pqueue and dtls uses 64-bit values. Unfortunately, OpenSSL doesn't

[openssl.git] / ssl / s3_lib.c

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index e0e1176d0072281ace75fb784c06674c561e1121..4585ac30148104a8dca04b60e634df6cfa17faa9 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -117,19 +117,6 @@
  * The Contribution is licensed pursuant to the OpenSSL open source
  * license provided above.
  *
- * In addition, Sun covenants to all licensees who provide a reciprocal
- * covenant with respect to their own patents if any, not to sue under
- * current and future patent claims necessarily infringed by the making,
- * using, practicing, selling, offering for sale and/or otherwise
- * disposing of the Contribution as delivered hereunder 
- * (or portions thereof), provided that such covenant shall not apply:
- *  1) for code that a licensee deletes from the Contribution;
- *  2) separates from the Contribution; or
- *  3) for infringements caused by:
- *       i) the modification of the Contribution or
- *      ii) the combination of the  Contribution with other software or
- *          devices where such combination causes the infringement.
- *
  * ECC cipher suite support in OpenSSL originally written by
  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
  *
@@ -140,6 +127,8 @@
 #include "ssl_locl.h"
 #include "kssl_lcl.h"
 #include <openssl/md5.h>
+#include <openssl/dh.h>
+#include <openssl/pq_compat.h>
 
 const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
 
@@ -297,6 +286,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
 /* Cipher 07 */
+#ifndef OPENSSL_NO_IDEA
        {
        1,
        SSL3_TXT_RSA_IDEA_128_SHA,
@@ -309,6 +299,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_CIPHERS,
        SSL_ALL_STRENGTHS,
        },
+#endif
 /* Cipher 08 */
        {
        1,
@@ -702,8 +693,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 /* Cipher 28 VRS */
        {
        1,
-       SSL3_TXT_KRB5_RC4_40_CBC_SHA,
-       SSL3_CK_KRB5_RC4_40_CBC_SHA,
+       SSL3_TXT_KRB5_RC4_40_SHA,
+       SSL3_CK_KRB5_RC4_40_SHA,
        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1   |SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
        0,
@@ -744,8 +735,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 /* Cipher 2B VRS */
        {
        1,
-       SSL3_TXT_KRB5_RC4_40_CBC_MD5,
-       SSL3_CK_KRB5_RC4_40_CBC_MD5,
+       SSL3_TXT_KRB5_RC4_40_MD5,
+       SSL3_CK_KRB5_RC4_40_MD5,
        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5    |SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
        0,
@@ -1391,6 +1382,10 @@ static SSL_METHOD SSLv3_data= {
        ssl3_shutdown,
        ssl3_renegotiate,
        ssl3_renegotiate_check,
+       ssl3_get_message,
+       ssl3_read_bytes,
+       ssl3_write_bytes,
+       ssl3_dispatch_alert,
        ssl3_ctrl,
        ssl3_ctx_ctrl,
        ssl3_get_cipher_by_char,
@@ -1401,7 +1396,7 @@ static SSL_METHOD SSLv3_data= {
        ssl_bad_method,
        ssl3_default_timeout,
        &SSLv3_enc_data,
-       ssl_undefined_function,
+       ssl_undefined_void_function,
        ssl3_callback_ctrl,
        ssl3_ctx_callback_ctrl,
        };
@@ -1431,7 +1426,7 @@ SSL_CIPHER *ssl3_get_cipher(unsigned int u)
                return(NULL);
        }
 
-int ssl3_pending(SSL *s)
+int ssl3_pending(const SSL *s)
        {
        if (s->rstate == SSL_ST_READ_BODY)
                return 0;
@@ -1447,6 +1442,8 @@ int ssl3_new(SSL *s)
        memset(s3,0,sizeof *s3);
        EVP_MD_CTX_init(&s3->finish_dgst1);
        EVP_MD_CTX_init(&s3->finish_dgst2);
+       pq_64bit_init(&(s3->rrec.seq_num));
+       pq_64bit_init(&(s3->wrec.seq_num));
 
        s->s3=s3;
 
@@ -1481,7 +1478,10 @@ void ssl3_free(SSL *s)
                sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
        EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
        EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
-       memset(s->s3,0,sizeof *s->s3);
+       pq_64bit_free(&(s->s3->rrec.seq_num));
+       pq_64bit_free(&(s->s3->wrec.seq_num));
+
+       OPENSSL_cleanse(s->s3,sizeof *s->s3);
        OPENSSL_free(s->s3);
        s->s3=NULL;
        }
@@ -1690,7 +1690,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
        return(ret);
        }
 
-long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
+long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
        {
        int ret=0;
 
@@ -1839,7 +1839,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                        }
                if (!EC_KEY_up_ref((EC_KEY *)parg))
                        {
-                       SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
+                       SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
                        return 0;
                        }
                ecdh = (EC_KEY *)parg;
@@ -1884,7 +1884,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
        return(1);
        }
 
-long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
+long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
        {
        CERT *cert;
 
@@ -1927,7 +1927,7 @@ SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
        static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
        SSL_CIPHER c,*cp= &c,**cpp;
        unsigned long id;
-       int i;
+       unsigned int i;
 
        if (init)
                {
@@ -2151,13 +2151,13 @@ int ssl3_shutdown(SSL *s)
                {
                /* resend it if not sent */
 #if 1
-               ssl3_dispatch_alert(s);
+               s->method->ssl_dispatch_alert(s);
 #endif
                }
        else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
                {
                /* If we are waiting for a close from our peer, we are closed */
-               ssl3_read_bytes(s,0,NULL,0,0);
+               s->method->ssl_read_bytes(s,0,NULL,0,0);
                }
 
        if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
@@ -2212,8 +2212,8 @@ int ssl3_write(SSL *s, const void *buf, int len)
                }
        else
                {
-               ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
-                                    buf,len);
+               ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
+                       buf,len);
                if (ret <= 0) return(ret);
                }
 
@@ -2227,7 +2227,7 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
        clear_sys_error();
        if (s->s3->renegotiate) ssl3_renegotiate_check(s);
        s->s3->in_read_app_data=1;
-       ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
+       ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
        if ((ret == -1) && (s->s3->in_read_app_data == 2))
                {
                /* ssl3_read_bytes decided to call s->handshake_func, which
@@ -2236,7 +2236,7 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
                 * and thinks that application data makes sense here; so disable
                 * handshake processing and try to read application data again. */
                s->in_handshake++;
-               ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
+               ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
                s->in_handshake--;
                }
        else