Update ssl code to support digests other than MD5+SHA1 in handshake.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 31 Aug 2007 12:42:53 +0000 (12:42 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 31 Aug 2007 12:42:53 +0000 (12:42 +0000)
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>

23 files changed:
CHANGES
crypto/objects/obj_dat.h
crypto/objects/obj_mac.h
crypto/objects/obj_mac.num
crypto/objects/objects.txt
ssl/d1_both.c
ssl/d1_clnt.c
ssl/d1_srvr.c
ssl/s3_both.c
ssl/s3_clnt.c
ssl/s3_enc.c
ssl/s3_lib.c
ssl/s3_pkt.c
ssl/s3_srvr.c
ssl/ssl.h
ssl/ssl3.h
ssl/ssl_ciph.c
ssl/ssl_err.c
ssl/ssl_lib.c
ssl/ssl_locl.h
ssl/t1_enc.c
ssl/tls1.h
util/ssleay.num

diff --git a/CHANGES b/CHANGES
index 4fc69e1..ec91a92 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 0.9.8f and 0.9.9  [xx XXX xxxx]
 
+  *) Update ssl code to support digests other than SHA1+MD5 for handshake
+     MAC. 
+
+     [Victor B. Wagner <vitus@cryptocom.ru>]
+
   *) Add RFC4507 support to OpenSSL. This includes the corrections in
      RFC4507bis. The encrypted ticket format is an encrypted encoded
      SSL_SESSION structure, that way new session features are automatically
index 872d79b..66b9c87 100644 (file)
@@ -62,7 +62,7 @@
  * [including the GNU Public Licence.]
  */
 
-#define NUM_NID 842
+#define NUM_NID 844
 #define NUM_SN 838
 #define NUM_LN 838
 #define NUM_OBJ 792
@@ -807,59 +807,59 @@ static unsigned char lvalues[5598]={
 0x2A,0x85,0x03,0x02,0x02,0x13,               /* [5195] OBJ_id_GostR3410_2001 */
 0x2A,0x85,0x03,0x02,0x02,0x14,               /* [5201] OBJ_id_GostR3410_94 */
 0x2A,0x85,0x03,0x02,0x02,0x15,               /* [5207] OBJ_id_Gost28147_89 */
-0x2A,0x85,0x03,0x02,0x02,0x16,               /* [5213] OBJ_id_Gost28147_89_MAC */
-0x2A,0x85,0x03,0x02,0x02,0x17,               /* [5219] OBJ_id_GostR3411_94_prf */
-0x2A,0x85,0x03,0x02,0x02,0x62,               /* [5225] OBJ_id_GostR3410_2001DH */
-0x2A,0x85,0x03,0x02,0x02,0x63,               /* [5231] OBJ_id_GostR3410_94DH */
-0x2A,0x85,0x03,0x02,0x02,0x0E,0x01,          /* [5237] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */
-0x2A,0x85,0x03,0x02,0x02,0x0E,0x00,          /* [5244] OBJ_id_Gost28147_89_None_KeyMeshing */
-0x2A,0x85,0x03,0x02,0x02,0x1E,0x00,          /* [5251] OBJ_id_GostR3411_94_TestParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1E,0x01,          /* [5258] OBJ_id_GostR3411_94_CryptoProParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x00,          /* [5265] OBJ_id_Gost28147_89_TestParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x01,          /* [5272] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x02,          /* [5279] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x03,          /* [5286] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x04,          /* [5293] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x05,          /* [5300] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x06,          /* [5307] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x07,          /* [5314] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x20,0x00,          /* [5321] OBJ_id_GostR3410_94_TestParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x20,0x02,          /* [5328] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x20,0x03,          /* [5335] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x20,0x04,          /* [5342] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x20,0x05,          /* [5349] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x21,0x01,          /* [5356] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x21,0x02,          /* [5363] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x21,0x03,          /* [5370] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x23,0x00,          /* [5377] OBJ_id_GostR3410_2001_TestParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x23,0x01,          /* [5384] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x23,0x02,          /* [5391] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x23,0x03,          /* [5398] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x24,0x00,          /* [5405] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x24,0x01,          /* [5412] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x14,0x01,          /* [5419] OBJ_id_GostR3410_94_a */
-0x2A,0x85,0x03,0x02,0x02,0x14,0x02,          /* [5426] OBJ_id_GostR3410_94_aBis */
-0x2A,0x85,0x03,0x02,0x02,0x14,0x03,          /* [5433] OBJ_id_GostR3410_94_b */
-0x2A,0x85,0x03,0x02,0x02,0x14,0x04,          /* [5440] OBJ_id_GostR3410_94_bBis */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01,     /* [5447] OBJ_id_Gost28147_89_cc */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03,     /* [5455] OBJ_id_GostR3410_94_cc */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04,     /* [5463] OBJ_id_GostR3410_2001_cc */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03,     /* [5471] OBJ_id_GostR3411_94_with_GostR3410_94_cc */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04,     /* [5479] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01,     /* [5487] OBJ_id_GostR3410_2001_ParamSet_cc */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02,          /* [5495] OBJ_ecdsa_with_Recommended */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,          /* [5502] OBJ_ecdsa_with_Specified */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01,     /* [5509] OBJ_ecdsa_with_SHA224 */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02,     /* [5517] OBJ_ecdsa_with_SHA256 */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03,     /* [5525] OBJ_ecdsa_with_SHA384 */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04,     /* [5533] OBJ_ecdsa_with_SHA512 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5541] OBJ_dsa_with_SHA224 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5550] OBJ_dsa_with_SHA256 */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,               /* [5559] OBJ_kisa */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03,     /* [5565] OBJ_seed_ecb */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04,     /* [5573] OBJ_seed_cbc */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05,     /* [5581] OBJ_seed_cfb128 */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06,     /* [5589] OBJ_seed_ofb128 */
+0x2A,0x85,0x03,0x02,0x02,0x17,               /* [5213] OBJ_id_GostR3411_94_prf */
+0x2A,0x85,0x03,0x02,0x02,0x62,               /* [5219] OBJ_id_GostR3410_2001DH */
+0x2A,0x85,0x03,0x02,0x02,0x63,               /* [5225] OBJ_id_GostR3410_94DH */
+0x2A,0x85,0x03,0x02,0x02,0x0E,0x01,          /* [5231] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */
+0x2A,0x85,0x03,0x02,0x02,0x0E,0x00,          /* [5238] OBJ_id_Gost28147_89_None_KeyMeshing */
+0x2A,0x85,0x03,0x02,0x02,0x1E,0x00,          /* [5245] OBJ_id_GostR3411_94_TestParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x1E,0x01,          /* [5252] OBJ_id_GostR3411_94_CryptoProParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x1F,0x00,          /* [5259] OBJ_id_Gost28147_89_TestParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x1F,0x01,          /* [5266] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x1F,0x02,          /* [5273] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x1F,0x03,          /* [5280] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x1F,0x04,          /* [5287] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x1F,0x05,          /* [5294] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x1F,0x06,          /* [5301] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x1F,0x07,          /* [5308] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x20,0x00,          /* [5315] OBJ_id_GostR3410_94_TestParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x20,0x02,          /* [5322] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x20,0x03,          /* [5329] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x20,0x04,          /* [5336] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x20,0x05,          /* [5343] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x21,0x01,          /* [5350] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x21,0x02,          /* [5357] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x21,0x03,          /* [5364] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x23,0x00,          /* [5371] OBJ_id_GostR3410_2001_TestParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x23,0x01,          /* [5378] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x23,0x02,          /* [5385] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x23,0x03,          /* [5392] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x24,0x00,          /* [5399] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x24,0x01,          /* [5406] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x14,0x01,          /* [5413] OBJ_id_GostR3410_94_a */
+0x2A,0x85,0x03,0x02,0x02,0x14,0x02,          /* [5420] OBJ_id_GostR3410_94_aBis */
+0x2A,0x85,0x03,0x02,0x02,0x14,0x03,          /* [5427] OBJ_id_GostR3410_94_b */
+0x2A,0x85,0x03,0x02,0x02,0x14,0x04,          /* [5434] OBJ_id_GostR3410_94_bBis */
+0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01,     /* [5441] OBJ_id_Gost28147_89_cc */
+0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03,     /* [5449] OBJ_id_GostR3410_94_cc */
+0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04,     /* [5457] OBJ_id_GostR3410_2001_cc */
+0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03,     /* [5465] OBJ_id_GostR3411_94_with_GostR3410_94_cc */
+0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04,     /* [5473] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
+0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01,     /* [5481] OBJ_id_GostR3410_2001_ParamSet_cc */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02,          /* [5489] OBJ_ecdsa_with_Recommended */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,          /* [5496] OBJ_ecdsa_with_Specified */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01,     /* [5503] OBJ_ecdsa_with_SHA224 */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02,     /* [5511] OBJ_ecdsa_with_SHA256 */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03,     /* [5519] OBJ_ecdsa_with_SHA384 */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04,     /* [5527] OBJ_ecdsa_with_SHA512 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5535] OBJ_dsa_with_SHA224 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5544] OBJ_dsa_with_SHA256 */
+0x2A,0x83,0x1A,0x8C,0x9A,0x44,               /* [5553] OBJ_kisa */
+0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03,     /* [5559] OBJ_seed_ecb */
+0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04,     /* [5567] OBJ_seed_cbc */
+0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05,     /* [5575] OBJ_seed_cfb128 */
+0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06,     /* [5583] OBJ_seed_ofb128 */
+0x2A,0x85,0x03,0x02,0x02,0x16,               /* [5591] OBJ_id_Gost28147_89_MAC */
 };
 
 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2089,137 +2089,139 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
        &(lvalues[5195]),0},
 {"gost94","GOST R 34.10-94",NID_id_GostR3410_94,6,&(lvalues[5201]),0},
 {"gost89","GOST 28147-89",NID_id_Gost28147_89,6,&(lvalues[5207]),0},
-{"id-Gost28147-89-MAC","GOST 28147-89 MAC",NID_id_Gost28147_89_MAC,6,
-       &(lvalues[5213]),0},
+{NULL,NULL,NID_undef,0,NULL,0},
 {"prf-gostr3411-94","GOST R 34.11-94 PRF",NID_id_GostR3411_94_prf,6,
-       &(lvalues[5219]),0},
+       &(lvalues[5213]),0},
 {"id-GostR3410-2001DH","GOST R 34.10-2001 DH",NID_id_GostR3410_2001DH,
-       6,&(lvalues[5225]),0},
+       6,&(lvalues[5219]),0},
 {"id-GostR3410-94DH","GOST R 34.10-94 DH",NID_id_GostR3410_94DH,6,
-       &(lvalues[5231]),0},
+       &(lvalues[5225]),0},
 {"id-Gost28147-89-CryptoPro-KeyMeshing",
        "id-Gost28147-89-CryptoPro-KeyMeshing",
-       NID_id_Gost28147_89_CryptoPro_KeyMeshing,7,&(lvalues[5237]),0},
+       NID_id_Gost28147_89_CryptoPro_KeyMeshing,7,&(lvalues[5231]),0},
 {"id-Gost28147-89-None-KeyMeshing","id-Gost28147-89-None-KeyMeshing",
-       NID_id_Gost28147_89_None_KeyMeshing,7,&(lvalues[5244]),0},
+       NID_id_Gost28147_89_None_KeyMeshing,7,&(lvalues[5238]),0},
 {"id-GostR3411-94-TestParamSet","id-GostR3411-94-TestParamSet",
-       NID_id_GostR3411_94_TestParamSet,7,&(lvalues[5251]),0},
+       NID_id_GostR3411_94_TestParamSet,7,&(lvalues[5245]),0},
 {"id-GostR3411-94-CryptoProParamSet",
        "id-GostR3411-94-CryptoProParamSet",
-       NID_id_GostR3411_94_CryptoProParamSet,7,&(lvalues[5258]),0},
+       NID_id_GostR3411_94_CryptoProParamSet,7,&(lvalues[5252]),0},
 {"id-Gost28147-89-TestParamSet","id-Gost28147-89-TestParamSet",
-       NID_id_Gost28147_89_TestParamSet,7,&(lvalues[5265]),0},
+       NID_id_Gost28147_89_TestParamSet,7,&(lvalues[5259]),0},
 {"id-Gost28147-89-CryptoPro-A-ParamSet",
        "id-Gost28147-89-CryptoPro-A-ParamSet",
-       NID_id_Gost28147_89_CryptoPro_A_ParamSet,7,&(lvalues[5272]),0},
+       NID_id_Gost28147_89_CryptoPro_A_ParamSet,7,&(lvalues[5266]),0},
 {"id-Gost28147-89-CryptoPro-B-ParamSet",
        "id-Gost28147-89-CryptoPro-B-ParamSet",
-       NID_id_Gost28147_89_CryptoPro_B_ParamSet,7,&(lvalues[5279]),0},
+       NID_id_Gost28147_89_CryptoPro_B_ParamSet,7,&(lvalues[5273]),0},
 {"id-Gost28147-89-CryptoPro-C-ParamSet",
        "id-Gost28147-89-CryptoPro-C-ParamSet",
-       NID_id_Gost28147_89_CryptoPro_C_ParamSet,7,&(lvalues[5286]),0},
+       NID_id_Gost28147_89_CryptoPro_C_ParamSet,7,&(lvalues[5280]),0},
 {"id-Gost28147-89-CryptoPro-D-ParamSet",
        "id-Gost28147-89-CryptoPro-D-ParamSet",
-       NID_id_Gost28147_89_CryptoPro_D_ParamSet,7,&(lvalues[5293]),0},
+       NID_id_Gost28147_89_CryptoPro_D_ParamSet,7,&(lvalues[5287]),0},
 {"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet",
        "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet",
-       NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,7,&(lvalues[5300]),
+       NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,7,&(lvalues[5294]),
        0},
 {"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet",
        "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet",
-       NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,7,&(lvalues[5307]),
+       NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,7,&(lvalues[5301]),
        0},
 {"id-Gost28147-89-CryptoPro-RIC-1-ParamSet",
        "id-Gost28147-89-CryptoPro-RIC-1-ParamSet",
-       NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet,7,&(lvalues[5314]),0},
+       NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet,7,&(lvalues[5308]),0},
 {"id-GostR3410-94-TestParamSet","id-GostR3410-94-TestParamSet",
-       NID_id_GostR3410_94_TestParamSet,7,&(lvalues[5321]),0},
+       NID_id_GostR3410_94_TestParamSet,7,&(lvalues[5315]),0},
 {"id-GostR3410-94-CryptoPro-A-ParamSet",
        "id-GostR3410-94-CryptoPro-A-ParamSet",
-       NID_id_GostR3410_94_CryptoPro_A_ParamSet,7,&(lvalues[5328]),0},
+       NID_id_GostR3410_94_CryptoPro_A_ParamSet,7,&(lvalues[5322]),0},
 {"id-GostR3410-94-CryptoPro-B-ParamSet",
        "id-GostR3410-94-CryptoPro-B-ParamSet",
-       NID_id_GostR3410_94_CryptoPro_B_ParamSet,7,&(lvalues[5335]),0},
+       NID_id_GostR3410_94_CryptoPro_B_ParamSet,7,&(lvalues[5329]),0},
 {"id-GostR3410-94-CryptoPro-C-ParamSet",
        "id-GostR3410-94-CryptoPro-C-ParamSet",
-       NID_id_GostR3410_94_CryptoPro_C_ParamSet,7,&(lvalues[5342]),0},
+       NID_id_GostR3410_94_CryptoPro_C_ParamSet,7,&(lvalues[5336]),0},
 {"id-GostR3410-94-CryptoPro-D-ParamSet",
        "id-GostR3410-94-CryptoPro-D-ParamSet",
-       NID_id_GostR3410_94_CryptoPro_D_ParamSet,7,&(lvalues[5349]),0},
+       NID_id_GostR3410_94_CryptoPro_D_ParamSet,7,&(lvalues[5343]),0},
 {"id-GostR3410-94-CryptoPro-XchA-ParamSet",
        "id-GostR3410-94-CryptoPro-XchA-ParamSet",
-       NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,7,&(lvalues[5356]),0},
+       NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,7,&(lvalues[5350]),0},
 {"id-GostR3410-94-CryptoPro-XchB-ParamSet",
        "id-GostR3410-94-CryptoPro-XchB-ParamSet",
-       NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,7,&(lvalues[5363]),0},
+       NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,7,&(lvalues[5357]),0},
 {"id-GostR3410-94-CryptoPro-XchC-ParamSet",
        "id-GostR3410-94-CryptoPro-XchC-ParamSet",
-       NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,7,&(lvalues[5370]),0},
+       NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,7,&(lvalues[5364]),0},
 {"id-GostR3410-2001-TestParamSet","id-GostR3410-2001-TestParamSet",
-       NID_id_GostR3410_2001_TestParamSet,7,&(lvalues[5377]),0},
+       NID_id_GostR3410_2001_TestParamSet,7,&(lvalues[5371]),0},
 {"id-GostR3410-2001-CryptoPro-A-ParamSet",
        "id-GostR3410-2001-CryptoPro-A-ParamSet",
-       NID_id_GostR3410_2001_CryptoPro_A_ParamSet,7,&(lvalues[5384]),0},
+       NID_id_GostR3410_2001_CryptoPro_A_ParamSet,7,&(lvalues[5378]),0},
 {"id-GostR3410-2001-CryptoPro-B-ParamSet",
        "id-GostR3410-2001-CryptoPro-B-ParamSet",
-       NID_id_GostR3410_2001_CryptoPro_B_ParamSet,7,&(lvalues[5391]),0},
+       NID_id_GostR3410_2001_CryptoPro_B_ParamSet,7,&(lvalues[5385]),0},
 {"id-GostR3410-2001-CryptoPro-C-ParamSet",
        "id-GostR3410-2001-CryptoPro-C-ParamSet",
-       NID_id_GostR3410_2001_CryptoPro_C_ParamSet,7,&(lvalues[5398]),0},
+       NID_id_GostR3410_2001_CryptoPro_C_ParamSet,7,&(lvalues[5392]),0},
 {"id-GostR3410-2001-CryptoPro-XchA-ParamSet",
        "id-GostR3410-2001-CryptoPro-XchA-ParamSet",
-       NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,7,&(lvalues[5405]),0},
+       NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,7,&(lvalues[5399]),0},
        
 {"id-GostR3410-2001-CryptoPro-XchB-ParamSet",
        "id-GostR3410-2001-CryptoPro-XchB-ParamSet",
-       NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,7,&(lvalues[5412]),0},
+       NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,7,&(lvalues[5406]),0},
        
 {"id-GostR3410-94-a","id-GostR3410-94-a",NID_id_GostR3410_94_a,7,
-       &(lvalues[5419]),0},
+       &(lvalues[5413]),0},
 {"id-GostR3410-94-aBis","id-GostR3410-94-aBis",
-       NID_id_GostR3410_94_aBis,7,&(lvalues[5426]),0},
+       NID_id_GostR3410_94_aBis,7,&(lvalues[5420]),0},
 {"id-GostR3410-94-b","id-GostR3410-94-b",NID_id_GostR3410_94_b,7,
-       &(lvalues[5433]),0},
+       &(lvalues[5427]),0},
 {"id-GostR3410-94-bBis","id-GostR3410-94-bBis",
-       NID_id_GostR3410_94_bBis,7,&(lvalues[5440]),0},
+       NID_id_GostR3410_94_bBis,7,&(lvalues[5434]),0},
 {"id-Gost28147-89-cc","GOST 28147-89 Cryptocom ParamSet",
-       NID_id_Gost28147_89_cc,8,&(lvalues[5447]),0},
+       NID_id_Gost28147_89_cc,8,&(lvalues[5441]),0},
 {"gost94cc","GOST 34.10-94 Cryptocom",NID_id_GostR3410_94_cc,8,
-       &(lvalues[5455]),0},
+       &(lvalues[5449]),0},
 {"gost2001cc","GOST 34.10-2001 Cryptocom",NID_id_GostR3410_2001_cc,8,
-       &(lvalues[5463]),0},
+       &(lvalues[5457]),0},
 {"id-GostR3411-94-with-GostR3410-94-cc",
        "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom",
-       NID_id_GostR3411_94_with_GostR3410_94_cc,8,&(lvalues[5471]),0},
+       NID_id_GostR3411_94_with_GostR3410_94_cc,8,&(lvalues[5465]),0},
 {"id-GostR3411-94-with-GostR3410-2001-cc",
        "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom",
-       NID_id_GostR3411_94_with_GostR3410_2001_cc,8,&(lvalues[5479]),0},
+       NID_id_GostR3411_94_with_GostR3410_2001_cc,8,&(lvalues[5473]),0},
 {"id-GostR3410-2001-ParamSet-cc",
        "GOST R 3410-2001 Parameter Set Cryptocom",
-       NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5487]),0},
+       NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5481]),0},
 {"ecdsa-with-Recommended","ecdsa-with-Recommended",
-       NID_ecdsa_with_Recommended,7,&(lvalues[5495]),0},
+       NID_ecdsa_with_Recommended,7,&(lvalues[5489]),0},
 {"ecdsa-with-Specified","ecdsa-with-Specified",
-       NID_ecdsa_with_Specified,7,&(lvalues[5502]),0},
+       NID_ecdsa_with_Specified,7,&(lvalues[5496]),0},
 {"ecdsa-with-SHA224","ecdsa-with-SHA224",NID_ecdsa_with_SHA224,8,
-       &(lvalues[5509]),0},
+       &(lvalues[5503]),0},
 {"ecdsa-with-SHA256","ecdsa-with-SHA256",NID_ecdsa_with_SHA256,8,
-       &(lvalues[5517]),0},
+       &(lvalues[5511]),0},
 {"ecdsa-with-SHA384","ecdsa-with-SHA384",NID_ecdsa_with_SHA384,8,
-       &(lvalues[5525]),0},
+       &(lvalues[5519]),0},
 {"ecdsa-with-SHA512","ecdsa-with-SHA512",NID_ecdsa_with_SHA512,8,
-       &(lvalues[5533]),0},
+       &(lvalues[5527]),0},
 {"dsa_with_SHA224","dsa_with_SHA224",NID_dsa_with_SHA224,9,
-       &(lvalues[5541]),0},
+       &(lvalues[5535]),0},
 {"dsa_with_SHA256","dsa_with_SHA256",NID_dsa_with_SHA256,9,
-       &(lvalues[5550]),0},
+       &(lvalues[5544]),0},
 {"gost89-cnt","gost89-cnt",NID_gost89_cnt,0,NULL,0},
 {"HMAC","hmac",NID_hmac,0,NULL,0},
-{"KISA","kisa",NID_kisa,6,&(lvalues[5559]),0},
-{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5565]),0},
-{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5573]),0},
-{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5581]),0},
-{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5589]),0},
+{"KISA","kisa",NID_kisa,6,&(lvalues[5553]),0},
+{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5559]),0},
+{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5567]),0},
+{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5575]),0},
+{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5583]),0},
+{NULL,NULL,NID_undef,0,NULL,0},
+{"gost-mac","GOST 28147-89 MAC",NID_id_Gost28147_89_MAC,6,
+       &(lvalues[5591]),0},
 };
 
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -2498,6 +2500,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[490]),/* "friendlyCountryName" */
 &(nid_objs[156]),/* "friendlyName" */
 &(nid_objs[509]),/* "generationQualifier" */
+&(nid_objs[843]),/* "gost-mac" */
 &(nid_objs[784]),/* "gost2001" */
 &(nid_objs[823]),/* "gost2001cc" */
 &(nid_objs[786]),/* "gost89" */
@@ -2526,7 +2529,6 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[801]),/* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
 &(nid_objs[800]),/* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
 &(nid_objs[802]),/* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
-&(nid_objs[787]),/* "id-Gost28147-89-MAC" */
 &(nid_objs[792]),/* "id-Gost28147-89-None-KeyMeshing" */
 &(nid_objs[795]),/* "id-Gost28147-89-TestParamSet" */
 &(nid_objs[821]),/* "id-Gost28147-89-cc" */
@@ -3082,7 +3084,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[172]),/* "Extension Request" */
 &(nid_objs[786]),/* "GOST 28147-89" */
 &(nid_objs[821]),/* "GOST 28147-89 Cryptocom ParamSet" */
-&(nid_objs[787]),/* "GOST 28147-89 MAC" */
+&(nid_objs[843]),/* "GOST 28147-89 MAC" */
 &(nid_objs[823]),/* "GOST 34.10-2001 Cryptocom" */
 &(nid_objs[822]),/* "GOST 34.10-94 Cryptocom" */
 &(nid_objs[784]),/* "GOST R 34.10-2001" */
@@ -4186,7 +4188,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[784]),/* OBJ_id_GostR3410_2001            1 2 643 2 2 19 */
 &(nid_objs[785]),/* OBJ_id_GostR3410_94              1 2 643 2 2 20 */
 &(nid_objs[786]),/* OBJ_id_Gost28147_89              1 2 643 2 2 21 */
-&(nid_objs[787]),/* OBJ_id_Gost28147_89_MAC          1 2 643 2 2 22 */
+&(nid_objs[843]),/* OBJ_id_Gost28147_89_MAC          1 2 643 2 2 22 */
 &(nid_objs[788]),/* OBJ_id_GostR3411_94_prf          1 2 643 2 2 23 */
 &(nid_objs[789]),/* OBJ_id_GostR3410_2001DH          1 2 643 2 2 98 */
 &(nid_objs[790]),/* OBJ_id_GostR3410_94DH            1 2 643 2 2 99 */
index 68e3ecf..ff25f9c 100644 (file)
 #define SN_gost89_cnt          "gost89-cnt"
 #define NID_gost89_cnt         835
 
-#define SN_id_Gost28147_89_MAC         "id-Gost28147-89-MAC"
-#define LN_id_Gost28147_89_MAC         "GOST 28147-89 MAC"
-#define NID_id_Gost28147_89_MAC                787
-#define OBJ_id_Gost28147_89_MAC                OBJ_cryptopro,22L
+#define SN_id_Gost28147_89_MAC                                 "gost-mac"
+#define LN_id_Gost28147_89_MAC                                 "GOST 28147-89 MAC"
+#define NID_id_Gost28147_89_MAC                                        843
+#define OBJ_id_Gost28147_89_MAC                                        OBJ_cryptopro,22L
 
 #define SN_id_GostR3411_94_prf         "prf-gostr3411-94"
 #define LN_id_GostR3411_94_prf         "GOST R 34.11-94 PRF"
index 5386af0..856a7b7 100644 (file)
@@ -839,3 +839,5 @@ seed_ecb            838
 seed_cbc               839
 seed_cfb128            840
 seed_ofb128            841
+id_Gost28147_89_MAC            842
+id_Gost28147_89_MAC                                    843
index 628ec28..4c1cb56 100644 (file)
@@ -1092,7 +1092,8 @@ cryptopro 20              : gost94        : GOST R 34.10-94
 !Cname id-Gost28147-89
 cryptopro 21           : gost89                : GOST 28147-89
                        : gost89-cnt
-cryptopro 22           : id-Gost28147-89-MAC   : GOST 28147-89 MAC
+!Cname id-Gost28147-89-MAC                     
+cryptopro 22           : gost-mac      : GOST 28147-89 MAC
 !Cname id-GostR3411-94-prf
 cryptopro 23           : prf-gostr3411-94      : GOST R 34.11-94 PRF
 cryptopro 98           : id-GostR3410-2001DH   : GOST R 34.10-2001 DH
index ffac2c2..8d1f92c 100644 (file)
@@ -768,8 +768,6 @@ int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
                p= &(d[DTLS1_HM_HEADER_LENGTH]);
 
                i=s->method->ssl3_enc->final_finish_mac(s,
-                       &(s->s3->finish_dgst1),
-                       &(s->s3->finish_dgst2),
                        sender,slen,s->s3->tmp.finish_md);
                s->s3->tmp.finish_md_len = i;
                memcpy(p, s->s3->tmp.finish_md, i);
index 486bd32..1826226 100644 (file)
@@ -998,14 +998,16 @@ int dtls1_send_client_verify(SSL *s)
                p= &(d[DTLS1_HM_HEADER_LENGTH]);
                pkey=s->cert->key->privatekey;
 
-               s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
+               s->method->ssl3_enc->cert_verify_mac(s,
+               NID_sha1,
                        &(data[MD5_DIGEST_LENGTH]));
 
 #ifndef OPENSSL_NO_RSA
                if (pkey->type == EVP_PKEY_RSA)
                        {
                        s->method->ssl3_enc->cert_verify_mac(s,
-                               &(s->s3->finish_dgst1),&(data[0]));
+                               NID_md5,
+                               &(data[0]));
                        if (RSA_sign(NID_md5_sha1, data,
                                         MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
                                        &(p[2]), &u, pkey->pkey.rsa) <= 0 )
index 0fc4007..1b2ccb8 100644 (file)
@@ -446,10 +446,10 @@ int dtls1_accept(SSL *s)
                        /* We need to get hashes here so if there is
                         * a client cert, it can be verified */ 
                        s->method->ssl3_enc->cert_verify_mac(s,
-                               &(s->s3->finish_dgst1),
+                               NID_md5,
                                &(s->s3->tmp.cert_verify_md[0]));
                        s->method->ssl3_enc->cert_verify_mac(s,
-                               &(s->s3->finish_dgst2),
+                               NID_sha1,
                                &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
 
                        break;
index aaf1c2f..1a45e67 100644 (file)
@@ -160,8 +160,6 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
                p= &(d[4]);
 
                i=s->method->ssl3_enc->final_finish_mac(s,
-                       &(s->s3->finish_dgst1),
-                       &(s->s3->finish_dgst2),
                        sender,slen,s->s3->tmp.finish_md);
                s->s3->tmp.finish_md_len = i;
                memcpy(p, s->s3->tmp.finish_md, i);
@@ -518,9 +516,16 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
        else if (i == EVP_PKEY_EC)
                {
                ret = SSL_PKEY_ECC;
-               }
+               }       
 #endif
-
+       else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) 
+               {
+               ret = SSL_PKEY_GOST94;
+               }
+       else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) 
+               {
+               ret = SSL_PKEY_GOST01;
+               }
 err:
        if(!pkey) EVP_PKEY_free(pk);
        return(ret);
index 0b8d89d..2d1b1a5 100644 (file)
@@ -824,6 +824,7 @@ int ssl3_get_server_hello(SSL *s)
                        }
                }
        s->s3->tmp.new_cipher=c;
+       ssl3_digest_cached_records(s);
 
        /* lets get the compression algorithm */
        /* COMPRESSION */
@@ -2415,14 +2416,16 @@ int ssl3_send_client_verify(SSL *s)
                p= &(d[4]);
                pkey=s->cert->key->privatekey;
 
-               s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
+               s->method->ssl3_enc->cert_verify_mac(s,
+                       NID_sha1,
                        &(data[MD5_DIGEST_LENGTH]));
 
 #ifndef OPENSSL_NO_RSA
                if (pkey->type == EVP_PKEY_RSA)
                        {
                        s->method->ssl3_enc->cert_verify_mac(s,
-                               &(s->s3->finish_dgst1),&(data[0]));
+                               NID_md5,
+                               &(data[0]));
                        if (RSA_sign(NID_md5_sha1, data,
                                         MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
                                        &(p[2]), &u, pkey->pkey.rsa) <= 0 )
index 010069b..7049be2 100644 (file)
@@ -155,10 +155,8 @@ static unsigned char ssl3_pad_2[48]={
        0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
        0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
        0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c };
-
-static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
+static int ssl3_handshake_mac(SSL *s, int md_nid,
        const char *sender, int len, unsigned char *p);
-
 static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
        {
        EVP_MD_CTX m5;
@@ -545,46 +543,116 @@ int ssl3_enc(SSL *s, int send)
 
 void ssl3_init_finished_mac(SSL *s)
        {
-       EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL);
-       EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL);
+       if (s->s3->handshake_buffer) BIO_free(s->s3->handshake_buffer);
+       if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
+    s->s3->handshake_buffer=BIO_new(BIO_s_mem());      
+       BIO_set_close(s->s3->handshake_buffer,BIO_CLOSE);
        }
 
+void ssl3_free_digest_list(SSL *s) 
+       {
+       int i;
+       if (!s->s3->handshake_dgst) return;
+       for (i=0;i<SSL_MAX_DIGEST;i++) 
+               {
+               if (s->s3->handshake_dgst[i])
+                       EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]);
+               }
+       OPENSSL_free(s->s3->handshake_dgst);
+       s->s3->handshake_dgst=NULL;
+       }       
+               
+
+
 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
        {
-       EVP_DigestUpdate(&(s->s3->finish_dgst1),buf,len);
-       EVP_DigestUpdate(&(s->s3->finish_dgst2),buf,len);
+       if (s->s3->handshake_buffer) 
+               {
+               BIO_write (s->s3->handshake_buffer,(void *)buf,len);
+               } 
+       else 
+               {
+               int i;
+               for (i=0;i< SSL_MAX_DIGEST;i++) 
+                       {
+                       if (s->s3->handshake_dgst[i]!= NULL)
+                       EVP_DigestUpdate(s->s3->handshake_dgst[i],buf,len);
+                       }
+               }       
        }
+void ssl3_digest_cached_records(SSL *s)
+       {
+               int i;
+               long mask;
+               const EVP_MD *md;
+               long hdatalen;
+               void *hdata;
+               /* Allocate handshake_dgst array */
+               ssl3_free_digest_list(s);
+               s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));
+               memset(s->s3->handshake_dgst,0,SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *));
+               hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,&hdata);
+               /* Loop through bitso of algorithm2 field and create MD_CTX-es */
+               for (i=0;ssl_get_handshake_digest(i,&mask,&md); i++) 
+                       {
+                               if ((mask & s->s3->tmp.new_cipher->algorithm2) && md) 
+                               {
+                                       s->s3->handshake_dgst[i]=EVP_MD_CTX_create();
+                                       EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL);
+                                       EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen);
+                               } 
+                               else 
+                               {       
+                                       s->s3->handshake_dgst[i]=NULL;
+                               }
+                       }
+               /* Free handshake_buffer BIO */
+               BIO_free(s->s3->handshake_buffer);
+               s->s3->handshake_buffer = NULL;
 
-int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *ctx, unsigned char *p)
+       }
+int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)
        {
-       return(ssl3_handshake_mac(s,ctx,NULL,0,p));
+       return(ssl3_handshake_mac(s,md_nid,NULL,0,p));
        }
-
-int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
+int ssl3_final_finish_mac(SSL *s, 
             const char *sender, int len, unsigned char *p)
        {
        int ret;
-
-       ret=ssl3_handshake_mac(s,ctx1,sender,len,p);
+       ret=ssl3_handshake_mac(s,NID_md5,sender,len,p);
        p+=ret;
-       ret+=ssl3_handshake_mac(s,ctx2,sender,len,p);
+       ret+=ssl3_handshake_mac(s,NID_sha1,sender,len,p);
        return(ret);
        }
-
-static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
+static int ssl3_handshake_mac(SSL *s, int md_nid,
             const char *sender, int len, unsigned char *p)
        {
        unsigned int ret;
        int npad,n;
        unsigned int i;
        unsigned char md_buf[EVP_MAX_MD_SIZE];
-       EVP_MD_CTX ctx;
+       EVP_MD_CTX ctx,*d=NULL;
+       if (s->s3->handshake_buffer) 
+               ssl3_digest_cached_records(s);
 
+       /* Search for djgest of specified type  in the handshake_dgst
+        * array*/
+       for (i=0;i<SSL_MAX_DIGEST;i++) 
+               {
+                 if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid) 
+                       {
+                       d=s->s3->handshake_dgst[i];
+                       break;
+                       }
+               }
+       if (!d) {
+               SSLerr(SSL_F_SSL3_HANDSHAKE_MAC,SSL_R_NO_REQUIRED_DIGEST);
+               return 0;
+       }       
        EVP_MD_CTX_init(&ctx);
-       EVP_MD_CTX_copy_ex(&ctx,in_ctx);
+       EVP_MD_CTX_copy_ex(&ctx,d);
        n=EVP_MD_CTX_size(&ctx);
        npad=(48/n)*n;
-
        if (sender != NULL)
                EVP_DigestUpdate(&ctx,sender,len);
        EVP_DigestUpdate(&ctx,s->session->master_key,
index 7a4ddd8..b2d1fef 100644 (file)
@@ -181,7 +181,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_MD5,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_STRONG_NONE,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
        0,
        },
@@ -197,7 +197,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_STRONG_NONE,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
        0,
        },
@@ -213,7 +213,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_MD5,
        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        128,
        },
@@ -229,7 +229,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_MD5,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -245,7 +245,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -261,7 +261,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_MD5,
        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        128,
        },
@@ -278,7 +278,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -295,7 +295,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        56,
        },
@@ -311,7 +311,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        56,
        56,
        },
@@ -327,7 +327,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
        },
@@ -344,7 +344,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        56,
        },
@@ -360,7 +360,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        56,
        56,
        },
@@ -376,7 +376,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
        },
@@ -392,7 +392,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        56,
        },
@@ -408,7 +408,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        56,
        56,
        },
@@ -424,7 +424,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
        },
@@ -441,7 +441,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        56,
        },
@@ -457,7 +457,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        56,
        56,
        },
@@ -473,7 +473,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
        },
@@ -489,7 +489,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        56,
        },
@@ -505,7 +505,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        56,
        56,
        },
@@ -521,7 +521,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
        },
@@ -537,7 +537,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_MD5,
        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        128,
        },
@@ -553,7 +553,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_MD5,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -569,7 +569,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        128,
        },
@@ -585,7 +585,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        56,
        56,
        },
@@ -601,7 +601,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
        },
@@ -619,7 +619,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_STRONG_NONE,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
        0,
        },
@@ -635,7 +635,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_STRONG_NONE,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
        0,
        },
@@ -651,7 +651,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -670,7 +670,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        56,
        56,
        },
@@ -686,7 +686,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
        },
@@ -702,7 +702,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -718,7 +718,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -734,7 +734,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_MD5,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        56,
        56,
        },
@@ -750,7 +750,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_MD5,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
        },
@@ -766,7 +766,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_MD5,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -782,7 +782,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_MD5,
        SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -798,7 +798,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        56,
        },
@@ -814,7 +814,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        128,
        },
@@ -830,7 +830,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        128,
        },
@@ -846,7 +846,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_MD5,
        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        56,
        },
@@ -862,7 +862,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_MD5,
        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        128,
        },
@@ -878,7 +878,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_MD5,
        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        128,
        },
@@ -896,7 +896,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -911,7 +911,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -926,7 +926,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -941,7 +941,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -956,7 +956,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -971,7 +971,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -987,7 +987,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
        },
@@ -1002,7 +1002,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
        },
@@ -1018,7 +1018,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
        },
@@ -1034,7 +1034,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
        },
@@ -1050,7 +1050,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
        },
@@ -1066,7 +1066,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
        },
@@ -1085,7 +1085,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1101,7 +1101,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1117,7 +1117,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1133,7 +1133,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1149,7 +1149,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1165,7 +1165,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1185,7 +1185,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_MD5,
        SSL_TLSV1,
        SSL_EXPORT|SSL_EXP56,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        56,
        128,
        },
@@ -1201,7 +1201,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_MD5,
        SSL_TLSV1,
        SSL_EXPORT|SSL_EXP56,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        56,
        128,
        },
@@ -1218,7 +1218,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_EXPORT|SSL_EXP56,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        56,
        56,
        },
@@ -1234,7 +1234,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_EXPORT|SSL_EXP56,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        56,
        56,
        },
@@ -1250,7 +1250,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_EXPORT|SSL_EXP56,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        56,
        128,
        },
@@ -1266,7 +1266,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_EXPORT|SSL_EXP56,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        56,
        128,
        },
@@ -1282,7 +1282,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_MEDIUM,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1302,7 +1302,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
        },
@@ -1317,7 +1317,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
        },
@@ -1333,7 +1333,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
        },
@@ -1349,7 +1349,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
        },
@@ -1365,7 +1365,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
        },
@@ -1381,7 +1381,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
        },
@@ -1399,7 +1399,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_MEDIUM,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1415,7 +1415,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
        },
@@ -1431,7 +1431,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1447,7 +1447,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
        },
@@ -1467,7 +1467,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_MEDIUM,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1483,7 +1483,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_MEDIUM,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1499,7 +1499,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_MEDIUM,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1515,7 +1515,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_MEDIUM,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1531,7 +1531,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_MEDIUM,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1547,7 +1547,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_MEDIUM,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1566,7 +1566,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_STRONG_NONE,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
        0,
        },
@@ -1582,7 +1582,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_MEDIUM,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1598,7 +1598,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
        },
@@ -1614,7 +1614,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1630,7 +1630,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
        },
@@ -1646,7 +1646,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_STRONG_NONE,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
        0,
        },
@@ -1662,7 +1662,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_MEDIUM,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1678,7 +1678,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
        },
@@ -1694,7 +1694,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1710,7 +1710,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
        },
@@ -1726,7 +1726,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_STRONG_NONE,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
        0,
        },
@@ -1742,7 +1742,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_MEDIUM,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1758,7 +1758,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
        },
@@ -1774,7 +1774,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1790,7 +1790,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
        },
@@ -1806,7 +1806,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_STRONG_NONE,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
        0,
        },
@@ -1822,7 +1822,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_MEDIUM,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1838,7 +1838,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
        },
@@ -1854,7 +1854,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1870,7 +1870,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
        },
@@ -1886,7 +1886,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_STRONG_NONE,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
        0,
        },
@@ -1902,7 +1902,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_MEDIUM,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1918,7 +1918,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
        },
@@ -1934,7 +1934,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
        },
@@ -1950,7 +1950,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_SHA1,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
        },
@@ -1968,7 +1968,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_MD5,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
        },
@@ -1982,7 +1982,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_GOST94,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256
        },
@@ -1996,7 +1996,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_GOST89MAC,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       0,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256
        },
@@ -2010,7 +2010,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_GOST89MAC,
        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-       TLS1_STREAM_MAC,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
        256,
        256
        },
@@ -2067,8 +2067,6 @@ int ssl3_new(SSL *s)
 
        if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
        memset(s3,0,sizeof *s3);
-       EVP_MD_CTX_init(&s3->finish_dgst1);
-       EVP_MD_CTX_init(&s3->finish_dgst2);
        memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
        memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
 
@@ -2103,9 +2101,10 @@ void ssl3_free(SSL *s)
 
        if (s->s3->tmp.ca_names != NULL)
                sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
-       EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
-       EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
-
+       if (s->s3->handshake_buffer) {
+               BIO_free(s->s3->handshake_buffer);
+       }
+       if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
        OPENSSL_cleanse(s->s3,sizeof *s->s3);
        OPENSSL_free(s->s3);
        s->s3=NULL;
@@ -2138,10 +2137,12 @@ void ssl3_clear(SSL *s)
        wp = s->s3->wbuf.buf;
        rlen = s->s3->rbuf.len;
        wlen = s->s3->wbuf.len;
-
-       EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
-       EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
-
+       if (s->s3->handshake_buffer) {
+               BIO_free(s->s3->handshake_buffer);
+       }
+       if (s->s3->handshake_dgst) {
+               ssl3_free_digest_list(s);
+       }       
        memset(s->s3,0,sizeof *s->s3);
        s->s3->rbuf.buf = rp;
        s->s3->wbuf.buf = wp;
index 58f2845..06b4412 100644 (file)
@@ -1307,8 +1307,6 @@ int ssl3_do_change_cipher_spec(SSL *s)
                }
 
        s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
-               &(s->s3->finish_dgst1),
-               &(s->s3->finish_dgst2),
                sender,slen,s->s3->tmp.peer_finish_md);
 
        return(1);
index 17ee4da..697ab72 100644 (file)
@@ -502,12 +502,15 @@ int ssl3_accept(SSL *s)
 
                                /* We need to get hashes here so if there is
                                 * a client cert, it can be verified
+                                * FIXME - digest processing for CertificateVerify
+                                * should be generalized. But it is next step
                                 */
+                                                               
                                s->method->ssl3_enc->cert_verify_mac(s,
-                                   &(s->s3->finish_dgst1),
+                                       NID_md5,
                                    &(s->s3->tmp.cert_verify_md[0]));
                                s->method->ssl3_enc->cert_verify_mac(s,
-                                   &(s->s3->finish_dgst2),
+                                       NID_sha1,
                                    &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
                                }
                        break;
@@ -1026,6 +1029,7 @@ int ssl3_get_client_hello(SSL *s)
                        goto f_err;
                        }
                s->s3->tmp.new_cipher=c;
+               ssl3_digest_cached_records(s);
                }
        else
                {
@@ -1056,6 +1060,9 @@ int ssl3_get_client_hello(SSL *s)
                else
 #endif
                s->s3->tmp.new_cipher=s->session->cipher;
+               /* Clear cached handshake records */
+               BIO_free(s->s3->handshake_buffer);
+               s->s3->handshake_buffer = NULL;
                }
        
        /* we now have the following setup. 
index 3f3be39..43046f5 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1868,7 +1868,10 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT           276
 #define SSL_F_TLS1_SETUP_KEY_BLOCK                      211
 #define SSL_F_WRITE_PENDING                             212
-
+#define SSL_F_TLS1_FINAL_FINISH_MAC            283
+#define SSL_F_TLS1_PRF                         284
+#define SSL_F_SSL3_HANDSHAKE_MAC    285
+#define SSL_F_TLS1_CERT_VERIFY_MAC  286
 /* Reason codes. */
 #define SSL_R_APP_DATA_IN_HANDSHAKE                     100
 #define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
@@ -2123,6 +2126,8 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_WRONG_VERSION_NUMBER                      267
 #define SSL_R_X509_LIB                                  268
 #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS          269
+#define SSL_R_UNSUPPORTED_DIGEST_TYPE  270
+#define SSL_R_NO_REQUIRED_DIGEST 324
 
 #ifdef  __cplusplus
 }
index 71ba306..0543cb2 100644 (file)
@@ -419,9 +419,11 @@ typedef struct ssl3_state_st
        const unsigned char *wpend_buf;
 
        /* used during startup, digest all incoming/outgoing packets */
-       EVP_MD_CTX finish_dgst1;
-       EVP_MD_CTX finish_dgst2;
-
+       BIO *handshake_buffer;
+       /* When set of handshake digests is determined, buffer is hashed
+        * and freed and MD_CTX-es for all required digests are stored in
+        * this array */
+       EVP_MD_CTX **handshake_dgst;
        /* this is set whenerver we see a change_cipher_spec message
         * come in when we are not looking for one */
        int change_cipher_spec;
index d2e648b..e573025 100644 (file)
@@ -175,7 +175,10 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
 #define SSL_MD_SHA1_IDX        1
 #define SSL_MD_GOST94_IDX 2
 #define SSL_MD_GOST89MAC_IDX 3
-#define SSL_MD_NUM_IDX 4
+/*Constant SSL_MAX_DIGEST equal to size of digests array should be 
+ * defined in the
+ * ssl_locl.h */
+#define SSL_MD_NUM_IDX SSL_MAX_DIGEST 
 static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
        NULL,NULL,NULL,NULL
        };
@@ -191,6 +194,11 @@ static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
        0,0,0,0
        };
 
+static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
+       SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
+       SSL_HANDSHAKE_MAC_GOST94,0
+       };
+
 #define CIPHER_ADD     1
 #define CIPHER_KILL    2
 #define CIPHER_DEL     3
@@ -299,6 +307,22 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_MEDIUM,0,  0,0,0,0,0,SSL_MEDIUM,0,0,0},
        {0,SSL_TXT_HIGH,0,    0,0,0,0,0,SSL_HIGH,  0,0,0},
        };
+/* Search for public key algorithm with given name and 
+ * return its pkey_id if it is available. Otherwise return 0
+ */
+static int get_optional_pkey_id(const char *pkey_name)
+       {
+       const EVP_PKEY_ASN1_METHOD *ameth;
+       ENGINE *tmpeng = NULL;
+       int pkey_id=0;
+       ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1);
+       if (ameth) 
+               {
+               EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
+               }               
+       if (tmpeng) ENGINE_finish(tmpeng);      
+       return pkey_id;
+       }
 
 void ssl_load_ciphers(void)
        {
@@ -346,19 +370,10 @@ void ssl_load_ciphers(void)
                }
        ssl_digest_methods[SSL_MD_GOST89MAC_IDX]=
                EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
-               {
-               const EVP_PKEY_ASN1_METHOD *ameth;
-               ENGINE *tmpeng = NULL;
-               int pkey_id;
-               ameth = EVP_PKEY_asn1_find_str(&tmpeng,"gost-mac",-1);
-               if (ameth) 
-                       {
-                       EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
-                       ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]= pkey_id;
+               ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
+               if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
                        ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32;
-                       }               
-               if (tmpeng) ENGINE_finish(tmpeng);      
-               }
+               }               
 
        }
 #ifndef OPENSSL_NO_COMP
@@ -534,6 +549,18 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                return(0);
        }
 
+int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) 
+{
+       if (idx <0||idx>=SSL_MD_NUM_IDX) 
+               {
+               return 0;
+               }
+       if (ssl_handshake_digest_flag[idx]==0) return 0;
+       *mask = ssl_handshake_digest_flag[idx];
+       *md = ssl_digest_methods[idx];
+       return 1;
+}
+
 #define ITEM_SEP(a) \
        (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
 
@@ -605,9 +632,23 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un
        *mkey |= SSL_kPSK;
        *auth |= SSL_aPSK;
 #endif
+       /* Check for presence of GOST 34.10 algorithms, and if they
+        * do not present, disable  appropriate auth and key exchange */
+       if (!get_optional_pkey_id("gost94")) {
+               *auth |= SSL_aGOST94;
+       }
+       if (!get_optional_pkey_id("gost2001")) {
+               *auth |= SSL_aGOST01;
+       }
+       /* Disable GOST key exchange if no GOST signature algs are available * */
+       if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) {
+               *mkey |= SSL_kGOST;
+       }       
 #ifdef SSL_FORBID_ENULL
        *enc |= SSL_eNULL;
 #endif
+               
+
 
        *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
        *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
index 6520cda..8d66d75 100644 (file)
@@ -255,6 +255,10 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT),      "TLS1_PREPARE_SERVERHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
 {ERR_FUNC(SSL_F_WRITE_PENDING),        "WRITE_PENDING"},
+{ERR_FUNC(SSL_F_TLS1_FINAL_FINISH_MAC),"tls1_final_finish_mac"},
+{ERR_FUNC(SSL_F_TLS1_PRF),"tls1_prf"},
+{ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC),"ssl3_handshake_mac"},
+{ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC),"tls1_cert_verify_mac"},
 {0,NULL}
        };
 
@@ -513,6 +517,8 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER)  ,"wrong version number"},
 {ERR_REASON(SSL_R_X509_LIB)              ,"x509 lib"},
 {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"},
+{ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE),"unsupported digest type"},
+{ERR_REASON(SSL_R_NO_REQUIRED_DIGEST),"digest requred for handshake isn't computed"},
 {0,NULL}
        };
 
index 12b8f3b..01c29db 100644 (file)
@@ -165,9 +165,9 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={
        ssl_undefined_function,
        (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
        (int (*)(SSL*, int))ssl_undefined_function,
-       (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function,
+       (int (*)(SSL *,  const char*, int, unsigned char *))ssl_undefined_function,
        0,      /* finish_mac_length */
-       (int (*)(SSL *, EVP_MD_CTX *, unsigned char *))ssl_undefined_function,
+       (int (*)(SSL *, const EVP_MD *, unsigned char *))ssl_undefined_function,
        NULL,   /* client_finished_label */
        0,      /* client_finished_label_len */
        NULL,   /* server_finished_label */
index 5bed397..2f8f0f8 100644 (file)
 #define SSL_kECDHe             0x00000040L /* ECDH cert, ECDSA CA cert */
 #define SSL_kEECDH             0x00000080L /* ephemeral ECDH */
 #define SSL_kPSK               0x00000100L /* PSK */
-
+#define SSL_kGOST       0x00000200L /* GOST key exchange */
 
 /* Bits for algorithm_auth (server authentication) */
 #define SSL_aRSA               0x00000001L /* RSA auth */
 #define SSL_aKRB5               0x00000020L /* KRB5 auth */
 #define SSL_aECDSA              0x00000040L /* ECDSA auth*/
 #define SSL_aPSK                0x00000080L /* PSK auth */
+#define SSL_aGOST94                            0x00000100L /* GOST R 34.10-94 signature auth */
+#define SSL_aGOST01                    0x00000200L /* GOST R 34.10-2001 signature auth */
 
 
 /* Bits for algorithm_enc (symmetric encryption) */
 #define SSL_SSLV3              0x00000002L
 #define SSL_TLSV1              SSL_SSLV3       /* for now */
 
+/* Bits for algorithm2 (handshake digests) */
+
+#define SSL_HANDSHAKE_MAC_MD5 0x10
+#define SSL_HANDSHAKE_MAC_SHA 0x20
+#define SSL_HANDSHAKE_MAC_GOST94 0x40
+#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
+
+
+/* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX
+ * make sure to update this constant too */
+#define SSL_MAX_DIGEST 4
+
 
+#define TLS1_PRF_DGST_SHIFT 8
+#define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT)
+#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
+#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
+#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
 /*
  * Export and cipher strength information. For each cipher we have to decide
  * whether it is exportable or not. This information is likely to change
 #define SSL_PKEY_DH_RSA                3
 #define SSL_PKEY_DH_DSA                4
 #define SSL_PKEY_ECC            5
-#define SSL_PKEY_NUM           6
+#define SSL_PKEY_GOST94                6
+#define SSL_PKEY_GOST01                7
+#define SSL_PKEY_NUM           8
 
 /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
  *         <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
@@ -516,9 +537,9 @@ typedef struct ssl3_enc_method
        int (*setup_key_block)(SSL *);
        int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
        int (*change_cipher_state)(SSL *, int);
-       int (*final_finish_mac)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char *, int, unsigned char *);
+       int (*final_finish_mac)(SSL *,  const char *, int, unsigned char *);
        int finish_mac_length;
-       int (*cert_verify_mac)(SSL *, EVP_MD_CTX *, unsigned char *);
+       int (*cert_verify_mac)(SSL *, int, unsigned char *);
        const char *client_finished_label;
        int client_finished_label_len;
        const char *server_finished_label;
@@ -755,6 +776,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
 void ssl_update_cache(SSL *s, int mode);
 int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
                       const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp);
+int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);                         
 int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
 int ssl_undefined_function(SSL *s);
 int ssl_undefined_void_function(void);
@@ -820,16 +842,17 @@ int ssl3_renegotiate_check(SSL *ssl);
 int ssl3_dispatch_alert(SSL *s);
 int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
 int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
-       const char *sender, int slen,unsigned char *p);
-int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
+int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,unsigned char *p);
+int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
 int ssl3_enc(SSL *s, int send_data);
 int ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
+void ssl3_free_digest_list(SSL *s);
 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
 SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
                               STACK_OF(SSL_CIPHER) *srvr);
 int    ssl3_setup_buffers(SSL *s);
+void ssl3_digest_cached_records(SSL *s);
 int    ssl3_new(SSL *s);
 void   ssl3_free(SSL *s);
 int    ssl3_accept(SSL *s);
@@ -957,9 +980,9 @@ void ssl_free_wbio_buffer(SSL *s);
 int tls1_change_cipher_state(SSL *s, int which);
 int tls1_setup_key_block(SSL *s);
 int tls1_enc(SSL *s, int snd);
-int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
+int tls1_final_finish_mac(SSL *s,
        const char *str, int slen, unsigned char *p);
-int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
+int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
 int tls1_mac(SSL *ssl, unsigned char *md, int snd);
 int tls1_generate_master_secret(SSL *s, unsigned char *out,
        unsigned char *p, int len);
index 7a4e2ce..80cfe44 100644 (file)
@@ -190,27 +190,41 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
        OPENSSL_cleanse(A1,sizeof(A1));
        }
 
-static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
+static void tls1_PRF(long digest_mask,
                     unsigned char *label, int label_len,
                     const unsigned char *sec, int slen, unsigned char *out1,
                     unsigned char *out2, int olen)
        {
-       int len,i;
-       const unsigned char *S1,*S2;
-
-       len=slen/2;
+       int len,i,idx,count;
+       const unsigned char *S1;
+       long m;
+       const EVP_MD *md;
+
+       /* Count number of digests and divide sec evenly */
+       count=0;
+       for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) {
+               if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) count++;
+       }       
+       len=slen/count;
        S1=sec;
-       S2= &(sec[len]);
-       len+=(slen&1); /* add for odd, make longer */
-
-       
-       tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
-       tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
-
-       for (i=0; i<olen; i++)
-               out1[i]^=out2[i];
+       memset(out1,0,olen);
+       for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) {
+               if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) {
+                       if (!md) {
+                               SSLerr(SSL_F_TLS1_PRF,
+                               SSL_R_UNSUPPORTED_DIGEST_TYPE);
+                               return;                         
+                       }
+                       tls1_P_hash(md ,S1,len+(slen&1),label,label_len,out2,olen);
+                       S1+=len;
+                       for (i=0; i<olen; i++)
+                       {
+                               out1[i]^=out2[i];
+                       }
+               }
        }
 
+}
 static void tls1_generate_key_block(SSL *s, unsigned char *km,
             unsigned char *tmp, int num)
        {
@@ -227,7 +241,7 @@ static void tls1_generate_key_block(SSL *s, unsigned char *km,
        memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
        p+=SSL3_RANDOM_SIZE;
 
-       tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
+       tls1_PRF(s->s3->tmp.new_cipher->algorithm2,buf,(int)(p-buf),
                 s->session->master_key,s->session->master_key_length,
                 km,tmp,num);
 #ifdef KSSL_DEBUG
@@ -436,7 +450,7 @@ printf("which = %04X\nmac key=",which);
                p+=SSL3_RANDOM_SIZE;
                memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
                p+=SSL3_RANDOM_SIZE;
-               tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
+               tls1_PRF(s->s3->tmp.new_cipher->algorithm2,buf,(int)(p-buf),key,j,
                         tmp1,tmp2,EVP_CIPHER_key_length(c));
                key=tmp1;
 
@@ -450,7 +464,7 @@ printf("which = %04X\nmac key=",which);
                        p+=SSL3_RANDOM_SIZE;
                        memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
                        p+=SSL3_RANDOM_SIZE;
-                       tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0,
+                       tls1_PRF(s->s3->tmp.new_cipher->algorithm2,buf,p-buf,empty,0,
                                 iv1,iv2,k*2);
                        if (client_write)
                                iv=iv1;
@@ -720,40 +734,63 @@ int tls1_enc(SSL *s, int send)
                }
        return(1);
        }
-
-int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
+int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
        {
        unsigned int ret;
-       EVP_MD_CTX ctx;
+       EVP_MD_CTX ctx, *d=NULL;
+       int i;
+
+       if (s->s3->handshake_buffer) 
+               ssl3_digest_cached_records(s);
+       for (i=0;i<SSL_MAX_DIGEST;i++) 
+               {
+                 if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid) 
+                       {
+                       d=s->s3->handshake_dgst[i];
+                       break;
+                       }
+               }
+       if (!d) {
+               SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC,SSL_R_NO_REQUIRED_DIGEST);
+               return 0;
+       }       
 
        EVP_MD_CTX_init(&ctx);
-       EVP_MD_CTX_copy_ex(&ctx,in_ctx);
+       EVP_MD_CTX_copy_ex(&ctx,d);
        EVP_DigestFinal_ex(&ctx,out,&ret);
        EVP_MD_CTX_cleanup(&ctx);
        return((int)ret);
        }
 
-int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
+int tls1_final_finish_mac(SSL *s,
             const char *str, int slen, unsigned char *out)
        {
        unsigned int i;
        EVP_MD_CTX ctx;
        unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
        unsigned char *q,buf2[12];
+       int idx;
+       long mask;
+       const EVP_MD *md; 
 
        q=buf;
        memcpy(q,str,slen);
        q+=slen;
 
        EVP_MD_CTX_init(&ctx);
-       EVP_MD_CTX_copy_ex(&ctx,in1_ctx);
-       EVP_DigestFinal_ex(&ctx,q,&i);
-       q+=i;
-       EVP_MD_CTX_copy_ex(&ctx,in2_ctx);
-       EVP_DigestFinal_ex(&ctx,q,&i);
-       q+=i;
-
-       tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
+
+       if (s->s3->handshake_buffer) 
+               ssl3_digest_cached_records(s);
+
+       for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++) {
+               if (mask & s->s3->tmp.new_cipher->algorithm2) {
+                       EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
+                       EVP_DigestFinal_ex(&ctx,q,&i);
+                       q+=i;
+               }
+       }
+
+       tls1_PRF(s->s3->tmp.new_cipher->algorithm2,buf,(int)(q-buf),
                s->session->master_key,s->session->master_key_length,
                out,buf2,sizeof buf2);
        EVP_MD_CTX_cleanup(&ctx);
@@ -853,7 +890,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
                s->s3->client_random,SSL3_RANDOM_SIZE);
        memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]),
                s->s3->server_random,SSL3_RANDOM_SIZE);
-       tls1_PRF(s->ctx->md5,s->ctx->sha1,
+       tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
                buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
                s->session->master_key,buff,sizeof buff);
 #ifdef KSSL_DEBUG
index bf802d9..f55ab3d 100644 (file)
@@ -420,6 +420,7 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
 /* Stream MAC for GOST ciphersuites from cryptopro draft */
 #define TLS1_STREAM_MAC 0x04
 
+
 #define TLS_CT_RSA_SIGN                        1
 #define TLS_CT_DSS_SIGN                        2
 #define TLS_CT_RSA_FIXED_DH            3
index 8f7548b..3c0bf88 100755 (executable)
@@ -239,17 +239,17 @@ SSL_CTX_sess_get_new_cb                 287       EXIST::FUNCTION:
 SSL_CTX_get_client_cert_cb              288    EXIST::FUNCTION:
 SSL_CTX_sess_get_remove_cb              289    EXIST::FUNCTION:
 SSL_set_SSL_CTX                         290    EXIST::FUNCTION:
-SSL_get_servername                      291    EXIST::FUNCTION:TLSEXT
-SSL_get_servername_type                 292    EXIST::FUNCTION:TLSEXT
-SSL_CTX_use_psk_identity_hint           293    EXIST::FUNCTION:PSK
-SSL_CTX_set_psk_client_callback         294    EXIST::FUNCTION:PSK
-PEM_write_bio_SSL_SESSION               295    EXIST::FUNCTION:
-SSL_get_psk_identity_hint               296    EXIST::FUNCTION:PSK
-SSL_set_psk_server_callback             297    EXIST::FUNCTION:PSK
-SSL_use_psk_identity_hint               298    EXIST::FUNCTION:PSK
-SSL_set_psk_client_callback             299    EXIST::FUNCTION:PSK
-PEM_read_SSL_SESSION                    300    EXIST:!WIN16:FUNCTION:
-PEM_read_bio_SSL_SESSION                301    EXIST::FUNCTION:
-SSL_CTX_set_psk_server_callback         302    EXIST::FUNCTION:PSK
-SSL_get_psk_identity                    303    EXIST::FUNCTION:PSK
+SSL_CTX_use_psk_identity_hint           291    EXIST::FUNCTION:PSK
+SSL_CTX_set_psk_client_callback         292    EXIST::FUNCTION:PSK
+SSL_get_psk_identity_hint               293    EXIST::FUNCTION:PSK
+SSL_set_psk_server_callback             294    EXIST::FUNCTION:PSK
+SSL_use_psk_identity_hint               295    EXIST::FUNCTION:PSK
+SSL_set_psk_client_callback             296    EXIST::FUNCTION:PSK
+SSL_get_servername                      297    EXIST::FUNCTION:TLSEXT
+SSL_get_servername_type                 298    EXIST::FUNCTION:TLSEXT
+SSL_CTX_set_psk_server_callback         299    EXIST::FUNCTION:PSK
+SSL_get_psk_identity                    300    EXIST::FUNCTION:PSK
+PEM_write_bio_SSL_SESSION               301    EXIST::FUNCTION:
+PEM_read_SSL_SESSION                    302    EXIST:!WIN16:FUNCTION:
+PEM_read_bio_SSL_SESSION                303    EXIST::FUNCTION:
 PEM_write_SSL_SESSION                   304    EXIST:!WIN16:FUNCTION: