* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
*/
#include <stdio.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
#include <openssl/objects.h>
#include "ssl_locl.h"
+#include "kssl_lcl.h"
+#include <openssl/md5.h>
const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
SSL3_TXT_ADH_RC4_128_MD5,
SSL3_CK_ADH_RC4_128_MD5,
SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
- SSL_NOT_EXP,
+ SSL_NOT_EXP|SSL_MEDIUM,
0,
128,
128,
SSL3_TXT_ADH_DES_64_CBC_SHA,
SSL3_CK_ADH_DES_64_CBC_SHA,
SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP,
+ SSL_NOT_EXP|SSL_LOW,
0,
56,
56,
SSL3_TXT_ADH_DES_192_CBC_SHA,
SSL3_CK_ADH_DES_192_CBC_SHA,
SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP,
+ SSL_NOT_EXP|SSL_HIGH,
0,
168,
168,
SSL3_TXT_FZA_DMS_RC4_SHA,
SSL3_CK_FZA_DMS_RC4_SHA,
SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP,
+ SSL_NOT_EXP|SSL_MEDIUM,
0,
128,
128,
SSL_ALL_STRENGTHS,
},
-#ifndef NO_KRB5
+#ifndef OPENSSL_NO_KRB5
/* The Kerberos ciphers
** 20000107 VRS: And the first shall be last,
** in hopes of avoiding the lynx ssl renegotiation problem.
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
-#endif /* NO_KRB5 */
+#endif /* OPENSSL_NO_KRB5 */
#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP,
+ SSL_NOT_EXP|SSL_MEDIUM,
0,
128,
128,
int ssl3_pending(SSL *s)
{
+ if (s->rstate == SSL_ST_READ_BODY)
+ return 0;
+
return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
}
if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
memset(s3,0,sizeof *s3);
+ EVP_MD_CTX_init(&s3->finish_dgst1);
+ EVP_MD_CTX_init(&s3->finish_dgst2);
s->s3=s3;
OPENSSL_free(s->s3->wbuf.buf);
if (s->s3->rrec.comp != NULL)
OPENSSL_free(s->s3->rrec.comp);
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
if (s->s3->tmp.dh != NULL)
DH_free(s->s3->tmp.dh);
#endif
if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+ EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
+ EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
memset(s->s3,0,sizeof *s->s3);
OPENSSL_free(s->s3);
s->s3=NULL;
OPENSSL_free(s->s3->rrec.comp);
s->s3->rrec.comp=NULL;
}
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
if (s->s3->tmp.dh != NULL)
DH_free(s->s3->tmp.dh);
#endif
rp=s->s3->rbuf.buf;
wp=s->s3->wbuf.buf;
+ EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
+ EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
+
memset(s->s3,0,sizeof *s->s3);
if (rp != NULL) s->s3->rbuf.buf=rp;
if (wp != NULL) s->s3->wbuf.buf=wp;
s->version=SSL3_VERSION;
}
-long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg)
+long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
{
int ret=0;
-#if !defined(NO_DSA) || !defined(NO_RSA)
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
if (
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
cmd == SSL_CTRL_SET_TMP_RSA ||
cmd == SSL_CTRL_SET_TMP_RSA_CB ||
#endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
cmd == SSL_CTRL_SET_TMP_DH ||
cmd == SSL_CTRL_SET_TMP_DH_CB ||
#endif
case SSL_CTRL_GET_FLAGS:
ret=(int)(s->s3->flags);
break;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
case SSL_CTRL_NEED_TMP_RSA:
if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
}
break;
#endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH:
{
DH *dh = (DH *)parg;
{
int ret=0;
-#if !defined(NO_DSA) || !defined(NO_RSA)
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
if (
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
cmd == SSL_CTRL_SET_TMP_RSA_CB ||
#endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
cmd == SSL_CTRL_SET_TMP_DH_CB ||
#endif
0)
switch (cmd)
{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
case SSL_CTRL_SET_TMP_RSA_CB:
{
s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
}
break;
#endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH_CB:
{
s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
return(ret);
}
-long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
+long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
{
CERT *cert;
switch (cmd)
{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
case SSL_CTRL_NEED_TMP_RSA:
if ( (cert->rsa_tmp == NULL) &&
((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
}
break;
#endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH:
{
DH *new=NULL,*dh;
switch (cmd)
{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
case SSL_CTRL_SET_TMP_RSA_CB:
{
cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
}
break;
#endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH_CB:
{
cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
#endif /* KSSL_DEBUG */
alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
+#ifndef OPENSSL_NO_KRB5
+ if (alg & SSL_KRB5)
+ {
+ if ( !kssl_keytab_is_available(s->kssl_ctx) )
+ continue;
+ }
+#endif /* OPENSSL_NO_KRB5 */
if (SSL_C_IS_EXPORT(c))
{
ok=((alg & emask) == alg)?1:0;
alg=s->s3->tmp.new_cipher->algorithms;
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
if (alg & (SSL_kDHr|SSL_kEDH))
{
-# ifndef NO_RSA
+# ifndef OPENSSL_NO_RSA
p[ret++]=SSL3_CT_RSA_FIXED_DH;
# endif
-# ifndef NO_DSA
+# ifndef OPENSSL_NO_DSA
p[ret++]=SSL3_CT_DSS_FIXED_DH;
# endif
}
if ((s->version == SSL3_VERSION) &&
(alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
{
-# ifndef NO_RSA
+# ifndef OPENSSL_NO_RSA
p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
# endif
-# ifndef NO_DSA
+# ifndef OPENSSL_NO_DSA
p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
# endif
}
-#endif /* !NO_DH */
-#ifndef NO_RSA
+#endif /* !OPENSSL_NO_DH */
+#ifndef OPENSSL_NO_RSA
p[ret++]=SSL3_CT_RSA_SIGN;
#endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
p[ret++]=SSL3_CT_DSS_SIGN;
#endif
return(ret);
return ssl3_read_internal(s, buf, len, 0);
}
-int ssl3_peek(SSL *s, char *buf, int len)
+int ssl3_peek(SSL *s, void *buf, int len)
{
return ssl3_read_internal(s, buf, len, 1);
}
projects / openssl.git / blobdiff