef OPENSSL_NO_ECDH
  void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
-                                                       int keylength))
+                                                                int keylength))
         {
         SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
         }
  
  void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
-                                               int keylength))
+                                                        int keylength))
         {
         SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
         }
@@ -2745,6 +2925,36 @@ const char *SSL_get_psk_identity(const SSL *s)
                 return NULL;
         return(s->session->psk_identity);
         }
+
+void SSL_set_psk_client_callback(SSL *s,
+    unsigned int (*cb)(SSL *ssl, const char *hint,
+                       char *identity, unsigned int max_identity_len, unsigned char *psk,
+                       unsigned int max_psk_len))
+       {
+       s->psk_client_callback = cb;
+       }
+
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
+    unsigned int (*cb)(SSL *ssl, const char *hint,
+                       char *identity, unsigned int max_identity_len, unsigned char *psk,
+                       unsigned int max_psk_len))
+       {
+       ctx->psk_client_callback = cb;
+       }
+
+void SSL_set_psk_server_callback(SSL *s,
+    unsigned int (*cb)(SSL *ssl, const char *identity,
+                       unsigned char *psk, unsigned int max_psk_len))
+       {
+       s->psk_server_callback = cb;
+       }
+
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
+    unsigned int (*cb)(SSL *ssl, const char *identity,
+                       unsigned char *psk, unsigned int max_psk_len))
+       {
+       ctx->psk_server_callback = cb;
+       }
  #endif
  
  void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
@@ -2756,7 +2966,25 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
         SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
         }
  
+/* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
+ * vairable, freeing  EVP_MD_CTX previously stored in that variable, if
+ * any. If EVP_MD pointer is passed, initializes ctx with this md
+ * Returns newly allocated ctx;
+ */
+
+EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) 
+{
+       ssl_clear_hash_ctx(hash);
+       *hash = EVP_MD_CTX_create();
+       if (md) EVP_DigestInit_ex(*hash,md,NULL);
+       return *hash;
+}
+void ssl_clear_hash_ctx(EVP_MD_CTX **hash) 
+{
  
+       if (*hash) EVP_MD_CTX_destroy(*hash);
+       *hash=NULL;
+}
  
  #if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
  #include "../crypto/bio/bss_file.c"
@@ -2764,3 +2992,6 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
  
  IMPLEMENT_STACK_OF(SSL_CIPHER)
  IMPLEMENT_STACK_OF(SSL_COMP)
+IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
+                                   ssl_cipher_id);
+