In going through our internal code I came across some changes that we
should look at putting into OpenSSL. I've attached a large DIFF against
the current CVS tree (all changes in the /ssl/ directory).
"This patch is a fix so that the version number in the master secret, when
passed via RSA, checks that if TLS was proposed, but we roll back to
SSLv3 (because the server will not accept higher), that the version
number is 0x03,0x01, not 0x03,0x00"
It also makes some changes and fixes to the SSL compression code. I
didn't commit this to the archive as it is a fairly substantial set of
changes that I have not tested completely.
Mark
Index: s23_clnt.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s23_clnt.c,v
retrieving revision 1.1.1.3
diff -c -r1.1.1.3 s23_clnt.c
*** s23_clnt.c 1998/12/21 11:00:03 1.1.1.3
--- s23_clnt.c 1999/01/31 12:15:07
***************
*** 134,139 ****
--- 134,146 ----
case SSL_ST_BEFORE|SSL_ST_CONNECT:
case SSL_ST_OK|SSL_ST_CONNECT:
+ if (s->session != NULL)
+ {
+
+SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE);
+ ret= -1;
+ goto end;
+ }
+ s->server=0;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
/* s->version=TLS1_VERSION; */
***************
*** 159,165 ****
ssl3_init_finished_mac(s);
s->state=SSL23_ST_CW_CLNT_HELLO_A;
! s->ctx->sess_connect++;
s->init_num=0;
break;
--- 166,172 ----
ssl3_init_finished_mac(s);
s->state=SSL23_ST_CW_CLNT_HELLO_A;
! s->ctx->stats.sess_connect++;
s->init_num=0;
break;
***************
*** 236,251 ****
--- 243,261 ----
{
*(d++)=TLS1_VERSION_MAJOR;
*(d++)=TLS1_VERSION_MINOR;
+ s->client_version=TLS1_VERSION;
}
else if (!(s->options & SSL_OP_NO_SSLv3))
{
*(d++)=SSL3_VERSION_MAJOR;
*(d++)=SSL3_VERSION_MINOR;
+ s->client_version=SSL3_VERSION;
}
else if (!(s->options & SSL_OP_NO_SSLv2))
{
*(d++)=SSL2_VERSION_MAJOR;
*(d++)=SSL2_VERSION_MINOR;
+ s->client_version=SSL2_VERSION;
}
else
{
Index: s23_pkt.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s23_pkt.c,v
retrieving revision 1.1.1.2
diff -c -r1.1.1.2 s23_pkt.c
*** s23_pkt.c 1998/12/21 10:55:47 1.1.1.2
--- s23_pkt.c 1999/01/31 12:15:08
***************
*** 76,82 ****
{
s->rwstate=SSL_WRITING;
i=BIO_write(s->wbio,&(buf[tot]),num);
! if (i < 0)
{
s->init_off=tot;
s->init_num=num;
--- 76,82 ----
{
s->rwstate=SSL_WRITING;
i=BIO_write(s->wbio,&(buf[tot]),num);
! if (i <= 0)
{
s->init_off=tot;
s->init_num=num;
Index: s23_srvr.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s23_srvr.c,v
retrieving revision 1.1.1.3
diff -c -r1.1.1.3 s23_srvr.c
*** s23_srvr.c 1998/12/21 11:00:04 1.1.1.3
--- s23_srvr.c 1999/01/31 12:15:08
***************
*** 132,137 ****
--- 132,138 ----
case SSL_ST_BEFORE|SSL_ST_ACCEPT:
case SSL_ST_OK|SSL_ST_ACCEPT:
+ s->server=1;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
/* s->version=SSL3_VERSION; */
***************
*** 155,161 ****
ssl3_init_finished_mac(s);
s->state=SSL23_ST_SR_CLNT_HELLO_A;
! s->ctx->sess_accept++;
s->init_num=0;
break;
--- 156,162 ----
ssl3_init_finished_mac(s);
s->state=SSL23_ST_SR_CLNT_HELLO_A;
! s->ctx->stats.sess_accept++;
s->init_num=0;
break;
***************
*** 201,208 ****
--- 202,211 ----
unsigned int csl,sil,cl;
int n=0,j,tls1=0;
int type=0,use_sslv2_strong=0;
+ int v[2];
/* read the initial header */
+ v[0]=v[1]=0;
if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
{
if (!ssl3_setup_buffers(s)) goto err;
***************
*** 219,230 ****
--- 222,235 ----
/* SSLv2 header */
if ((p[3] == 0x00) && (p[4] == 0x02))
{
+ v[0]=p[3]; v[1]=p[4];
/* SSLv2 */
if (!(s->options & SSL_OP_NO_SSLv2))
type=1;
}
else if (p[3] == SSL3_VERSION_MAJOR)
{
+ v[0]=p[3]; v[1]=p[4];
/* SSLv3/TLSv1 */
if (p[4] >= TLS1_VERSION_MINOR)
{
***************
*** 305,310 ****
--- 310,316 ----
(p[1] == SSL3_VERSION_MAJOR) &&
(p[5] == SSL3_MT_CLIENT_HELLO))
{
+ v[0]=p[1]; v[1]=p[2];
/* true SSLv3 or tls1 */
if (p[2] >= TLS1_VERSION_MINOR)
{
***************
*** 484,489 ****
--- 490,496 ----
s->version=SSL3_VERSION;
s->method=SSLv3_server_method();
}
+ s->client_version=(v[0]<<8)|v[1];
s->handshake_func=s->method->ssl_accept;
}
Index: s2_clnt.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s2_clnt.c,v
retrieving revision 1.1.1.3
diff -c -r1.1.1.3 s2_clnt.c
*** s2_clnt.c 1998/12/21 11:00:04 1.1.1.3
--- s2_clnt.c 1999/01/31 12:15:08
***************
*** 144,149 ****
--- 144,150 ----
case SSL_ST_BEFORE|SSL_ST_CONNECT:
case SSL_ST_OK|SSL_ST_CONNECT:
+ s->server=0;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
s->version=SSL2_VERSION;
***************
*** 164,170 ****
s->init_buf=buf;
s->init_num=0;
s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
! s->ctx->sess_connect++;
s->handshake_func=ssl2_connect;
BREAK;
--- 165,171 ----
s->init_buf=buf;
s->init_num=0;
s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
! s->ctx->stats.sess_connect++;
s->handshake_func=ssl2_connect;
BREAK;
***************
*** 247,254 ****
break;
case SSL_ST_OK:
! BUF_MEM_free(s->init_buf);
! s->init_buf=NULL;
s->init_num=0;
/* ERR_clear_error();*/
--- 248,258 ----
break;
case SSL_ST_OK:
! if (s->init_buf != NULL)
! {
! BUF_MEM_free(s->init_buf);
! s->init_buf=NULL;
! }
s->init_num=0;
/* ERR_clear_error();*/
***************
*** 259,269 ****
*/
ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
! if (s->hit) s->ctx->sess_hit++;
ret=1;
/* s->server=0; */
! s->ctx->sess_connect_good++;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
--- 263,273 ----
*/
ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
! if (s->hit) s->ctx->stats.sess_hit++;
ret=1;
/* s->server=0; */
! s->ctx->stats.sess_connect_good++;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
***************
*** 536,542 ****
if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A)
{
! if (!ssl_cipher_get_evp(s->session->cipher,&c,&md))
{
ssl2_return_error(s,SSL2_PE_NO_CIPHER);
SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
--- 540,546 ----
if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A)
{
! if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
{
ssl2_return_error(s,SSL2_PE_NO_CIPHER);
SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
Index: s2_enc.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s2_enc.c,v
retrieving revision 1.1.1.2
diff -c -r1.1.1.2 s2_enc.c
*** s2_enc.c 1998/12/21 10:55:47 1.1.1.2
--- s2_enc.c 1999/01/31 12:15:08
***************
*** 69,75 ****
EVP_MD *md;
int num;
! if (!ssl_cipher_get_evp(s->session->cipher,&c,&md))
{
ssl2_return_error(s,SSL2_PE_NO_CIPHER);
SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
--- 69,75 ----
EVP_MD *md;
int num;
! if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
{
ssl2_return_error(s,SSL2_PE_NO_CIPHER);
SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
Index: s2_srvr.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s2_srvr.c,v
retrieving revision 1.2
diff -c -r1.2 s2_srvr.c
*** s2_srvr.c 1998/12/22 15:04:46 1.2
--- s2_srvr.c 1999/01/31 12:15:09
***************
*** 153,158 ****
--- 153,159 ----
case SSL_ST_BEFORE|SSL_ST_ACCEPT:
case SSL_ST_OK|SSL_ST_ACCEPT:
+ s->server=1;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
s->version=SSL2_VERSION;
***************
*** 166,172 ****
{ ret= -1; goto end; }
s->init_buf=buf;
s->init_num=0;
! s->ctx->sess_accept++;
s->handshake_func=ssl2_accept;
s->state=SSL2_ST_GET_CLIENT_HELLO_A;
BREAK;
--- 167,173 ----
{ ret= -1; goto end; }
s->init_buf=buf;
s->init_num=0;
! s->ctx->stats.sess_accept++;
s->handshake_func=ssl2_accept;
s->state=SSL2_ST_GET_CLIENT_HELLO_A;
BREAK;
***************
*** 293,305 ****
case SSL_ST_OK:
BUF_MEM_free(s->init_buf);
s->init_buf=NULL;
s->init_num=0;
/* ERR_clear_error();*/
ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
! s->ctx->sess_accept_good++;
/* s->server=1; */
ret=1;
--- 294,307 ----
case SSL_ST_OK:
BUF_MEM_free(s->init_buf);
+ ssl_free_wbio_buffer(s);
s->init_buf=NULL;
s->init_num=0;
/* ERR_clear_error();*/
ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
! s->ctx->stats.sess_accept_good++;
/* s->server=1; */
ret=1;
***************
*** 334,342 ****
SSL *s;
{
int export,i,n,keya,ek;
- #if 0
- int error=0;
- #endif
unsigned char *p;
SSL_CIPHER *cp;
EVP_CIPHER *c;
--- 336,341 ----
***************
*** 402,408 ****
export=(s->session->cipher->algorithms & SSL_EXP)?1:0;
! if (!ssl_cipher_get_evp(s->session->cipher,&c,&md))
{
ssl2_return_error(s,SSL2_PE_NO_CIPHER);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
--- 401,407 ----
export=(s->session->cipher->algorithms & SSL_EXP)?1:0;
! if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
{
ssl2_return_error(s,SSL2_PE_NO_CIPHER);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
Index: s3_clnt.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v
retrieving revision 1.1.1.3
diff -c -r1.1.1.3 s3_clnt.c
*** s3_clnt.c 1998/12/21 11:00:05 1.1.1.3
--- s3_clnt.c 1999/01/31 12:15:10
***************
*** 132,138 ****
long num1;
void (*cb)()=NULL;
int ret= -1;
- BIO *under;
int new_state,state,skip=0;;
RAND_seed((unsigned char *)&Time,sizeof(Time));
--- 132,137 ----
***************
*** 156,168 ****
case SSL_ST_RENEGOTIATE:
s->new_session=1;
s->state=SSL_ST_CONNECT;
! s->ctx->sess_connect_renegotiate++;
/* break */
case SSL_ST_BEFORE:
case SSL_ST_CONNECT:
case SSL_ST_BEFORE|SSL_ST_CONNECT:
case SSL_ST_OK|SSL_ST_CONNECT:
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
if ((s->version & 0xff00 ) != 0x0300)
--- 155,168 ----
case SSL_ST_RENEGOTIATE:
s->new_session=1;
s->state=SSL_ST_CONNECT;
! s->ctx->stats.sess_connect_renegotiate++;
/* break */
case SSL_ST_BEFORE:
case SSL_ST_CONNECT:
case SSL_ST_BEFORE|SSL_ST_CONNECT:
case SSL_ST_OK|SSL_ST_CONNECT:
+ s->server=0;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
if ((s->version & 0xff00 ) != 0x0300)
***************
*** 195,201 ****
ssl3_init_finished_mac(s);
s->state=SSL3_ST_CW_CLNT_HELLO_A;
! s->ctx->sess_connect++;
s->init_num=0;
break;
--- 195,201 ----
ssl3_init_finished_mac(s);
s->state=SSL3_ST_CW_CLNT_HELLO_A;
! s->ctx->stats.sess_connect++;
s->init_num=0;
break;
***************
*** 324,329 ****
--- 324,334 ----
s->init_num=0;
s->session->cipher=s->s3->tmp.new_cipher;
+ if (s->s3->tmp.new_compression == NULL)
+ s->session->compress_meth=0;
+ else
+ s->session->compress_meth=
+ s->s3->tmp.new_compression->id;
if (!s->method->ssl3_enc->setup_key_block(s))
{
ret= -1;
***************
*** 398,431 ****
case SSL_ST_OK:
/* clean a few things up */
ssl3_cleanup_key_block(s);
-
- BUF_MEM_free(s->init_buf);
- s->init_buf=NULL;
! if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
{
! /* remove buffering */
! under=BIO_pop(s->wbio);
! if (under != NULL)
! s->wbio=under;
! else
! abort(); /* ok */
!
! BIO_free(s->bbio);
! s->bbio=NULL;
}
- /* else do it later */
s->init_num=0;
s->new_session=0;
ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
! if (s->hit) s->ctx->sess_hit++;
ret=1;
/* s->server=0; */
s->handshake_func=ssl3_connect;
! s->ctx->sess_connect_good++;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
--- 403,431 ----
case SSL_ST_OK:
/* clean a few things up */
ssl3_cleanup_key_block(s);
! if (s->init_buf != NULL)
{
! BUF_MEM_free(s->init_buf);
! s->init_buf=NULL;
}
+ /* If we are not 'joining' the last two packets,
+ * remove the buffering now */
+ if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
+ ssl_free_wbio_buffer(s);
+ /* else do it later in ssl3_write */
+
s->init_num=0;
s->new_session=0;
ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
! if (s->hit) s->ctx->stats.sess_hit++;
ret=1;
/* s->server=0; */
s->handshake_func=ssl3_connect;
! s->ctx->stats.sess_connect_good++;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
***************
*** 471,478 ****
{
unsigned char *buf;
unsigned char *p,*d;
! int i;
unsigned long Time,l;
buf=(unsigned char *)s->init_buf->data;
if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
--- 471,479 ----
{
unsigned char *buf;
unsigned char *p,*d;
! int i,j;
unsigned long Time,l;
+ SSL_COMP *comp;
buf=(unsigned char *)s->init_buf->data;
if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
***************
*** 496,501 ****
--- 497,503 ----
*(p++)=s->version>>8;
*(p++)=s->version&0xff;
+ s->client_version=s->version;
/* Random stuff */
memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
***************
*** 523,532 ****
s2n(i,p);
p+=i;
- /* hardwire in the NULL compression algorithm. */
/* COMPRESSION */
! *(p++)=1;
! *(p++)=0;
l=(p-d);
d=buf;
--- 525,542 ----
s2n(i,p);
p+=i;
/* COMPRESSION */
! if (s->ctx->comp_methods == NULL)
! j=0;
! else
! j=sk_num(s->ctx->comp_methods);
! *(p++)=1+j;
! for (i=0; i<j; i++)
! {
! comp=(SSL_COMP *)sk_value(s->ctx->comp_methods,i);
! *(p++)=comp->id;
! }
! *(p++)=0; /* Add the NULL method */
l=(p-d);
d=buf;
***************
*** 554,559 ****
--- 564,570 ----
int i,al,ok;
unsigned int j;
long n;
+ SSL_COMP *comp;
n=ssl3_get_message(s,
SSL3_ST_CR_SRVR_HELLO_A,
***************
*** 647,658 ****
/* lets get the compression algorithm */
/* COMPRESSION */
j= *(p++);
! if (j != 0)
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
goto f_err;
}
if (p != (d+n))
{
--- 658,678 ----
/* lets get the compression algorithm */
/* COMPRESSION */
j= *(p++);
! if (j == 0)
! comp=NULL;
! else
! comp=ssl3_comp_find(s->ctx->comp_methods,j);
!
! if ((j != 0) && (comp == NULL))
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
goto f_err;
}
+ else
+ {
+ s->s3->tmp.new_compression=comp;
+ }
if (p != (d+n))
{
***************
*** 993,998 ****
--- 1013,1019 ----
/* else anonymous DH, so no certificate or pkey. */
s->session->cert->dh_tmp=dh;
+ dh=NULL;
}
else if ((alg & SSL_kDHr) || (alg & SSL_kDHd))
{
***************
*** 1106,1111 ****
--- 1127,1133 ----
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
err:
+ if (dh != NULL) DH_free(dh);
return(-1);
}
***************
*** 1293,1298 ****
--- 1315,1323 ----
int n;
unsigned long l;
EVP_PKEY *pkey=NULL;
+ #ifndef NO_DH
+ DH *dh_srvr=NULL,*dh_clnt=NULL;
+ #endif
if (s->state == SSL3_ST_CW_KEY_EXCH_A)
{
***************
*** 1322,1329 ****
rsa=pkey->pkey.rsa;
}
! tmp_buf[0]=s->version>>8;
! tmp_buf[1]=s->version&0xff;
RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
--- 1347,1354 ----
rsa=pkey->pkey.rsa;
}
! tmp_buf[0]=s->client_version>>8;
! tmp_buf[1]=s->client_version&0xff;
RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
***************
*** 1362,1369 ****
#ifndef NO_DH
if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
{
- DH *dh_srvr,*dh_clnt;
-
if (s->session->cert->dh_tmp != NULL)
dh_srvr=s->session->cert->dh_tmp;
else
--- 1387,1392 ----
***************
*** 1411,1416 ****
--- 1434,1440 ----
n+=2;
DH_free(dh_clnt);
+ dh_clnt=NULL;
/* perhaps clean things up a bit EAY EAY EAY EAY*/
}
***************
*** 1434,1439 ****
--- 1458,1464 ----
/* SSL3_ST_CW_KEY_EXCH_B */
return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
err:
+ if (dh_clnt != NULL) DH_free(dh_clnt);
return(-1);
}
Index: s3_enc.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s3_enc.c,v
retrieving revision 1.3
diff -c -r1.3 s3_enc.c
*** s3_enc.c 1999/01/10 19:41:33 1.3
--- s3_enc.c 1999/01/31 12:15:11
***************
*** 144,150 ****
exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
c=s->s3->tmp.new_sym_enc;
m=s->s3->tmp.new_hash;
! comp=s->s3->tmp.new_compression;
key_block=s->s3->tmp.key_block;
if (which & SSL3_CC_READ)
--- 144,153 ----
exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
c=s->s3->tmp.new_sym_enc;
m=s->s3->tmp.new_hash;
! if (s->s3->tmp.new_compression == NULL)
! comp=NULL;
! else
! comp=s->s3->tmp.new_compression->method;
key_block=s->s3->tmp.key_block;
if (which & SSL3_CC_READ)
***************
*** 169,176 ****
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err2;
}
! s->s3->rrec.comp=(unsigned char *)
! Malloc(SSL3_RT_MAX_PLAIN_LENGTH);
if (s->s3->rrec.comp == NULL)
goto err;
}
--- 172,180 ----
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err2;
}
! if (s->s3->rrec.comp == NULL)
! s->s3->rrec.comp=(unsigned char *)
! Malloc(SSL3_RT_MAX_PLAIN_LENGTH);
if (s->s3->rrec.comp == NULL)
goto err;
}
***************
*** 279,289 ****
EVP_CIPHER *c;
EVP_MD *hash;
int num,exp;
if (s->s3->tmp.key_block_length != 0)
return(1);
! if (!ssl_cipher_get_evp(s->session->cipher,&c,&hash))
{
SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
return(0);
--- 283,294 ----
EVP_CIPHER *c;
EVP_MD *hash;
int num,exp;
+ SSL_COMP *comp;
if (s->s3->tmp.key_block_length != 0)
return(1);
! if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
{
SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
return(0);
***************
*** 291,301 ****
s->s3->tmp.new_sym_enc=c;
s->s3->tmp.new_hash=hash;
! #ifdef ZLIB
! s->s3->tmp.new_compression=COMP_zlib();
! #endif
! /* s->s3->tmp.new_compression=COMP_rle(); */
! /* s->session->compress_meth= xxxxx */
exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
--- 296,302 ----
s->s3->tmp.new_sym_enc=c;
s->s3->tmp.new_hash=hash;
! s->s3->tmp.new_compression=comp;
exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
***************
*** 453,459 ****
unsigned char md_buf[EVP_MAX_MD_SIZE];
EVP_MD_CTX ctx;
! memcpy(&ctx,in_ctx,sizeof(EVP_MD_CTX));
n=EVP_MD_CTX_size(&ctx);
npad=(48/n)*n;
--- 454,460 ----
unsigned char md_buf[EVP_MAX_MD_SIZE];
EVP_MD_CTX ctx;
! EVP_MD_CTX_copy(&ctx,in_ctx);
n=EVP_MD_CTX_size(&ctx);
npad=(48/n)*n;
Index: s3_lib.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s3_lib.c,v
retrieving revision 1.7
diff -c -r1.7 s3_lib.c
*** s3_lib.c 1999/01/16 17:28:15 1.7
--- s3_lib.c 1999/01/31 12:15:11
***************
*** 486,491 ****
--- 486,497 ----
if (s->s3->tmp.ca_names != NULL)
sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+ if (s->s3->rrec.comp != NULL)
+ {
+ Free(s->s3->rrec.comp);
+ s->s3->rrec.comp=NULL;
+ }
+
rp=s->s3->rbuf.buf;
wp=s->s3->wbuf.buf;
***************
*** 493,503 ****
if (rp != NULL) s->s3->rbuf.buf=rp;
if (wp != NULL) s->s3->wbuf.buf=wp;
! if (s->s3->rrec.comp != NULL)
! {
! Free(s->s3->rrec.comp);
! s->s3->rrec.comp=NULL;
! }
s->packet_length=0;
s->s3->renegotiate=0;
--- 499,505 ----
if (rp != NULL) s->s3->rbuf.buf=rp;
if (wp != NULL) s->s3->wbuf.buf=wp;
! ssl_free_wbio_buffer(s);
s->packet_length=0;
s->s3->renegotiate=0;
***************
*** 844,850 ****
int len;
{
int ret,n;
- BIO *under;
#if 0
if (s->shutdown & SSL_SEND_SHUTDOWN)
--- 846,851 ----
***************
*** 877,892 ****
n=BIO_flush(s->wbio);
if (n <= 0) return(n);
s->rwstate=SSL_NOTHING;
- /* We have flushed the buffer */
- under=BIO_pop(s->wbio);
- s->wbio=under;
- BIO_free(s->bbio);
- s->bbio=NULL;
ret=s->s3->delay_buf_pop_ret;
s->s3->delay_buf_pop_ret=0;
-
- s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
}
else
{
--- 878,890 ----
n=BIO_flush(s->wbio);
if (n <= 0) return(n);
s->rwstate=SSL_NOTHING;
+
+ /* We have flushed the buffer, so remove it */
+ ssl_free_wbio_buffer(s);
+ s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
ret=s->s3->delay_buf_pop_ret;
s->s3->delay_buf_pop_ret=0;
}
else
{
***************
*** 986,990 ****
}
return(ret);
}
-
--- 984,987 ----
Index: s3_pkt.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s3_pkt.c,v
retrieving revision 1.2
diff -c -r1.2 s3_pkt.c
*** s3_pkt.c 1998/12/22 15:59:57 1.2
--- s3_pkt.c 1999/01/31 12:15:12
***************
*** 872,878 ****
if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
{
! s->state=SSL_ST_BEFORE;
s->new_session=1;
}
n=s->handshake_func(s);
--- 872,880 ----
if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
{
! s->state=SSL_ST_BEFORE|(s->server)
! ?SSL_ST_ACCEPT
! :SSL_ST_CONNECT;
s->new_session=1;
}
n=s->handshake_func(s);
Index: s3_srvr.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s3_srvr.c,v
retrieving revision 1.3
diff -c -r1.3 s3_srvr.c
*** s3_srvr.c 1999/01/07 00:37:01 1.3
--- s3_srvr.c 1999/01/31 12:15:13
***************
*** 133,139 ****
long num1;
int ret= -1;
CERT *ct;
- BIO *under;
int new_state,state,skip=0;
RAND_seed((unsigned char *)&Time,sizeof(Time));
--- 133,138 ----
***************
*** 176,181 ****
--- 175,181 ----
case SSL_ST_BEFORE|SSL_ST_ACCEPT:
case SSL_ST_OK|SSL_ST_ACCEPT:
+ s->server=1;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
if ((s->version>>8) != 3)
***************
*** 215,225 ****
{
s->state=SSL3_ST_SR_CLNT_HELLO_A;
ssl3_init_finished_mac(s);
! s->ctx->sess_accept++;
}
else
{
! s->ctx->sess_accept_renegotiate++;
s->state=SSL3_ST_SW_HELLO_REQ_A;
}
break;
--- 215,225 ----
{
s->state=SSL3_ST_SR_CLNT_HELLO_A;
ssl3_init_finished_mac(s);
! s->ctx->stats.sess_accept++;
}
else
{
! s->ctx->stats.sess_accept_renegotiate++;
s->state=SSL3_ST_SW_HELLO_REQ_A;
}
break;
***************
*** 238,252 ****
break;
case SSL3_ST_SW_HELLO_REQ_C:
- /* remove buffering on output */
- under=BIO_pop(s->wbio);
- if (under != NULL)
- s->wbio=under;
- else
- abort(); /* ok */
- BIO_free(s->bbio);
- s->bbio=NULL;
-
s->state=SSL_ST_OK;
ret=1;
goto end;
--- 238,243 ----
***************
*** 478,497 ****
s->init_buf=NULL;
/* remove buffering on output */
! under=BIO_pop(s->wbio);
! if (under != NULL)
! s->wbio=under;
! else
! abort(); /* ok */
! BIO_free(s->bbio);
! s->bbio=NULL;
s->new_session=0;
s->init_num=0;
ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
! s->ctx->sess_accept_good++;
/* s->server=1; */
s->handshake_func=ssl3_accept;
ret=1;
--- 469,482 ----
s->init_buf=NULL;
/* remove buffering on output */
! ssl_free_wbio_buffer(s);
s->new_session=0;
s->init_num=0;
ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
! s->ctx->stats.sess_accept_good++;
/* s->server=1; */
s->handshake_func=ssl3_accept;
ret=1;
***************
*** 565,572 ****
int i,j,ok,al,ret= -1;
long n;
unsigned long id;
! unsigned char *p,*d;
SSL_CIPHER *c;
STACK *ciphers=NULL;
/* We do this so that we will respond with our native type.
--- 550,558 ----
int i,j,ok,al,ret= -1;
long n;
unsigned long id;
! unsigned char *p,*d,*q;
SSL_CIPHER *c;
+ SSL_COMP *comp=NULL;
STACK *ciphers=NULL;
/* We do this so that we will respond with our native type.
***************
*** 593,598 ****
--- 579,585 ----
/* The version number has already been checked in ssl3_get_message.
* I a native TLSv1/SSLv3 method, the match must be correct except
* perhaps for the first message */
+ /* s->client_version=(((int)p[0])<<8)|(int)p[1]; */
p+=2;
/* load the client random */
***************
*** 651,659 ****
--- 638,653 ----
j=0;
id=s->session->cipher->id;
+ #ifdef CIPHER_DEBUG
+ printf("client sent %d ciphers\n",sk_num(ciphers));
+ #endif
for (i=0; i<sk_num(ciphers); i++)
{
c=(SSL_CIPHER *)sk_value(ciphers,i);
+ #ifdef CIPHER_DEBUG
+ printf("client [%2d of %2d]:%s\n",
+ i,sk_num(ciphers),SSL_CIPHER_get_name(c));
+ #endif
if (c->id == id)
{
j=1;
***************
*** 681,688 ****
--- 675,685 ----
/* compression */
i= *(p++);
+ q=p;
for (j=0; j<i; j++)
+ {
if (p[j] == 0) break;
+ }
p+=i;
if (j >= i)
***************
*** 693,698 ****
--- 690,724 ----
goto f_err;
}
+ /* Worst case, we will use the NULL compression, but if we have other
+ * options, we will now look for them. We have i-1 compression
+ * algorithms from the client, starting at q. */
+ s->s3->tmp.new_compression=NULL;
+ if (s->ctx->comp_methods != NULL)
+ { /* See if we have a match */
+ int m,nn,o,v,done=0;
+
+ nn=sk_num(s->ctx->comp_methods);
+ for (m=0; m<nn; m++)
+ {
+ comp=(SSL_COMP *)sk_value(s->ctx->comp_methods,m);
+ v=comp->id;
+ for (o=0; o<i; o++)
+ {
+ if (v == q[o])
+ {
+ done=1;
+ break;
+ }
+ }
+ if (done) break;
+ }
+ if (done)
+ s->s3->tmp.new_compression=comp;
+ else
+ comp=NULL;
+ }
+
/* TLS does not mind if there is extra stuff */
if (s->version == SSL3_VERSION)
{
***************
*** 706,718 ****
}
}
- /* do nothing with compression */
-
/* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must
* pick a cipher */
if (!s->hit)
{
if (s->session->ciphers != NULL)
sk_free(s->session->ciphers);
s->session->ciphers=ciphers;
--- 732,743 ----
}
}
/* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must
* pick a cipher */
if (!s->hit)
{
+ s->session->compress_meth=(comp == NULL)?0:comp->id;
if (s->session->ciphers != NULL)
sk_free(s->session->ciphers);
s->session->ciphers=ciphers;
***************
*** 833,839 ****
p+=i;
/* put the compression method */
! *(p++)=0;
/* do the header */
l=(p-d);
--- 858,867 ----
p+=i;
/* put the compression method */
! if (s->s3->tmp.new_compression == NULL)
! *(p++)=0;
! else
! *(p++)=s->s3->tmp.new_compression->id;
/* do the header */
l=(p-d);
***************
*** 1264,1276 ****
#if 1
/* If a bad decrypt, use a random master key */
if ((i != SSL_MAX_MASTER_KEY_LENGTH) ||
! ((p[0] != (s->version>>8)) ||
! (p[1] != (s->version & 0xff))))
{
! p[0]=(s->version>>8);
! p[1]=(s->version & 0xff);
! RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
! i=SSL_MAX_MASTER_KEY_LENGTH;
}
#else
if (i != SSL_MAX_MASTER_KEY_LENGTH)
--- 1292,1317 ----
#if 1
/* If a bad decrypt, use a random master key */
if ((i != SSL_MAX_MASTER_KEY_LENGTH) ||
! ((p[0] != (s->client_version>>8)) ||
! (p[1] != (s->client_version & 0xff))))
{
! int bad=1;
!
! if ((i == SSL_MAX_MASTER_KEY_LENGTH) &&
! (p[0] == (s->version>>8)) &&
! (p[1] == 0))
! {
! if (s->options & SSL_OP_TLS_ROLLBACK_BUG)
! bad=0;
! }
! if (bad)
! {
! p[0]=(s->version>>8);
! p[1]=(s->version & 0xff);
! RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
! i=SSL_MAX_MASTER_KEY_LENGTH;
! }
! /* else, an SSLeay bug, ssl only server, tls client */
}
#else
if (i != SSL_MAX_MASTER_KEY_LENGTH)
Index: ssl.err
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl.err,v
retrieving revision 1.1.1.3
diff -c -r1.1.1.3 ssl.err
*** ssl.err 1998/12/21 11:00:07 1.1.1.3
--- ssl.err 1999/01/31 12:15:14
***************
*** 65,116 ****
#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
#define SSL_F_SSL_CERT_NEW 162
#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
! #define SSL_F_SSL_CREATE_CIPHER_LIST 164
! #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 165
! #define SSL_F_SSL_CTX_NEW 166
! #define SSL_F_SSL_CTX_SET_SSL_VERSION 167
! #define SSL_F_SSL_CTX_USE_CERTIFICATE 168
! #define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 169
! #define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 170
! #define SSL_F_SSL_CTX_USE_PRIVATEKEY 171
! #define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 172
! #define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 173
! #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 174
! #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 175
! #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 176
! #define SSL_F_SSL_DO_HANDSHAKE 177
! #define SSL_F_SSL_GET_NEW_SESSION 178
! #define SSL_F_SSL_GET_SERVER_SEND_CERT 179
! #define SSL_F_SSL_GET_SIGN_PKEY 180
! #define SSL_F_SSL_INIT_WBIO_BUFFER 181
! #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 182
! #define SSL_F_SSL_NEW 183
! #define SSL_F_SSL_RSA_PRIVATE_DECRYPT 184
! #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 185
! #define SSL_F_SSL_SESSION_NEW 186
! #define SSL_F_SSL_SESSION_PRINT_FP 187
! #define SSL_F_SSL_SET_CERT 188
! #define SSL_F_SSL_SET_FD 189
! #define SSL_F_SSL_SET_PKEY 190
! #define SSL_F_SSL_SET_RFD 191
! #define SSL_F_SSL_SET_SESSION 192
! #define SSL_F_SSL_SET_WFD 193
! #define SSL_F_SSL_UNDEFINED_FUNCTION 194
! #define SSL_F_SSL_USE_CERTIFICATE 195
! #define SSL_F_SSL_USE_CERTIFICATE_ASN1 196
! #define SSL_F_SSL_USE_CERTIFICATE_FILE 197
! #define SSL_F_SSL_USE_PRIVATEKEY 198
! #define SSL_F_SSL_USE_PRIVATEKEY_ASN1 199
! #define SSL_F_SSL_USE_PRIVATEKEY_FILE 200
! #define SSL_F_SSL_USE_RSAPRIVATEKEY 201
! #define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 202
! #define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 203
! #define SSL_F_SSL_VERIFY_CERT_CHAIN 204
! #define SSL_F_SSL_WRITE 205
! #define SSL_F_TLS1_CHANGE_CIPHER_STATE 206
! #define SSL_F_TLS1_ENC 207
! #define SSL_F_TLS1_SETUP_KEY_BLOCK 208
! #define SSL_F_WRITE_PENDING 209
/* Reason codes. */
#define SSL_R_APP_DATA_IN_HANDSHAKE 100
--- 65,119 ----
#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
#define SSL_F_SSL_CERT_NEW 162
#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
! #define SSL_F_SSL_CLEAR 164
! #define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
! #define SSL_F_SSL_CREATE_CIPHER_LIST 166
! #define SSL_F_SSL_CTX_ADD_COMPRESSION 167
! #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
! #define SSL_F_SSL_CTX_NEW 169
! #define SSL_F_SSL_CTX_SET_SSL_VERSION 170
! #define SSL_F_SSL_CTX_USE_CERTIFICATE 171
! #define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
! #define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
! #define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
! #define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
! #define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176
! #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177
! #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178
! #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
! #define SSL_F_SSL_DO_HANDSHAKE 180
! #define SSL_F_SSL_GET_NEW_SESSION 181
! #define SSL_F_SSL_GET_SERVER_SEND_CERT 182
! #define SSL_F_SSL_GET_SIGN_PKEY 183
! #define SSL_F_SSL_INIT_WBIO_BUFFER 184
! #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
! #define SSL_F_SSL_NEW 186
! #define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
! #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
! #define SSL_F_SSL_SESSION_NEW 189
! #define SSL_F_SSL_SESSION_PRINT_FP 190
! #define SSL_F_SSL_SET_CERT 191
! #define SSL_F_SSL_SET_FD 192
! #define SSL_F_SSL_SET_PKEY 193
! #define SSL_F_SSL_SET_RFD 194
! #define SSL_F_SSL_SET_SESSION 195
! #define SSL_F_SSL_SET_WFD 196
! #define SSL_F_SSL_UNDEFINED_FUNCTION 197
! #define SSL_F_SSL_USE_CERTIFICATE 198
! #define SSL_F_SSL_USE_CERTIFICATE_ASN1 199
! #define SSL_F_SSL_USE_CERTIFICATE_FILE 200
! #define SSL_F_SSL_USE_PRIVATEKEY 201
! #define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202
! #define SSL_F_SSL_USE_PRIVATEKEY_FILE 203
! #define SSL_F_SSL_USE_RSAPRIVATEKEY 204
! #define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205
! #define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206
! #define SSL_F_SSL_VERIFY_CERT_CHAIN 207
! #define SSL_F_SSL_WRITE 208
! #define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
! #define SSL_F_TLS1_ENC 210
! #define SSL_F_TLS1_SETUP_KEY_BLOCK 211
! #define SSL_F_WRITE_PENDING 212
/* Reason codes. */
#define SSL_R_APP_DATA_IN_HANDSHAKE 100
***************
*** 201,239 ****
#define SSL_R_NO_CIPHER_MATCH 185
#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
#define SSL_R_NO_COMPRESSION_SPECIFIED 187
! #define SSL_R_NO_PRIVATEKEY 188
! #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 189
! #define SSL_R_NO_PROTOCOLS_AVAILABLE 190
! #define SSL_R_NO_PUBLICKEY 191
! #define SSL_R_NO_SHARED_CIPHER 192
! #define SSL_R_NO_VERIFY_CALLBACK 193
! #define SSL_R_NULL_SSL_CTX 194
! #define SSL_R_NULL_SSL_METHOD_PASSED 195
! #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 196
! #define SSL_R_PACKET_LENGTH_TOO_LONG 197
! #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 198
! #define SSL_R_PEER_ERROR 199
! #define SSL_R_PEER_ERROR_CERTIFICATE 200
! #define SSL_R_PEER_ERROR_NO_CERTIFICATE 201
! #define SSL_R_PEER_ERROR_NO_CIPHER 202
! #define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 203
! #define SSL_R_PRE_MAC_LENGTH_TOO_LONG 204
! #define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 205
! #define SSL_R_PROTOCOL_IS_SHUTDOWN 206
! #define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 207
! #define SSL_R_PUBLIC_KEY_IS_NOT_RSA 208
! #define SSL_R_PUBLIC_KEY_NOT_RSA 209
! #define SSL_R_READ_BIO_NOT_SET 210
! #define SSL_R_READ_WRONG_PACKET_TYPE 211
! #define SSL_R_RECORD_LENGTH_MISMATCH 212
! #define SSL_R_RECORD_TOO_LARGE 213
! #define SSL_R_REQUIRED_CIPHER_MISSING 214
! #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 215
! #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 216
! #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 217
! #define SSL_R_SHORT_READ 218
! #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 219
! #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 220
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
--- 204,244 ----
#define SSL_R_NO_CIPHER_MATCH 185
#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
#define SSL_R_NO_COMPRESSION_SPECIFIED 187
! #define SSL_R_NO_METHOD_SPECIFIED 188
! #define SSL_R_NO_PRIVATEKEY 189
! #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
! #define SSL_R_NO_PROTOCOLS_AVAILABLE 191
! #define SSL_R_NO_PUBLICKEY 192
! #define SSL_R_NO_SHARED_CIPHER 193
! #define SSL_R_NO_VERIFY_CALLBACK 194
! #define SSL_R_NULL_SSL_CTX 195
! #define SSL_R_NULL_SSL_METHOD_PASSED 196
! #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
! #define SSL_R_PACKET_LENGTH_TOO_LONG 198
! #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
! #define SSL_R_PEER_ERROR 200
! #define SSL_R_PEER_ERROR_CERTIFICATE 201
! #define SSL_R_PEER_ERROR_NO_CERTIFICATE 202
! #define SSL_R_PEER_ERROR_NO_CIPHER 203
! #define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204
! #define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205
! #define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206
! #define SSL_R_PROTOCOL_IS_SHUTDOWN 207
! #define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208
! #define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209
! #define SSL_R_PUBLIC_KEY_NOT_RSA 210
! #define SSL_R_READ_BIO_NOT_SET 211
! #define SSL_R_READ_WRONG_PACKET_TYPE 212
! #define SSL_R_RECORD_LENGTH_MISMATCH 213
! #define SSL_R_RECORD_TOO_LARGE 214
! #define SSL_R_REQUIRED_CIPHER_MISSING 215
! #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
! #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
! #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
! #define SSL_R_SHORT_READ 219
! #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
! #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
! #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
***************
*** 243,259 ****
#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
! #define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 221
! #define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 222
! #define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 223
! #define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 224
#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
! #define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 225
#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
! #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 226
! #define SSL_R_SSL_HANDSHAKE_FAILURE 227
! #define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 228
! #define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 229
#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
--- 248,264 ----
#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
! #define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 223
! #define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 224
! #define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 225
! #define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 226
#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
! #define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 227
#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
! #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
! #define SSL_R_SSL_HANDSHAKE_FAILURE 229
! #define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
! #define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
***************
*** 266,306 ****
#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
#define SSL_R_TLSV1_ALERT_USER_CANCLED 1090
! #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 230
! #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 231
! #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 232
! #define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 233
! #define SSL_R_UNABLE_TO_DECODE_DH_CERTS 234
! #define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 235
! #define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 236
! #define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 237
! #define SSL_R_UNABLE_TO_FIND_SSL_METHOD 238
! #define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 239
! #define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 240
! #define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 241
! #define SSL_R_UNEXPECTED_MESSAGE 242
! #define SSL_R_UNEXPECTED_RECORD 243
! #define SSL_R_UNKNOWN_ALERT_TYPE 244
! #define SSL_R_UNKNOWN_CERTIFICATE_TYPE 245
! #define SSL_R_UNKNOWN_CIPHER_RETURNED 246
! #define SSL_R_UNKNOWN_CIPHER_TYPE 247
! #define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 248
! #define SSL_R_UNKNOWN_PKEY_TYPE 249
! #define SSL_R_UNKNOWN_PROTOCOL 250
! #define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 251
! #define SSL_R_UNKNOWN_SSL_VERSION 252
! #define SSL_R_UNKNOWN_STATE 253
! #define SSL_R_UNSUPPORTED_CIPHER 254
! #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 255
! #define SSL_R_UNSUPPORTED_PROTOCOL 256
! #define SSL_R_UNSUPPORTED_SSL_VERSION 257
! #define SSL_R_WRITE_BIO_NOT_SET 258
! #define SSL_R_WRONG_CIPHER_RETURNED 259
! #define SSL_R_WRONG_MESSAGE_TYPE 260
! #define SSL_R_WRONG_NUMBER_OF_KEY_BITS 261
! #define SSL_R_WRONG_SIGNATURE_LENGTH 262
! #define SSL_R_WRONG_SIGNATURE_SIZE 263
! #define SSL_R_WRONG_SSL_VERSION 264
! #define SSL_R_WRONG_VERSION_NUMBER 265
! #define SSL_R_X509_LIB 266
! #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 267
--- 271,311 ----
#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
#define SSL_R_TLSV1_ALERT_USER_CANCLED 1090
! #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
! #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
! #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
! #define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
! #define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
! #define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237
! #define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238
! #define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
! #define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240
! #define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241
! #define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
! #define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
! #define SSL_R_UNEXPECTED_MESSAGE 244
! #define SSL_R_UNEXPECTED_RECORD 245
! #define SSL_R_UNKNOWN_ALERT_TYPE 246
! #define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247
! #define SSL_R_UNKNOWN_CIPHER_RETURNED 248
! #define SSL_R_UNKNOWN_CIPHER_TYPE 249
! #define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
! #define SSL_R_UNKNOWN_PKEY_TYPE 251
! #define SSL_R_UNKNOWN_PROTOCOL 252
! #define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253
! #define SSL_R_UNKNOWN_SSL_VERSION 254
! #define SSL_R_UNKNOWN_STATE 255
! #define SSL_R_UNSUPPORTED_CIPHER 256
! #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
! #define SSL_R_UNSUPPORTED_PROTOCOL 258
! #define SSL_R_UNSUPPORTED_SSL_VERSION 259
! #define SSL_R_WRITE_BIO_NOT_SET 260
! #define SSL_R_WRONG_CIPHER_RETURNED 261
! #define SSL_R_WRONG_MESSAGE_TYPE 262
! #define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
! #define SSL_R_WRONG_SIGNATURE_LENGTH 264
! #define SSL_R_WRONG_SIGNATURE_SIZE 265
! #define SSL_R_WRONG_SSL_VERSION 266
! #define SSL_R_WRONG_VERSION_NUMBER 267
! #define SSL_R_X509_LIB 268
! #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269
Index: ssl.h
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl.h,v
retrieving revision 1.4
diff -c -r1.4 ssl.h
*** ssl.h 1999/01/30 17:34:59 1.4
--- ssl.h 1999/01/31 12:15:16
***************
*** 1,3 ****
--- 1,15 ----
+ #define SSL_CTX_sess_set_new_cb(ctx,cb) ((ctx)->new_session_cb=(cb))
+ #define SSL_CTX_sess_get_new_cb(ctx) ((ctx)->new_session_cb)
+ #define SSL_CTX_sess_set_remove_cb(ctx,cb) ((ctx)->remove_session_cb=(cb))
+ #define SSL_CTX_sess_get_remove_cb(ctx) ((ctx)->remove_session_cb)
+ #define SSL_CTX_sess_set_get_cb(ctx,cb) ((ctx)->get_session_cb=(cb))
+ #define SSL_CTX_sess_get_get_cb(ctx) ((ctx)->get_session_cb)
+ #define SSL_CTX_set_info_callback(ctx,cb) ((ctx)->info_callback=(cb))
+ #define SSL_CTX_get_info_callback(ctx) ((ctx)->info_callback)
+
+ #define SSL_CTX_set_client_cert_cb(ctx,cb) ((ctx)->client_cert_cb=(cb))
+ #define SSL_CTX_get_client_cert_cb(ctx) ((ctx)->client_cert_cb)
+
/* ssl/ssl.h */
/* Copyright (C) 1995-1998 Eric Young ([EMAIL PROTECTED])
* All rights reserved.
***************
*** 193,198 ****
--- 205,211 ----
struct ssl_method_st *(*get_ssl_method)(int version);
long (*get_timeout)(void);
struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
+ int (*ssl_version)();
} SSL_METHOD;
/* Lets make this into an ASN.1 type structure as follows
***************
*** 238,248 ****
long timeout;
long time;
! #ifdef HEADER_COMP_H
! COMP_CTX *compress_meth;
! #else
! char *compress_meth;
! #endif
SSL_CIPHER *cipher;
unsigned long cipher_id; /* when ASN.1 loaded, this
--- 251,257 ----
long timeout;
long time;
! int compress_meth; /* Need to lookup the method */
SSL_CIPHER *cipher;
unsigned long cipher_id; /* when ASN.1 loaded, this
***************
*** 267,272 ****
--- 276,282 ----
#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
#define SSL_OP_TLS_D5_BUG 0x00000100L
#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
+ #define SSL_OP_TLS_ROLLBACK_BUG 0x00000400L
/* If set, only use tmp_dh parameters once */
#define SSL_OP_SINGLE_DH_USE 0x00100000L
***************
*** 282,300 ****
#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x80000000L
#define SSL_OP_ALL 0x000FFFFFL
! #define SSL_CTX_set_options(ctx,op) ((ctx)->options|=(op))
! #define SSL_set_options(ssl,op) ((ssl)->options|=(op))
#define SSL_OP_NO_SSLv2 0x01000000L
#define SSL_OP_NO_SSLv3 0x02000000L
#define SSL_OP_NO_TLSv1 0x04000000L
-
- /* Normally you will only use these if your application wants to use
- * the certificate store in other places, perhaps PKCS7 */
- #define SSL_CTX_get_cert_store(ctx) ((ctx)->cert_store)
- #define SSL_CTX_set_cert_store(ctx,cs) \
- (X509_STORE_free((ctx)->cert_store),(ctx)->cert_store=(cs))
#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20)
--- 292,317 ----
#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x80000000L
#define SSL_OP_ALL 0x000FFFFFL
! #define SSL_CTX_set_options(ctx,op) SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,op,NULL)
! #define SSL_CTX_get_options(ctx) SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,0,NULL)
! #define SSL_set_options(ssl,op) SSL_ctrl(ctx,SSL_CTRL_OPTIONS,op,NULL)
! #define SSL_get_options(ssl) SSL_ctrl(ctx,SSL_CTRL_OPTIONS,0,NULL)
#define SSL_OP_NO_SSLv2 0x01000000L
#define SSL_OP_NO_SSLv3 0x02000000L
#define SSL_OP_NO_TLSv1 0x04000000L
+ typedef struct ssl_comp_st
+ {
+ int id;
+ char *name;
+ #ifdef HEADER_COMP_H
+ COMP_METHOD *method;
+ #else
+ char *method;
+ #endif
+ } SSL_COMP;
+
#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20)
***************
*** 347,392 ****
SSL_SESSION *(*get_session_cb)();
#endif
! int sess_connect; /* SSL new connection - started */
! int sess_connect_renegotiate;/* SSL renegotiatene - requested */
! int sess_connect_good; /* SSL new connection/renegotiate - finished */
! int sess_accept; /* SSL new accept - started */
! int sess_accept_renegotiate;/* SSL renegotiatene - requested */
! int sess_accept_good; /* SSL accept/renegotiate - finished */
! int sess_miss; /* session lookup misses */
! int sess_timeout; /* session reuse attempt on timeouted session */
! int sess_cache_full; /* session removed due to full cache */
! int sess_hit; /* session reuse actually done */
! int sess_cb_hit; /* session-id that was not in the cache was
! * passed back via the callback. This
! * indicates that the application is supplying
! * session-id's from other processes -
! * spooky :-) */
int references;
! void (*info_callback)();
/* if defined, these override the X509_verify_cert() calls */
! int (*app_verify_callback)();
! char *app_verify_arg;
/* default values to use in SSL structures */
! struct cert_st /* CERT */ *default_cert;
! int default_read_ahead;
! int default_verify_mode;
! int (*default_verify_callback)();
/* Default password callback. */
! int (*default_passwd_callback)();
/* get client cert callback */
! int (*client_cert_cb)(/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */);
/* what we put in client requests */
STACK *client_CA;
! int quiet_shutdown;
CRYPTO_EX_DATA ex_data;
--- 364,413 ----
SSL_SESSION *(*get_session_cb)();
#endif
! struct
! {
! int sess_connect; /* SSL new conn - started */
! int sess_connect_renegotiate;/* SSL reneg - requested */
! int sess_connect_good; /* SSL new conne/reneg - finished */
! int sess_accept; /* SSL new accept - started */
! int sess_accept_renegotiate;/* SSL reneg - requested */
! int sess_accept_good; /* SSL accept/reneg - finished */
! int sess_miss; /* session lookup misses */
! int sess_timeout; /* reuse attempt on timeouted session */
! int sess_cache_full; /* session removed due to full cache */
! int sess_hit; /* session reuse actually done */
! int sess_cb_hit; /* session-id that was not
! * in the cache was
! * passed back via the callback. This
! * indicates that the application is
! * supplying session-id's from other
! * processes - spooky :-) */
! } stats;
int references;
! /**/ void (*info_callback)();
/* if defined, these override the X509_verify_cert() calls */
! /**/ int (*app_verify_callback)();
! /**/ char *app_verify_arg;
/* default values to use in SSL structures */
! /**/ struct cert_st /* CERT */ *default_cert;
! /**/ int read_ahead;
! /**/ int verify_mode;
! /**/ int (*default_verify_callback)();
/* Default password callback. */
! /**/ int (*default_passwd_callback)();
/* get client cert callback */
! /**/ int (*client_cert_cb)(/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */);
/* what we put in client requests */
STACK *client_CA;
! /**/ int quiet_shutdown;
CRYPTO_EX_DATA ex_data;
***************
*** 395,400 ****
--- 416,422 ----
EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */
STACK *extra_certs;
+ STACK *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
};
#define SSL_SESS_CACHE_OFF 0x0000
***************
*** 406,459 ****
* in the cache. If there is an application get_session callback
* defined, this will still get called. */
#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
-
- #define SSL_CTX_sessions(ctx) ((ctx)->sessions)
- /* You will need to include lhash.h to access the following #define */
- #define SSL_CTX_sess_number(ctx) ((ctx)->sessions->num_items)
- #define SSL_CTX_sess_connect(ctx) ((ctx)->sess_connect)
- #define SSL_CTX_sess_connect_good(ctx) ((ctx)->sess_connect_good)
- #define SSL_CTX_sess_accept(ctx) ((ctx)->sess_accept)
- #define SSL_CTX_sess_accept_renegotiate(ctx) ((ctx)->sess_accept_renegotiate)
- #define SSL_CTX_sess_connect_renegotiate(ctx) ((ctx)->sess_connect_renegotiate)
- #define SSL_CTX_sess_accept_good(ctx) ((ctx)->sess_accept_good)
- #define SSL_CTX_sess_hits(ctx) ((ctx)->sess_hit)
- #define SSL_CTX_sess_cb_hits(ctx) ((ctx)->sess_cb_hit)
- #define SSL_CTX_sess_misses(ctx) ((ctx)->sess_miss)
- #define SSL_CTX_sess_timeouts(ctx) ((ctx)->sess_timeout)
- #define SSL_CTX_sess_cache_full(ctx) ((ctx)->sess_cache_full)
! #define SSL_CTX_sess_set_cache_size(ctx,t) ((ctx)->session_cache_size=(t))
! #define SSL_CTX_sess_get_cache_size(ctx) ((ctx)->session_cache_size)
- #define SSL_CTX_sess_set_new_cb(ctx,cb) ((ctx)->new_session_cb=(cb))
- #define SSL_CTX_sess_get_new_cb(ctx) ((ctx)->new_session_cb)
- #define SSL_CTX_sess_set_remove_cb(ctx,cb) ((ctx)->remove_session_cb=(cb))
- #define SSL_CTX_sess_get_remove_cb(ctx) ((ctx)->remove_session_cb)
- #define SSL_CTX_sess_set_get_cb(ctx,cb) ((ctx)->get_session_cb=(cb))
- #define SSL_CTX_sess_get_get_cb(ctx) ((ctx)->get_session_cb)
- #define SSL_CTX_set_session_cache_mode(ctx,m) ((ctx)->session_cache_mode=(m))
- #define SSL_CTX_get_session_cache_mode(ctx) ((ctx)->session_cache_mode)
- #define SSL_CTX_set_timeout(ctx,t) ((ctx)->session_timeout=(t))
- #define SSL_CTX_get_timeout(ctx) ((ctx)->session_timeout)
-
- #define SSL_CTX_set_info_callback(ctx,cb) ((ctx)->info_callback=(cb))
- #define SSL_CTX_get_info_callback(ctx) ((ctx)->info_callback)
- #define SSL_CTX_set_default_read_ahead(ctx,m) (((ctx)->default_read_ahead)=(m))
-
- #define SSL_CTX_set_client_cert_cb(ctx,cb) ((ctx)->client_cert_cb=(cb))
- #define SSL_CTX_get_client_cert_cb(ctx) ((ctx)->client_cert_cb)
-
#define SSL_NOTHING 1
#define SSL_WRITING 2
#define SSL_READING 3
#define SSL_X509_LOOKUP 4
/* These will only be used when doing non-blocking IO */
! #define SSL_want(s) ((s)->rwstate)
! #define SSL_want_nothing(s) ((s)->rwstate == SSL_NOTHING)
! #define SSL_want_read(s) ((s)->rwstate == SSL_READING)
! #define SSL_want_write(s) ((s)->rwstate == SSL_WRITING)
! #define SSL_want_x509_lookup(s) ((s)->rwstate == SSL_X509_LOOKUP)
struct ssl_st
{
--- 428,469 ----
* in the cache. If there is an application get_session callback
* defined, this will still get called. */
#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
! #define SSL_CTX_sess_number(ctx) \
! SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
! #define SSL_CTX_sess_connect(ctx) \
! SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
! #define SSL_CTX_sess_connect_good(ctx) \
! SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
! #define SSL_CTX_sess_connect_renegotiate(ctx) \
! SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
! #define SSL_CTX_sess_accept(ctx) \
! SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
! #define SSL_CTX_sess_accept_renegotiate(ctx) \
! SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
! #define SSL_CTX_sess_accept_good(ctx) \
! SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
! #define SSL_CTX_sess_hits(ctx) \
! SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
! #define SSL_CTX_sess_cb_hits(ctx) \
! SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
! #define SSL_CTX_sess_misses(ctx) \
! SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
! #define SSL_CTX_sess_timeouts(ctx) \
! SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
! #define SSL_CTX_sess_cache_full(ctx) \
! SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
#define SSL_NOTHING 1
#define SSL_WRITING 2
#define SSL_READING 3
#define SSL_X509_LOOKUP 4
/* These will only be used when doing non-blocking IO */
! #define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
! #define SSL_want_read(s) (SSL_want(s) == SSL_READING)
! #define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
! #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
struct ssl_st
{
***************
*** 490,496 ****
int in_handshake;
int (*handshake_func)();
! /* int server;*/ /* are we the server side? */
int new_session;/* 1 if we are to use a new session */
int quiet_shutdown;/* don't send shutdown packets */
--- 500,506 ----
int in_handshake;
int (*handshake_func)();
! int server; /* are we the server side? - mostly used by SSL_clear*/
int new_session;/* 1 if we are to use a new session */
int quiet_shutdown;/* don't send shutdown packets */
***************
*** 569,574 ****
--- 579,586 ----
int references;
unsigned long options;
int first_packet;
+ int client_version; /* what was passed, used for
+ * SSLv3/TLS rolback check */
};
#include "ssl2.h"
***************
*** 634,639 ****
--- 646,653 ----
#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
#define SSL_VERIFY_CLIENT_ONCE 0x04
+ #define SSLeay_add_ssl_algorithms() SSL_library_init()
+
/* this is for backward compatablility */
#if 0 /* NEW_SSLEAY */
#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
***************
*** 726,733 ****
#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 9
#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 10
#define SSL_CTRL_GET_FLAGS 11
! #define SSL_CTRL_EXTRA_CHAIN_CERT 11
#define SSL_session_reused(ssl) \
SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
--- 740,768 ----
#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 9
#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 10
#define SSL_CTRL_GET_FLAGS 11
+ #define SSL_CTRL_EXTRA_CHAIN_CERT 12
! /* Stats */
! #define SSL_CTRL_SESS_NUMBER 20
! #define SSL_CTRL_SESS_CONNECT 21
! #define SSL_CTRL_SESS_CONNECT_GOOD 22
! #define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23
! #define SSL_CTRL_SESS_ACCEPT 24
! #define SSL_CTRL_SESS_ACCEPT_GOOD 25
! #define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26
! #define SSL_CTRL_SESS_HIT 27
! #define SSL_CTRL_SESS_CB_HIT 28
! #define SSL_CTRL_SESS_MISSES 29
! #define SSL_CTRL_SESS_TIMEOUTS 30
! #define SSL_CTRL_SESS_CACHE_FULL 31
! #define SSL_CTRL_OPTIONS 32
!
! #define SSL_CTRL_GET_READ_AHEAD 40
! #define SSL_CTRL_SET_READ_AHEAD 41
! #define SSL_CTRL_SET_SESS_CACHE_SIZE 42
! #define SSL_CTRL_GET_SESS_CACHE_SIZE 43
! #define SSL_CTRL_SET_SESS_CACHE_MODE 44
! #define SSL_CTRL_GET_SESS_CACHE_MODE 45
#define SSL_session_reused(ssl) \
SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
***************
*** 760,769 ****
#endif
int SSL_CTX_set_cipher_list(SSL_CTX *,char *str);
SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
void SSL_CTX_free(SSL_CTX *);
! void SSL_clear(SSL *s);
void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
SSL_CIPHER *SSL_get_current_cipher(SSL *s);
--- 795,810 ----
#endif
+ long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
+ long SSL_CTX_get_timeout(SSL_CTX *ctx);
+ X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx);
+ void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store);
+ int SSL_want(SSL *s);
+
int SSL_CTX_set_cipher_list(SSL_CTX *,char *str);
SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
void SSL_CTX_free(SSL_CTX *);
! int SSL_clear(SSL *s);
void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
SSL_CIPHER *SSL_get_current_cipher(SSL *s);
***************
*** 796,802 ****
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
int SSL_use_certificate(SSL *ssl, X509 *x);
! int SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d);
#ifndef NO_STDIO
int SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type);
--- 837,843 ----
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
int SSL_use_certificate(SSL *ssl, X509 *x);
! int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
#ifndef NO_STDIO
int SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type);
***************
*** 860,866 ****
int SSL_check_private_key(SSL *ctx);
SSL * SSL_new(SSL_CTX *ctx);
! void SSL_clear(SSL *s);
void SSL_free(SSL *ssl);
int SSL_accept(SSL *ssl);
int SSL_connect(SSL *ssl);
--- 901,907 ----
int SSL_check_private_key(SSL *ctx);
SSL * SSL_new(SSL_CTX *ctx);
! int SSL_clear(SSL *s);
void SSL_free(SSL *ssl);
int SSL_accept(SSL *ssl);
int SSL_connect(SSL *ssl);
***************
*** 917,923 ****
long SSL_get_default_timeout(SSL *s);
! void SSLeay_add_ssl_algorithms(void );
char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
STACK *SSL_dup_CA_list(STACK *sk);
--- 958,964 ----
long SSL_get_default_timeout(SSL *s);
! int SSL_library_init(void );
char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
STACK *SSL_dup_CA_list(STACK *sk);
***************
*** 962,967 ****
--- 1003,1024 ----
int SSL_get_ex_data_X509_STORE_CTX_idx(void );
+ #define SSL_CTX_sess_set_cache_size(ctx,t) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
+ #define SSL_CTX_sess_get_cache_size(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
+ #define SSL_CTX_set_session_cache_mode(ctx,m) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
+ #define SSL_CTX_get_session_cache_mode(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
+
+ #define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
+ #define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
+ #define SSL_CTX_get_read_ahead(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
+ #define SSL_CTX_set_read_ahead(ctx,m) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,0,NULL)
+
/* For the next 2, the callbacks are
* RSA *tmp_rsa_cb(SSL *ssl,int export)
* DH *tmp_dh_cb(SSL *ssl,int export)
***************
*** 970,977 ****
--- 1027,1040 ----
RSA *(*cb)(SSL *ssl,int export));
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export));
+ #ifdef HEADER_COMP_H
+ int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
#else
+ int SSL_COMP_add_compression_method(int id,char *cm);
+ #endif
+ #else
+
BIO_METHOD *BIO_f_ssl();
BIO *BIO_new_ssl();
BIO *BIO_new_ssl_connect();
***************
*** 979,984 ****
--- 1042,1053 ----
int BIO_ssl_copy_session_id();
void BIO_ssl_shutdown();
+ long SSL_CTX_set_timeout();
+ long SSL_CTX_get_timeout();
+ X509_STORE *SSL_CTX_get_cert_store();
+ void SSL_CTX_set_cert_store();
+ int SSL_want();
+
int SSL_CTX_set_cipher_list();
SSL_CTX *SSL_CTX_new();
void SSL_CTX_free();
***************
*** 1134,1140 ****
long SSL_get_default_timeout();
! void SSLeay_add_ssl_algorithms();
char *SSL_CIPHER_description();
STACK *SSL_dup_CA_list();
--- 1203,1209 ----
long SSL_get_default_timeout();
! int SSL_library_init();
char *SSL_CIPHER_description();
STACK *SSL_dup_CA_list();
***************
*** 1178,1183 ****
--- 1247,1253 ----
int SSL_CTX_get_ex_new_index();
int SSL_get_ex_data_X509_STORE_CTX_idx();
+ int SSL_COMP_add_compression_method();
/* For the next 2, the callbacks are
* RSA *tmp_rsa_cb(SSL *ssl,int export)
***************
*** 1258,1309 ****
#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
#define SSL_F_SSL_CERT_NEW 162
#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
! #define SSL_F_SSL_CREATE_CIPHER_LIST 164
! #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 165
! #define SSL_F_SSL_CTX_NEW 166
! #define SSL_F_SSL_CTX_SET_SSL_VERSION 167
! #define SSL_F_SSL_CTX_USE_CERTIFICATE 168
! #define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 169
! #define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 170
! #define SSL_F_SSL_CTX_USE_PRIVATEKEY 171
! #define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 172
! #define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 173
! #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 174
! #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 175
! #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 176
! #define SSL_F_SSL_DO_HANDSHAKE 177
! #define SSL_F_SSL_GET_NEW_SESSION 178
! #define SSL_F_SSL_GET_SERVER_SEND_CERT 179
! #define SSL_F_SSL_GET_SIGN_PKEY 180
! #define SSL_F_SSL_INIT_WBIO_BUFFER 181
! #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 182
! #define SSL_F_SSL_NEW 183
! #define SSL_F_SSL_RSA_PRIVATE_DECRYPT 184
! #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 185
! #define SSL_F_SSL_SESSION_NEW 186
! #define SSL_F_SSL_SESSION_PRINT_FP 187
! #define SSL_F_SSL_SET_CERT 188
! #define SSL_F_SSL_SET_FD 189
! #define SSL_F_SSL_SET_PKEY 190
! #define SSL_F_SSL_SET_RFD 191
! #define SSL_F_SSL_SET_SESSION 192
! #define SSL_F_SSL_SET_WFD 193
! #define SSL_F_SSL_UNDEFINED_FUNCTION 194
! #define SSL_F_SSL_USE_CERTIFICATE 195
! #define SSL_F_SSL_USE_CERTIFICATE_ASN1 196
! #define SSL_F_SSL_USE_CERTIFICATE_FILE 197
! #define SSL_F_SSL_USE_PRIVATEKEY 198
! #define SSL_F_SSL_USE_PRIVATEKEY_ASN1 199
! #define SSL_F_SSL_USE_PRIVATEKEY_FILE 200
! #define SSL_F_SSL_USE_RSAPRIVATEKEY 201
! #define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 202
! #define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 203
! #define SSL_F_SSL_VERIFY_CERT_CHAIN 204
! #define SSL_F_SSL_WRITE 205
! #define SSL_F_TLS1_CHANGE_CIPHER_STATE 206
! #define SSL_F_TLS1_ENC 207
! #define SSL_F_TLS1_SETUP_KEY_BLOCK 208
! #define SSL_F_WRITE_PENDING 209
/* Reason codes. */
#define SSL_R_APP_DATA_IN_HANDSHAKE 100
--- 1328,1382 ----
#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
#define SSL_F_SSL_CERT_NEW 162
#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
! #define SSL_F_SSL_CLEAR 164
! #define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
! #define SSL_F_SSL_CREATE_CIPHER_LIST 166
! #define SSL_F_SSL_CTX_ADD_COMPRESSION 167
! #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
! #define SSL_F_SSL_CTX_NEW 169
! #define SSL_F_SSL_CTX_SET_SSL_VERSION 170
! #define SSL_F_SSL_CTX_USE_CERTIFICATE 171
! #define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
! #define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
! #define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
! #define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
! #define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176
! #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177
! #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178
! #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
! #define SSL_F_SSL_DO_HANDSHAKE 180
! #define SSL_F_SSL_GET_NEW_SESSION 181
! #define SSL_F_SSL_GET_SERVER_SEND_CERT 182
! #define SSL_F_SSL_GET_SIGN_PKEY 183
! #define SSL_F_SSL_INIT_WBIO_BUFFER 184
! #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
! #define SSL_F_SSL_NEW 186
! #define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
! #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
! #define SSL_F_SSL_SESSION_NEW 189
! #define SSL_F_SSL_SESSION_PRINT_FP 190
! #define SSL_F_SSL_SET_CERT 191
! #define SSL_F_SSL_SET_FD 192
! #define SSL_F_SSL_SET_PKEY 193
! #define SSL_F_SSL_SET_RFD 194
! #define SSL_F_SSL_SET_SESSION 195
! #define SSL_F_SSL_SET_WFD 196
! #define SSL_F_SSL_UNDEFINED_FUNCTION 197
! #define SSL_F_SSL_USE_CERTIFICATE 198
! #define SSL_F_SSL_USE_CERTIFICATE_ASN1 199
! #define SSL_F_SSL_USE_CERTIFICATE_FILE 200
! #define SSL_F_SSL_USE_PRIVATEKEY 201
! #define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202
! #define SSL_F_SSL_USE_PRIVATEKEY_FILE 203
! #define SSL_F_SSL_USE_RSAPRIVATEKEY 204
! #define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205
! #define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206
! #define SSL_F_SSL_VERIFY_CERT_CHAIN 207
! #define SSL_F_SSL_WRITE 208
! #define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
! #define SSL_F_TLS1_ENC 210
! #define SSL_F_TLS1_SETUP_KEY_BLOCK 211
! #define SSL_F_WRITE_PENDING 212
/* Reason codes. */
#define SSL_R_APP_DATA_IN_HANDSHAKE 100
***************
*** 1394,1432 ****
#define SSL_R_NO_CIPHER_MATCH 185
#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
#define SSL_R_NO_COMPRESSION_SPECIFIED 187
! #define SSL_R_NO_PRIVATEKEY 188
! #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 189
! #define SSL_R_NO_PROTOCOLS_AVAILABLE 190
! #define SSL_R_NO_PUBLICKEY 191
! #define SSL_R_NO_SHARED_CIPHER 192
! #define SSL_R_NO_VERIFY_CALLBACK 193
! #define SSL_R_NULL_SSL_CTX 194
! #define SSL_R_NULL_SSL_METHOD_PASSED 195
! #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 196
! #define SSL_R_PACKET_LENGTH_TOO_LONG 197
! #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 198
! #define SSL_R_PEER_ERROR 199
! #define SSL_R_PEER_ERROR_CERTIFICATE 200
! #define SSL_R_PEER_ERROR_NO_CERTIFICATE 201
! #define SSL_R_PEER_ERROR_NO_CIPHER 202
! #define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 203
! #define SSL_R_PRE_MAC_LENGTH_TOO_LONG 204
! #define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 205
! #define SSL_R_PROTOCOL_IS_SHUTDOWN 206
! #define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 207
! #define SSL_R_PUBLIC_KEY_IS_NOT_RSA 208
! #define SSL_R_PUBLIC_KEY_NOT_RSA 209
! #define SSL_R_READ_BIO_NOT_SET 210
! #define SSL_R_READ_WRONG_PACKET_TYPE 211
! #define SSL_R_RECORD_LENGTH_MISMATCH 212
! #define SSL_R_RECORD_TOO_LARGE 213
! #define SSL_R_REQUIRED_CIPHER_MISSING 214
! #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 215
! #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 216
! #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 217
! #define SSL_R_SHORT_READ 218
! #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 219
! #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 220
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
--- 1467,1507 ----
#define SSL_R_NO_CIPHER_MATCH 185
#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
#define SSL_R_NO_COMPRESSION_SPECIFIED 187
! #define SSL_R_NO_METHOD_SPECIFIED 188
! #define SSL_R_NO_PRIVATEKEY 189
! #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
! #define SSL_R_NO_PROTOCOLS_AVAILABLE 191
! #define SSL_R_NO_PUBLICKEY 192
! #define SSL_R_NO_SHARED_CIPHER 193
! #define SSL_R_NO_VERIFY_CALLBACK 194
! #define SSL_R_NULL_SSL_CTX 195
! #define SSL_R_NULL_SSL_METHOD_PASSED 196
! #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
! #define SSL_R_PACKET_LENGTH_TOO_LONG 198
! #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
! #define SSL_R_PEER_ERROR 200
! #define SSL_R_PEER_ERROR_CERTIFICATE 201
! #define SSL_R_PEER_ERROR_NO_CERTIFICATE 202
! #define SSL_R_PEER_ERROR_NO_CIPHER 203
! #define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204
! #define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205
! #define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206
! #define SSL_R_PROTOCOL_IS_SHUTDOWN 207
! #define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208
! #define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209
! #define SSL_R_PUBLIC_KEY_NOT_RSA 210
! #define SSL_R_READ_BIO_NOT_SET 211
! #define SSL_R_READ_WRONG_PACKET_TYPE 212
! #define SSL_R_RECORD_LENGTH_MISMATCH 213
! #define SSL_R_RECORD_TOO_LARGE 214
! #define SSL_R_REQUIRED_CIPHER_MISSING 215
! #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
! #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
! #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
! #define SSL_R_SHORT_READ 219
! #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
! #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
! #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
***************
*** 1436,1452 ****
#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
! #define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 221
! #define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 222
! #define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 223
! #define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 224
#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
! #define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 225
#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
! #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 226
! #define SSL_R_SSL_HANDSHAKE_FAILURE 227
! #define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 228
! #define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 229
#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
--- 1511,1527 ----
#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
! #define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 223
! #define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 224
! #define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 225
! #define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 226
#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
! #define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 227
#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
! #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
! #define SSL_R_SSL_HANDSHAKE_FAILURE 229
! #define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
! #define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
***************
*** 1459,1502 ****
#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
#define SSL_R_TLSV1_ALERT_USER_CANCLED 1090
! #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 230
! #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 231
! #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 232
! #define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 233
! #define SSL_R_UNABLE_TO_DECODE_DH_CERTS 234
! #define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 235
! #define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 236
! #define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 237
! #define SSL_R_UNABLE_TO_FIND_SSL_METHOD 238
! #define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 239
! #define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 240
! #define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 241
! #define SSL_R_UNEXPECTED_MESSAGE 242
! #define SSL_R_UNEXPECTED_RECORD 243
! #define SSL_R_UNKNOWN_ALERT_TYPE 244
! #define SSL_R_UNKNOWN_CERTIFICATE_TYPE 245
! #define SSL_R_UNKNOWN_CIPHER_RETURNED 246
! #define SSL_R_UNKNOWN_CIPHER_TYPE 247
! #define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 248
! #define SSL_R_UNKNOWN_PKEY_TYPE 249
! #define SSL_R_UNKNOWN_PROTOCOL 250
! #define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 251
! #define SSL_R_UNKNOWN_SSL_VERSION 252
! #define SSL_R_UNKNOWN_STATE 253
! #define SSL_R_UNSUPPORTED_CIPHER 254
! #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 255
! #define SSL_R_UNSUPPORTED_PROTOCOL 256
! #define SSL_R_UNSUPPORTED_SSL_VERSION 257
! #define SSL_R_WRITE_BIO_NOT_SET 258
! #define SSL_R_WRONG_CIPHER_RETURNED 259
! #define SSL_R_WRONG_MESSAGE_TYPE 260
! #define SSL_R_WRONG_NUMBER_OF_KEY_BITS 261
! #define SSL_R_WRONG_SIGNATURE_LENGTH 262
! #define SSL_R_WRONG_SIGNATURE_SIZE 263
! #define SSL_R_WRONG_SSL_VERSION 264
! #define SSL_R_WRONG_VERSION_NUMBER 265
! #define SSL_R_X509_LIB 266
! #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 267
#ifdef __cplusplus
}
--- 1534,1577 ----
#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
#define SSL_R_TLSV1_ALERT_USER_CANCLED 1090
! #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
! #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
! #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
! #define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
! #define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
! #define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237
! #define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238
! #define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
! #define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240
! #define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241
! #define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
! #define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
! #define SSL_R_UNEXPECTED_MESSAGE 244
! #define SSL_R_UNEXPECTED_RECORD 245
! #define SSL_R_UNKNOWN_ALERT_TYPE 246
! #define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247
! #define SSL_R_UNKNOWN_CIPHER_RETURNED 248
! #define SSL_R_UNKNOWN_CIPHER_TYPE 249
! #define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
! #define SSL_R_UNKNOWN_PKEY_TYPE 251
! #define SSL_R_UNKNOWN_PROTOCOL 252
! #define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253
! #define SSL_R_UNKNOWN_SSL_VERSION 254
! #define SSL_R_UNKNOWN_STATE 255
! #define SSL_R_UNSUPPORTED_CIPHER 256
! #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
! #define SSL_R_UNSUPPORTED_PROTOCOL 258
! #define SSL_R_UNSUPPORTED_SSL_VERSION 259
! #define SSL_R_WRITE_BIO_NOT_SET 260
! #define SSL_R_WRONG_CIPHER_RETURNED 261
! #define SSL_R_WRONG_MESSAGE_TYPE 262
! #define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
! #define SSL_R_WRONG_SIGNATURE_LENGTH 264
! #define SSL_R_WRONG_SIGNATURE_SIZE 265
! #define SSL_R_WRONG_SSL_VERSION 266
! #define SSL_R_WRONG_VERSION_NUMBER 267
! #define SSL_R_X509_LIB 268
! #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269
#ifdef __cplusplus
}
Index: ssl3.h
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl3.h,v
retrieving revision 1.1.1.3
diff -c -r1.1.1.3 ssl3.h
*** ssl3.h 1998/12/21 11:00:07 1.1.1.3
--- ssl3.h 1999/01/31 12:15:16
***************
*** 341,352 ****
EVP_CIPHER *new_sym_enc;
EVP_MD *new_hash;
#ifdef HEADER_COMP_H
! COMP_METHOD *new_compression;
#else
char *new_compression;
#endif
int cert_request;
} tmp;
} SSL3_CTX;
/* SSLv3 */
--- 341,353 ----
EVP_CIPHER *new_sym_enc;
EVP_MD *new_hash;
#ifdef HEADER_COMP_H
! SSL_COMP *new_compression;
#else
char *new_compression;
#endif
int cert_request;
} tmp;
+
} SSL3_CTX;
/* SSLv3 */
Index: ssl_algs.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_algs.c,v
retrieving revision 1.1.1.3
diff -c -r1.1.1.3 ssl_algs.c
*** ssl_algs.c 1998/12/21 11:00:07 1.1.1.3
--- ssl_algs.c 1999/01/31 12:15:16
***************
*** 61,67 ****
#include "lhash.h"
#include "ssl_locl.h"
! void SSLeay_add_ssl_algorithms()
{
#ifndef NO_DES
EVP_add_cipher(EVP_des_cbc());
--- 61,67 ----
#include "lhash.h"
#include "ssl_locl.h"
! int SSL_library_init()
{
#ifndef NO_DES
EVP_add_cipher(EVP_des_cbc());
***************
*** 98,102 ****
--- 98,103 ----
EVP_add_digest(EVP_sha());
EVP_add_digest(EVP_dss());
#endif
+ return(1);
}
Index: ssl_ciph.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_ciph.c,v
retrieving revision 1.1.1.3
diff -c -r1.1.1.3 ssl_ciph.c
*** ssl_ciph.c 1998/12/21 11:00:08 1.1.1.3
--- ssl_ciph.c 1999/01/31 12:15:17
***************
*** 58,63 ****
--- 58,64 ----
#include <stdio.h>
#include "objects.h"
+ #include "comp.h"
#include "ssl_locl.h"
#define SSL_ENC_DES_IDX 0
***************
*** 73,78 ****
--- 74,81 ----
NULL,NULL,NULL,NULL,NULL,NULL,
};
+ static STACK /* SSL_COMP */ *ssl_comp_methods=NULL;
+
#define SSL_MD_MD5_IDX 0
#define SSL_MD_SHA1_IDX 1
#define SSL_MD_NUM_IDX 2
***************
*** 180,193 ****
EVP_get_digestbyname(SN_sha1);
}
! int ssl_cipher_get_evp(c,enc,md)
! SSL_CIPHER *c;
EVP_CIPHER **enc;
EVP_MD **md;
{
int i;
if (c == NULL) return(0);
switch (c->algorithms & SSL_ENC_MASK)
{
--- 183,223 ----
EVP_get_digestbyname(SN_sha1);
}
! int ssl_cipher_get_evp(s,enc,md,comp)
! SSL_SESSION *s;
EVP_CIPHER **enc;
EVP_MD **md;
+ SSL_COMP **comp;
{
int i;
+ SSL_CIPHER *c;
+ c=s->cipher;
if (c == NULL) return(0);
+ if (comp != NULL)
+ {
+ SSL_COMP ctmp;
+
+ if (s->compress_meth == 0)
+ *comp=NULL;
+ else if (ssl_comp_methods == NULL)
+ {
+ /* bad */
+ *comp=NULL;
+ }
+ else
+ {
+
+ ctmp.id=s->compress_meth;
+ i=sk_find(ssl_comp_methods,(char *)&ctmp);
+ if (i >= 0)
+ *comp=(SSL_COMP *)sk_value(ssl_comp_methods,i);
+ else
+ *comp=NULL;
+ }
+ }
+
+ if ((enc == NULL) || (md == NULL)) return(0);
switch (c->algorithms & SSL_ENC_MASK)
{
***************
*** 730,739 ****
int ret=0,a=0;
EVP_CIPHER *enc;
EVP_MD *md;
if (c != NULL)
{
! if (!ssl_cipher_get_evp(c,&enc,&md))
return(0);
a=EVP_CIPHER_key_length(enc)*8;
--- 760,771 ----
int ret=0,a=0;
EVP_CIPHER *enc;
EVP_MD *md;
+ SSL_SESSION ss;
if (c != NULL)
{
! ss.cipher=c;
! if (!ssl_cipher_get_evp(&ss,&enc,&md,NULL))
return(0);
a=EVP_CIPHER_key_length(enc)*8;
***************
*** 754,758 ****
--- 786,842 ----
if (alg_bits != NULL) *alg_bits=a;
return(ret);
+ }
+
+ SSL_COMP *ssl3_comp_find(sk,n)
+ STACK *sk;
+ int n;
+ {
+ SSL_COMP *ctmp;
+ int i,nn;
+
+ if ((n == 0) || (sk == NULL)) return(NULL);
+ nn=sk_num(sk);
+ for (i=0; i<nn; i++)
+ {
+ ctmp=(SSL_COMP *)sk_value(sk,i);
+ if (ctmp->id == n)
+ return(ctmp);
+ }
+ return(NULL);
+ }
+
+ static int sk_comp_cmp(a,b)
+ SSL_COMP **a,**b;
+ {
+ return((*a)->id-(*b)->id);
+ }
+
+ STACK *SSL_COMP_get_compression_methods()
+ {
+ return(ssl_comp_methods);
+ }
+
+ int SSL_COMP_add_compression_method(id,cm)
+ int id;
+ COMP_METHOD *cm;
+ {
+ SSL_COMP *comp;
+ STACK *sk;
+
+ comp=(SSL_COMP *)Malloc(sizeof(SSL_COMP));
+ comp->id=id;
+ comp->method=cm;
+ if (ssl_comp_methods == NULL)
+ sk=ssl_comp_methods=sk_new(sk_comp_cmp);
+ else
+ sk=ssl_comp_methods;
+ if ((sk == NULL) || !sk_push(sk,(char *)comp))
+ {
+ SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
+ return(0);
+ }
+ else
+ return(1);
}
Index: ssl_err.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_err.c,v
retrieving revision 1.1.1.3
diff -c -r1.1.1.3 ssl_err.c
*** ssl_err.c 1998/12/21 11:00:08 1.1.1.3
--- ssl_err.c 1999/01/31 12:15:18
***************
*** 127,133 ****
--- 127,136 ----
{ERR_PACK(0,SSL_F_SSL_BYTES_TO_CIPHER_LIST,0), "SSL_BYTES_TO_CIPHER_LIST"},
{ERR_PACK(0,SSL_F_SSL_CERT_NEW,0), "SSL_CERT_NEW"},
{ERR_PACK(0,SSL_F_SSL_CHECK_PRIVATE_KEY,0), "SSL_check_private_key"},
+ {ERR_PACK(0,SSL_F_SSL_CLEAR,0), "SSL_clear"},
+ {ERR_PACK(0,SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,0),
+"SSL_COMP_add_compression_method"},
{ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0), "SSL_CREATE_CIPHER_LIST"},
+ {ERR_PACK(0,SSL_F_SSL_CTX_ADD_COMPRESSION,0), "SSL_CTX_ADD_COMPRESSION"},
{ERR_PACK(0,SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,0), "SSL_CTX_check_private_key"},
{ERR_PACK(0,SSL_F_SSL_CTX_NEW,0), "SSL_CTX_new"},
{ERR_PACK(0,SSL_F_SSL_CTX_SET_SSL_VERSION,0), "SSL_CTX_set_ssl_version"},
***************
*** 266,271 ****
--- 269,275 ----
{SSL_R_NO_CIPHER_MATCH ,"no cipher match"},
{SSL_R_NO_CLIENT_CERT_RECEIVED ,"no client cert received"},
{SSL_R_NO_COMPRESSION_SPECIFIED ,"no compression specified"},
+ {SSL_R_NO_METHOD_SPECIFIED ,"no method specified"},
{SSL_R_NO_PRIVATEKEY ,"no privatekey"},
{SSL_R_NO_PRIVATE_KEY_ASSIGNED ,"no private key assigned"},
{SSL_R_NO_PROTOCOLS_AVAILABLE ,"no protocols available"},
***************
*** 298,303 ****
--- 302,308 ----
{SSL_R_REUSE_CIPHER_LIST_NOT_ZERO ,"reuse cipher list not zero"},
{SSL_R_SHORT_READ ,"short read"},
{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing
certificate"},
+ {SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
Index: ssl_lib.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_lib.c,v
retrieving revision 1.8
diff -c -r1.8 ssl_lib.c
*** ssl_lib.c 1999/01/16 17:49:12 1.8
--- ssl_lib.c 1999/01/31 12:15:19
***************
*** 77,106 ****
ssl_undefined_function,
};
! void SSL_clear(s)
SSL *s;
{
int state;
! if (s->method == NULL) return;
s->error=0;
s->hit=0;
/* This is set if we are doing dynamic renegotiation so keep
* the old cipher. It is sort of a SSL_clear_lite :-) */
! if (s->new_session) return;
state=s->state; /* Keep to check if we throw away the session-id */
s->type=0;
s->version=s->method->version;
s->rwstate=SSL_NOTHING;
- s->state=SSL_ST_BEFORE;
s->rstate=SSL_ST_READ_HEADER;
! s->read_ahead=s->ctx->default_read_ahead;
!
! /* s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); */
if (s->init_buf != NULL)
{
--- 77,113 ----
ssl_undefined_function,
};
! int SSL_clear(s)
SSL *s;
{
int state;
! if (s->method == NULL)
! {
! SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
! return(0);
! }
s->error=0;
s->hit=0;
+ s->shutdown=0;
+ #if 0
/* This is set if we are doing dynamic renegotiation so keep
* the old cipher. It is sort of a SSL_clear_lite :-) */
! if (s->new_session) return(1);
! #endif
state=s->state; /* Keep to check if we throw away the session-id */
s->type=0;
+ s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
+
s->version=s->method->version;
+ s->client_version=s->version;
s->rwstate=SSL_NOTHING;
s->rstate=SSL_ST_READ_HEADER;
! s->read_ahead=s->ctx->read_ahead;
if (s->init_buf != NULL)
{
***************
*** 116,125 ****
s->session=NULL;
}
- s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
s->first_packet=0;
! s->method->ssl_clear(s);
}
/* Used to change an SSL_CTXs default SSL method type */
--- 123,144 ----
s->session=NULL;
}
s->first_packet=0;
! #if 1
! /* Check to see if we were changed into a different method, if
! * so, revert back if we are not doing session-id reuse. */
! if ((s->session == NULL) && (s->method != s->ctx->method))
! {
! s->method->ssl_free(s);
! s->method=s->ctx->method;
! if (!s->method->ssl_new(s))
! return(0);
! }
! else
! #endif
! s->method->ssl_clear(s);
! return(1);
}
/* Used to change an SSL_CTXs default SSL method type */
***************
*** 169,175 ****
}
else
s->cert=NULL;
! s->verify_mode=ctx->default_verify_mode;
s->verify_callback=ctx->default_verify_callback;
CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
s->ctx=ctx;
--- 188,194 ----
}
else
s->cert=NULL;
! s->verify_mode=ctx->verify_mode;
s->verify_callback=ctx->default_verify_callback;
CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
s->ctx=ctx;
***************
*** 187,192 ****
--- 206,212 ----
s->quiet_shutdown=ctx->quiet_shutdown;
s->references=1;
+ s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
s->options=ctx->options;
SSL_clear(s);
***************
*** 251,261 ****
ssl_clear_cipher_ctx(s);
- if (s->expand != NULL)
- COMP_CTX_free(s->expand);
- if (s->compress != NULL)
- COMP_CTX_free(s->compress);
-
if (s->cert != NULL) ssl_cert_free(s->cert);
/* Free up if allocated */
--- 271,276 ----
***************
*** 402,408 ****
int SSL_CTX_get_verify_mode(ctx)
SSL_CTX *ctx;
{
! return(ctx->default_verify_mode);
}
int (*SSL_CTX_get_verify_callback(ctx))()
--- 417,423 ----
int SSL_CTX_get_verify_mode(ctx)
SSL_CTX *ctx;
{
! return(ctx->verify_mode);
}
int (*SSL_CTX_get_verify_callback(ctx))()
***************
*** 623,629 ****
long larg;
char *parg;
{
! return(s->method->ssl_ctrl(s,cmd,larg,parg));
}
long SSL_CTX_ctrl(ctx,cmd,larg,parg)
--- 638,659 ----
long larg;
char *parg;
{
! long l;
!
! switch (cmd)
! {
! case SSL_CTRL_GET_READ_AHEAD:
! return(s->read_ahead);
! case SSL_CTRL_SET_READ_AHEAD:
! l=s->read_ahead;
! s->read_ahead=larg;
! return(l);
! case SSL_CTRL_OPTIONS:
! return(s->options|=larg);
! default:
! return(s->method->ssl_ctrl(s,cmd,larg,parg));
! }
! return(0);
}
long SSL_CTX_ctrl(ctx,cmd,larg,parg)
***************
*** 632,638 ****
long larg;
char *parg;
{
! return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
}
int ssl_cipher_id_cmp(a,b)
--- 662,721 ----
long larg;
char *parg;
{
! long l;
!
! switch (cmd)
! {
! case SSL_CTRL_GET_READ_AHEAD:
! return(ctx->read_ahead);
! case SSL_CTRL_SET_READ_AHEAD:
! l=ctx->read_ahead;
! ctx->read_ahead=larg;
! return(l);
!
! case SSL_CTRL_SET_SESS_CACHE_SIZE:
! l=ctx->session_cache_size;
! ctx->session_cache_size=larg;
! return(l);
! case SSL_CTRL_GET_SESS_CACHE_SIZE:
! return(ctx->session_cache_size);
! case SSL_CTRL_SET_SESS_CACHE_MODE:
! l=ctx->session_cache_mode;
! ctx->session_cache_mode=larg;
! return(l);
! case SSL_CTRL_GET_SESS_CACHE_MODE:
! return(ctx->session_cache_mode);
!
! case SSL_CTRL_SESS_NUMBER:
! return(ctx->sessions->num_items);
! case SSL_CTRL_SESS_CONNECT:
! return(ctx->stats.sess_connect);
! case SSL_CTRL_SESS_CONNECT_GOOD:
! return(ctx->stats.sess_connect_good);
! case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
! return(ctx->stats.sess_connect_renegotiate);
! case SSL_CTRL_SESS_ACCEPT:
! return(ctx->stats.sess_accept);
! case SSL_CTRL_SESS_ACCEPT_GOOD:
! return(ctx->stats.sess_accept_good);
! case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
! return(ctx->stats.sess_accept_renegotiate);
! case SSL_CTRL_SESS_HIT:
! return(ctx->stats.sess_hit);
! case SSL_CTRL_SESS_CB_HIT:
! return(ctx->stats.sess_cb_hit);
! case SSL_CTRL_SESS_MISSES:
! return(ctx->stats.sess_miss);
! case SSL_CTRL_SESS_TIMEOUTS:
! return(ctx->stats.sess_timeout);
! case SSL_CTRL_SESS_CACHE_FULL:
! return(ctx->stats.sess_cache_full);
! case SSL_CTRL_OPTIONS:
! return(ctx->options|=larg);
! default:
! return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
! }
! return(0);
}
int ssl_cipher_id_cmp(a,b)
***************
*** 903,919 ****
ret->remove_session_cb=NULL;
ret->get_session_cb=NULL;
! ret->sess_connect=0;
! ret->sess_connect_good=0;
! ret->sess_accept=0;
! ret->sess_accept_renegotiate=0;
! ret->sess_connect_renegotiate=0;
! ret->sess_accept_good=0;
! ret->sess_miss=0;
! ret->sess_timeout=0;
! ret->sess_cache_full=0;
! ret->sess_hit=0;
! ret->sess_cb_hit=0;
ret->references=1;
ret->quiet_shutdown=0;
--- 986,992 ----
ret->remove_session_cb=NULL;
ret->get_session_cb=NULL;
! memset((char *)&ret->stats,0,sizeof(ret->stats));
ret->references=1;
ret->quiet_shutdown=0;
***************
*** 929,936 ****
ret->app_verify_callback=NULL;
ret->app_verify_arg=NULL;
! ret->default_read_ahead=0;
! ret->default_verify_mode=SSL_VERIFY_NONE;
ret->default_verify_callback=NULL;
if ((ret->default_cert=ssl_cert_new()) == NULL)
goto err;
--- 1002,1009 ----
ret->app_verify_callback=NULL;
ret->app_verify_arg=NULL;
! ret->read_ahead=0;
! ret->verify_mode=SSL_VERIFY_NONE;
ret->default_verify_callback=NULL;
if ((ret->default_cert=ssl_cert_new()) == NULL)
goto err;
***************
*** 974,979 ****
--- 1047,1053 ----
CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data);
ret->extra_certs=NULL;
+ ret->comp_methods=SSL_COMP_get_compression_methods();
return(ret);
err:
***************
*** 1021,1026 ****
--- 1095,1102 ----
sk_pop_free(a->client_CA,X509_NAME_free);
if (a->extra_certs != NULL)
sk_pop_free(a->extra_certs,X509_free);
+ if (a->comp_methods != NULL)
+ sk_pop_free(a->comp_methods,free);
Free((char *)a);
}
***************
*** 1045,1051 ****
int mode;
int (*cb)();
{
! ctx->default_verify_mode=mode;
ctx->default_verify_callback=cb;
/* This needs cleaning up EAY EAY EAY */
X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
--- 1121,1127 ----
int mode;
int (*cb)();
{
! ctx->verify_mode=mode;
ctx->default_verify_callback=cb;
/* This needs cleaning up EAY EAY EAY */
X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
***************
*** 1242,1249 ****
((i & mode) == mode))
{
if ( (((mode & SSL_SESS_CACHE_CLIENT)
! ?s->ctx->sess_connect_good
! :s->ctx->sess_accept_good) & 0xff) == 0xff)
{
SSL_CTX_flush_sessions(s->ctx,time(NULL));
}
--- 1318,1325 ----
((i & mode) == mode))
{
if ( (((mode & SSL_SESS_CACHE_CLIENT)
! ?s->ctx->stats.sess_connect_good
! :s->ctx->stats.sess_accept_good) & 0xff) == 0xff)
{
SSL_CTX_flush_sessions(s->ctx,time(NULL));
}
***************
*** 1290,1301 ****
int i;
{
int reason;
BIO *bio;
if (i > 0) return(SSL_ERROR_NONE);
! if (ERR_peek_error() != 0)
! return(SSL_ERROR_SSL);
if ((i < 0) && SSL_want_read(s))
{
--- 1366,1385 ----
int i;
{
int reason;
+ unsigned long l;
BIO *bio;
if (i > 0) return(SSL_ERROR_NONE);
! /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
! * etc, where we do encode the error */
! if ((l=ERR_peek_error()) != 0)
! {
! if (ERR_GET_LIB(l) == ERR_LIB_SYS)
! return(SSL_ERROR_SYSCALL);
! else
! return(SSL_ERROR_SSL);
! }
if ((i < 0) && SSL_want_read(s))
{
***************
*** 1377,1382 ****
--- 1461,1467 ----
void SSL_set_accept_state(s)
SSL *s;
{
+ s->server=1;
s->shutdown=0;
s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
s->handshake_func=s->method->ssl_accept;
***************
*** 1387,1392 ****
--- 1472,1478 ----
void SSL_set_connect_state(s)
SSL *s;
{
+ s->server=0;
s->shutdown=0;
s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
s->handshake_func=s->method->ssl_connect;
***************
*** 1494,1499 ****
--- 1580,1586 ----
ret->shutdown=s->shutdown;
ret->state=s->state;
ret->handshake_func=s->handshake_func;
+ ret->server=s->server;
if (0)
{
***************
*** 1519,1524 ****
--- 1606,1621 ----
Free(s->enc_write_ctx);
s->enc_write_ctx=NULL;
}
+ if (s->expand != NULL)
+ {
+ COMP_CTX_free(s->expand);
+ s->expand=NULL;
+ }
+ if (s->compress != NULL)
+ {
+ COMP_CTX_free(s->compress);
+ s->compress=NULL;
+ }
}
/* Fix this function so that it takes an optional type parameter */
***************
*** 1586,1591 ****
--- 1683,1708 ----
}
return(1);
}
+
+ void ssl_free_wbio_buffer(s)
+ SSL *s;
+ {
+ BIO *under;
+
+ if (s->bbio == NULL) return;
+
+ if (s->bbio == s->wbio)
+ {
+ /* remove buffering */
+ under=BIO_pop(s->wbio);
+ if (under != NULL)
+ s->wbio=under;
+ else
+ abort(); /* ok */
+ }
+ BIO_free(s->bbio);
+ s->bbio=NULL;
+ }
void SSL_CTX_set_quiet_shutdown(ctx,mode)
SSL_CTX *ctx;
***************
*** 1744,1749 ****
--- 1861,1887 ----
SSL *s;
{
return(1);
+ }
+
+ X509_STORE *SSL_CTX_get_cert_store(ctx)
+ SSL_CTX *ctx;
+ {
+ return(ctx->cert_store);
+ }
+
+ void SSL_CTX_set_cert_store(ctx,store)
+ SSL_CTX *ctx;
+ X509_STORE *store;
+ {
+ if (ctx->cert_store != NULL)
+ X509_STORE_free(ctx->cert_store);
+ ctx->cert_store=store;
+ }
+
+ int SSL_want(s)
+ SSL *s;
+ {
+ return(s->rwstate);
}
void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,int export))
Index: ssl_locl.h
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_locl.h,v
retrieving revision 1.3
diff -c -r1.3 ssl_locl.h
*** ssl_locl.h 1999/01/16 17:56:00 1.3
--- ssl_locl.h 1999/01/31 12:15:19
***************
*** 348,354 ****
STACK *ssl_create_cipher_list(SSL_METHOD *meth,STACK **pref,
STACK **sorted,char *str);
void ssl_update_cache(SSL *s, int mode);
! int ssl_cipher_get_evp(SSL_CIPHER *c, EVP_CIPHER **enc, EVP_MD **md);
int ssl_verify_cert_chain(SSL *s,STACK *sk);
int ssl_undefined_function(SSL *s);
X509 *ssl_get_server_send_cert(SSL *);
--- 348,355 ----
STACK *ssl_create_cipher_list(SSL_METHOD *meth,STACK **pref,
STACK **sorted,char *str);
void ssl_update_cache(SSL *s, int mode);
! int ssl_cipher_get_evp(SSL_SESSION *s, EVP_CIPHER **enc, EVP_MD **md,
! SSL_COMP **comp);
int ssl_verify_cert_chain(SSL *s,STACK *sk);
int ssl_undefined_function(SSL *s);
X509 *ssl_get_server_send_cert(SSL *);
***************
*** 442,447 ****
--- 443,449 ----
SSL_METHOD *tlsv1_base_method(void );
int ssl_init_wbio_buffer(SSL *s, int push);
+ void ssl_free_wbio_buffer(SSL *s);
int tls1_change_cipher_state(SSL *s, int which);
int tls1_setup_key_block(SSL *s);
***************
*** 456,462 ****
--- 458,467 ----
int ssl3_alert_code(int code);
int ssl_ok(SSL *s);
+ SSL_COMP *ssl3_comp_find(STACK *sk, int n);
+ STACK *SSL_COMP_get_compression_methods(void);
+
#else
SSL_METHOD *ssl_bad_method();
***************
*** 562,571 ****
int ssl23_write_bytes();
int ssl_init_wbio_buffer();
- #endif
-
- #endif
int ssl3_cert_verify_mac();
int ssl3_alert_code();
int tls1_new();
--- 567,574 ----
int ssl23_write_bytes();
int ssl_init_wbio_buffer();
+ void ssl_free_wbio_buffer();
int ssl3_cert_verify_mac();
int ssl3_alert_code();
int tls1_new();
***************
*** 582,584 ****
--- 585,593 ----
int tls1_generate_master_secret();
int tls1_alert_code();
int ssl_ok();
+ SSL_COMP *ssl3_comp_find();
+ STACK *SSL_COMP_get_compression_methods();
+
+ #endif
+
+ #endif
Index: ssl_rsa.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_rsa.c,v
retrieving revision 1.1.1.3
diff -c -r1.1.1.3 ssl_rsa.c
*** ssl_rsa.c 1998/12/21 11:00:10 1.1.1.3
--- ssl_rsa.c 1999/01/31 12:15:20
***************
*** 152,161 ****
}
#endif
! int SSL_use_certificate_ASN1(ssl, len, d)
SSL *ssl;
- int len;
unsigned char *d;
{
X509 *x;
int ret;
--- 152,161 ----
}
#endif
! int SSL_use_certificate_ASN1(ssl, d,len)
SSL *ssl;
unsigned char *d;
+ int len;
{
X509 *x;
int ret;
Index: ssl_sess.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_sess.c,v
retrieving revision 1.2
diff -c -r1.2 ssl_sess.c
*** ssl_sess.c 1999/01/07 19:15:59 1.2
--- ssl_sess.c 1999/01/31 12:15:20
***************
*** 123,128 ****
--- 123,129 ----
ss->time=time(NULL);
ss->prev=NULL;
ss->next=NULL;
+ ss->compress_meth=0;
CRYPTO_new_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data);
return(ss);
}
***************
*** 136,143 ****
if ((ss=SSL_SESSION_new()) == NULL) return(0);
/* If the context has a default timeout, use it */
! if (s->ctx->session_timeout != 0)
ss->timeout=SSL_get_default_timeout(s);
if (s->session != NULL)
{
--- 137,146 ----
if ((ss=SSL_SESSION_new()) == NULL) return(0);
/* If the context has a default timeout, use it */
! if (s->ctx->session_timeout == 0)
ss->timeout=SSL_get_default_timeout(s);
+ else
+ ss->timeout=s->ctx->session_timeout;
if (s->session != NULL)
{
***************
*** 218,230 ****
{
int copy=1;
! s->ctx->sess_miss++;
ret=NULL;
if ((s->ctx->get_session_cb != NULL) &&
((ret=s->ctx->get_session_cb(s,session_id,len,©))
!= NULL))
{
! s->ctx->sess_cb_hit++;
/* The following should not return 1, otherwise,
* things are very strange */
--- 221,233 ----
{
int copy=1;
! s->ctx->stats.sess_miss++;
ret=NULL;
if ((s->ctx->get_session_cb != NULL) &&
((ret=s->ctx->get_session_cb(s,session_id,len,©))
!= NULL))
{
! s->ctx->stats.sess_cb_hit++;
/* The following should not return 1, otherwise,
* things are very strange */
***************
*** 260,273 ****
if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */
{
! s->ctx->sess_timeout++;
/* remove it from the cache */
SSL_CTX_remove_session(s->ctx,ret);
SSL_SESSION_free(ret); /* again to actually Free it */
return(0);
}
! s->ctx->sess_hit++;
/* ret->time=time(NULL); */ /* rezero timeout? */
/* again, just leave the session
--- 263,276 ----
if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */
{
! s->ctx->stats.sess_timeout++;
/* remove it from the cache */
SSL_CTX_remove_session(s->ctx,ret);
SSL_SESSION_free(ret); /* again to actually Free it */
return(0);
}
! s->ctx->stats.sess_hit++;
/* ret->time=time(NULL); */ /* rezero timeout? */
/* again, just leave the session
***************
*** 318,324 ****
ctx->session_cache_tail))
break;
else
! ctx->sess_cache_full++;
}
}
}
--- 321,327 ----
ctx->session_cache_tail))
break;
else
! ctx->stats.sess_cache_full++;
}
}
}
***************
*** 413,419 ****
{
if (!SSL_set_ssl_method(s,meth))
return(0);
! session->timeout=SSL_get_default_timeout(s);
}
/* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
--- 416,425 ----
{
if (!SSL_set_ssl_method(s,meth))
return(0);
! if (s->ctx->session_timeout == 0)
! session->timeout=SSL_get_default_timeout(s);
! else
! session->timeout=s->ctx->session_timeout;
}
/* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
***************
*** 431,436 ****
--- 437,450 ----
SSL_SESSION_free(s->session);
s->session=NULL;
}
+
+ meth=s->ctx->method;
+ if (meth != s->method)
+ {
+ if (!SSL_set_ssl_method(s,meth))
+ return(0);
+ }
+ ret=1;
}
return(ret);
}
***************
*** 467,472 ****
--- 481,504 ----
return(t);
}
+ long SSL_CTX_set_timeout(s,t)
+ SSL_CTX *s;
+ long t;
+ {
+ long l;
+ if (s == NULL) return(0);
+ l=s->session_timeout;
+ s->session_timeout=t;
+ return(l);
+ }
+
+ long SSL_CTX_get_timeout(s)
+ SSL_CTX *s;
+ {
+ if (s == NULL) return(0);
+ return(s->session_timeout);
+ }
+
typedef struct timeout_param_st
{
SSL_CTX *ctx;
***************
*** 499,505 ****
TIMEOUT_PARAM tp;
tp.ctx=s;
! tp.cache=SSL_CTX_sessions(s);
if (tp.cache == NULL) return;
tp.time=t;
CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
--- 531,537 ----
TIMEOUT_PARAM tp;
tp.ctx=s;
! tp.cache=s->sessions;
if (tp.cache == NULL) return;
tp.time=t;
CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
Index: ssl_txt.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_txt.c,v
retrieving revision 1.1.1.2
diff -c -r1.1.1.2 ssl_txt.c
*** ssl_txt.c 1998/12/21 10:55:52 1.1.1.2
--- ssl_txt.c 1999/01/31 12:15:20
***************
*** 133,138 ****
--- 133,155 ----
sprintf(str,"%02X",x->key_arg[i]);
if (BIO_puts(bp,str) <= 0) goto err;
}
+ if (x->compress_meth != 0)
+ {
+ SSL_COMP *comp;
+
+ ssl_cipher_get_evp(x,NULL,NULL,&comp);
+ if (comp == NULL)
+ {
+ sprintf(str,"\n Compression: %d",x->compress_meth);
+ if (BIO_puts(bp,str) <= 0) goto err;
+ }
+ else
+ {
+ sprintf(str,"\n Compression: %d (%s)",
+ comp->id,comp->method->name);
+ if (BIO_puts(bp,str) <= 0) goto err;
+ }
+ }
if (x->time != 0L)
{
sprintf(str,"\n Start Time: %ld",x->time);
Index: ssltest.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssltest.c,v
retrieving revision 1.1.1.3
diff -c -r1.1.1.3 ssltest.c
*** ssltest.c 1998/12/21 11:00:10 1.1.1.3
--- ssltest.c 1999/01/31 12:15:21
***************
*** 243,249 ****
/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
! SSLeay_add_ssl_algorithms();
SSL_load_error_strings();
#if !defined(NO_SSL2) && !defined(NO_SSL3)
--- 243,249 ----
/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
! SSL_library_init();
SSL_load_error_strings();
#if !defined(NO_SSL2) && !defined(NO_SSL3)
Index: t1_enc.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/t1_enc.c,v
retrieving revision 1.1.1.2
diff -c -r1.1.1.2 t1_enc.c
*** t1_enc.c 1998/12/21 11:00:09 1.1.1.2
--- t1_enc.c 1999/01/31 12:15:21
***************
*** 57,62 ****
--- 57,63 ----
*/
#include <stdio.h>
+ #include "comp.h"
#include "evp.h"
#include "hmac.h"
#include "ssl_locl.h"
***************
*** 175,181 ****
int client_write;
EVP_CIPHER_CTX *dd;
EVP_CIPHER *c;
! COMP_METHOD *comp;
EVP_MD *m;
int exp,n,i,j,k,exp_label_len;
--- 176,182 ----
int client_write;
EVP_CIPHER_CTX *dd;
EVP_CIPHER *c;
! SSL_COMP *comp;
EVP_MD *m;
int exp,n,i,j,k,exp_label_len;
***************
*** 200,214 ****
}
if (comp != NULL)
{
! s->expand=COMP_CTX_new(comp);
if (s->expand == NULL)
{
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err2;
}
- s->s3->rrec.comp=(unsigned char *)
- Malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
if (s->s3->rrec.comp == NULL)
goto err;
}
memset(&(s->s3->read_sequence[0]),0,8);
--- 201,216 ----
}
if (comp != NULL)
{
! s->expand=COMP_CTX_new(comp->method);
if (s->expand == NULL)
{
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err2;
}
if (s->s3->rrec.comp == NULL)
+ s->s3->rrec.comp=(unsigned char *)
+ Malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
+ if (s->s3->rrec.comp == NULL)
goto err;
}
memset(&(s->s3->read_sequence[0]),0,8);
***************
*** 229,235 ****
}
if (comp != NULL)
{
! s->compress=COMP_CTX_new(comp);
if (s->compress == NULL)
{
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
--- 231,237 ----
}
if (comp != NULL)
{
! s->compress=COMP_CTX_new(comp->method);
if (s->compress == NULL)
{
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
***************
*** 344,354 ****
EVP_CIPHER *c;
EVP_MD *hash;
int num,exp;
if (s->s3->tmp.key_block_length != 0)
return(1);
! if (!ssl_cipher_get_evp(s->session->cipher,&c,&hash))
{
SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
return(0);
--- 346,357 ----
EVP_CIPHER *c;
EVP_MD *hash;
int num,exp;
+ SSL_COMP *comp;
if (s->s3->tmp.key_block_length != 0)
return(1);
! if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
{
SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
return(0);
***************
*** 502,508 ****
unsigned int ret;
EVP_MD_CTX ctx;
! memcpy(&ctx,in_ctx,sizeof(EVP_MD_CTX));
EVP_DigestFinal(&ctx,out,&ret);
return((int)ret);
}
--- 505,511 ----
unsigned int ret;
EVP_MD_CTX ctx;
! EVP_MD_CTX_copy(&ctx,in_ctx);
EVP_DigestFinal(&ctx,out,&ret);
return((int)ret);
}
***************
*** 523,532 ****
memcpy(q,str,slen);
q+=slen;
! memcpy(&ctx,in1_ctx,sizeof(EVP_MD_CTX));
EVP_DigestFinal(&ctx,q,&i);
q+=i;
! memcpy(&ctx,in2_ctx,sizeof(EVP_MD_CTX));
EVP_DigestFinal(&ctx,q,&i);
q+=i;
--- 526,535 ----
memcpy(q,str,slen);
q+=slen;
! EVP_MD_CTX_copy(&ctx,in1_ctx);
EVP_DigestFinal(&ctx,q,&i);
q+=i;
! EVP_MD_CTX_copy(&ctx,in2_ctx);
EVP_DigestFinal(&ctx,q,&i);
q+=i;
