* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
+#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
+#endif
#include <openssl/bn.h>
-static SSL_METHOD *ssl3_get_client_method(int ver);
+static const SSL_METHOD *ssl3_get_client_method(int ver);
static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
#ifndef OPENSSL_NO_ECDH
int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
#endif
-static SSL_METHOD *ssl3_get_client_method(int ver)
+static const SSL_METHOD *ssl3_get_client_method(int ver)
{
if (ver == SSL3_VERSION)
return(SSLv3_client_method());
return(NULL);
}
-SSL_METHOD *SSLv3_client_method(void)
- {
- static int init=1;
- static SSL_METHOD SSLv3_client_data;
-
- if (init)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
- if (init)
- {
- memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
- sizeof(SSL_METHOD));
- SSLv3_client_data.ssl_connect=ssl3_connect;
- SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
- init=0;
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
- }
- return(&SSLv3_client_data);
- }
+IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
+ ssl_undefined_function,
+ ssl3_connect,
+ ssl3_get_client_method)
int ssl3_connect(SSL *s)
{
BUF_MEM *buf=NULL;
- unsigned long Time=time(NULL),l;
+ unsigned long Time=(unsigned long)time(NULL),l;
long num1;
void (*cb)(const SSL *ssl,int type,int val)=NULL;
int ret= -1;
case SSL3_ST_CR_SRVR_HELLO_B:
ret=ssl3_get_server_hello(s);
if (ret <= 0) goto end;
+#ifndef OPENSSL_NO_TLSEXT
+ {
+ int al;
+ switch (ssl_check_tlsext(s,&al))
+ {
+ case SSL_TLSEXT_ERR_ALERT_FATAL:
+ ssl3_send_alert(s,SSL3_AL_FATAL,al);
+ SSLerr(SSL_F_SSL3_CONNECT,SSL_R_SERVERHELLO_TLS_EXT);
+ ret = -1;
+ goto end;
+
+ case SSL_TLSEXT_ERR_ALERT_WARNING:
+ ssl3_send_alert(s,SSL3_AL_WARNING,al);
+
+ default:
+ ;
+ }
+ }
+#endif
if (s->hit)
s->state=SSL3_ST_CR_FINISHED_A;
else
s->init_num=0;
s->session->cipher=s->s3->tmp.new_cipher;
+#ifdef OPENSSL_NO_COMP
+ s->session->compress_meth=0;
+#else
if (s->s3->tmp.new_compression == NULL)
s->session->compress_meth=0;
else
s->session->compress_meth=
s->s3->tmp.new_compression->id;
+#endif
if (!s->method->ssl3_enc->setup_key_block(s))
{
ret= -1;
{
unsigned char *buf;
unsigned char *p,*d;
- int i,j;
+ int i;
unsigned long Time,l;
+#ifndef OPENSSL_NO_COMP
+ int j;
SSL_COMP *comp;
+#endif
buf=(unsigned char *)s->init_buf->data;
if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
/* else use the pre-loaded session */
p=s->s3->client_random;
- Time=time(NULL); /* Time */
+ Time=(unsigned long)time(NULL); /* Time */
l2n(Time,p);
if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
goto err;
p+=i;
/* COMPRESSION */
- if (s->ctx->comp_methods == NULL)
+#ifdef OPENSSL_NO_COMP
+ *(p++)=1;
+#else
+
+ if ((s->options & SSL_OP_NO_COMPRESSION)
+ || !s->ctx->comp_methods)
j=0;
else
j=sk_SSL_COMP_num(s->ctx->comp_methods);
comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
*(p++)=comp->id;
}
+#endif
*(p++)=0; /* Add the NULL method */
+#ifndef OPENSSL_NO_TLSEXT
+ if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
+ {
+ SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+#endif
l=(p-d);
d=buf;
int i,al,ok;
unsigned int j;
long n;
+#ifndef OPENSSL_NO_COMP
SSL_COMP *comp;
+#endif
n=s->method->ssl_get_message(s,
SSL3_ST_CR_SRVR_HELLO_A,
/* lets get the compression algorithm */
/* COMPRESSION */
+#ifdef OPENSSL_NO_COMP
+ if (*(p++) != 0)
+ {
+ al=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+ goto f_err;
+ }
+#else
j= *(p++);
- if (j == 0)
+ if ((j == 0) || (s->options & SSL_OP_NO_COMPRESSION))
comp=NULL;
else
comp=ssl3_comp_find(s->ctx->comp_methods,j);
{
s->s3->tmp.new_compression=comp;
}
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+ /* TLS extensions*/
+ if (s->version > SSL3_VERSION)
+ {
+ if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
+ {
+ /* 'al' set by ssl_parse_serverhello_tlsext */
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLS_EXT);
+ goto f_err;
+ }
+ }
+#endif
if (p != (d+n))
{
*/
/* XXX: For now we only support named (not generic) curves
- * and the ECParameters in this case is just two bytes.
+ * and the ECParameters in this case is just three bytes.
*/
- param_len=2;
+ param_len=3;
if ((param_len > n) ||
(*p != NAMED_CURVE_TYPE) ||
- ((curve_nid = curve_id2nid(*(p + 1))) == 0))
+ ((curve_nid = curve_id2nid(*(p + 2))) == 0))
{
al=SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
goto f_err;
}
- p+=2;
+ p+=3;
/* Next, get the encoded ECPoint */
if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
}
-static const int KDF1_SHA1_len = 20;
-static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
- {
-#ifndef OPENSSL_NO_SHA
- if (*outlen < SHA_DIGEST_LENGTH)
- return NULL;
- else
- *outlen = SHA_DIGEST_LENGTH;
- return SHA1(in, inlen, out);
-#else
- return NULL;
-#endif
- }
-
int ssl3_send_client_key_exchange(SSL *s)
{
unsigned char *p,*d;
ERR_R_ECDH_LIB);
goto err;
}
- /* If field size is not more than 24 octets, then use SHA-1 hash of result;
- * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt;
- * this is new with this version of the Internet Draft).
- */
- if (field_size <= 24 * 8)
- n=ECDH_compute_key(p, KDF1_SHA1_len, srvr_ecpoint, clnt_ecdh, KDF1_SHA1);
- else
- n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
+ n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
if (n <= 0)
{
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
unsigned u=0;
#endif
unsigned long n;
-#ifndef OPENSSL_NO_DSA
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
int j;
#endif
projects / openssl.git / blobdiff