ssl/s3_lib.c

   1 /* ssl/s3_lib.c */
   2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   3  * All rights reserved.
   4  *
   5  * This package is an SSL implementation written
   6  * by Eric Young (eay@cryptsoft.com).
   7  * The implementation was written so as to conform with Netscapes SSL.
   8  *
   9  * This library is free for commercial and non-commercial use as long as
  10  * the following conditions are aheared to.  The following conditions
  11  * apply to all code found in this distribution, be it the RC4, RSA,
  12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  13  * included with this distribution is covered by the same copyright terms
  14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15  *
  16  * Copyright remains Eric Young's, and as such any Copyright notices in
  17  * the code are not to be removed.
  18  * If this package is used in a product, Eric Young should be given attribution
  19  * as the author of the parts of the library used.
  20  * This can be in the form of a textual message at program startup or
  21  * in documentation (online or textual) provided with the package.
  22  *
  23  * Redistribution and use in source and binary forms, with or without
  24  * modification, are permitted provided that the following conditions
  25  * are met:
  26  * 1. Redistributions of source code must retain the copyright
  27  *    notice, this list of conditions and the following disclaimer.
  28  * 2. Redistributions in binary form must reproduce the above copyright
  29  *    notice, this list of conditions and the following disclaimer in the
  30  *    documentation and/or other materials provided with the distribution.
  31  * 3. All advertising materials mentioning features or use of this software
  32  *    must display the following acknowledgement:
  33  *    "This product includes cryptographic software written by
  34  *     Eric Young (eay@cryptsoft.com)"
  35  *    The word 'cryptographic' can be left out if the rouines from the library
  36  *    being used are not cryptographic related :-).
  37  * 4. If you include any Windows specific code (or a derivative thereof) from
  38  *    the apps directory (application code) you must include an acknowledgement:
  39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40  *
  41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51  * SUCH DAMAGE.
  52  *
  53  * The licence and distribution terms for any publically available version or
  54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  55  * copied and put under another distribution licence
  56  * [including the GNU Public Licence.]
  57  */
  58
  59 #include <stdio.h>
  60 #include <openssl/objects.h>
  61 #include "ssl_locl.h"
  62
  63 const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
  64
  65 #define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
  66
  67 static long ssl3_default_timeout(void );
  68 SSL_CIPHER ssl3_ciphers[]={
  69 /* The RSA ciphers */
  70 /* Cipher 01 */
  71         {
  72         1,
  73         SSL3_TXT_RSA_NULL_MD5,
  74         SSL3_CK_RSA_NULL_MD5,
  75         SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3,
  76         0,
  77         SSL_ALL_CIPHERS,
  78         },
  79 /* Cipher 02 */
  80         {
  81         1,
  82         SSL3_TXT_RSA_NULL_SHA,
  83         SSL3_CK_RSA_NULL_SHA,
  84         SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
  85         0,
  86         SSL_ALL_CIPHERS,
  87         },
  88
  89 /* anon DH */
  90 /* Cipher 17 */
  91         {
  92         1,
  93         SSL3_TXT_ADH_RC4_40_MD5,
  94         SSL3_CK_ADH_RC4_40_MD5,
  95         SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
  96         0,
  97         SSL_ALL_CIPHERS,
  98         },
  99 /* Cipher 18 */
 100         {
 101         1,
 102         SSL3_TXT_ADH_RC4_128_MD5,
 103         SSL3_CK_ADH_RC4_128_MD5,
 104         SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3,
 105         0,
 106         SSL_ALL_CIPHERS,
 107         },
 108 /* Cipher 19 */
 109         {
 110         1,
 111         SSL3_TXT_ADH_DES_40_CBC_SHA,
 112         SSL3_CK_ADH_DES_40_CBC_SHA,
 113         SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
 114         0,
 115         SSL_ALL_CIPHERS,
 116         },
 117 /* Cipher 1A */
 118         {
 119         1,
 120         SSL3_TXT_ADH_DES_64_CBC_SHA,
 121         SSL3_CK_ADH_DES_64_CBC_SHA,
 122         SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
 123         0,
 124         SSL_ALL_CIPHERS,
 125         },
 126 /* Cipher 1B */
 127         {
 128         1,
 129         SSL3_TXT_ADH_DES_192_CBC_SHA,
 130         SSL3_CK_ADH_DES_192_CBC_SHA,
 131         SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
 132         0,
 133         SSL_ALL_CIPHERS,
 134         },
 135
 136 /* RSA again */
 137 /* Cipher 03 */
 138         {
 139         1,
 140         SSL3_TXT_RSA_RC4_40_MD5,
 141         SSL3_CK_RSA_RC4_40_MD5,
 142         SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
 143         0,
 144         SSL_ALL_CIPHERS,
 145         },
 146 /* Cipher 04 */
 147         {
 148         1,
 149         SSL3_TXT_RSA_RC4_128_MD5,
 150         SSL3_CK_RSA_RC4_128_MD5,
 151         SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
 152         0,
 153         SSL_ALL_CIPHERS,
 154         },
 155 /* Cipher 05 */
 156         {
 157         1,
 158         SSL3_TXT_RSA_RC4_128_SHA,
 159         SSL3_CK_RSA_RC4_128_SHA,
 160         SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
 161         0,
 162         SSL_ALL_CIPHERS,
 163         },
 164 /* Cipher 06 */
 165         {
 166         1,
 167         SSL3_TXT_RSA_RC2_40_MD5,
 168         SSL3_CK_RSA_RC2_40_MD5,
 169         SSL_kRSA|SSL_aRSA|SSL_RC2  |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
 170         0,
 171         SSL_ALL_CIPHERS,
 172         },
 173 /* Cipher 07 */
 174         {
 175         1,
 176         SSL3_TXT_RSA_IDEA_128_SHA,
 177         SSL3_CK_RSA_IDEA_128_SHA,
 178         SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
 179         0,
 180         SSL_ALL_CIPHERS,
 181         },
 182 /* Cipher 08 */
 183         {
 184         1,
 185         SSL3_TXT_RSA_DES_40_CBC_SHA,
 186         SSL3_CK_RSA_DES_40_CBC_SHA,
 187         SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
 188         0,
 189         SSL_ALL_CIPHERS,
 190         },
 191 /* Cipher 09 */
 192         {
 193         1,
 194         SSL3_TXT_RSA_DES_64_CBC_SHA,
 195         SSL3_CK_RSA_DES_64_CBC_SHA,
 196         SSL_kRSA|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
 197         0,
 198         SSL_ALL_CIPHERS,
 199         },
 200 /* Cipher 0A */
 201         {
 202         1,
 203         SSL3_TXT_RSA_DES_192_CBC3_SHA,
 204         SSL3_CK_RSA_DES_192_CBC3_SHA,
 205         SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
 206         0,
 207         SSL_ALL_CIPHERS,
 208         },
 209
 210 /*  The DH ciphers */
 211 /* Cipher 0B */
 212         {
 213         0,
 214         SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
 215         SSL3_CK_DH_DSS_DES_40_CBC_SHA,
 216         SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
 217         0,
 218         SSL_ALL_CIPHERS,
 219         },
 220 /* Cipher 0C */
 221         {
 222         0,
 223         SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
 224         SSL3_CK_DH_DSS_DES_64_CBC_SHA,
 225         SSL_kDHd |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
 226         0,
 227         SSL_ALL_CIPHERS,
 228         },
 229 /* Cipher 0D */
 230         {
 231         0,
 232         SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
 233         SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
 234         SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
 235         0,
 236         SSL_ALL_CIPHERS,
 237         },
 238 /* Cipher 0E */
 239         {
 240         0,
 241         SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
 242         SSL3_CK_DH_RSA_DES_40_CBC_SHA,
 243         SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
 244         0,
 245         SSL_ALL_CIPHERS,
 246         },
 247 /* Cipher 0F */
 248         {
 249         0,
 250         SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
 251         SSL3_CK_DH_RSA_DES_64_CBC_SHA,
 252         SSL_kDHr |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
 253         0,
 254         SSL_ALL_CIPHERS,
 255         },
 256 /* Cipher 10 */
 257         {
 258         0,
 259         SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
 260         SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
 261         SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
 262         0,
 263         SSL_ALL_CIPHERS,
 264         },
 265
 266 /* The Ephemeral DH ciphers */
 267 /* Cipher 11 */
 268         {
 269         1,
 270         SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
 271         SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
 272         SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
 273         0,
 274         SSL_ALL_CIPHERS,
 275         },
 276 /* Cipher 12 */
 277         {
 278         1,
 279         SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
 280         SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
 281         SSL_kEDH|SSL_aDSS|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
 282         0,
 283         SSL_ALL_CIPHERS,
 284         },
 285 /* Cipher 13 */
 286         {
 287         1,
 288         SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
 289         SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
 290         SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
 291         0,
 292         SSL_ALL_CIPHERS,
 293         },
 294 /* Cipher 14 */
 295         {
 296         1,
 297         SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
 298         SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
 299         SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
 300         0,
 301         SSL_ALL_CIPHERS,
 302         },
 303 /* Cipher 15 */
 304         {
 305         1,
 306         SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
 307         SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
 308         SSL_kEDH|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
 309         0,
 310         SSL_ALL_CIPHERS,
 311         },
 312 /* Cipher 16 */
 313         {
 314         1,
 315         SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
 316         SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
 317         SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
 318         0,
 319         SSL_ALL_CIPHERS,
 320         },
 321
 322 /* Fortezza */
 323 /* Cipher 1C */
 324         {
 325         0,
 326         SSL3_TXT_FZA_DMS_NULL_SHA,
 327         SSL3_CK_FZA_DMS_NULL_SHA,
 328         SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
 329         0,
 330         SSL_ALL_CIPHERS,
 331         },
 332
 333 /* Cipher 1D */
 334         {
 335         0,
 336         SSL3_TXT_FZA_DMS_FZA_SHA,
 337         SSL3_CK_FZA_DMS_FZA_SHA,
 338         SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
 339         0,
 340         SSL_ALL_CIPHERS,
 341         },
 342
 343 /* Cipher 1E */
 344         {
 345         0,
 346         SSL3_TXT_FZA_DMS_RC4_SHA,
 347         SSL3_CK_FZA_DMS_RC4_SHA,
 348         SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
 349         0,
 350         SSL_ALL_CIPHERS,
 351         },
 352
 353 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
 354         /* New TLS Export CipherSuites */
 355         /* Cipher 60 */
 356             {
 357             1,
 358             TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
 359             TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
 360             SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP56|SSL_TLSV1,
 361             0,
 362             SSL_ALL_CIPHERS
 363             },
 364         /* Cipher 61 */
 365             {
 366             1,
 367             TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
 368             TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
 369             SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP56|SSL_TLSV1,
 370             0,
 371             SSL_ALL_CIPHERS
 372             },
 373         /* Cipher 62 */
 374             {
 375             1,
 376             TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
 377             TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
 378             SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1,
 379             0,
 380             SSL_ALL_CIPHERS
 381             },
 382         /* Cipher 63 */
 383             {
 384             1,
 385             TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
 386             TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
 387             SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1,
 388             0,
 389             SSL_ALL_CIPHERS
 390             },
 391         /* Cipher 64 */
 392             {
 393             1,
 394             TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
 395             TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
 396             SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_EXP56|SSL_TLSV1,
 397             0,
 398             SSL_ALL_CIPHERS
 399             },
 400         /* Cipher 65 */
 401             {
 402             1,
 403             TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
 404             TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
 405             SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_EXP56|SSL_TLSV1,
 406             0,
 407             SSL_ALL_CIPHERS
 408             },
 409         /* Cipher 66 */
 410             {
 411             1,
 412             TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
 413             TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
 414             SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
 415             0,
 416             SSL_ALL_CIPHERS
 417             },
 418 #endif
 419
 420 /* end of list */
 421         };
 422
 423 static SSL3_ENC_METHOD SSLv3_enc_data={
 424         ssl3_enc,
 425         ssl3_mac,
 426         ssl3_setup_key_block,
 427         ssl3_generate_master_secret,
 428         ssl3_change_cipher_state,
 429         ssl3_final_finish_mac,
 430         MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
 431         ssl3_cert_verify_mac,
 432         SSL3_MD_CLIENT_FINISHED_CONST,4,
 433         SSL3_MD_SERVER_FINISHED_CONST,4,
 434         ssl3_alert_code,
 435         };
 436
 437 static SSL_METHOD SSLv3_data= {
 438         SSL3_VERSION,
 439         ssl3_new,
 440         ssl3_clear,
 441         ssl3_free,
 442         ssl_undefined_function,
 443         ssl_undefined_function,
 444         ssl3_read,
 445         ssl3_peek,
 446         ssl3_write,
 447         ssl3_shutdown,
 448         ssl3_renegotiate,
 449         ssl3_renegotiate_check,
 450         ssl3_ctrl,
 451         ssl3_ctx_ctrl,
 452         ssl3_get_cipher_by_char,
 453         ssl3_put_cipher_by_char,
 454         ssl3_pending,
 455         ssl3_num_ciphers,
 456         ssl3_get_cipher,
 457         ssl_bad_method,
 458         ssl3_default_timeout,
 459         &SSLv3_enc_data,
 460         };
 461
 462 static long ssl3_default_timeout(void)
 463         {
 464         /* 2 hours, the 24 hours mentioned in the SSLv3 spec
 465          * is way too long for http, the cache would over fill */
 466         return(60*60*2);
 467         }
 468
 469 SSL_METHOD *sslv3_base_method(void)
 470         {
 471         return(&SSLv3_data);
 472         }
 473
 474 int ssl3_num_ciphers(void)
 475         {
 476         return(SSL3_NUM_CIPHERS);
 477         }
 478
 479 SSL_CIPHER *ssl3_get_cipher(unsigned int u)
 480         {
 481         if (u < SSL3_NUM_CIPHERS)
 482                 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
 483         else
 484                 return(NULL);
 485         }
 486
 487 /* The problem is that it may not be the correct record type */
 488 int ssl3_pending(SSL *s)
 489         {
 490         return(s->s3->rrec.length);
 491         }
 492
 493 int ssl3_new(SSL *s)
 494         {
 495         SSL3_CTX *s3;
 496
 497         if ((s3=(SSL3_CTX *)Malloc(sizeof(SSL3_CTX))) == NULL) goto err;
 498         memset(s3,0,sizeof(SSL3_CTX));
 499
 500         s->s3=s3;
 501         /*
 502         s->s3->tmp.ca_names=NULL;
 503         s->s3->tmp.key_block=NULL;
 504         s->s3->tmp.key_block_length=0;
 505         s->s3->rbuf.buf=NULL;
 506         s->s3->wbuf.buf=NULL;
 507         */
 508
 509         s->method->ssl_clear(s);
 510         return(1);
 511 err:
 512         return(0);
 513         }
 514
 515 void ssl3_free(SSL *s)
 516         {
 517         if(s == NULL)
 518             return;
 519
 520         ssl3_cleanup_key_block(s);
 521         if (s->s3->rbuf.buf != NULL)
 522                 Free(s->s3->rbuf.buf);
 523         if (s->s3->wbuf.buf != NULL)
 524                 Free(s->s3->wbuf.buf);
 525         if (s->s3->rrec.comp != NULL)
 526                 Free(s->s3->rrec.comp);
 527 #ifndef NO_DH
 528         if (s->s3->tmp.dh != NULL)
 529                 DH_free(s->s3->tmp.dh);
 530 #endif
 531         if (s->s3->tmp.ca_names != NULL)
 532                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
 533         memset(s->s3,0,sizeof(SSL3_CTX));
 534         Free(s->s3);
 535         s->s3=NULL;
 536         }
 537
 538 void ssl3_clear(SSL *s)
 539         {
 540         unsigned char *rp,*wp;
 541
 542         ssl3_cleanup_key_block(s);
 543         if (s->s3->tmp.ca_names != NULL)
 544                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
 545
 546         if (s->s3->rrec.comp != NULL)
 547                 {
 548                 Free(s->s3->rrec.comp);
 549                 s->s3->rrec.comp=NULL;
 550                 }
 551
 552         rp=s->s3->rbuf.buf;
 553         wp=s->s3->wbuf.buf;
 554
 555         memset(s->s3,0,sizeof(SSL3_CTX));
 556         if (rp != NULL) s->s3->rbuf.buf=rp;
 557         if (wp != NULL) s->s3->wbuf.buf=wp;
 558
 559         ssl_free_wbio_buffer(s);
 560
 561         s->packet_length=0;
 562         s->s3->renegotiate=0;
 563         s->s3->total_renegotiations=0;
 564         s->s3->num_renegotiations=0;
 565         s->s3->in_read_app_data=0;
 566         s->version=SSL3_VERSION;
 567         }
 568
 569 long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg)
 570         {
 571         int ret=0;
 572
 573 #if !defined(NO_DSA) || !defined(NO_RSA)
 574         if (
 575 #ifndef NO_RSA
 576             cmd == SSL_CTRL_SET_TMP_RSA ||
 577             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
 578 #endif
 579 #ifndef NO_DSA
 580             cmd == SSL_CTRL_SET_TMP_DH ||
 581             cmd == SSL_CTRL_SET_TMP_DH_CB ||
 582 #endif
 583                 0)
 584                 {
 585                 if (!ssl_cert_instantiate(&s->cert, s->ctx->default_cert))
 586                         {
 587                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
 588                         return(0);
 589                         }
 590                 }
 591 #endif
 592
 593         switch (cmd)
 594                 {
 595         case SSL_CTRL_GET_SESSION_REUSED:
 596                 ret=s->hit;
 597                 break;
 598         case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
 599                 break;
 600         case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
 601                 ret=s->s3->num_renegotiations;
 602                 break;
 603         case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
 604                 ret=s->s3->num_renegotiations;
 605                 s->s3->num_renegotiations=0;
 606                 break;
 607         case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
 608                 ret=s->s3->total_renegotiations;
 609                 break;
 610         case SSL_CTRL_GET_FLAGS:
 611                 ret=(int)(s->s3->flags);
 612                 break;
 613 #ifndef NO_RSA
 614         case SSL_CTRL_NEED_TMP_RSA:
 615                 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
 616                     ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
 617                      (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
 618                         ret = 1;
 619                 break;
 620         case SSL_CTRL_SET_TMP_RSA:
 621                 {
 622                         RSA *rsa = (RSA *)parg;
 623                         if (rsa == NULL) {
 624                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
 625                                 return(ret);
 626                         }
 627                         if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
 628                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
 629                                 return(ret);
 630                         }
 631                         if (s->cert->rsa_tmp != NULL)
 632                                 RSA_free(s->cert->rsa_tmp);
 633                         s->cert->rsa_tmp = rsa;
 634                         ret = 1;
 635                 }
 636                 break;
 637         case SSL_CTRL_SET_TMP_RSA_CB:
 638                 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))parg;
 639                 break;
 640 #endif
 641 #ifndef NO_DH
 642         case SSL_CTRL_SET_TMP_DH:
 643                 {
 644                         DH *dh = (DH *)parg;
 645                         if (dh == NULL) {
 646                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
 647                                 return(ret);
 648                         }
 649                         if ((dh = DHparams_dup(dh)) == NULL) {
 650                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
 651                                 return(ret);
 652                         }
 653                         if (!DH_generate_key(dh)) {
 654                                 DH_free(dh);
 655                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
 656                                 return(ret);
 657                         }
 658                         if (s->cert->dh_tmp != NULL)
 659                                 DH_free(s->cert->dh_tmp);
 660                         s->cert->dh_tmp = dh;
 661                         ret = 1;
 662                 }
 663                 break;
 664         case SSL_CTRL_SET_TMP_DH_CB:
 665                 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))parg;
 666                 break;
 667 #endif
 668         default:
 669                 break;
 670                 }
 671         return(ret);
 672         }
 673
 674 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
 675         {
 676         CERT *cert;
 677
 678         cert=ctx->default_cert;
 679
 680         switch (cmd)
 681                 {
 682 #ifndef NO_RSA
 683         case SSL_CTRL_NEED_TMP_RSA:
 684                 if (    (cert->rsa_tmp == NULL) &&
 685                         ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
 686                          (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
 687                         )
 688                         return(1);
 689                 else
 690                         return(0);
 691                 /* break; */
 692         case SSL_CTRL_SET_TMP_RSA:
 693                 {
 694                 RSA *rsa;
 695                 int i;
 696
 697                 rsa=(RSA *)parg;
 698                 i=1;
 699                 if (rsa == NULL)
 700                         i=0;
 701                 else
 702                         {
 703                         if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
 704                                 i=0;
 705                         }
 706                 if (!i)
 707                         {
 708                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
 709                         return(0);
 710                         }
 711                 else
 712                         {
 713                         if (cert->rsa_tmp != NULL)
 714                                 RSA_free(cert->rsa_tmp);
 715                         cert->rsa_tmp=rsa;
 716                         return(1);
 717                         }
 718                 }
 719                 /* break; */
 720         case SSL_CTRL_SET_TMP_RSA_CB:
 721                 cert->rsa_tmp_cb=(RSA *(*)(SSL *, int, int))parg;
 722                 break;
 723 #endif
 724 #ifndef NO_DH
 725         case SSL_CTRL_SET_TMP_DH:
 726                 {
 727                 DH *new=NULL,*dh;
 728                 int rret=0;
 729
 730                 dh=(DH *)parg;
 731                 if (    ((new=DHparams_dup(dh)) == NULL) ||
 732                         (!DH_generate_key(new)))
 733                         {
 734                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
 735                         if (new != NULL) DH_free(new);
 736                         }
 737                 else
 738                         {
 739                         if (cert->dh_tmp != NULL)
 740                                 DH_free(cert->dh_tmp);
 741                         cert->dh_tmp=new;
 742                         rret=1;
 743                         }
 744                 return(rret);
 745                 }
 746                 /*break; */
 747         case SSL_CTRL_SET_TMP_DH_CB:
 748                 cert->dh_tmp_cb=(DH *(*)(SSL *, int, int))parg;
 749                 break;
 750 #endif
 751         /* A Thawte special :-) */
 752         case SSL_CTRL_EXTRA_CHAIN_CERT:
 753                 if (ctx->extra_certs == NULL)
 754                         {
 755                         if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
 756                                 return(0);
 757                         }
 758                 sk_X509_push(ctx->extra_certs,(X509 *)parg);
 759                 break;
 760
 761         default:
 762                 return(0);
 763                 }
 764         return(1);
 765         }
 766
 767 /* This function needs to check if the ciphers required are actually
 768  * available */
 769 SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
 770         {
 771         static int init=1;
 772         static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
 773         SSL_CIPHER c,*cp= &c,**cpp;
 774         unsigned long id;
 775         int i;
 776
 777         if (init)
 778                 {
 779                 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
 780
 781                 for (i=0; i<SSL3_NUM_CIPHERS; i++)
 782                         sorted[i]= &(ssl3_ciphers[i]);
 783
 784                 qsort(  (char *)sorted,
 785                         SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
 786                         FP_ICC ssl_cipher_ptr_id_cmp);
 787
 788                 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
 789
 790                 init=0;
 791                 }
 792
 793         id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
 794         c.id=id;
 795         cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
 796                 (char *)sorted,
 797                 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
 798                 (int (*)())ssl_cipher_ptr_id_cmp);
 799         if ((cpp == NULL) || !(*cpp)->valid)
 800                 return(NULL);
 801         else
 802                 return(*cpp);
 803         }
 804
 805 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
 806         {
 807         long l;
 808
 809         if (p != NULL)
 810                 {
 811                 l=c->id;
 812                 if ((l & 0xff000000) != 0x03000000) return(0);
 813                 p[0]=((unsigned char)(l>> 8L))&0xFF;
 814                 p[1]=((unsigned char)(l     ))&0xFF;
 815                 }
 816         return(2);
 817         }
 818
 819 int ssl3_part_read(SSL *s, int i)
 820         {
 821         s->rwstate=SSL_READING;
 822
 823         if (i < 0)
 824                 {
 825                 return(i);
 826                 }
 827         else
 828                 {
 829                 s->init_num+=i;
 830                 return(0);
 831                 }
 832         }
 833
 834 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *have,
 835              STACK_OF(SSL_CIPHER) *pref)
 836         {
 837         SSL_CIPHER *c,*ret=NULL;
 838         int i,j,ok;
 839         CERT *cert;
 840         unsigned long alg,mask,emask;
 841
 842         /* Lets see which ciphers we can supported */
 843         if (s->cert != NULL)
 844                 cert=s->cert;
 845         else
 846                 cert=s->ctx->default_cert;
 847
 848         sk_SSL_CIPHER_set_cmp_func(pref,ssl_cipher_ptr_id_cmp);
 849
 850 #ifdef CIPHER_DEBUG
 851         printf("Have:\n");
 852         for(i=0 ; i < sk_num(pref) ; ++i)
 853             {
 854             c=(SSL_CIPHER *)sk_value(pref,i);
 855             printf("%p:%s\n",c,c->name);
 856             }
 857 #endif
 858
 859         for (i=0; i<sk_SSL_CIPHER_num(have); i++)
 860                 {
 861                 c=sk_SSL_CIPHER_value(have,i);
 862
 863                 ssl_set_cert_masks(cert,s->ctx->default_cert,c);
 864                 mask=cert->mask;
 865                 emask=cert->export_mask;
 866
 867                 alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
 868                 if (SSL_IS_EXPORT(c->algorithms))
 869                         {
 870                         ok=((alg & emask) == alg)?1:0;
 871 #ifdef CIPHER_DEBUG
 872                         printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,
 873                                c,c->name);
 874 #endif
 875                         }
 876                 else
 877                         {
 878                         ok=((alg & mask) == alg)?1:0;
 879 #ifdef CIPHER_DEBUG
 880                         printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,
 881                                c->name);
 882 #endif
 883                         }
 884
 885                 if (!ok) continue;
 886
 887                 j=sk_SSL_CIPHER_find(pref,c);
 888                 if (j >= 0)
 889                         {
 890                         ret=sk_SSL_CIPHER_value(pref,j);
 891                         break;
 892                         }
 893                 }
 894         return(ret);
 895         }
 896
 897 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 898         {
 899         int ret=0;
 900         unsigned long alg;
 901
 902         alg=s->s3->tmp.new_cipher->algorithms;
 903
 904 #ifndef NO_DH
 905         if (alg & (SSL_kDHr|SSL_kEDH))
 906                 {
 907 #  ifndef NO_RSA
 908                 p[ret++]=SSL3_CT_RSA_FIXED_DH;
 909 #  endif
 910 #  ifndef NO_DSA
 911                 p[ret++]=SSL3_CT_DSS_FIXED_DH;
 912 #  endif
 913                 }
 914         if ((s->version == SSL3_VERSION) &&
 915                 (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
 916                 {
 917 #  ifndef NO_RSA
 918                 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
 919 #  endif
 920 #  ifndef NO_DSA
 921                 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
 922 #  endif
 923                 }
 924 #endif /* !NO_DH */
 925 #ifndef NO_RSA
 926         p[ret++]=SSL3_CT_RSA_SIGN;
 927 #endif
 928 #ifndef NO_DSA
 929         p[ret++]=SSL3_CT_DSS_SIGN;
 930 #endif
 931         return(ret);
 932         }
 933
 934 int ssl3_shutdown(SSL *s)
 935         {
 936
 937         /* Don't do anything much if we have not done the handshake or
 938          * we don't want to send messages :-) */
 939         if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
 940                 {
 941                 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 942                 return(1);
 943                 }
 944
 945         if (!(s->shutdown & SSL_SENT_SHUTDOWN))
 946                 {
 947                 s->shutdown|=SSL_SENT_SHUTDOWN;
 948 #if 1
 949                 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
 950 #endif
 951                 /* our shutdown alert has been sent now, and if it still needs
 952                  * to be written, s->s3->alert_dispatch will be true */
 953                 }
 954         else if (s->s3->alert_dispatch)
 955                 {
 956                 /* resend it if not sent */
 957 #if 1
 958                 ssl3_dispatch_alert(s);
 959 #endif
 960                 }
 961         else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
 962                 {
 963                 /* If we are waiting for a close from our peer, we are closed */
 964                 ssl3_read_bytes(s,0,NULL,0);
 965                 }
 966
 967         if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
 968                 !s->s3->alert_dispatch)
 969                 return(1);
 970         else
 971                 return(0);
 972         }
 973
 974 int ssl3_write(SSL *s, const void *buf, int len)
 975         {
 976         int ret,n;
 977
 978 #if 0
 979         if (s->shutdown & SSL_SEND_SHUTDOWN)
 980                 {
 981                 s->rwstate=SSL_NOTHING;
 982                 return(0);
 983                 }
 984 #endif
 985         clear_sys_error();
 986         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
 987
 988         /* This is an experimental flag that sends the
 989          * last handshake message in the same packet as the first
 990          * use data - used to see if it helps the TCP protocol during
 991          * session-id reuse */
 992         /* The second test is because the buffer may have been removed */
 993         if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
 994                 {
 995                 /* First time through, we write into the buffer */
 996                 if (s->s3->delay_buf_pop_ret == 0)
 997                         {
 998                         ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
 999                                              buf,len);
1000                         if (ret <= 0) return(ret);
1001
1002                         s->s3->delay_buf_pop_ret=ret;
1003                         }
1004
1005                 s->rwstate=SSL_WRITING;
1006                 n=BIO_flush(s->wbio);
1007                 if (n <= 0) return(n);
1008                 s->rwstate=SSL_NOTHING;
1009
1010                 /* We have flushed the buffer, so remove it */
1011                 ssl_free_wbio_buffer(s);
1012                 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
1013
1014                 ret=s->s3->delay_buf_pop_ret;
1015                 s->s3->delay_buf_pop_ret=0;
1016                 }
1017         else
1018                 {
1019                 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
1020                                      buf,len);
1021                 if (ret <= 0) return(ret);
1022                 }
1023
1024         return(ret);
1025         }
1026
1027 int ssl3_read(SSL *s, void *buf, int len)
1028         {
1029         int ret;
1030
1031         clear_sys_error();
1032         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
1033         s->s3->in_read_app_data=1;
1034         ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
1035         if ((ret == -1) && (s->s3->in_read_app_data == 0))
1036                 {
1037                 ERR_get_error(); /* clear the error */
1038                 s->s3->in_read_app_data=0;
1039                 s->in_handshake++;
1040                 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
1041                 s->in_handshake--;
1042                 }
1043         else
1044                 s->s3->in_read_app_data=0;
1045
1046         return(ret);
1047         }
1048
1049 int ssl3_peek(SSL *s, char *buf, int len)
1050         {
1051         SSL3_RECORD *rr;
1052         int n;
1053
1054         rr= &(s->s3->rrec);
1055         if ((rr->length == 0) || (rr->type != SSL3_RT_APPLICATION_DATA))
1056                 {
1057                 n=ssl3_read(s,buf,1);
1058                 if (n <= 0) return(n);
1059                 rr->length++;
1060                 rr->off--;
1061                 }
1062
1063         if ((unsigned int)len > rr->length)
1064                 n=rr->length;
1065         else
1066                 n=len;
1067         memcpy(buf,&(rr->data[rr->off]),(unsigned int)n);
1068         return(n);
1069         }
1070
1071 int ssl3_renegotiate(SSL *s)
1072         {
1073         if (s->handshake_func == NULL)
1074                 return(1);
1075
1076         if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
1077                 return(0);
1078
1079         s->s3->renegotiate=1;
1080         return(1);
1081         }
1082
1083 int ssl3_renegotiate_check(SSL *s)
1084         {
1085         int ret=0;
1086
1087         if (s->s3->renegotiate)
1088                 {
1089                 if (    (s->s3->rbuf.left == 0) &&
1090                         (s->s3->wbuf.left == 0) &&
1091                         !SSL_in_init(s))
1092                         {
1093 /*
1094 if we are the server, and we have sent a 'RENEGOTIATE' message, we
1095 need to go to SSL_ST_ACCEPT.\1e
1096 */
1097                         /* SSL_ST_ACCEPT */
1098                         s->state=SSL_ST_RENEGOTIATE;
1099                         s->s3->renegotiate=0;
1100                         s->s3->num_renegotiations++;
1101                         s->s3->total_renegotiations++;
1102                         ret=1;
1103                         }
1104                 }
1105         return(ret);
1106         }
1107