Fix a typo in the X.509v3 docs: cRLSign instead of cRLCertSign is correct

[openssl.git] / ssl / s3_lib.c

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index b6f5d82f218b91d88e65ed895d0dfcba9b42e255..0fba6ce0ba438d0a269a3b919cf5c7f8c2efd90c 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -60,7 +60,7 @@
 #include "objects.h"
 #include "ssl_locl.h"
 
-char *ssl3_version_str="SSLv3 part of OpenSSL 0.9.2 31-Dec-1998";
+char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
 
 #define SSL3_NUM_CIPHERS       (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
 
@@ -355,6 +355,7 @@ SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_CIPHERS,
        },
 
+#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
        /* New TLS Export CipherSuites */
        /* Cipher 60 */
            {
@@ -383,6 +384,7 @@ SSL_CIPHER ssl3_ciphers[]={
            0,
            SSL_ALL_CIPHERS
            },
+#endif
 
 /* end of list */
        };
@@ -546,6 +548,26 @@ char *parg;
        {
        int ret=0;
 
+#if !defined(NO_DSA) || !defined(NO_RSA)
+       if (
+#ifndef NO_RSA
+           cmd == SSL_CTRL_SET_TMP_RSA ||
+           cmd == SSL_CTRL_SET_TMP_RSA_CB ||
+#endif
+#ifndef NO_DSA
+           cmd == SSL_CTRL_SET_TMP_DH ||
+           cmd == SSL_CTRL_SET_TMP_DH_CB ||
+#endif
+               0)
+               {
+               if (!ssl_cert_instantiate(&s->cert, s->ctx->default_cert)) 
+                       {
+                       SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
+                       return(0);
+                       }
+               }
+#endif
+
        switch (cmd)
                {
        case SSL_CTRL_GET_SESSION_REUSED:
@@ -566,6 +588,69 @@ char *parg;
        case SSL_CTRL_GET_FLAGS:
                ret=(int)(s->s3->flags);
                break;
+#ifndef NO_RSA
+       case SSL_CTRL_NEED_TMP_RSA:
+               if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
+                   ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
+                    (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
+                       ret = 1;
+               break;
+       case SSL_CTRL_SET_TMP_RSA:
+               {
+                       RSA *rsa = (RSA *)parg;
+                       if (rsa == NULL) {
+                               SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                               return(ret);
+                       }
+                       if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
+                               SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
+                               return(ret);
+                       }
+                       if (s->cert->rsa_tmp != NULL)
+                               RSA_free(s->cert->rsa_tmp);
+                       s->cert->rsa_tmp = rsa;
+                       ret = 1;
+               }
+               break;
+       case SSL_CTRL_SET_TMP_RSA_CB:
+#ifndef NOPROTO
+               s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))parg;
+#else
+               s->cert->rsa_tmp_cb = (RSA *(*)())parg;
+#endif
+               break;
+#endif
+#ifndef NO_DH
+       case SSL_CTRL_SET_TMP_DH:
+               {
+                       DH *dh = (DH *)parg;
+                       if (dh == NULL) {
+                               SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                               return(ret);
+                       }
+                       if ((dh = DHparams_dup(dh)) == NULL) {
+                               SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
+                               return(ret);
+                       }
+                       if (!DH_generate_key(dh)) {
+                               DH_free(dh);
+                               SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
+                               return(ret);
+                       }
+                       if (s->cert->dh_tmp != NULL)
+                               DH_free(s->cert->dh_tmp);
+                       s->cert->dh_tmp = dh;
+                       ret = 1;
+               }
+               break;
+       case SSL_CTRL_SET_TMP_DH_CB:
+#ifndef NOPROTO
+               s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))parg;
+#else
+               s->cert->dh_tmp_cb = (DH *(*)())parg;
+#endif
+               break;
+#endif
        default:
                break;
                }
@@ -623,7 +708,11 @@ char *parg;
                }
                /* break; */
        case SSL_CTRL_SET_TMP_RSA_CB:
+#ifndef NOPROTO
+               cert->rsa_tmp_cb=(RSA *(*)(SSL *, int, int))parg;
+#else
                cert->rsa_tmp_cb=(RSA *(*)())parg;
+#endif
                break;
 #endif
 #ifndef NO_DH
@@ -650,7 +739,11 @@ char *parg;
                }
                /*break; */
        case SSL_CTRL_SET_TMP_DH_CB:
+#ifndef NOPROTO
+               cert->dh_tmp_cb=(DH *(*)(SSL *, int, int))parg;
+#else
                cert->dh_tmp_cb=(DH *(*)())parg;
+#endif
                break;
 #endif
        /* A Thawte special :-) */
@@ -754,27 +847,38 @@ STACK *have,*pref;
 
        sk_set_cmp_func(pref,ssl_cipher_ptr_id_cmp);
 
+#ifdef CIPHER_DEBUG
+       printf("Have:\n");
+       for(i=0 ; i < sk_num(pref) ; ++i)
+           {
+           c=(SSL_CIPHER *)sk_value(pref,i);
+           printf("%p:%s\n",c,c->name);
+           }
+#endif
+
        for (i=0; i<sk_num(have); i++)
                {
                c=(SSL_CIPHER *)sk_value(have,i);
 
-               ssl_set_cert_masks(cert,c);
+               ssl_set_cert_masks(cert,s->ctx->default_cert,c);
                mask=cert->mask;
                emask=cert->export_mask;
                        
                alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
-               if (SSL_IS_EXPORT(alg))
+               if (SSL_IS_EXPORT(c->algorithms))
                        {
                        ok=((alg & emask) == alg)?1:0;
 #ifdef CIPHER_DEBUG
-                       printf("%d:[%08lX:%08lX]%s\n",ok,alg,mask,c->name);
+                       printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,
+                              c,c->name);
 #endif
                        }
                else
                        {
                        ok=((alg & mask) == alg)?1:0;
 #ifdef CIPHER_DEBUG
-                       printf("%d:[%08lX:%08lX]%s\n",ok,alg,mask,c->name);
+                       printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,
+                              c->name);
 #endif
                        }