ssl/s3_lib.c

   1 /* ssl/s3_lib.c */
   2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   3  * All rights reserved.
   4  *
   5  * This package is an SSL implementation written
   6  * by Eric Young (eay@cryptsoft.com).
   7  * The implementation was written so as to conform with Netscapes SSL.
   8  *
   9  * This library is free for commercial and non-commercial use as long as
  10  * the following conditions are aheared to.  The following conditions
  11  * apply to all code found in this distribution, be it the RC4, RSA,
  12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  13  * included with this distribution is covered by the same copyright terms
  14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15  *
  16  * Copyright remains Eric Young's, and as such any Copyright notices in
  17  * the code are not to be removed.
  18  * If this package is used in a product, Eric Young should be given attribution
  19  * as the author of the parts of the library used.
  20  * This can be in the form of a textual message at program startup or
  21  * in documentation (online or textual) provided with the package.
  22  *
  23  * Redistribution and use in source and binary forms, with or without
  24  * modification, are permitted provided that the following conditions
  25  * are met:
  26  * 1. Redistributions of source code must retain the copyright
  27  *    notice, this list of conditions and the following disclaimer.
  28  * 2. Redistributions in binary form must reproduce the above copyright
  29  *    notice, this list of conditions and the following disclaimer in the
  30  *    documentation and/or other materials provided with the distribution.
  31  * 3. All advertising materials mentioning features or use of this software
  32  *    must display the following acknowledgement:
  33  *    "This product includes cryptographic software written by
  34  *     Eric Young (eay@cryptsoft.com)"
  35  *    The word 'cryptographic' can be left out if the rouines from the library
  36  *    being used are not cryptographic related :-).
  37  * 4. If you include any Windows specific code (or a derivative thereof) from
  38  *    the apps directory (application code) you must include an acknowledgement:
  39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40  *
  41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51  * SUCH DAMAGE.
  52  *
  53  * The licence and distribution terms for any publically available version or
  54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  55  * copied and put under another distribution licence
  56  * [including the GNU Public Licence.]
  57  */
  58
  59 #include <stdio.h>
  60 #include <openssl/md5.h>
  61 #include <openssl/sha.h>
  62 #include <openssl/objects.h>
  63 #include "ssl_locl.h"
  64
  65 const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
  66
  67 #define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
  68
  69 static long ssl3_default_timeout(void );
  70
  71 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
  72 /* The RSA ciphers */
  73 /* Cipher 01 */
  74         {
  75         1,
  76         SSL3_TXT_RSA_NULL_MD5,
  77         SSL3_CK_RSA_NULL_MD5,
  78         SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
  79         SSL_NOT_EXP,
  80         0,
  81         0,
  82         0,
  83         SSL_ALL_CIPHERS,
  84         SSL_ALL_STRENGTHS,
  85         },
  86 /* Cipher 02 */
  87         {
  88         1,
  89         SSL3_TXT_RSA_NULL_SHA,
  90         SSL3_CK_RSA_NULL_SHA,
  91         SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
  92         SSL_NOT_EXP,
  93         0,
  94         0,
  95         0,
  96         SSL_ALL_CIPHERS,
  97         SSL_ALL_STRENGTHS,
  98         },
  99
 100 /* anon DH */
 101 /* Cipher 17 */
 102         {
 103         1,
 104         SSL3_TXT_ADH_RC4_40_MD5,
 105         SSL3_CK_ADH_RC4_40_MD5,
 106         SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
 107         SSL_EXPORT|SSL_EXP40,
 108         0,
 109         40,
 110         128,
 111         SSL_ALL_CIPHERS,
 112         SSL_ALL_STRENGTHS,
 113         },
 114 /* Cipher 18 */
 115         {
 116         1,
 117         SSL3_TXT_ADH_RC4_128_MD5,
 118         SSL3_CK_ADH_RC4_128_MD5,
 119         SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
 120         SSL_NOT_EXP,
 121         0,
 122         128,
 123         128,
 124         SSL_ALL_CIPHERS,
 125         SSL_ALL_STRENGTHS,
 126         },
 127 /* Cipher 19 */
 128         {
 129         1,
 130         SSL3_TXT_ADH_DES_40_CBC_SHA,
 131         SSL3_CK_ADH_DES_40_CBC_SHA,
 132         SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
 133         SSL_EXPORT|SSL_EXP40,
 134         0,
 135         40,
 136         128,
 137         SSL_ALL_CIPHERS,
 138         SSL_ALL_STRENGTHS,
 139         },
 140 /* Cipher 1A */
 141         {
 142         1,
 143         SSL3_TXT_ADH_DES_64_CBC_SHA,
 144         SSL3_CK_ADH_DES_64_CBC_SHA,
 145         SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_SSLV3,
 146         SSL_NOT_EXP,
 147         0,
 148         56,
 149         56,
 150         SSL_ALL_CIPHERS,
 151         SSL_ALL_STRENGTHS,
 152         },
 153 /* Cipher 1B */
 154         {
 155         1,
 156         SSL3_TXT_ADH_DES_192_CBC_SHA,
 157         SSL3_CK_ADH_DES_192_CBC_SHA,
 158         SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
 159         SSL_NOT_EXP,
 160         0,
 161         168,
 162         168,
 163         SSL_ALL_CIPHERS,
 164         SSL_ALL_STRENGTHS,
 165         },
 166
 167 /* RSA again */
 168 /* Cipher 03 */
 169         {
 170         1,
 171         SSL3_TXT_RSA_RC4_40_MD5,
 172         SSL3_CK_RSA_RC4_40_MD5,
 173         SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
 174         SSL_EXPORT|SSL_EXP40,
 175         0,
 176         40,
 177         128,
 178         SSL_ALL_CIPHERS,
 179         SSL_ALL_STRENGTHS,
 180         },
 181 /* Cipher 04 */
 182         {
 183         1,
 184         SSL3_TXT_RSA_RC4_128_MD5,
 185         SSL3_CK_RSA_RC4_128_MD5,
 186         SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5|SSL_SSLV3,
 187         SSL_NOT_EXP|SSL_MEDIUM,
 188         0,
 189         128,
 190         128,
 191         SSL_ALL_CIPHERS,
 192         SSL_ALL_STRENGTHS,
 193         },
 194 /* Cipher 05 */
 195         {
 196         1,
 197         SSL3_TXT_RSA_RC4_128_SHA,
 198         SSL3_CK_RSA_RC4_128_SHA,
 199         SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_SHA1|SSL_SSLV3,
 200         SSL_NOT_EXP|SSL_MEDIUM,
 201         0,
 202         128,
 203         128,
 204         SSL_ALL_CIPHERS,
 205         SSL_ALL_STRENGTHS,
 206         },
 207 /* Cipher 06 */
 208         {
 209         1,
 210         SSL3_TXT_RSA_RC2_40_MD5,
 211         SSL3_CK_RSA_RC2_40_MD5,
 212         SSL_kRSA|SSL_aRSA|SSL_RC2  |SSL_MD5 |SSL_SSLV3,
 213         SSL_EXPORT|SSL_EXP40,
 214         0,
 215         40,
 216         128,
 217         SSL_ALL_CIPHERS,
 218         SSL_ALL_STRENGTHS,
 219         },
 220 /* Cipher 07 */
 221         {
 222         1,
 223         SSL3_TXT_RSA_IDEA_128_SHA,
 224         SSL3_CK_RSA_IDEA_128_SHA,
 225         SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3,
 226         SSL_NOT_EXP|SSL_MEDIUM,
 227         0,
 228         128,
 229         128,
 230         SSL_ALL_CIPHERS,
 231         SSL_ALL_STRENGTHS,
 232         },
 233 /* Cipher 08 */
 234         {
 235         1,
 236         SSL3_TXT_RSA_DES_40_CBC_SHA,
 237         SSL3_CK_RSA_DES_40_CBC_SHA,
 238         SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
 239         SSL_EXPORT|SSL_EXP40,
 240         0,
 241         40,
 242         56,
 243         SSL_ALL_CIPHERS,
 244         SSL_ALL_STRENGTHS,
 245         },
 246 /* Cipher 09 */
 247         {
 248         1,
 249         SSL3_TXT_RSA_DES_64_CBC_SHA,
 250         SSL3_CK_RSA_DES_64_CBC_SHA,
 251         SSL_kRSA|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,
 252         SSL_NOT_EXP|SSL_LOW,
 253         0,
 254         56,
 255         56,
 256         SSL_ALL_CIPHERS,
 257         SSL_ALL_STRENGTHS,
 258         },
 259 /* Cipher 0A */
 260         {
 261         1,
 262         SSL3_TXT_RSA_DES_192_CBC3_SHA,
 263         SSL3_CK_RSA_DES_192_CBC3_SHA,
 264         SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
 265         SSL_NOT_EXP|SSL_HIGH,
 266         0,
 267         168,
 268         168,
 269         SSL_ALL_CIPHERS,
 270         SSL_ALL_STRENGTHS,
 271         },
 272
 273 /*  The DH ciphers */
 274 /* Cipher 0B */
 275         {
 276         0,
 277         SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
 278         SSL3_CK_DH_DSS_DES_40_CBC_SHA,
 279         SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
 280         SSL_EXPORT|SSL_EXP40,
 281         0,
 282         40,
 283         56,
 284         SSL_ALL_CIPHERS,
 285         SSL_ALL_STRENGTHS,
 286         },
 287 /* Cipher 0C */
 288         {
 289         0,
 290         SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
 291         SSL3_CK_DH_DSS_DES_64_CBC_SHA,
 292         SSL_kDHd |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
 293         SSL_NOT_EXP|SSL_LOW,
 294         0,
 295         56,
 296         56,
 297         SSL_ALL_CIPHERS,
 298         SSL_ALL_STRENGTHS,
 299         },
 300 /* Cipher 0D */
 301         {
 302         0,
 303         SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
 304         SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
 305         SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
 306         SSL_NOT_EXP|SSL_HIGH,
 307         0,
 308         168,
 309         168,
 310         SSL_ALL_CIPHERS,
 311         SSL_ALL_STRENGTHS,
 312         },
 313 /* Cipher 0E */
 314         {
 315         0,
 316         SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
 317         SSL3_CK_DH_RSA_DES_40_CBC_SHA,
 318         SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
 319         SSL_EXPORT|SSL_EXP40,
 320         0,
 321         40,
 322         56,
 323         SSL_ALL_CIPHERS,
 324         SSL_ALL_STRENGTHS,
 325         },
 326 /* Cipher 0F */
 327         {
 328         0,
 329         SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
 330         SSL3_CK_DH_RSA_DES_64_CBC_SHA,
 331         SSL_kDHr |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
 332         SSL_NOT_EXP|SSL_LOW,
 333         0,
 334         56,
 335         56,
 336         SSL_ALL_CIPHERS,
 337         SSL_ALL_STRENGTHS,
 338         },
 339 /* Cipher 10 */
 340         {
 341         0,
 342         SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
 343         SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
 344         SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
 345         SSL_NOT_EXP|SSL_HIGH,
 346         0,
 347         168,
 348         168,
 349         SSL_ALL_CIPHERS,
 350         SSL_ALL_STRENGTHS,
 351         },
 352
 353 /* The Ephemeral DH ciphers */
 354 /* Cipher 11 */
 355         {
 356         1,
 357         SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
 358         SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
 359         SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
 360         SSL_EXPORT|SSL_EXP40,
 361         0,
 362         40,
 363         56,
 364         SSL_ALL_CIPHERS,
 365         SSL_ALL_STRENGTHS,
 366         },
 367 /* Cipher 12 */
 368         {
 369         1,
 370         SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
 371         SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
 372         SSL_kEDH|SSL_aDSS|SSL_DES  |SSL_SHA1|SSL_SSLV3,
 373         SSL_NOT_EXP|SSL_LOW,
 374         0,
 375         56,
 376         56,
 377         SSL_ALL_CIPHERS,
 378         SSL_ALL_STRENGTHS,
 379         },
 380 /* Cipher 13 */
 381         {
 382         1,
 383         SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
 384         SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
 385         SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
 386         SSL_NOT_EXP|SSL_HIGH,
 387         0,
 388         168,
 389         168,
 390         SSL_ALL_CIPHERS,
 391         SSL_ALL_STRENGTHS,
 392         },
 393 /* Cipher 14 */
 394         {
 395         1,
 396         SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
 397         SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
 398         SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
 399         SSL_EXPORT|SSL_EXP40,
 400         0,
 401         40,
 402         56,
 403         SSL_ALL_CIPHERS,
 404         SSL_ALL_STRENGTHS,
 405         },
 406 /* Cipher 15 */
 407         {
 408         1,
 409         SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
 410         SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
 411         SSL_kEDH|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,
 412         SSL_NOT_EXP|SSL_LOW,
 413         0,
 414         56,
 415         56,
 416         SSL_ALL_CIPHERS,
 417         SSL_ALL_STRENGTHS,
 418         },
 419 /* Cipher 16 */
 420         {
 421         1,
 422         SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
 423         SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
 424         SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
 425         SSL_NOT_EXP|SSL_HIGH,
 426         0,
 427         168,
 428         168,
 429         SSL_ALL_CIPHERS,
 430         SSL_ALL_STRENGTHS,
 431         },
 432
 433 /* Fortezza */
 434 /* Cipher 1C */
 435         {
 436         0,
 437         SSL3_TXT_FZA_DMS_NULL_SHA,
 438         SSL3_CK_FZA_DMS_NULL_SHA,
 439         SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
 440         SSL_NOT_EXP,
 441         0,
 442         0,
 443         0,
 444         SSL_ALL_CIPHERS,
 445         SSL_ALL_STRENGTHS,
 446         },
 447
 448 /* Cipher 1D */
 449         {
 450         0,
 451         SSL3_TXT_FZA_DMS_FZA_SHA,
 452         SSL3_CK_FZA_DMS_FZA_SHA,
 453         SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
 454         SSL_NOT_EXP,
 455         0,
 456         0,
 457         0,
 458         SSL_ALL_CIPHERS,
 459         SSL_ALL_STRENGTHS,
 460         },
 461
 462 /* Cipher 1E */
 463         {
 464         0,
 465         SSL3_TXT_FZA_DMS_RC4_SHA,
 466         SSL3_CK_FZA_DMS_RC4_SHA,
 467         SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|SSL_SSLV3,
 468         SSL_NOT_EXP,
 469         0,
 470         128,
 471         128,
 472         SSL_ALL_CIPHERS,
 473         SSL_ALL_STRENGTHS,
 474         },
 475
 476 #ifndef NO_KRB5
 477 /* The Kerberos ciphers
 478 ** 20000107 VRS: And the first shall be last,
 479 ** in hopes of avoiding the lynx ssl renegotiation problem.
 480 */
 481 /* Cipher 21 VRS */
 482         {
 483         1,
 484         SSL3_TXT_KRB5_DES_40_CBC_SHA,
 485         SSL3_CK_KRB5_DES_40_CBC_SHA,
 486         SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
 487         SSL_EXPORT|SSL_EXP40,
 488         0,
 489         40,
 490         56,
 491         SSL_ALL_CIPHERS,
 492         SSL_ALL_STRENGTHS,
 493         },
 494
 495 /* Cipher 22 VRS */
 496         {
 497         1,
 498         SSL3_TXT_KRB5_DES_40_CBC_MD5,
 499         SSL3_CK_KRB5_DES_40_CBC_MD5,
 500         SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
 501         SSL_EXPORT|SSL_EXP40,
 502         0,
 503         40,
 504         56,
 505         SSL_ALL_CIPHERS,
 506         SSL_ALL_STRENGTHS,
 507         },
 508
 509 /* Cipher 23 VRS */
 510         {
 511         1,
 512         SSL3_TXT_KRB5_DES_64_CBC_SHA,
 513         SSL3_CK_KRB5_DES_64_CBC_SHA,
 514         SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
 515         SSL_NOT_EXP|SSL_LOW,
 516         0,
 517         56,
 518         56,
 519         SSL_ALL_CIPHERS,
 520         SSL_ALL_STRENGTHS,
 521         },
 522
 523 /* Cipher 24 VRS */
 524         {
 525         1,
 526         SSL3_TXT_KRB5_DES_64_CBC_MD5,
 527         SSL3_CK_KRB5_DES_64_CBC_MD5,
 528         SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
 529         SSL_NOT_EXP|SSL_LOW,
 530         0,
 531         56,
 532         56,
 533         SSL_ALL_CIPHERS,
 534         SSL_ALL_STRENGTHS,
 535         },
 536
 537 /* Cipher 25 VRS */
 538         {
 539         1,
 540         SSL3_TXT_KRB5_DES_192_CBC3_SHA,
 541         SSL3_CK_KRB5_DES_192_CBC3_SHA,
 542         SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_SHA1  |SSL_SSLV3,
 543         SSL_NOT_EXP|SSL_HIGH,
 544         0,
 545         112,
 546         168,
 547         SSL_ALL_CIPHERS,
 548         SSL_ALL_STRENGTHS,
 549         },
 550
 551 /* Cipher 26 VRS */
 552         {
 553         1,
 554         SSL3_TXT_KRB5_DES_192_CBC3_MD5,
 555         SSL3_CK_KRB5_DES_192_CBC3_MD5,
 556         SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_MD5   |SSL_SSLV3,
 557         SSL_NOT_EXP|SSL_HIGH,
 558         0,
 559         112,
 560         168,
 561         SSL_ALL_CIPHERS,
 562         SSL_ALL_STRENGTHS,
 563         },
 564 #endif  /* NO_KRB5 */
 565 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
 566         /* New TLS Export CipherSuites */
 567         /* Cipher 60 */
 568             {
 569             1,
 570             TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
 571             TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
 572             SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
 573             SSL_EXPORT|SSL_EXP56,
 574             0,
 575             56,
 576             128,
 577             SSL_ALL_CIPHERS,
 578             SSL_ALL_STRENGTHS,
 579             },
 580         /* Cipher 61 */
 581             {
 582             1,
 583             TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
 584             TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
 585             SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
 586             SSL_EXPORT|SSL_EXP56,
 587             0,
 588             56,
 589             128,
 590             SSL_ALL_CIPHERS,
 591             SSL_ALL_STRENGTHS,
 592             },
 593         /* Cipher 62 */
 594             {
 595             1,
 596             TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
 597             TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
 598             SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
 599             SSL_EXPORT|SSL_EXP56,
 600             0,
 601             56,
 602             56,
 603             SSL_ALL_CIPHERS,
 604             SSL_ALL_STRENGTHS,
 605             },
 606         /* Cipher 63 */
 607             {
 608             1,
 609             TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
 610             TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
 611             SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
 612             SSL_EXPORT|SSL_EXP56,
 613             0,
 614             56,
 615             56,
 616             SSL_ALL_CIPHERS,
 617             SSL_ALL_STRENGTHS,
 618             },
 619         /* Cipher 64 */
 620             {
 621             1,
 622             TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
 623             TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
 624             SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
 625             SSL_EXPORT|SSL_EXP56,
 626             0,
 627             56,
 628             128,
 629             SSL_ALL_CIPHERS,
 630             SSL_ALL_STRENGTHS,
 631             },
 632         /* Cipher 65 */
 633             {
 634             1,
 635             TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
 636             TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
 637             SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
 638             SSL_EXPORT|SSL_EXP56,
 639             0,
 640             56,
 641             128,
 642             SSL_ALL_CIPHERS,
 643             SSL_ALL_STRENGTHS,
 644             },
 645         /* Cipher 66 */
 646             {
 647             1,
 648             TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
 649             TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
 650             SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
 651             SSL_NOT_EXP,
 652             0,
 653             128,
 654             128,
 655             SSL_ALL_CIPHERS,
 656             SSL_ALL_STRENGTHS
 657             },
 658 #endif
 659
 660 /* end of list */
 661         };
 662
 663 static SSL3_ENC_METHOD SSLv3_enc_data={
 664         ssl3_enc,
 665         ssl3_mac,
 666         ssl3_setup_key_block,
 667         ssl3_generate_master_secret,
 668         ssl3_change_cipher_state,
 669         ssl3_final_finish_mac,
 670         MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
 671         ssl3_cert_verify_mac,
 672         SSL3_MD_CLIENT_FINISHED_CONST,4,
 673         SSL3_MD_SERVER_FINISHED_CONST,4,
 674         ssl3_alert_code,
 675         };
 676
 677 static SSL_METHOD SSLv3_data= {
 678         SSL3_VERSION,
 679         ssl3_new,
 680         ssl3_clear,
 681         ssl3_free,
 682         ssl_undefined_function,
 683         ssl_undefined_function,
 684         ssl3_read,
 685         ssl3_peek,
 686         ssl3_write,
 687         ssl3_shutdown,
 688         ssl3_renegotiate,
 689         ssl3_renegotiate_check,
 690         ssl3_ctrl,
 691         ssl3_ctx_ctrl,
 692         ssl3_get_cipher_by_char,
 693         ssl3_put_cipher_by_char,
 694         ssl3_pending,
 695         ssl3_num_ciphers,
 696         ssl3_get_cipher,
 697         ssl_bad_method,
 698         ssl3_default_timeout,
 699         &SSLv3_enc_data,
 700         ssl_undefined_function,
 701         ssl3_callback_ctrl,
 702         ssl3_ctx_callback_ctrl,
 703         };
 704
 705 static long ssl3_default_timeout(void)
 706         {
 707         /* 2 hours, the 24 hours mentioned in the SSLv3 spec
 708          * is way too long for http, the cache would over fill */
 709         return(60*60*2);
 710         }
 711
 712 SSL_METHOD *sslv3_base_method(void)
 713         {
 714         return(&SSLv3_data);
 715         }
 716
 717 int ssl3_num_ciphers(void)
 718         {
 719         return(SSL3_NUM_CIPHERS);
 720         }
 721
 722 SSL_CIPHER *ssl3_get_cipher(unsigned int u)
 723         {
 724         if (u < SSL3_NUM_CIPHERS)
 725                 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
 726         else
 727                 return(NULL);
 728         }
 729
 730 int ssl3_pending(SSL *s)
 731         {
 732         /* The problem is that it may not be the correct record type */
 733         return(s->s3->rrec.length); /* FIXME */
 734         }
 735
 736 int ssl3_new(SSL *s)
 737         {
 738         SSL3_STATE *s3;
 739
 740         if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
 741         memset(s3,0,sizeof *s3);
 742
 743         s->s3=s3;
 744
 745         s->method->ssl_clear(s);
 746         return(1);
 747 err:
 748         return(0);
 749         }
 750
 751 void ssl3_free(SSL *s)
 752         {
 753         if(s == NULL)
 754             return;
 755
 756         ssl3_cleanup_key_block(s);
 757         if (s->s3->rbuf.buf != NULL)
 758                 OPENSSL_free(s->s3->rbuf.buf);
 759         if (s->s3->wbuf.buf != NULL)
 760                 OPENSSL_free(s->s3->wbuf.buf);
 761         if (s->s3->rrec.comp != NULL)
 762                 OPENSSL_free(s->s3->rrec.comp);
 763 #ifndef NO_DH
 764         if (s->s3->tmp.dh != NULL)
 765                 DH_free(s->s3->tmp.dh);
 766 #endif
 767         if (s->s3->tmp.ca_names != NULL)
 768                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
 769         memset(s->s3,0,sizeof *s->s3);
 770         OPENSSL_free(s->s3);
 771         s->s3=NULL;
 772         }
 773
 774 void ssl3_clear(SSL *s)
 775         {
 776         unsigned char *rp,*wp;
 777
 778         ssl3_cleanup_key_block(s);
 779         if (s->s3->tmp.ca_names != NULL)
 780                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
 781
 782         if (s->s3->rrec.comp != NULL)
 783                 {
 784                 OPENSSL_free(s->s3->rrec.comp);
 785                 s->s3->rrec.comp=NULL;
 786                 }
 787 #ifndef NO_DH
 788         if (s->s3->tmp.dh != NULL)
 789                 DH_free(s->s3->tmp.dh);
 790 #endif
 791
 792         rp=s->s3->rbuf.buf;
 793         wp=s->s3->wbuf.buf;
 794
 795         memset(s->s3,0,sizeof *s->s3);
 796         if (rp != NULL) s->s3->rbuf.buf=rp;
 797         if (wp != NULL) s->s3->wbuf.buf=wp;
 798
 799         ssl_free_wbio_buffer(s);
 800
 801         s->packet_length=0;
 802         s->s3->renegotiate=0;
 803         s->s3->total_renegotiations=0;
 804         s->s3->num_renegotiations=0;
 805         s->s3->in_read_app_data=0;
 806         s->version=SSL3_VERSION;
 807         }
 808
 809 long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg)
 810         {
 811         int ret=0;
 812
 813 #if !defined(NO_DSA) || !defined(NO_RSA)
 814         if (
 815 #ifndef NO_RSA
 816             cmd == SSL_CTRL_SET_TMP_RSA ||
 817             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
 818 #endif
 819 #ifndef NO_DSA
 820             cmd == SSL_CTRL_SET_TMP_DH ||
 821             cmd == SSL_CTRL_SET_TMP_DH_CB ||
 822 #endif
 823                 0)
 824                 {
 825                 if (!ssl_cert_inst(&s->cert))
 826                         {
 827                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
 828                         return(0);
 829                         }
 830                 }
 831 #endif
 832
 833         switch (cmd)
 834                 {
 835         case SSL_CTRL_GET_SESSION_REUSED:
 836                 ret=s->hit;
 837                 break;
 838         case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
 839                 break;
 840         case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
 841                 ret=s->s3->num_renegotiations;
 842                 break;
 843         case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
 844                 ret=s->s3->num_renegotiations;
 845                 s->s3->num_renegotiations=0;
 846                 break;
 847         case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
 848                 ret=s->s3->total_renegotiations;
 849                 break;
 850         case SSL_CTRL_GET_FLAGS:
 851                 ret=(int)(s->s3->flags);
 852                 break;
 853 #ifndef NO_RSA
 854         case SSL_CTRL_NEED_TMP_RSA:
 855                 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
 856                     ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
 857                      (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
 858                         ret = 1;
 859                 break;
 860         case SSL_CTRL_SET_TMP_RSA:
 861                 {
 862                         RSA *rsa = (RSA *)parg;
 863                         if (rsa == NULL)
 864                                 {
 865                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
 866                                 return(ret);
 867                                 }
 868                         if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
 869                                 {
 870                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
 871                                 return(ret);
 872                                 }
 873                         if (s->cert->rsa_tmp != NULL)
 874                                 RSA_free(s->cert->rsa_tmp);
 875                         s->cert->rsa_tmp = rsa;
 876                         ret = 1;
 877                 }
 878                 break;
 879         case SSL_CTRL_SET_TMP_RSA_CB:
 880                 {
 881                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
 882                 return(ret);
 883                 }
 884                 break;
 885 #endif
 886 #ifndef NO_DH
 887         case SSL_CTRL_SET_TMP_DH:
 888                 {
 889                         DH *dh = (DH *)parg;
 890                         if (dh == NULL)
 891                                 {
 892                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
 893                                 return(ret);
 894                                 }
 895                         if ((dh = DHparams_dup(dh)) == NULL)
 896                                 {
 897                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
 898                                 return(ret);
 899                                 }
 900                         if (!(s->options & SSL_OP_SINGLE_DH_USE))
 901                                 {
 902                                 if (!DH_generate_key(dh))
 903                                         {
 904                                         DH_free(dh);
 905                                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
 906                                         return(ret);
 907                                         }
 908                                 }
 909                         if (s->cert->dh_tmp != NULL)
 910                                 DH_free(s->cert->dh_tmp);
 911                         s->cert->dh_tmp = dh;
 912                         ret = 1;
 913                 }
 914                 break;
 915         case SSL_CTRL_SET_TMP_DH_CB:
 916                 {
 917                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
 918                 return(ret);
 919                 }
 920                 break;
 921 #endif
 922         default:
 923                 break;
 924                 }
 925         return(ret);
 926         }
 927
 928 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
 929         {
 930         int ret=0;
 931
 932 #if !defined(NO_DSA) || !defined(NO_RSA)
 933         if (
 934 #ifndef NO_RSA
 935             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
 936 #endif
 937 #ifndef NO_DSA
 938             cmd == SSL_CTRL_SET_TMP_DH_CB ||
 939 #endif
 940                 0)
 941                 {
 942                 if (!ssl_cert_inst(&s->cert))
 943                         {
 944                         SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
 945                         return(0);
 946                         }
 947                 }
 948 #endif
 949
 950         switch (cmd)
 951                 {
 952 #ifndef NO_RSA
 953         case SSL_CTRL_SET_TMP_RSA_CB:
 954                 {
 955                 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
 956                 }
 957                 break;
 958 #endif
 959 #ifndef NO_DH
 960         case SSL_CTRL_SET_TMP_DH_CB:
 961                 {
 962                 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
 963                 }
 964                 break;
 965 #endif
 966         default:
 967                 break;
 968                 }
 969         return(ret);
 970         }
 971
 972 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
 973         {
 974         CERT *cert;
 975
 976         cert=ctx->cert;
 977
 978         switch (cmd)
 979                 {
 980 #ifndef NO_RSA
 981         case SSL_CTRL_NEED_TMP_RSA:
 982                 if (    (cert->rsa_tmp == NULL) &&
 983                         ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
 984                          (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
 985                         )
 986                         return(1);
 987                 else
 988                         return(0);
 989                 /* break; */
 990         case SSL_CTRL_SET_TMP_RSA:
 991                 {
 992                 RSA *rsa;
 993                 int i;
 994
 995                 rsa=(RSA *)parg;
 996                 i=1;
 997                 if (rsa == NULL)
 998                         i=0;
 999                 else
1000                         {
1001                         if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
1002                                 i=0;
1003                         }
1004                 if (!i)
1005                         {
1006                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
1007                         return(0);
1008                         }
1009                 else
1010                         {
1011                         if (cert->rsa_tmp != NULL)
1012                                 RSA_free(cert->rsa_tmp);
1013                         cert->rsa_tmp=rsa;
1014                         return(1);
1015                         }
1016                 }
1017                 /* break; */
1018         case SSL_CTRL_SET_TMP_RSA_CB:
1019                 {
1020                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1021                 return(0);
1022                 }
1023                 break;
1024 #endif
1025 #ifndef NO_DH
1026         case SSL_CTRL_SET_TMP_DH:
1027                 {
1028                 DH *new=NULL,*dh;
1029
1030                 dh=(DH *)parg;
1031                 if ((new=DHparams_dup(dh)) == NULL)
1032                         {
1033                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
1034                         return 0;
1035                         }
1036                 if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
1037                         {
1038                         if (!DH_generate_key(new))
1039                                 {
1040                                 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
1041                                 DH_free(new);
1042                                 return 0;
1043                                 }
1044                         }
1045                 if (cert->dh_tmp != NULL)
1046                         DH_free(cert->dh_tmp);
1047                 cert->dh_tmp=new;
1048                 return 1;
1049                 }
1050                 /*break; */
1051         case SSL_CTRL_SET_TMP_DH_CB:
1052                 {
1053                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1054                 return(0);
1055                 }
1056                 break;
1057 #endif
1058         /* A Thawte special :-) */
1059         case SSL_CTRL_EXTRA_CHAIN_CERT:
1060                 if (ctx->extra_certs == NULL)
1061                         {
1062                         if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
1063                                 return(0);
1064                         }
1065                 sk_X509_push(ctx->extra_certs,(X509 *)parg);
1066                 break;
1067
1068         default:
1069                 return(0);
1070                 }
1071         return(1);
1072         }
1073
1074 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
1075         {
1076         CERT *cert;
1077
1078         cert=ctx->cert;
1079
1080         switch (cmd)
1081                 {
1082 #ifndef NO_RSA
1083         case SSL_CTRL_SET_TMP_RSA_CB:
1084                 {
1085                 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
1086                 }
1087                 break;
1088 #endif
1089 #ifndef NO_DH
1090         case SSL_CTRL_SET_TMP_DH_CB:
1091                 {
1092                 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
1093                 }
1094                 break;
1095 #endif
1096         default:
1097                 return(0);
1098                 }
1099         return(1);
1100         }
1101
1102 /* This function needs to check if the ciphers required are actually
1103  * available */
1104 SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
1105         {
1106         static int init=1;
1107         static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
1108         SSL_CIPHER c,*cp= &c,**cpp;
1109         unsigned long id;
1110         int i;
1111
1112         if (init)
1113                 {
1114                 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
1115
1116                 for (i=0; i<SSL3_NUM_CIPHERS; i++)
1117                         sorted[i]= &(ssl3_ciphers[i]);
1118
1119                 qsort(  (char *)sorted,
1120                         SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
1121                         FP_ICC ssl_cipher_ptr_id_cmp);
1122
1123                 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
1124
1125                 init=0;
1126                 }
1127
1128         id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
1129         c.id=id;
1130         cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
1131                 (char *)sorted,
1132                 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
1133                 FP_ICC ssl_cipher_ptr_id_cmp);
1134         if ((cpp == NULL) || !(*cpp)->valid)
1135                 return(NULL);
1136         else
1137                 return(*cpp);
1138         }
1139
1140 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
1141         {
1142         long l;
1143
1144         if (p != NULL)
1145                 {
1146                 l=c->id;
1147                 if ((l & 0xff000000) != 0x03000000) return(0);
1148                 p[0]=((unsigned char)(l>> 8L))&0xFF;
1149                 p[1]=((unsigned char)(l     ))&0xFF;
1150                 }
1151         return(2);
1152         }
1153
1154 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *have,
1155              STACK_OF(SSL_CIPHER) *pref)
1156         {
1157         SSL_CIPHER *c,*ret=NULL;
1158         int i,j,ok;
1159         CERT *cert;
1160         unsigned long alg,mask,emask;
1161
1162         /* Let's see which ciphers we can support */
1163         cert=s->cert;
1164
1165         sk_SSL_CIPHER_set_cmp_func(pref,ssl_cipher_ptr_id_cmp);
1166
1167 #ifdef CIPHER_DEBUG
1168         printf("Have %d from %p:\n", sk_SSL_CIPHER_num(pref), pref);
1169         for(i=0 ; i < sk_SSL_CIPHER_num(pref) ; ++i)
1170             {
1171             c=sk_SSL_CIPHER_value(pref,i);
1172             printf("%p:%s\n",c,c->name);
1173             }
1174 #endif
1175
1176         for (i=0; i<sk_SSL_CIPHER_num(have); i++)
1177                 {
1178                 c=sk_SSL_CIPHER_value(have,i);
1179
1180                 ssl_set_cert_masks(cert,c);
1181                 mask=cert->mask;
1182                 emask=cert->export_mask;
1183
1184 #ifdef KSSL_DEBUG
1185                 printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);
1186 #endif    /* KSSL_DEBUG */
1187
1188                 alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
1189                 if (SSL_C_IS_EXPORT(c))
1190                         {
1191                         ok=((alg & emask) == alg)?1:0;
1192 #ifdef CIPHER_DEBUG
1193                         printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,
1194                                c,c->name);
1195 #endif
1196                         }
1197                 else
1198                         {
1199                         ok=((alg & mask) == alg)?1:0;
1200 #ifdef CIPHER_DEBUG
1201                         printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,
1202                                c->name);
1203 #endif
1204                         }
1205
1206                 if (!ok) continue;
1207
1208                 j=sk_SSL_CIPHER_find(pref,c);
1209                 if (j >= 0)
1210                         {
1211                         ret=sk_SSL_CIPHER_value(pref,j);
1212                         break;
1213                         }
1214                 }
1215         return(ret);
1216         }
1217
1218 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
1219         {
1220         int ret=0;
1221         unsigned long alg;
1222
1223         alg=s->s3->tmp.new_cipher->algorithms;
1224
1225 #ifndef NO_DH
1226         if (alg & (SSL_kDHr|SSL_kEDH))
1227                 {
1228 #  ifndef NO_RSA
1229                 p[ret++]=SSL3_CT_RSA_FIXED_DH;
1230 #  endif
1231 #  ifndef NO_DSA
1232                 p[ret++]=SSL3_CT_DSS_FIXED_DH;
1233 #  endif
1234                 }
1235         if ((s->version == SSL3_VERSION) &&
1236                 (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
1237                 {
1238 #  ifndef NO_RSA
1239                 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
1240 #  endif
1241 #  ifndef NO_DSA
1242                 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
1243 #  endif
1244                 }
1245 #endif /* !NO_DH */
1246 #ifndef NO_RSA
1247         p[ret++]=SSL3_CT_RSA_SIGN;
1248 #endif
1249 #ifndef NO_DSA
1250         p[ret++]=SSL3_CT_DSS_SIGN;
1251 #endif
1252         return(ret);
1253         }
1254
1255 int ssl3_shutdown(SSL *s)
1256         {
1257
1258         /* Don't do anything much if we have not done the handshake or
1259          * we don't want to send messages :-) */
1260         if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
1261                 {
1262                 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
1263                 return(1);
1264                 }
1265
1266         if (!(s->shutdown & SSL_SENT_SHUTDOWN))
1267                 {
1268                 s->shutdown|=SSL_SENT_SHUTDOWN;
1269 #if 1
1270                 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
1271 #endif
1272                 /* our shutdown alert has been sent now, and if it still needs
1273                  * to be written, s->s3->alert_dispatch will be true */
1274                 }
1275         else if (s->s3->alert_dispatch)
1276                 {
1277                 /* resend it if not sent */
1278 #if 1
1279                 ssl3_dispatch_alert(s);
1280 #endif
1281                 }
1282         else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
1283                 {
1284                 /* If we are waiting for a close from our peer, we are closed */
1285                 ssl3_read_bytes(s,0,NULL,0);
1286                 }
1287
1288         if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
1289                 !s->s3->alert_dispatch)
1290                 return(1);
1291         else
1292                 return(0);
1293         }
1294
1295 int ssl3_write(SSL *s, const void *buf, int len)
1296         {
1297         int ret,n;
1298
1299 #if 0
1300         if (s->shutdown & SSL_SEND_SHUTDOWN)
1301                 {
1302                 s->rwstate=SSL_NOTHING;
1303                 return(0);
1304                 }
1305 #endif
1306         clear_sys_error();
1307         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
1308
1309         /* This is an experimental flag that sends the
1310          * last handshake message in the same packet as the first
1311          * use data - used to see if it helps the TCP protocol during
1312          * session-id reuse */
1313         /* The second test is because the buffer may have been removed */
1314         if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
1315                 {
1316                 /* First time through, we write into the buffer */
1317                 if (s->s3->delay_buf_pop_ret == 0)
1318                         {
1319                         ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
1320                                              buf,len);
1321                         if (ret <= 0) return(ret);
1322
1323                         s->s3->delay_buf_pop_ret=ret;
1324                         }
1325
1326                 s->rwstate=SSL_WRITING;
1327                 n=BIO_flush(s->wbio);
1328                 if (n <= 0) return(n);
1329                 s->rwstate=SSL_NOTHING;
1330
1331                 /* We have flushed the buffer, so remove it */
1332                 ssl_free_wbio_buffer(s);
1333                 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
1334
1335                 ret=s->s3->delay_buf_pop_ret;
1336                 s->s3->delay_buf_pop_ret=0;
1337                 }
1338         else
1339                 {
1340                 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
1341                                      buf,len);
1342                 if (ret <= 0) return(ret);
1343                 }
1344
1345         return(ret);
1346         }
1347
1348 int ssl3_read(SSL *s, void *buf, int len)
1349         {
1350         int ret;
1351
1352         clear_sys_error();
1353         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
1354         s->s3->in_read_app_data=1;
1355         ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
1356         if ((ret == -1) && (s->s3->in_read_app_data == 0))
1357                 {
1358                 /* ssl3_read_bytes decided to call s->handshake_func, which
1359                  * called ssl3_read_bytes to read handshake data.
1360                  * However, ssl3_read_bytes actually found application data
1361                  * and thinks that application data makes sense here (signalled
1362                  * by resetting 'in_read_app_data', strangely); so disable
1363                  * handshake processing and try to read application data again. */
1364                 s->in_handshake++;
1365                 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
1366                 s->in_handshake--;
1367                 }
1368         else
1369                 s->s3->in_read_app_data=0;
1370
1371         return(ret);
1372         }
1373
1374 int ssl3_peek(SSL *s, char *buf, int len)
1375         {
1376 #if 1
1377         SSLerr(SSL_F_SSL3_PEEK, SSL_R_FIXME); /* function is totally broken */
1378         return -1;
1379 #else
1380         SSL3_RECORD *rr;
1381         int n;
1382
1383         rr= &(s->s3->rrec);
1384         if ((rr->length == 0) || (rr->type != SSL3_RT_APPLICATION_DATA))
1385                 {
1386                 n=ssl3_read(s,buf,1);
1387                 if (n <= 0) return(n);
1388                 rr->length++;
1389                 rr->off--;
1390                 }
1391
1392         if ((unsigned int)len > rr->length)
1393                 n=rr->length;
1394         else
1395                 n=len;
1396         memcpy(buf,&(rr->data[rr->off]),(unsigned int)n);
1397         return(n);
1398 #endif
1399         }
1400
1401 int ssl3_renegotiate(SSL *s)
1402         {
1403         if (s->handshake_func == NULL)
1404                 return(1);
1405
1406         if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
1407                 return(0);
1408
1409         s->s3->renegotiate=1;
1410         return(1);
1411         }
1412
1413 int ssl3_renegotiate_check(SSL *s)
1414         {
1415         int ret=0;
1416
1417         if (s->s3->renegotiate)
1418                 {
1419                 if (    (s->s3->rbuf.left == 0) &&
1420                         (s->s3->wbuf.left == 0) &&
1421                         !SSL_in_init(s))
1422                         {
1423 /*
1424 if we are the server, and we have sent a 'RENEGOTIATE' message, we
1425 need to go to SSL_ST_ACCEPT.
1426 */
1427                         /* SSL_ST_ACCEPT */
1428                         s->state=SSL_ST_RENEGOTIATE;
1429                         s->s3->renegotiate=0;
1430                         s->s3->num_renegotiations++;
1431                         s->s3->total_renegotiations++;
1432                         ret=1;
1433                         }
1434                 }
1435         return(ret);
1436         }
1437