summaryrefslogtreecommitdiff
path: root/ssl/s3_lib.c
diff options
context:
space:
mode:
authorRalf S. Engelschall <rse@openssl.org>1998-12-21 10:56:39 +0000
committerRalf S. Engelschall <rse@openssl.org>1998-12-21 10:56:39 +0000
commit58964a492275ca9a59a0cd9c8155cb2491b4b909 (patch)
treec7b16876a5789463bbbb468ef4829c8129b3d718 /ssl/s3_lib.c
parentd02b48c63a58ea4367a0e905979f140b7d090f86 (diff)
downloadopenssl-new-58964a492275ca9a59a0cd9c8155cb2491b4b909.tar.gz
Import of old SSLeay release: SSLeay 0.9.0b
Diffstat (limited to 'ssl/s3_lib.c')
-rw-r--r--ssl/s3_lib.c184
1 files changed, 115 insertions, 69 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index b7bac8e10f..0fd945025d 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1,5 +1,5 @@
/* ssl/s3_lib.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
@@ -60,7 +60,7 @@
#include "objects.h"
#include "ssl_locl.h"
-char *ssl3_version_str="SSLv3 part of SSLeay 0.8.1b 29-Jun-1998";
+char *ssl3_version_str="SSLv3 part of SSLeay 0.9.0b 29-Jun-1998";
#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
@@ -131,8 +131,8 @@ SSL_CIPHER ssl3_ciphers[]={
/* Cipher 1B */
{
1,
- SSL3_TXT_ADH_DES_196_CBC_SHA,
- SSL3_CK_ADH_DES_196_CBC_SHA,
+ SSL3_TXT_ADH_DES_192_CBC_SHA,
+ SSL3_CK_ADH_DES_192_CBC_SHA,
SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
0,
SSL_ALL_CIPHERS,
@@ -358,8 +358,22 @@ SSL_CIPHER ssl3_ciphers[]={
/* end of list */
};
+static SSL3_ENC_METHOD SSLv3_enc_data={
+ ssl3_enc,
+ ssl3_mac,
+ ssl3_setup_key_block,
+ ssl3_generate_master_secret,
+ ssl3_change_cipher_state,
+ ssl3_final_finish_mac,
+ MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
+ ssl3_cert_verify_mac,
+ SSL3_MD_CLIENT_FINISHED_CONST,4,
+ SSL3_MD_SERVER_FINISHED_CONST,4,
+ ssl3_alert_code,
+ };
+
static SSL_METHOD SSLv3_data= {
- 3,
+ SSL3_VERSION,
ssl3_new,
ssl3_clear,
ssl3_free,
@@ -379,6 +393,7 @@ static SSL_METHOD SSLv3_data= {
ssl3_get_cipher,
ssl_bad_method,
ssl3_default_timeout,
+ &SSLv3_enc_data,
};
static long ssl3_default_timeout()
@@ -420,14 +435,18 @@ SSL *s;
SSL3_CTX *s3;
if ((s3=(SSL3_CTX *)Malloc(sizeof(SSL3_CTX))) == NULL) goto err;
+ memset(s3,0,sizeof(SSL3_CTX));
s->s3=s3;
+ /*
s->s3->tmp.ca_names=NULL;
s->s3->tmp.key_block=NULL;
+ s->s3->tmp.key_block_length=0;
s->s3->rbuf.buf=NULL;
s->s3->wbuf.buf=NULL;
+ */
- ssl3_clear(s);
+ s->method->ssl_clear(s);
return(1);
err:
return(0);
@@ -465,16 +484,14 @@ SSL *s;
wp=s->s3->wbuf.buf;
memset(s->s3,0,sizeof(SSL3_CTX));
- if (rp != NULL)
- {
- s->packet= &(s->s3->rbuf.buf[0]);
- s->s3->rbuf.buf=rp;
- s->s3->wbuf.buf=wp;
- }
- else
- s->packet=NULL;
+ if (rp != NULL) s->s3->rbuf.buf=rp;
+ if (wp != NULL) s->s3->wbuf.buf=wp;
s->packet_length=0;
- s->version=3;
+ s->s3->renegotiate=0;
+ s->s3->total_renegotiations=0;
+ s->s3->num_renegotiations=0;
+ s->s3->in_read_app_data=0;
+ s->version=SSL3_VERSION;
}
long ssl3_ctrl(s,cmd,larg,parg)
@@ -483,7 +500,29 @@ int cmd;
long larg;
char *parg;
{
- return(0);
+ int ret=0;
+
+ switch (cmd)
+ {
+ case SSL_CTRL_GET_SESSION_REUSED:
+ ret=s->hit;
+ break;
+ case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
+ break;
+ case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
+ ret=s->s3->num_renegotiations;
+ break;
+ case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
+ ret=s->s3->num_renegotiations;
+ s->s3->num_renegotiations=0;
+ break;
+ case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
+ ret=s->s3->total_renegotiations;
+ break;
+ default:
+ break;
+ }
+ return(ret);
}
long ssl3_ctx_ctrl(ctx,cmd,larg,parg)
@@ -623,49 +662,6 @@ unsigned char *p;
return(2);
}
-void ssl3_generate_key_block(s,km,num)
-SSL *s;
-unsigned char *km;
-int num;
- {
- MD5_CTX m5;
- SHA_CTX s1;
- unsigned char buf[8],smd[SHA_DIGEST_LENGTH];
- unsigned char c='A';
- int i,j,k;
-
- k=0;
- for (i=0; i<num; i+=MD5_DIGEST_LENGTH)
- {
- k++;
- for (j=0; j<k; j++)
- buf[j]=c;
- c++;
- SHA1_Init( &s1);
- SHA1_Update(&s1,buf,k);
- SHA1_Update(&s1,s->session->master_key,
- s->session->master_key_length);
- SHA1_Update(&s1,s->s3->server_random,SSL3_RANDOM_SIZE);
- SHA1_Update(&s1,s->s3->client_random,SSL3_RANDOM_SIZE);
- SHA1_Final( smd,&s1);
-
- MD5_Init( &m5);
- MD5_Update(&m5,s->session->master_key,
- s->session->master_key_length);
- MD5_Update(&m5,smd,SHA_DIGEST_LENGTH);
- if ((i+MD5_DIGEST_LENGTH) > num)
- {
- MD5_Final(smd,&m5);
- memcpy(km,smd,(num-i));
- }
- else
- MD5_Final(km,&m5);
-
- km+=MD5_DIGEST_LENGTH;
- }
- memset(smd,0,SHA_DIGEST_LENGTH);
- }
-
int ssl3_part_read(s,i)
SSL *s;
int i;
@@ -754,7 +750,8 @@ unsigned char *p;
p[ret++]=SSL3_CT_DSS_FIXED_DH;
#endif
}
- if (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr))
+ if ((s->version == SSL3_VERSION) &&
+ (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
{
#ifndef NO_RSA
p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
@@ -767,7 +764,7 @@ unsigned char *p;
#ifndef NO_RSA
p[ret++]=SSL3_CT_RSA_SIGN;
#endif
-/* p[ret++]=SSL3_CT_DSS_SIGN; */
+ p[ret++]=SSL3_CT_DSS_SIGN;
return(ret);
}
@@ -787,7 +784,7 @@ SSL *s;
{
s->shutdown|=SSL_SENT_SHUTDOWN;
#if 1
- ssl3_send_alert(s,SSL3_AL_WARNING,SSL3_AD_CLOSE_NOTIFY);
+ ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
#endif
/* our shutdown alert has been sent now, and if it still needs
* to be written, s->s3->alert_dispatch will be true */
@@ -814,7 +811,7 @@ SSL *s;
int ssl3_write(s,buf,len)
SSL *s;
-const char *buf;
+char *buf;
int len;
{
int ret,n;
@@ -827,7 +824,8 @@ int len;
return(0);
}
#endif
- errno=0;
+ clear_sys_error();
+ if (s->s3->renegotiate) ssl3_renegotiate_check(s);
/* This is an experimental flag that sends the
* last handshake message in the same packet as the first
@@ -867,6 +865,7 @@ int len;
(char *)buf,len);
if (ret <= 0) return(ret);
}
+
return(ret);
}
@@ -875,8 +874,24 @@ SSL *s;
char *buf;
int len;
{
- errno=0;
- return(ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len));
+ int ret;
+
+ clear_sys_error();
+ if (s->s3->renegotiate) ssl3_renegotiate_check(s);
+ s->s3->in_read_app_data=1;
+ ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
+ if ((ret == -1) && (s->s3->in_read_app_data == 0))
+ {
+ ERR_get_error(); /* clear the error */
+ s->s3->in_read_app_data=0;
+ s->in_handshake++;
+ ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
+ s->in_handshake--;
+ }
+ else
+ s->s3->in_read_app_data=0;
+
+ return(ret);
}
int ssl3_peek(s,buf,len)
@@ -889,7 +904,12 @@ int len;
rr= &(s->s3->rrec);
if ((rr->length == 0) || (rr->type != SSL3_RT_APPLICATION_DATA))
- return(0);
+ {
+ n=ssl3_read(s,buf,1);
+ if (n <= 0) return(n);
+ rr->length++;
+ rr->off--;
+ }
if ((unsigned int)len > rr->length)
n=rr->length;
@@ -908,8 +928,34 @@ SSL *s;
if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
return(0);
- if (!SSL_in_init(s))
- s->state=SSL_ST_RENEGOTIATE;
+ s->s3->renegotiate=1;
return(1);
}
+int ssl3_renegotiate_check(s)
+SSL *s;
+ {
+ int ret=0;
+
+ if (s->s3->renegotiate)
+ {
+ if ( (s->s3->rbuf.left == 0) &&
+ (s->s3->wbuf.left == 0) &&
+ !SSL_in_init(s))
+ {
+/*
+if we are the server, and we have sent a 'RENEGOTIATE' message, we
+need to go to SSL_ST_ACCEPT.
+*/
+ /* SSL_ST_ACCEPT */
+ s->state=SSL_ST_RENEGOTIATE;
+ s->s3->renegotiate=0;
+ s->s3->num_renegotiations++;
+ s->s3->total_renegotiations++;
+ ret=1;
+ }
+ }
+ return(ret);
+ }
+
+
View Lorry Controller Status