* The Contribution is licensed pursuant to the OpenSSL open source
* license provided above.
*
- * In addition, Sun covenants to all licensees who provide a reciprocal
- * covenant with respect to their own patents if any, not to sue under
- * current and future patent claims necessarily infringed by the making,
- * using, practicing, selling, offering for sale and/or otherwise
- * disposing of the Contribution as delivered hereunder
- * (or portions thereof), provided that such covenant shall not apply:
- * 1) for code that a licensee deletes from the Contribution;
- * 2) separates from the Contribution; or
- * 3) for infringements caused by:
- * i) the modification of the Contribution or
- * ii) the combination of the Contribution with other software or
- * devices where such combination causes the infringement.
- *
* ECC cipher suite support in OpenSSL originally written by
* Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
*
#include "ssl_locl.h"
#include "kssl_lcl.h"
#include <openssl/md5.h>
+#include <openssl/dh.h>
+#include <openssl/pq_compat.h>
const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
SSL_ALL_STRENGTHS,
},
/* Cipher 07 */
+#ifndef OPENSSL_NO_IDEA
{
1,
SSL3_TXT_RSA_IDEA_128_SHA,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
+#endif
/* Cipher 08 */
{
1,
/* Cipher 28 VRS */
{
1,
- SSL3_TXT_KRB5_RC4_40_CBC_SHA,
- SSL3_CK_KRB5_RC4_40_CBC_SHA,
+ SSL3_TXT_KRB5_RC4_40_SHA,
+ SSL3_CK_KRB5_RC4_40_SHA,
SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
/* Cipher 2B VRS */
{
1,
- SSL3_TXT_KRB5_RC4_40_CBC_MD5,
- SSL3_CK_KRB5_RC4_40_CBC_MD5,
+ SSL3_TXT_KRB5_RC4_40_MD5,
+ SSL3_CK_KRB5_RC4_40_MD5,
SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
ssl3_shutdown,
ssl3_renegotiate,
ssl3_renegotiate_check,
+ ssl3_get_message,
+ ssl3_read_bytes,
+ ssl3_write_bytes,
+ ssl3_dispatch_alert,
ssl3_ctrl,
ssl3_ctx_ctrl,
ssl3_get_cipher_by_char,
ssl_bad_method,
ssl3_default_timeout,
&SSLv3_enc_data,
- ssl_undefined_function,
+ ssl_undefined_void_function,
ssl3_callback_ctrl,
ssl3_ctx_callback_ctrl,
};
return(NULL);
}
-int ssl3_pending(SSL *s)
+int ssl3_pending(const SSL *s)
{
if (s->rstate == SSL_ST_READ_BODY)
return 0;
memset(s3,0,sizeof *s3);
EVP_MD_CTX_init(&s3->finish_dgst1);
EVP_MD_CTX_init(&s3->finish_dgst2);
+ pq_64bit_init(&(s3->rrec.seq_num));
+ pq_64bit_init(&(s3->wrec.seq_num));
s->s3=s3;
sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
- memset(s->s3,0,sizeof *s->s3);
+ pq_64bit_free(&(s->s3->rrec.seq_num));
+ pq_64bit_free(&(s->s3->wrec.seq_num));
+
+ OPENSSL_cleanse(s->s3,sizeof *s->s3);
OPENSSL_free(s->s3);
s->s3=NULL;
}
return(ret);
}
-long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
+long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
{
int ret=0;
}
if (!EC_KEY_up_ref((EC_KEY *)parg))
{
- SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
+ SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
return 0;
}
ecdh = (EC_KEY *)parg;
return(1);
}
-long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
+long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
{
CERT *cert;
static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
SSL_CIPHER c,*cp= &c,**cpp;
unsigned long id;
- int i;
+ unsigned int i;
if (init)
{
{
/* resend it if not sent */
#if 1
- ssl3_dispatch_alert(s);
+ s->method->ssl_dispatch_alert(s);
#endif
}
else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
{
/* If we are waiting for a close from our peer, we are closed */
- ssl3_read_bytes(s,0,NULL,0,0);
+ s->method->ssl_read_bytes(s,0,NULL,0,0);
}
if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
}
else
{
- ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
- buf,len);
+ ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
+ buf,len);
if (ret <= 0) return(ret);
}
clear_sys_error();
if (s->s3->renegotiate) ssl3_renegotiate_check(s);
s->s3->in_read_app_data=1;
- ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
+ ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
if ((ret == -1) && (s->s3->in_read_app_data == 2))
{
/* ssl3_read_bytes decided to call s->handshake_func, which
* and thinks that application data makes sense here; so disable
* handshake processing and try to read application data again. */
s->in_handshake++;
- ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
+ ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
s->in_handshake--;
}
else