Apply Lutz Behnke's 56 bit cipher patch with a few
[openssl.git] / ssl / s3_lib.c
1 /* ssl/s3_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58
59 #include <stdio.h>
60 #include <openssl/md5.h>
61 #include <openssl/sha.h>
62 #include <openssl/objects.h>
63 #include "ssl_locl.h"
64
65 const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
66
67 #define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
68
69 static long ssl3_default_timeout(void );
70
71 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
72 /* The RSA ciphers */
73 /* Cipher 01 */
74         {
75         1,
76         SSL3_TXT_RSA_NULL_MD5,
77         SSL3_CK_RSA_NULL_MD5,
78         SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
79         SSL_NOT_EXP,
80         0,
81         0,
82         0,
83         SSL_ALL_CIPHERS,
84         SSL_ALL_STRENGTHS,
85         },
86 /* Cipher 02 */
87         {
88         1,
89         SSL3_TXT_RSA_NULL_SHA,
90         SSL3_CK_RSA_NULL_SHA,
91         SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
92         SSL_NOT_EXP,
93         0,
94         0,
95         0,
96         SSL_ALL_CIPHERS,
97         SSL_ALL_STRENGTHS,
98         },
99
100 /* anon DH */
101 /* Cipher 17 */
102         {
103         1,
104         SSL3_TXT_ADH_RC4_40_MD5,
105         SSL3_CK_ADH_RC4_40_MD5,
106         SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
107         SSL_EXPORT|SSL_EXP40,
108         0,
109         40,
110         128,
111         SSL_ALL_CIPHERS,
112         SSL_ALL_STRENGTHS,
113         },
114 /* Cipher 18 */
115         {
116         1,
117         SSL3_TXT_ADH_RC4_128_MD5,
118         SSL3_CK_ADH_RC4_128_MD5,
119         SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
120         SSL_NOT_EXP,
121         0,
122         128,
123         128,
124         SSL_ALL_CIPHERS,
125         SSL_ALL_STRENGTHS,
126         },
127 /* Cipher 19 */
128         {
129         1,
130         SSL3_TXT_ADH_DES_40_CBC_SHA,
131         SSL3_CK_ADH_DES_40_CBC_SHA,
132         SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
133         SSL_EXPORT|SSL_EXP40,
134         0,
135         40,
136         128,
137         SSL_ALL_CIPHERS,
138         SSL_ALL_STRENGTHS,
139         },
140 /* Cipher 1A */
141         {
142         1,
143         SSL3_TXT_ADH_DES_64_CBC_SHA,
144         SSL3_CK_ADH_DES_64_CBC_SHA,
145         SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_SSLV3,
146         SSL_NOT_EXP,
147         0,
148         56,
149         56,
150         SSL_ALL_CIPHERS,
151         SSL_ALL_STRENGTHS,
152         },
153 /* Cipher 1B */
154         {
155         1,
156         SSL3_TXT_ADH_DES_192_CBC_SHA,
157         SSL3_CK_ADH_DES_192_CBC_SHA,
158         SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
159         SSL_NOT_EXP,
160         0,
161         168,
162         168,
163         SSL_ALL_CIPHERS,
164         SSL_ALL_STRENGTHS,
165         },
166
167 /* RSA again */
168 /* Cipher 03 */
169         {
170         1,
171         SSL3_TXT_RSA_RC4_40_MD5,
172         SSL3_CK_RSA_RC4_40_MD5,
173         SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
174         SSL_EXPORT|SSL_EXP40,
175         0,
176         40,
177         128,
178         SSL_ALL_CIPHERS,
179         SSL_ALL_STRENGTHS,
180         },
181 /* Cipher 04 */
182         {
183         1,
184         SSL3_TXT_RSA_RC4_128_MD5,
185         SSL3_CK_RSA_RC4_128_MD5,
186         SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5|SSL_SSLV3,
187         SSL_NOT_EXP|SSL_MEDIUM,
188         0,
189         128,
190         128,
191         SSL_ALL_CIPHERS,
192         SSL_ALL_STRENGTHS,
193         },
194 /* Cipher 05 */
195         {
196         1,
197         SSL3_TXT_RSA_RC4_128_SHA,
198         SSL3_CK_RSA_RC4_128_SHA,
199         SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_SHA1|SSL_SSLV3,
200         SSL_NOT_EXP|SSL_MEDIUM,
201         0,
202         128,
203         128,
204         SSL_ALL_CIPHERS,
205         SSL_ALL_STRENGTHS,
206         },
207 /* Cipher 06 */
208         {
209         1,
210         SSL3_TXT_RSA_RC2_40_MD5,
211         SSL3_CK_RSA_RC2_40_MD5,
212         SSL_kRSA|SSL_aRSA|SSL_RC2  |SSL_MD5 |SSL_SSLV3,
213         SSL_EXPORT|SSL_EXP40,
214         0,
215         40,
216         128,
217         SSL_ALL_CIPHERS,
218         SSL_ALL_STRENGTHS,
219         },
220 /* Cipher 07 */
221         {
222         1,
223         SSL3_TXT_RSA_IDEA_128_SHA,
224         SSL3_CK_RSA_IDEA_128_SHA,
225         SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3,
226         SSL_NOT_EXP|SSL_MEDIUM,
227         0,
228         128,
229         128,
230         SSL_ALL_CIPHERS,
231         SSL_ALL_STRENGTHS,
232         },
233 /* Cipher 08 */
234         {
235         1,
236         SSL3_TXT_RSA_DES_40_CBC_SHA,
237         SSL3_CK_RSA_DES_40_CBC_SHA,
238         SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
239         SSL_EXPORT|SSL_EXP40,
240         0,
241         40,
242         56,
243         SSL_ALL_CIPHERS,
244         SSL_ALL_STRENGTHS,
245         },
246 /* Cipher 09 */
247         {
248         1,
249         SSL3_TXT_RSA_DES_64_CBC_SHA,
250         SSL3_CK_RSA_DES_64_CBC_SHA,
251         SSL_kRSA|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,
252         SSL_NOT_EXP|SSL_LOW,
253         0,
254         56,
255         56,
256         SSL_ALL_CIPHERS,
257         SSL_ALL_STRENGTHS,
258         },
259 /* Cipher 0A */
260         {
261         1,
262         SSL3_TXT_RSA_DES_192_CBC3_SHA,
263         SSL3_CK_RSA_DES_192_CBC3_SHA,
264         SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
265         SSL_NOT_EXP|SSL_HIGH,
266         0,
267         168,
268         168,
269         SSL_ALL_CIPHERS,
270         SSL_ALL_STRENGTHS,
271         },
272
273 /*  The DH ciphers */
274 /* Cipher 0B */
275         {
276         0,
277         SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
278         SSL3_CK_DH_DSS_DES_40_CBC_SHA,
279         SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
280         SSL_EXPORT|SSL_EXP40,
281         0,
282         40,
283         56,
284         SSL_ALL_CIPHERS,
285         SSL_ALL_STRENGTHS,
286         },
287 /* Cipher 0C */
288         {
289         0,
290         SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
291         SSL3_CK_DH_DSS_DES_64_CBC_SHA,
292         SSL_kDHd |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
293         SSL_NOT_EXP|SSL_LOW,
294         0,
295         56,
296         56,
297         SSL_ALL_CIPHERS,
298         SSL_ALL_STRENGTHS,
299         },
300 /* Cipher 0D */
301         {
302         0,
303         SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
304         SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
305         SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
306         SSL_NOT_EXP|SSL_HIGH,
307         0,
308         168,
309         168,
310         SSL_ALL_CIPHERS,
311         SSL_ALL_STRENGTHS,
312         },
313 /* Cipher 0E */
314         {
315         0,
316         SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
317         SSL3_CK_DH_RSA_DES_40_CBC_SHA,
318         SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
319         SSL_EXPORT|SSL_EXP40,
320         0,
321         40,
322         56,
323         SSL_ALL_CIPHERS,
324         SSL_ALL_STRENGTHS,
325         },
326 /* Cipher 0F */
327         {
328         0,
329         SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
330         SSL3_CK_DH_RSA_DES_64_CBC_SHA,
331         SSL_kDHr |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
332         SSL_NOT_EXP|SSL_LOW,
333         0,
334         56,
335         56,
336         SSL_ALL_CIPHERS,
337         SSL_ALL_STRENGTHS,
338         },
339 /* Cipher 10 */
340         {
341         0,
342         SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
343         SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
344         SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
345         SSL_NOT_EXP|SSL_HIGH,
346         0,
347         168,
348         168,
349         SSL_ALL_CIPHERS,
350         SSL_ALL_STRENGTHS,
351         },
352
353 /* The Ephemeral DH ciphers */
354 /* Cipher 11 */
355         {
356         1,
357         SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
358         SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
359         SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
360         SSL_EXPORT|SSL_EXP40,
361         0,
362         40,
363         56,
364         SSL_ALL_CIPHERS,
365         SSL_ALL_STRENGTHS,
366         },
367 /* Cipher 12 */
368         {
369         1,
370         SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
371         SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
372         SSL_kEDH|SSL_aDSS|SSL_DES  |SSL_SHA1|SSL_SSLV3,
373         SSL_NOT_EXP|SSL_LOW,
374         0,
375         56,
376         56,
377         SSL_ALL_CIPHERS,
378         SSL_ALL_STRENGTHS,
379         },
380 /* Cipher 13 */
381         {
382         1,
383         SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
384         SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
385         SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
386         SSL_NOT_EXP|SSL_HIGH,
387         0,
388         168,
389         168,
390         SSL_ALL_CIPHERS,
391         SSL_ALL_STRENGTHS,
392         },
393 /* Cipher 14 */
394         {
395         1,
396         SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
397         SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
398         SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
399         SSL_EXPORT|SSL_EXP40,
400         0,
401         40,
402         56,
403         SSL_ALL_CIPHERS,
404         SSL_ALL_STRENGTHS,
405         },
406 /* Cipher 15 */
407         {
408         1,
409         SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
410         SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
411         SSL_kEDH|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,
412         SSL_NOT_EXP|SSL_LOW,
413         0,
414         56,
415         56,
416         SSL_ALL_CIPHERS,
417         SSL_ALL_STRENGTHS,
418         },
419 /* Cipher 16 */
420         {
421         1,
422         SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
423         SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
424         SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
425         SSL_NOT_EXP|SSL_HIGH,
426         0,
427         168,
428         168,
429         SSL_ALL_CIPHERS,
430         SSL_ALL_STRENGTHS,
431         },
432
433 /* Fortezza */
434 /* Cipher 1C */
435         {
436         0,
437         SSL3_TXT_FZA_DMS_NULL_SHA,
438         SSL3_CK_FZA_DMS_NULL_SHA,
439         SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
440         SSL_NOT_EXP,
441         0,
442         0,
443         0,
444         SSL_ALL_CIPHERS,
445         SSL_ALL_STRENGTHS,
446         },
447
448 /* Cipher 1D */
449         {
450         0,
451         SSL3_TXT_FZA_DMS_FZA_SHA,
452         SSL3_CK_FZA_DMS_FZA_SHA,
453         SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
454         SSL_NOT_EXP,
455         0,
456         0,
457         0,
458         SSL_ALL_CIPHERS,
459         SSL_ALL_STRENGTHS,
460         },
461
462 /* Cipher 1E */
463         {
464         0,
465         SSL3_TXT_FZA_DMS_RC4_SHA,
466         SSL3_CK_FZA_DMS_RC4_SHA,
467         SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|SSL_SSLV3,
468         SSL_NOT_EXP,
469         0,
470         128,
471         128,
472         SSL_ALL_CIPHERS,
473         SSL_ALL_STRENGTHS,
474         },
475
476 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
477         /* New TLS Export CipherSuites */
478         /* Cipher 60 */
479             {
480             1,
481             TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
482             TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
483             SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
484             SSL_EXPORT|SSL_EXP56,
485             0,
486             56,
487             128,
488             SSL_ALL_CIPHERS,
489             SSL_ALL_STRENGTHS,
490             },
491         /* Cipher 61 */
492             {
493             1,
494             TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
495             TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
496             SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
497             SSL_EXPORT|SSL_EXP56,
498             0,
499             56,
500             128,
501             SSL_ALL_CIPHERS,
502             SSL_ALL_STRENGTHS,
503             },
504         /* Cipher 62 */
505             {
506             1,
507             TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
508             TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
509             SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
510             SSL_EXPORT|SSL_EXP56,
511             0,
512             56,
513             56,
514             SSL_ALL_CIPHERS,
515             SSL_ALL_STRENGTHS,
516             },
517         /* Cipher 63 */
518             {
519             1,
520             TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
521             TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
522             SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
523             SSL_EXPORT|SSL_EXP56,
524             0,
525             56,
526             56,
527             SSL_ALL_CIPHERS,
528             SSL_ALL_STRENGTHS,
529             },
530         /* Cipher 64 */
531             {
532             1,
533             TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
534             TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
535             SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
536             SSL_EXPORT|SSL_EXP56,
537             0,
538             56,
539             128,
540             SSL_ALL_CIPHERS,
541             SSL_ALL_STRENGTHS,
542             },
543         /* Cipher 65 */
544             {
545             1,
546             TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
547             TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
548             SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
549             SSL_EXPORT|SSL_EXP56,
550             0,
551             56,
552             128,
553             SSL_ALL_CIPHERS,
554             SSL_ALL_STRENGTHS,
555             },
556         /* Cipher 66 */
557             {
558             1,
559             TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
560             TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
561             SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
562             SSL_NOT_EXP,
563             0,
564             128,
565             128,
566             SSL_ALL_CIPHERS,
567             SSL_ALL_STRENGTHS
568             },
569 #endif
570
571 /* end of list */
572         };
573
574 static SSL3_ENC_METHOD SSLv3_enc_data={
575         ssl3_enc,
576         ssl3_mac,
577         ssl3_setup_key_block,
578         ssl3_generate_master_secret,
579         ssl3_change_cipher_state,
580         ssl3_final_finish_mac,
581         MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
582         ssl3_cert_verify_mac,
583         SSL3_MD_CLIENT_FINISHED_CONST,4,
584         SSL3_MD_SERVER_FINISHED_CONST,4,
585         ssl3_alert_code,
586         };
587
588 static SSL_METHOD SSLv3_data= {
589         SSL3_VERSION,
590         ssl3_new,
591         ssl3_clear,
592         ssl3_free,
593         ssl_undefined_function,
594         ssl_undefined_function,
595         ssl3_read,
596         ssl3_peek,
597         ssl3_write,
598         ssl3_shutdown,
599         ssl3_renegotiate,
600         ssl3_renegotiate_check,
601         ssl3_ctrl,
602         ssl3_ctx_ctrl,
603         ssl3_get_cipher_by_char,
604         ssl3_put_cipher_by_char,
605         ssl3_pending,
606         ssl3_num_ciphers,
607         ssl3_get_cipher,
608         ssl_bad_method,
609         ssl3_default_timeout,
610         &SSLv3_enc_data,
611         };
612
613 union rsa_fn_to_char_u
614         {
615         char *char_p;
616         RSA *(*fn_p)(SSL *, int, int);
617         };
618
619 union dh_fn_to_char_u
620         {
621         char *char_p;
622         DH *(*fn_p)(SSL *, int, int);
623         };
624
625 static long ssl3_default_timeout(void)
626         {
627         /* 2 hours, the 24 hours mentioned in the SSLv3 spec
628          * is way too long for http, the cache would over fill */
629         return(60*60*2);
630         }
631
632 SSL_METHOD *sslv3_base_method(void)
633         {
634         return(&SSLv3_data);
635         }
636
637 int ssl3_num_ciphers(void)
638         {
639         return(SSL3_NUM_CIPHERS);
640         }
641
642 SSL_CIPHER *ssl3_get_cipher(unsigned int u)
643         {
644         if (u < SSL3_NUM_CIPHERS)
645                 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
646         else
647                 return(NULL);
648         }
649
650 /* The problem is that it may not be the correct record type */
651 int ssl3_pending(SSL *s)
652         {
653         return(s->s3->rrec.length);
654         }
655
656 int ssl3_new(SSL *s)
657         {
658         SSL3_CTX *s3;
659
660         if ((s3=(SSL3_CTX *)Malloc(sizeof(SSL3_CTX))) == NULL) goto err;
661         memset(s3,0,sizeof(SSL3_CTX));
662
663         s->s3=s3;
664         /*
665         s->s3->tmp.ca_names=NULL;
666         s->s3->tmp.key_block=NULL;
667         s->s3->tmp.key_block_length=0;
668         s->s3->rbuf.buf=NULL;
669         s->s3->wbuf.buf=NULL;
670         */
671
672         s->method->ssl_clear(s);
673         return(1);
674 err:
675         return(0);
676         }
677
678 void ssl3_free(SSL *s)
679         {
680         if(s == NULL)
681             return;
682
683         ssl3_cleanup_key_block(s);
684         if (s->s3->rbuf.buf != NULL)
685                 Free(s->s3->rbuf.buf);
686         if (s->s3->wbuf.buf != NULL)
687                 Free(s->s3->wbuf.buf);
688         if (s->s3->rrec.comp != NULL)
689                 Free(s->s3->rrec.comp);
690 #ifndef NO_DH
691         if (s->s3->tmp.dh != NULL)
692                 DH_free(s->s3->tmp.dh);
693 #endif
694         if (s->s3->tmp.ca_names != NULL)
695                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
696         memset(s->s3,0,sizeof(SSL3_CTX));
697         Free(s->s3);
698         s->s3=NULL;
699         }
700
701 void ssl3_clear(SSL *s)
702         {
703         unsigned char *rp,*wp;
704
705         ssl3_cleanup_key_block(s);
706         if (s->s3->tmp.ca_names != NULL)
707                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
708
709         if (s->s3->rrec.comp != NULL)
710                 {
711                 Free(s->s3->rrec.comp);
712                 s->s3->rrec.comp=NULL;
713                 }
714
715         rp=s->s3->rbuf.buf;
716         wp=s->s3->wbuf.buf;
717
718         memset(s->s3,0,sizeof(SSL3_CTX));
719         if (rp != NULL) s->s3->rbuf.buf=rp;
720         if (wp != NULL) s->s3->wbuf.buf=wp;
721
722         ssl_free_wbio_buffer(s);
723
724         s->packet_length=0;
725         s->s3->renegotiate=0;
726         s->s3->total_renegotiations=0;
727         s->s3->num_renegotiations=0;
728         s->s3->in_read_app_data=0;
729         s->version=SSL3_VERSION;
730         }
731
732 long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg)
733         {
734         int ret=0;
735
736 #if !defined(NO_DSA) || !defined(NO_RSA)
737         if (
738 #ifndef NO_RSA
739             cmd == SSL_CTRL_SET_TMP_RSA ||
740             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
741 #endif
742 #ifndef NO_DSA
743             cmd == SSL_CTRL_SET_TMP_DH ||
744             cmd == SSL_CTRL_SET_TMP_DH_CB ||
745 #endif
746                 0)
747                 {
748                 if (!ssl_cert_inst(&s->cert))
749                         {
750                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
751                         return(0);
752                         }
753                 }
754 #endif
755
756         switch (cmd)
757                 {
758         case SSL_CTRL_GET_SESSION_REUSED:
759                 ret=s->hit;
760                 break;
761         case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
762                 break;
763         case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
764                 ret=s->s3->num_renegotiations;
765                 break;
766         case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
767                 ret=s->s3->num_renegotiations;
768                 s->s3->num_renegotiations=0;
769                 break;
770         case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
771                 ret=s->s3->total_renegotiations;
772                 break;
773         case SSL_CTRL_GET_FLAGS:
774                 ret=(int)(s->s3->flags);
775                 break;
776 #ifndef NO_RSA
777         case SSL_CTRL_NEED_TMP_RSA:
778                 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
779                     ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
780                      (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
781                         ret = 1;
782                 break;
783         case SSL_CTRL_SET_TMP_RSA:
784                 {
785                         RSA *rsa = (RSA *)parg;
786                         if (rsa == NULL) {
787                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
788                                 return(ret);
789                         }
790                         if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
791                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
792                                 return(ret);
793                         }
794                         if (s->cert->rsa_tmp != NULL)
795                                 RSA_free(s->cert->rsa_tmp);
796                         s->cert->rsa_tmp = rsa;
797                         ret = 1;
798                 }
799                 break;
800         case SSL_CTRL_SET_TMP_RSA_CB:
801                 {
802                 union rsa_fn_to_char_u rsa_tmp_cb;
803
804                 rsa_tmp_cb.char_p = parg;
805                 s->cert->rsa_tmp_cb = rsa_tmp_cb.fn_p;
806                 }
807                 break;
808 #endif
809 #ifndef NO_DH
810         case SSL_CTRL_SET_TMP_DH:
811                 {
812                         DH *dh = (DH *)parg;
813                         if (dh == NULL) {
814                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
815                                 return(ret);
816                         }
817                         if ((dh = DHparams_dup(dh)) == NULL) {
818                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
819                                 return(ret);
820                         }
821                         if (!DH_generate_key(dh)) {
822                                 DH_free(dh);
823                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
824                                 return(ret);
825                         }
826                         if (s->cert->dh_tmp != NULL)
827                                 DH_free(s->cert->dh_tmp);
828                         s->cert->dh_tmp = dh;
829                         ret = 1;
830                 }
831                 break;
832         case SSL_CTRL_SET_TMP_DH_CB:
833                 {
834                 union dh_fn_to_char_u dh_tmp_cb;
835
836                 dh_tmp_cb.char_p = parg;
837                 s->cert->dh_tmp_cb = dh_tmp_cb.fn_p;
838                 }
839                 break;
840 #endif
841         default:
842                 break;
843                 }
844         return(ret);
845         }
846
847 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
848         {
849         CERT *cert;
850
851         cert=ctx->cert;
852
853         switch (cmd)
854                 {
855 #ifndef NO_RSA
856         case SSL_CTRL_NEED_TMP_RSA:
857                 if (    (cert->rsa_tmp == NULL) &&
858                         ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
859                          (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
860                         )
861                         return(1);
862                 else
863                         return(0);
864                 /* break; */
865         case SSL_CTRL_SET_TMP_RSA:
866                 {
867                 RSA *rsa;
868                 int i;
869
870                 rsa=(RSA *)parg;
871                 i=1;
872                 if (rsa == NULL)
873                         i=0;
874                 else
875                         {
876                         if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
877                                 i=0;
878                         }
879                 if (!i)
880                         {
881                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
882                         return(0);
883                         }
884                 else
885                         {
886                         if (cert->rsa_tmp != NULL)
887                                 RSA_free(cert->rsa_tmp);
888                         cert->rsa_tmp=rsa;
889                         return(1);
890                         }
891                 }
892                 /* break; */
893         case SSL_CTRL_SET_TMP_RSA_CB:
894                 {
895                 union rsa_fn_to_char_u rsa_tmp_cb;
896
897                 rsa_tmp_cb.char_p = parg;
898                 cert->rsa_tmp_cb = rsa_tmp_cb.fn_p;
899                 }
900                 break;
901 #endif
902 #ifndef NO_DH
903         case SSL_CTRL_SET_TMP_DH:
904                 {
905                 DH *new=NULL,*dh;
906                 int rret=0;
907
908                 dh=(DH *)parg;
909                 if (    ((new=DHparams_dup(dh)) == NULL) ||
910                         (!DH_generate_key(new)))
911                         {
912                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
913                         if (new != NULL) DH_free(new);
914                         }
915                 else
916                         {
917                         if (cert->dh_tmp != NULL)
918                                 DH_free(cert->dh_tmp);
919                         cert->dh_tmp=new;
920                         rret=1;
921                         }
922                 return(rret);
923                 }
924                 /*break; */
925         case SSL_CTRL_SET_TMP_DH_CB:
926                 {
927                 union dh_fn_to_char_u dh_tmp_cb;
928
929                 dh_tmp_cb.char_p = parg;
930                 cert->dh_tmp_cb = dh_tmp_cb.fn_p;
931                 }
932                 break;
933 #endif
934         /* A Thawte special :-) */
935         case SSL_CTRL_EXTRA_CHAIN_CERT:
936                 if (ctx->extra_certs == NULL)
937                         {
938                         if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
939                                 return(0);
940                         }
941                 sk_X509_push(ctx->extra_certs,(X509 *)parg);
942                 break;
943
944         default:
945                 return(0);
946                 }
947         return(1);
948         }
949
950 /* This function needs to check if the ciphers required are actually
951  * available */
952 SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
953         {
954         static int init=1;
955         static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
956         SSL_CIPHER c,*cp= &c,**cpp;
957         unsigned long id;
958         int i;
959
960         if (init)
961                 {
962                 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
963
964                 for (i=0; i<SSL3_NUM_CIPHERS; i++)
965                         sorted[i]= &(ssl3_ciphers[i]);
966
967                 qsort(  (char *)sorted,
968                         SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
969                         FP_ICC ssl_cipher_ptr_id_cmp);
970
971                 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
972
973                 init=0;
974                 }
975
976         id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
977         c.id=id;
978         cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
979                 (char *)sorted,
980                 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
981                 (int (*)())ssl_cipher_ptr_id_cmp);
982         if ((cpp == NULL) || !(*cpp)->valid)
983                 return(NULL);
984         else
985                 return(*cpp);
986         }
987
988 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
989         {
990         long l;
991
992         if (p != NULL)
993                 {
994                 l=c->id;
995                 if ((l & 0xff000000) != 0x03000000) return(0);
996                 p[0]=((unsigned char)(l>> 8L))&0xFF;
997                 p[1]=((unsigned char)(l     ))&0xFF;
998                 }
999         return(2);
1000         }
1001
1002 int ssl3_part_read(SSL *s, int i)
1003         {
1004         s->rwstate=SSL_READING;
1005
1006         if (i < 0)
1007                 {
1008                 return(i);
1009                 }
1010         else
1011                 {
1012                 s->init_num+=i;
1013                 return(0);
1014                 }
1015         }
1016
1017 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *have,
1018              STACK_OF(SSL_CIPHER) *pref)
1019         {
1020         SSL_CIPHER *c,*ret=NULL;
1021         int i,j,ok;
1022         CERT *cert;
1023         unsigned long alg,mask,emask;
1024
1025         /* Let's see which ciphers we can support */
1026         cert=s->cert;
1027
1028         sk_SSL_CIPHER_set_cmp_func(pref,ssl_cipher_ptr_id_cmp);
1029
1030 #ifdef CIPHER_DEBUG
1031         printf("Have:\n");
1032         for(i=0 ; i < sk_num(pref) ; ++i)
1033             {
1034             c=(SSL_CIPHER *)sk_value(pref,i);
1035             printf("%p:%s\n",c,c->name);
1036             }
1037 #endif
1038
1039         for (i=0; i<sk_SSL_CIPHER_num(have); i++)
1040                 {
1041                 c=sk_SSL_CIPHER_value(have,i);
1042
1043                 ssl_set_cert_masks(cert,c);
1044                 mask=cert->mask;
1045                 emask=cert->export_mask;
1046                         
1047                 alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
1048                 if (SSL_C_IS_EXPORT(c))
1049                         {
1050                         ok=((alg & emask) == alg)?1:0;
1051 #ifdef CIPHER_DEBUG
1052                         printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,
1053                                c,c->name);
1054 #endif
1055                         }
1056                 else
1057                         {
1058                         ok=((alg & mask) == alg)?1:0;
1059 #ifdef CIPHER_DEBUG
1060                         printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,
1061                                c->name);
1062 #endif
1063                         }
1064
1065                 if (!ok) continue;
1066         
1067                 j=sk_SSL_CIPHER_find(pref,c);
1068                 if (j >= 0)
1069                         {
1070                         ret=sk_SSL_CIPHER_value(pref,j);
1071                         break;
1072                         }
1073                 }
1074         return(ret);
1075         }
1076
1077 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
1078         {
1079         int ret=0;
1080         unsigned long alg;
1081
1082         alg=s->s3->tmp.new_cipher->algorithms;
1083
1084 #ifndef NO_DH
1085         if (alg & (SSL_kDHr|SSL_kEDH))
1086                 {
1087 #  ifndef NO_RSA
1088                 p[ret++]=SSL3_CT_RSA_FIXED_DH;
1089 #  endif
1090 #  ifndef NO_DSA
1091                 p[ret++]=SSL3_CT_DSS_FIXED_DH;
1092 #  endif
1093                 }
1094         if ((s->version == SSL3_VERSION) &&
1095                 (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
1096                 {
1097 #  ifndef NO_RSA
1098                 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
1099 #  endif
1100 #  ifndef NO_DSA
1101                 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
1102 #  endif
1103                 }
1104 #endif /* !NO_DH */
1105 #ifndef NO_RSA
1106         p[ret++]=SSL3_CT_RSA_SIGN;
1107 #endif
1108 #ifndef NO_DSA
1109         p[ret++]=SSL3_CT_DSS_SIGN;
1110 #endif
1111         return(ret);
1112         }
1113
1114 int ssl3_shutdown(SSL *s)
1115         {
1116
1117         /* Don't do anything much if we have not done the handshake or
1118          * we don't want to send messages :-) */
1119         if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
1120                 {
1121                 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
1122                 return(1);
1123                 }
1124
1125         if (!(s->shutdown & SSL_SENT_SHUTDOWN))
1126                 {
1127                 s->shutdown|=SSL_SENT_SHUTDOWN;
1128 #if 1
1129                 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
1130 #endif
1131                 /* our shutdown alert has been sent now, and if it still needs
1132                  * to be written, s->s3->alert_dispatch will be true */
1133                 }
1134         else if (s->s3->alert_dispatch)
1135                 {
1136                 /* resend it if not sent */
1137 #if 1
1138                 ssl3_dispatch_alert(s);
1139 #endif
1140                 }
1141         else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
1142                 {
1143                 /* If we are waiting for a close from our peer, we are closed */
1144                 ssl3_read_bytes(s,0,NULL,0);
1145                 }
1146
1147         if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
1148                 !s->s3->alert_dispatch)
1149                 return(1);
1150         else
1151                 return(0);
1152         }
1153
1154 int ssl3_write(SSL *s, const void *buf, int len)
1155         {
1156         int ret,n;
1157
1158 #if 0
1159         if (s->shutdown & SSL_SEND_SHUTDOWN)
1160                 {
1161                 s->rwstate=SSL_NOTHING;
1162                 return(0);
1163                 }
1164 #endif
1165         clear_sys_error();
1166         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
1167
1168         /* This is an experimental flag that sends the
1169          * last handshake message in the same packet as the first
1170          * use data - used to see if it helps the TCP protocol during
1171          * session-id reuse */
1172         /* The second test is because the buffer may have been removed */
1173         if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
1174                 {
1175                 /* First time through, we write into the buffer */
1176                 if (s->s3->delay_buf_pop_ret == 0)
1177                         {
1178                         ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
1179                                              buf,len);
1180                         if (ret <= 0) return(ret);
1181
1182                         s->s3->delay_buf_pop_ret=ret;
1183                         }
1184
1185                 s->rwstate=SSL_WRITING;
1186                 n=BIO_flush(s->wbio);
1187                 if (n <= 0) return(n);
1188                 s->rwstate=SSL_NOTHING;
1189
1190                 /* We have flushed the buffer, so remove it */
1191                 ssl_free_wbio_buffer(s);
1192                 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
1193
1194                 ret=s->s3->delay_buf_pop_ret;
1195                 s->s3->delay_buf_pop_ret=0;
1196                 }
1197         else
1198                 {
1199                 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
1200                                      buf,len);
1201                 if (ret <= 0) return(ret);
1202                 }
1203
1204         return(ret);
1205         }
1206
1207 int ssl3_read(SSL *s, void *buf, int len)
1208         {
1209         int ret;
1210         
1211         clear_sys_error();
1212         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
1213         s->s3->in_read_app_data=1;
1214         ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
1215         if ((ret == -1) && (s->s3->in_read_app_data == 0))
1216                 {
1217                 ERR_get_error(); /* clear the error */
1218                 s->s3->in_read_app_data=0;
1219                 s->in_handshake++;
1220                 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
1221                 s->in_handshake--;
1222                 }
1223         else
1224                 s->s3->in_read_app_data=0;
1225
1226         return(ret);
1227         }
1228
1229 int ssl3_peek(SSL *s, char *buf, int len)
1230         {
1231         SSL3_RECORD *rr;
1232         int n;
1233
1234         rr= &(s->s3->rrec);
1235         if ((rr->length == 0) || (rr->type != SSL3_RT_APPLICATION_DATA))
1236                 {
1237                 n=ssl3_read(s,buf,1);
1238                 if (n <= 0) return(n);
1239                 rr->length++;
1240                 rr->off--;
1241                 }
1242
1243         if ((unsigned int)len > rr->length)
1244                 n=rr->length;
1245         else
1246                 n=len;
1247         memcpy(buf,&(rr->data[rr->off]),(unsigned int)n);
1248         return(n);
1249         }
1250
1251 int ssl3_renegotiate(SSL *s)
1252         {
1253         if (s->handshake_func == NULL)
1254                 return(1);
1255
1256         if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
1257                 return(0);
1258
1259         s->s3->renegotiate=1;
1260         return(1);
1261         }
1262
1263 int ssl3_renegotiate_check(SSL *s)
1264         {
1265         int ret=0;
1266
1267         if (s->s3->renegotiate)
1268                 {
1269                 if (    (s->s3->rbuf.left == 0) &&
1270                         (s->s3->wbuf.left == 0) &&
1271                         !SSL_in_init(s))
1272                         {
1273 /*
1274 if we are the server, and we have sent a 'RENEGOTIATE' message, we
1275 need to go to SSL_ST_ACCEPT.
1276 */
1277                         /* SSL_ST_ACCEPT */
1278                         s->state=SSL_ST_RENEGOTIATE;
1279                         s->s3->renegotiate=0;
1280                         s->s3->num_renegotiations++;
1281                         s->s3->total_renegotiations++;
1282                         ret=1;
1283                         }
1284                 }
1285         return(ret);
1286         }
1287