sl@0: /* ssl/s3_lib.c */ sl@0: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) sl@0: * All rights reserved. sl@0: * sl@0: * This package is an SSL implementation written sl@0: * by Eric Young (eay@cryptsoft.com). sl@0: * The implementation was written so as to conform with Netscapes SSL. sl@0: * sl@0: * This library is free for commercial and non-commercial use as long as sl@0: * the following conditions are aheared to. The following conditions sl@0: * apply to all code found in this distribution, be it the RC4, RSA, sl@0: * lhash, DES, etc., code; not just the SSL code. The SSL documentation sl@0: * included with this distribution is covered by the same copyright terms sl@0: * except that the holder is Tim Hudson (tjh@cryptsoft.com). sl@0: * sl@0: * Copyright remains Eric Young's, and as such any Copyright notices in sl@0: * the code are not to be removed. sl@0: * If this package is used in a product, Eric Young should be given attribution sl@0: * as the author of the parts of the library used. sl@0: * This can be in the form of a textual message at program startup or sl@0: * in documentation (online or textual) provided with the package. sl@0: * sl@0: * Redistribution and use in source and binary forms, with or without sl@0: * modification, are permitted provided that the following conditions sl@0: * are met: sl@0: * 1. Redistributions of source code must retain the copyright sl@0: * notice, this list of conditions and the following disclaimer. sl@0: * 2. Redistributions in binary form must reproduce the above copyright sl@0: * notice, this list of conditions and the following disclaimer in the sl@0: * documentation and/or other materials provided with the distribution. sl@0: * 3. All advertising materials mentioning features or use of this software sl@0: * must display the following acknowledgement: sl@0: * "This product includes cryptographic software written by sl@0: * Eric Young (eay@cryptsoft.com)" sl@0: * The word 'cryptographic' can be left out if the rouines from the library sl@0: * being used are not cryptographic related :-). sl@0: * 4. If you include any Windows specific code (or a derivative thereof) from sl@0: * the apps directory (application code) you must include an acknowledgement: sl@0: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" sl@0: * sl@0: * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND sl@0: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE sl@0: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE sl@0: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE sl@0: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL sl@0: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS sl@0: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) sl@0: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT sl@0: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY sl@0: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF sl@0: * SUCH DAMAGE. sl@0: * sl@0: * The licence and distribution terms for any publically available version or sl@0: * derivative of this code cannot be changed. i.e. this code cannot simply be sl@0: * copied and put under another distribution licence sl@0: * [including the GNU Public Licence.] sl@0: */ sl@0: /* ==================================================================== sl@0: * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. sl@0: * sl@0: * Redistribution and use in source and binary forms, with or without sl@0: * modification, are permitted provided that the following conditions sl@0: * are met: sl@0: * sl@0: * 1. Redistributions of source code must retain the above copyright sl@0: * notice, this list of conditions and the following disclaimer. sl@0: * sl@0: * 2. Redistributions in binary form must reproduce the above copyright sl@0: * notice, this list of conditions and the following disclaimer in sl@0: * the documentation and/or other materials provided with the sl@0: * distribution. sl@0: * sl@0: * 3. All advertising materials mentioning features or use of this sl@0: * software must display the following acknowledgment: sl@0: * "This product includes software developed by the OpenSSL Project sl@0: * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" sl@0: * sl@0: * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to sl@0: * endorse or promote products derived from this software without sl@0: * prior written permission. For written permission, please contact sl@0: * openssl-core@openssl.org. sl@0: * sl@0: * 5. Products derived from this software may not be called "OpenSSL" sl@0: * nor may "OpenSSL" appear in their names without prior written sl@0: * permission of the OpenSSL Project. sl@0: * sl@0: * 6. Redistributions of any form whatsoever must retain the following sl@0: * acknowledgment: sl@0: * "This product includes software developed by the OpenSSL Project sl@0: * for use in the OpenSSL Toolkit (http://www.openssl.org/)" sl@0: * sl@0: * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY sl@0: * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE sl@0: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR sl@0: * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR sl@0: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, sl@0: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT sl@0: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; sl@0: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) sl@0: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, sl@0: * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) sl@0: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED sl@0: * OF THE POSSIBILITY OF SUCH DAMAGE. sl@0: * ==================================================================== sl@0: * sl@0: * This product includes cryptographic software written by Eric Young sl@0: * (eay@cryptsoft.com). This product includes software written by Tim sl@0: * Hudson (tjh@cryptsoft.com). sl@0: * sl@0: */ sl@0: /* ==================================================================== sl@0: * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. sl@0: * sl@0: * Portions of the attached software ("Contribution") are developed by sl@0: * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. sl@0: * sl@0: * The Contribution is licensed pursuant to the OpenSSL open source sl@0: * license provided above. sl@0: * sl@0: * ECC cipher suite support in OpenSSL originally written by sl@0: * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. sl@0: * sl@0: */ sl@0: /* sl@0: © Portions copyright (c) 2006 Nokia Corporation. All rights reserved. sl@0: */ sl@0: sl@0: #include sl@0: #include sl@0: #include "ssl_locl.h" sl@0: #include "kssl_lcl.h" sl@0: #include sl@0: #ifndef OPENSSL_NO_DH sl@0: #include sl@0: #endif sl@0: #include sl@0: sl@0: #if (defined(SYMBIAN) && (defined(__WINSCW__) || defined(__WINS__))) sl@0: #include "libssl_wsd.h" sl@0: #endif sl@0: sl@0: sl@0: #ifdef EMULATOR sl@0: sl@0: GET_STATIC_VAR_FROM_TLS(sslv3_base_method_data,s3_lib,SSL_METHOD) sl@0: sl@0: #define sslv3_base_method_data (*GET_WSD_VAR_NAME(sslv3_base_method_data,s3_lib,s)()) sl@0: sl@0: #endif sl@0: sl@0: const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; sl@0: sl@0: #ifndef EMULATOR sl@0: #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) sl@0: /* #else */ sl@0: /* #define SSL3_NUM_CIPHERS 87 /* Defined in libssl_wsd.h */ sl@0: #endif sl@0: sl@0: sl@0: /* list of available SSLv3 ciphers (sorted by id) */ sl@0: sl@0: #ifdef EMULATOR sl@0: sl@0: GET_GLOBAL_ARRAY_FROM_TLS(ssl3_ciphers,s3_lib,SSL_CIPHER) sl@0: sl@0: #define ssl3_ciphers (GET_WSD_VAR_NAME(ssl3_ciphers,s3_lib,g)()) sl@0: sl@0: #endif sl@0: sl@0: sl@0: #ifndef EMULATOR sl@0: OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ sl@0: #else sl@0: OPENSSL_GLOBAL const SSL_CIPHER temp_ssl3_ciphers[]={ sl@0: #endif sl@0: /* The RSA ciphers */ sl@0: /* Cipher 01 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_RSA_NULL_MD5, sl@0: SSL3_CK_RSA_NULL_MD5, sl@0: SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_STRONG_NONE, sl@0: 0, sl@0: 0, sl@0: 0, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 02 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_RSA_NULL_SHA, sl@0: SSL3_CK_RSA_NULL_SHA, sl@0: SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_STRONG_NONE, sl@0: 0, sl@0: 0, sl@0: 0, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 03 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_RSA_RC4_40_MD5, sl@0: SSL3_CK_RSA_RC4_40_MD5, sl@0: SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_SSLV3, sl@0: SSL_EXPORT|SSL_EXP40, sl@0: 0, sl@0: 40, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 04 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_RSA_RC4_128_MD5, sl@0: SSL3_CK_RSA_RC4_128_MD5, sl@0: SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_MEDIUM, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 05 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_RSA_RC4_128_SHA, sl@0: SSL3_CK_RSA_RC4_128_SHA, sl@0: SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_MEDIUM, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 06 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_RSA_RC2_40_MD5, sl@0: SSL3_CK_RSA_RC2_40_MD5, sl@0: SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_SSLV3, sl@0: SSL_EXPORT|SSL_EXP40, sl@0: 0, sl@0: 40, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 07 */ sl@0: #ifndef OPENSSL_NO_IDEA sl@0: { sl@0: 1, sl@0: SSL3_TXT_RSA_IDEA_128_SHA, sl@0: SSL3_CK_RSA_IDEA_128_SHA, sl@0: SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_MEDIUM, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: #endif sl@0: /* Cipher 08 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_RSA_DES_40_CBC_SHA, sl@0: SSL3_CK_RSA_DES_40_CBC_SHA, sl@0: SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, sl@0: SSL_EXPORT|SSL_EXP40, sl@0: 0, sl@0: 40, sl@0: 56, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 09 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_RSA_DES_64_CBC_SHA, sl@0: SSL3_CK_RSA_DES_64_CBC_SHA, sl@0: SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_LOW, sl@0: 0, sl@0: 56, sl@0: 56, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 0A */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_RSA_DES_192_CBC3_SHA, sl@0: SSL3_CK_RSA_DES_192_CBC3_SHA, sl@0: SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 168, sl@0: 168, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* The DH ciphers */ sl@0: /* Cipher 0B */ sl@0: { sl@0: 0, sl@0: SSL3_TXT_DH_DSS_DES_40_CBC_SHA, sl@0: SSL3_CK_DH_DSS_DES_40_CBC_SHA, sl@0: SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, sl@0: SSL_EXPORT|SSL_EXP40, sl@0: 0, sl@0: 40, sl@0: 56, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 0C */ sl@0: { sl@0: 0, sl@0: SSL3_TXT_DH_DSS_DES_64_CBC_SHA, sl@0: SSL3_CK_DH_DSS_DES_64_CBC_SHA, sl@0: SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_LOW, sl@0: 0, sl@0: 56, sl@0: 56, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 0D */ sl@0: { sl@0: 0, sl@0: SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, sl@0: SSL3_CK_DH_DSS_DES_192_CBC3_SHA, sl@0: SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 168, sl@0: 168, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 0E */ sl@0: { sl@0: 0, sl@0: SSL3_TXT_DH_RSA_DES_40_CBC_SHA, sl@0: SSL3_CK_DH_RSA_DES_40_CBC_SHA, sl@0: SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, sl@0: SSL_EXPORT|SSL_EXP40, sl@0: 0, sl@0: 40, sl@0: 56, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 0F */ sl@0: { sl@0: 0, sl@0: SSL3_TXT_DH_RSA_DES_64_CBC_SHA, sl@0: SSL3_CK_DH_RSA_DES_64_CBC_SHA, sl@0: SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_LOW, sl@0: 0, sl@0: 56, sl@0: 56, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 10 */ sl@0: { sl@0: 0, sl@0: SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, sl@0: SSL3_CK_DH_RSA_DES_192_CBC3_SHA, sl@0: SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 168, sl@0: 168, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* The Ephemeral DH ciphers */ sl@0: /* Cipher 11 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, sl@0: SSL3_CK_EDH_DSS_DES_40_CBC_SHA, sl@0: SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3, sl@0: SSL_EXPORT|SSL_EXP40, sl@0: 0, sl@0: 40, sl@0: 56, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 12 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, sl@0: SSL3_CK_EDH_DSS_DES_64_CBC_SHA, sl@0: SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_LOW, sl@0: 0, sl@0: 56, sl@0: 56, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 13 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, sl@0: SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, sl@0: SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 168, sl@0: 168, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 14 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, sl@0: SSL3_CK_EDH_RSA_DES_40_CBC_SHA, sl@0: SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, sl@0: SSL_EXPORT|SSL_EXP40, sl@0: 0, sl@0: 40, sl@0: 56, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 15 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, sl@0: SSL3_CK_EDH_RSA_DES_64_CBC_SHA, sl@0: SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_LOW, sl@0: 0, sl@0: 56, sl@0: 56, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 16 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, sl@0: SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, sl@0: SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 168, sl@0: 168, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 17 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_ADH_RC4_40_MD5, sl@0: SSL3_CK_ADH_RC4_40_MD5, sl@0: SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, sl@0: SSL_EXPORT|SSL_EXP40, sl@0: 0, sl@0: 40, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 18 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_ADH_RC4_128_MD5, sl@0: SSL3_CK_ADH_RC4_128_MD5, sl@0: SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_MEDIUM, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 19 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_ADH_DES_40_CBC_SHA, sl@0: SSL3_CK_ADH_DES_40_CBC_SHA, sl@0: SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3, sl@0: SSL_EXPORT|SSL_EXP40, sl@0: 0, sl@0: 40, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 1A */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_ADH_DES_64_CBC_SHA, sl@0: SSL3_CK_ADH_DES_64_CBC_SHA, sl@0: SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_LOW, sl@0: 0, sl@0: 56, sl@0: 56, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 1B */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_ADH_DES_192_CBC_SHA, sl@0: SSL3_CK_ADH_DES_192_CBC_SHA, sl@0: SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 168, sl@0: 168, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Fortezza */ sl@0: /* Cipher 1C */ sl@0: { sl@0: 0, sl@0: SSL3_TXT_FZA_DMS_NULL_SHA, sl@0: SSL3_CK_FZA_DMS_NULL_SHA, sl@0: SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_STRONG_NONE, sl@0: 0, sl@0: 0, sl@0: 0, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 1D */ sl@0: { sl@0: 0, sl@0: SSL3_TXT_FZA_DMS_FZA_SHA, sl@0: SSL3_CK_FZA_DMS_FZA_SHA, sl@0: SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_STRONG_NONE, sl@0: 0, sl@0: 0, sl@0: 0, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: #if 0 sl@0: /* Cipher 1E */ sl@0: { sl@0: 0, sl@0: SSL3_TXT_FZA_DMS_RC4_SHA, sl@0: SSL3_CK_FZA_DMS_RC4_SHA, sl@0: SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_MEDIUM, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: #endif sl@0: sl@0: #ifndef OPENSSL_NO_KRB5 sl@0: /* The Kerberos ciphers */ sl@0: /* Cipher 1E */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_KRB5_DES_64_CBC_SHA, sl@0: SSL3_CK_KRB5_DES_64_CBC_SHA, sl@0: SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_LOW, sl@0: 0, sl@0: 56, sl@0: 56, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 1F */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_KRB5_DES_192_CBC3_SHA, sl@0: SSL3_CK_KRB5_DES_192_CBC3_SHA, sl@0: SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 168, sl@0: 168, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 20 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_KRB5_RC4_128_SHA, sl@0: SSL3_CK_KRB5_RC4_128_SHA, sl@0: SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_MEDIUM, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 21 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_KRB5_IDEA_128_CBC_SHA, sl@0: SSL3_CK_KRB5_IDEA_128_CBC_SHA, sl@0: SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_SHA1 |SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_MEDIUM, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 22 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_KRB5_DES_64_CBC_MD5, sl@0: SSL3_CK_KRB5_DES_64_CBC_MD5, sl@0: SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_LOW, sl@0: 0, sl@0: 56, sl@0: 56, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 23 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_KRB5_DES_192_CBC3_MD5, sl@0: SSL3_CK_KRB5_DES_192_CBC3_MD5, sl@0: SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 168, sl@0: 168, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 24 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_KRB5_RC4_128_MD5, sl@0: SSL3_CK_KRB5_RC4_128_MD5, sl@0: SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_MEDIUM, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 25 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_KRB5_IDEA_128_CBC_MD5, sl@0: SSL3_CK_KRB5_IDEA_128_CBC_MD5, sl@0: SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_MD5 |SSL_SSLV3, sl@0: SSL_NOT_EXP|SSL_MEDIUM, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 26 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_KRB5_DES_40_CBC_SHA, sl@0: SSL3_CK_KRB5_DES_40_CBC_SHA, sl@0: SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, sl@0: SSL_EXPORT|SSL_EXP40, sl@0: 0, sl@0: 40, sl@0: 56, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 27 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_KRB5_RC2_40_CBC_SHA, sl@0: SSL3_CK_KRB5_RC2_40_CBC_SHA, sl@0: SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_SHA1 |SSL_SSLV3, sl@0: SSL_EXPORT|SSL_EXP40, sl@0: 0, sl@0: 40, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 28 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_KRB5_RC4_40_SHA, sl@0: SSL3_CK_KRB5_RC4_40_SHA, sl@0: SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, sl@0: SSL_EXPORT|SSL_EXP40, sl@0: 0, sl@0: 40, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 29 */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_KRB5_DES_40_CBC_MD5, sl@0: SSL3_CK_KRB5_DES_40_CBC_MD5, sl@0: SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, sl@0: SSL_EXPORT|SSL_EXP40, sl@0: 0, sl@0: 40, sl@0: 56, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 2A */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_KRB5_RC2_40_CBC_MD5, sl@0: SSL3_CK_KRB5_RC2_40_CBC_MD5, sl@0: SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_MD5 |SSL_SSLV3, sl@0: SSL_EXPORT|SSL_EXP40, sl@0: 0, sl@0: 40, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 2B */ sl@0: { sl@0: 1, sl@0: SSL3_TXT_KRB5_RC4_40_MD5, sl@0: SSL3_CK_KRB5_RC4_40_MD5, sl@0: SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, sl@0: SSL_EXPORT|SSL_EXP40, sl@0: 0, sl@0: 40, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: #endif /* OPENSSL_NO_KRB5 */ sl@0: sl@0: /* New AES ciphersuites */ sl@0: /* Cipher 2F */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_RSA_WITH_AES_128_SHA, sl@0: TLS1_CK_RSA_WITH_AES_128_SHA, sl@0: SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 30 */ sl@0: { sl@0: 0, sl@0: TLS1_TXT_DH_DSS_WITH_AES_128_SHA, sl@0: TLS1_CK_DH_DSS_WITH_AES_128_SHA, sl@0: SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 31 */ sl@0: { sl@0: 0, sl@0: TLS1_TXT_DH_RSA_WITH_AES_128_SHA, sl@0: TLS1_CK_DH_RSA_WITH_AES_128_SHA, sl@0: SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 32 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, sl@0: TLS1_CK_DHE_DSS_WITH_AES_128_SHA, sl@0: SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 33 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, sl@0: TLS1_CK_DHE_RSA_WITH_AES_128_SHA, sl@0: SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 34 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ADH_WITH_AES_128_SHA, sl@0: TLS1_CK_ADH_WITH_AES_128_SHA, sl@0: SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 35 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_RSA_WITH_AES_256_SHA, sl@0: TLS1_CK_RSA_WITH_AES_256_SHA, sl@0: SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 256, sl@0: 256, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 36 */ sl@0: { sl@0: 0, sl@0: TLS1_TXT_DH_DSS_WITH_AES_256_SHA, sl@0: TLS1_CK_DH_DSS_WITH_AES_256_SHA, sl@0: SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 256, sl@0: 256, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 37 */ sl@0: { sl@0: 0, sl@0: TLS1_TXT_DH_RSA_WITH_AES_256_SHA, sl@0: TLS1_CK_DH_RSA_WITH_AES_256_SHA, sl@0: SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 256, sl@0: 256, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 38 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, sl@0: TLS1_CK_DHE_DSS_WITH_AES_256_SHA, sl@0: SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 256, sl@0: 256, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 39 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, sl@0: TLS1_CK_DHE_RSA_WITH_AES_256_SHA, sl@0: SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 256, sl@0: 256, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 3A */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ADH_WITH_AES_256_SHA, sl@0: TLS1_CK_ADH_WITH_AES_256_SHA, sl@0: SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 256, sl@0: 256, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: #ifndef OPENSSL_NO_ECDH sl@0: /* Cipher 47 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, sl@0: TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, sl@0: SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP, sl@0: 0, sl@0: 0, sl@0: 0, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 48 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, sl@0: TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, sl@0: SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 49 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDH_ECDSA_WITH_DES_CBC_SHA, sl@0: TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA, sl@0: SSL_kECDH|SSL_aECDSA|SSL_DES|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_LOW, sl@0: 0, sl@0: 56, sl@0: 56, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 4A */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, sl@0: TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, sl@0: SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 168, sl@0: 168, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 4B */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, sl@0: TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, sl@0: SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 4C */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, sl@0: TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, sl@0: SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 256, sl@0: 256, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 4D */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, sl@0: TLS1_CK_ECDH_RSA_WITH_NULL_SHA, sl@0: SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP, sl@0: 0, sl@0: 0, sl@0: 0, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 4E */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, sl@0: TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, sl@0: SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 4F */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDH_RSA_WITH_DES_CBC_SHA, sl@0: TLS1_CK_ECDH_RSA_WITH_DES_CBC_SHA, sl@0: SSL_kECDH|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_LOW, sl@0: 0, sl@0: 56, sl@0: 56, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 50 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, sl@0: TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, sl@0: SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 168, sl@0: 168, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 51 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, sl@0: TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, sl@0: SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 52 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, sl@0: TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, sl@0: SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 256, sl@0: 256, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 53 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_40_SHA, sl@0: TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_40_SHA, sl@0: SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, sl@0: SSL_EXPORT|SSL_EXP40, sl@0: 0, sl@0: 40, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 54 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_56_SHA, sl@0: TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_56_SHA, sl@0: SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, sl@0: SSL_EXPORT|SSL_EXP56, sl@0: 0, sl@0: 56, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 55 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDH_anon_WITH_NULL_SHA, sl@0: TLS1_CK_ECDH_anon_WITH_NULL_SHA, sl@0: SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP, sl@0: 0, sl@0: 0, sl@0: 0, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 56 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, sl@0: TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, sl@0: SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 57 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDH_anon_WITH_DES_CBC_SHA, sl@0: TLS1_CK_ECDH_anon_WITH_DES_CBC_SHA, sl@0: SSL_kECDHE|SSL_aNULL|SSL_DES|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_LOW, sl@0: 0, sl@0: 56, sl@0: 56, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 58 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, sl@0: TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, sl@0: SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 168, sl@0: 168, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 59 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA, sl@0: TLS1_CK_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA, sl@0: SSL_kECDHE|SSL_aNULL|SSL_DES|SSL_SHA|SSL_TLSV1, sl@0: SSL_EXPORT|SSL_EXP40, sl@0: 0, sl@0: 40, sl@0: 56, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 5A */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDH_anon_EXPORT_WITH_RC4_40_SHA, sl@0: TLS1_CK_ECDH_anon_EXPORT_WITH_RC4_40_SHA, sl@0: SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1, sl@0: SSL_EXPORT|SSL_EXP40, sl@0: 0, sl@0: 40, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 5B */ sl@0: /* XXX NOTE: The ECC/TLS draft has a bug and reuses 4B for this */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA, sl@0: TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA, sl@0: SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, sl@0: SSL_EXPORT|SSL_EXP40, sl@0: 0, sl@0: 40, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 5C */ sl@0: /* XXX NOTE: The ECC/TLS draft has a bug and reuses 4C for this */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA, sl@0: TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA, sl@0: SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, sl@0: SSL_EXPORT|SSL_EXP56, sl@0: 0, sl@0: 56, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: #endif /* OPENSSL_NO_ECDH */ sl@0: sl@0: #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES sl@0: /* New TLS Export CipherSuites from Expired ID */ sl@0: #if 0 sl@0: /* Cipher 60 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, sl@0: TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, sl@0: SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1, sl@0: SSL_EXPORT|SSL_EXP56, sl@0: 0, sl@0: 56, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 61 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, sl@0: TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, sl@0: SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1, sl@0: SSL_EXPORT|SSL_EXP56, sl@0: 0, sl@0: 56, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: #endif sl@0: /* Cipher 62 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, sl@0: TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, sl@0: SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, sl@0: SSL_EXPORT|SSL_EXP56, sl@0: 0, sl@0: 56, sl@0: 56, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 63 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, sl@0: TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, sl@0: SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1, sl@0: SSL_EXPORT|SSL_EXP56, sl@0: 0, sl@0: 56, sl@0: 56, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 64 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, sl@0: TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, sl@0: SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, sl@0: SSL_EXPORT|SSL_EXP56, sl@0: 0, sl@0: 56, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 65 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, sl@0: TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, sl@0: SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, sl@0: SSL_EXPORT|SSL_EXP56, sl@0: 0, sl@0: 56, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: /* Cipher 66 */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, sl@0: TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, sl@0: SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_MEDIUM, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS sl@0: }, sl@0: #endif sl@0: sl@0: sl@0: #ifndef OPENSSL_NO_ECDH sl@0: /* Cipher 77 XXX: ECC ciphersuites offering forward secrecy sl@0: * are not yet specified in the ECC/TLS draft but our code sl@0: * allows them to be implemented very easily. To add such sl@0: * a cipher suite, one needs to add two constant definitions sl@0: * to tls1.h and a new structure in this file as shown below. We sl@0: * illustrate the process for the made-up cipher sl@0: * ECDHE-ECDSA-AES128-SHA. sl@0: */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, sl@0: TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, sl@0: SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: sl@0: /* Cipher 78 XXX: Another made-up ECC cipher suite that sl@0: * offers forward secrecy (ECDHE-RSA-AES128-SHA). sl@0: */ sl@0: { sl@0: 1, sl@0: TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, sl@0: TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, sl@0: SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, sl@0: SSL_NOT_EXP|SSL_HIGH, sl@0: 0, sl@0: 128, sl@0: 128, sl@0: SSL_ALL_CIPHERS, sl@0: SSL_ALL_STRENGTHS, sl@0: }, sl@0: #endif /* !OPENSSL_NO_ECDH */ sl@0: sl@0: /* end of list */ sl@0: }; sl@0: #ifdef EMULATOR sl@0: GET_GLOBAL_VAR_FROM_TLS(SSLv3_enc_data,s3_lib,SSL3_ENC_METHOD) sl@0: sl@0: #define SSLv3_enc_data (GET_WSD_VAR_NAME(SSLv3_enc_data,s3_lib,g)()) sl@0: #endif sl@0: #ifndef EMULATOR sl@0: SSL3_ENC_METHOD SSLv3_enc_data={ sl@0: #else sl@0: const SSL3_ENC_METHOD temp_SSLv3_enc_data={ sl@0: #endif sl@0: ssl3_enc, sl@0: ssl3_mac, sl@0: ssl3_setup_key_block, sl@0: ssl3_generate_master_secret, sl@0: ssl3_change_cipher_state, sl@0: ssl3_final_finish_mac, sl@0: MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, sl@0: ssl3_cert_verify_mac, sl@0: SSL3_MD_CLIENT_FINISHED_CONST,4, sl@0: SSL3_MD_SERVER_FINISHED_CONST,4, sl@0: ssl3_alert_code, sl@0: }; sl@0: sl@0: long ssl3_default_timeout(void) sl@0: { sl@0: /* 2 hours, the 24 hours mentioned in the SSLv3 spec sl@0: * is way too long for http, the cache would over fill */ sl@0: return(60*60*2); sl@0: } sl@0: sl@0: IMPLEMENT_ssl3_meth_func(sslv3_base_method, sl@0: ssl_undefined_function, sl@0: ssl_undefined_function, sl@0: ssl_bad_method) sl@0: sl@0: int ssl3_num_ciphers(void) sl@0: { sl@0: return(SSL3_NUM_CIPHERS); sl@0: } sl@0: sl@0: SSL_CIPHER *ssl3_get_cipher(unsigned int u) sl@0: { sl@0: if (u < SSL3_NUM_CIPHERS) sl@0: return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); sl@0: else sl@0: return(NULL); sl@0: } sl@0: sl@0: int ssl3_pending(const SSL *s) sl@0: { sl@0: if (s->rstate == SSL_ST_READ_BODY) sl@0: return 0; sl@0: sl@0: return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; sl@0: } sl@0: sl@0: int ssl3_new(SSL *s) sl@0: { sl@0: SSL3_STATE *s3; sl@0: sl@0: if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err; sl@0: memset(s3,0,sizeof *s3); sl@0: EVP_MD_CTX_init(&s3->finish_dgst1); sl@0: EVP_MD_CTX_init(&s3->finish_dgst2); sl@0: pq_64bit_init(&(s3->rrec.seq_num)); sl@0: pq_64bit_init(&(s3->wrec.seq_num)); sl@0: sl@0: s->s3=s3; sl@0: sl@0: s->method->ssl_clear(s); sl@0: return(1); sl@0: err: sl@0: return(0); sl@0: } sl@0: sl@0: void ssl3_free(SSL *s) sl@0: { sl@0: if(s == NULL) sl@0: return; sl@0: sl@0: ssl3_cleanup_key_block(s); sl@0: if (s->s3->rbuf.buf != NULL) sl@0: OPENSSL_free(s->s3->rbuf.buf); sl@0: if (s->s3->wbuf.buf != NULL) sl@0: OPENSSL_free(s->s3->wbuf.buf); sl@0: if (s->s3->rrec.comp != NULL) sl@0: OPENSSL_free(s->s3->rrec.comp); sl@0: #ifndef OPENSSL_NO_DH sl@0: if (s->s3->tmp.dh != NULL) sl@0: DH_free(s->s3->tmp.dh); sl@0: #endif sl@0: #ifndef OPENSSL_NO_ECDH sl@0: if (s->s3->tmp.ecdh != NULL) sl@0: EC_KEY_free(s->s3->tmp.ecdh); sl@0: #endif sl@0: sl@0: if (s->s3->tmp.ca_names != NULL) sl@0: sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); sl@0: EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); sl@0: EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); sl@0: pq_64bit_free(&(s->s3->rrec.seq_num)); sl@0: pq_64bit_free(&(s->s3->wrec.seq_num)); sl@0: sl@0: OPENSSL_cleanse(s->s3,sizeof *s->s3); sl@0: OPENSSL_free(s->s3); sl@0: s->s3=NULL; sl@0: } sl@0: sl@0: void ssl3_clear(SSL *s) sl@0: { sl@0: unsigned char *rp,*wp; sl@0: size_t rlen, wlen; sl@0: sl@0: ssl3_cleanup_key_block(s); sl@0: if (s->s3->tmp.ca_names != NULL) sl@0: sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); sl@0: sl@0: if (s->s3->rrec.comp != NULL) sl@0: { sl@0: OPENSSL_free(s->s3->rrec.comp); sl@0: s->s3->rrec.comp=NULL; sl@0: } sl@0: #ifndef OPENSSL_NO_DH sl@0: if (s->s3->tmp.dh != NULL) sl@0: DH_free(s->s3->tmp.dh); sl@0: #endif sl@0: #ifndef OPENSSL_NO_ECDH sl@0: if (s->s3->tmp.ecdh != NULL) sl@0: EC_KEY_free(s->s3->tmp.ecdh); sl@0: #endif sl@0: sl@0: rp = s->s3->rbuf.buf; sl@0: wp = s->s3->wbuf.buf; sl@0: rlen = s->s3->rbuf.len; sl@0: wlen = s->s3->wbuf.len; sl@0: sl@0: EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); sl@0: EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); sl@0: sl@0: memset(s->s3,0,sizeof *s->s3); sl@0: s->s3->rbuf.buf = rp; sl@0: s->s3->wbuf.buf = wp; sl@0: s->s3->rbuf.len = rlen; sl@0: s->s3->wbuf.len = wlen; sl@0: sl@0: ssl_free_wbio_buffer(s); sl@0: sl@0: s->packet_length=0; sl@0: s->s3->renegotiate=0; sl@0: s->s3->total_renegotiations=0; sl@0: s->s3->num_renegotiations=0; sl@0: s->s3->in_read_app_data=0; sl@0: s->version=SSL3_VERSION; sl@0: } sl@0: sl@0: long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) sl@0: { sl@0: int ret=0; sl@0: sl@0: #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) sl@0: if ( sl@0: #ifndef OPENSSL_NO_RSA sl@0: cmd == SSL_CTRL_SET_TMP_RSA || sl@0: cmd == SSL_CTRL_SET_TMP_RSA_CB || sl@0: #endif sl@0: #ifndef OPENSSL_NO_DSA sl@0: cmd == SSL_CTRL_SET_TMP_DH || sl@0: cmd == SSL_CTRL_SET_TMP_DH_CB || sl@0: #endif sl@0: 0) sl@0: { sl@0: if (!ssl_cert_inst(&s->cert)) sl@0: { sl@0: SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); sl@0: return(0); sl@0: } sl@0: } sl@0: #endif sl@0: sl@0: switch (cmd) sl@0: { sl@0: case SSL_CTRL_GET_SESSION_REUSED: sl@0: ret=s->hit; sl@0: break; sl@0: case SSL_CTRL_GET_CLIENT_CERT_REQUEST: sl@0: break; sl@0: case SSL_CTRL_GET_NUM_RENEGOTIATIONS: sl@0: ret=s->s3->num_renegotiations; sl@0: break; sl@0: case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: sl@0: ret=s->s3->num_renegotiations; sl@0: s->s3->num_renegotiations=0; sl@0: break; sl@0: case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: sl@0: ret=s->s3->total_renegotiations; sl@0: break; sl@0: case SSL_CTRL_GET_FLAGS: sl@0: ret=(int)(s->s3->flags); sl@0: break; sl@0: #ifndef OPENSSL_NO_RSA sl@0: case SSL_CTRL_NEED_TMP_RSA: sl@0: if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && sl@0: ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || sl@0: (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))) sl@0: ret = 1; sl@0: break; sl@0: case SSL_CTRL_SET_TMP_RSA: sl@0: { sl@0: RSA *rsa = (RSA *)parg; sl@0: if (rsa == NULL) sl@0: { sl@0: SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); sl@0: return(ret); sl@0: } sl@0: if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) sl@0: { sl@0: SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); sl@0: return(ret); sl@0: } sl@0: if (s->cert->rsa_tmp != NULL) sl@0: RSA_free(s->cert->rsa_tmp); sl@0: s->cert->rsa_tmp = rsa; sl@0: ret = 1; sl@0: } sl@0: break; sl@0: case SSL_CTRL_SET_TMP_RSA_CB: sl@0: { sl@0: SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); sl@0: return(ret); sl@0: } sl@0: break; sl@0: #endif sl@0: #ifndef OPENSSL_NO_DH sl@0: case SSL_CTRL_SET_TMP_DH: sl@0: { sl@0: DH *dh = (DH *)parg; sl@0: if (dh == NULL) sl@0: { sl@0: SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); sl@0: return(ret); sl@0: } sl@0: if ((dh = DHparams_dup(dh)) == NULL) sl@0: { sl@0: SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); sl@0: return(ret); sl@0: } sl@0: if (!(s->options & SSL_OP_SINGLE_DH_USE)) sl@0: { sl@0: if (!DH_generate_key(dh)) sl@0: { sl@0: DH_free(dh); sl@0: SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); sl@0: return(ret); sl@0: } sl@0: } sl@0: if (s->cert->dh_tmp != NULL) sl@0: DH_free(s->cert->dh_tmp); sl@0: s->cert->dh_tmp = dh; sl@0: ret = 1; sl@0: } sl@0: break; sl@0: case SSL_CTRL_SET_TMP_DH_CB: sl@0: { sl@0: SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); sl@0: return(ret); sl@0: } sl@0: break; sl@0: #endif sl@0: #ifndef OPENSSL_NO_ECDH sl@0: case SSL_CTRL_SET_TMP_ECDH: sl@0: { sl@0: EC_KEY *ecdh = NULL; sl@0: sl@0: if (parg == NULL) sl@0: { sl@0: SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); sl@0: return(ret); sl@0: } sl@0: if (!EC_KEY_up_ref((EC_KEY *)parg)) sl@0: { sl@0: SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB); sl@0: return(ret); sl@0: } sl@0: ecdh = (EC_KEY *)parg; sl@0: if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) sl@0: { sl@0: if (!EC_KEY_generate_key(ecdh)) sl@0: { sl@0: EC_KEY_free(ecdh); sl@0: SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB); sl@0: return(ret); sl@0: } sl@0: } sl@0: if (s->cert->ecdh_tmp != NULL) sl@0: EC_KEY_free(s->cert->ecdh_tmp); sl@0: s->cert->ecdh_tmp = ecdh; sl@0: ret = 1; sl@0: } sl@0: break; sl@0: case SSL_CTRL_SET_TMP_ECDH_CB: sl@0: { sl@0: SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); sl@0: return(ret); sl@0: } sl@0: break; sl@0: #endif /* !OPENSSL_NO_ECDH */ sl@0: default: sl@0: break; sl@0: } sl@0: return(ret); sl@0: } sl@0: sl@0: long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) sl@0: { sl@0: int ret=0; sl@0: sl@0: #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) sl@0: if ( sl@0: #ifndef OPENSSL_NO_RSA sl@0: cmd == SSL_CTRL_SET_TMP_RSA_CB || sl@0: #endif sl@0: #ifndef OPENSSL_NO_DSA sl@0: cmd == SSL_CTRL_SET_TMP_DH_CB || sl@0: #endif sl@0: 0) sl@0: { sl@0: if (!ssl_cert_inst(&s->cert)) sl@0: { sl@0: SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); sl@0: return(0); sl@0: } sl@0: } sl@0: #endif sl@0: sl@0: switch (cmd) sl@0: { sl@0: #ifndef OPENSSL_NO_RSA sl@0: case SSL_CTRL_SET_TMP_RSA_CB: sl@0: { sl@0: s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; sl@0: } sl@0: break; sl@0: #endif sl@0: #ifndef OPENSSL_NO_DH sl@0: case SSL_CTRL_SET_TMP_DH_CB: sl@0: { sl@0: s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; sl@0: } sl@0: break; sl@0: #endif sl@0: #ifndef OPENSSL_NO_ECDH sl@0: case SSL_CTRL_SET_TMP_ECDH_CB: sl@0: { sl@0: s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; sl@0: } sl@0: break; sl@0: #endif sl@0: default: sl@0: break; sl@0: } sl@0: return(ret); sl@0: } sl@0: sl@0: long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) sl@0: { sl@0: CERT *cert; sl@0: sl@0: cert=ctx->cert; sl@0: sl@0: switch (cmd) sl@0: { sl@0: #ifndef OPENSSL_NO_RSA sl@0: case SSL_CTRL_NEED_TMP_RSA: sl@0: if ( (cert->rsa_tmp == NULL) && sl@0: ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || sl@0: (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))) sl@0: ) sl@0: return(1); sl@0: else sl@0: return(0); sl@0: /* break; */ sl@0: case SSL_CTRL_SET_TMP_RSA: sl@0: { sl@0: RSA *rsa; sl@0: int i; sl@0: sl@0: rsa=(RSA *)parg; sl@0: i=1; sl@0: if (rsa == NULL) sl@0: i=0; sl@0: else sl@0: { sl@0: if ((rsa=RSAPrivateKey_dup(rsa)) == NULL) sl@0: i=0; sl@0: } sl@0: if (!i) sl@0: { sl@0: SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB); sl@0: return(0); sl@0: } sl@0: else sl@0: { sl@0: if (cert->rsa_tmp != NULL) sl@0: RSA_free(cert->rsa_tmp); sl@0: cert->rsa_tmp=rsa; sl@0: return(1); sl@0: } sl@0: } sl@0: /* break; */ sl@0: case SSL_CTRL_SET_TMP_RSA_CB: sl@0: { sl@0: SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); sl@0: return(0); sl@0: } sl@0: break; sl@0: #endif sl@0: #ifndef OPENSSL_NO_DH sl@0: case SSL_CTRL_SET_TMP_DH: sl@0: { sl@0: DH *new=NULL,*dh; sl@0: sl@0: dh=(DH *)parg; sl@0: if ((new=DHparams_dup(dh)) == NULL) sl@0: { sl@0: SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); sl@0: return 0; sl@0: } sl@0: if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) sl@0: { sl@0: if (!DH_generate_key(new)) sl@0: { sl@0: SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); sl@0: DH_free(new); sl@0: return 0; sl@0: } sl@0: } sl@0: if (cert->dh_tmp != NULL) sl@0: DH_free(cert->dh_tmp); sl@0: cert->dh_tmp=new; sl@0: return 1; sl@0: } sl@0: /*break; */ sl@0: case SSL_CTRL_SET_TMP_DH_CB: sl@0: { sl@0: SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); sl@0: return(0); sl@0: } sl@0: break; sl@0: #endif sl@0: #ifndef OPENSSL_NO_ECDH sl@0: case SSL_CTRL_SET_TMP_ECDH: sl@0: { sl@0: EC_KEY *ecdh = NULL; sl@0: sl@0: if (parg == NULL) sl@0: { sl@0: SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); sl@0: return 0; sl@0: } sl@0: ecdh = EC_KEY_dup((EC_KEY *)parg); sl@0: if (ecdh == NULL) sl@0: { sl@0: SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB); sl@0: return 0; sl@0: } sl@0: if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) sl@0: { sl@0: if (!EC_KEY_generate_key(ecdh)) sl@0: { sl@0: EC_KEY_free(ecdh); sl@0: SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); sl@0: return 0; sl@0: } sl@0: } sl@0: sl@0: if (cert->ecdh_tmp != NULL) sl@0: { sl@0: EC_KEY_free(cert->ecdh_tmp); sl@0: } sl@0: cert->ecdh_tmp = ecdh; sl@0: return 1; sl@0: } sl@0: /* break; */ sl@0: case SSL_CTRL_SET_TMP_ECDH_CB: sl@0: { sl@0: SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); sl@0: return(0); sl@0: } sl@0: break; sl@0: #endif /* !OPENSSL_NO_ECDH */ sl@0: /* A Thawte special :-) */ sl@0: case SSL_CTRL_EXTRA_CHAIN_CERT: sl@0: if (ctx->extra_certs == NULL) sl@0: { sl@0: if ((ctx->extra_certs=sk_X509_new_null()) == NULL) sl@0: return(0); sl@0: } sl@0: sk_X509_push(ctx->extra_certs,(X509 *)parg); sl@0: break; sl@0: sl@0: default: sl@0: return(0); sl@0: } sl@0: return(1); sl@0: } sl@0: sl@0: long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) sl@0: { sl@0: CERT *cert; sl@0: sl@0: cert=ctx->cert; sl@0: sl@0: switch (cmd) sl@0: { sl@0: #ifndef OPENSSL_NO_RSA sl@0: case SSL_CTRL_SET_TMP_RSA_CB: sl@0: { sl@0: cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; sl@0: } sl@0: break; sl@0: #endif sl@0: #ifndef OPENSSL_NO_DH sl@0: case SSL_CTRL_SET_TMP_DH_CB: sl@0: { sl@0: cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; sl@0: } sl@0: break; sl@0: #endif sl@0: #ifndef OPENSSL_NO_ECDH sl@0: case SSL_CTRL_SET_TMP_ECDH_CB: sl@0: { sl@0: cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; sl@0: } sl@0: break; sl@0: #endif sl@0: default: sl@0: return(0); sl@0: } sl@0: return(1); sl@0: } sl@0: sl@0: /* This function needs to check if the ciphers required are actually sl@0: * available */ sl@0: SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) sl@0: { sl@0: SSL_CIPHER c,*cp; sl@0: unsigned long id; sl@0: sl@0: id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; sl@0: c.id=id; sl@0: cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c, sl@0: (char *)ssl3_ciphers, sl@0: SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER), sl@0: FP_ICC ssl_cipher_id_cmp); sl@0: if (cp == NULL || cp->valid == 0) sl@0: return NULL; sl@0: else sl@0: return cp; sl@0: } sl@0: sl@0: int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) sl@0: { sl@0: long l; sl@0: sl@0: if (p != NULL) sl@0: { sl@0: l=c->id; sl@0: if ((l & 0xff000000) != 0x03000000) return(0); sl@0: p[0]=((unsigned char)(l>> 8L))&0xFF; sl@0: p[1]=((unsigned char)(l ))&0xFF; sl@0: } sl@0: return(2); sl@0: } sl@0: sl@0: SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, sl@0: STACK_OF(SSL_CIPHER) *srvr) sl@0: { sl@0: SSL_CIPHER *c,*ret=NULL; sl@0: STACK_OF(SSL_CIPHER) *prio, *allow; sl@0: int i,j,ok; sl@0: sl@0: CERT *cert; sl@0: unsigned long alg,mask,emask; sl@0: sl@0: /* Let's see which ciphers we can support */ sl@0: cert=s->cert; sl@0: sl@0: #if 0 sl@0: /* Do not set the compare functions, because this may lead to a sl@0: * reordering by "id". We want to keep the original ordering. sl@0: * We may pay a price in performance during sk_SSL_CIPHER_find(), sl@0: * but would have to pay with the price of sk_SSL_CIPHER_dup(). sl@0: */ sl@0: sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp); sl@0: sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp); sl@0: #endif sl@0: sl@0: #ifdef CIPHER_DEBUG sl@0: printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr); sl@0: for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i) sl@0: { sl@0: c=sk_SSL_CIPHER_value(srvr,i); sl@0: printf("%p:%s\n",c,c->name); sl@0: } sl@0: printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt); sl@0: for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i) sl@0: { sl@0: c=sk_SSL_CIPHER_value(clnt,i); sl@0: printf("%p:%s\n",c,c->name); sl@0: } sl@0: #endif sl@0: sl@0: if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) sl@0: { sl@0: prio = srvr; sl@0: allow = clnt; sl@0: } sl@0: else sl@0: { sl@0: prio = clnt; sl@0: allow = srvr; sl@0: } sl@0: sl@0: for (i=0; imask; sl@0: emask=cert->export_mask; sl@0: sl@0: #ifdef KSSL_DEBUG sl@0: printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms); sl@0: #endif /* KSSL_DEBUG */ sl@0: sl@0: alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); sl@0: #ifndef OPENSSL_NO_KRB5 sl@0: if (alg & SSL_KRB5) sl@0: { sl@0: if ( !kssl_keytab_is_available(s->kssl_ctx) ) sl@0: continue; sl@0: } sl@0: #endif /* OPENSSL_NO_KRB5 */ sl@0: if (SSL_C_IS_EXPORT(c)) sl@0: { sl@0: ok=((alg & emask) == alg)?1:0; sl@0: #ifdef CIPHER_DEBUG sl@0: printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask, sl@0: c,c->name); sl@0: #endif sl@0: } sl@0: else sl@0: { sl@0: ok=((alg & mask) == alg)?1:0; sl@0: #ifdef CIPHER_DEBUG sl@0: printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c, sl@0: c->name); sl@0: #endif sl@0: } sl@0: sl@0: if (!ok) continue; sl@0: j=sk_SSL_CIPHER_find(allow,c); sl@0: if (j >= 0) sl@0: { sl@0: ret=sk_SSL_CIPHER_value(allow,j); sl@0: break; sl@0: } sl@0: } sl@0: return(ret); sl@0: } sl@0: sl@0: int ssl3_get_req_cert_type(SSL *s, unsigned char *p) sl@0: { sl@0: int ret=0; sl@0: unsigned long alg; sl@0: sl@0: alg=s->s3->tmp.new_cipher->algorithms; sl@0: sl@0: #ifndef OPENSSL_NO_DH sl@0: if (alg & (SSL_kDHr|SSL_kEDH)) sl@0: { sl@0: # ifndef OPENSSL_NO_RSA sl@0: p[ret++]=SSL3_CT_RSA_FIXED_DH; sl@0: # endif sl@0: # ifndef OPENSSL_NO_DSA sl@0: p[ret++]=SSL3_CT_DSS_FIXED_DH; sl@0: # endif sl@0: } sl@0: if ((s->version == SSL3_VERSION) && sl@0: (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) sl@0: { sl@0: # ifndef OPENSSL_NO_RSA sl@0: p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; sl@0: # endif sl@0: # ifndef OPENSSL_NO_DSA sl@0: p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH; sl@0: # endif sl@0: } sl@0: #endif /* !OPENSSL_NO_DH */ sl@0: #ifndef OPENSSL_NO_RSA sl@0: p[ret++]=SSL3_CT_RSA_SIGN; sl@0: #endif sl@0: #ifndef OPENSSL_NO_DSA sl@0: p[ret++]=SSL3_CT_DSS_SIGN; sl@0: #endif sl@0: #ifndef OPENSSL_NO_ECDH sl@0: /* We should ask for fixed ECDH certificates only sl@0: * for SSL_kECDH (and not SSL_kECDHE) sl@0: */ sl@0: if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION)) sl@0: { sl@0: p[ret++]=TLS_CT_RSA_FIXED_ECDH; sl@0: p[ret++]=TLS_CT_ECDSA_FIXED_ECDH; sl@0: } sl@0: #endif sl@0: sl@0: #ifndef OPENSSL_NO_ECDSA sl@0: /* ECDSA certs can be used with RSA cipher suites as well sl@0: * so we don't need to check for SSL_kECDH or SSL_kECDHE sl@0: */ sl@0: if (s->version >= TLS1_VERSION) sl@0: { sl@0: p[ret++]=TLS_CT_ECDSA_SIGN; sl@0: } sl@0: #endif sl@0: return(ret); sl@0: } sl@0: sl@0: int ssl3_shutdown(SSL *s) sl@0: { sl@0: sl@0: /* Don't do anything much if we have not done the handshake or sl@0: * we don't want to send messages :-) */ sl@0: if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) sl@0: { sl@0: s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); sl@0: return(1); sl@0: } sl@0: sl@0: if (!(s->shutdown & SSL_SENT_SHUTDOWN)) sl@0: { sl@0: s->shutdown|=SSL_SENT_SHUTDOWN; sl@0: #if 1 sl@0: ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY); sl@0: #endif sl@0: /* our shutdown alert has been sent now, and if it still needs sl@0: * to be written, s->s3->alert_dispatch will be true */ sl@0: } sl@0: else if (s->s3->alert_dispatch) sl@0: { sl@0: /* resend it if not sent */ sl@0: #if 1 sl@0: s->method->ssl_dispatch_alert(s); sl@0: #endif sl@0: } sl@0: else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) sl@0: { sl@0: /* If we are waiting for a close from our peer, we are closed */ sl@0: s->method->ssl_read_bytes(s,0,NULL,0,0); sl@0: } sl@0: sl@0: if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && sl@0: !s->s3->alert_dispatch) sl@0: return(1); sl@0: else sl@0: return(0); sl@0: } sl@0: sl@0: int ssl3_write(SSL *s, const void *buf, int len) sl@0: { sl@0: int ret,n; sl@0: sl@0: #if 0 sl@0: if (s->shutdown & SSL_SEND_SHUTDOWN) sl@0: { sl@0: s->rwstate=SSL_NOTHING; sl@0: return(0); sl@0: } sl@0: #endif sl@0: clear_sys_error(); sl@0: if (s->s3->renegotiate) ssl3_renegotiate_check(s); sl@0: sl@0: /* This is an experimental flag that sends the sl@0: * last handshake message in the same packet as the first sl@0: * use data - used to see if it helps the TCP protocol during sl@0: * session-id reuse */ sl@0: /* The second test is because the buffer may have been removed */ sl@0: if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) sl@0: { sl@0: /* First time through, we write into the buffer */ sl@0: if (s->s3->delay_buf_pop_ret == 0) sl@0: { sl@0: ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, sl@0: buf,len); sl@0: if (ret <= 0) return(ret); sl@0: sl@0: s->s3->delay_buf_pop_ret=ret; sl@0: } sl@0: sl@0: s->rwstate=SSL_WRITING; sl@0: n=BIO_flush(s->wbio); sl@0: if (n <= 0) return(n); sl@0: s->rwstate=SSL_NOTHING; sl@0: sl@0: /* We have flushed the buffer, so remove it */ sl@0: ssl_free_wbio_buffer(s); sl@0: s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; sl@0: sl@0: ret=s->s3->delay_buf_pop_ret; sl@0: s->s3->delay_buf_pop_ret=0; sl@0: } sl@0: else sl@0: { sl@0: ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA, sl@0: buf,len); sl@0: if (ret <= 0) return(ret); sl@0: } sl@0: sl@0: return(ret); sl@0: } sl@0: sl@0: static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) sl@0: { sl@0: int ret; sl@0: sl@0: clear_sys_error(); sl@0: if (s->s3->renegotiate) ssl3_renegotiate_check(s); sl@0: s->s3->in_read_app_data=1; sl@0: ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); sl@0: if ((ret == -1) && (s->s3->in_read_app_data == 2)) sl@0: { sl@0: /* ssl3_read_bytes decided to call s->handshake_func, which sl@0: * called ssl3_read_bytes to read handshake data. sl@0: * However, ssl3_read_bytes actually found application data sl@0: * and thinks that application data makes sense here; so disable sl@0: * handshake processing and try to read application data again. */ sl@0: s->in_handshake++; sl@0: ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); sl@0: s->in_handshake--; sl@0: } sl@0: else sl@0: s->s3->in_read_app_data=0; sl@0: sl@0: return(ret); sl@0: } sl@0: sl@0: int ssl3_read(SSL *s, void *buf, int len) sl@0: { sl@0: return ssl3_read_internal(s, buf, len, 0); sl@0: } sl@0: sl@0: int ssl3_peek(SSL *s, void *buf, int len) sl@0: { sl@0: return ssl3_read_internal(s, buf, len, 1); sl@0: } sl@0: sl@0: int ssl3_renegotiate(SSL *s) sl@0: { sl@0: if (s->handshake_func == NULL) sl@0: return(1); sl@0: sl@0: if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) sl@0: return(0); sl@0: sl@0: s->s3->renegotiate=1; sl@0: return(1); sl@0: } sl@0: sl@0: int ssl3_renegotiate_check(SSL *s) sl@0: { sl@0: int ret=0; sl@0: sl@0: if (s->s3->renegotiate) sl@0: { sl@0: if ( (s->s3->rbuf.left == 0) && sl@0: (s->s3->wbuf.left == 0) && sl@0: !SSL_in_init(s)) sl@0: { sl@0: /* sl@0: if we are the server, and we have sent a 'RENEGOTIATE' message, we sl@0: need to go to SSL_ST_ACCEPT. sl@0: */ sl@0: /* SSL_ST_ACCEPT */ sl@0: s->state=SSL_ST_RENEGOTIATE; sl@0: s->s3->renegotiate=0; sl@0: s->s3->num_renegotiations++; sl@0: s->s3->total_renegotiations++; sl@0: ret=1; sl@0: } sl@0: } sl@0: return(ret); sl@0: } sl@0: