X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_lib.c;h=184d4f47ff3eb0c36a5184d12786963a31b97fd1;hp=ab0d012b380650cb453bc2c59f8f76d0e5e76e4b;hb=87739b2c53238f7185ab476b020183da35feb899;hpb=abed0b8a1f1e3aa73c9e9873c6df8e194a2ca14f diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index ab0d012b38..184d4f47ff 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -57,38 +57,44 @@ */ #include -#include "objects.h" +#include +#include +#include #include "ssl_locl.h" -char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT; +const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT; #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) -#ifndef NOPROTO static long ssl3_default_timeout(void ); -#else -static long ssl3_default_timeout(); -#endif -SSL_CIPHER ssl3_ciphers[]={ +OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* The RSA ciphers */ /* Cipher 01 */ { 1, SSL3_TXT_RSA_NULL_MD5, SSL3_CK_RSA_NULL_MD5, - SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3, + SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3, + SSL_NOT_EXP, + 0, + 0, 0, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 02 */ { 1, SSL3_TXT_RSA_NULL_SHA, SSL3_CK_RSA_NULL_SHA, - SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, + SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP, + 0, + 0, 0, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* anon DH */ @@ -97,45 +103,65 @@ SSL_CIPHER ssl3_ciphers[]={ 1, SSL3_TXT_ADH_RC4_40_MD5, SSL3_CK_ADH_RC4_40_MD5, - SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_EXP40|SSL_SSLV3, + SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, 0, + 40, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 18 */ { 1, SSL3_TXT_ADH_RC4_128_MD5, SSL3_CK_ADH_RC4_128_MD5, - SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3, + SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, + SSL_NOT_EXP, 0, + 128, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 19 */ { 1, SSL3_TXT_ADH_DES_40_CBC_SHA, SSL3_CK_ADH_DES_40_CBC_SHA, - SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, + SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, 0, + 40, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 1A */ { 1, SSL3_TXT_ADH_DES_64_CBC_SHA, SSL3_CK_ADH_DES_64_CBC_SHA, - SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, + SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP, 0, + 56, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 1B */ { 1, SSL3_TXT_ADH_DES_192_CBC_SHA, SSL3_CK_ADH_DES_192_CBC_SHA, - SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, + SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP, 0, + 168, + 168, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* RSA again */ @@ -144,72 +170,104 @@ SSL_CIPHER ssl3_ciphers[]={ 1, SSL3_TXT_RSA_RC4_40_MD5, SSL3_CK_RSA_RC4_40_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_EXP40|SSL_SSLV3, + SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, 0, + 40, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 04 */ { 1, SSL3_TXT_RSA_RC4_128_MD5, SSL3_CK_RSA_RC4_128_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, + SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_SSLV3, + SSL_NOT_EXP|SSL_MEDIUM, 0, + 128, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 05 */ { 1, SSL3_TXT_RSA_RC4_128_SHA, SSL3_CK_RSA_RC4_128_SHA, - SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, + SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_MEDIUM, 0, + 128, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 06 */ { 1, SSL3_TXT_RSA_RC2_40_MD5, SSL3_CK_RSA_RC2_40_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_EXP40|SSL_SSLV3, + SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, 0, + 40, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 07 */ { 1, SSL3_TXT_RSA_IDEA_128_SHA, SSL3_CK_RSA_IDEA_128_SHA, - SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, + SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_MEDIUM, 0, + 128, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 08 */ { 1, SSL3_TXT_RSA_DES_40_CBC_SHA, SSL3_CK_RSA_DES_40_CBC_SHA, - SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, + SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, 0, + 40, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 09 */ { 1, SSL3_TXT_RSA_DES_64_CBC_SHA, SSL3_CK_RSA_DES_64_CBC_SHA, - SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, + SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_LOW, 0, + 56, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 0A */ { 1, SSL3_TXT_RSA_DES_192_CBC3_SHA, SSL3_CK_RSA_DES_192_CBC3_SHA, - SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, + SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_HIGH, 0, + 168, + 168, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* The DH ciphers */ @@ -218,54 +276,78 @@ SSL_CIPHER ssl3_ciphers[]={ 0, SSL3_TXT_DH_DSS_DES_40_CBC_SHA, SSL3_CK_DH_DSS_DES_40_CBC_SHA, - SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, + SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, 0, + 40, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 0C */ { 0, SSL3_TXT_DH_DSS_DES_64_CBC_SHA, SSL3_CK_DH_DSS_DES_64_CBC_SHA, - SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, + SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_LOW, 0, + 56, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 0D */ { 0, SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, SSL3_CK_DH_DSS_DES_192_CBC3_SHA, - SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, + SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_HIGH, 0, + 168, + 168, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 0E */ { 0, SSL3_TXT_DH_RSA_DES_40_CBC_SHA, SSL3_CK_DH_RSA_DES_40_CBC_SHA, - SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, + SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, 0, + 40, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 0F */ { 0, SSL3_TXT_DH_RSA_DES_64_CBC_SHA, SSL3_CK_DH_RSA_DES_64_CBC_SHA, - SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, + SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_LOW, 0, + 56, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 10 */ { 0, SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, SSL3_CK_DH_RSA_DES_192_CBC3_SHA, - SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, + SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_HIGH, 0, + 168, + 168, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* The Ephemeral DH ciphers */ @@ -274,54 +356,78 @@ SSL_CIPHER ssl3_ciphers[]={ 1, SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, SSL3_CK_EDH_DSS_DES_40_CBC_SHA, - SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, + SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, 0, + 40, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 12 */ { 1, SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, SSL3_CK_EDH_DSS_DES_64_CBC_SHA, - SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, + SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_LOW, 0, + 56, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 13 */ { 1, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, - SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, + SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_HIGH, 0, + 168, + 168, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 14 */ { 1, SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, SSL3_CK_EDH_RSA_DES_40_CBC_SHA, - SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, + SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, 0, + 40, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 15 */ { 1, SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, SSL3_CK_EDH_RSA_DES_64_CBC_SHA, - SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, + SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_LOW, 0, + 56, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 16 */ { 1, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, - SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, + SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_HIGH, 0, + 168, + 168, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Fortezza */ @@ -330,9 +436,13 @@ SSL_CIPHER ssl3_ciphers[]={ 0, SSL3_TXT_FZA_DMS_NULL_SHA, SSL3_CK_FZA_DMS_NULL_SHA, - SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, + SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP, + 0, + 0, 0, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 1D */ @@ -340,9 +450,13 @@ SSL_CIPHER ssl3_ciphers[]={ 0, SSL3_TXT_FZA_DMS_FZA_SHA, SSL3_CK_FZA_DMS_FZA_SHA, - SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, + SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP, + 0, + 0, 0, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 1E */ @@ -350,9 +464,13 @@ SSL_CIPHER ssl3_ciphers[]={ 0, SSL3_TXT_FZA_DMS_RC4_SHA, SSL3_CK_FZA_DMS_RC4_SHA, - SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, + SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP, 0, + 128, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES @@ -362,54 +480,78 @@ SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP56|SSL_TLSV1, + SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, 0, - SSL_ALL_CIPHERS + 56, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 61 */ { 1, TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP56|SSL_TLSV1, + SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, 0, - SSL_ALL_CIPHERS + 56, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 62 */ { 1, TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, - SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1, + SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, 0, - SSL_ALL_CIPHERS + 56, + 56, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 63 */ { 1, TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, - SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1, + SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, 0, - SSL_ALL_CIPHERS + 56, + 56, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 64 */ { 1, TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, - SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_EXP56|SSL_TLSV1, + SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, 0, - SSL_ALL_CIPHERS + 56, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 65 */ { 1, TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, - SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_EXP56|SSL_TLSV1, + SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, 0, - SSL_ALL_CIPHERS + 56, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 66 */ { @@ -417,8 +559,12 @@ SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP, 0, - SSL_ALL_CIPHERS + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS }, #endif @@ -462,27 +608,29 @@ static SSL_METHOD SSLv3_data= { ssl_bad_method, ssl3_default_timeout, &SSLv3_enc_data, + ssl_undefined_function, + ssl3_callback_ctrl, + ssl3_ctx_callback_ctrl, }; -static long ssl3_default_timeout() +static long ssl3_default_timeout(void) { /* 2 hours, the 24 hours mentioned in the SSLv3 spec * is way too long for http, the cache would over fill */ return(60*60*2); } -SSL_METHOD *sslv3_base_method() +SSL_METHOD *sslv3_base_method(void) { return(&SSLv3_data); } -int ssl3_num_ciphers() +int ssl3_num_ciphers(void) { return(SSL3_NUM_CIPHERS); } -SSL_CIPHER *ssl3_get_cipher(u) -unsigned int u; +SSL_CIPHER *ssl3_get_cipher(unsigned int u) { if (u < SSL3_NUM_CIPHERS) return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); @@ -491,28 +639,19 @@ unsigned int u; } /* The problem is that it may not be the correct record type */ -int ssl3_pending(s) -SSL *s; +int ssl3_pending(SSL *s) { return(s->s3->rrec.length); } -int ssl3_new(s) -SSL *s; +int ssl3_new(SSL *s) { - SSL3_CTX *s3; + SSL3_STATE *s3; - if ((s3=(SSL3_CTX *)Malloc(sizeof(SSL3_CTX))) == NULL) goto err; - memset(s3,0,sizeof(SSL3_CTX)); + if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err; + memset(s3,0,sizeof *s3); s->s3=s3; - /* - s->s3->tmp.ca_names=NULL; - s->s3->tmp.key_block=NULL; - s->s3->tmp.key_block_length=0; - s->s3->rbuf.buf=NULL; - s->s3->wbuf.buf=NULL; - */ s->method->ssl_clear(s); return(1); @@ -520,32 +659,30 @@ err: return(0); } -void ssl3_free(s) -SSL *s; +void ssl3_free(SSL *s) { if(s == NULL) return; ssl3_cleanup_key_block(s); if (s->s3->rbuf.buf != NULL) - Free(s->s3->rbuf.buf); + OPENSSL_free(s->s3->rbuf.buf); if (s->s3->wbuf.buf != NULL) - Free(s->s3->wbuf.buf); + OPENSSL_free(s->s3->wbuf.buf); if (s->s3->rrec.comp != NULL) - Free(s->s3->rrec.comp); + OPENSSL_free(s->s3->rrec.comp); #ifndef NO_DH if (s->s3->tmp.dh != NULL) DH_free(s->s3->tmp.dh); #endif if (s->s3->tmp.ca_names != NULL) sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); - memset(s->s3,0,sizeof(SSL3_CTX)); - Free(s->s3); + memset(s->s3,0,sizeof *s->s3); + OPENSSL_free(s->s3); s->s3=NULL; } -void ssl3_clear(s) -SSL *s; +void ssl3_clear(SSL *s) { unsigned char *rp,*wp; @@ -555,14 +692,18 @@ SSL *s; if (s->s3->rrec.comp != NULL) { - Free(s->s3->rrec.comp); + OPENSSL_free(s->s3->rrec.comp); s->s3->rrec.comp=NULL; } +#ifndef NO_DH + if (s->s3->tmp.dh != NULL) + DH_free(s->s3->tmp.dh); +#endif rp=s->s3->rbuf.buf; wp=s->s3->wbuf.buf; - memset(s->s3,0,sizeof(SSL3_CTX)); + memset(s->s3,0,sizeof *s->s3); if (rp != NULL) s->s3->rbuf.buf=rp; if (wp != NULL) s->s3->wbuf.buf=wp; @@ -576,11 +717,7 @@ SSL *s; s->version=SSL3_VERSION; } -long ssl3_ctrl(s,cmd,larg,parg) -SSL *s; -int cmd; -long larg; -char *parg; +long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg) { int ret=0; @@ -596,7 +733,7 @@ char *parg; #endif 0) { - if (!ssl_cert_instantiate(&s->cert, s->ctx->default_cert)) + if (!ssl_cert_inst(&s->cert)) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); return(0); @@ -634,14 +771,16 @@ char *parg; case SSL_CTRL_SET_TMP_RSA: { RSA *rsa = (RSA *)parg; - if (rsa == NULL) { + if (rsa == NULL) + { SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); return(ret); - } - if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) { + } + if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) + { SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); return(ret); - } + } if (s->cert->rsa_tmp != NULL) RSA_free(s->cert->rsa_tmp); s->cert->rsa_tmp = rsa; @@ -649,30 +788,35 @@ char *parg; } break; case SSL_CTRL_SET_TMP_RSA_CB: -#ifndef NOPROTO - s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))parg; -#else - s->cert->rsa_tmp_cb = (RSA *(*)())parg; -#endif + { + SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return(ret); + } break; #endif #ifndef NO_DH case SSL_CTRL_SET_TMP_DH: { DH *dh = (DH *)parg; - if (dh == NULL) { + if (dh == NULL) + { SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); return(ret); - } - if ((dh = DHparams_dup(dh)) == NULL) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); - return(ret); - } - if (!DH_generate_key(dh)) { - DH_free(dh); + } + if ((dh = DHparams_dup(dh)) == NULL) + { SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); return(ret); - } + } + if (!(s->options & SSL_OP_SINGLE_DH_USE)) + { + if (!DH_generate_key(dh)) + { + DH_free(dh); + SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); + return(ret); + } + } if (s->cert->dh_tmp != NULL) DH_free(s->cert->dh_tmp); s->cert->dh_tmp = dh; @@ -680,11 +824,54 @@ char *parg; } break; case SSL_CTRL_SET_TMP_DH_CB: -#ifndef NOPROTO - s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))parg; -#else - s->cert->dh_tmp_cb = (DH *(*)())parg; + { + SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return(ret); + } + break; +#endif + default: + break; + } + return(ret); + } + +long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)()) + { + int ret=0; + +#if !defined(NO_DSA) || !defined(NO_RSA) + if ( +#ifndef NO_RSA + cmd == SSL_CTRL_SET_TMP_RSA_CB || +#endif +#ifndef NO_DSA + cmd == SSL_CTRL_SET_TMP_DH_CB || +#endif + 0) + { + if (!ssl_cert_inst(&s->cert)) + { + SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); + return(0); + } + } +#endif + + switch (cmd) + { +#ifndef NO_RSA + case SSL_CTRL_SET_TMP_RSA_CB: + { + s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; + } + break; #endif +#ifndef NO_DH + case SSL_CTRL_SET_TMP_DH_CB: + { + s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; + } break; #endif default: @@ -693,15 +880,11 @@ char *parg; return(ret); } -long ssl3_ctx_ctrl(ctx,cmd,larg,parg) -SSL_CTX *ctx; -int cmd; -long larg; -char *parg; +long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg) { CERT *cert; - cert=ctx->default_cert; + cert=ctx->cert; switch (cmd) { @@ -744,42 +927,43 @@ char *parg; } /* break; */ case SSL_CTRL_SET_TMP_RSA_CB: -#ifndef NOPROTO - cert->rsa_tmp_cb=(RSA *(*)(SSL *, int, int))parg; -#else - cert->rsa_tmp_cb=(RSA *(*)())parg; -#endif + { + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return(0); + } break; #endif #ifndef NO_DH case SSL_CTRL_SET_TMP_DH: { DH *new=NULL,*dh; - int rret=0; dh=(DH *)parg; - if ( ((new=DHparams_dup(dh)) == NULL) || - (!DH_generate_key(new))) + if ((new=DHparams_dup(dh)) == NULL) { SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); - if (new != NULL) DH_free(new); + return 0; } - else + if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) { - if (cert->dh_tmp != NULL) - DH_free(cert->dh_tmp); - cert->dh_tmp=new; - rret=1; + if (!DH_generate_key(new)) + { + SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); + DH_free(new); + return 0; + } } - return(rret); + if (cert->dh_tmp != NULL) + DH_free(cert->dh_tmp); + cert->dh_tmp=new; + return 1; } /*break; */ case SSL_CTRL_SET_TMP_DH_CB: -#ifndef NOPROTO - cert->dh_tmp_cb=(DH *(*)(SSL *, int, int))parg; -#else - cert->dh_tmp_cb=(DH *(*)())parg; -#endif + { + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return(0); + } break; #endif /* A Thawte special :-) */ @@ -798,10 +982,37 @@ char *parg; return(1); } +long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) + { + CERT *cert; + + cert=ctx->cert; + + switch (cmd) + { +#ifndef NO_RSA + case SSL_CTRL_SET_TMP_RSA_CB: + { + cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; + } + break; +#endif +#ifndef NO_DH + case SSL_CTRL_SET_TMP_DH_CB: + { + cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; + } + break; +#endif + default: + return(0); + } + return(1); + } + /* This function needs to check if the ciphers required are actually * available */ -SSL_CIPHER *ssl3_get_cipher_by_char(p) -const unsigned char *p; +SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) { static int init=1; static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS]; @@ -811,7 +1022,7 @@ const unsigned char *p; if (init) { - init=0; + CRYPTO_w_lock(CRYPTO_LOCK_SSL); for (i=0; ivalid) return(NULL); else return(*cpp); } -int ssl3_put_cipher_by_char(c,p) -const SSL_CIPHER *c; -unsigned char *p; +int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) { long l; @@ -849,38 +1062,16 @@ unsigned char *p; return(2); } -int ssl3_part_read(s,i) -SSL *s; -int i; - { - s->rwstate=SSL_READING; - - if (i < 0) - { - return(i); - } - else - { - s->init_num+=i; - return(0); - } - } - -SSL_CIPHER *ssl3_choose_cipher(s,have,pref) -SSL *s; -STACK_OF(SSL_CIPHER) *have; -STACK_OF(SSL_CIPHER) *pref; +SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *have, + STACK_OF(SSL_CIPHER) *pref) { SSL_CIPHER *c,*ret=NULL; int i,j,ok; CERT *cert; unsigned long alg,mask,emask; - /* Lets see which ciphers we can supported */ - if (s->cert != NULL) - cert=s->cert; - else - cert=s->ctx->default_cert; + /* Let's see which ciphers we can support */ + cert=s->cert; sk_SSL_CIPHER_set_cmp_func(pref,ssl_cipher_ptr_id_cmp); @@ -897,12 +1088,12 @@ STACK_OF(SSL_CIPHER) *pref; { c=sk_SSL_CIPHER_value(have,i); - ssl_set_cert_masks(cert,s->ctx->default_cert,c); + ssl_set_cert_masks(cert,c); mask=cert->mask; emask=cert->export_mask; alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); - if (SSL_IS_EXPORT(c->algorithms)) + if (SSL_C_IS_EXPORT(c)) { ok=((alg & emask) == alg)?1:0; #ifdef CIPHER_DEBUG @@ -931,9 +1122,7 @@ STACK_OF(SSL_CIPHER) *pref; return(ret); } -int ssl3_get_req_cert_type(s,p) -SSL *s; -unsigned char *p; +int ssl3_get_req_cert_type(SSL *s, unsigned char *p) { int ret=0; unsigned long alg; @@ -970,8 +1159,7 @@ unsigned char *p; return(ret); } -int ssl3_shutdown(s) -SSL *s; +int ssl3_shutdown(SSL *s) { /* Don't do anything much if we have not done the handshake or @@ -1011,10 +1199,7 @@ SSL *s; return(0); } -int ssl3_write(s,buf,len) -SSL *s; -const char *buf; -int len; +int ssl3_write(SSL *s, const void *buf, int len) { int ret,n; @@ -1039,7 +1224,7 @@ int len; if (s->s3->delay_buf_pop_ret == 0) { ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, - (char *)buf,len); + buf,len); if (ret <= 0) return(ret); s->s3->delay_buf_pop_ret=ret; @@ -1060,17 +1245,14 @@ int len; else { ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, - (char *)buf,len); + buf,len); if (ret <= 0) return(ret); } return(ret); } -int ssl3_read(s,buf,len) -SSL *s; -char *buf; -int len; +int ssl3_read(SSL *s, void *buf, int len) { int ret; @@ -1080,8 +1262,12 @@ int len; ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len); if ((ret == -1) && (s->s3->in_read_app_data == 0)) { - ERR_get_error(); /* clear the error */ - s->s3->in_read_app_data=0; + /* ssl3_read_bytes decided to call s->handshake_func, which + * called ssl3_read_bytes to read handshake data. + * However, ssl3_read_bytes actually found application data + * and thinks that application data makes sense here (signalled + * by resetting 'in_read_app_data', strangely); so disable + * handshake processing and try to read application data again. */ s->in_handshake++; ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len); s->in_handshake--; @@ -1092,11 +1278,12 @@ int len; return(ret); } -int ssl3_peek(s,buf,len) -SSL *s; -char *buf; -int len; +int ssl3_peek(SSL *s, char *buf, int len) { +#if 1 + SSLerr(SSL_F_SSL3_PEEK, SSL_R_FIXME); /* function is totally broken */ + return -1; +#else SSL3_RECORD *rr; int n; @@ -1115,10 +1302,10 @@ int len; n=len; memcpy(buf,&(rr->data[rr->off]),(unsigned int)n); return(n); +#endif } -int ssl3_renegotiate(s) -SSL *s; +int ssl3_renegotiate(SSL *s) { if (s->handshake_func == NULL) return(1); @@ -1130,8 +1317,7 @@ SSL *s; return(1); } -int ssl3_renegotiate_check(s) -SSL *s; +int ssl3_renegotiate_check(SSL *s) { int ret=0; @@ -1143,7 +1329,7 @@ SSL *s; { /* if we are the server, and we have sent a 'RENEGOTIATE' message, we -need to go to SSL_ST_ACCEPT. +need to go to SSL_ST_ACCEPT. */ /* SSL_ST_ACCEPT */ s->state=SSL_ST_RENEGOTIATE;