Updates to the new SSL compression code

[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

Fix so that the version number in the master secret, when passed
     via RSA, checks that if TLS was proposed, but we roll back to SSLv3
     (because the server will not accept higher), that the version number
     is 0x03,0x01, not 0x03,0x00
     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

Submitted by:
Reviewed by:
PR:
This commit is contained in:
Mark J. Cox 1999-02-16 09:22:21 +00:00
parent a8236c8c32
commit 413c4f45ed
25 changed files with 965 additions and 502 deletions

View file

@ -5,6 +5,15 @@
Changes between 0.9.1c and 0.9.2
*) Updates to the new SSL compression code
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
*) Fix so that the version number in the master secret, when passed
via RSA, checks that if TLS was proposed, but we roll back to SSLv3
(because the server will not accept higher), that the version number
is 0x03,0x01, not 0x03,0x00
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
*) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory
leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes
in apps/ and an unrellated leak in crypto/dsa/dsa_vrf.c

View file

@ -136,6 +136,13 @@ SSL *s;
case SSL_ST_BEFORE|SSL_ST_CONNECT:
case SSL_ST_OK|SSL_ST_CONNECT:
if (s->session != NULL)
{
SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE);
ret= -1;
goto end;
}
s->server=0;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
/* s->version=TLS1_VERSION; */
@ -161,7 +168,7 @@ SSL *s;
ssl3_init_finished_mac(s);
s->state=SSL23_ST_CW_CLNT_HELLO_A;
s->ctx->sess_connect++;
s->ctx->stats.sess_connect++;
s->init_num=0;
break;
@ -238,16 +245,19 @@ SSL *s;
{
*(d++)=TLS1_VERSION_MAJOR;
*(d++)=TLS1_VERSION_MINOR;
s->client_version=TLS1_VERSION;
}
else if (!(s->options & SSL_OP_NO_SSLv3))
{
*(d++)=SSL3_VERSION_MAJOR;
*(d++)=SSL3_VERSION_MINOR;
s->client_version=SSL3_VERSION;
}
else if (!(s->options & SSL_OP_NO_SSLv2))
{
*(d++)=SSL2_VERSION_MAJOR;
*(d++)=SSL2_VERSION_MINOR;
s->client_version=SSL2_VERSION;
}
else
{

View file

@ -76,7 +76,7 @@ SSL *s;
{
s->rwstate=SSL_WRITING;
i=BIO_write(s->wbio,&(buf[tot]),num);
if (i < 0)
if (i <= 0)
{
s->init_off=tot;
s->init_num=num;

View file

@ -134,6 +134,7 @@ SSL *s;
case SSL_ST_BEFORE|SSL_ST_ACCEPT:
case SSL_ST_OK|SSL_ST_ACCEPT:
s->server=1;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
/* s->version=SSL3_VERSION; */
@ -157,7 +158,7 @@ SSL *s;
ssl3_init_finished_mac(s);
s->state=SSL23_ST_SR_CLNT_HELLO_A;
s->ctx->sess_accept++;
s->ctx->stats.sess_accept++;
s->init_num=0;
break;
@ -203,8 +204,10 @@ SSL *s;
unsigned int csl,sil,cl;
int n=0,j,tls1=0;
int type=0,use_sslv2_strong=0;
int v[2];
/* read the initial header */
v[0]=v[1]=0;
if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
{
if (!ssl3_setup_buffers(s)) goto err;
@ -221,12 +224,14 @@ SSL *s;
/* SSLv2 header */
if ((p[3] == 0x00) && (p[4] == 0x02))
{
v[0]=p[3]; v[1]=p[4];
/* SSLv2 */
if (!(s->options & SSL_OP_NO_SSLv2))
type=1;
}
else if (p[3] == SSL3_VERSION_MAJOR)
{
v[0]=p[3]; v[1]=p[4];
/* SSLv3/TLSv1 */
if (p[4] >= TLS1_VERSION_MINOR)
{
@ -307,6 +312,7 @@ SSL *s;
(p[1] == SSL3_VERSION_MAJOR) &&
(p[5] == SSL3_MT_CLIENT_HELLO))
{
v[0]=p[1]; v[1]=p[2];
/* true SSLv3 or tls1 */
if (p[2] >= TLS1_VERSION_MINOR)
{
@ -486,6 +492,7 @@ next_bit:
s->version=SSL3_VERSION;
s->method=SSLv3_server_method();
}
s->client_version=(v[0]<<8)|v[1];
s->handshake_func=s->method->ssl_accept;
}

View file

@ -146,6 +146,7 @@ SSL *s;
case SSL_ST_BEFORE|SSL_ST_CONNECT:
case SSL_ST_OK|SSL_ST_CONNECT:
s->server=0;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
s->version=SSL2_VERSION;
@ -166,7 +167,7 @@ SSL *s;
s->init_buf=buf;
s->init_num=0;
s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
s->ctx->sess_connect++;
s->ctx->stats.sess_connect++;
s->handshake_func=ssl2_connect;
BREAK;
@ -249,8 +250,11 @@ SSL *s;
break;
case SSL_ST_OK:
BUF_MEM_free(s->init_buf);
s->init_buf=NULL;
if (s->init_buf != NULL)
{
BUF_MEM_free(s->init_buf);
s->init_buf=NULL;
}
s->init_num=0;
/* ERR_clear_error();*/
@ -261,11 +265,11 @@ SSL *s;
*/
ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
if (s->hit) s->ctx->sess_hit++;
if (s->hit) s->ctx->stats.sess_hit++;
ret=1;
/* s->server=0; */
s->ctx->sess_connect_good++;
s->ctx->stats.sess_connect_good++;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
@ -538,7 +542,7 @@ SSL *s;
if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A)
{
if (!ssl_cipher_get_evp(s->session->cipher,&c,&md))
if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
{
ssl2_return_error(s,SSL2_PE_NO_CIPHER);
SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);

View file

@ -69,7 +69,7 @@ int client;
EVP_MD *md;
int num;
if (!ssl_cipher_get_evp(s->session->cipher,&c,&md))
if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
{
ssl2_return_error(s,SSL2_PE_NO_CIPHER);
SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);

View file

@ -155,6 +155,7 @@ SSL *s;
case SSL_ST_BEFORE|SSL_ST_ACCEPT:
case SSL_ST_OK|SSL_ST_ACCEPT:
s->server=1;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
s->version=SSL2_VERSION;
@ -168,7 +169,7 @@ SSL *s;
{ ret= -1; goto end; }
s->init_buf=buf;
s->init_num=0;
s->ctx->sess_accept++;
s->ctx->stats.sess_accept++;
s->handshake_func=ssl2_accept;
s->state=SSL2_ST_GET_CLIENT_HELLO_A;
BREAK;
@ -295,13 +296,14 @@ SSL *s;
case SSL_ST_OK:
BUF_MEM_free(s->init_buf);
ssl_free_wbio_buffer(s);
s->init_buf=NULL;
s->init_num=0;
/* ERR_clear_error();*/
ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
s->ctx->sess_accept_good++;
s->ctx->stats.sess_accept_good++;
/* s->server=1; */
ret=1;
@ -336,9 +338,6 @@ static int get_client_master_key(s)
SSL *s;
{
int export,i,n,keya,ek;
#if 0
int error=0;
#endif
unsigned char *p;
SSL_CIPHER *cp;
EVP_CIPHER *c;
@ -404,7 +403,7 @@ SSL *s;
export=(s->session->cipher->algorithms & SSL_EXP)?1:0;
if (!ssl_cipher_get_evp(s->session->cipher,&c,&md))
if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
{
ssl2_return_error(s,SSL2_PE_NO_CIPHER);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);

View file

@ -134,7 +134,6 @@ SSL *s;
long num1;
void (*cb)()=NULL;
int ret= -1;
BIO *under;
int new_state,state,skip=0;;
RAND_seed(&Time,sizeof(Time));
@ -158,13 +157,14 @@ SSL *s;
case SSL_ST_RENEGOTIATE:
s->new_session=1;
s->state=SSL_ST_CONNECT;
s->ctx->sess_connect_renegotiate++;
s->ctx->stats.sess_connect_renegotiate++;
/* break */
case SSL_ST_BEFORE:
case SSL_ST_CONNECT:
case SSL_ST_BEFORE|SSL_ST_CONNECT:
case SSL_ST_OK|SSL_ST_CONNECT:
s->server=0;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
if ((s->version & 0xff00 ) != 0x0300)
@ -197,7 +197,7 @@ SSL *s;
ssl3_init_finished_mac(s);
s->state=SSL3_ST_CW_CLNT_HELLO_A;
s->ctx->sess_connect++;
s->ctx->stats.sess_connect++;
s->init_num=0;
break;
@ -326,6 +326,11 @@ SSL *s;
s->init_num=0;
s->session->cipher=s->s3->tmp.new_cipher;
if (s->s3->tmp.new_compression == NULL)
s->session->compress_meth=0;
else
s->session->compress_meth=
s->s3->tmp.new_compression->id;
if (!s->method->ssl3_enc->setup_key_block(s))
{
ret= -1;
@ -401,33 +406,28 @@ SSL *s;
/* clean a few things up */
ssl3_cleanup_key_block(s);
BUF_MEM_free(s->init_buf);
s->init_buf=NULL;
if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
if (s->init_buf != NULL)
{
/* remove buffering */
under=BIO_pop(s->wbio);
if (under != NULL)
s->wbio=under;
else
abort(); /* ok */
BIO_free(s->bbio);
s->bbio=NULL;
BUF_MEM_free(s->init_buf);
s->init_buf=NULL;
}
/* else do it later */
/* If we are not 'joining' the last two packets,
* remove the buffering now */
if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
ssl_free_wbio_buffer(s);
/* else do it later in ssl3_write */
s->init_num=0;
s->new_session=0;
ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
if (s->hit) s->ctx->sess_hit++;
if (s->hit) s->ctx->stats.sess_hit++;
ret=1;
/* s->server=0; */
s->handshake_func=ssl3_connect;
s->ctx->sess_connect_good++;
s->ctx->stats.sess_connect_good++;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
@ -473,8 +473,9 @@ SSL *s;
{
unsigned char *buf;
unsigned char *p,*d;
int i;
int i,j;
unsigned long Time,l;
SSL_COMP *comp;
buf=(unsigned char *)s->init_buf->data;
if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
@ -498,6 +499,7 @@ SSL *s;
*(p++)=s->version>>8;
*(p++)=s->version&0xff;
s->client_version=s->version;
/* Random stuff */
memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
@ -525,10 +527,18 @@ SSL *s;
s2n(i,p);
p+=i;
/* hardwire in the NULL compression algorithm. */
/* COMPRESSION */
*(p++)=1;
*(p++)=0;
if (s->ctx->comp_methods == NULL)
j=0;
else
j=sk_num(s->ctx->comp_methods);
*(p++)=1+j;
for (i=0; i<j; i++)
{
comp=(SSL_COMP *)sk_value(s->ctx->comp_methods,i);
*(p++)=comp->id;
}
*(p++)=0; /* Add the NULL method */
l=(p-d);
d=buf;
@ -556,6 +566,7 @@ SSL *s;
int i,al,ok;
unsigned int j;
long n;
SSL_COMP *comp;
n=ssl3_get_message(s,
SSL3_ST_CR_SRVR_HELLO_A,
@ -649,12 +660,21 @@ SSL *s;
/* lets get the compression algorithm */
/* COMPRESSION */
j= *(p++);
if (j != 0)
if (j == 0)
comp=NULL;
else
comp=ssl3_comp_find(s->ctx->comp_methods,j);
if ((j != 0) && (comp == NULL))
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
goto f_err;
}
else
{
s->s3->tmp.new_compression=comp;
}
if (p != (d+n))
{
@ -996,6 +1016,7 @@ SSL *s;
/* else anonymous DH, so no certificate or pkey. */
s->session->cert->dh_tmp=dh;
dh=NULL;
}
else if ((alg & SSL_kDHr) || (alg & SSL_kDHd))
{
@ -1326,8 +1347,8 @@ SSL *s;
rsa=pkey->pkey.rsa;
}
tmp_buf[0]=s->version>>8;
tmp_buf[1]=s->version&0xff;
tmp_buf[0]=s->client_version>>8;
tmp_buf[1]=s->client_version&0xff;
RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;

View file

@ -144,7 +144,10 @@ int which;
exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
c=s->s3->tmp.new_sym_enc;
m=s->s3->tmp.new_hash;
comp=s->s3->tmp.new_compression;
if (s->s3->tmp.new_compression == NULL)
comp=NULL;
else
comp=s->s3->tmp.new_compression->method;
key_block=s->s3->tmp.key_block;
if (which & SSL3_CC_READ)
@ -169,8 +172,9 @@ int which;
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err2;
}
s->s3->rrec.comp=(unsigned char *)
Malloc(SSL3_RT_MAX_PLAIN_LENGTH);
if (s->s3->rrec.comp == NULL)
s->s3->rrec.comp=(unsigned char *)
Malloc(SSL3_RT_MAX_PLAIN_LENGTH);
if (s->s3->rrec.comp == NULL)
goto err;
}
@ -280,11 +284,12 @@ SSL *s;
EVP_CIPHER *c;
EVP_MD *hash;
int num,exp;
SSL_COMP *comp;
if (s->s3->tmp.key_block_length != 0)
return(1);
if (!ssl_cipher_get_evp(s->session->cipher,&c,&hash))
if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
{
SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
return(0);
@ -292,11 +297,7 @@ SSL *s;
s->s3->tmp.new_sym_enc=c;
s->s3->tmp.new_hash=hash;
#ifdef ZLIB
s->s3->tmp.new_compression=COMP_zlib();
#endif
/* s->s3->tmp.new_compression=COMP_rle(); */
/* s->session->compress_meth= xxxxx */
s->s3->tmp.new_compression=comp;
exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
@ -454,7 +455,7 @@ unsigned char *p;
unsigned char md_buf[EVP_MAX_MD_SIZE];
EVP_MD_CTX ctx;
memcpy(&ctx,in_ctx,sizeof(EVP_MD_CTX));
EVP_MD_CTX_copy(&ctx,in_ctx);
n=EVP_MD_CTX_size(&ctx);
npad=(48/n)*n;

View file

@ -486,6 +486,12 @@ SSL *s;
if (s->s3->tmp.ca_names != NULL)
sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
if (s->s3->rrec.comp != NULL)
{
Free(s->s3->rrec.comp);
s->s3->rrec.comp=NULL;
}
rp=s->s3->rbuf.buf;
wp=s->s3->wbuf.buf;
@ -493,11 +499,7 @@ SSL *s;
if (rp != NULL) s->s3->rbuf.buf=rp;
if (wp != NULL) s->s3->wbuf.buf=wp;
if (s->s3->rrec.comp != NULL)
{
Free(s->s3->rrec.comp);
s->s3->rrec.comp=NULL;
}
ssl_free_wbio_buffer(s);
s->packet_length=0;
s->s3->renegotiate=0;
@ -844,7 +846,6 @@ const char *buf;
int len;
{
int ret,n;
BIO *under;
#if 0
if (s->shutdown & SSL_SEND_SHUTDOWN)
@ -878,15 +879,12 @@ int len;
if (n <= 0) return(n);
s->rwstate=SSL_NOTHING;
/* We have flushed the buffer */
under=BIO_pop(s->wbio);
s->wbio=under;
BIO_free(s->bbio);
s->bbio=NULL;
/* We have flushed the buffer, so remove it */
ssl_free_wbio_buffer(s);
s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
ret=s->s3->delay_buf_pop_ret;
s->s3->delay_buf_pop_ret=0;
s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
}
else
{
@ -987,4 +985,3 @@ need to go to SSL_ST_ACCEPT.
return(ret);
}

View file

@ -872,7 +872,9 @@ start:
if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
{
s->state=SSL_ST_BEFORE;
s->state=SSL_ST_BEFORE|(s->server)
?SSL_ST_ACCEPT
:SSL_ST_CONNECT;
s->new_session=1;
}
n=s->handshake_func(s);

View file

@ -135,7 +135,6 @@ SSL *s;
long num1;
int ret= -1;
CERT *ct;
BIO *under;
int new_state,state,skip=0;
RAND_seed(&Time,sizeof(Time));
@ -178,6 +177,7 @@ SSL *s;
case SSL_ST_BEFORE|SSL_ST_ACCEPT:
case SSL_ST_OK|SSL_ST_ACCEPT:
s->server=1;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
if ((s->version>>8) != 3)
@ -217,11 +217,11 @@ SSL *s;
{
s->state=SSL3_ST_SR_CLNT_HELLO_A;
ssl3_init_finished_mac(s);
s->ctx->sess_accept++;
s->ctx->stats.sess_accept++;
}
else
{
s->ctx->sess_accept_renegotiate++;
s->ctx->stats.sess_accept_renegotiate++;
s->state=SSL3_ST_SW_HELLO_REQ_A;
}
break;
@ -240,15 +240,6 @@ SSL *s;
break;
case SSL3_ST_SW_HELLO_REQ_C:
/* remove buffering on output */
under=BIO_pop(s->wbio);
if (under != NULL)
s->wbio=under;
else
abort(); /* ok */
BIO_free(s->bbio);
s->bbio=NULL;
s->state=SSL_ST_OK;
ret=1;
goto end;
@ -480,20 +471,14 @@ SSL *s;
s->init_buf=NULL;
/* remove buffering on output */
under=BIO_pop(s->wbio);
if (under != NULL)
s->wbio=under;
else
abort(); /* ok */
BIO_free(s->bbio);
s->bbio=NULL;
ssl_free_wbio_buffer(s);
s->new_session=0;
s->init_num=0;
ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
s->ctx->sess_accept_good++;
s->ctx->stats.sess_accept_good++;
/* s->server=1; */
s->handshake_func=ssl3_accept;
ret=1;
@ -567,8 +552,9 @@ SSL *s;
int i,j,ok,al,ret= -1;
long n;
unsigned long id;
unsigned char *p,*d;
unsigned char *p,*d,*q;
SSL_CIPHER *c;
SSL_COMP *comp=NULL;
STACK *ciphers=NULL;
/* We do this so that we will respond with our native type.
@ -595,6 +581,7 @@ SSL *s;
/* The version number has already been checked in ssl3_get_message.
* I a native TLSv1/SSLv3 method, the match must be correct except
* perhaps for the first message */
/* s->client_version=(((int)p[0])<<8)|(int)p[1]; */
p+=2;
/* load the client random */
@ -653,9 +640,16 @@ SSL *s;
j=0;
id=s->session->cipher->id;
#ifdef CIPHER_DEBUG
printf("client sent %d ciphers\n",sk_num(ciphers));
#endif
for (i=0; i<sk_num(ciphers); i++)
{
c=(SSL_CIPHER *)sk_value(ciphers,i);
#ifdef CIPHER_DEBUG
printf("client [%2d of %2d]:%s\n",
i,sk_num(ciphers),SSL_CIPHER_get_name(c));
#endif
if (c->id == id)
{
j=1;
@ -683,8 +677,11 @@ SSL *s;
/* compression */
i= *(p++);
q=p;
for (j=0; j<i; j++)
{
if (p[j] == 0) break;
}
p+=i;
if (j >= i)
@ -695,6 +692,35 @@ SSL *s;
goto f_err;
}
/* Worst case, we will use the NULL compression, but if we have other
* options, we will now look for them. We have i-1 compression
* algorithms from the client, starting at q. */
s->s3->tmp.new_compression=NULL;
if (s->ctx->comp_methods != NULL)
{ /* See if we have a match */
int m,nn,o,v,done=0;
nn=sk_num(s->ctx->comp_methods);
for (m=0; m<nn; m++)
{
comp=(SSL_COMP *)sk_value(s->ctx->comp_methods,m);
v=comp->id;
for (o=0; o<i; o++)
{
if (v == q[o])
{
done=1;
break;
}
}
if (done) break;
}
if (done)
s->s3->tmp.new_compression=comp;
else
comp=NULL;
}
/* TLS does not mind if there is extra stuff */
if (s->version == SSL3_VERSION)
{
@ -708,13 +734,12 @@ SSL *s;
}
}
/* do nothing with compression */
/* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must
* pick a cipher */
if (!s->hit)
{
s->session->compress_meth=(comp == NULL)?0:comp->id;
if (s->session->ciphers != NULL)
sk_free(s->session->ciphers);
s->session->ciphers=ciphers;
@ -835,7 +860,10 @@ SSL *s;
p+=i;
/* put the compression method */
*(p++)=0;
if (s->s3->tmp.new_compression == NULL)
*(p++)=0;
else
*(p++)=s->s3->tmp.new_compression->id;
/* do the header */
l=(p-d);
@ -1266,13 +1294,26 @@ SSL *s;
#if 1
/* If a bad decrypt, use a random master key */
if ((i != SSL_MAX_MASTER_KEY_LENGTH) ||
((p[0] != (s->version>>8)) ||
(p[1] != (s->version & 0xff))))
((p[0] != (s->client_version>>8)) ||
(p[1] != (s->client_version & 0xff))))
{
p[0]=(s->version>>8);
p[1]=(s->version & 0xff);
RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
i=SSL_MAX_MASTER_KEY_LENGTH;
int bad=1;
if ((i == SSL_MAX_MASTER_KEY_LENGTH) &&
(p[0] == (s->version>>8)) &&
(p[1] == 0))
{
if (s->options & SSL_OP_TLS_ROLLBACK_BUG)
bad=0;
}
if (bad)
{
p[0]=(s->version>>8);
p[1]=(s->version & 0xff);
RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
i=SSL_MAX_MASTER_KEY_LENGTH;
}
/* else, an SSLeay bug, ssl only server, tls client */
}
#else
if (i != SSL_MAX_MASTER_KEY_LENGTH)

View file

@ -65,52 +65,55 @@
#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
#define SSL_F_SSL_CERT_NEW 162
#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
#define SSL_F_SSL_CREATE_CIPHER_LIST 164
#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 165
#define SSL_F_SSL_CTX_NEW 166
#define SSL_F_SSL_CTX_SET_SSL_VERSION 167
#define SSL_F_SSL_CTX_USE_CERTIFICATE 168
#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 169
#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 170
#define SSL_F_SSL_CTX_USE_PRIVATEKEY 171
#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 172
#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 173
#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 174
#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 175
#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 176
#define SSL_F_SSL_DO_HANDSHAKE 177
#define SSL_F_SSL_GET_NEW_SESSION 178
#define SSL_F_SSL_GET_SERVER_SEND_CERT 179
#define SSL_F_SSL_GET_SIGN_PKEY 180
#define SSL_F_SSL_INIT_WBIO_BUFFER 181
#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 182
#define SSL_F_SSL_NEW 183
#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 184
#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 185
#define SSL_F_SSL_SESSION_NEW 186
#define SSL_F_SSL_SESSION_PRINT_FP 187
#define SSL_F_SSL_SET_CERT 188
#define SSL_F_SSL_SET_FD 189
#define SSL_F_SSL_SET_PKEY 190
#define SSL_F_SSL_SET_RFD 191
#define SSL_F_SSL_SET_SESSION 192
#define SSL_F_SSL_SET_WFD 193
#define SSL_F_SSL_UNDEFINED_FUNCTION 194
#define SSL_F_SSL_USE_CERTIFICATE 195
#define SSL_F_SSL_USE_CERTIFICATE_ASN1 196
#define SSL_F_SSL_USE_CERTIFICATE_FILE 197
#define SSL_F_SSL_USE_PRIVATEKEY 198
#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 199
#define SSL_F_SSL_USE_PRIVATEKEY_FILE 200
#define SSL_F_SSL_USE_RSAPRIVATEKEY 201
#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 202
#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 203
#define SSL_F_SSL_VERIFY_CERT_CHAIN 204
#define SSL_F_SSL_WRITE 205
#define SSL_F_TLS1_CHANGE_CIPHER_STATE 206
#define SSL_F_TLS1_ENC 207
#define SSL_F_TLS1_SETUP_KEY_BLOCK 208
#define SSL_F_WRITE_PENDING 209
#define SSL_F_SSL_CLEAR 164
#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
#define SSL_F_SSL_CREATE_CIPHER_LIST 166
#define SSL_F_SSL_CTX_ADD_COMPRESSION 167
#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
#define SSL_F_SSL_CTX_NEW 169
#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
#define SSL_F_SSL_CTX_USE_CERTIFICATE 171
#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176
#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177
#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178
#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
#define SSL_F_SSL_DO_HANDSHAKE 180
#define SSL_F_SSL_GET_NEW_SESSION 181
#define SSL_F_SSL_GET_SERVER_SEND_CERT 182
#define SSL_F_SSL_GET_SIGN_PKEY 183
#define SSL_F_SSL_INIT_WBIO_BUFFER 184
#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
#define SSL_F_SSL_NEW 186
#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
#define SSL_F_SSL_SESSION_NEW 189
#define SSL_F_SSL_SESSION_PRINT_FP 190
#define SSL_F_SSL_SET_CERT 191
#define SSL_F_SSL_SET_FD 192
#define SSL_F_SSL_SET_PKEY 193
#define SSL_F_SSL_SET_RFD 194
#define SSL_F_SSL_SET_SESSION 195
#define SSL_F_SSL_SET_WFD 196
#define SSL_F_SSL_UNDEFINED_FUNCTION 197
#define SSL_F_SSL_USE_CERTIFICATE 198
#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199
#define SSL_F_SSL_USE_CERTIFICATE_FILE 200
#define SSL_F_SSL_USE_PRIVATEKEY 201
#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202
#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203
#define SSL_F_SSL_USE_RSAPRIVATEKEY 204
#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205
#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206
#define SSL_F_SSL_VERIFY_CERT_CHAIN 207
#define SSL_F_SSL_WRITE 208
#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
#define SSL_F_TLS1_ENC 210
#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
#define SSL_F_WRITE_PENDING 212
/* Reason codes. */
#define SSL_R_APP_DATA_IN_HANDSHAKE 100
@ -201,39 +204,41 @@
#define SSL_R_NO_CIPHER_MATCH 185
#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
#define SSL_R_NO_COMPRESSION_SPECIFIED 187
#define SSL_R_NO_PRIVATEKEY 188
#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 189
#define SSL_R_NO_PROTOCOLS_AVAILABLE 190
#define SSL_R_NO_PUBLICKEY 191
#define SSL_R_NO_SHARED_CIPHER 192
#define SSL_R_NO_VERIFY_CALLBACK 193
#define SSL_R_NULL_SSL_CTX 194
#define SSL_R_NULL_SSL_METHOD_PASSED 195
#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 196
#define SSL_R_PACKET_LENGTH_TOO_LONG 197
#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 198
#define SSL_R_PEER_ERROR 199
#define SSL_R_PEER_ERROR_CERTIFICATE 200
#define SSL_R_PEER_ERROR_NO_CERTIFICATE 201
#define SSL_R_PEER_ERROR_NO_CIPHER 202
#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 203
#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 204
#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 205
#define SSL_R_PROTOCOL_IS_SHUTDOWN 206
#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 207
#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 208
#define SSL_R_PUBLIC_KEY_NOT_RSA 209
#define SSL_R_READ_BIO_NOT_SET 210
#define SSL_R_READ_WRONG_PACKET_TYPE 211
#define SSL_R_RECORD_LENGTH_MISMATCH 212
#define SSL_R_RECORD_TOO_LARGE 213
#define SSL_R_REQUIRED_CIPHER_MISSING 214
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 215
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 216
#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 217
#define SSL_R_SHORT_READ 218
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 219
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 220
#define SSL_R_NO_METHOD_SPECIFIED 188
#define SSL_R_NO_PRIVATEKEY 189
#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
#define SSL_R_NO_PROTOCOLS_AVAILABLE 191
#define SSL_R_NO_PUBLICKEY 192
#define SSL_R_NO_SHARED_CIPHER 193
#define SSL_R_NO_VERIFY_CALLBACK 194
#define SSL_R_NULL_SSL_CTX 195
#define SSL_R_NULL_SSL_METHOD_PASSED 196
#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
#define SSL_R_PACKET_LENGTH_TOO_LONG 198
#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
#define SSL_R_PEER_ERROR 200
#define SSL_R_PEER_ERROR_CERTIFICATE 201
#define SSL_R_PEER_ERROR_NO_CERTIFICATE 202
#define SSL_R_PEER_ERROR_NO_CIPHER 203
#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204
#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205
#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206
#define SSL_R_PROTOCOL_IS_SHUTDOWN 207
#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208
#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209
#define SSL_R_PUBLIC_KEY_NOT_RSA 210
#define SSL_R_READ_BIO_NOT_SET 211
#define SSL_R_READ_WRONG_PACKET_TYPE 212
#define SSL_R_RECORD_LENGTH_MISMATCH 213
#define SSL_R_RECORD_TOO_LARGE 214
#define SSL_R_REQUIRED_CIPHER_MISSING 215
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
#define SSL_R_SHORT_READ 219
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
@ -243,17 +248,17 @@
#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 221
#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 222
#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 223
#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 224
#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 223
#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 224
#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 225
#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 226
#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 225
#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 227
#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 226
#define SSL_R_SSL_HANDSHAKE_FAILURE 227
#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 228
#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 229
#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
#define SSL_R_SSL_HANDSHAKE_FAILURE 229
#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
@ -266,41 +271,41 @@
#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
#define SSL_R_TLSV1_ALERT_USER_CANCLED 1090
#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 230
#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 231
#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 232
#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 233
#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 234
#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 235
#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 236
#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 237
#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 238
#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 239
#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 240
#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 241
#define SSL_R_UNEXPECTED_MESSAGE 242
#define SSL_R_UNEXPECTED_RECORD 243
#define SSL_R_UNKNOWN_ALERT_TYPE 244
#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 245
#define SSL_R_UNKNOWN_CIPHER_RETURNED 246
#define SSL_R_UNKNOWN_CIPHER_TYPE 247
#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 248
#define SSL_R_UNKNOWN_PKEY_TYPE 249
#define SSL_R_UNKNOWN_PROTOCOL 250
#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 251
#define SSL_R_UNKNOWN_SSL_VERSION 252
#define SSL_R_UNKNOWN_STATE 253
#define SSL_R_UNSUPPORTED_CIPHER 254
#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 255
#define SSL_R_UNSUPPORTED_PROTOCOL 256
#define SSL_R_UNSUPPORTED_SSL_VERSION 257
#define SSL_R_WRITE_BIO_NOT_SET 258
#define SSL_R_WRONG_CIPHER_RETURNED 259
#define SSL_R_WRONG_MESSAGE_TYPE 260
#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 261
#define SSL_R_WRONG_SIGNATURE_LENGTH 262
#define SSL_R_WRONG_SIGNATURE_SIZE 263
#define SSL_R_WRONG_SSL_VERSION 264
#define SSL_R_WRONG_VERSION_NUMBER 265
#define SSL_R_X509_LIB 266
#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 267
#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237
#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238
#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240
#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241
#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
#define SSL_R_UNEXPECTED_MESSAGE 244
#define SSL_R_UNEXPECTED_RECORD 245
#define SSL_R_UNKNOWN_ALERT_TYPE 246
#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247
#define SSL_R_UNKNOWN_CIPHER_RETURNED 248
#define SSL_R_UNKNOWN_CIPHER_TYPE 249
#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
#define SSL_R_UNKNOWN_PKEY_TYPE 251
#define SSL_R_UNKNOWN_PROTOCOL 252
#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253
#define SSL_R_UNKNOWN_SSL_VERSION 254
#define SSL_R_UNKNOWN_STATE 255
#define SSL_R_UNSUPPORTED_CIPHER 256
#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
#define SSL_R_UNSUPPORTED_PROTOCOL 258
#define SSL_R_UNSUPPORTED_SSL_VERSION 259
#define SSL_R_WRITE_BIO_NOT_SET 260
#define SSL_R_WRONG_CIPHER_RETURNED 261
#define SSL_R_WRONG_MESSAGE_TYPE 262
#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
#define SSL_R_WRONG_SIGNATURE_LENGTH 264
#define SSL_R_WRONG_SIGNATURE_SIZE 265
#define SSL_R_WRONG_SSL_VERSION 266
#define SSL_R_WRONG_VERSION_NUMBER 267
#define SSL_R_X509_LIB 268
#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269

501
ssl/ssl.h
View file

@ -1,3 +1,15 @@
#define SSL_CTX_sess_set_new_cb(ctx,cb) ((ctx)->new_session_cb=(cb))
#define SSL_CTX_sess_get_new_cb(ctx) ((ctx)->new_session_cb)
#define SSL_CTX_sess_set_remove_cb(ctx,cb) ((ctx)->remove_session_cb=(cb))
#define SSL_CTX_sess_get_remove_cb(ctx) ((ctx)->remove_session_cb)
#define SSL_CTX_sess_set_get_cb(ctx,cb) ((ctx)->get_session_cb=(cb))
#define SSL_CTX_sess_get_get_cb(ctx) ((ctx)->get_session_cb)
#define SSL_CTX_set_info_callback(ctx,cb) ((ctx)->info_callback=(cb))
#define SSL_CTX_get_info_callback(ctx) ((ctx)->info_callback)
#define SSL_CTX_set_client_cert_cb(ctx,cb) ((ctx)->client_cert_cb=(cb))
#define SSL_CTX_get_client_cert_cb(ctx) ((ctx)->client_cert_cb)
/* ssl/ssl.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
@ -193,6 +205,7 @@ typedef struct ssl_method_st
struct ssl_method_st *(*get_ssl_method)(int version);
long (*get_timeout)(void);
struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
int (*ssl_version)();
} SSL_METHOD;
/* Lets make this into an ASN.1 type structure as follows
@ -238,11 +251,7 @@ typedef struct ssl_session_st
long timeout;
long time;
#ifdef HEADER_COMP_H
COMP_CTX *compress_meth;
#else
char *compress_meth;
#endif
int compress_meth; /* Need to lookup the method */
SSL_CIPHER *cipher;
unsigned long cipher_id; /* when ASN.1 loaded, this
@ -267,6 +276,7 @@ typedef struct ssl_session_st
#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
#define SSL_OP_TLS_D5_BUG 0x00000100L
#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
#define SSL_OP_TLS_ROLLBACK_BUG 0x00000400L
/* If set, only use tmp_dh parameters once */
#define SSL_OP_SINGLE_DH_USE 0x00100000L
@ -282,22 +292,32 @@ typedef struct ssl_session_st
#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x80000000L
#define SSL_OP_ALL 0x000FFFFFL
#define SSL_CTX_set_options(ctx,op) ((ctx)->options|=(op))
#define SSL_set_options(ssl,op) ((ssl)->options|=(op))
#define SSL_CTX_set_options(ctx,op) \
SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,op,NULL)
#define SSL_CTX_get_options(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,0,NULL)
#define SSL_set_options(ssl,op) \
SSL_ctrl(ctx,SSL_CTRL_OPTIONS,0,NULL)
#define SSL_get_options(ssl) \
SSL_ctrl(ctx,SSL_CTRL_OPTIONS,0,NULL)
#define SSL_OP_NO_SSLv2 0x01000000L
#define SSL_OP_NO_SSLv3 0x02000000L
#define SSL_OP_NO_TLSv1 0x04000000L
/* Normally you will only use these if your application wants to use
* the certificate store in other places, perhaps PKCS7 */
#define SSL_CTX_get_cert_store(ctx) ((ctx)->cert_store)
#define SSL_CTX_set_cert_store(ctx,cs) \
(X509_STORE_free((ctx)->cert_store),(ctx)->cert_store=(cs))
#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20)
typedef struct ssl_comp_st
{
int id;
char *name;
#ifdef HEADER_COMP_H
COMP_METHOD *method;
#else
char *method;
#endif
} SSL_COMP;
struct ssl_ctx_st
{
SSL_METHOD *method;
@ -347,46 +367,50 @@ struct ssl_ctx_st
SSL_SESSION *(*get_session_cb)();
#endif
int sess_connect; /* SSL new connection - started */
int sess_connect_renegotiate;/* SSL renegotiatene - requested */
int sess_connect_good; /* SSL new connection/renegotiate - finished */
int sess_accept; /* SSL new accept - started */
int sess_accept_renegotiate;/* SSL renegotiatene - requested */
int sess_accept_good; /* SSL accept/renegotiate - finished */
int sess_miss; /* session lookup misses */
int sess_timeout; /* session reuse attempt on timeouted session */
int sess_cache_full; /* session removed due to full cache */
int sess_hit; /* session reuse actually done */
int sess_cb_hit; /* session-id that was not in the cache was
* passed back via the callback. This
* indicates that the application is supplying
* session-id's from other processes -
* spooky :-) */
struct
{
int sess_connect; /* SSL new conn - started */
int sess_connect_renegotiate;/* SSL reneg - requested */
int sess_connect_good; /* SSL new conne/reneg - finished */
int sess_accept; /* SSL new accept - started */
int sess_accept_renegotiate;/* SSL reneg - requested */
int sess_accept_good; /* SSL accept/reneg - finished */
int sess_miss; /* session lookup misses */
int sess_timeout; /* reuse attempt on timeouted session */
int sess_cache_full; /* session removed due to full cache */
int sess_hit; /* session reuse actually done */
int sess_cb_hit; /* session-id that was not
* in the cache was
* passed back via the callback. This
* indicates that the application is
* supplying session-id's from other
* processes - spooky :-) */
} stats;
int references;
void (*info_callback)();
/**/ void (*info_callback)();
/* if defined, these override the X509_verify_cert() calls */
int (*app_verify_callback)();
char *app_verify_arg;
/**/ int (*app_verify_callback)();
/**/ char *app_verify_arg;
/* default values to use in SSL structures */
struct cert_st /* CERT */ *default_cert;
int default_read_ahead;
int default_verify_mode;
int (*default_verify_callback)();
/**/ struct cert_st /* CERT */ *default_cert;
/**/ int read_ahead;
/**/ int verify_mode;
/**/ int (*default_verify_callback)();
/* Default password callback. */
int (*default_passwd_callback)();
/**/ int (*default_passwd_callback)();
/* get client cert callback */
int (*client_cert_cb)(/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */);
/**/ int (*client_cert_cb)(/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */);
/* what we put in client requests */
STACK *client_CA;
int quiet_shutdown;
/**/ int quiet_shutdown;
CRYPTO_EX_DATA ex_data;
@ -395,6 +419,7 @@ struct ssl_ctx_st
EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */
STACK *extra_certs;
STACK *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
};
#define SSL_SESS_CACHE_OFF 0x0000
@ -407,41 +432,30 @@ struct ssl_ctx_st
* defined, this will still get called. */
#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
#define SSL_CTX_sessions(ctx) ((ctx)->sessions)
/* You will need to include lhash.h to access the following #define */
#define SSL_CTX_sess_number(ctx) ((ctx)->sessions->num_items)
#define SSL_CTX_sess_connect(ctx) ((ctx)->sess_connect)
#define SSL_CTX_sess_connect_good(ctx) ((ctx)->sess_connect_good)
#define SSL_CTX_sess_accept(ctx) ((ctx)->sess_accept)
#define SSL_CTX_sess_accept_renegotiate(ctx) ((ctx)->sess_accept_renegotiate)
#define SSL_CTX_sess_connect_renegotiate(ctx) ((ctx)->sess_connect_renegotiate)
#define SSL_CTX_sess_accept_good(ctx) ((ctx)->sess_accept_good)
#define SSL_CTX_sess_hits(ctx) ((ctx)->sess_hit)
#define SSL_CTX_sess_cb_hits(ctx) ((ctx)->sess_cb_hit)
#define SSL_CTX_sess_misses(ctx) ((ctx)->sess_miss)
#define SSL_CTX_sess_timeouts(ctx) ((ctx)->sess_timeout)
#define SSL_CTX_sess_cache_full(ctx) ((ctx)->sess_cache_full)
#define SSL_CTX_sess_set_cache_size(ctx,t) ((ctx)->session_cache_size=(t))
#define SSL_CTX_sess_get_cache_size(ctx) ((ctx)->session_cache_size)
#define SSL_CTX_sess_set_new_cb(ctx,cb) ((ctx)->new_session_cb=(cb))
#define SSL_CTX_sess_get_new_cb(ctx) ((ctx)->new_session_cb)
#define SSL_CTX_sess_set_remove_cb(ctx,cb) ((ctx)->remove_session_cb=(cb))
#define SSL_CTX_sess_get_remove_cb(ctx) ((ctx)->remove_session_cb)
#define SSL_CTX_sess_set_get_cb(ctx,cb) ((ctx)->get_session_cb=(cb))
#define SSL_CTX_sess_get_get_cb(ctx) ((ctx)->get_session_cb)
#define SSL_CTX_set_session_cache_mode(ctx,m) ((ctx)->session_cache_mode=(m))
#define SSL_CTX_get_session_cache_mode(ctx) ((ctx)->session_cache_mode)
#define SSL_CTX_set_timeout(ctx,t) ((ctx)->session_timeout=(t))
#define SSL_CTX_get_timeout(ctx) ((ctx)->session_timeout)
#define SSL_CTX_set_info_callback(ctx,cb) ((ctx)->info_callback=(cb))
#define SSL_CTX_get_info_callback(ctx) ((ctx)->info_callback)
#define SSL_CTX_set_default_read_ahead(ctx,m) (((ctx)->default_read_ahead)=(m))
#define SSL_CTX_set_client_cert_cb(ctx,cb) ((ctx)->client_cert_cb=(cb))
#define SSL_CTX_get_client_cert_cb(ctx) ((ctx)->client_cert_cb)
#define SSL_CTX_sess_number(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
#define SSL_CTX_sess_connect(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
#define SSL_CTX_sess_connect_good(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
#define SSL_CTX_sess_connect_renegotiate(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
#define SSL_CTX_sess_accept(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
#define SSL_CTX_sess_accept_renegotiate(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
#define SSL_CTX_sess_accept_good(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
#define SSL_CTX_sess_hits(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
#define SSL_CTX_sess_cb_hits(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
#define SSL_CTX_sess_misses(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
#define SSL_CTX_sess_timeouts(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
#define SSL_CTX_sess_cache_full(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
#define SSL_NOTHING 1
#define SSL_WRITING 2
@ -449,11 +463,10 @@ struct ssl_ctx_st
#define SSL_X509_LOOKUP 4
/* These will only be used when doing non-blocking IO */
#define SSL_want(s) ((s)->rwstate)
#define SSL_want_nothing(s) ((s)->rwstate == SSL_NOTHING)
#define SSL_want_read(s) ((s)->rwstate == SSL_READING)
#define SSL_want_write(s) ((s)->rwstate == SSL_WRITING)
#define SSL_want_x509_lookup(s) ((s)->rwstate == SSL_X509_LOOKUP)
#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
#define SSL_want_read(s) (SSL_want(s) == SSL_READING)
#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
struct ssl_st
{
@ -490,7 +503,7 @@ struct ssl_st
int in_handshake;
int (*handshake_func)();
/* int server;*/ /* are we the server side? */
int server; /* are we the server side? - mostly used by SSL_clear*/
int new_session;/* 1 if we are to use a new session */
int quiet_shutdown;/* don't send shutdown packets */
@ -569,6 +582,8 @@ struct ssl_st
int references;
unsigned long options;
int first_packet;
int client_version; /* what was passed, used for
* SSLv3/TLS rolback check */
};
#include "ssl2.h"
@ -634,6 +649,8 @@ struct ssl_st
#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
#define SSL_VERIFY_CLIENT_ONCE 0x04
#define SSLeay_add_ssl_algorithms() SSL_library_init()
/* this is for backward compatablility */
#if 0 /* NEW_SSLEAY */
#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
@ -726,8 +743,29 @@ struct ssl_st
#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 9
#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 10
#define SSL_CTRL_GET_FLAGS 11
#define SSL_CTRL_EXTRA_CHAIN_CERT 12
#define SSL_CTRL_EXTRA_CHAIN_CERT 11
/* Stats */
#define SSL_CTRL_SESS_NUMBER 20
#define SSL_CTRL_SESS_CONNECT 21
#define SSL_CTRL_SESS_CONNECT_GOOD 22
#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23
#define SSL_CTRL_SESS_ACCEPT 24
#define SSL_CTRL_SESS_ACCEPT_GOOD 25
#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26
#define SSL_CTRL_SESS_HIT 27
#define SSL_CTRL_SESS_CB_HIT 28
#define SSL_CTRL_SESS_MISSES 29
#define SSL_CTRL_SESS_TIMEOUTS 30
#define SSL_CTRL_SESS_CACHE_FULL 31
#define SSL_CTRL_OPTIONS 32
#define SSL_CTRL_GET_READ_AHEAD 40
#define SSL_CTRL_SET_READ_AHEAD 41
#define SSL_CTRL_SET_SESS_CACHE_SIZE 42
#define SSL_CTRL_GET_SESS_CACHE_SIZE 43
#define SSL_CTRL_SET_SESS_CACHE_MODE 44
#define SSL_CTRL_GET_SESS_CACHE_MODE 45
#define SSL_session_reused(ssl) \
SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
@ -763,7 +801,13 @@ void BIO_ssl_shutdown(BIO *ssl_bio);
int SSL_CTX_set_cipher_list(SSL_CTX *,char *str);
SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
void SSL_CTX_free(SSL_CTX *);
void SSL_clear(SSL *s);
long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
long SSL_CTX_get_timeout(SSL_CTX *ctx);
X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *);
void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
int SSL_want(SSL *s);
int SSL_clear(SSL *s);
void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
SSL_CIPHER *SSL_get_current_cipher(SSL *s);
@ -796,7 +840,7 @@ int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
int SSL_use_certificate(SSL *ssl, X509 *x);
int SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d);
int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
#ifndef NO_STDIO
int SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type);
@ -860,7 +904,6 @@ int SSL_CTX_check_private_key(SSL_CTX *ctx);
int SSL_check_private_key(SSL *ctx);
SSL * SSL_new(SSL_CTX *ctx);
void SSL_clear(SSL *s);
void SSL_free(SSL *ssl);
int SSL_accept(SSL *ssl);
int SSL_connect(SSL *ssl);
@ -917,7 +960,7 @@ void SSL_set_accept_state(SSL *s);
long SSL_get_default_timeout(SSL *s);
void SSLeay_add_ssl_algorithms(void );
int SSL_library_init(void );
char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
STACK *SSL_dup_CA_list(STACK *sk);
@ -962,6 +1005,22 @@ int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
int SSL_get_ex_data_X509_STORE_CTX_idx(void );
#define SSL_CTX_sess_set_cache_size(ctx,t) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
#define SSL_CTX_sess_get_cache_size(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
#define SSL_CTX_set_session_cache_mode(ctx,m) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
#define SSL_CTX_get_session_cache_mode(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
#define SSL_CTX_get_read_ahead(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
#define SSL_CTX_set_read_ahead(ctx,m) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,0,NULL)
/* For the next 2, the callbacks are
* RSA *tmp_rsa_cb(SSL *ssl,int export)
* DH *tmp_dh_cb(SSL *ssl,int export)
@ -970,6 +1029,12 @@ void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
RSA *(*cb)(SSL *ssl,int export));
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export));
#ifdef HEADER_COMP_H
int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
#else
int SSL_COMP_add_compression_method(int id,char *cm);
#endif
#else
BIO_METHOD *BIO_f_ssl();
@ -979,6 +1044,12 @@ BIO *BIO_new_buffer_ssl_connect();
int BIO_ssl_copy_session_id();
void BIO_ssl_shutdown();
long SSL_CTX_set_timeout();
long SSL_CTX_get_timeout();
X509_STORE *SSL_CTX_get_cert_store();
void SSL_CTX_set_cert_store();
int SSL_want();
int SSL_CTX_set_cipher_list();
SSL_CTX *SSL_CTX_new();
void SSL_CTX_free();
@ -1134,7 +1205,7 @@ void SSL_set_accept_state();
long SSL_get_default_timeout();
void SSLeay_add_ssl_algorithms();
int SSL_library_init();
char *SSL_CIPHER_description();
STACK *SSL_dup_CA_list();
@ -1178,6 +1249,7 @@ char *SSL_CTX_get_ex_data();
int SSL_CTX_get_ex_new_index();
int SSL_get_ex_data_X509_STORE_CTX_idx();
int SSL_COMP_add_compression_method();
/* For the next 2, the callbacks are
* RSA *tmp_rsa_cb(SSL *ssl,int export)
@ -1258,52 +1330,55 @@ void SSL_CTX_set_tmp_dh_callback();
#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
#define SSL_F_SSL_CERT_NEW 162
#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
#define SSL_F_SSL_CREATE_CIPHER_LIST 164
#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 165
#define SSL_F_SSL_CTX_NEW 166
#define SSL_F_SSL_CTX_SET_SSL_VERSION 167
#define SSL_F_SSL_CTX_USE_CERTIFICATE 168
#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 169
#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 170
#define SSL_F_SSL_CTX_USE_PRIVATEKEY 171
#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 172
#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 173
#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 174
#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 175
#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 176
#define SSL_F_SSL_DO_HANDSHAKE 177
#define SSL_F_SSL_GET_NEW_SESSION 178
#define SSL_F_SSL_GET_SERVER_SEND_CERT 179
#define SSL_F_SSL_GET_SIGN_PKEY 180
#define SSL_F_SSL_INIT_WBIO_BUFFER 181
#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 182
#define SSL_F_SSL_NEW 183
#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 184
#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 185
#define SSL_F_SSL_SESSION_NEW 186
#define SSL_F_SSL_SESSION_PRINT_FP 187
#define SSL_F_SSL_SET_CERT 188
#define SSL_F_SSL_SET_FD 189
#define SSL_F_SSL_SET_PKEY 190
#define SSL_F_SSL_SET_RFD 191
#define SSL_F_SSL_SET_SESSION 192
#define SSL_F_SSL_SET_WFD 193
#define SSL_F_SSL_UNDEFINED_FUNCTION 194
#define SSL_F_SSL_USE_CERTIFICATE 195
#define SSL_F_SSL_USE_CERTIFICATE_ASN1 196
#define SSL_F_SSL_USE_CERTIFICATE_FILE 197
#define SSL_F_SSL_USE_PRIVATEKEY 198
#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 199
#define SSL_F_SSL_USE_PRIVATEKEY_FILE 200
#define SSL_F_SSL_USE_RSAPRIVATEKEY 201
#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 202
#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 203
#define SSL_F_SSL_VERIFY_CERT_CHAIN 204
#define SSL_F_SSL_WRITE 205
#define SSL_F_TLS1_CHANGE_CIPHER_STATE 206
#define SSL_F_TLS1_ENC 207
#define SSL_F_TLS1_SETUP_KEY_BLOCK 208
#define SSL_F_WRITE_PENDING 209
#define SSL_F_SSL_CLEAR 164
#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
#define SSL_F_SSL_CREATE_CIPHER_LIST 166
#define SSL_F_SSL_CTX_ADD_COMPRESSION 167
#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
#define SSL_F_SSL_CTX_NEW 169
#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
#define SSL_F_SSL_CTX_USE_CERTIFICATE 171
#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176
#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177
#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178
#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
#define SSL_F_SSL_DO_HANDSHAKE 180
#define SSL_F_SSL_GET_NEW_SESSION 181
#define SSL_F_SSL_GET_SERVER_SEND_CERT 182
#define SSL_F_SSL_GET_SIGN_PKEY 183
#define SSL_F_SSL_INIT_WBIO_BUFFER 184
#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
#define SSL_F_SSL_NEW 186
#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
#define SSL_F_SSL_SESSION_NEW 189
#define SSL_F_SSL_SESSION_PRINT_FP 190
#define SSL_F_SSL_SET_CERT 191
#define SSL_F_SSL_SET_FD 192
#define SSL_F_SSL_SET_PKEY 193
#define SSL_F_SSL_SET_RFD 194
#define SSL_F_SSL_SET_SESSION 195
#define SSL_F_SSL_SET_WFD 196
#define SSL_F_SSL_UNDEFINED_FUNCTION 197
#define SSL_F_SSL_USE_CERTIFICATE 198
#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199
#define SSL_F_SSL_USE_CERTIFICATE_FILE 200
#define SSL_F_SSL_USE_PRIVATEKEY 201
#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202
#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203
#define SSL_F_SSL_USE_RSAPRIVATEKEY 204
#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205
#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206
#define SSL_F_SSL_VERIFY_CERT_CHAIN 207
#define SSL_F_SSL_WRITE 208
#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
#define SSL_F_TLS1_ENC 210
#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
#define SSL_F_WRITE_PENDING 212
/* Reason codes. */
#define SSL_R_APP_DATA_IN_HANDSHAKE 100
@ -1394,39 +1469,41 @@ void SSL_CTX_set_tmp_dh_callback();
#define SSL_R_NO_CIPHER_MATCH 185
#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
#define SSL_R_NO_COMPRESSION_SPECIFIED 187
#define SSL_R_NO_PRIVATEKEY 188
#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 189
#define SSL_R_NO_PROTOCOLS_AVAILABLE 190
#define SSL_R_NO_PUBLICKEY 191
#define SSL_R_NO_SHARED_CIPHER 192
#define SSL_R_NO_VERIFY_CALLBACK 193
#define SSL_R_NULL_SSL_CTX 194
#define SSL_R_NULL_SSL_METHOD_PASSED 195
#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 196
#define SSL_R_PACKET_LENGTH_TOO_LONG 197
#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 198
#define SSL_R_PEER_ERROR 199
#define SSL_R_PEER_ERROR_CERTIFICATE 200
#define SSL_R_PEER_ERROR_NO_CERTIFICATE 201
#define SSL_R_PEER_ERROR_NO_CIPHER 202
#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 203
#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 204
#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 205
#define SSL_R_PROTOCOL_IS_SHUTDOWN 206
#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 207
#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 208
#define SSL_R_PUBLIC_KEY_NOT_RSA 209
#define SSL_R_READ_BIO_NOT_SET 210
#define SSL_R_READ_WRONG_PACKET_TYPE 211
#define SSL_R_RECORD_LENGTH_MISMATCH 212
#define SSL_R_RECORD_TOO_LARGE 213
#define SSL_R_REQUIRED_CIPHER_MISSING 214
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 215
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 216
#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 217
#define SSL_R_SHORT_READ 218
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 219
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 220
#define SSL_R_NO_METHOD_SPECIFIED 188
#define SSL_R_NO_PRIVATEKEY 189
#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
#define SSL_R_NO_PROTOCOLS_AVAILABLE 191
#define SSL_R_NO_PUBLICKEY 192
#define SSL_R_NO_SHARED_CIPHER 193
#define SSL_R_NO_VERIFY_CALLBACK 194
#define SSL_R_NULL_SSL_CTX 195
#define SSL_R_NULL_SSL_METHOD_PASSED 196
#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
#define SSL_R_PACKET_LENGTH_TOO_LONG 198
#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
#define SSL_R_PEER_ERROR 200
#define SSL_R_PEER_ERROR_CERTIFICATE 201
#define SSL_R_PEER_ERROR_NO_CERTIFICATE 202
#define SSL_R_PEER_ERROR_NO_CIPHER 203
#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204
#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205
#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206
#define SSL_R_PROTOCOL_IS_SHUTDOWN 207
#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208
#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209
#define SSL_R_PUBLIC_KEY_NOT_RSA 210
#define SSL_R_READ_BIO_NOT_SET 211
#define SSL_R_READ_WRONG_PACKET_TYPE 212
#define SSL_R_RECORD_LENGTH_MISMATCH 213
#define SSL_R_RECORD_TOO_LARGE 214
#define SSL_R_REQUIRED_CIPHER_MISSING 215
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
#define SSL_R_SHORT_READ 219
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
@ -1436,17 +1513,17 @@ void SSL_CTX_set_tmp_dh_callback();
#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 221
#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 222
#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 223
#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 224
#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 223
#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 224
#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 225
#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 226
#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 225
#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 227
#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 226
#define SSL_R_SSL_HANDSHAKE_FAILURE 227
#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 228
#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 229
#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
#define SSL_R_SSL_HANDSHAKE_FAILURE 229
#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
@ -1459,44 +1536,44 @@ void SSL_CTX_set_tmp_dh_callback();
#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
#define SSL_R_TLSV1_ALERT_USER_CANCLED 1090
#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 230
#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 231
#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 232
#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 233
#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 234
#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 235
#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 236
#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 237
#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 238
#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 239
#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 240
#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 241
#define SSL_R_UNEXPECTED_MESSAGE 242
#define SSL_R_UNEXPECTED_RECORD 243
#define SSL_R_UNKNOWN_ALERT_TYPE 244
#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 245
#define SSL_R_UNKNOWN_CIPHER_RETURNED 246
#define SSL_R_UNKNOWN_CIPHER_TYPE 247
#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 248
#define SSL_R_UNKNOWN_PKEY_TYPE 249
#define SSL_R_UNKNOWN_PROTOCOL 250
#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 251
#define SSL_R_UNKNOWN_SSL_VERSION 252
#define SSL_R_UNKNOWN_STATE 253
#define SSL_R_UNSUPPORTED_CIPHER 254
#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 255
#define SSL_R_UNSUPPORTED_PROTOCOL 256
#define SSL_R_UNSUPPORTED_SSL_VERSION 257
#define SSL_R_WRITE_BIO_NOT_SET 258
#define SSL_R_WRONG_CIPHER_RETURNED 259
#define SSL_R_WRONG_MESSAGE_TYPE 260
#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 261
#define SSL_R_WRONG_SIGNATURE_LENGTH 262
#define SSL_R_WRONG_SIGNATURE_SIZE 263
#define SSL_R_WRONG_SSL_VERSION 264
#define SSL_R_WRONG_VERSION_NUMBER 265
#define SSL_R_X509_LIB 266
#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 267
#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237
#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238
#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240
#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241
#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
#define SSL_R_UNEXPECTED_MESSAGE 244
#define SSL_R_UNEXPECTED_RECORD 245
#define SSL_R_UNKNOWN_ALERT_TYPE 246
#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247
#define SSL_R_UNKNOWN_CIPHER_RETURNED 248
#define SSL_R_UNKNOWN_CIPHER_TYPE 249
#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
#define SSL_R_UNKNOWN_PKEY_TYPE 251
#define SSL_R_UNKNOWN_PROTOCOL 252
#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253
#define SSL_R_UNKNOWN_SSL_VERSION 254
#define SSL_R_UNKNOWN_STATE 255
#define SSL_R_UNSUPPORTED_CIPHER 256
#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
#define SSL_R_UNSUPPORTED_PROTOCOL 258
#define SSL_R_UNSUPPORTED_SSL_VERSION 259
#define SSL_R_WRITE_BIO_NOT_SET 260
#define SSL_R_WRONG_CIPHER_RETURNED 261
#define SSL_R_WRONG_MESSAGE_TYPE 262
#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
#define SSL_R_WRONG_SIGNATURE_LENGTH 264
#define SSL_R_WRONG_SIGNATURE_SIZE 265
#define SSL_R_WRONG_SSL_VERSION 266
#define SSL_R_WRONG_VERSION_NUMBER 267
#define SSL_R_X509_LIB 268
#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269
#ifdef __cplusplus
}

View file

@ -341,12 +341,13 @@ typedef struct ssl3_ctx_st
EVP_CIPHER *new_sym_enc;
EVP_MD *new_hash;
#ifdef HEADER_COMP_H
COMP_METHOD *new_compression;
SSL_COMP *new_compression;
#else
char *new_compression;
#endif
int cert_request;
} tmp;
} SSL3_CTX;
/* SSLv3 */

View file

@ -61,7 +61,7 @@
#include "lhash.h"
#include "ssl_locl.h"
void SSLeay_add_ssl_algorithms()
int SSL_library_init()
{
#ifndef NO_DES
EVP_add_cipher(EVP_des_cbc());
@ -98,5 +98,6 @@ void SSLeay_add_ssl_algorithms()
EVP_add_digest(EVP_sha());
EVP_add_digest(EVP_dss());
#endif
return(1);
}

View file

@ -58,6 +58,7 @@
#include <stdio.h>
#include "objects.h"
#include "comp.h"
#include "ssl_locl.h"
#define SSL_ENC_DES_IDX 0
@ -73,6 +74,8 @@ static EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
NULL,NULL,NULL,NULL,NULL,NULL,
};
static STACK /* SSL_COMP */ *ssl_comp_methods=NULL;
#define SSL_MD_MD5_IDX 0
#define SSL_MD_SHA1_IDX 1
#define SSL_MD_NUM_IDX 2
@ -180,14 +183,41 @@ static void load_ciphers()
EVP_get_digestbyname(SN_sha1);
}
int ssl_cipher_get_evp(c,enc,md)
SSL_CIPHER *c;
int ssl_cipher_get_evp(s,enc,md,comp)
SSL_SESSION *s;
EVP_CIPHER **enc;
EVP_MD **md;
SSL_COMP **comp;
{
int i;
SSL_CIPHER *c;
c=s->cipher;
if (c == NULL) return(0);
if (comp != NULL)
{
SSL_COMP ctmp;
if (s->compress_meth == 0)
*comp=NULL;
else if (ssl_comp_methods == NULL)
{
/* bad */
*comp=NULL;
}
else
{
ctmp.id=s->compress_meth;
i=sk_find(ssl_comp_methods,(char *)&ctmp);
if (i >= 0)
*comp=(SSL_COMP *)sk_value(ssl_comp_methods,i);
else
*comp=NULL;
}
}
if ((enc == NULL) || (md == NULL)) return(0);
switch (c->algorithms & SSL_ENC_MASK)
{
@ -730,10 +760,12 @@ int *alg_bits;
int ret=0,a=0;
EVP_CIPHER *enc;
EVP_MD *md;
SSL_SESSION ss;
if (c != NULL)
{
if (!ssl_cipher_get_evp(c,&enc,&md))
ss.cipher=c;
if (!ssl_cipher_get_evp(&ss,&enc,&md,NULL))
return(0);
a=EVP_CIPHER_key_length(enc)*8;
@ -756,3 +788,55 @@ int *alg_bits;
return(ret);
}
SSL_COMP *ssl3_comp_find(sk,n)
STACK *sk;
int n;
{
SSL_COMP *ctmp;
int i,nn;
if ((n == 0) || (sk == NULL)) return(NULL);
nn=sk_num(sk);
for (i=0; i<nn; i++)
{
ctmp=(SSL_COMP *)sk_value(sk,i);
if (ctmp->id == n)
return(ctmp);
}
return(NULL);
}
static int sk_comp_cmp(a,b)
SSL_COMP **a,**b;
{
return((*a)->id-(*b)->id);
}
STACK *SSL_COMP_get_compression_methods()
{
return(ssl_comp_methods);
}
int SSL_COMP_add_compression_method(id,cm)
int id;
COMP_METHOD *cm;
{
SSL_COMP *comp;
STACK *sk;
comp=(SSL_COMP *)Malloc(sizeof(SSL_COMP));
comp->id=id;
comp->method=cm;
if (ssl_comp_methods == NULL)
sk=ssl_comp_methods=sk_new(sk_comp_cmp);
else
sk=ssl_comp_methods;
if ((sk == NULL) || !sk_push(sk,(char *)comp))
{
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
return(0);
}
else
return(1);
}

View file

@ -127,7 +127,10 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_PACK(0,SSL_F_SSL_BYTES_TO_CIPHER_LIST,0), "SSL_BYTES_TO_CIPHER_LIST"},
{ERR_PACK(0,SSL_F_SSL_CERT_NEW,0), "SSL_CERT_NEW"},
{ERR_PACK(0,SSL_F_SSL_CHECK_PRIVATE_KEY,0), "SSL_check_private_key"},
{ERR_PACK(0,SSL_F_SSL_CLEAR,0), "SSL_clear"},
{ERR_PACK(0,SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,0), "SSL_COMP_add_compression_method"},
{ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0), "SSL_CREATE_CIPHER_LIST"},
{ERR_PACK(0,SSL_F_SSL_CTX_ADD_COMPRESSION,0), "SSL_CTX_ADD_COMPRESSION"},
{ERR_PACK(0,SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,0), "SSL_CTX_check_private_key"},
{ERR_PACK(0,SSL_F_SSL_CTX_NEW,0), "SSL_CTX_new"},
{ERR_PACK(0,SSL_F_SSL_CTX_SET_SSL_VERSION,0), "SSL_CTX_set_ssl_version"},
@ -266,6 +269,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{SSL_R_NO_CIPHER_MATCH ,"no cipher match"},
{SSL_R_NO_CLIENT_CERT_RECEIVED ,"no client cert received"},
{SSL_R_NO_COMPRESSION_SPECIFIED ,"no compression specified"},
{SSL_R_NO_METHOD_SPECIFIED ,"no method specified"},
{SSL_R_NO_PRIVATEKEY ,"no privatekey"},
{SSL_R_NO_PRIVATE_KEY_ASSIGNED ,"no private key assigned"},
{SSL_R_NO_PROTOCOLS_AVAILABLE ,"no protocols available"},
@ -298,6 +302,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{SSL_R_REUSE_CIPHER_LIST_NOT_ZERO ,"reuse cipher list not zero"},
{SSL_R_SHORT_READ ,"short read"},
{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},

View file

@ -77,30 +77,37 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={
ssl_undefined_function,
};
void SSL_clear(s)
int SSL_clear(s)
SSL *s;
{
int state;
if (s->method == NULL) return;
if (s->method == NULL)
{
SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
return(0);
}
s->error=0;
s->hit=0;
s->shutdown=0;
#if 0
/* This is set if we are doing dynamic renegotiation so keep
* the old cipher. It is sort of a SSL_clear_lite :-) */
if (s->new_session) return;
if (s->new_session) return(1);
#endif
state=s->state; /* Keep to check if we throw away the session-id */
s->type=0;
s->version=s->method->version;
s->rwstate=SSL_NOTHING;
s->state=SSL_ST_BEFORE;
s->rstate=SSL_ST_READ_HEADER;
s->read_ahead=s->ctx->default_read_ahead;
s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
/* s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); */
s->version=s->method->version;
s->client_version=s->version;
s->rwstate=SSL_NOTHING;
s->rstate=SSL_ST_READ_HEADER;
s->read_ahead=s->ctx->read_ahead;
if (s->init_buf != NULL)
{
@ -116,10 +123,22 @@ SSL *s;
s->session=NULL;
}
s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
s->first_packet=0;
s->method->ssl_clear(s);
#if 1
/* Check to see if we were changed into a different method, if
* so, revert back if we are not doing session-id reuse. */
if ((s->session == NULL) && (s->method != s->ctx->method))
{
s->method->ssl_free(s);
s->method=s->ctx->method;
if (!s->method->ssl_new(s))
return(0);
}
else
#endif
s->method->ssl_clear(s);
return(1);
}
/* Used to change an SSL_CTXs default SSL method type */
@ -169,7 +188,7 @@ SSL_CTX *ctx;
}
else
s->cert=NULL;
s->verify_mode=ctx->default_verify_mode;
s->verify_mode=ctx->verify_mode;
s->verify_callback=ctx->default_verify_callback;
CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
s->ctx=ctx;
@ -187,6 +206,7 @@ SSL_CTX *ctx;
s->quiet_shutdown=ctx->quiet_shutdown;
s->references=1;
s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
s->options=ctx->options;
SSL_clear(s);
@ -251,11 +271,6 @@ SSL *s;
ssl_clear_cipher_ctx(s);
if (s->expand != NULL)
COMP_CTX_free(s->expand);
if (s->compress != NULL)
COMP_CTX_free(s->compress);
if (s->cert != NULL) ssl_cert_free(s->cert);
/* Free up if allocated */
@ -402,7 +417,7 @@ SSL *s;
int SSL_CTX_get_verify_mode(ctx)
SSL_CTX *ctx;
{
return(ctx->default_verify_mode);
return(ctx->verify_mode);
}
int (*SSL_CTX_get_verify_callback(ctx))()
@ -623,7 +638,22 @@ int cmd;
long larg;
char *parg;
{
return(s->method->ssl_ctrl(s,cmd,larg,parg));
long l;
switch (cmd)
{
case SSL_CTRL_GET_READ_AHEAD:
return(s->read_ahead);
case SSL_CTRL_SET_READ_AHEAD:
l=s->read_ahead;
s->read_ahead=larg;
return(l);
case SSL_CTRL_OPTIONS:
return(s->options|=larg);
default:
return(s->method->ssl_ctrl(s,cmd,larg,parg));
}
return(0);
}
long SSL_CTX_ctrl(ctx,cmd,larg,parg)
@ -632,7 +662,60 @@ int cmd;
long larg;
char *parg;
{
return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
long l;
switch (cmd)
{
case SSL_CTRL_GET_READ_AHEAD:
return(ctx->read_ahead);
case SSL_CTRL_SET_READ_AHEAD:
l=ctx->read_ahead;
ctx->read_ahead=larg;
return(l);
case SSL_CTRL_SET_SESS_CACHE_SIZE:
l=ctx->session_cache_size;
ctx->session_cache_size=larg;
return(l);
case SSL_CTRL_GET_SESS_CACHE_SIZE:
return(ctx->session_cache_size);
case SSL_CTRL_SET_SESS_CACHE_MODE:
l=ctx->session_cache_mode;
ctx->session_cache_mode=larg;
return(l);
case SSL_CTRL_GET_SESS_CACHE_MODE:
return(ctx->session_cache_mode);
case SSL_CTRL_SESS_NUMBER:
return(ctx->sessions->num_items);
case SSL_CTRL_SESS_CONNECT:
return(ctx->stats.sess_connect);
case SSL_CTRL_SESS_CONNECT_GOOD:
return(ctx->stats.sess_connect_good);
case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
return(ctx->stats.sess_connect_renegotiate);
case SSL_CTRL_SESS_ACCEPT:
return(ctx->stats.sess_accept);
case SSL_CTRL_SESS_ACCEPT_GOOD:
return(ctx->stats.sess_accept_good);
case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
return(ctx->stats.sess_accept_renegotiate);
case SSL_CTRL_SESS_HIT:
return(ctx->stats.sess_hit);
case SSL_CTRL_SESS_CB_HIT:
return(ctx->stats.sess_cb_hit);
case SSL_CTRL_SESS_MISSES:
return(ctx->stats.sess_miss);
case SSL_CTRL_SESS_TIMEOUTS:
return(ctx->stats.sess_timeout);
case SSL_CTRL_SESS_CACHE_FULL:
return(ctx->stats.sess_cache_full);
case SSL_CTRL_OPTIONS:
return(ctx->options|=larg);
default:
return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
}
return(0);
}
int ssl_cipher_id_cmp(a,b)
@ -903,17 +986,7 @@ SSL_METHOD *meth;
ret->remove_session_cb=NULL;
ret->get_session_cb=NULL;
ret->sess_connect=0;
ret->sess_connect_good=0;
ret->sess_accept=0;
ret->sess_accept_renegotiate=0;
ret->sess_connect_renegotiate=0;
ret->sess_accept_good=0;
ret->sess_miss=0;
ret->sess_timeout=0;
ret->sess_cache_full=0;
ret->sess_hit=0;
ret->sess_cb_hit=0;
memset((char *)&ret->stats,0,sizeof(ret->stats));
ret->references=1;
ret->quiet_shutdown=0;
@ -929,8 +1002,8 @@ SSL_METHOD *meth;
ret->app_verify_callback=NULL;
ret->app_verify_arg=NULL;
ret->default_read_ahead=0;
ret->default_verify_mode=SSL_VERIFY_NONE;
ret->read_ahead=0;
ret->verify_mode=SSL_VERIFY_NONE;
ret->default_verify_callback=NULL;
if ((ret->default_cert=ssl_cert_new()) == NULL)
goto err;
@ -974,6 +1047,7 @@ SSL_METHOD *meth;
CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data);
ret->extra_certs=NULL;
ret->comp_methods=SSL_COMP_get_compression_methods();
return(ret);
err:
@ -1021,6 +1095,8 @@ SSL_CTX *a;
sk_pop_free(a->client_CA,X509_NAME_free);
if (a->extra_certs != NULL)
sk_pop_free(a->extra_certs,X509_free);
if (a->comp_methods != NULL)
sk_pop_free(a->comp_methods,free);
Free((char *)a);
}
@ -1049,7 +1125,7 @@ int (*cb)(int, X509_STORE_CTX *);
int (*cb)();
#endif
{
ctx->default_verify_mode=mode;
ctx->verify_mode=mode;
ctx->default_verify_callback=cb;
/* This needs cleaning up EAY EAY EAY */
X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
@ -1246,8 +1322,8 @@ int mode;
((i & mode) == mode))
{
if ( (((mode & SSL_SESS_CACHE_CLIENT)
?s->ctx->sess_connect_good
:s->ctx->sess_accept_good) & 0xff) == 0xff)
?s->ctx->stats.sess_connect_good
:s->ctx->stats.sess_accept_good) & 0xff) == 0xff)
{
SSL_CTX_flush_sessions(s->ctx,time(NULL));
}
@ -1294,12 +1370,20 @@ SSL *s;
int i;
{
int reason;
unsigned long l;
BIO *bio;
if (i > 0) return(SSL_ERROR_NONE);
if (ERR_peek_error() != 0)
return(SSL_ERROR_SSL);
/* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
* etc, where we do encode the error */
if ((l=ERR_peek_error()) != 0)
{
if (ERR_GET_LIB(l) == ERR_LIB_SYS)
return(SSL_ERROR_SYSCALL);
else
return(SSL_ERROR_SSL);
}
if ((i < 0) && SSL_want_read(s))
{
@ -1381,6 +1465,7 @@ SSL *s;
void SSL_set_accept_state(s)
SSL *s;
{
s->server=1;
s->shutdown=0;
s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
s->handshake_func=s->method->ssl_accept;
@ -1391,6 +1476,7 @@ SSL *s;
void SSL_set_connect_state(s)
SSL *s;
{
s->server=0;
s->shutdown=0;
s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
s->handshake_func=s->method->ssl_connect;
@ -1498,6 +1584,7 @@ SSL *s;
ret->shutdown=s->shutdown;
ret->state=s->state;
ret->handshake_func=s->handshake_func;
ret->server=s->server;
if (0)
{
@ -1523,6 +1610,16 @@ SSL *s;
Free(s->enc_write_ctx);
s->enc_write_ctx=NULL;
}
if (s->expand != NULL)
{
COMP_CTX_free(s->expand);
s->expand=NULL;
}
if (s->compress != NULL)
{
COMP_CTX_free(s->compress);
s->compress=NULL;
}
}
/* Fix this function so that it takes an optional type parameter */
@ -1590,6 +1687,26 @@ int push;
}
return(1);
}
void ssl_free_wbio_buffer(s)
SSL *s;
{
BIO *under;
if (s->bbio == NULL) return;
if (s->bbio == s->wbio)
{
/* remove buffering */
under=BIO_pop(s->wbio);
if (under != NULL)
s->wbio=under;
else
abort(); /* ok */
}
BIO_free(s->bbio);
s->bbio=NULL;
}
void SSL_CTX_set_quiet_shutdown(ctx,mode)
SSL_CTX *ctx;
@ -1750,6 +1867,27 @@ SSL *s;
return(1);
}
X509_STORE *SSL_CTX_get_cert_store(ctx)
SSL_CTX *ctx;
{
return(ctx->cert_store);
}
void SSL_CTX_set_cert_store(ctx,store)
SSL_CTX *ctx;
X509_STORE *store;
{
if (ctx->cert_store != NULL)
X509_STORE_free(ctx->cert_store);
ctx->cert_store=store;
}
int SSL_want(s)
SSL *s;
{
return(s->rwstate);
}
void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,int export))
{ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb); }

View file

@ -348,7 +348,8 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK *sk,unsigned char *p);
STACK *ssl_create_cipher_list(SSL_METHOD *meth,STACK **pref,
STACK **sorted,char *str);
void ssl_update_cache(SSL *s, int mode);
int ssl_cipher_get_evp(SSL_CIPHER *c, EVP_CIPHER **enc, EVP_MD **md);
int ssl_cipher_get_evp(SSL_SESSION *s, EVP_CIPHER **enc, EVP_MD **md,
SSL_COMP **comp);
int ssl_verify_cert_chain(SSL *s,STACK *sk);
int ssl_undefined_function(SSL *s);
X509 *ssl_get_server_send_cert(SSL *);
@ -442,6 +443,7 @@ long tls1_ctrl(SSL *s,int cmd, long larg, char *parg);
SSL_METHOD *tlsv1_base_method(void );
int ssl_init_wbio_buffer(SSL *s, int push);
void ssl_free_wbio_buffer(SSL *s);
int tls1_change_cipher_state(SSL *s, int which);
int tls1_setup_key_block(SSL *s);
@ -456,6 +458,9 @@ int tls1_alert_code(int code);
int ssl3_alert_code(int code);
int ssl_ok(SSL *s);
SSL_COMP *ssl3_comp_find(STACK *sk, int n);
STACK *SSL_COMP_get_compression_methods(void);
#else
@ -562,10 +567,8 @@ int ssl23_read_bytes();
int ssl23_write_bytes();
int ssl_init_wbio_buffer();
void ssl_free_wbio_buffer();
#endif
#endif
int ssl3_cert_verify_mac();
int ssl3_alert_code();
int tls1_new();
@ -582,3 +585,9 @@ int tls1_mac();
int tls1_generate_master_secret();
int tls1_alert_code();
int ssl_ok();
SSL_COMP *ssl3_comp_find();
STACK *SSL_COMP_get_compression_methods();
#endif
#endif

View file

@ -152,10 +152,10 @@ end:
}
#endif
int SSL_use_certificate_ASN1(ssl, len, d)
int SSL_use_certificate_ASN1(ssl, d,len)
SSL *ssl;
int len;
unsigned char *d;
int len;
{
X509 *x;
int ret;

View file

@ -123,6 +123,7 @@ SSL_SESSION *SSL_SESSION_new()
ss->time=time(NULL);
ss->prev=NULL;
ss->next=NULL;
ss->compress_meth=0;
CRYPTO_new_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data);
return(ss);
}
@ -136,8 +137,10 @@ int session;
if ((ss=SSL_SESSION_new()) == NULL) return(0);
/* If the context has a default timeout, use it */
if (s->ctx->session_timeout != 0)
if (s->ctx->session_timeout == 0)
ss->timeout=SSL_get_default_timeout(s);
else
ss->timeout=s->ctx->session_timeout;
if (s->session != NULL)
{
@ -218,13 +221,13 @@ int len;
{
int copy=1;
s->ctx->sess_miss++;
s->ctx->stats.sess_miss++;
ret=NULL;
if ((s->ctx->get_session_cb != NULL) &&
((ret=s->ctx->get_session_cb(s,session_id,len,&copy))
!= NULL))
{
s->ctx->sess_cb_hit++;
s->ctx->stats.sess_cb_hit++;
/* The following should not return 1, otherwise,
* things are very strange */
@ -260,14 +263,14 @@ int len;
if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */
{
s->ctx->sess_timeout++;
s->ctx->stats.sess_timeout++;
/* remove it from the cache */
SSL_CTX_remove_session(s->ctx,ret);
SSL_SESSION_free(ret); /* again to actually Free it */
return(0);
}
s->ctx->sess_hit++;
s->ctx->stats.sess_hit++;
/* ret->time=time(NULL); */ /* rezero timeout? */
/* again, just leave the session
@ -318,7 +321,7 @@ SSL_SESSION *c;
ctx->session_cache_tail))
break;
else
ctx->sess_cache_full++;
ctx->stats.sess_cache_full++;
}
}
}
@ -413,7 +416,10 @@ SSL_SESSION *session;
{
if (!SSL_set_ssl_method(s,meth))
return(0);
session->timeout=SSL_get_default_timeout(s);
if (s->ctx->session_timeout == 0)
session->timeout=SSL_get_default_timeout(s);
else
session->timeout=s->ctx->session_timeout;
}
/* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
@ -431,6 +437,14 @@ SSL_SESSION *session;
SSL_SESSION_free(s->session);
s->session=NULL;
}
meth=s->ctx->method;
if (meth != s->method)
{
if (!SSL_set_ssl_method(s,meth))
return(0);
}
ret=1;
}
return(ret);
}
@ -467,6 +481,24 @@ long t;
return(t);
}
long SSL_CTX_set_timeout(s,t)
SSL_CTX *s;
long t;
{
long l;
if (s == NULL) return(0);
l=s->session_timeout;
s->session_timeout=t;
return(l);
}
long SSL_CTX_get_timeout(s)
SSL_CTX *s;
{
if (s == NULL) return(0);
return(s->session_timeout);
}
typedef struct timeout_param_st
{
SSL_CTX *ctx;
@ -499,7 +531,7 @@ long t;
TIMEOUT_PARAM tp;
tp.ctx=s;
tp.cache=SSL_CTX_sessions(s);
tp.cache=s->sessions;
if (tp.cache == NULL) return;
tp.time=t;
CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);

View file

@ -133,6 +133,23 @@ SSL_SESSION *x;
sprintf(str,"%02X",x->key_arg[i]);
if (BIO_puts(bp,str) <= 0) goto err;
}
if (x->compress_meth != 0)
{
SSL_COMP *comp;
ssl_cipher_get_evp(x,NULL,NULL,&comp);
if (comp == NULL)
{
sprintf(str,"\n Compression: %d",x->compress_meth);
if (BIO_puts(bp,str) <= 0) goto err;
}
else
{
sprintf(str,"\n Compression: %d (%s)",
comp->id,comp->method->name);
if (BIO_puts(bp,str) <= 0) goto err;
}
}
if (x->time != 0L)
{
sprintf(str,"\n Start Time: %ld",x->time);

View file

@ -243,7 +243,7 @@ bad:
/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
SSLeay_add_ssl_algorithms();
SSL_library_init();
SSL_load_error_strings();
#if !defined(NO_SSL2) && !defined(NO_SSL3)

View file

@ -57,6 +57,7 @@
*/
#include <stdio.h>
#include "comp.h"
#include "evp.h"
#include "hmac.h"
#include "ssl_locl.h"
@ -175,7 +176,7 @@ int which;
int client_write;
EVP_CIPHER_CTX *dd;
EVP_CIPHER *c;
COMP_METHOD *comp;
SSL_COMP *comp;
EVP_MD *m;
int exp,n,i,j,k,exp_label_len,cl;
@ -200,14 +201,15 @@ int which;
}
if (comp != NULL)
{
s->expand=COMP_CTX_new(comp);
s->expand=COMP_CTX_new(comp->method);
if (s->expand == NULL)
{
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err2;
}
s->s3->rrec.comp=(unsigned char *)
Malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
if (s->s3->rrec.comp == NULL)
s->s3->rrec.comp=(unsigned char *)
Malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
if (s->s3->rrec.comp == NULL)
goto err;
}
@ -229,7 +231,7 @@ int which;
}
if (comp != NULL)
{
s->compress=COMP_CTX_new(comp);
s->compress=COMP_CTX_new(comp->method);
if (s->compress == NULL)
{
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
@ -346,11 +348,12 @@ SSL *s;
EVP_CIPHER *c;
EVP_MD *hash;
int num,exp;
SSL_COMP *comp;
if (s->s3->tmp.key_block_length != 0)
return(1);
if (!ssl_cipher_get_evp(s->session->cipher,&c,&hash))
if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
{
SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
return(0);
@ -504,7 +507,7 @@ unsigned char *out;
unsigned int ret;
EVP_MD_CTX ctx;
memcpy(&ctx,in_ctx,sizeof(EVP_MD_CTX));
EVP_MD_CTX_copy(&ctx,in_ctx);
EVP_DigestFinal(&ctx,out,&ret);
return((int)ret);
}
@ -525,10 +528,10 @@ unsigned char *out;
memcpy(q,str,slen);
q+=slen;
memcpy(&ctx,in1_ctx,sizeof(EVP_MD_CTX));
EVP_MD_CTX_copy(&ctx,in1_ctx);
EVP_DigestFinal(&ctx,q,&i);
q+=i;
memcpy(&ctx,in2_ctx,sizeof(EVP_MD_CTX));
EVP_MD_CTX_copy(&ctx,in2_ctx);
EVP_DigestFinal(&ctx,q,&i);
q+=i;