kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
640 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Tree: ce5be4bd5c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ce5be4bd5c'
${ noResults }
boringssl/ssl/s3_lib.c

2143 lines
49 KiB
Raw Blame History 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.]

  56.  */

  57. /* ====================================================================

  58.  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.

  59.  *

  60.  * Redistribution and use in source and binary forms, with or without

  61.  * modification, are permitted provided that the following conditions

  62.  * are met:

  63.  *

  64.  * 1. Redistributions of source code must retain the above copyright

  65.  *    notice, this list of conditions and the following disclaimer.

  66.  *

  67.  * 2. Redistributions in binary form must reproduce the above copyright

  68.  *    notice, this list of conditions and the following disclaimer in

  69.  *    the documentation and/or other materials provided with the

  70.  *    distribution.

  71.  *

  72.  * 3. All advertising materials mentioning features or use of this

  73.  *    software must display the following acknowledgment:

  74.  *    "This product includes software developed by the OpenSSL Project

  75.  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

  76.  *

  77.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  78.  *    endorse or promote products derived from this software without

  79.  *    prior written permission. For written permission, please contact

  80.  *    openssl-core@openssl.org.

  81.  *

  82.  * 5. Products derived from this software may not be called "OpenSSL"

  83.  *    nor may "OpenSSL" appear in their names without prior written

  84.  *    permission of the OpenSSL Project.

  85.  *

  86.  * 6. Redistributions of any form whatsoever must retain the following

  87.  *    acknowledgment:

  88.  *    "This product includes software developed by the OpenSSL Project

  89.  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

  90.  *

  91.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  92.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  93.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  94.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  95.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  96.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  97.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  98.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  99.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  100.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  101.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  102.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  103.  * ====================================================================

  104.  *

  105.  * This product includes cryptographic software written by Eric Young

  106.  * (eay@cryptsoft.com).  This product includes software written by Tim

  107.  * Hudson (tjh@cryptsoft.com).

  108.  *

  109.  */

  110. /* ====================================================================

  111.  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

  112.  *

  113.  * Portions of the attached software ("Contribution") are developed by

  114.  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

  115.  *

  116.  * The Contribution is licensed pursuant to the OpenSSL open source

  117.  * license provided above.

  118.  *

  119.  * ECC cipher suite support in OpenSSL originally written by

  120.  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.

  121.  *

  122.  */

  123. /* ====================================================================

  124.  * Copyright 2005 Nokia. All rights reserved.

  125.  *

  126.  * The portions of the attached software ("Contribution") is developed by

  127.  * Nokia Corporation and is licensed pursuant to the OpenSSL open source

  128.  * license.

  129.  *

  130.  * The Contribution, originally written by Mika Kousa and Pasi Eronen of

  131.  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites

  132.  * support (see RFC 4279) to OpenSSL.

  133.  *

  134.  * No patent licenses or other rights except those expressly stated in

  135.  * the OpenSSL open source license shall be deemed granted or received

  136.  * expressly, by implication, estoppel, or otherwise.

  137.  *

  138.  * No assurances are provided by Nokia that the Contribution does not

  139.  * infringe the patent or other intellectual property rights of any third

  140.  * party or that the license provides you with all the necessary rights

  141.  * to make use of the Contribution.

  142.  *

  143.  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN

  144.  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA

  145.  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY

  146.  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR

  147.  * OTHERWISE. */

  148. 

  149. #include <assert.h>

  150. #include <stdio.h>

  151. 

  152. #include <openssl/buf.h>

  153. #include <openssl/dh.h>

  154. #include <openssl/md5.h>

  155. #include <openssl/mem.h>

  156. #include <openssl/obj.h>

  157. 

  158. #include "ssl_locl.h"

  159. 

  160. #define SSL3_NUM_CIPHERS	(sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))

  161. 

  162. /* FIXED_NONCE_LEN is a macro that results in the correct value to set the

  163.  * fixed nonce length in SSL_CIPHER.algorithms2. It's the inverse of

  164.  * SSL_CIPHER_AEAD_FIXED_NONCE_LEN. */

  165. #define FIXED_NONCE_LEN(x) ((x/2)<<24)

  166. 

  167. /* list of available SSLv3 ciphers (sorted by id) */

  168. const SSL_CIPHER ssl3_ciphers[]={

  169. 

  170. /* The RSA ciphers */

  171. /* Cipher 04 */

  172. 	{

  173. 	1,

  174. 	SSL3_TXT_RSA_RC4_128_MD5,

  175. 	SSL3_CK_RSA_RC4_128_MD5,

  176. 	SSL_kRSA,

  177. 	SSL_aRSA,

  178. 	SSL_RC4,

  179. 	SSL_MD5,

  180. 	SSL_SSLV3,

  181. 	SSL_MEDIUM,

  182. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|SSL_CIPHER_ALGORITHM2_STATEFUL_AEAD,

  183. 	128,

  184. 	128,

  185. 	},

  186. 

  187. /* Cipher 05 */

  188. 	{

  189. 	1,

  190. 	SSL3_TXT_RSA_RC4_128_SHA,

  191. 	SSL3_CK_RSA_RC4_128_SHA,

  192. 	SSL_kRSA,

  193. 	SSL_aRSA,

  194. 	SSL_RC4,

  195. 	SSL_SHA1,

  196. 	SSL_SSLV3,

  197. 	SSL_MEDIUM,

  198. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  199. 	128,

  200. 	128,

  201. 	},

  202. 

  203. /* Cipher 0A */

  204. 	{

  205. 	1,

  206. 	SSL3_TXT_RSA_DES_192_CBC3_SHA,

  207. 	SSL3_CK_RSA_DES_192_CBC3_SHA,

  208. 	SSL_kRSA,

  209. 	SSL_aRSA,

  210. 	SSL_3DES,

  211. 	SSL_SHA1,

  212. 	SSL_SSLV3,

  213. 	SSL_HIGH|SSL_FIPS,

  214. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  215. 	112,

  216. 	168,

  217. 	},

  218. 

  219. /* The Ephemeral DH ciphers */

  220. 

  221. /* Cipher 18 */

  222. 	{

  223. 	1,

  224. 	SSL3_TXT_ADH_RC4_128_MD5,

  225. 	SSL3_CK_ADH_RC4_128_MD5,

  226. 	SSL_kEDH,

  227. 	SSL_aNULL,

  228. 	SSL_RC4,

  229. 	SSL_MD5,

  230. 	SSL_SSLV3,

  231. 	SSL_MEDIUM,

  232. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  233. 	128,

  234. 	128,

  235. 	},

  236. 

  237. /* New AES ciphersuites */

  238. /* Cipher 2F */

  239. 	{

  240. 	1,

  241. 	TLS1_TXT_RSA_WITH_AES_128_SHA,

  242. 	TLS1_CK_RSA_WITH_AES_128_SHA,

  243. 	SSL_kRSA,

  244. 	SSL_aRSA,

  245. 	SSL_AES128,

  246. 	SSL_SHA1,

  247. 	SSL_TLSV1,

  248. 	SSL_HIGH|SSL_FIPS,

  249. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  250. 	128,

  251. 	128,

  252. 	},

  253. /* Cipher 33 */

  254. 	{

  255. 	1,

  256. 	TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,

  257. 	TLS1_CK_DHE_RSA_WITH_AES_128_SHA,

  258. 	SSL_kEDH,

  259. 	SSL_aRSA,

  260. 	SSL_AES128,

  261. 	SSL_SHA1,

  262. 	SSL_TLSV1,

  263. 	SSL_HIGH|SSL_FIPS,

  264. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  265. 	128,

  266. 	128,

  267. 	},

  268. /* Cipher 34 */

  269. 	{

  270. 	1,

  271. 	TLS1_TXT_ADH_WITH_AES_128_SHA,

  272. 	TLS1_CK_ADH_WITH_AES_128_SHA,

  273. 	SSL_kEDH,

  274. 	SSL_aNULL,

  275. 	SSL_AES128,

  276. 	SSL_SHA1,

  277. 	SSL_TLSV1,

  278. 	SSL_HIGH|SSL_FIPS,

  279. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  280. 	128,

  281. 	128,

  282. 	},

  283. 

  284. /* Cipher 35 */

  285. 	{

  286. 	1,

  287. 	TLS1_TXT_RSA_WITH_AES_256_SHA,

  288. 	TLS1_CK_RSA_WITH_AES_256_SHA,

  289. 	SSL_kRSA,

  290. 	SSL_aRSA,

  291. 	SSL_AES256,

  292. 	SSL_SHA1,

  293. 	SSL_TLSV1,

  294. 	SSL_HIGH|SSL_FIPS,

  295. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  296. 	256,

  297. 	256,

  298. 	},

  299. 

  300. /* Cipher 39 */

  301. 	{

  302. 	1,

  303. 	TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,

  304. 	TLS1_CK_DHE_RSA_WITH_AES_256_SHA,

  305. 	SSL_kEDH,

  306. 	SSL_aRSA,

  307. 	SSL_AES256,

  308. 	SSL_SHA1,

  309. 	SSL_TLSV1,

  310. 	SSL_HIGH|SSL_FIPS,

  311. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  312. 	256,

  313. 	256,

  314. 	},

  315. 

  316. 	/* Cipher 3A */

  317. 	{

  318. 	1,

  319. 	TLS1_TXT_ADH_WITH_AES_256_SHA,

  320. 	TLS1_CK_ADH_WITH_AES_256_SHA,

  321. 	SSL_kEDH,

  322. 	SSL_aNULL,

  323. 	SSL_AES256,

  324. 	SSL_SHA1,

  325. 	SSL_TLSV1,

  326. 	SSL_HIGH|SSL_FIPS,

  327. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  328. 	256,

  329. 	256,

  330. 	},

  331. 

  332. 	/* TLS v1.2 ciphersuites */

  333. 	/* Cipher 3C */

  334. 	{

  335. 	1,

  336. 	TLS1_TXT_RSA_WITH_AES_128_SHA256,

  337. 	TLS1_CK_RSA_WITH_AES_128_SHA256,

  338. 	SSL_kRSA,

  339. 	SSL_aRSA,

  340. 	SSL_AES128,

  341. 	SSL_SHA256,

  342. 	SSL_TLSV1_2,

  343. 	SSL_HIGH|SSL_FIPS,

  344. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  345. 	128,

  346. 	128,

  347. 	},

  348. 

  349. 	/* Cipher 3D */

  350. 	{

  351. 	1,

  352. 	TLS1_TXT_RSA_WITH_AES_256_SHA256,

  353. 	TLS1_CK_RSA_WITH_AES_256_SHA256,

  354. 	SSL_kRSA,

  355. 	SSL_aRSA,

  356. 	SSL_AES256,

  357. 	SSL_SHA256,

  358. 	SSL_TLSV1_2,

  359. 	SSL_HIGH|SSL_FIPS,

  360. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  361. 	256,

  362. 	256,

  363. 	},

  364. 

  365. 

  366. 	/* TLS v1.2 ciphersuites */

  367. 	/* Cipher 67 */

  368. 	{

  369. 	1,

  370. 	TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,

  371. 	TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,

  372. 	SSL_kEDH,

  373. 	SSL_aRSA,

  374. 	SSL_AES128,

  375. 	SSL_SHA256,

  376. 	SSL_TLSV1_2,

  377. 	SSL_HIGH|SSL_FIPS,

  378. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  379. 	128,

  380. 	128,

  381. 	},

  382. 

  383. 	/* Cipher 6B */

  384. 	{

  385. 	1,

  386. 	TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,

  387. 	TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,

  388. 	SSL_kEDH,

  389. 	SSL_aRSA,

  390. 	SSL_AES256,

  391. 	SSL_SHA256,

  392. 	SSL_TLSV1_2,

  393. 	SSL_HIGH|SSL_FIPS,

  394. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  395. 	256,

  396. 	256,

  397. 	},

  398. 

  399. 	/* Cipher 6C */

  400. 	{

  401. 	1,

  402. 	TLS1_TXT_ADH_WITH_AES_128_SHA256,

  403. 	TLS1_CK_ADH_WITH_AES_128_SHA256,

  404. 	SSL_kEDH,

  405. 	SSL_aNULL,

  406. 	SSL_AES128,

  407. 	SSL_SHA256,

  408. 	SSL_TLSV1_2,

  409. 	SSL_HIGH|SSL_FIPS,

  410. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  411. 	128,

  412. 	128,

  413. 	},

  414. 

  415. 	/* Cipher 6D */

  416. 	{

  417. 	1,

  418. 	TLS1_TXT_ADH_WITH_AES_256_SHA256,

  419. 	TLS1_CK_ADH_WITH_AES_256_SHA256,

  420. 	SSL_kEDH,

  421. 	SSL_aNULL,

  422. 	SSL_AES256,

  423. 	SSL_SHA256,

  424. 	SSL_TLSV1_2,

  425. 	SSL_HIGH|SSL_FIPS,

  426. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  427. 	256,

  428. 	256,

  429. 	},

  430. 

  431. 

  432. 	/* Cipher 8A */

  433. 	{

  434. 	1,

  435. 	TLS1_TXT_PSK_WITH_RC4_128_SHA,

  436. 	TLS1_CK_PSK_WITH_RC4_128_SHA,

  437. 	SSL_kPSK,

  438. 	SSL_aPSK,

  439. 	SSL_RC4,

  440. 	SSL_SHA1,

  441. 	SSL_TLSV1,

  442. 	SSL_MEDIUM,

  443. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  444. 	128,

  445. 	128,

  446. 	},

  447. 

  448. 	/* Cipher 8C */

  449. 	{

  450. 	1,

  451. 	TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,

  452. 	TLS1_CK_PSK_WITH_AES_128_CBC_SHA,

  453. 	SSL_kPSK,

  454. 	SSL_aPSK,

  455. 	SSL_AES128,

  456. 	SSL_SHA1,

  457. 	SSL_TLSV1,

  458. 	SSL_HIGH|SSL_FIPS,

  459. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  460. 	128,

  461. 	128,

  462. 	},

  463. 

  464. 	/* Cipher 8D */

  465. 	{

  466. 	1,

  467. 	TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,

  468. 	TLS1_CK_PSK_WITH_AES_256_CBC_SHA,

  469. 	SSL_kPSK,

  470. 	SSL_aPSK,

  471. 	SSL_AES256,

  472. 	SSL_SHA1,

  473. 	SSL_TLSV1,

  474. 	SSL_HIGH|SSL_FIPS,

  475. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  476. 	256,

  477. 	256,

  478. 	},

  479. 

  480. 	/* GCM ciphersuites from RFC5288 */

  481. 

  482. 	/* Cipher 9C */

  483. 	{

  484. 	1,

  485. 	TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,

  486. 	TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,

  487. 	SSL_kRSA,

  488. 	SSL_aRSA,

  489. 	SSL_AES128GCM,

  490. 	SSL_AEAD,

  491. 	SSL_TLSV1_2,

  492. 	SSL_HIGH|SSL_FIPS,

  493. 	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  494. 	128,

  495. 	128,

  496. 	},

  497. 

  498. 	/* Cipher 9D */

  499. 	{

  500. 	1,

  501. 	TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,

  502. 	TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,

  503. 	SSL_kRSA,

  504. 	SSL_aRSA,

  505. 	SSL_AES256GCM,

  506. 	SSL_AEAD,

  507. 	SSL_TLSV1_2,

  508. 	SSL_HIGH|SSL_FIPS,

  509. 	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|

  510. 		SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  511. 	256,

  512. 	256,

  513. 	},

  514. 

  515. 	/* Cipher 9E */

  516. 	{

  517. 	1,

  518. 	TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,

  519. 	TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,

  520. 	SSL_kEDH,

  521. 	SSL_aRSA,

  522. 	SSL_AES128GCM,

  523. 	SSL_AEAD,

  524. 	SSL_TLSV1_2,

  525. 	SSL_HIGH|SSL_FIPS,

  526. 	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  527. 	128,

  528. 	128,

  529. 	},

  530. 

  531. 	/* Cipher 9F */

  532. 	{

  533. 	1,

  534. 	TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,

  535. 	TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,

  536. 	SSL_kEDH,

  537. 	SSL_aRSA,

  538. 	SSL_AES256GCM,

  539. 	SSL_AEAD,

  540. 	SSL_TLSV1_2,

  541. 	SSL_HIGH|SSL_FIPS,

  542. 	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|

  543. 		SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  544. 	256,

  545. 	256,

  546. 	},

  547. 

  548. 	/* Cipher A6 */

  549. 	{

  550. 	1,

  551. 	TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,

  552. 	TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,

  553. 	SSL_kEDH,

  554. 	SSL_aNULL,

  555. 	SSL_AES128GCM,

  556. 	SSL_AEAD,

  557. 	SSL_TLSV1_2,

  558. 	SSL_HIGH|SSL_FIPS,

  559. 	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  560. 	128,

  561. 	128,

  562. 	},

  563. 

  564. 	/* Cipher A7 */

  565. 	{

  566. 	1,

  567. 	TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,

  568. 	TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,

  569. 	SSL_kEDH,

  570. 	SSL_aNULL,

  571. 	SSL_AES256GCM,

  572. 	SSL_AEAD,

  573. 	SSL_TLSV1_2,

  574. 	SSL_HIGH|SSL_FIPS,

  575. 	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|

  576. 		SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  577. 	256,

  578. 	256,

  579. 	},

  580. 

  581. 	/* Cipher C007 */

  582. 	{

  583. 	1,

  584. 	TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,

  585. 	TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,

  586. 	SSL_kEECDH,

  587. 	SSL_aECDSA,

  588. 	SSL_RC4,

  589. 	SSL_SHA1,

  590. 	SSL_TLSV1,

  591. 	SSL_MEDIUM,

  592. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  593. 	128,

  594. 	128,

  595. 	},

  596. 

  597. 	/* Cipher C009 */

  598. 	{

  599. 	1,

  600. 	TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,

  601. 	TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,

  602. 	SSL_kEECDH,

  603. 	SSL_aECDSA,

  604. 	SSL_AES128,

  605. 	SSL_SHA1,

  606. 	SSL_TLSV1,

  607. 	SSL_HIGH|SSL_FIPS,

  608. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  609. 	128,

  610. 	128,

  611. 	},

  612. 

  613. 	/* Cipher C00A */

  614. 	{

  615. 	1,

  616. 	TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,

  617. 	TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,

  618. 	SSL_kEECDH,

  619. 	SSL_aECDSA,

  620. 	SSL_AES256,

  621. 	SSL_SHA1,

  622. 	SSL_TLSV1,

  623. 	SSL_HIGH|SSL_FIPS,

  624. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  625. 	256,

  626. 	256,

  627. 	},

  628. 

  629. 	/* Cipher C011 */

  630. 	{

  631. 	1,

  632. 	TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,

  633. 	TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,

  634. 	SSL_kEECDH,

  635. 	SSL_aRSA,

  636. 	SSL_RC4,

  637. 	SSL_SHA1,

  638. 	SSL_TLSV1,

  639. 	SSL_MEDIUM,

  640. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  641. 	128,

  642. 	128,

  643. 	},

  644. 

  645. 	/* Cipher C013 */

  646. 	{

  647. 	1,

  648. 	TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,

  649. 	TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,

  650. 	SSL_kEECDH,

  651. 	SSL_aRSA,

  652. 	SSL_AES128,

  653. 	SSL_SHA1,

  654. 	SSL_TLSV1,

  655. 	SSL_HIGH|SSL_FIPS,

  656. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  657. 	128,

  658. 	128,

  659. 	},

  660. 

  661. 	/* Cipher C014 */

  662. 	{

  663. 	1,

  664. 	TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,

  665. 	TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,

  666. 	SSL_kEECDH,

  667. 	SSL_aRSA,

  668. 	SSL_AES256,

  669. 	SSL_SHA1,

  670. 	SSL_TLSV1,

  671. 	SSL_HIGH|SSL_FIPS,

  672. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  673. 	256,

  674. 	256,

  675. 	},

  676. 

  677. 	/* Cipher C016 */

  678. 	{

  679. 	1,

  680. 	TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,

  681. 	TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,

  682. 	SSL_kEECDH,

  683. 	SSL_aNULL,

  684. 	SSL_RC4,

  685. 	SSL_SHA1,

  686. 	SSL_TLSV1,

  687. 	SSL_MEDIUM,

  688. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  689. 	128,

  690. 	128,

  691. 	},

  692. 

  693. 	/* Cipher C018 */

  694. 	{

  695. 	1,

  696. 	TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,

  697. 	TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,

  698. 	SSL_kEECDH,

  699. 	SSL_aNULL,

  700. 	SSL_AES128,

  701. 	SSL_SHA1,

  702. 	SSL_TLSV1,

  703. 	SSL_HIGH|SSL_FIPS,

  704. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  705. 	128,

  706. 	128,

  707. 	},

  708. 

  709. 	/* Cipher C019 */

  710. 	{

  711. 	1,

  712. 	TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,

  713. 	TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,

  714. 	SSL_kEECDH,

  715. 	SSL_aNULL,

  716. 	SSL_AES256,

  717. 	SSL_SHA1,

  718. 	SSL_TLSV1,

  719. 	SSL_HIGH|SSL_FIPS,

  720. 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,

  721. 	256,

  722. 	256,

  723. 	},

  724. 

  725. 

  726. 	/* HMAC based TLS v1.2 ciphersuites from RFC5289 */

  727. 

  728. 	/* Cipher C023 */

  729. 	{

  730. 	1,

  731. 	TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,

  732. 	TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,

  733. 	SSL_kEECDH,

  734. 	SSL_aECDSA,

  735. 	SSL_AES128,

  736. 	SSL_SHA256,

  737. 	SSL_TLSV1_2,

  738. 	SSL_HIGH|SSL_FIPS,

  739. 	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,

  740. 	128,

  741. 	128,

  742. 	},

  743. 

  744. 	/* Cipher C024 */

  745. 	{

  746. 	1,

  747. 	TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,

  748. 	TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,

  749. 	SSL_kEECDH,

  750. 	SSL_aECDSA,

  751. 	SSL_AES256,

  752. 	SSL_SHA384,

  753. 	SSL_TLSV1_2,

  754. 	SSL_HIGH|SSL_FIPS,

  755. 	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,

  756. 	256,

  757. 	256,

  758. 	},

  759. 

  760. 	/* Cipher C027 */

  761. 	{

  762. 	1,

  763. 	TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,

  764. 	TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,

  765. 	SSL_kEECDH,

  766. 	SSL_aRSA,

  767. 	SSL_AES128,

  768. 	SSL_SHA256,

  769. 	SSL_TLSV1_2,

  770. 	SSL_HIGH|SSL_FIPS,

  771. 	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,

  772. 	128,

  773. 	128,

  774. 	},

  775. 

  776. 	/* Cipher C028 */

  777. 	{

  778. 	1,

  779. 	TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,

  780. 	TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,

  781. 	SSL_kEECDH,

  782. 	SSL_aRSA,

  783. 	SSL_AES256,

  784. 	SSL_SHA384,

  785. 	SSL_TLSV1_2,

  786. 	SSL_HIGH|SSL_FIPS,

  787. 	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,

  788. 	256,

  789. 	256,

  790. 	},

  791. 

  792. 	/* GCM based TLS v1.2 ciphersuites from RFC5289 */

  793. 

  794. 	/* Cipher C02B */

  795. 	{

  796. 	1,

  797. 	TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,

  798. 	TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,

  799. 	SSL_kEECDH,

  800. 	SSL_aECDSA,

  801. 	SSL_AES128GCM,

  802. 	SSL_AEAD,

  803. 	SSL_TLSV1_2,

  804. 	SSL_HIGH|SSL_FIPS,

  805. 	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  806. 	128,

  807. 	128,

  808. 	},

  809. 

  810. 	/* Cipher C02C */

  811. 	{

  812. 	1,

  813. 	TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,

  814. 	TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,

  815. 	SSL_kEECDH,

  816. 	SSL_aECDSA,

  817. 	SSL_AES256GCM,

  818. 	SSL_AEAD,

  819. 	SSL_TLSV1_2,

  820. 	SSL_HIGH|SSL_FIPS,

  821. 	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|

  822. 		SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  823. 	256,

  824. 	256,

  825. 	},

  826. 

  827. 	/* Cipher C02F */

  828. 	{

  829. 	1,

  830. 	TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,

  831. 	TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,

  832. 	SSL_kEECDH,

  833. 	SSL_aRSA,

  834. 	SSL_AES128GCM,

  835. 	SSL_AEAD,

  836. 	SSL_TLSV1_2,

  837. 	SSL_HIGH|SSL_FIPS,

  838. 	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  839. 	128,

  840. 	128,

  841. 	},

  842. 

  843. 	/* Cipher C030 */

  844. 	{

  845. 	1,

  846. 	TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,

  847. 	TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,

  848. 	SSL_kEECDH,

  849. 	SSL_aRSA,

  850. 	SSL_AES256GCM,

  851. 	SSL_AEAD,

  852. 	SSL_TLSV1_2,

  853. 	SSL_HIGH|SSL_FIPS,

  854. 	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|

  855. 		SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  856. 	256,

  857. 	256,

  858. 	},

  859. 

  860.     /* ECDH PSK ciphersuites */

  861. 	/* Cipher CAFE */

  862. 	{

  863. 	1,

  864. 	TLS1_TXT_ECDHE_PSK_WITH_AES_128_GCM_SHA256,

  865. 	TLS1_CK_ECDHE_PSK_WITH_AES_128_GCM_SHA256,

  866. 	SSL_kEECDH,

  867. 	SSL_aPSK,

  868. 	SSL_AES128GCM,

  869. 	SSL_AEAD,

  870. 	SSL_TLSV1_2,

  871. 	SSL_HIGH,

  872. 	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|

  873. 		SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,

  874. 	128,

  875. 	128,

  876. 	},

  877. 

  878. 

  879. 	{

  880. 	1,

  881. 	TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,

  882. 	TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,

  883. 	SSL_kEECDH,

  884. 	SSL_aRSA,

  885. 	SSL_CHACHA20POLY1305,

  886. 	SSL_AEAD,

  887. 	SSL_TLSV1_2,

  888. 	SSL_HIGH,

  889. 	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),

  890. 	256,

  891. 	0,

  892. 	},

  893. 

  894. 	{

  895. 	1,

  896. 	TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,

  897. 	TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305,

  898. 	SSL_kEECDH,

  899. 	SSL_aECDSA,

  900. 	SSL_CHACHA20POLY1305,

  901. 	SSL_AEAD,

  902. 	SSL_TLSV1_2,

  903. 	SSL_HIGH,

  904. 	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),

  905. 	256,

  906. 	0,

  907. 	},

  908. 

  909. 	{

  910. 	1,

  911. 	TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,

  912. 	TLS1_CK_DHE_RSA_CHACHA20_POLY1305,

  913. 	SSL_kEDH,

  914. 	SSL_aRSA,

  915. 	SSL_CHACHA20POLY1305,

  916. 	SSL_AEAD,

  917. 	SSL_TLSV1_2,

  918. 	SSL_HIGH,

  919. 	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),

  920. 	256,

  921. 	0,

  922. 	},

  923. 

  924. /* end of list */

  925. 	};

  926. 

  927. SSL3_ENC_METHOD SSLv3_enc_data={

  928. 	ssl3_enc,

  929. 	n_ssl3_mac,

  930. 	ssl3_setup_key_block,

  931. 	ssl3_generate_master_secret,

  932. 	ssl3_change_cipher_state,

  933. 	ssl3_final_finish_mac,

  934. 	MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,

  935. 	ssl3_cert_verify_mac,

  936. 	SSL3_MD_CLIENT_FINISHED_CONST,4,

  937. 	SSL3_MD_SERVER_FINISHED_CONST,4,

  938. 	ssl3_alert_code,

  939. 	(int (*)(SSL *, unsigned char *, size_t, const char *,

  940. 		 size_t, const unsigned char *, size_t,

  941. 		 int use_context))ssl_undefined_function,

  942. 	0,

  943. 	SSL3_HM_HEADER_LENGTH,

  944. 	ssl3_set_handshake_header,

  945. 	ssl3_handshake_write,

  946. 	ssl3_add_to_finished_hash,

  947. 	};

  948. 

  949. int ssl3_num_ciphers(void)

  950. 	{

  951. 	return(SSL3_NUM_CIPHERS);

  952. 	}

  953. 

  954. const SSL_CIPHER *ssl3_get_cipher(unsigned int u)

  955. 	{

  956. 	if (u < SSL3_NUM_CIPHERS)

  957. 		return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));

  958. 	else

  959. 		return(NULL);

  960. 	}

  961. 

  962. int ssl3_pending(const SSL *s)

  963. 	{

  964. 	if (s->rstate == SSL_ST_READ_BODY)

  965. 		return 0;

  966. 	

  967. 	return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;

  968. 	}

  969. 

  970. void ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)

  971. 	{

  972. 	unsigned char *p = (unsigned char *)s->init_buf->data;

  973. 	*(p++) = htype;

  974. 	l2n3(len, p);

  975. 	s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;

  976. 	s->init_off = 0;

  977. 	}

  978. 

  979. int ssl3_handshake_write(SSL *s, enum should_add_to_finished_hash should_add_to_finished_hash)

  980. 	{

  981. 	return ssl3_do_write(s, SSL3_RT_HANDSHAKE, should_add_to_finished_hash);

  982. 	}

  983. 

  984. void ssl3_add_to_finished_hash(SSL *s)

  985. 	{

  986. 	ssl3_finish_mac(s, (uint8_t*) s->init_buf->data, s->init_num);

  987. 	}

  988. 

  989. int ssl3_new(SSL *s)

  990. 	{

  991. 	SSL3_STATE *s3;

  992. 

  993. 	if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;

  994. 	memset(s3,0,sizeof *s3);

  995. 	memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));

  996. 	memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));

  997. 

  998. 	s->s3=s3;

  999. 

  1000. 	s->tlsext_channel_id_enabled = s->ctx->tlsext_channel_id_enabled;

  1001. 	if (s->ctx->tlsext_channel_id_private)

  1002. 		s->tlsext_channel_id_private = EVP_PKEY_dup(s->ctx->tlsext_channel_id_private);

  1003. 	s->method->ssl_clear(s);

  1004. 	return(1);

  1005. err:

  1006. 	return(0);

  1007. 	}

  1008. 

  1009. void ssl3_free(SSL *s)

  1010. 	{

  1011. 	if(s == NULL)

  1012. 	    return;

  1013. 

  1014. 	ssl3_cleanup_key_block(s);

  1015. 	if (s->s3->rbuf.buf != NULL)

  1016. 		ssl3_release_read_buffer(s);

  1017. 	if (s->s3->wbuf.buf != NULL)

  1018. 		ssl3_release_write_buffer(s);

  1019. 	if (s->s3->tmp.dh != NULL)

  1020. 		DH_free(s->s3->tmp.dh);

  1021. 	if (s->s3->tmp.ecdh != NULL)

  1022. 		EC_KEY_free(s->s3->tmp.ecdh);

  1023. 

  1024. 	if (s->s3->tmp.ca_names != NULL)

  1025. 		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);

  1026. 	if (s->s3->tmp.certificate_types != NULL)

  1027. 		OPENSSL_free(s->s3->tmp.certificate_types);

  1028. 	if (s->s3->tmp.peer_ecpointformatlist)

  1029. 		OPENSSL_free(s->s3->tmp.peer_ecpointformatlist);

  1030. 	if (s->s3->tmp.peer_ellipticcurvelist)

  1031. 		OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist);

  1032. 	if (s->s3->tmp.peer_psk_identity_hint)

  1033. 		OPENSSL_free(s->s3->tmp.peer_psk_identity_hint);

  1034. 	if (s->s3->handshake_buffer) {

  1035. 		BIO_free(s->s3->handshake_buffer);

  1036. 	}

  1037. 	if (s->s3->handshake_dgst) ssl3_free_digest_list(s);

  1038. 	if (s->s3->alpn_selected)

  1039. 		OPENSSL_free(s->s3->alpn_selected);

  1040. 

  1041. 	OPENSSL_cleanse(s->s3,sizeof *s->s3);

  1042. 	OPENSSL_free(s->s3);

  1043. 	s->s3=NULL;

  1044. 	}

  1045. 

  1046. void ssl3_clear(SSL *s)

  1047. 	{

  1048. 	unsigned char *rp,*wp;

  1049. 	size_t rlen, wlen;

  1050. 	int init_extra;

  1051. 

  1052. 	/* TODO(davidben): Can this just call ssl3_free +

  1053. 	 * ssl3_new. rbuf, wbuf, and init_extra are preserved, but

  1054. 	 * this may not serve anything more than saving a malloc. */

  1055. 

  1056. 	ssl3_cleanup_key_block(s);

  1057. 	if (s->s3->tmp.ca_names != NULL)

  1058. 		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);

  1059. 	s->s3->tmp.ca_names = NULL;

  1060. 	if (s->s3->tmp.certificate_types != NULL)

  1061. 		OPENSSL_free(s->s3->tmp.certificate_types);

  1062. 	s->s3->tmp.certificate_types = NULL;

  1063. 	if (s->s3->tmp.peer_ecpointformatlist)

  1064. 		OPENSSL_free(s->s3->tmp.peer_ecpointformatlist);

  1065. 	s->s3->tmp.peer_ecpointformatlist = NULL;

  1066. 	if (s->s3->tmp.peer_ellipticcurvelist)

  1067. 		OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist);

  1068. 	s->s3->tmp.peer_ellipticcurvelist = NULL;

  1069. 	if (s->s3->tmp.peer_psk_identity_hint)

  1070. 		OPENSSL_free(s->s3->tmp.peer_psk_identity_hint);

  1071. 	s->s3->tmp.peer_psk_identity_hint = NULL;

  1072. 

  1073. 	if (s->s3->tmp.dh != NULL)

  1074. 		{

  1075. 		DH_free(s->s3->tmp.dh);

  1076. 		s->s3->tmp.dh = NULL;

  1077. 		}

  1078. 	if (s->s3->tmp.ecdh != NULL)

  1079. 		{

  1080. 		EC_KEY_free(s->s3->tmp.ecdh);

  1081. 		s->s3->tmp.ecdh = NULL;

  1082. 		}

  1083. 	rp = s->s3->rbuf.buf;

  1084. 	wp = s->s3->wbuf.buf;

  1085. 	rlen = s->s3->rbuf.len;

  1086.  	wlen = s->s3->wbuf.len;

  1087. 	init_extra = s->s3->init_extra;

  1088. 	if (s->s3->handshake_buffer) {

  1089. 		BIO_free(s->s3->handshake_buffer);

  1090. 		s->s3->handshake_buffer = NULL;

  1091. 	}

  1092. 	if (s->s3->handshake_dgst) {

  1093. 		ssl3_free_digest_list(s);

  1094. 	}	

  1095. 

  1096. 	if (s->s3->alpn_selected)

  1097. 		{

  1098. 		OPENSSL_free(s->s3->alpn_selected);

  1099. 		s->s3->alpn_selected = NULL;

  1100. 		}

  1101. 	memset(s->s3,0,sizeof *s->s3);

  1102. 	s->s3->rbuf.buf = rp;

  1103. 	s->s3->wbuf.buf = wp;

  1104. 	s->s3->rbuf.len = rlen;

  1105.  	s->s3->wbuf.len = wlen;

  1106. 	s->s3->init_extra = init_extra;

  1107. 

  1108. 	ssl_free_wbio_buffer(s);

  1109. 

  1110. 	s->packet_length=0;

  1111. 	s->s3->renegotiate=0;

  1112. 	s->s3->total_renegotiations=0;

  1113. 	s->s3->num_renegotiations=0;

  1114. 	s->s3->in_read_app_data=0;

  1115. 	s->version = s->method->version;

  1116. 

  1117. 	if (s->next_proto_negotiated)

  1118. 		{

  1119. 		OPENSSL_free(s->next_proto_negotiated);

  1120. 		s->next_proto_negotiated = NULL;

  1121. 		s->next_proto_negotiated_len = 0;

  1122. 		}

  1123. 

  1124. 	s->s3->tlsext_channel_id_valid = 0;

  1125. 	}

  1126. 

  1127. static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);

  1128. 

  1129. long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)

  1130. 	{

  1131. 	int ret=0;

  1132. 

  1133. 	if (cmd == SSL_CTRL_SET_TMP_RSA ||

  1134. 	    cmd == SSL_CTRL_SET_TMP_RSA_CB ||

  1135. 	    cmd == SSL_CTRL_SET_TMP_DH ||

  1136. 	    cmd == SSL_CTRL_SET_TMP_DH_CB)

  1137. 		{

  1138. 		if (!ssl_cert_inst(&s->cert))

  1139. 		    	{

  1140. 			OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_MALLOC_FAILURE);

  1141. 			return(0);

  1142. 			}

  1143. 		}

  1144. 

  1145. 	switch (cmd)

  1146. 		{

  1147. 	case SSL_CTRL_GET_SESSION_REUSED:

  1148. 		ret=s->hit;

  1149. 		break;

  1150. 	case SSL_CTRL_GET_CLIENT_CERT_REQUEST:

  1151. 		break;

  1152. 	case SSL_CTRL_GET_NUM_RENEGOTIATIONS:

  1153. 		ret=s->s3->num_renegotiations;

  1154. 		break;

  1155. 	case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:

  1156. 		ret=s->s3->num_renegotiations;

  1157. 		s->s3->num_renegotiations=0;

  1158. 		break;

  1159. 	case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:

  1160. 		ret=s->s3->total_renegotiations;

  1161. 		break;

  1162. 	case SSL_CTRL_GET_FLAGS:

  1163. 		ret=(int)(s->s3->flags);

  1164. 		break;

  1165. 	case SSL_CTRL_NEED_TMP_RSA:

  1166. 		/* Temporary RSA keys are never used. */

  1167. 		ret = 0;

  1168. 		break;

  1169. 	case SSL_CTRL_SET_TMP_RSA:

  1170. 		/* Temporary RSA keys are never used. */

  1171. 		OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

  1172. 		break;

  1173. 	case SSL_CTRL_SET_TMP_RSA_CB:

  1174. 		{

  1175. 		OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

  1176. 		return(ret);

  1177. 		}

  1178. 		break;

  1179. 	case SSL_CTRL_SET_TMP_DH:

  1180. 		{

  1181. 			DH *dh = (DH *)parg;

  1182. 			if (dh == NULL)

  1183. 				{

  1184. 				OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_PASSED_NULL_PARAMETER);

  1185. 				return(ret);

  1186. 				}

  1187. 			if ((dh = DHparams_dup(dh)) == NULL)

  1188. 				{

  1189. 				OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_DH_LIB);

  1190. 				return(ret);

  1191. 				}

  1192. 			if (!(s->options & SSL_OP_SINGLE_DH_USE))

  1193. 				{

  1194. 				if (!DH_generate_key(dh))

  1195. 					{

  1196. 					DH_free(dh);

  1197. 					OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_DH_LIB);

  1198. 					return(ret);

  1199. 					}

  1200. 				}

  1201. 			if (s->cert->dh_tmp != NULL)

  1202. 				DH_free(s->cert->dh_tmp);

  1203. 			s->cert->dh_tmp = dh;

  1204. 			ret = 1;

  1205. 		}

  1206. 		break;

  1207. 	case SSL_CTRL_SET_TMP_DH_CB:

  1208. 		{

  1209. 		OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

  1210. 		return(ret);

  1211. 		}

  1212. 		break;

  1213. 	case SSL_CTRL_SET_TMP_ECDH:

  1214. 		{

  1215. 		EC_KEY *ecdh = NULL;

  1216.  			

  1217. 		if (parg == NULL)

  1218. 			{

  1219. 			OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_PASSED_NULL_PARAMETER);

  1220. 			return(ret);

  1221. 			}

  1222. 		if (!EC_KEY_up_ref((EC_KEY *)parg))

  1223. 			{

  1224. 			OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_ECDH_LIB);

  1225. 			return(ret);

  1226. 			}

  1227. 		ecdh = (EC_KEY *)parg;

  1228. 		if (!(s->options & SSL_OP_SINGLE_ECDH_USE))

  1229. 			{

  1230. 			if (!EC_KEY_generate_key(ecdh))

  1231. 				{

  1232. 				EC_KEY_free(ecdh);

  1233. 				OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_ECDH_LIB);

  1234. 				return(ret);

  1235. 				}

  1236. 			}

  1237. 		if (s->cert->ecdh_tmp != NULL)

  1238. 			EC_KEY_free(s->cert->ecdh_tmp);

  1239. 		s->cert->ecdh_tmp = ecdh;

  1240. 		ret = 1;

  1241. 		}

  1242. 		break;

  1243. 	case SSL_CTRL_SET_TMP_ECDH_CB:

  1244. 		{

  1245. 		OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

  1246. 		return(ret);

  1247. 		}

  1248. 		break;

  1249. 	case SSL_CTRL_SET_TLSEXT_HOSTNAME:

  1250.  		if (larg == TLSEXT_NAMETYPE_host_name)

  1251. 			{

  1252. 			if (s->tlsext_hostname != NULL) 

  1253. 				OPENSSL_free(s->tlsext_hostname);

  1254. 			s->tlsext_hostname = NULL;

  1255. 

  1256. 			ret = 1;

  1257. 			if (parg == NULL) 

  1258. 				break;

  1259. 			if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)

  1260. 				{

  1261. 				OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, SSL_R_SSL3_EXT_INVALID_SERVERNAME);

  1262. 				return 0;

  1263. 				}

  1264. 			if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)

  1265. 				{

  1266. 				OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_INTERNAL_ERROR);

  1267. 				return 0;

  1268. 				}

  1269. 			}

  1270. 		else

  1271. 			{

  1272. 			OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);

  1273. 			return 0;

  1274. 			}

  1275.  		break;

  1276. 	case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:

  1277. 		s->tlsext_debug_arg=parg;

  1278. 		ret = 1;

  1279. 		break;

  1280. 

  1281. 	case SSL_CTRL_CHAIN:

  1282. 		if (larg)

  1283. 			return ssl_cert_set1_chain(s->cert,

  1284. 						(STACK_OF (X509) *)parg);

  1285. 		else

  1286. 			return ssl_cert_set0_chain(s->cert,

  1287. 						(STACK_OF (X509) *)parg);

  1288. 

  1289. 	case SSL_CTRL_CHAIN_CERT:

  1290. 		if (larg)

  1291. 			return ssl_cert_add1_chain_cert(s->cert, (X509 *)parg);

  1292. 		else

  1293. 			return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg);

  1294. 

  1295. 	case SSL_CTRL_GET_CHAIN_CERTS:

  1296. 		*(STACK_OF(X509) **)parg = s->cert->key->chain;

  1297. 		break;

  1298. 

  1299. 	case SSL_CTRL_SELECT_CURRENT_CERT:

  1300. 		return ssl_cert_select_current(s->cert, (X509 *)parg);

  1301. 

  1302. 	case SSL_CTRL_GET_CURVES:

  1303. 		{

  1304. 		const uint16_t *clist = s->s3->tmp.peer_ellipticcurvelist;

  1305. 		size_t clistlen = s->s3->tmp.peer_ellipticcurvelist_length;

  1306. 		if (parg)

  1307. 			{

  1308. 			size_t i;

  1309. 			int *cptr = parg;

  1310. 			int nid;

  1311. 			for (i = 0; i < clistlen; i++)

  1312. 				{

  1313. 				nid = tls1_ec_curve_id2nid(clist[i]);

  1314. 				if (nid != OBJ_undef)

  1315. 					cptr[i] = nid;

  1316. 				else

  1317. 					cptr[i] = TLSEXT_nid_unknown | clist[i];

  1318. 				}

  1319. 			}

  1320. 		return (int)clistlen;

  1321. 		}

  1322. 

  1323. 	case SSL_CTRL_SET_CURVES:

  1324. 		return tls1_set_curves(&s->tlsext_ellipticcurvelist,

  1325. 					&s->tlsext_ellipticcurvelist_length,

  1326. 								parg, larg);

  1327. 

  1328. 	case SSL_CTRL_SET_ECDH_AUTO:

  1329. 		s->cert->ecdh_tmp_auto = larg;

  1330. 		return 1;

  1331. 	case SSL_CTRL_SET_SIGALGS:

  1332. 		return tls1_set_sigalgs(s->cert, parg, larg, 0);

  1333. 

  1334. 	case SSL_CTRL_SET_CLIENT_SIGALGS:

  1335. 		return tls1_set_sigalgs(s->cert, parg, larg, 1);

  1336. 

  1337. 	case SSL_CTRL_GET_CLIENT_CERT_TYPES:

  1338. 		{

  1339. 		const unsigned char **pctype = parg;

  1340. 		if (s->server || !s->s3->tmp.cert_req)

  1341. 			return 0;

  1342. 		if (pctype)

  1343. 			*pctype = s->s3->tmp.certificate_types;

  1344. 		return (int)s->s3->tmp.num_certificate_types;

  1345. 		}

  1346. 

  1347. 	case SSL_CTRL_SET_CLIENT_CERT_TYPES:

  1348. 		if (!s->server)

  1349. 			return 0;

  1350. 		return ssl3_set_req_cert_type(s->cert, parg, larg);

  1351. 

  1352. 	case SSL_CTRL_BUILD_CERT_CHAIN:

  1353. 		return ssl_build_cert_chain(s->cert, s->ctx->cert_store, larg);

  1354. 

  1355. 	case SSL_CTRL_SET_VERIFY_CERT_STORE:

  1356. 		return ssl_cert_set_cert_store(s->cert, parg, 0, larg);

  1357. 

  1358. 	case SSL_CTRL_SET_CHAIN_CERT_STORE:

  1359. 		return ssl_cert_set_cert_store(s->cert, parg, 1, larg);

  1360. 

  1361. 	case SSL_CTRL_GET_PEER_SIGNATURE_NID:

  1362. 		if (SSL_USE_SIGALGS(s))

  1363. 			{

  1364. 			if (s->session && s->session->sess_cert)

  1365. 				{

  1366. 				const EVP_MD *sig;

  1367. 				sig = s->session->sess_cert->peer_key->digest;

  1368. 				if (sig)

  1369. 					{

  1370. 					*(int *)parg = EVP_MD_type(sig);

  1371. 					return 1;

  1372. 					}

  1373. 				}

  1374. 			return 0;

  1375. 			}

  1376. 		/* Might want to do something here for other versions */

  1377. 		else

  1378. 			return 0;

  1379. 

  1380. 	case SSL_CTRL_GET_SERVER_TMP_KEY:

  1381. 		if (s->server || !s->session || !s->session->sess_cert)

  1382. 			return 0;

  1383. 		else

  1384. 			{

  1385. 			SESS_CERT *sc;

  1386. 			EVP_PKEY *ptmp;

  1387. 			int rv = 0;

  1388. 			sc = s->session->sess_cert;

  1389. 			if (!sc->peer_dh_tmp && !sc->peer_ecdh_tmp)

  1390. 				return 0;

  1391. 			ptmp = EVP_PKEY_new();

  1392. 			if (!ptmp)

  1393. 				return 0;

  1394. 			if (sc->peer_dh_tmp)

  1395. 				rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);

  1396. 			else if (sc->peer_ecdh_tmp)

  1397. 				rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);

  1398. 			if (rv)

  1399. 				{

  1400. 				*(EVP_PKEY **)parg = ptmp;

  1401. 				return 1;

  1402. 				}

  1403. 			EVP_PKEY_free(ptmp);

  1404. 			return 0;

  1405. 			}

  1406. 	case SSL_CTRL_GET_EC_POINT_FORMATS:

  1407. 		{

  1408. 		const uint8_t **pformat = parg;

  1409. 		if (!s->s3->tmp.peer_ecpointformatlist)

  1410. 			return 0;

  1411. 		*pformat = s->s3->tmp.peer_ecpointformatlist;

  1412. 		return (int)s->s3->tmp.peer_ecpointformatlist_length;

  1413. 		}

  1414. 

  1415. 	case SSL_CTRL_CHANNEL_ID:

  1416. 		s->tlsext_channel_id_enabled = 1;

  1417. 		ret = 1;

  1418. 		break;

  1419. 

  1420. 	case SSL_CTRL_SET_CHANNEL_ID:

  1421. 		if (s->server)

  1422. 			break;

  1423. 		s->tlsext_channel_id_enabled = 1;

  1424. 		if (EVP_PKEY_bits(parg) != 256)

  1425. 			{

  1426. 			OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, SSL_R_CHANNEL_ID_NOT_P256);

  1427. 			break;

  1428. 			}

  1429. 		if (s->tlsext_channel_id_private)

  1430. 			EVP_PKEY_free(s->tlsext_channel_id_private);

  1431. 		s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg);

  1432. 		ret = 1;

  1433. 		break;

  1434. 

  1435. 	case SSL_CTRL_GET_CHANNEL_ID:

  1436. 		if (!s->server)

  1437. 			break;

  1438. 		if (!s->s3->tlsext_channel_id_valid)

  1439. 			break;

  1440. 		memcpy(parg, s->s3->tlsext_channel_id, larg < 64 ? larg : 64);

  1441. 		return 64;

  1442. 

  1443. 	case SSL_CTRL_FALLBACK_SCSV:

  1444. 		if (s->server)

  1445. 			break;

  1446. 		s->fallback_scsv = 1;

  1447. 		ret = 1;

  1448. 		break;

  1449. 

  1450. 	default:

  1451. 		break;

  1452. 		}

  1453. 	return(ret);

  1454. 	}

  1455. 

  1456. long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))

  1457. 	{

  1458. 	int ret=0;

  1459. 

  1460. 	if (cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH_CB)

  1461. 		{

  1462. 		if (!ssl_cert_inst(&s->cert))

  1463. 			{

  1464. 			OPENSSL_PUT_ERROR(SSL, ssl3_callback_ctrl, ERR_R_MALLOC_FAILURE);

  1465. 			return(0);

  1466. 			}

  1467. 		}

  1468. 

  1469. 	switch (cmd)

  1470. 		{

  1471. 	case SSL_CTRL_SET_TMP_RSA_CB:

  1472. 		/* Ignore the callback; temporary RSA keys are never used. */

  1473. 		break;

  1474. 	case SSL_CTRL_SET_TMP_DH_CB:

  1475. 		{

  1476. 		s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;

  1477. 		}

  1478. 		break;

  1479. 	case SSL_CTRL_SET_TMP_ECDH_CB:

  1480. 		{

  1481. 		s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;

  1482. 		}

  1483. 		break;

  1484. 	case SSL_CTRL_SET_TLSEXT_DEBUG_CB:

  1485. 		s->tlsext_debug_cb=(void (*)(SSL *,int ,int,

  1486. 					unsigned char *, int, void *))fp;

  1487. 		break;

  1488. 	default:

  1489. 		break;

  1490. 		}

  1491. 	return(ret);

  1492. 	}

  1493. 

  1494. long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)

  1495. 	{

  1496. 	CERT *cert;

  1497. 

  1498. 	cert=ctx->cert;

  1499. 

  1500. 	switch (cmd)

  1501. 		{

  1502. 	case SSL_CTRL_NEED_TMP_RSA:

  1503. 		/* Temporary RSA keys are never used. */

  1504. 		return 0;

  1505. 	case SSL_CTRL_SET_TMP_RSA:

  1506. 		OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

  1507. 		return 0;

  1508. 	case SSL_CTRL_SET_TMP_RSA_CB:

  1509. 		{

  1510. 		OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

  1511. 		return(0);

  1512. 		}

  1513. 		break;

  1514. 	case SSL_CTRL_SET_TMP_DH:

  1515. 		{

  1516. 		DH *new=NULL,*dh;

  1517. 

  1518. 		dh=(DH *)parg;

  1519. 		if ((new=DHparams_dup(dh)) == NULL)

  1520. 			{

  1521. 			OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_DH_LIB);

  1522. 			return 0;

  1523. 			}

  1524. 		if (!(ctx->options & SSL_OP_SINGLE_DH_USE))

  1525. 			{

  1526. 			if (!DH_generate_key(new))

  1527. 				{

  1528. 				OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_DH_LIB);

  1529. 				DH_free(new);

  1530. 				return 0;

  1531. 				}

  1532. 			}

  1533. 		if (cert->dh_tmp != NULL)

  1534. 			DH_free(cert->dh_tmp);

  1535. 		cert->dh_tmp=new;

  1536. 		return 1;

  1537. 		}

  1538. 		/*break; */

  1539. 	case SSL_CTRL_SET_TMP_DH_CB:

  1540. 		{

  1541. 		OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

  1542. 		return(0);

  1543. 		}

  1544. 		break;

  1545. 	case SSL_CTRL_SET_TMP_ECDH:

  1546. 		{

  1547. 		EC_KEY *ecdh = NULL;

  1548.  			

  1549. 		if (parg == NULL)

  1550. 			{

  1551. 			OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_ECDH_LIB);

  1552. 			return 0;

  1553. 			}

  1554. 		ecdh = EC_KEY_dup((EC_KEY *)parg);

  1555. 		if (ecdh == NULL)

  1556. 			{

  1557. 			OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_EC_LIB);

  1558. 			return 0;

  1559. 			}

  1560. 		if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))

  1561. 			{

  1562. 			if (!EC_KEY_generate_key(ecdh))

  1563. 				{

  1564. 				EC_KEY_free(ecdh);

  1565. 				OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_ECDH_LIB);

  1566. 				return 0;

  1567. 				}

  1568. 			}

  1569. 

  1570. 		if (cert->ecdh_tmp != NULL)

  1571. 			{

  1572. 			EC_KEY_free(cert->ecdh_tmp);

  1573. 			}

  1574. 		cert->ecdh_tmp = ecdh;

  1575. 		return 1;

  1576. 		}

  1577. 		/* break; */

  1578. 	case SSL_CTRL_SET_TMP_ECDH_CB:

  1579. 		{

  1580. 		OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

  1581. 		return(0);

  1582. 		}

  1583. 		break;

  1584. 	case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:

  1585. 		ctx->tlsext_servername_arg=parg;

  1586. 		break;

  1587. 	case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:

  1588. 	case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:

  1589. 		{

  1590. 		unsigned char *keys = parg;

  1591. 		if (!keys)

  1592. 			return 48;

  1593. 		if (larg != 48)

  1594. 			{

  1595. 			OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, SSL_R_INVALID_TICKET_KEYS_LENGTH);

  1596. 			return 0;

  1597. 			}

  1598. 		if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)

  1599. 			{

  1600. 			memcpy(ctx->tlsext_tick_key_name, keys, 16);

  1601. 			memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);

  1602. 			memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);

  1603. 			}

  1604. 		else

  1605. 			{

  1606. 			memcpy(keys, ctx->tlsext_tick_key_name, 16);

  1607. 			memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);

  1608. 			memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);

  1609. 			}

  1610. 		return 1;

  1611. 		}

  1612. 

  1613. 	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:

  1614. 		ctx->tlsext_status_arg=parg;

  1615. 		return 1;

  1616. 		break;

  1617. 

  1618. 	case SSL_CTRL_SET_CURVES:

  1619. 		return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,

  1620. 					&ctx->tlsext_ellipticcurvelist_length,

  1621. 								parg, larg);

  1622. 

  1623. 	case SSL_CTRL_SET_ECDH_AUTO:

  1624. 		ctx->cert->ecdh_tmp_auto = larg;

  1625. 		return 1;

  1626. 	case SSL_CTRL_SET_SIGALGS:

  1627. 		return tls1_set_sigalgs(ctx->cert, parg, larg, 0);

  1628. 

  1629. 	case SSL_CTRL_SET_CLIENT_SIGALGS:

  1630. 		return tls1_set_sigalgs(ctx->cert, parg, larg, 1);

  1631. 

  1632. 	case SSL_CTRL_SET_CLIENT_CERT_TYPES:

  1633. 		return ssl3_set_req_cert_type(ctx->cert, parg, larg);

  1634. 

  1635. 	case SSL_CTRL_BUILD_CERT_CHAIN:

  1636. 		return ssl_build_cert_chain(ctx->cert, ctx->cert_store, larg);

  1637. 

  1638. 	case SSL_CTRL_SET_VERIFY_CERT_STORE:

  1639. 		return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);

  1640. 

  1641. 	case SSL_CTRL_SET_CHAIN_CERT_STORE:

  1642. 		return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);

  1643. 

  1644. 

  1645. 	/* A Thawte special :-) */

  1646. 	case SSL_CTRL_EXTRA_CHAIN_CERT:

  1647. 		if (ctx->extra_certs == NULL)

  1648. 			{

  1649. 			if ((ctx->extra_certs=sk_X509_new_null()) == NULL)

  1650. 				return(0);

  1651. 			}

  1652. 		sk_X509_push(ctx->extra_certs,(X509 *)parg);

  1653. 		break;

  1654. 

  1655. 	case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:

  1656. 		if (ctx->extra_certs == NULL && larg == 0)

  1657. 			*(STACK_OF(X509) **)parg =  ctx->cert->key->chain;

  1658. 		else

  1659. 			*(STACK_OF(X509) **)parg =  ctx->extra_certs;

  1660. 		break;

  1661. 

  1662. 	case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:

  1663. 		if (ctx->extra_certs)

  1664. 			{

  1665. 			sk_X509_pop_free(ctx->extra_certs, X509_free);

  1666. 			ctx->extra_certs = NULL;

  1667. 			}

  1668. 		break;

  1669. 

  1670. 	case SSL_CTRL_CHAIN:

  1671. 		if (larg)

  1672. 			return ssl_cert_set1_chain(ctx->cert,

  1673. 						(STACK_OF (X509) *)parg);

  1674. 		else

  1675. 			return ssl_cert_set0_chain(ctx->cert,

  1676. 						(STACK_OF (X509) *)parg);

  1677. 

  1678. 	case SSL_CTRL_CHAIN_CERT:

  1679. 		if (larg)

  1680. 			return ssl_cert_add1_chain_cert(ctx->cert, (X509 *)parg);

  1681. 		else

  1682. 			return ssl_cert_add0_chain_cert(ctx->cert, (X509 *)parg);

  1683. 

  1684. 	case SSL_CTRL_GET_CHAIN_CERTS:

  1685. 		*(STACK_OF(X509) **)parg = ctx->cert->key->chain;

  1686. 		break;

  1687. 

  1688. 	case SSL_CTRL_SELECT_CURRENT_CERT:

  1689. 		return ssl_cert_select_current(ctx->cert, (X509 *)parg);

  1690. 

  1691. 	case SSL_CTRL_CHANNEL_ID:

  1692. 		/* must be called on a server */

  1693. 		if (ctx->method->ssl_accept == ssl_undefined_function)

  1694. 			return 0;

  1695. 		ctx->tlsext_channel_id_enabled=1;

  1696. 		return 1;

  1697. 

  1698. 	case SSL_CTRL_SET_CHANNEL_ID:

  1699. 		ctx->tlsext_channel_id_enabled = 1;

  1700. 		if (EVP_PKEY_bits(parg) != 256)

  1701. 			{

  1702. 			OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, SSL_R_CHANNEL_ID_NOT_P256);

  1703. 			break;

  1704. 			}

  1705. 		if (ctx->tlsext_channel_id_private)

  1706. 			EVP_PKEY_free(ctx->tlsext_channel_id_private);

  1707. 		ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg);

  1708. 		break;

  1709. 

  1710. 	default:

  1711. 		return(0);

  1712. 		}

  1713. 	return(1);

  1714. 	}

  1715. 

  1716. long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))

  1717. 	{

  1718. 	CERT *cert;

  1719. 

  1720. 	cert=ctx->cert;

  1721. 

  1722. 	switch (cmd)

  1723. 		{

  1724. 	case SSL_CTRL_SET_TMP_RSA_CB:

  1725. 		/* Ignore the callback; temporary RSA keys are never used. */

  1726. 		break;

  1727. 	case SSL_CTRL_SET_TMP_DH_CB:

  1728. 		{

  1729. 		cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;

  1730. 		}

  1731. 		break;

  1732. 	case SSL_CTRL_SET_TMP_ECDH_CB:

  1733. 		{

  1734. 		cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;

  1735. 		}

  1736. 		break;

  1737. 	case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:

  1738. 		ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;

  1739. 		break;

  1740. 

  1741. 	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:

  1742. 		ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;

  1743. 		break;

  1744. 

  1745. 	case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:

  1746. 		ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char  *,

  1747. 						unsigned char *,

  1748. 						EVP_CIPHER_CTX *,

  1749. 						HMAC_CTX *, int))fp;

  1750. 		break;

  1751. 

  1752. 	default:

  1753. 		return(0);

  1754. 		}

  1755. 	return(1);

  1756. 	}

  1757. 

  1758. /* ssl3_get_cipher_by_value returns the SSL_CIPHER with value |value| or NULL if

  1759.  * none exists.

  1760.  *

  1761.  * This function needs to check if the ciphers required are actually

  1762.  * available. */

  1763. const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value)

  1764. 	{

  1765. 	SSL_CIPHER c;

  1766. 

  1767. 	c.id = 0x03000000L|value;

  1768. 	return bsearch(&c, ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(SSL_CIPHER), ssl_cipher_id_cmp);

  1769. 	}

  1770. 

  1771. /* ssl3_get_cipher_by_value returns the cipher value of |c|. */

  1772. uint16_t ssl3_get_cipher_value(const SSL_CIPHER *c)

  1773. 	{

  1774. 	unsigned long id = c->id;

  1775. 	/* All ciphers are SSLv3 now. */

  1776. 	assert((id & 0xff000000) == 0x03000000);

  1777. 	return id & 0xffff;

  1778. 	}

  1779. 

  1780. struct ssl_cipher_preference_list_st* ssl_get_cipher_preferences(SSL *s)

  1781. 	{

  1782. 	if (s->cipher_list != NULL)

  1783. 		return(s->cipher_list);

  1784. 

  1785. 	if (s->version >= TLS1_1_VERSION)

  1786. 		{

  1787. 		if (s->ctx != NULL && s->ctx->cipher_list_tls11 != NULL)

  1788. 			return s->ctx->cipher_list_tls11;

  1789. 		}

  1790. 

  1791. 	if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL))

  1792. 		return(s->ctx->cipher_list);

  1793. 

  1794. 	return NULL;

  1795. 	}

  1796. 

  1797. const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,

  1798. 	     struct ssl_cipher_preference_list_st *server_pref)

  1799. 	{

  1800. 	const SSL_CIPHER *c,*ret=NULL;

  1801. 	STACK_OF(SSL_CIPHER) *srvr = server_pref->ciphers, *prio, *allow;

  1802. 	size_t i;

  1803. 	int ok;

  1804. 	size_t cipher_index;

  1805. 	CERT *cert;

  1806. 	unsigned long alg_k,alg_a,mask_k,mask_a;

  1807. 	/* in_group_flags will either be NULL, or will point to an array of

  1808. 	 * bytes which indicate equal-preference groups in the |prio| stack.

  1809. 	 * See the comment about |in_group_flags| in the

  1810. 	 * |ssl_cipher_preference_list_st| struct. */

  1811. 	const unsigned char *in_group_flags;

  1812. 	/* group_min contains the minimal index so far found in a group, or -1

  1813. 	 * if no such value exists yet. */

  1814. 	int group_min = -1;

  1815. 

  1816. 	/* Let's see which ciphers we can support */

  1817. 	cert=s->cert;

  1818. 

  1819. #if 0

  1820. 	/* Do not set the compare functions, because this may lead to a

  1821. 	 * reordering by "id". We want to keep the original ordering.

  1822. 	 * We may pay a price in performance during sk_SSL_CIPHER_find(),

  1823. 	 * but would have to pay with the price of sk_SSL_CIPHER_dup().

  1824. 	 */

  1825. 	sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);

  1826. 	sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);

  1827. #endif

  1828. 

  1829. #ifdef CIPHER_DEBUG

  1830. 	printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);

  1831. 	for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)

  1832. 		{

  1833. 		c=sk_SSL_CIPHER_value(srvr,i);

  1834. 		printf("%p:%s\n",(void *)c,c->name);

  1835. 		}

  1836. 	printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);

  1837. 	for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)

  1838. 	    {

  1839. 	    c=sk_SSL_CIPHER_value(clnt,i);

  1840. 	    printf("%p:%s\n",(void *)c,c->name);

  1841. 	    }

  1842. #endif

  1843. 

  1844. 	if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)

  1845. 		{

  1846. 		prio = srvr;

  1847. 		in_group_flags = server_pref->in_group_flags;

  1848. 		allow = clnt;

  1849. 		}

  1850. 	else

  1851. 		{

  1852. 		prio = clnt;

  1853. 		in_group_flags = NULL;

  1854. 		allow = srvr;

  1855. 		}

  1856. 

  1857. 	tls1_set_cert_validity(s);

  1858. 

  1859. 	for (i=0; i<sk_SSL_CIPHER_num(prio); i++)

  1860. 		{

  1861. 		c=sk_SSL_CIPHER_value(prio,i);

  1862. 

  1863. 		ok = 1;

  1864. 

  1865. 		/* Skip TLS v1.2 only ciphersuites if not supported */

  1866. 		if ((c->algorithm_ssl & SSL_TLSV1_2) &&

  1867. 			!SSL_USE_TLS1_2_CIPHERS(s))

  1868. 			ok = 0;

  1869. 

  1870. 		ssl_set_cert_masks(cert,c);

  1871. 		mask_k = cert->mask_k;

  1872. 		mask_a = cert->mask_a;

  1873. 

  1874. 		alg_k=c->algorithm_mkey;

  1875. 		alg_a=c->algorithm_auth;

  1876. 

  1877. 		/* with PSK there must be server callback set */

  1878. 		if ((alg_a & SSL_aPSK) && s->psk_server_callback == NULL)

  1879. 			ok = 0;

  1880. 

  1881. 		ok = ok && (alg_k & mask_k) && (alg_a & mask_a);

  1882. #ifdef CIPHER_DEBUG

  1883. 		printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,

  1884. 		       c->name);

  1885. #endif

  1886. 

  1887. 		/* if we are considering an ECC cipher suite that uses

  1888. 		 * an ephemeral EC key check it */

  1889. 		if (alg_k & SSL_kEECDH)

  1890. 			ok = ok && tls1_check_ec_tmp_key(s);

  1891. 

  1892. 		if (ok && sk_SSL_CIPHER_find(allow, &cipher_index, c))

  1893. 			{

  1894. 			if (in_group_flags != NULL && in_group_flags[i] == 1)

  1895. 				{

  1896. 				/* This element of |prio| is in a group. Update

  1897. 				 * the minimum index found so far and continue

  1898. 				 * looking. */

  1899. 				if (group_min == -1 || (size_t)group_min > cipher_index)

  1900. 					group_min = cipher_index;

  1901. 				}

  1902. 			else

  1903. 				{

  1904. 				if (group_min != -1 && (size_t)group_min < cipher_index)

  1905. 					cipher_index = group_min;

  1906. 				ret=sk_SSL_CIPHER_value(allow,cipher_index);

  1907. 				break;

  1908. 				}

  1909. 			}

  1910. 

  1911. 		if (in_group_flags != NULL &&

  1912. 		    in_group_flags[i] == 0 &&

  1913. 		    group_min != -1)

  1914. 			{

  1915. 			/* We are about to leave a group, but we found a match

  1916. 			 * in it, so that's our answer. */

  1917. 			ret=sk_SSL_CIPHER_value(allow,group_min);

  1918. 			break;

  1919. 			}

  1920. 		}

  1921. 	return(ret);

  1922. 	}

  1923. 

  1924. int ssl3_get_req_cert_type(SSL *s, unsigned char *p)

  1925. 	{

  1926. 	int ret=0;

  1927. 	const unsigned char *sig;

  1928. 	size_t i, siglen;

  1929. 	int have_rsa_sign = 0;

  1930. 	int have_ecdsa_sign = 0;

  1931. 

  1932. 	/* If we have custom certificate types set, use them */

  1933. 	if (s->cert->client_certificate_types)

  1934. 		{

  1935. 		memcpy(p, s->cert->client_certificate_types,

  1936. 			s->cert->num_client_certificate_types);

  1937. 		return (int)s->cert->num_client_certificate_types;

  1938. 		}

  1939. 	/* get configured sigalgs */

  1940. 	siglen = tls12_get_psigalgs(s, &sig);

  1941. 	for (i = 0; i < siglen; i+=2, sig+=2)

  1942. 		{

  1943. 		switch(sig[1])

  1944. 			{

  1945. 		case TLSEXT_signature_rsa:

  1946. 			have_rsa_sign = 1;

  1947. 			break;

  1948. 

  1949. 		case TLSEXT_signature_ecdsa:

  1950. 			have_ecdsa_sign = 1;

  1951. 			break;

  1952. 			}

  1953. 		}

  1954. 

  1955. 	if (have_rsa_sign)

  1956. 		p[ret++]=SSL3_CT_RSA_SIGN;

  1957. 

  1958. 	/* ECDSA certs can be used with RSA cipher suites as well 

  1959. 	 * so we don't need to check for SSL_kECDH or SSL_kEECDH

  1960. 	 */

  1961. 	if (s->version >= TLS1_VERSION)

  1962. 		{

  1963. 		if (have_ecdsa_sign)

  1964. 			p[ret++]=TLS_CT_ECDSA_SIGN;

  1965. 		}

  1966. 	return(ret);

  1967. 	}

  1968. 

  1969. static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)

  1970. 	{

  1971. 	if (c->client_certificate_types)

  1972. 		{

  1973. 		OPENSSL_free(c->client_certificate_types);

  1974. 		c->client_certificate_types = NULL;

  1975. 		}

  1976. 	c->num_client_certificate_types = 0;

  1977. 	if (!p || !len)

  1978. 		return 1;

  1979. 	if (len > 0xff)

  1980. 		return 0;

  1981. 	c->client_certificate_types = BUF_memdup(p, len);

  1982. 	if (!c->client_certificate_types)

  1983. 		return 0;

  1984. 	c->num_client_certificate_types = len;

  1985. 	return 1;

  1986. 	}

  1987. 

  1988. int ssl3_shutdown(SSL *s)

  1989. 	{

  1990. 	int ret;

  1991. 

  1992. 	/* Don't do anything much if we have not done the handshake or

  1993. 	 * we don't want to send messages :-) */

  1994. 	if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))

  1995. 		{

  1996. 		s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);

  1997. 		return(1);

  1998. 		}

  1999. 

  2000. 	if (!(s->shutdown & SSL_SENT_SHUTDOWN))

  2001. 		{

  2002. 		s->shutdown|=SSL_SENT_SHUTDOWN;

  2003. #if 1

  2004. 		ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);

  2005. #endif

  2006. 		/* our shutdown alert has been sent now, and if it still needs

  2007. 	 	 * to be written, s->s3->alert_dispatch will be true */

  2008. 	 	if (s->s3->alert_dispatch)

  2009. 	 		return(-1);	/* return WANT_WRITE */

  2010. 		}

  2011. 	else if (s->s3->alert_dispatch)

  2012. 		{

  2013. 		/* resend it if not sent */

  2014. #if 1

  2015. 		ret=s->method->ssl_dispatch_alert(s);

  2016. 		if(ret == -1)

  2017. 			{

  2018. 			/* we only get to return -1 here the 2nd/Nth

  2019. 			 * invocation, we must  have already signalled

  2020. 			 * return 0 upon a previous invoation,

  2021. 			 * return WANT_WRITE */

  2022. 			return(ret);

  2023. 			}

  2024. #endif

  2025. 		}

  2026. 	else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))

  2027. 		{

  2028. 		/* If we are waiting for a close from our peer, we are closed */

  2029. 		s->method->ssl_read_bytes(s,0,NULL,0,0);

  2030. 		if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN))

  2031. 			{

  2032. 			return(-1);	/* return WANT_READ */

  2033. 			}

  2034. 		}

  2035. 

  2036. 	if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&

  2037. 		!s->s3->alert_dispatch)

  2038. 		return(1);

  2039. 	else

  2040. 		return(0);

  2041. 	}

  2042. 

  2043. int ssl3_write(SSL *s, const void *buf, int len)

  2044. 	{

  2045. #if 0

  2046. 	if (s->shutdown & SSL_SEND_SHUTDOWN)

  2047. 		{

  2048. 		s->rwstate=SSL_NOTHING;

  2049. 		return(0);

  2050. 		}

  2051. #endif

  2052. 	ERR_clear_system_error();

  2053. 	if (s->s3->renegotiate) ssl3_renegotiate_check(s);

  2054. 

  2055. 	return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf,

  2056. 		len);

  2057. 	}

  2058. 

  2059. static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)

  2060. 	{

  2061. 	int ret;

  2062. 	

  2063. 	ERR_clear_system_error();

  2064. 	if (s->s3->renegotiate) ssl3_renegotiate_check(s);

  2065. 	s->s3->in_read_app_data=1;

  2066. 	ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);

  2067. 	if ((ret == -1) && (s->s3->in_read_app_data == 2))

  2068. 		{

  2069. 		/* ssl3_read_bytes decided to call s->handshake_func, which

  2070. 		 * called ssl3_read_bytes to read handshake data.

  2071. 		 * However, ssl3_read_bytes actually found application data

  2072. 		 * and thinks that application data makes sense here; so disable

  2073. 		 * handshake processing and try to read application data again. */

  2074. 		s->in_handshake++;

  2075. 		ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);

  2076. 		s->in_handshake--;

  2077. 		}

  2078. 	else

  2079. 		s->s3->in_read_app_data=0;

  2080. 

  2081. 	return(ret);

  2082. 	}

  2083. 

  2084. int ssl3_read(SSL *s, void *buf, int len)

  2085. 	{

  2086. 	return ssl3_read_internal(s, buf, len, 0);

  2087. 	}

  2088. 

  2089. int ssl3_peek(SSL *s, void *buf, int len)

  2090. 	{

  2091. 	return ssl3_read_internal(s, buf, len, 1);

  2092. 	}

  2093. 

  2094. int ssl3_renegotiate(SSL *s)

  2095. 	{

  2096. 	if (s->handshake_func == NULL)

  2097. 		return(1);

  2098. 

  2099. 	if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)

  2100. 		return(0);

  2101. 

  2102. 	s->s3->renegotiate=1;

  2103. 	return(1);

  2104. 	}

  2105. 

  2106. int ssl3_renegotiate_check(SSL *s)

  2107. 	{

  2108. 	int ret=0;

  2109. 

  2110. 	if (s->s3->renegotiate)

  2111. 		{

  2112. 		if (	(s->s3->rbuf.left == 0) &&

  2113. 			(s->s3->wbuf.left == 0) &&

  2114. 			!SSL_in_init(s))

  2115. 			{

  2116. /*

  2117. if we are the server, and we have sent a 'RENEGOTIATE' message, we

  2118. need to go to SSL_ST_ACCEPT.

  2119. */

  2120. 			/* SSL_ST_ACCEPT */

  2121. 			s->state=SSL_ST_RENEGOTIATE;

  2122. 			s->s3->renegotiate=0;

  2123. 			s->s3->num_renegotiations++;

  2124. 			s->s3->total_renegotiations++;

  2125. 			ret=1;

  2126. 			}

  2127. 		}

  2128. 	return(ret);

  2129. 	}

  2130. /* If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF

  2131.  * and handshake macs if required.

  2132.  */

  2133. long ssl_get_algorithm2(SSL *s)

  2134. 	{

  2135. 	static const unsigned long kMask = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF;

  2136. 	long alg2 = s->s3->tmp.new_cipher->algorithm2;

  2137. 	if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF

  2138. 	    && (alg2 & kMask) == kMask)

  2139. 		return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;

  2140. 	return alg2;

  2141. 	}