1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/ossrv/ssl/libssl/src/s3_lib.c Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,2279 @@
1.4 +/* ssl/s3_lib.c */
1.5 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
1.6 + * All rights reserved.
1.7 + *
1.8 + * This package is an SSL implementation written
1.9 + * by Eric Young (eay@cryptsoft.com).
1.10 + * The implementation was written so as to conform with Netscapes SSL.
1.11 + *
1.12 + * This library is free for commercial and non-commercial use as long as
1.13 + * the following conditions are aheared to. The following conditions
1.14 + * apply to all code found in this distribution, be it the RC4, RSA,
1.15 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
1.16 + * included with this distribution is covered by the same copyright terms
1.17 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
1.18 + *
1.19 + * Copyright remains Eric Young's, and as such any Copyright notices in
1.20 + * the code are not to be removed.
1.21 + * If this package is used in a product, Eric Young should be given attribution
1.22 + * as the author of the parts of the library used.
1.23 + * This can be in the form of a textual message at program startup or
1.24 + * in documentation (online or textual) provided with the package.
1.25 + *
1.26 + * Redistribution and use in source and binary forms, with or without
1.27 + * modification, are permitted provided that the following conditions
1.28 + * are met:
1.29 + * 1. Redistributions of source code must retain the copyright
1.30 + * notice, this list of conditions and the following disclaimer.
1.31 + * 2. Redistributions in binary form must reproduce the above copyright
1.32 + * notice, this list of conditions and the following disclaimer in the
1.33 + * documentation and/or other materials provided with the distribution.
1.34 + * 3. All advertising materials mentioning features or use of this software
1.35 + * must display the following acknowledgement:
1.36 + * "This product includes cryptographic software written by
1.37 + * Eric Young (eay@cryptsoft.com)"
1.38 + * The word 'cryptographic' can be left out if the rouines from the library
1.39 + * being used are not cryptographic related :-).
1.40 + * 4. If you include any Windows specific code (or a derivative thereof) from
1.41 + * the apps directory (application code) you must include an acknowledgement:
1.42 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
1.43 + *
1.44 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
1.45 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.46 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1.47 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1.48 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1.49 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1.50 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.51 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1.52 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1.53 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1.54 + * SUCH DAMAGE.
1.55 + *
1.56 + * The licence and distribution terms for any publically available version or
1.57 + * derivative of this code cannot be changed. i.e. this code cannot simply be
1.58 + * copied and put under another distribution licence
1.59 + * [including the GNU Public Licence.]
1.60 + */
1.61 +/* ====================================================================
1.62 + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
1.63 + *
1.64 + * Redistribution and use in source and binary forms, with or without
1.65 + * modification, are permitted provided that the following conditions
1.66 + * are met:
1.67 + *
1.68 + * 1. Redistributions of source code must retain the above copyright
1.69 + * notice, this list of conditions and the following disclaimer.
1.70 + *
1.71 + * 2. Redistributions in binary form must reproduce the above copyright
1.72 + * notice, this list of conditions and the following disclaimer in
1.73 + * the documentation and/or other materials provided with the
1.74 + * distribution.
1.75 + *
1.76 + * 3. All advertising materials mentioning features or use of this
1.77 + * software must display the following acknowledgment:
1.78 + * "This product includes software developed by the OpenSSL Project
1.79 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
1.80 + *
1.81 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
1.82 + * endorse or promote products derived from this software without
1.83 + * prior written permission. For written permission, please contact
1.84 + * openssl-core@openssl.org.
1.85 + *
1.86 + * 5. Products derived from this software may not be called "OpenSSL"
1.87 + * nor may "OpenSSL" appear in their names without prior written
1.88 + * permission of the OpenSSL Project.
1.89 + *
1.90 + * 6. Redistributions of any form whatsoever must retain the following
1.91 + * acknowledgment:
1.92 + * "This product includes software developed by the OpenSSL Project
1.93 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
1.94 + *
1.95 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
1.96 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.97 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
1.98 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
1.99 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1.100 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
1.101 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
1.102 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.103 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1.104 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1.105 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1.106 + * OF THE POSSIBILITY OF SUCH DAMAGE.
1.107 + * ====================================================================
1.108 + *
1.109 + * This product includes cryptographic software written by Eric Young
1.110 + * (eay@cryptsoft.com). This product includes software written by Tim
1.111 + * Hudson (tjh@cryptsoft.com).
1.112 + *
1.113 + */
1.114 +/* ====================================================================
1.115 + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
1.116 + *
1.117 + * Portions of the attached software ("Contribution") are developed by
1.118 + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
1.119 + *
1.120 + * The Contribution is licensed pursuant to the OpenSSL open source
1.121 + * license provided above.
1.122 + *
1.123 + * ECC cipher suite support in OpenSSL originally written by
1.124 + * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
1.125 + *
1.126 + */
1.127 +/*
1.128 + © Portions copyright (c) 2006 Nokia Corporation. All rights reserved.
1.129 + */
1.130 +
1.131 +#include <stdio.h>
1.132 +#include <openssl/objects.h>
1.133 +#include "ssl_locl.h"
1.134 +#include "kssl_lcl.h"
1.135 +#include <openssl/md5.h>
1.136 +#ifndef OPENSSL_NO_DH
1.137 +#include <openssl/dh.h>
1.138 +#endif
1.139 +#include <openssl/pq_compat.h>
1.140 +
1.141 +#if (defined(SYMBIAN) && (defined(__WINSCW__) || defined(__WINS__)))
1.142 +#include "libssl_wsd.h"
1.143 +#endif
1.144 +
1.145 +
1.146 +#ifdef EMULATOR
1.147 +
1.148 + GET_STATIC_VAR_FROM_TLS(sslv3_base_method_data,s3_lib,SSL_METHOD)
1.149 +
1.150 + #define sslv3_base_method_data (*GET_WSD_VAR_NAME(sslv3_base_method_data,s3_lib,s)())
1.151 +
1.152 +#endif
1.153 +
1.154 +const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
1.155 +
1.156 +#ifndef EMULATOR
1.157 +#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
1.158 +/* #else */
1.159 +/* #define SSL3_NUM_CIPHERS 87 /* Defined in libssl_wsd.h */
1.160 +#endif
1.161 +
1.162 +
1.163 +/* list of available SSLv3 ciphers (sorted by id) */
1.164 +
1.165 +#ifdef EMULATOR
1.166 +
1.167 + GET_GLOBAL_ARRAY_FROM_TLS(ssl3_ciphers,s3_lib,SSL_CIPHER)
1.168 +
1.169 + #define ssl3_ciphers (GET_WSD_VAR_NAME(ssl3_ciphers,s3_lib,g)())
1.170 +
1.171 +#endif
1.172 +
1.173 +
1.174 +#ifndef EMULATOR
1.175 +OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1.176 +#else
1.177 +OPENSSL_GLOBAL const SSL_CIPHER temp_ssl3_ciphers[]={
1.178 +#endif
1.179 +/* The RSA ciphers */
1.180 +/* Cipher 01 */
1.181 + {
1.182 + 1,
1.183 + SSL3_TXT_RSA_NULL_MD5,
1.184 + SSL3_CK_RSA_NULL_MD5,
1.185 + SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
1.186 + SSL_NOT_EXP|SSL_STRONG_NONE,
1.187 + 0,
1.188 + 0,
1.189 + 0,
1.190 + SSL_ALL_CIPHERS,
1.191 + SSL_ALL_STRENGTHS,
1.192 + },
1.193 +/* Cipher 02 */
1.194 + {
1.195 + 1,
1.196 + SSL3_TXT_RSA_NULL_SHA,
1.197 + SSL3_CK_RSA_NULL_SHA,
1.198 + SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
1.199 + SSL_NOT_EXP|SSL_STRONG_NONE,
1.200 + 0,
1.201 + 0,
1.202 + 0,
1.203 + SSL_ALL_CIPHERS,
1.204 + SSL_ALL_STRENGTHS,
1.205 + },
1.206 +/* Cipher 03 */
1.207 + {
1.208 + 1,
1.209 + SSL3_TXT_RSA_RC4_40_MD5,
1.210 + SSL3_CK_RSA_RC4_40_MD5,
1.211 + SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
1.212 + SSL_EXPORT|SSL_EXP40,
1.213 + 0,
1.214 + 40,
1.215 + 128,
1.216 + SSL_ALL_CIPHERS,
1.217 + SSL_ALL_STRENGTHS,
1.218 + },
1.219 +/* Cipher 04 */
1.220 + {
1.221 + 1,
1.222 + SSL3_TXT_RSA_RC4_128_MD5,
1.223 + SSL3_CK_RSA_RC4_128_MD5,
1.224 + SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_SSLV3,
1.225 + SSL_NOT_EXP|SSL_MEDIUM,
1.226 + 0,
1.227 + 128,
1.228 + 128,
1.229 + SSL_ALL_CIPHERS,
1.230 + SSL_ALL_STRENGTHS,
1.231 + },
1.232 +/* Cipher 05 */
1.233 + {
1.234 + 1,
1.235 + SSL3_TXT_RSA_RC4_128_SHA,
1.236 + SSL3_CK_RSA_RC4_128_SHA,
1.237 + SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3,
1.238 + SSL_NOT_EXP|SSL_MEDIUM,
1.239 + 0,
1.240 + 128,
1.241 + 128,
1.242 + SSL_ALL_CIPHERS,
1.243 + SSL_ALL_STRENGTHS,
1.244 + },
1.245 +/* Cipher 06 */
1.246 + {
1.247 + 1,
1.248 + SSL3_TXT_RSA_RC2_40_MD5,
1.249 + SSL3_CK_RSA_RC2_40_MD5,
1.250 + SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_SSLV3,
1.251 + SSL_EXPORT|SSL_EXP40,
1.252 + 0,
1.253 + 40,
1.254 + 128,
1.255 + SSL_ALL_CIPHERS,
1.256 + SSL_ALL_STRENGTHS,
1.257 + },
1.258 +/* Cipher 07 */
1.259 +#ifndef OPENSSL_NO_IDEA
1.260 + {
1.261 + 1,
1.262 + SSL3_TXT_RSA_IDEA_128_SHA,
1.263 + SSL3_CK_RSA_IDEA_128_SHA,
1.264 + SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3,
1.265 + SSL_NOT_EXP|SSL_MEDIUM,
1.266 + 0,
1.267 + 128,
1.268 + 128,
1.269 + SSL_ALL_CIPHERS,
1.270 + SSL_ALL_STRENGTHS,
1.271 + },
1.272 +#endif
1.273 +/* Cipher 08 */
1.274 + {
1.275 + 1,
1.276 + SSL3_TXT_RSA_DES_40_CBC_SHA,
1.277 + SSL3_CK_RSA_DES_40_CBC_SHA,
1.278 + SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
1.279 + SSL_EXPORT|SSL_EXP40,
1.280 + 0,
1.281 + 40,
1.282 + 56,
1.283 + SSL_ALL_CIPHERS,
1.284 + SSL_ALL_STRENGTHS,
1.285 + },
1.286 +/* Cipher 09 */
1.287 + {
1.288 + 1,
1.289 + SSL3_TXT_RSA_DES_64_CBC_SHA,
1.290 + SSL3_CK_RSA_DES_64_CBC_SHA,
1.291 + SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
1.292 + SSL_NOT_EXP|SSL_LOW,
1.293 + 0,
1.294 + 56,
1.295 + 56,
1.296 + SSL_ALL_CIPHERS,
1.297 + SSL_ALL_STRENGTHS,
1.298 + },
1.299 +/* Cipher 0A */
1.300 + {
1.301 + 1,
1.302 + SSL3_TXT_RSA_DES_192_CBC3_SHA,
1.303 + SSL3_CK_RSA_DES_192_CBC3_SHA,
1.304 + SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
1.305 + SSL_NOT_EXP|SSL_HIGH,
1.306 + 0,
1.307 + 168,
1.308 + 168,
1.309 + SSL_ALL_CIPHERS,
1.310 + SSL_ALL_STRENGTHS,
1.311 + },
1.312 +/* The DH ciphers */
1.313 +/* Cipher 0B */
1.314 + {
1.315 + 0,
1.316 + SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
1.317 + SSL3_CK_DH_DSS_DES_40_CBC_SHA,
1.318 + SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
1.319 + SSL_EXPORT|SSL_EXP40,
1.320 + 0,
1.321 + 40,
1.322 + 56,
1.323 + SSL_ALL_CIPHERS,
1.324 + SSL_ALL_STRENGTHS,
1.325 + },
1.326 +/* Cipher 0C */
1.327 + {
1.328 + 0,
1.329 + SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
1.330 + SSL3_CK_DH_DSS_DES_64_CBC_SHA,
1.331 + SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
1.332 + SSL_NOT_EXP|SSL_LOW,
1.333 + 0,
1.334 + 56,
1.335 + 56,
1.336 + SSL_ALL_CIPHERS,
1.337 + SSL_ALL_STRENGTHS,
1.338 + },
1.339 +/* Cipher 0D */
1.340 + {
1.341 + 0,
1.342 + SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
1.343 + SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
1.344 + SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
1.345 + SSL_NOT_EXP|SSL_HIGH,
1.346 + 0,
1.347 + 168,
1.348 + 168,
1.349 + SSL_ALL_CIPHERS,
1.350 + SSL_ALL_STRENGTHS,
1.351 + },
1.352 +/* Cipher 0E */
1.353 + {
1.354 + 0,
1.355 + SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
1.356 + SSL3_CK_DH_RSA_DES_40_CBC_SHA,
1.357 + SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
1.358 + SSL_EXPORT|SSL_EXP40,
1.359 + 0,
1.360 + 40,
1.361 + 56,
1.362 + SSL_ALL_CIPHERS,
1.363 + SSL_ALL_STRENGTHS,
1.364 + },
1.365 +/* Cipher 0F */
1.366 + {
1.367 + 0,
1.368 + SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
1.369 + SSL3_CK_DH_RSA_DES_64_CBC_SHA,
1.370 + SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
1.371 + SSL_NOT_EXP|SSL_LOW,
1.372 + 0,
1.373 + 56,
1.374 + 56,
1.375 + SSL_ALL_CIPHERS,
1.376 + SSL_ALL_STRENGTHS,
1.377 + },
1.378 +/* Cipher 10 */
1.379 + {
1.380 + 0,
1.381 + SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
1.382 + SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
1.383 + SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
1.384 + SSL_NOT_EXP|SSL_HIGH,
1.385 + 0,
1.386 + 168,
1.387 + 168,
1.388 + SSL_ALL_CIPHERS,
1.389 + SSL_ALL_STRENGTHS,
1.390 + },
1.391 +
1.392 +/* The Ephemeral DH ciphers */
1.393 +/* Cipher 11 */
1.394 + {
1.395 + 1,
1.396 + SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
1.397 + SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
1.398 + SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
1.399 + SSL_EXPORT|SSL_EXP40,
1.400 + 0,
1.401 + 40,
1.402 + 56,
1.403 + SSL_ALL_CIPHERS,
1.404 + SSL_ALL_STRENGTHS,
1.405 + },
1.406 +/* Cipher 12 */
1.407 + {
1.408 + 1,
1.409 + SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
1.410 + SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
1.411 + SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3,
1.412 + SSL_NOT_EXP|SSL_LOW,
1.413 + 0,
1.414 + 56,
1.415 + 56,
1.416 + SSL_ALL_CIPHERS,
1.417 + SSL_ALL_STRENGTHS,
1.418 + },
1.419 +/* Cipher 13 */
1.420 + {
1.421 + 1,
1.422 + SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
1.423 + SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
1.424 + SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
1.425 + SSL_NOT_EXP|SSL_HIGH,
1.426 + 0,
1.427 + 168,
1.428 + 168,
1.429 + SSL_ALL_CIPHERS,
1.430 + SSL_ALL_STRENGTHS,
1.431 + },
1.432 +/* Cipher 14 */
1.433 + {
1.434 + 1,
1.435 + SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
1.436 + SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
1.437 + SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
1.438 + SSL_EXPORT|SSL_EXP40,
1.439 + 0,
1.440 + 40,
1.441 + 56,
1.442 + SSL_ALL_CIPHERS,
1.443 + SSL_ALL_STRENGTHS,
1.444 + },
1.445 +/* Cipher 15 */
1.446 + {
1.447 + 1,
1.448 + SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
1.449 + SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
1.450 + SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
1.451 + SSL_NOT_EXP|SSL_LOW,
1.452 + 0,
1.453 + 56,
1.454 + 56,
1.455 + SSL_ALL_CIPHERS,
1.456 + SSL_ALL_STRENGTHS,
1.457 + },
1.458 +/* Cipher 16 */
1.459 + {
1.460 + 1,
1.461 + SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
1.462 + SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
1.463 + SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
1.464 + SSL_NOT_EXP|SSL_HIGH,
1.465 + 0,
1.466 + 168,
1.467 + 168,
1.468 + SSL_ALL_CIPHERS,
1.469 + SSL_ALL_STRENGTHS,
1.470 + },
1.471 +/* Cipher 17 */
1.472 + {
1.473 + 1,
1.474 + SSL3_TXT_ADH_RC4_40_MD5,
1.475 + SSL3_CK_ADH_RC4_40_MD5,
1.476 + SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
1.477 + SSL_EXPORT|SSL_EXP40,
1.478 + 0,
1.479 + 40,
1.480 + 128,
1.481 + SSL_ALL_CIPHERS,
1.482 + SSL_ALL_STRENGTHS,
1.483 + },
1.484 +/* Cipher 18 */
1.485 + {
1.486 + 1,
1.487 + SSL3_TXT_ADH_RC4_128_MD5,
1.488 + SSL3_CK_ADH_RC4_128_MD5,
1.489 + SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
1.490 + SSL_NOT_EXP|SSL_MEDIUM,
1.491 + 0,
1.492 + 128,
1.493 + 128,
1.494 + SSL_ALL_CIPHERS,
1.495 + SSL_ALL_STRENGTHS,
1.496 + },
1.497 +/* Cipher 19 */
1.498 + {
1.499 + 1,
1.500 + SSL3_TXT_ADH_DES_40_CBC_SHA,
1.501 + SSL3_CK_ADH_DES_40_CBC_SHA,
1.502 + SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
1.503 + SSL_EXPORT|SSL_EXP40,
1.504 + 0,
1.505 + 40,
1.506 + 128,
1.507 + SSL_ALL_CIPHERS,
1.508 + SSL_ALL_STRENGTHS,
1.509 + },
1.510 +/* Cipher 1A */
1.511 + {
1.512 + 1,
1.513 + SSL3_TXT_ADH_DES_64_CBC_SHA,
1.514 + SSL3_CK_ADH_DES_64_CBC_SHA,
1.515 + SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3,
1.516 + SSL_NOT_EXP|SSL_LOW,
1.517 + 0,
1.518 + 56,
1.519 + 56,
1.520 + SSL_ALL_CIPHERS,
1.521 + SSL_ALL_STRENGTHS,
1.522 + },
1.523 +/* Cipher 1B */
1.524 + {
1.525 + 1,
1.526 + SSL3_TXT_ADH_DES_192_CBC_SHA,
1.527 + SSL3_CK_ADH_DES_192_CBC_SHA,
1.528 + SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
1.529 + SSL_NOT_EXP|SSL_HIGH,
1.530 + 0,
1.531 + 168,
1.532 + 168,
1.533 + SSL_ALL_CIPHERS,
1.534 + SSL_ALL_STRENGTHS,
1.535 + },
1.536 +
1.537 +/* Fortezza */
1.538 +/* Cipher 1C */
1.539 + {
1.540 + 0,
1.541 + SSL3_TXT_FZA_DMS_NULL_SHA,
1.542 + SSL3_CK_FZA_DMS_NULL_SHA,
1.543 + SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
1.544 + SSL_NOT_EXP|SSL_STRONG_NONE,
1.545 + 0,
1.546 + 0,
1.547 + 0,
1.548 + SSL_ALL_CIPHERS,
1.549 + SSL_ALL_STRENGTHS,
1.550 + },
1.551 +
1.552 +/* Cipher 1D */
1.553 + {
1.554 + 0,
1.555 + SSL3_TXT_FZA_DMS_FZA_SHA,
1.556 + SSL3_CK_FZA_DMS_FZA_SHA,
1.557 + SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
1.558 + SSL_NOT_EXP|SSL_STRONG_NONE,
1.559 + 0,
1.560 + 0,
1.561 + 0,
1.562 + SSL_ALL_CIPHERS,
1.563 + SSL_ALL_STRENGTHS,
1.564 + },
1.565 +
1.566 +#if 0
1.567 +/* Cipher 1E */
1.568 + {
1.569 + 0,
1.570 + SSL3_TXT_FZA_DMS_RC4_SHA,
1.571 + SSL3_CK_FZA_DMS_RC4_SHA,
1.572 + SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3,
1.573 + SSL_NOT_EXP|SSL_MEDIUM,
1.574 + 0,
1.575 + 128,
1.576 + 128,
1.577 + SSL_ALL_CIPHERS,
1.578 + SSL_ALL_STRENGTHS,
1.579 + },
1.580 +#endif
1.581 +
1.582 +#ifndef OPENSSL_NO_KRB5
1.583 +/* The Kerberos ciphers */
1.584 +/* Cipher 1E */
1.585 + {
1.586 + 1,
1.587 + SSL3_TXT_KRB5_DES_64_CBC_SHA,
1.588 + SSL3_CK_KRB5_DES_64_CBC_SHA,
1.589 + SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
1.590 + SSL_NOT_EXP|SSL_LOW,
1.591 + 0,
1.592 + 56,
1.593 + 56,
1.594 + SSL_ALL_CIPHERS,
1.595 + SSL_ALL_STRENGTHS,
1.596 + },
1.597 +
1.598 +/* Cipher 1F */
1.599 + {
1.600 + 1,
1.601 + SSL3_TXT_KRB5_DES_192_CBC3_SHA,
1.602 + SSL3_CK_KRB5_DES_192_CBC3_SHA,
1.603 + SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3,
1.604 + SSL_NOT_EXP|SSL_HIGH,
1.605 + 0,
1.606 + 168,
1.607 + 168,
1.608 + SSL_ALL_CIPHERS,
1.609 + SSL_ALL_STRENGTHS,
1.610 + },
1.611 +
1.612 +/* Cipher 20 */
1.613 + {
1.614 + 1,
1.615 + SSL3_TXT_KRB5_RC4_128_SHA,
1.616 + SSL3_CK_KRB5_RC4_128_SHA,
1.617 + SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3,
1.618 + SSL_NOT_EXP|SSL_MEDIUM,
1.619 + 0,
1.620 + 128,
1.621 + 128,
1.622 + SSL_ALL_CIPHERS,
1.623 + SSL_ALL_STRENGTHS,
1.624 + },
1.625 +
1.626 +/* Cipher 21 */
1.627 + {
1.628 + 1,
1.629 + SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
1.630 + SSL3_CK_KRB5_IDEA_128_CBC_SHA,
1.631 + SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_SHA1 |SSL_SSLV3,
1.632 + SSL_NOT_EXP|SSL_MEDIUM,
1.633 + 0,
1.634 + 128,
1.635 + 128,
1.636 + SSL_ALL_CIPHERS,
1.637 + SSL_ALL_STRENGTHS,
1.638 + },
1.639 +
1.640 +/* Cipher 22 */
1.641 + {
1.642 + 1,
1.643 + SSL3_TXT_KRB5_DES_64_CBC_MD5,
1.644 + SSL3_CK_KRB5_DES_64_CBC_MD5,
1.645 + SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3,
1.646 + SSL_NOT_EXP|SSL_LOW,
1.647 + 0,
1.648 + 56,
1.649 + 56,
1.650 + SSL_ALL_CIPHERS,
1.651 + SSL_ALL_STRENGTHS,
1.652 + },
1.653 +
1.654 +/* Cipher 23 */
1.655 + {
1.656 + 1,
1.657 + SSL3_TXT_KRB5_DES_192_CBC3_MD5,
1.658 + SSL3_CK_KRB5_DES_192_CBC3_MD5,
1.659 + SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3,
1.660 + SSL_NOT_EXP|SSL_HIGH,
1.661 + 0,
1.662 + 168,
1.663 + 168,
1.664 + SSL_ALL_CIPHERS,
1.665 + SSL_ALL_STRENGTHS,
1.666 + },
1.667 +
1.668 +/* Cipher 24 */
1.669 + {
1.670 + 1,
1.671 + SSL3_TXT_KRB5_RC4_128_MD5,
1.672 + SSL3_CK_KRB5_RC4_128_MD5,
1.673 + SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
1.674 + SSL_NOT_EXP|SSL_MEDIUM,
1.675 + 0,
1.676 + 128,
1.677 + 128,
1.678 + SSL_ALL_CIPHERS,
1.679 + SSL_ALL_STRENGTHS,
1.680 + },
1.681 +
1.682 +/* Cipher 25 */
1.683 + {
1.684 + 1,
1.685 + SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
1.686 + SSL3_CK_KRB5_IDEA_128_CBC_MD5,
1.687 + SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_MD5 |SSL_SSLV3,
1.688 + SSL_NOT_EXP|SSL_MEDIUM,
1.689 + 0,
1.690 + 128,
1.691 + 128,
1.692 + SSL_ALL_CIPHERS,
1.693 + SSL_ALL_STRENGTHS,
1.694 + },
1.695 +
1.696 +/* Cipher 26 */
1.697 + {
1.698 + 1,
1.699 + SSL3_TXT_KRB5_DES_40_CBC_SHA,
1.700 + SSL3_CK_KRB5_DES_40_CBC_SHA,
1.701 + SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
1.702 + SSL_EXPORT|SSL_EXP40,
1.703 + 0,
1.704 + 40,
1.705 + 56,
1.706 + SSL_ALL_CIPHERS,
1.707 + SSL_ALL_STRENGTHS,
1.708 + },
1.709 +
1.710 +/* Cipher 27 */
1.711 + {
1.712 + 1,
1.713 + SSL3_TXT_KRB5_RC2_40_CBC_SHA,
1.714 + SSL3_CK_KRB5_RC2_40_CBC_SHA,
1.715 + SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_SHA1 |SSL_SSLV3,
1.716 + SSL_EXPORT|SSL_EXP40,
1.717 + 0,
1.718 + 40,
1.719 + 128,
1.720 + SSL_ALL_CIPHERS,
1.721 + SSL_ALL_STRENGTHS,
1.722 + },
1.723 +
1.724 +/* Cipher 28 */
1.725 + {
1.726 + 1,
1.727 + SSL3_TXT_KRB5_RC4_40_SHA,
1.728 + SSL3_CK_KRB5_RC4_40_SHA,
1.729 + SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3,
1.730 + SSL_EXPORT|SSL_EXP40,
1.731 + 0,
1.732 + 40,
1.733 + 128,
1.734 + SSL_ALL_CIPHERS,
1.735 + SSL_ALL_STRENGTHS,
1.736 + },
1.737 +
1.738 +/* Cipher 29 */
1.739 + {
1.740 + 1,
1.741 + SSL3_TXT_KRB5_DES_40_CBC_MD5,
1.742 + SSL3_CK_KRB5_DES_40_CBC_MD5,
1.743 + SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3,
1.744 + SSL_EXPORT|SSL_EXP40,
1.745 + 0,
1.746 + 40,
1.747 + 56,
1.748 + SSL_ALL_CIPHERS,
1.749 + SSL_ALL_STRENGTHS,
1.750 + },
1.751 +
1.752 +/* Cipher 2A */
1.753 + {
1.754 + 1,
1.755 + SSL3_TXT_KRB5_RC2_40_CBC_MD5,
1.756 + SSL3_CK_KRB5_RC2_40_CBC_MD5,
1.757 + SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_MD5 |SSL_SSLV3,
1.758 + SSL_EXPORT|SSL_EXP40,
1.759 + 0,
1.760 + 40,
1.761 + 128,
1.762 + SSL_ALL_CIPHERS,
1.763 + SSL_ALL_STRENGTHS,
1.764 + },
1.765 +
1.766 +/* Cipher 2B */
1.767 + {
1.768 + 1,
1.769 + SSL3_TXT_KRB5_RC4_40_MD5,
1.770 + SSL3_CK_KRB5_RC4_40_MD5,
1.771 + SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
1.772 + SSL_EXPORT|SSL_EXP40,
1.773 + 0,
1.774 + 40,
1.775 + 128,
1.776 + SSL_ALL_CIPHERS,
1.777 + SSL_ALL_STRENGTHS,
1.778 + },
1.779 +#endif /* OPENSSL_NO_KRB5 */
1.780 +
1.781 +/* New AES ciphersuites */
1.782 +/* Cipher 2F */
1.783 + {
1.784 + 1,
1.785 + TLS1_TXT_RSA_WITH_AES_128_SHA,
1.786 + TLS1_CK_RSA_WITH_AES_128_SHA,
1.787 + SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
1.788 + SSL_NOT_EXP|SSL_HIGH,
1.789 + 0,
1.790 + 128,
1.791 + 128,
1.792 + SSL_ALL_CIPHERS,
1.793 + SSL_ALL_STRENGTHS,
1.794 + },
1.795 +/* Cipher 30 */
1.796 + {
1.797 + 0,
1.798 + TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
1.799 + TLS1_CK_DH_DSS_WITH_AES_128_SHA,
1.800 + SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
1.801 + SSL_NOT_EXP|SSL_HIGH,
1.802 + 0,
1.803 + 128,
1.804 + 128,
1.805 + SSL_ALL_CIPHERS,
1.806 + SSL_ALL_STRENGTHS,
1.807 + },
1.808 +/* Cipher 31 */
1.809 + {
1.810 + 0,
1.811 + TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
1.812 + TLS1_CK_DH_RSA_WITH_AES_128_SHA,
1.813 + SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
1.814 + SSL_NOT_EXP|SSL_HIGH,
1.815 + 0,
1.816 + 128,
1.817 + 128,
1.818 + SSL_ALL_CIPHERS,
1.819 + SSL_ALL_STRENGTHS,
1.820 + },
1.821 +/* Cipher 32 */
1.822 + {
1.823 + 1,
1.824 + TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
1.825 + TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
1.826 + SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
1.827 + SSL_NOT_EXP|SSL_HIGH,
1.828 + 0,
1.829 + 128,
1.830 + 128,
1.831 + SSL_ALL_CIPHERS,
1.832 + SSL_ALL_STRENGTHS,
1.833 + },
1.834 +/* Cipher 33 */
1.835 + {
1.836 + 1,
1.837 + TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
1.838 + TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
1.839 + SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1.840 + SSL_NOT_EXP|SSL_HIGH,
1.841 + 0,
1.842 + 128,
1.843 + 128,
1.844 + SSL_ALL_CIPHERS,
1.845 + SSL_ALL_STRENGTHS,
1.846 + },
1.847 +/* Cipher 34 */
1.848 + {
1.849 + 1,
1.850 + TLS1_TXT_ADH_WITH_AES_128_SHA,
1.851 + TLS1_CK_ADH_WITH_AES_128_SHA,
1.852 + SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
1.853 + SSL_NOT_EXP|SSL_HIGH,
1.854 + 0,
1.855 + 128,
1.856 + 128,
1.857 + SSL_ALL_CIPHERS,
1.858 + SSL_ALL_STRENGTHS,
1.859 + },
1.860 +
1.861 +/* Cipher 35 */
1.862 + {
1.863 + 1,
1.864 + TLS1_TXT_RSA_WITH_AES_256_SHA,
1.865 + TLS1_CK_RSA_WITH_AES_256_SHA,
1.866 + SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
1.867 + SSL_NOT_EXP|SSL_HIGH,
1.868 + 0,
1.869 + 256,
1.870 + 256,
1.871 + SSL_ALL_CIPHERS,
1.872 + SSL_ALL_STRENGTHS,
1.873 + },
1.874 +/* Cipher 36 */
1.875 + {
1.876 + 0,
1.877 + TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
1.878 + TLS1_CK_DH_DSS_WITH_AES_256_SHA,
1.879 + SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
1.880 + SSL_NOT_EXP|SSL_HIGH,
1.881 + 0,
1.882 + 256,
1.883 + 256,
1.884 + SSL_ALL_CIPHERS,
1.885 + SSL_ALL_STRENGTHS,
1.886 + },
1.887 +/* Cipher 37 */
1.888 + {
1.889 + 0,
1.890 + TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1.891 + TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1.892 + SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
1.893 + SSL_NOT_EXP|SSL_HIGH,
1.894 + 0,
1.895 + 256,
1.896 + 256,
1.897 + SSL_ALL_CIPHERS,
1.898 + SSL_ALL_STRENGTHS,
1.899 + },
1.900 +/* Cipher 38 */
1.901 + {
1.902 + 1,
1.903 + TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1.904 + TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1.905 + SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
1.906 + SSL_NOT_EXP|SSL_HIGH,
1.907 + 0,
1.908 + 256,
1.909 + 256,
1.910 + SSL_ALL_CIPHERS,
1.911 + SSL_ALL_STRENGTHS,
1.912 + },
1.913 +/* Cipher 39 */
1.914 + {
1.915 + 1,
1.916 + TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1.917 + TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1.918 + SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1.919 + SSL_NOT_EXP|SSL_HIGH,
1.920 + 0,
1.921 + 256,
1.922 + 256,
1.923 + SSL_ALL_CIPHERS,
1.924 + SSL_ALL_STRENGTHS,
1.925 + },
1.926 + /* Cipher 3A */
1.927 + {
1.928 + 1,
1.929 + TLS1_TXT_ADH_WITH_AES_256_SHA,
1.930 + TLS1_CK_ADH_WITH_AES_256_SHA,
1.931 + SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
1.932 + SSL_NOT_EXP|SSL_HIGH,
1.933 + 0,
1.934 + 256,
1.935 + 256,
1.936 + SSL_ALL_CIPHERS,
1.937 + SSL_ALL_STRENGTHS,
1.938 + },
1.939 +#ifndef OPENSSL_NO_ECDH
1.940 + /* Cipher 47 */
1.941 + {
1.942 + 1,
1.943 + TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1.944 + TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1.945 + SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
1.946 + SSL_NOT_EXP,
1.947 + 0,
1.948 + 0,
1.949 + 0,
1.950 + SSL_ALL_CIPHERS,
1.951 + SSL_ALL_STRENGTHS,
1.952 + },
1.953 +
1.954 + /* Cipher 48 */
1.955 + {
1.956 + 1,
1.957 + TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
1.958 + TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
1.959 + SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
1.960 + SSL_NOT_EXP,
1.961 + 0,
1.962 + 128,
1.963 + 128,
1.964 + SSL_ALL_CIPHERS,
1.965 + SSL_ALL_STRENGTHS,
1.966 + },
1.967 +
1.968 + /* Cipher 49 */
1.969 + {
1.970 + 1,
1.971 + TLS1_TXT_ECDH_ECDSA_WITH_DES_CBC_SHA,
1.972 + TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA,
1.973 + SSL_kECDH|SSL_aECDSA|SSL_DES|SSL_SHA|SSL_TLSV1,
1.974 + SSL_NOT_EXP|SSL_LOW,
1.975 + 0,
1.976 + 56,
1.977 + 56,
1.978 + SSL_ALL_CIPHERS,
1.979 + SSL_ALL_STRENGTHS,
1.980 + },
1.981 +
1.982 + /* Cipher 4A */
1.983 + {
1.984 + 1,
1.985 + TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1.986 + TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1.987 + SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
1.988 + SSL_NOT_EXP|SSL_HIGH,
1.989 + 0,
1.990 + 168,
1.991 + 168,
1.992 + SSL_ALL_CIPHERS,
1.993 + SSL_ALL_STRENGTHS,
1.994 + },
1.995 +
1.996 + /* Cipher 4B */
1.997 + {
1.998 + 1,
1.999 + TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1.1000 + TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1.1001 + SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1.1002 + SSL_NOT_EXP|SSL_HIGH,
1.1003 + 0,
1.1004 + 128,
1.1005 + 128,
1.1006 + SSL_ALL_CIPHERS,
1.1007 + SSL_ALL_STRENGTHS,
1.1008 + },
1.1009 +
1.1010 + /* Cipher 4C */
1.1011 + {
1.1012 + 1,
1.1013 + TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1.1014 + TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1.1015 + SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1.1016 + SSL_NOT_EXP|SSL_HIGH,
1.1017 + 0,
1.1018 + 256,
1.1019 + 256,
1.1020 + SSL_ALL_CIPHERS,
1.1021 + SSL_ALL_STRENGTHS,
1.1022 + },
1.1023 +
1.1024 + /* Cipher 4D */
1.1025 + {
1.1026 + 1,
1.1027 + TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1.1028 + TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1.1029 + SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
1.1030 + SSL_NOT_EXP,
1.1031 + 0,
1.1032 + 0,
1.1033 + 0,
1.1034 + SSL_ALL_CIPHERS,
1.1035 + SSL_ALL_STRENGTHS,
1.1036 + },
1.1037 +
1.1038 + /* Cipher 4E */
1.1039 + {
1.1040 + 1,
1.1041 + TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
1.1042 + TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
1.1043 + SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
1.1044 + SSL_NOT_EXP,
1.1045 + 0,
1.1046 + 128,
1.1047 + 128,
1.1048 + SSL_ALL_CIPHERS,
1.1049 + SSL_ALL_STRENGTHS,
1.1050 + },
1.1051 +
1.1052 + /* Cipher 4F */
1.1053 + {
1.1054 + 1,
1.1055 + TLS1_TXT_ECDH_RSA_WITH_DES_CBC_SHA,
1.1056 + TLS1_CK_ECDH_RSA_WITH_DES_CBC_SHA,
1.1057 + SSL_kECDH|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
1.1058 + SSL_NOT_EXP|SSL_LOW,
1.1059 + 0,
1.1060 + 56,
1.1061 + 56,
1.1062 + SSL_ALL_CIPHERS,
1.1063 + SSL_ALL_STRENGTHS,
1.1064 + },
1.1065 +
1.1066 + /* Cipher 50 */
1.1067 + {
1.1068 + 1,
1.1069 + TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1.1070 + TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1.1071 + SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
1.1072 + SSL_NOT_EXP|SSL_HIGH,
1.1073 + 0,
1.1074 + 168,
1.1075 + 168,
1.1076 + SSL_ALL_CIPHERS,
1.1077 + SSL_ALL_STRENGTHS,
1.1078 + },
1.1079 +
1.1080 + /* Cipher 51 */
1.1081 + {
1.1082 + 1,
1.1083 + TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
1.1084 + TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
1.1085 + SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1.1086 + SSL_NOT_EXP|SSL_HIGH,
1.1087 + 0,
1.1088 + 128,
1.1089 + 128,
1.1090 + SSL_ALL_CIPHERS,
1.1091 + SSL_ALL_STRENGTHS,
1.1092 + },
1.1093 +
1.1094 + /* Cipher 52 */
1.1095 + {
1.1096 + 1,
1.1097 + TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
1.1098 + TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
1.1099 + SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1.1100 + SSL_NOT_EXP|SSL_HIGH,
1.1101 + 0,
1.1102 + 256,
1.1103 + 256,
1.1104 + SSL_ALL_CIPHERS,
1.1105 + SSL_ALL_STRENGTHS,
1.1106 + },
1.1107 +
1.1108 + /* Cipher 53 */
1.1109 + {
1.1110 + 1,
1.1111 + TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_40_SHA,
1.1112 + TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_40_SHA,
1.1113 + SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
1.1114 + SSL_EXPORT|SSL_EXP40,
1.1115 + 0,
1.1116 + 40,
1.1117 + 128,
1.1118 + SSL_ALL_CIPHERS,
1.1119 + SSL_ALL_STRENGTHS,
1.1120 + },
1.1121 +
1.1122 + /* Cipher 54 */
1.1123 + {
1.1124 + 1,
1.1125 + TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_56_SHA,
1.1126 + TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_56_SHA,
1.1127 + SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
1.1128 + SSL_EXPORT|SSL_EXP56,
1.1129 + 0,
1.1130 + 56,
1.1131 + 128,
1.1132 + SSL_ALL_CIPHERS,
1.1133 + SSL_ALL_STRENGTHS,
1.1134 + },
1.1135 +
1.1136 + /* Cipher 55 */
1.1137 + {
1.1138 + 1,
1.1139 + TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1.1140 + TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1.1141 + SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1,
1.1142 + SSL_NOT_EXP,
1.1143 + 0,
1.1144 + 0,
1.1145 + 0,
1.1146 + SSL_ALL_CIPHERS,
1.1147 + SSL_ALL_STRENGTHS,
1.1148 + },
1.1149 +
1.1150 + /* Cipher 56 */
1.1151 + {
1.1152 + 1,
1.1153 + TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1.1154 + TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1.1155 + SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
1.1156 + SSL_NOT_EXP,
1.1157 + 0,
1.1158 + 128,
1.1159 + 128,
1.1160 + SSL_ALL_CIPHERS,
1.1161 + SSL_ALL_STRENGTHS,
1.1162 + },
1.1163 +
1.1164 + /* Cipher 57 */
1.1165 + {
1.1166 + 1,
1.1167 + TLS1_TXT_ECDH_anon_WITH_DES_CBC_SHA,
1.1168 + TLS1_CK_ECDH_anon_WITH_DES_CBC_SHA,
1.1169 + SSL_kECDHE|SSL_aNULL|SSL_DES|SSL_SHA|SSL_TLSV1,
1.1170 + SSL_NOT_EXP|SSL_LOW,
1.1171 + 0,
1.1172 + 56,
1.1173 + 56,
1.1174 + SSL_ALL_CIPHERS,
1.1175 + SSL_ALL_STRENGTHS,
1.1176 + },
1.1177 +
1.1178 + /* Cipher 58 */
1.1179 + {
1.1180 + 1,
1.1181 + TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1.1182 + TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1.1183 + SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1,
1.1184 + SSL_NOT_EXP|SSL_HIGH,
1.1185 + 0,
1.1186 + 168,
1.1187 + 168,
1.1188 + SSL_ALL_CIPHERS,
1.1189 + SSL_ALL_STRENGTHS,
1.1190 + },
1.1191 +
1.1192 + /* Cipher 59 */
1.1193 + {
1.1194 + 1,
1.1195 + TLS1_TXT_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA,
1.1196 + TLS1_CK_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA,
1.1197 + SSL_kECDHE|SSL_aNULL|SSL_DES|SSL_SHA|SSL_TLSV1,
1.1198 + SSL_EXPORT|SSL_EXP40,
1.1199 + 0,
1.1200 + 40,
1.1201 + 56,
1.1202 + SSL_ALL_CIPHERS,
1.1203 + SSL_ALL_STRENGTHS,
1.1204 + },
1.1205 +
1.1206 + /* Cipher 5A */
1.1207 + {
1.1208 + 1,
1.1209 + TLS1_TXT_ECDH_anon_EXPORT_WITH_RC4_40_SHA,
1.1210 + TLS1_CK_ECDH_anon_EXPORT_WITH_RC4_40_SHA,
1.1211 + SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
1.1212 + SSL_EXPORT|SSL_EXP40,
1.1213 + 0,
1.1214 + 40,
1.1215 + 128,
1.1216 + SSL_ALL_CIPHERS,
1.1217 + SSL_ALL_STRENGTHS,
1.1218 + },
1.1219 + /* Cipher 5B */
1.1220 + /* XXX NOTE: The ECC/TLS draft has a bug and reuses 4B for this */
1.1221 + {
1.1222 + 1,
1.1223 + TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA,
1.1224 + TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA,
1.1225 + SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
1.1226 + SSL_EXPORT|SSL_EXP40,
1.1227 + 0,
1.1228 + 40,
1.1229 + 128,
1.1230 + SSL_ALL_CIPHERS,
1.1231 + SSL_ALL_STRENGTHS,
1.1232 + },
1.1233 +
1.1234 + /* Cipher 5C */
1.1235 + /* XXX NOTE: The ECC/TLS draft has a bug and reuses 4C for this */
1.1236 + {
1.1237 + 1,
1.1238 + TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA,
1.1239 + TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA,
1.1240 + SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
1.1241 + SSL_EXPORT|SSL_EXP56,
1.1242 + 0,
1.1243 + 56,
1.1244 + 128,
1.1245 + SSL_ALL_CIPHERS,
1.1246 + SSL_ALL_STRENGTHS,
1.1247 + },
1.1248 +
1.1249 +#endif /* OPENSSL_NO_ECDH */
1.1250 +
1.1251 +#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1.1252 + /* New TLS Export CipherSuites from Expired ID */
1.1253 +#if 0
1.1254 + /* Cipher 60 */
1.1255 + {
1.1256 + 1,
1.1257 + TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1.1258 + TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1.1259 + SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
1.1260 + SSL_EXPORT|SSL_EXP56,
1.1261 + 0,
1.1262 + 56,
1.1263 + 128,
1.1264 + SSL_ALL_CIPHERS,
1.1265 + SSL_ALL_STRENGTHS,
1.1266 + },
1.1267 + /* Cipher 61 */
1.1268 + {
1.1269 + 1,
1.1270 + TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1.1271 + TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1.1272 + SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
1.1273 + SSL_EXPORT|SSL_EXP56,
1.1274 + 0,
1.1275 + 56,
1.1276 + 128,
1.1277 + SSL_ALL_CIPHERS,
1.1278 + SSL_ALL_STRENGTHS,
1.1279 + },
1.1280 +#endif
1.1281 + /* Cipher 62 */
1.1282 + {
1.1283 + 1,
1.1284 + TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1.1285 + TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1.1286 + SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
1.1287 + SSL_EXPORT|SSL_EXP56,
1.1288 + 0,
1.1289 + 56,
1.1290 + 56,
1.1291 + SSL_ALL_CIPHERS,
1.1292 + SSL_ALL_STRENGTHS,
1.1293 + },
1.1294 + /* Cipher 63 */
1.1295 + {
1.1296 + 1,
1.1297 + TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1.1298 + TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1.1299 + SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
1.1300 + SSL_EXPORT|SSL_EXP56,
1.1301 + 0,
1.1302 + 56,
1.1303 + 56,
1.1304 + SSL_ALL_CIPHERS,
1.1305 + SSL_ALL_STRENGTHS,
1.1306 + },
1.1307 + /* Cipher 64 */
1.1308 + {
1.1309 + 1,
1.1310 + TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1.1311 + TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1.1312 + SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
1.1313 + SSL_EXPORT|SSL_EXP56,
1.1314 + 0,
1.1315 + 56,
1.1316 + 128,
1.1317 + SSL_ALL_CIPHERS,
1.1318 + SSL_ALL_STRENGTHS,
1.1319 + },
1.1320 + /* Cipher 65 */
1.1321 + {
1.1322 + 1,
1.1323 + TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1.1324 + TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1.1325 + SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
1.1326 + SSL_EXPORT|SSL_EXP56,
1.1327 + 0,
1.1328 + 56,
1.1329 + 128,
1.1330 + SSL_ALL_CIPHERS,
1.1331 + SSL_ALL_STRENGTHS,
1.1332 + },
1.1333 + /* Cipher 66 */
1.1334 + {
1.1335 + 1,
1.1336 + TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1.1337 + TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1.1338 + SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
1.1339 + SSL_NOT_EXP|SSL_MEDIUM,
1.1340 + 0,
1.1341 + 128,
1.1342 + 128,
1.1343 + SSL_ALL_CIPHERS,
1.1344 + SSL_ALL_STRENGTHS
1.1345 + },
1.1346 +#endif
1.1347 +
1.1348 +
1.1349 +#ifndef OPENSSL_NO_ECDH
1.1350 + /* Cipher 77 XXX: ECC ciphersuites offering forward secrecy
1.1351 + * are not yet specified in the ECC/TLS draft but our code
1.1352 + * allows them to be implemented very easily. To add such
1.1353 + * a cipher suite, one needs to add two constant definitions
1.1354 + * to tls1.h and a new structure in this file as shown below. We
1.1355 + * illustrate the process for the made-up cipher
1.1356 + * ECDHE-ECDSA-AES128-SHA.
1.1357 + */
1.1358 + {
1.1359 + 1,
1.1360 + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1.1361 + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1.1362 + SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1.1363 + SSL_NOT_EXP|SSL_HIGH,
1.1364 + 0,
1.1365 + 128,
1.1366 + 128,
1.1367 + SSL_ALL_CIPHERS,
1.1368 + SSL_ALL_STRENGTHS,
1.1369 + },
1.1370 +
1.1371 + /* Cipher 78 XXX: Another made-up ECC cipher suite that
1.1372 + * offers forward secrecy (ECDHE-RSA-AES128-SHA).
1.1373 + */
1.1374 + {
1.1375 + 1,
1.1376 + TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1.1377 + TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1.1378 + SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1.1379 + SSL_NOT_EXP|SSL_HIGH,
1.1380 + 0,
1.1381 + 128,
1.1382 + 128,
1.1383 + SSL_ALL_CIPHERS,
1.1384 + SSL_ALL_STRENGTHS,
1.1385 + },
1.1386 +#endif /* !OPENSSL_NO_ECDH */
1.1387 +
1.1388 +/* end of list */
1.1389 + };
1.1390 +#ifdef EMULATOR
1.1391 +GET_GLOBAL_VAR_FROM_TLS(SSLv3_enc_data,s3_lib,SSL3_ENC_METHOD)
1.1392 +
1.1393 +#define SSLv3_enc_data (GET_WSD_VAR_NAME(SSLv3_enc_data,s3_lib,g)())
1.1394 +#endif
1.1395 +#ifndef EMULATOR
1.1396 +SSL3_ENC_METHOD SSLv3_enc_data={
1.1397 +#else
1.1398 +const SSL3_ENC_METHOD temp_SSLv3_enc_data={
1.1399 +#endif
1.1400 + ssl3_enc,
1.1401 + ssl3_mac,
1.1402 + ssl3_setup_key_block,
1.1403 + ssl3_generate_master_secret,
1.1404 + ssl3_change_cipher_state,
1.1405 + ssl3_final_finish_mac,
1.1406 + MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
1.1407 + ssl3_cert_verify_mac,
1.1408 + SSL3_MD_CLIENT_FINISHED_CONST,4,
1.1409 + SSL3_MD_SERVER_FINISHED_CONST,4,
1.1410 + ssl3_alert_code,
1.1411 + };
1.1412 +
1.1413 +long ssl3_default_timeout(void)
1.1414 + {
1.1415 + /* 2 hours, the 24 hours mentioned in the SSLv3 spec
1.1416 + * is way too long for http, the cache would over fill */
1.1417 + return(60*60*2);
1.1418 + }
1.1419 +
1.1420 +IMPLEMENT_ssl3_meth_func(sslv3_base_method,
1.1421 + ssl_undefined_function,
1.1422 + ssl_undefined_function,
1.1423 + ssl_bad_method)
1.1424 +
1.1425 +int ssl3_num_ciphers(void)
1.1426 + {
1.1427 + return(SSL3_NUM_CIPHERS);
1.1428 + }
1.1429 +
1.1430 +SSL_CIPHER *ssl3_get_cipher(unsigned int u)
1.1431 + {
1.1432 + if (u < SSL3_NUM_CIPHERS)
1.1433 + return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
1.1434 + else
1.1435 + return(NULL);
1.1436 + }
1.1437 +
1.1438 +int ssl3_pending(const SSL *s)
1.1439 + {
1.1440 + if (s->rstate == SSL_ST_READ_BODY)
1.1441 + return 0;
1.1442 +
1.1443 + return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
1.1444 + }
1.1445 +
1.1446 +int ssl3_new(SSL *s)
1.1447 + {
1.1448 + SSL3_STATE *s3;
1.1449 +
1.1450 + if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
1.1451 + memset(s3,0,sizeof *s3);
1.1452 + EVP_MD_CTX_init(&s3->finish_dgst1);
1.1453 + EVP_MD_CTX_init(&s3->finish_dgst2);
1.1454 + pq_64bit_init(&(s3->rrec.seq_num));
1.1455 + pq_64bit_init(&(s3->wrec.seq_num));
1.1456 +
1.1457 + s->s3=s3;
1.1458 +
1.1459 + s->method->ssl_clear(s);
1.1460 + return(1);
1.1461 +err:
1.1462 + return(0);
1.1463 + }
1.1464 +
1.1465 +void ssl3_free(SSL *s)
1.1466 + {
1.1467 + if(s == NULL)
1.1468 + return;
1.1469 +
1.1470 + ssl3_cleanup_key_block(s);
1.1471 + if (s->s3->rbuf.buf != NULL)
1.1472 + OPENSSL_free(s->s3->rbuf.buf);
1.1473 + if (s->s3->wbuf.buf != NULL)
1.1474 + OPENSSL_free(s->s3->wbuf.buf);
1.1475 + if (s->s3->rrec.comp != NULL)
1.1476 + OPENSSL_free(s->s3->rrec.comp);
1.1477 +#ifndef OPENSSL_NO_DH
1.1478 + if (s->s3->tmp.dh != NULL)
1.1479 + DH_free(s->s3->tmp.dh);
1.1480 +#endif
1.1481 +#ifndef OPENSSL_NO_ECDH
1.1482 + if (s->s3->tmp.ecdh != NULL)
1.1483 + EC_KEY_free(s->s3->tmp.ecdh);
1.1484 +#endif
1.1485 +
1.1486 + if (s->s3->tmp.ca_names != NULL)
1.1487 + sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
1.1488 + EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
1.1489 + EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
1.1490 + pq_64bit_free(&(s->s3->rrec.seq_num));
1.1491 + pq_64bit_free(&(s->s3->wrec.seq_num));
1.1492 +
1.1493 + OPENSSL_cleanse(s->s3,sizeof *s->s3);
1.1494 + OPENSSL_free(s->s3);
1.1495 + s->s3=NULL;
1.1496 + }
1.1497 +
1.1498 +void ssl3_clear(SSL *s)
1.1499 + {
1.1500 + unsigned char *rp,*wp;
1.1501 + size_t rlen, wlen;
1.1502 +
1.1503 + ssl3_cleanup_key_block(s);
1.1504 + if (s->s3->tmp.ca_names != NULL)
1.1505 + sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
1.1506 +
1.1507 + if (s->s3->rrec.comp != NULL)
1.1508 + {
1.1509 + OPENSSL_free(s->s3->rrec.comp);
1.1510 + s->s3->rrec.comp=NULL;
1.1511 + }
1.1512 +#ifndef OPENSSL_NO_DH
1.1513 + if (s->s3->tmp.dh != NULL)
1.1514 + DH_free(s->s3->tmp.dh);
1.1515 +#endif
1.1516 +#ifndef OPENSSL_NO_ECDH
1.1517 + if (s->s3->tmp.ecdh != NULL)
1.1518 + EC_KEY_free(s->s3->tmp.ecdh);
1.1519 +#endif
1.1520 +
1.1521 + rp = s->s3->rbuf.buf;
1.1522 + wp = s->s3->wbuf.buf;
1.1523 + rlen = s->s3->rbuf.len;
1.1524 + wlen = s->s3->wbuf.len;
1.1525 +
1.1526 + EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
1.1527 + EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
1.1528 +
1.1529 + memset(s->s3,0,sizeof *s->s3);
1.1530 + s->s3->rbuf.buf = rp;
1.1531 + s->s3->wbuf.buf = wp;
1.1532 + s->s3->rbuf.len = rlen;
1.1533 + s->s3->wbuf.len = wlen;
1.1534 +
1.1535 + ssl_free_wbio_buffer(s);
1.1536 +
1.1537 + s->packet_length=0;
1.1538 + s->s3->renegotiate=0;
1.1539 + s->s3->total_renegotiations=0;
1.1540 + s->s3->num_renegotiations=0;
1.1541 + s->s3->in_read_app_data=0;
1.1542 + s->version=SSL3_VERSION;
1.1543 + }
1.1544 +
1.1545 +long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
1.1546 + {
1.1547 + int ret=0;
1.1548 +
1.1549 +#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
1.1550 + if (
1.1551 +#ifndef OPENSSL_NO_RSA
1.1552 + cmd == SSL_CTRL_SET_TMP_RSA ||
1.1553 + cmd == SSL_CTRL_SET_TMP_RSA_CB ||
1.1554 +#endif
1.1555 +#ifndef OPENSSL_NO_DSA
1.1556 + cmd == SSL_CTRL_SET_TMP_DH ||
1.1557 + cmd == SSL_CTRL_SET_TMP_DH_CB ||
1.1558 +#endif
1.1559 + 0)
1.1560 + {
1.1561 + if (!ssl_cert_inst(&s->cert))
1.1562 + {
1.1563 + SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
1.1564 + return(0);
1.1565 + }
1.1566 + }
1.1567 +#endif
1.1568 +
1.1569 + switch (cmd)
1.1570 + {
1.1571 + case SSL_CTRL_GET_SESSION_REUSED:
1.1572 + ret=s->hit;
1.1573 + break;
1.1574 + case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
1.1575 + break;
1.1576 + case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
1.1577 + ret=s->s3->num_renegotiations;
1.1578 + break;
1.1579 + case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
1.1580 + ret=s->s3->num_renegotiations;
1.1581 + s->s3->num_renegotiations=0;
1.1582 + break;
1.1583 + case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
1.1584 + ret=s->s3->total_renegotiations;
1.1585 + break;
1.1586 + case SSL_CTRL_GET_FLAGS:
1.1587 + ret=(int)(s->s3->flags);
1.1588 + break;
1.1589 +#ifndef OPENSSL_NO_RSA
1.1590 + case SSL_CTRL_NEED_TMP_RSA:
1.1591 + if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
1.1592 + ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
1.1593 + (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
1.1594 + ret = 1;
1.1595 + break;
1.1596 + case SSL_CTRL_SET_TMP_RSA:
1.1597 + {
1.1598 + RSA *rsa = (RSA *)parg;
1.1599 + if (rsa == NULL)
1.1600 + {
1.1601 + SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
1.1602 + return(ret);
1.1603 + }
1.1604 + if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
1.1605 + {
1.1606 + SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
1.1607 + return(ret);
1.1608 + }
1.1609 + if (s->cert->rsa_tmp != NULL)
1.1610 + RSA_free(s->cert->rsa_tmp);
1.1611 + s->cert->rsa_tmp = rsa;
1.1612 + ret = 1;
1.1613 + }
1.1614 + break;
1.1615 + case SSL_CTRL_SET_TMP_RSA_CB:
1.1616 + {
1.1617 + SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1.1618 + return(ret);
1.1619 + }
1.1620 + break;
1.1621 +#endif
1.1622 +#ifndef OPENSSL_NO_DH
1.1623 + case SSL_CTRL_SET_TMP_DH:
1.1624 + {
1.1625 + DH *dh = (DH *)parg;
1.1626 + if (dh == NULL)
1.1627 + {
1.1628 + SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
1.1629 + return(ret);
1.1630 + }
1.1631 + if ((dh = DHparams_dup(dh)) == NULL)
1.1632 + {
1.1633 + SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
1.1634 + return(ret);
1.1635 + }
1.1636 + if (!(s->options & SSL_OP_SINGLE_DH_USE))
1.1637 + {
1.1638 + if (!DH_generate_key(dh))
1.1639 + {
1.1640 + DH_free(dh);
1.1641 + SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
1.1642 + return(ret);
1.1643 + }
1.1644 + }
1.1645 + if (s->cert->dh_tmp != NULL)
1.1646 + DH_free(s->cert->dh_tmp);
1.1647 + s->cert->dh_tmp = dh;
1.1648 + ret = 1;
1.1649 + }
1.1650 + break;
1.1651 + case SSL_CTRL_SET_TMP_DH_CB:
1.1652 + {
1.1653 + SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1.1654 + return(ret);
1.1655 + }
1.1656 + break;
1.1657 +#endif
1.1658 +#ifndef OPENSSL_NO_ECDH
1.1659 + case SSL_CTRL_SET_TMP_ECDH:
1.1660 + {
1.1661 + EC_KEY *ecdh = NULL;
1.1662 +
1.1663 + if (parg == NULL)
1.1664 + {
1.1665 + SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
1.1666 + return(ret);
1.1667 + }
1.1668 + if (!EC_KEY_up_ref((EC_KEY *)parg))
1.1669 + {
1.1670 + SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
1.1671 + return(ret);
1.1672 + }
1.1673 + ecdh = (EC_KEY *)parg;
1.1674 + if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
1.1675 + {
1.1676 + if (!EC_KEY_generate_key(ecdh))
1.1677 + {
1.1678 + EC_KEY_free(ecdh);
1.1679 + SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
1.1680 + return(ret);
1.1681 + }
1.1682 + }
1.1683 + if (s->cert->ecdh_tmp != NULL)
1.1684 + EC_KEY_free(s->cert->ecdh_tmp);
1.1685 + s->cert->ecdh_tmp = ecdh;
1.1686 + ret = 1;
1.1687 + }
1.1688 + break;
1.1689 + case SSL_CTRL_SET_TMP_ECDH_CB:
1.1690 + {
1.1691 + SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1.1692 + return(ret);
1.1693 + }
1.1694 + break;
1.1695 +#endif /* !OPENSSL_NO_ECDH */
1.1696 + default:
1.1697 + break;
1.1698 + }
1.1699 + return(ret);
1.1700 + }
1.1701 +
1.1702 +long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1.1703 + {
1.1704 + int ret=0;
1.1705 +
1.1706 +#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
1.1707 + if (
1.1708 +#ifndef OPENSSL_NO_RSA
1.1709 + cmd == SSL_CTRL_SET_TMP_RSA_CB ||
1.1710 +#endif
1.1711 +#ifndef OPENSSL_NO_DSA
1.1712 + cmd == SSL_CTRL_SET_TMP_DH_CB ||
1.1713 +#endif
1.1714 + 0)
1.1715 + {
1.1716 + if (!ssl_cert_inst(&s->cert))
1.1717 + {
1.1718 + SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
1.1719 + return(0);
1.1720 + }
1.1721 + }
1.1722 +#endif
1.1723 +
1.1724 + switch (cmd)
1.1725 + {
1.1726 +#ifndef OPENSSL_NO_RSA
1.1727 + case SSL_CTRL_SET_TMP_RSA_CB:
1.1728 + {
1.1729 + s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
1.1730 + }
1.1731 + break;
1.1732 +#endif
1.1733 +#ifndef OPENSSL_NO_DH
1.1734 + case SSL_CTRL_SET_TMP_DH_CB:
1.1735 + {
1.1736 + s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
1.1737 + }
1.1738 + break;
1.1739 +#endif
1.1740 +#ifndef OPENSSL_NO_ECDH
1.1741 + case SSL_CTRL_SET_TMP_ECDH_CB:
1.1742 + {
1.1743 + s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
1.1744 + }
1.1745 + break;
1.1746 +#endif
1.1747 + default:
1.1748 + break;
1.1749 + }
1.1750 + return(ret);
1.1751 + }
1.1752 +
1.1753 +long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
1.1754 + {
1.1755 + CERT *cert;
1.1756 +
1.1757 + cert=ctx->cert;
1.1758 +
1.1759 + switch (cmd)
1.1760 + {
1.1761 +#ifndef OPENSSL_NO_RSA
1.1762 + case SSL_CTRL_NEED_TMP_RSA:
1.1763 + if ( (cert->rsa_tmp == NULL) &&
1.1764 + ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
1.1765 + (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
1.1766 + )
1.1767 + return(1);
1.1768 + else
1.1769 + return(0);
1.1770 + /* break; */
1.1771 + case SSL_CTRL_SET_TMP_RSA:
1.1772 + {
1.1773 + RSA *rsa;
1.1774 + int i;
1.1775 +
1.1776 + rsa=(RSA *)parg;
1.1777 + i=1;
1.1778 + if (rsa == NULL)
1.1779 + i=0;
1.1780 + else
1.1781 + {
1.1782 + if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
1.1783 + i=0;
1.1784 + }
1.1785 + if (!i)
1.1786 + {
1.1787 + SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
1.1788 + return(0);
1.1789 + }
1.1790 + else
1.1791 + {
1.1792 + if (cert->rsa_tmp != NULL)
1.1793 + RSA_free(cert->rsa_tmp);
1.1794 + cert->rsa_tmp=rsa;
1.1795 + return(1);
1.1796 + }
1.1797 + }
1.1798 + /* break; */
1.1799 + case SSL_CTRL_SET_TMP_RSA_CB:
1.1800 + {
1.1801 + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1.1802 + return(0);
1.1803 + }
1.1804 + break;
1.1805 +#endif
1.1806 +#ifndef OPENSSL_NO_DH
1.1807 + case SSL_CTRL_SET_TMP_DH:
1.1808 + {
1.1809 + DH *new=NULL,*dh;
1.1810 +
1.1811 + dh=(DH *)parg;
1.1812 + if ((new=DHparams_dup(dh)) == NULL)
1.1813 + {
1.1814 + SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
1.1815 + return 0;
1.1816 + }
1.1817 + if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
1.1818 + {
1.1819 + if (!DH_generate_key(new))
1.1820 + {
1.1821 + SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
1.1822 + DH_free(new);
1.1823 + return 0;
1.1824 + }
1.1825 + }
1.1826 + if (cert->dh_tmp != NULL)
1.1827 + DH_free(cert->dh_tmp);
1.1828 + cert->dh_tmp=new;
1.1829 + return 1;
1.1830 + }
1.1831 + /*break; */
1.1832 + case SSL_CTRL_SET_TMP_DH_CB:
1.1833 + {
1.1834 + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1.1835 + return(0);
1.1836 + }
1.1837 + break;
1.1838 +#endif
1.1839 +#ifndef OPENSSL_NO_ECDH
1.1840 + case SSL_CTRL_SET_TMP_ECDH:
1.1841 + {
1.1842 + EC_KEY *ecdh = NULL;
1.1843 +
1.1844 + if (parg == NULL)
1.1845 + {
1.1846 + SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
1.1847 + return 0;
1.1848 + }
1.1849 + ecdh = EC_KEY_dup((EC_KEY *)parg);
1.1850 + if (ecdh == NULL)
1.1851 + {
1.1852 + SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
1.1853 + return 0;
1.1854 + }
1.1855 + if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
1.1856 + {
1.1857 + if (!EC_KEY_generate_key(ecdh))
1.1858 + {
1.1859 + EC_KEY_free(ecdh);
1.1860 + SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
1.1861 + return 0;
1.1862 + }
1.1863 + }
1.1864 +
1.1865 + if (cert->ecdh_tmp != NULL)
1.1866 + {
1.1867 + EC_KEY_free(cert->ecdh_tmp);
1.1868 + }
1.1869 + cert->ecdh_tmp = ecdh;
1.1870 + return 1;
1.1871 + }
1.1872 + /* break; */
1.1873 + case SSL_CTRL_SET_TMP_ECDH_CB:
1.1874 + {
1.1875 + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1.1876 + return(0);
1.1877 + }
1.1878 + break;
1.1879 +#endif /* !OPENSSL_NO_ECDH */
1.1880 + /* A Thawte special :-) */
1.1881 + case SSL_CTRL_EXTRA_CHAIN_CERT:
1.1882 + if (ctx->extra_certs == NULL)
1.1883 + {
1.1884 + if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
1.1885 + return(0);
1.1886 + }
1.1887 + sk_X509_push(ctx->extra_certs,(X509 *)parg);
1.1888 + break;
1.1889 +
1.1890 + default:
1.1891 + return(0);
1.1892 + }
1.1893 + return(1);
1.1894 + }
1.1895 +
1.1896 +long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1.1897 + {
1.1898 + CERT *cert;
1.1899 +
1.1900 + cert=ctx->cert;
1.1901 +
1.1902 + switch (cmd)
1.1903 + {
1.1904 +#ifndef OPENSSL_NO_RSA
1.1905 + case SSL_CTRL_SET_TMP_RSA_CB:
1.1906 + {
1.1907 + cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
1.1908 + }
1.1909 + break;
1.1910 +#endif
1.1911 +#ifndef OPENSSL_NO_DH
1.1912 + case SSL_CTRL_SET_TMP_DH_CB:
1.1913 + {
1.1914 + cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
1.1915 + }
1.1916 + break;
1.1917 +#endif
1.1918 +#ifndef OPENSSL_NO_ECDH
1.1919 + case SSL_CTRL_SET_TMP_ECDH_CB:
1.1920 + {
1.1921 + cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
1.1922 + }
1.1923 + break;
1.1924 +#endif
1.1925 + default:
1.1926 + return(0);
1.1927 + }
1.1928 + return(1);
1.1929 + }
1.1930 +
1.1931 +/* This function needs to check if the ciphers required are actually
1.1932 + * available */
1.1933 +SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
1.1934 + {
1.1935 + SSL_CIPHER c,*cp;
1.1936 + unsigned long id;
1.1937 +
1.1938 + id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
1.1939 + c.id=id;
1.1940 + cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
1.1941 + (char *)ssl3_ciphers,
1.1942 + SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),
1.1943 + FP_ICC ssl_cipher_id_cmp);
1.1944 + if (cp == NULL || cp->valid == 0)
1.1945 + return NULL;
1.1946 + else
1.1947 + return cp;
1.1948 + }
1.1949 +
1.1950 +int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
1.1951 + {
1.1952 + long l;
1.1953 +
1.1954 + if (p != NULL)
1.1955 + {
1.1956 + l=c->id;
1.1957 + if ((l & 0xff000000) != 0x03000000) return(0);
1.1958 + p[0]=((unsigned char)(l>> 8L))&0xFF;
1.1959 + p[1]=((unsigned char)(l ))&0xFF;
1.1960 + }
1.1961 + return(2);
1.1962 + }
1.1963 +
1.1964 +SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
1.1965 + STACK_OF(SSL_CIPHER) *srvr)
1.1966 + {
1.1967 + SSL_CIPHER *c,*ret=NULL;
1.1968 + STACK_OF(SSL_CIPHER) *prio, *allow;
1.1969 + int i,j,ok;
1.1970 +
1.1971 + CERT *cert;
1.1972 + unsigned long alg,mask,emask;
1.1973 +
1.1974 + /* Let's see which ciphers we can support */
1.1975 + cert=s->cert;
1.1976 +
1.1977 +#if 0
1.1978 + /* Do not set the compare functions, because this may lead to a
1.1979 + * reordering by "id". We want to keep the original ordering.
1.1980 + * We may pay a price in performance during sk_SSL_CIPHER_find(),
1.1981 + * but would have to pay with the price of sk_SSL_CIPHER_dup().
1.1982 + */
1.1983 + sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
1.1984 + sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
1.1985 +#endif
1.1986 +
1.1987 +#ifdef CIPHER_DEBUG
1.1988 + printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr);
1.1989 + for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
1.1990 + {
1.1991 + c=sk_SSL_CIPHER_value(srvr,i);
1.1992 + printf("%p:%s\n",c,c->name);
1.1993 + }
1.1994 + printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt);
1.1995 + for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
1.1996 + {
1.1997 + c=sk_SSL_CIPHER_value(clnt,i);
1.1998 + printf("%p:%s\n",c,c->name);
1.1999 + }
1.2000 +#endif
1.2001 +
1.2002 + if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
1.2003 + {
1.2004 + prio = srvr;
1.2005 + allow = clnt;
1.2006 + }
1.2007 + else
1.2008 + {
1.2009 + prio = clnt;
1.2010 + allow = srvr;
1.2011 + }
1.2012 +
1.2013 + for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
1.2014 + {
1.2015 + c=sk_SSL_CIPHER_value(prio,i);
1.2016 +
1.2017 + ssl_set_cert_masks(cert,c);
1.2018 + mask=cert->mask;
1.2019 + emask=cert->export_mask;
1.2020 +
1.2021 +#ifdef KSSL_DEBUG
1.2022 + printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);
1.2023 +#endif /* KSSL_DEBUG */
1.2024 +
1.2025 + alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
1.2026 +#ifndef OPENSSL_NO_KRB5
1.2027 + if (alg & SSL_KRB5)
1.2028 + {
1.2029 + if ( !kssl_keytab_is_available(s->kssl_ctx) )
1.2030 + continue;
1.2031 + }
1.2032 +#endif /* OPENSSL_NO_KRB5 */
1.2033 + if (SSL_C_IS_EXPORT(c))
1.2034 + {
1.2035 + ok=((alg & emask) == alg)?1:0;
1.2036 +#ifdef CIPHER_DEBUG
1.2037 + printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,
1.2038 + c,c->name);
1.2039 +#endif
1.2040 + }
1.2041 + else
1.2042 + {
1.2043 + ok=((alg & mask) == alg)?1:0;
1.2044 +#ifdef CIPHER_DEBUG
1.2045 + printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,
1.2046 + c->name);
1.2047 +#endif
1.2048 + }
1.2049 +
1.2050 + if (!ok) continue;
1.2051 + j=sk_SSL_CIPHER_find(allow,c);
1.2052 + if (j >= 0)
1.2053 + {
1.2054 + ret=sk_SSL_CIPHER_value(allow,j);
1.2055 + break;
1.2056 + }
1.2057 + }
1.2058 + return(ret);
1.2059 + }
1.2060 +
1.2061 +int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
1.2062 + {
1.2063 + int ret=0;
1.2064 + unsigned long alg;
1.2065 +
1.2066 + alg=s->s3->tmp.new_cipher->algorithms;
1.2067 +
1.2068 +#ifndef OPENSSL_NO_DH
1.2069 + if (alg & (SSL_kDHr|SSL_kEDH))
1.2070 + {
1.2071 +# ifndef OPENSSL_NO_RSA
1.2072 + p[ret++]=SSL3_CT_RSA_FIXED_DH;
1.2073 +# endif
1.2074 +# ifndef OPENSSL_NO_DSA
1.2075 + p[ret++]=SSL3_CT_DSS_FIXED_DH;
1.2076 +# endif
1.2077 + }
1.2078 + if ((s->version == SSL3_VERSION) &&
1.2079 + (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
1.2080 + {
1.2081 +# ifndef OPENSSL_NO_RSA
1.2082 + p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
1.2083 +# endif
1.2084 +# ifndef OPENSSL_NO_DSA
1.2085 + p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
1.2086 +# endif
1.2087 + }
1.2088 +#endif /* !OPENSSL_NO_DH */
1.2089 +#ifndef OPENSSL_NO_RSA
1.2090 + p[ret++]=SSL3_CT_RSA_SIGN;
1.2091 +#endif
1.2092 +#ifndef OPENSSL_NO_DSA
1.2093 + p[ret++]=SSL3_CT_DSS_SIGN;
1.2094 +#endif
1.2095 +#ifndef OPENSSL_NO_ECDH
1.2096 + /* We should ask for fixed ECDH certificates only
1.2097 + * for SSL_kECDH (and not SSL_kECDHE)
1.2098 + */
1.2099 + if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION))
1.2100 + {
1.2101 + p[ret++]=TLS_CT_RSA_FIXED_ECDH;
1.2102 + p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
1.2103 + }
1.2104 +#endif
1.2105 +
1.2106 +#ifndef OPENSSL_NO_ECDSA
1.2107 + /* ECDSA certs can be used with RSA cipher suites as well
1.2108 + * so we don't need to check for SSL_kECDH or SSL_kECDHE
1.2109 + */
1.2110 + if (s->version >= TLS1_VERSION)
1.2111 + {
1.2112 + p[ret++]=TLS_CT_ECDSA_SIGN;
1.2113 + }
1.2114 +#endif
1.2115 + return(ret);
1.2116 + }
1.2117 +
1.2118 +int ssl3_shutdown(SSL *s)
1.2119 + {
1.2120 +
1.2121 + /* Don't do anything much if we have not done the handshake or
1.2122 + * we don't want to send messages :-) */
1.2123 + if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
1.2124 + {
1.2125 + s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
1.2126 + return(1);
1.2127 + }
1.2128 +
1.2129 + if (!(s->shutdown & SSL_SENT_SHUTDOWN))
1.2130 + {
1.2131 + s->shutdown|=SSL_SENT_SHUTDOWN;
1.2132 +#if 1
1.2133 + ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
1.2134 +#endif
1.2135 + /* our shutdown alert has been sent now, and if it still needs
1.2136 + * to be written, s->s3->alert_dispatch will be true */
1.2137 + }
1.2138 + else if (s->s3->alert_dispatch)
1.2139 + {
1.2140 + /* resend it if not sent */
1.2141 +#if 1
1.2142 + s->method->ssl_dispatch_alert(s);
1.2143 +#endif
1.2144 + }
1.2145 + else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
1.2146 + {
1.2147 + /* If we are waiting for a close from our peer, we are closed */
1.2148 + s->method->ssl_read_bytes(s,0,NULL,0,0);
1.2149 + }
1.2150 +
1.2151 + if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
1.2152 + !s->s3->alert_dispatch)
1.2153 + return(1);
1.2154 + else
1.2155 + return(0);
1.2156 + }
1.2157 +
1.2158 +int ssl3_write(SSL *s, const void *buf, int len)
1.2159 + {
1.2160 + int ret,n;
1.2161 +
1.2162 +#if 0
1.2163 + if (s->shutdown & SSL_SEND_SHUTDOWN)
1.2164 + {
1.2165 + s->rwstate=SSL_NOTHING;
1.2166 + return(0);
1.2167 + }
1.2168 +#endif
1.2169 + clear_sys_error();
1.2170 + if (s->s3->renegotiate) ssl3_renegotiate_check(s);
1.2171 +
1.2172 + /* This is an experimental flag that sends the
1.2173 + * last handshake message in the same packet as the first
1.2174 + * use data - used to see if it helps the TCP protocol during
1.2175 + * session-id reuse */
1.2176 + /* The second test is because the buffer may have been removed */
1.2177 + if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
1.2178 + {
1.2179 + /* First time through, we write into the buffer */
1.2180 + if (s->s3->delay_buf_pop_ret == 0)
1.2181 + {
1.2182 + ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
1.2183 + buf,len);
1.2184 + if (ret <= 0) return(ret);
1.2185 +
1.2186 + s->s3->delay_buf_pop_ret=ret;
1.2187 + }
1.2188 +
1.2189 + s->rwstate=SSL_WRITING;
1.2190 + n=BIO_flush(s->wbio);
1.2191 + if (n <= 0) return(n);
1.2192 + s->rwstate=SSL_NOTHING;
1.2193 +
1.2194 + /* We have flushed the buffer, so remove it */
1.2195 + ssl_free_wbio_buffer(s);
1.2196 + s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
1.2197 +
1.2198 + ret=s->s3->delay_buf_pop_ret;
1.2199 + s->s3->delay_buf_pop_ret=0;
1.2200 + }
1.2201 + else
1.2202 + {
1.2203 + ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
1.2204 + buf,len);
1.2205 + if (ret <= 0) return(ret);
1.2206 + }
1.2207 +
1.2208 + return(ret);
1.2209 + }
1.2210 +
1.2211 +static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
1.2212 + {
1.2213 + int ret;
1.2214 +
1.2215 + clear_sys_error();
1.2216 + if (s->s3->renegotiate) ssl3_renegotiate_check(s);
1.2217 + s->s3->in_read_app_data=1;
1.2218 + ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
1.2219 + if ((ret == -1) && (s->s3->in_read_app_data == 2))
1.2220 + {
1.2221 + /* ssl3_read_bytes decided to call s->handshake_func, which
1.2222 + * called ssl3_read_bytes to read handshake data.
1.2223 + * However, ssl3_read_bytes actually found application data
1.2224 + * and thinks that application data makes sense here; so disable
1.2225 + * handshake processing and try to read application data again. */
1.2226 + s->in_handshake++;
1.2227 + ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
1.2228 + s->in_handshake--;
1.2229 + }
1.2230 + else
1.2231 + s->s3->in_read_app_data=0;
1.2232 +
1.2233 + return(ret);
1.2234 + }
1.2235 +
1.2236 +int ssl3_read(SSL *s, void *buf, int len)
1.2237 + {
1.2238 + return ssl3_read_internal(s, buf, len, 0);
1.2239 + }
1.2240 +
1.2241 +int ssl3_peek(SSL *s, void *buf, int len)
1.2242 + {
1.2243 + return ssl3_read_internal(s, buf, len, 1);
1.2244 + }
1.2245 +
1.2246 +int ssl3_renegotiate(SSL *s)
1.2247 + {
1.2248 + if (s->handshake_func == NULL)
1.2249 + return(1);
1.2250 +
1.2251 + if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
1.2252 + return(0);
1.2253 +
1.2254 + s->s3->renegotiate=1;
1.2255 + return(1);
1.2256 + }
1.2257 +
1.2258 +int ssl3_renegotiate_check(SSL *s)
1.2259 + {
1.2260 + int ret=0;
1.2261 +
1.2262 + if (s->s3->renegotiate)
1.2263 + {
1.2264 + if ( (s->s3->rbuf.left == 0) &&
1.2265 + (s->s3->wbuf.left == 0) &&
1.2266 + !SSL_in_init(s))
1.2267 + {
1.2268 +/*
1.2269 +if we are the server, and we have sent a 'RENEGOTIATE' message, we
1.2270 +need to go to SSL_ST_ACCEPT.
1.2271 +*/
1.2272 + /* SSL_ST_ACCEPT */
1.2273 + s->state=SSL_ST_RENEGOTIATE;
1.2274 + s->s3->renegotiate=0;
1.2275 + s->s3->num_renegotiations++;
1.2276 + s->s3->total_renegotiations++;
1.2277 + ret=1;
1.2278 + }
1.2279 + }
1.2280 + return(ret);
1.2281 + }
1.2282 +