generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Import of old SSLeay release: SSLeay 0.9.1b (unreleased)

Browse Source
This commit is contained in:
Ralf S. Engelschall
1998-12-21 11:00:56 +00:00
parent 58964a4922
commit dfeab0689f
501 changed files with 43472 additions and 4057 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
ssl/KEYS Normal file
View File

@@ -0,0 +1,28 @@
EVP_PKEY_DSA
EVP_PKEY_DSA2
EVP_PKEY_DSA3
EVP_PKEY_DSA4
EVP_PKEY_RSA
EVP_PKEY_RSA2
valid DSA pkey types
NID_dsa
NID_dsaWithSHA
NID_dsaWithSHA1
NID_dsaWithSHA1_2
valid RSA pkey types
NID_rsaEncryption
NID_rsa
NID_dsaWithSHA NID_dsaWithSHA DSA SHA
NID_dsa NID_dsaWithSHA1 DSA SHA1
NID_md2 NID_md2WithRSAEncryption RSA-pkcs1 MD2
NID_md5 NID_md5WithRSAEncryption RSA-pkcs1 MD5
NID_mdc2 NID_mdc2WithRSA RSA-none MDC2
NID_ripemd160 NID_ripemd160WithRSA RSA-pkcs1 RIPEMD160
NID_sha NID_shaWithRSAEncryption RSA-pkcs1 SHA
NID_sha1 NID_sha1WithRSAEncryption RSA-pkcs1 SHA1
:w

52
ssl/f
View File

@@ -1,40 +1,12 @@
/* return the actual cipher being used */
char *SSL_CIPHER_get_name(c)
SSL_CIPHER *c;
{
if (c != NULL)
return(c->name);
return("UNKNOWN");
}
/* number of bits for symetric cipher */
int SSL_CIPHER_get_bits(c,alg_bits)
SSL_CIPHER *c;
int *alg_bits;
{
int ret=0,a=0;
EVP_CIPHER *enc;
if (c != NULL)
{
if (!ssl_cipher_get_evp(c,&enc,NULL))
return(0);
a=EVP_CIPHER_key_length(enc)*8;
if (s->session->cipher->algorithms & SSL_EXP)
{
if (c->algorithm2 & SSL2_CF_8_BYTE_ENC)
ret=64;
else
ret=40;
}
else
ret=a;
}
if (alg_bits != NULL) *alg_bits=a;
return(ret);
}
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_DECRYPTION_FAILED);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_RECORD_OVERFLOW
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_UNKNOWN_CA);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_ACCESS_DENIED);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_DECODE_ERROR);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_DECRYPT_ERROR);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_EXPORT_RESTRICION);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_PROTOCOL_VERSION);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_INTERNAL_ERROR);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_USER_CANCLED);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_NO_RENEGOTIATION);

0
ssl/f.mak Normal file
View File

4
ssl/s23_clnt.c
View File

@@ -179,7 +179,7 @@ SSL *s;
ret=ssl23_get_server_hello(s);
if (ret >= 0) cb=NULL;
goto end;
break;
/* break; */
default:
SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE);
@@ -443,7 +443,7 @@ SSL *s;
}
s->rwstate=SSL_NOTHING;
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,1000+p[6]);
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
goto err;
}
else

3
ssl/s23_lib.c
View File

@@ -78,7 +78,7 @@ static int ssl23_put_cipher_by_char();
static SSL_CIPHER *ssl23_get_cipher_by_char();
#endif
char *SSL23_version_str="SSLv2/3 compatablity part of SSLeay 0.7.0 30-Jan-1997";
char *SSL23_version_str="SSLv2/3 compatablity part of SSLeay 0.9.1a 06-Jul-1998";
static SSL_METHOD SSLv23_data= {
TLS1_VERSION,
@@ -92,6 +92,7 @@ static SSL_METHOD SSLv23_data= {
ssl23_write,
ssl_undefined_function,
ssl_undefined_function,
ssl_ok,
ssl3_ctrl,
ssl3_ctx_ctrl,
ssl23_get_cipher_by_char,

20
ssl/s23_srvr.c
View File

@@ -166,7 +166,7 @@ SSL *s;
ret=ssl23_get_client_hello(s);
if (ret >= 0) cb=NULL;
goto end;
break;
/* break; */
default:
SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE);
@@ -237,9 +237,15 @@ SSL *s;
{
s->state=SSL23_ST_SR_CLNT_HELLO_B;
}
else if (!(s->options & SSL_OP_NO_SSLv2))
{
type=1;
}
}
else if (!(s->options & SSL_OP_NO_SSLv3))
s->state=SSL23_ST_SR_CLNT_HELLO_B;
else if (!(s->options & SSL_OP_NO_SSLv2))
type=1;
if (s->options & SSL_OP_NON_EXPORT_FIRST)
{
@@ -313,15 +319,15 @@ SSL *s;
else if (!(s->options & SSL_OP_NO_SSLv3))
type=3;
}
else if ((strncmp("GET ", p,4) == 0) ||
(strncmp("POST ",p,5) == 0) ||
(strncmp("HEAD ",p,5) == 0) ||
(strncmp("PUT ", p,4) == 0))
else if ((strncmp("GET ", (char *)p,4) == 0) ||
(strncmp("POST ",(char *)p,5) == 0) ||
(strncmp("HEAD ",(char *)p,5) == 0) ||
(strncmp("PUT ", (char *)p,4) == 0))
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST);
goto err;
}
else if (strncmp("CONNECT",p,7) == 0)
else if (strncmp("CONNECT",(char *)p,7) == 0)
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST);
goto err;
@@ -387,7 +393,7 @@ next_bit:
}
s2n(j,dd);
/* compression */
/* COMPRESSION */
*(d++)=1;
*(d++)=0;

7
ssl/s2_clnt.c
View File

@@ -268,7 +268,7 @@ SSL *s;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
goto end;
break;
/* break; */
default:
SSLerr(SSL_F_SSL2_CONNECT,SSL_R_UNKNOWN_STATE);
return(-1);
@@ -587,6 +587,11 @@ SSL *s;
SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PUBLIC_KEY_ENCRYPT_ERROR);
return(-1);
}
#ifdef PKCS1_CHECK
if (s->options & SSL_OP_PKCS1_CHECK_1) d[1]++;
if (s->options & SSL_OP_PKCS1_CHECK_2)
sess->master_key[clear]++;
#endif
s2n(enc,p);
d+=enc;
karg=sess->key_arg_length;

13
ssl/s2_lib.c
View File

@@ -62,14 +62,12 @@
#include "ssl_locl.h"
#ifndef NOPROTO
static int ssl2_ok(SSL *s);
static long ssl2_default_timeout(void );
#else
static int ssl2_ok();
static long ssl2_default_timeout();
#endif
char *ssl2_version_str="SSLv2 part of SSLeay 0.9.0b 29-Jun-1998";
char *ssl2_version_str="SSLv2 part of SSLeay 0.9.1a 06-Jul-1998";
#define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
@@ -184,7 +182,8 @@ static SSL_METHOD SSLv2_data= {
ssl2_peek,
ssl2_write,
ssl2_shutdown,
ssl2_ok,
ssl_ok, /* NULL - renegotiate */
ssl_ok, /* NULL - check renegotiate */
ssl2_ctrl, /* local */
ssl2_ctx_ctrl, /* local */
ssl2_get_cipher_by_char,
@@ -429,12 +428,6 @@ SSL *s;
s->error=0; */
}
static int ssl2_ok(s)
SSL *s;
{
return(1);
}
int ssl2_shutdown(s)
SSL *s;
{

24
ssl/s3_both.c
View File

@@ -92,6 +92,13 @@ int slen;
p+=i;
l=i;
#ifdef WIN16
/* MSVC 1.5 does not clear the top bytes of the word unless
* I do this.
*/
l&=0xffff;
#endif
*(d++)=SSL3_MT_FINISHED;
l2n3(l,d);
s->init_num=(int)l+4;
@@ -236,6 +243,23 @@ X509 *x;
X509_STORE_CTX_cleanup(&xs_ctx);
}
/* Thwate special :-) */
if (s->ctx->extra_certs != NULL)
for (i=0; i<sk_num(s->ctx->extra_certs); i++)
{
x=(X509 *)sk_value(s->ctx->extra_certs,i);
n=i2d_X509(x,NULL);
if (!BUF_MEM_grow(buf,(int)(n+l+3)))
{
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
}
p=(unsigned char *)&(buf->data[l]);
l2n3(n,p);
i2d_X509(x,&p);
l+=n+3;
}
l-=7;
p=(unsigned char *)&(buf->data[4]);
l2n3(l,p);

39
ssl/s3_clnt.c
View File

@@ -430,7 +430,7 @@ SSL *s;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
goto end;
break;
/* break; */
default:
SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE);
@@ -478,7 +478,8 @@ SSL *s;
if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
{
if ((s->session == NULL) ||
(s->session->ssl_version != s->version))
(s->session->ssl_version != s->version) ||
(s->session->not_resumable))
{
if (!ssl_get_new_session(s,0))
goto err;
@@ -488,7 +489,7 @@ SSL *s;
p=s->s3->client_random;
Time=time(NULL); /* Time */
l2n(Time,p);
RAND_bytes(&(p[4]),SSL3_RANDOM_SIZE-sizeof(Time));
RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
/* Do the message type and length last */
d=p= &(buf[4]);
@@ -523,6 +524,7 @@ SSL *s;
p+=i;
/* hardwire in the NULL compression algorithm. */
/* COMPRESSION */
*(p++)=1;
*(p++)=0;
@@ -643,6 +645,7 @@ SSL *s;
s->s3->tmp.new_cipher=c;
/* lets get the compression algorithm */
/* COMPRESSION */
j= *(p++);
if (j != 0)
{
@@ -771,7 +774,7 @@ SSL *s;
pkey=X509_get_pubkey(x);
if (EVP_PKEY_missing_parameters(pkey))
if ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))
{
x=NULL;
al=SSL3_AL_FATAL;
@@ -998,6 +1001,13 @@ SSL *s;
goto f_err;
}
#endif
if (alg & SSL_aFZA)
{
al=SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
goto f_err;
}
/* p points to the next byte, there are 'n' bytes left */
@@ -1014,7 +1024,7 @@ SSL *s;
/* wrong packet length */
al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH);
goto err;
goto f_err;
}
#ifndef NO_RSA
@@ -1167,6 +1177,15 @@ SSL *s;
/* get the CA RDNs */
n2s(p,llen);
#if 0
{
FILE *out;
out=fopen("/tmp/vsign.der","w");
fwrite(p,1,llen,out);
fclose(out);
}
#endif
if ((llen+ctype_num+2+1) != n)
{
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
@@ -1286,7 +1305,7 @@ SSL *s;
if (l & SSL_kRSA)
{
RSA *rsa;
unsigned char tmp_buf[48];
unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
if (s->session->cert->rsa_tmp != NULL)
rsa=s->session->cert->rsa_tmp;
@@ -1315,6 +1334,10 @@ SSL *s;
p+=2;
n=RSA_public_encrypt(SSL_MAX_MASTER_KEY_LENGTH,
tmp_buf,p,rsa,RSA_PKCS1_PADDING);
#ifdef PKCS1_CHECK
if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;
#endif
if (n <= 0)
{
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
@@ -1331,8 +1354,8 @@ SSL *s;
s->session->master_key_length=
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,
tmp_buf,48);
memset(tmp_buf,0,48);
tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH);
}
else
#endif

58
ssl/s3_enc.c
View File

@@ -136,7 +136,7 @@ int which;
unsigned char *ms,*key,*iv,*er1,*er2;
EVP_CIPHER_CTX *dd;
EVP_CIPHER *c;
SSL_COMPRESSION *comp;
COMP_METHOD *comp;
EVP_MD *m;
MD5_CTX md;
int exp,n,i,j,k;
@@ -155,7 +155,25 @@ int which;
goto err;
dd= s->enc_read_ctx;
s->read_hash=m;
s->read_compression=comp;
/* COMPRESS */
if (s->expand != NULL)
{
COMP_CTX_free(s->expand);
s->expand=NULL;
}
if (comp != NULL)
{
s->expand=COMP_CTX_new(comp);
if (s->expand == NULL)
{
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err2;
}
s->s3->rrec.comp=(unsigned char *)
Malloc(SSL3_RT_MAX_PLAIN_LENGTH);
if (s->s3->rrec.comp == NULL)
goto err;
}
memset(&(s->s3->read_sequence[0]),0,8);
mac_secret= &(s->s3->read_mac_secret[0]);
}
@@ -167,7 +185,21 @@ int which;
goto err;
dd= s->enc_write_ctx;
s->write_hash=m;
s->write_compression=comp;
/* COMPRESS */
if (s->compress != NULL)
{
COMP_CTX_free(s->compress);
s->compress=NULL;
}
if (comp != NULL)
{
s->compress=COMP_CTX_new(comp);
if (s->compress == NULL)
{
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err2;
}
}
memset(&(s->s3->write_sequence[0]),0,8);
mac_secret= &(s->s3->write_mac_secret[0]);
}
@@ -258,6 +290,11 @@ SSL *s;
s->s3->tmp.new_sym_enc=c;
s->s3->tmp.new_hash=hash;
#ifdef ZLIB
s->s3->tmp.new_compression=COMP_zlib();
#endif
/* s->s3->tmp.new_compression=COMP_rle(); */
/* s->session->compress_meth= xxxxx */
exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
@@ -302,35 +339,28 @@ int send;
unsigned long l;
int bs,i;
EVP_CIPHER *enc;
SSL_COMPRESSION *comp;
if (send)
{
ds=s->enc_write_ctx;
rec= &(s->s3->wrec);
if (s->enc_write_ctx == NULL)
{ enc=NULL; comp=NULL; }
enc=NULL;
else
{
enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
comp=s->write_compression;
}
}
else
{
ds=s->enc_read_ctx;
rec= &(s->s3->rrec);
if (s->enc_read_ctx == NULL)
{ enc=NULL; comp=NULL; }
enc=NULL;
else
{
enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
comp=s->read_compression;
}
}
if ((s->session == NULL) || (ds == NULL) ||
((enc == NULL) && (comp == NULL)))
(enc == NULL))
{
memcpy(rec->data,rec->input,rec->length);
rec->input=rec->data;
@@ -340,6 +370,8 @@ int send;
l=rec->length;
bs=EVP_CIPHER_block_size(ds->cipher);
/* COMPRESS */
/* This should be using (bs-1) and bs instead of 7 and 8 */
if ((bs != 1) && send)
{

54
ssl/s3_lib.c
View File

@@ -60,7 +60,7 @@
#include "objects.h"
#include "ssl_locl.h"
char *ssl3_version_str="SSLv3 part of SSLeay 0.9.0b 29-Jun-1998";
char *ssl3_version_str="SSLv3 part of SSLeay 0.9.1a 06-Jul-1998";
#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
@@ -384,6 +384,7 @@ static SSL_METHOD SSLv3_data= {
ssl3_write,
ssl3_shutdown,
ssl3_renegotiate,
ssl3_renegotiate_check,
ssl3_ctrl,
ssl3_ctx_ctrl,
ssl3_get_cipher_by_char,
@@ -460,6 +461,8 @@ SSL *s;
Free(s->s3->rbuf.buf);
if (s->s3->wbuf.buf != NULL)
Free(s->s3->wbuf.buf);
if (s->s3->rrec.comp != NULL)
Free(s->s3->rrec.comp);
#ifndef NO_DH
if (s->s3->tmp.dh != NULL)
DH_free(s->s3->tmp.dh);
@@ -486,6 +489,13 @@ SSL *s;
memset(s->s3,0,sizeof(SSL3_CTX));
if (rp != NULL) s->s3->rbuf.buf=rp;
if (wp != NULL) s->s3->wbuf.buf=wp;
if (s->s3->rrec.comp != NULL)
{
Free(s->s3->rrec.comp);
s->s3->rrec.comp=NULL;
}
s->packet_length=0;
s->s3->renegotiate=0;
s->s3->total_renegotiations=0;
@@ -519,6 +529,9 @@ char *parg;
case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
ret=s->s3->total_renegotiations;
break;
case SSL_CTRL_GET_FLAGS:
ret=s->s3->flags;
break;
default:
break;
}
@@ -546,7 +559,7 @@ char *parg;
return(1);
else
return(0);
break;
/* break; */
case SSL_CTRL_SET_TMP_RSA:
{
RSA *rsa;
@@ -574,7 +587,7 @@ char *parg;
return(1);
}
}
break;
/* break; */
case SSL_CTRL_SET_TMP_RSA_CB:
cert->rsa_tmp_cb=(RSA *(*)())parg;
break;
@@ -583,6 +596,7 @@ char *parg;
case SSL_CTRL_SET_TMP_DH:
{
DH *new=NULL,*dh;
int rret=0;
dh=(DH *)parg;
if ( ((new=DHparams_dup(dh)) == NULL) ||
@@ -590,21 +604,31 @@ char *parg;
{
SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
if (new != NULL) DH_free(new);
return(0);
}
else
{
if (cert->dh_tmp != NULL)
DH_free(cert->dh_tmp);
cert->dh_tmp=new;
return(1);
rret=1;
}
return(rret);
}
break;
/*break; */
case SSL_CTRL_SET_TMP_DH_CB:
cert->dh_tmp_cb=(DH *(*)())parg;
break;
#endif
/* A Thwate special :-) */
case SSL_CTRL_EXTRA_CHAIN_CERT:
if (ctx->extra_certs == NULL)
{
if ((ctx->extra_certs=sk_new_null()) == NULL)
return(0);
}
sk_push(ctx->extra_certs,(char *)parg);
break;
default:
return(0);
}
@@ -743,28 +767,30 @@ unsigned char *p;
#ifndef NO_DH
if (alg & (SSL_kDHr|SSL_kEDH))
{
#ifndef NO_RSA
# ifndef NO_RSA
p[ret++]=SSL3_CT_RSA_FIXED_DH;
#endif
#ifndef NO_DSA
# endif
# ifndef NO_DSA
p[ret++]=SSL3_CT_DSS_FIXED_DH;
#endif
# endif
}
if ((s->version == SSL3_VERSION) &&
(alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
{
#ifndef NO_RSA
# ifndef NO_RSA
p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
#endif
#ifndef NO_DSA
# endif
# ifndef NO_DSA
p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
#endif
# endif
}
#endif /* !NO_DH */
#ifndef NO_RSA
p[ret++]=SSL3_CT_RSA_SIGN;
#endif
#ifndef NO_DSA
p[ret++]=SSL3_CT_DSS_SIGN;
#endif
return(ret);
}

48
ssl/s3_pkt.c
View File

@@ -79,6 +79,18 @@
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_DECRYPTION_FAILED);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_RECORD_OVERFLOW);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_UNKNOWN_CA);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_ACCESS_DENIED);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_DECODE_ERROR);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_DECRYPT_ERROR);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_EXPORT_RESTRICION);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_PROTOCOL_VERSION);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_INTERNAL_ERROR);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_USER_CANCLED);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_NO_RENEGOTIATION);
*/
#ifndef NOPROTO
@@ -213,7 +225,6 @@ int extend;
static int ssl3_get_record(s)
SSL *s;
{
char tmp_buf[512];
int ssl_major,ssl_minor,al;
int n,i,ret= -1;
SSL3_BUFFER *rb;
@@ -331,7 +342,6 @@ again:
/* decrypt in place in 'rr->input' */
rr->data=rr->input;
memcpy(tmp_buf,rr->input,(rr->length > 512)?512:rr->length);
if (!s->method->ssl3_enc->enc(s,0))
{
@@ -340,7 +350,7 @@ again:
}
#ifdef TLS_DEBUG
printf("dec %d\n",rr->length);
{ int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
printf("\n");
#endif
/* r->length is now the compressed data plus mac */
@@ -378,7 +388,7 @@ printf("\n");
}
/* r->length is now just compressed */
if ((sess != NULL) && (sess->read_compression != NULL))
if (s->expand != NULL)
{
if (rr->length >
(unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
@@ -427,12 +437,37 @@ err:
static int do_uncompress(ssl)
SSL *ssl;
{
int i;
SSL3_RECORD *rr;
rr= &(ssl->s3->rrec);
i=COMP_expand_block(ssl->expand,rr->comp,
SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length);
if (i < 0)
return(0);
else
rr->length=i;
rr->data=rr->comp;
return(1);
}
static int do_compress(ssl)
SSL *ssl;
{
int i;
SSL3_RECORD *wr;
wr= &(ssl->s3->wrec);
i=COMP_compress_block(ssl->compress,wr->data,
SSL3_RT_MAX_COMPRESSED_LENGTH,
wr->input,(int)wr->length);
if (i < 0)
return(0);
else
wr->length=i;
wr->input=wr->data;
return(1);
}
@@ -552,7 +587,7 @@ unsigned int len;
* wr->data */
/* first we compress */
if ((sess != NULL) && (sess->write_compression != NULL))
if (s->compress != NULL)
{
if (!do_compress(s))
{
@@ -786,7 +821,8 @@ start:
s->rwstate=SSL_NOTHING;
s->s3->fatal_alert=n;
SSLerr(SSL_F_SSL3_READ_BYTES,1000+n);
SSLerr(SSL_F_SSL3_READ_BYTES,
SSL_AD_REASON_OFFSET+n);
sprintf(tmp,"%d",n);
ERR_add_error_data(2,"SSL alert number ",tmp);
s->shutdown|=SSL_RECEIVED_SHUTDOWN;

2
ssl/s3_srvr.c
View File

@@ -1259,7 +1259,7 @@ SSL *s;
i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
#if 1
/* If a bad decrypt, use a dud master key */
/* If a bad decrypt, use a random master key */
if ((i != SSL_MAX_MASTER_KEY_LENGTH) ||
((p[0] != (s->version>>8)) ||
(p[1] != (s->version & 0xff))))

272
ssl/ssl.err
View File

@@ -105,11 +105,12 @@
#define SSL_F_SSL_USE_RSAPRIVATEKEY 201
#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 202
#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 203
#define SSL_F_SSL_WRITE 204
#define SSL_F_TLS1_CHANGE_CIPHER_STATE 205
#define SSL_F_TLS1_ENC 206
#define SSL_F_TLS1_SETUP_KEY_BLOCK 207
#define SSL_F_WRITE_PENDING 208
#define SSL_F_SSL_VERIFY_CERT_CHAIN 204
#define SSL_F_SSL_WRITE 205
#define SSL_F_TLS1_CHANGE_CIPHER_STATE 206
#define SSL_F_TLS1_ENC 207
#define SSL_F_TLS1_SETUP_KEY_BLOCK 208
#define SSL_F_WRITE_PENDING 209
/* Reason codes. */
#define SSL_R_APP_DATA_IN_HANDSHAKE 100
@@ -154,83 +155,85 @@
#define SSL_R_CIPHER_TABLE_SRC_ERROR 139
#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140
#define SSL_R_COMPRESSION_FAILURE 141
#define SSL_R_CONNECTION_ID_IS_DIFFERENT 142
#define SSL_R_CONNECTION_TYPE_NOT_SET 143
#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 144
#define SSL_R_DATA_LENGTH_TOO_LONG 145
#define SSL_R_DECRYPTION_FAILED 146
#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 147
#define SSL_R_DIGEST_CHECK_FAILED 148
#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 149
#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 150
#define SSL_R_EXCESSIVE_MESSAGE_SIZE 151
#define SSL_R_EXTRA_DATA_IN_MESSAGE 152
#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 153
#define SSL_R_HTTPS_PROXY_REQUEST 154
#define SSL_R_HTTP_REQUEST 155
#define SSL_R_INTERNAL_ERROR 156
#define SSL_R_INVALID_CHALLENGE_LENGTH 157
#define SSL_R_LENGTH_MISMATCH 158
#define SSL_R_LENGTH_TOO_SHORT 159
#define SSL_R_LIBRARY_HAS_NO_CIPHERS 160
#define SSL_R_MISSING_DH_DSA_CERT 161
#define SSL_R_MISSING_DH_KEY 162
#define SSL_R_MISSING_DH_RSA_CERT 163
#define SSL_R_MISSING_DSA_SIGNING_CERT 164
#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 165
#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 166
#define SSL_R_MISSING_RSA_CERTIFICATE 167
#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 168
#define SSL_R_MISSING_RSA_SIGNING_CERT 169
#define SSL_R_MISSING_TMP_DH_KEY 170
#define SSL_R_MISSING_TMP_RSA_KEY 171
#define SSL_R_MISSING_TMP_RSA_PKEY 172
#define SSL_R_MISSING_VERIFY_MESSAGE 173
#define SSL_R_NON_SSLV2_INITIAL_PACKET 174
#define SSL_R_NO_CERTIFICATES_RETURNED 175
#define SSL_R_NO_CERTIFICATE_ASSIGNED 176
#define SSL_R_NO_CERTIFICATE_RETURNED 177
#define SSL_R_NO_CERTIFICATE_SET 178
#define SSL_R_NO_CERTIFICATE_SPECIFIED 179
#define SSL_R_NO_CIPHERS_AVAILABLE 180
#define SSL_R_NO_CIPHERS_PASSED 181
#define SSL_R_NO_CIPHERS_SPECIFIED 182
#define SSL_R_NO_CIPHER_LIST 183
#define SSL_R_NO_CIPHER_MATCH 184
#define SSL_R_NO_CLIENT_CERT_RECEIVED 185
#define SSL_R_NO_COMPRESSION_SPECIFIED 186
#define SSL_R_NO_PRIVATEKEY 187
#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 188
#define SSL_R_NO_PROTOCOLS_AVAILABLE 189
#define SSL_R_NO_PUBLICKEY 190
#define SSL_R_NO_SHARED_CIPHER 191
#define SSL_R_NULL_SSL_CTX 192
#define SSL_R_NULL_SSL_METHOD_PASSED 193
#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 194
#define SSL_R_PACKET_LENGTH_TOO_LONG 195
#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 196
#define SSL_R_PEER_ERROR 197
#define SSL_R_PEER_ERROR_CERTIFICATE 198
#define SSL_R_PEER_ERROR_NO_CERTIFICATE 199
#define SSL_R_PEER_ERROR_NO_CIPHER 200
#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 201
#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 202
#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 203
#define SSL_R_PROTOCOL_IS_SHUTDOWN 204
#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 205
#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 206
#define SSL_R_PUBLIC_KEY_NOT_RSA 207
#define SSL_R_READ_BIO_NOT_SET 208
#define SSL_R_READ_WRONG_PACKET_TYPE 209
#define SSL_R_RECORD_LENGTH_MISMATCH 210
#define SSL_R_RECORD_TOO_LARGE 211
#define SSL_R_REQUIRED_CIPHER_MISSING 212
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 213
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 214
#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 215
#define SSL_R_SHORT_READ 216
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 217
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 218
#define SSL_R_COMPRESSION_LIBRARY_ERROR 142
#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143
#define SSL_R_CONNECTION_TYPE_NOT_SET 144
#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
#define SSL_R_DATA_LENGTH_TOO_LONG 146
#define SSL_R_DECRYPTION_FAILED 147
#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
#define SSL_R_DIGEST_CHECK_FAILED 149
#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
#define SSL_R_HTTPS_PROXY_REQUEST 155
#define SSL_R_HTTP_REQUEST 156
#define SSL_R_INTERNAL_ERROR 157
#define SSL_R_INVALID_CHALLENGE_LENGTH 158
#define SSL_R_LENGTH_MISMATCH 159
#define SSL_R_LENGTH_TOO_SHORT 160
#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
#define SSL_R_MISSING_DH_DSA_CERT 162
#define SSL_R_MISSING_DH_KEY 163
#define SSL_R_MISSING_DH_RSA_CERT 164
#define SSL_R_MISSING_DSA_SIGNING_CERT 165
#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166
#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167
#define SSL_R_MISSING_RSA_CERTIFICATE 168
#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
#define SSL_R_MISSING_RSA_SIGNING_CERT 170
#define SSL_R_MISSING_TMP_DH_KEY 171
#define SSL_R_MISSING_TMP_RSA_KEY 172
#define SSL_R_MISSING_TMP_RSA_PKEY 173
#define SSL_R_MISSING_VERIFY_MESSAGE 174
#define SSL_R_NON_SSLV2_INITIAL_PACKET 175
#define SSL_R_NO_CERTIFICATES_RETURNED 176
#define SSL_R_NO_CERTIFICATE_ASSIGNED 177
#define SSL_R_NO_CERTIFICATE_RETURNED 178
#define SSL_R_NO_CERTIFICATE_SET 179
#define SSL_R_NO_CERTIFICATE_SPECIFIED 180
#define SSL_R_NO_CIPHERS_AVAILABLE 181
#define SSL_R_NO_CIPHERS_PASSED 182
#define SSL_R_NO_CIPHERS_SPECIFIED 183
#define SSL_R_NO_CIPHER_LIST 184
#define SSL_R_NO_CIPHER_MATCH 185
#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
#define SSL_R_NO_COMPRESSION_SPECIFIED 187
#define SSL_R_NO_PRIVATEKEY 188
#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 189
#define SSL_R_NO_PROTOCOLS_AVAILABLE 190
#define SSL_R_NO_PUBLICKEY 191
#define SSL_R_NO_SHARED_CIPHER 192
#define SSL_R_NO_VERIFY_CALLBACK 193
#define SSL_R_NULL_SSL_CTX 194
#define SSL_R_NULL_SSL_METHOD_PASSED 195
#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 196
#define SSL_R_PACKET_LENGTH_TOO_LONG 197
#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 198
#define SSL_R_PEER_ERROR 199
#define SSL_R_PEER_ERROR_CERTIFICATE 200
#define SSL_R_PEER_ERROR_NO_CERTIFICATE 201
#define SSL_R_PEER_ERROR_NO_CIPHER 202
#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 203
#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 204
#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 205
#define SSL_R_PROTOCOL_IS_SHUTDOWN 206
#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 207
#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 208
#define SSL_R_PUBLIC_KEY_NOT_RSA 209
#define SSL_R_READ_BIO_NOT_SET 210
#define SSL_R_READ_WRONG_PACKET_TYPE 211
#define SSL_R_RECORD_LENGTH_MISMATCH 212
#define SSL_R_RECORD_TOO_LARGE 213
#define SSL_R_REQUIRED_CIPHER_MISSING 214
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 215
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 216
#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 217
#define SSL_R_SHORT_READ 218
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 219
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 220
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
@@ -240,51 +243,64 @@
#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 219
#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 220
#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 221
#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 222
#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 221
#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 222
#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 223
#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 224
#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 223
#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 225
#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 224
#define SSL_R_SSL_HANDSHAKE_FAILURE 225
#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 226
#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 227
#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 228
#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 229
#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 230
#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 231
#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 232
#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 233
#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 234
#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 235
#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 236
#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 237
#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 238
#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 239
#define SSL_R_UNEXPECTED_MESSAGE 240
#define SSL_R_UNEXPECTED_RECORD 241
#define SSL_R_UNKNOWN_ALERT_TYPE 242
#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 243
#define SSL_R_UNKNOWN_CIPHER_RETURNED 244
#define SSL_R_UNKNOWN_CIPHER_TYPE 245
#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 246
#define SSL_R_UNKNOWN_PKEY_TYPE 247
#define SSL_R_UNKNOWN_PROTOCOL 248
#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 249
#define SSL_R_UNKNOWN_SSL_VERSION 250
#define SSL_R_UNKNOWN_STATE 251
#define SSL_R_UNSUPPORTED_CIPHER 252
#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 253
#define SSL_R_UNSUPPORTED_PROTOCOL 254
#define SSL_R_UNSUPPORTED_SSL_VERSION 255
#define SSL_R_WRITE_BIO_NOT_SET 256
#define SSL_R_WRONG_CIPHER_RETURNED 257
#define SSL_R_WRONG_MESSAGE_TYPE 258
#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 259
#define SSL_R_WRONG_SIGNATURE_LENGTH 260
#define SSL_R_WRONG_SIGNATURE_SIZE 261
#define SSL_R_WRONG_SSL_VERSION 262
#define SSL_R_WRONG_VERSION_NUMBER 263
#define SSL_R_X509_LIB 264
#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 226
#define SSL_R_SSL_HANDSHAKE_FAILURE 227
#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 228
#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 229
#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICION 1060
#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
#define SSL_R_TLSV1_ALERT_USER_CANCLED 1090
#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 230
#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 231
#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 232
#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 233
#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 234
#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 235
#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 236
#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 237
#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 238
#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 239
#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 240
#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 241
#define SSL_R_UNEXPECTED_MESSAGE 242
#define SSL_R_UNEXPECTED_RECORD 243
#define SSL_R_UNKNOWN_ALERT_TYPE 244
#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 245
#define SSL_R_UNKNOWN_CIPHER_RETURNED 246
#define SSL_R_UNKNOWN_CIPHER_TYPE 247
#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 248
#define SSL_R_UNKNOWN_PKEY_TYPE 249
#define SSL_R_UNKNOWN_PROTOCOL 250
#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 251
#define SSL_R_UNKNOWN_SSL_VERSION 252
#define SSL_R_UNKNOWN_STATE 253
#define SSL_R_UNSUPPORTED_CIPHER 254
#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 255
#define SSL_R_UNSUPPORTED_PROTOCOL 256
#define SSL_R_UNSUPPORTED_SSL_VERSION 257
#define SSL_R_WRITE_BIO_NOT_SET 258
#define SSL_R_WRONG_CIPHER_RETURNED 259
#define SSL_R_WRONG_MESSAGE_TYPE 260
#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 261
#define SSL_R_WRONG_SIGNATURE_LENGTH 262
#define SSL_R_WRONG_SIGNATURE_SIZE 263
#define SSL_R_WRONG_SSL_VERSION 264
#define SSL_R_WRONG_VERSION_NUMBER 265
#define SSL_R_X509_LIB 266
#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 267

327
ssl/ssl.h
View File

@@ -124,6 +124,7 @@ extern "C" {
#define SSL_TXT_EXPORT "EXPORT"
#define SSL_TXT_SSLV2 "SSLv2"
#define SSL_TXT_SSLV3 "SSLv3"
#define SSL_TXT_TLSV1 "TLSv1"
#define SSL_TXT_ALL "ALL"
/* 'DEFAULT' at the start of the cipher list insert the following string
@@ -178,6 +179,7 @@ typedef struct ssl_method_st
int (*ssl_write)();
int (*ssl_shutdown)();
int (*ssl_renegotiate)();
int (*ssl_renegotiate_check)();
long (*ssl_ctrl)();
long (*ssl_ctx_ctrl)();
SSL_CIPHER *(*get_cipher_by_char)();
@@ -190,11 +192,6 @@ typedef struct ssl_method_st
struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
} SSL_METHOD;
typedef struct ssl_compression_st
{
char *stuff;
} SSL_COMPRESSION;
/* Lets make this into an ASN.1 type structure as follows
* SSL_SESSION_ID ::= SEQUENCE {
* version INTEGER, -- structure version number
@@ -206,6 +203,7 @@ typedef struct ssl_compression_st
* Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
* Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
* Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
* Compression [4] IMPLICIT ASN1_OBJECT -- compression OID XXXXX
* }
* Look in ssl/ssl_asn1.c for more details
* I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
@@ -237,8 +235,11 @@ typedef struct ssl_session_st
long timeout;
long time;
SSL_COMPRESSION *read_compression;
SSL_COMPRESSION *write_compression;
#ifdef HEADER_COMP_H
COMP_CTX *compress_meth;
#else
char *compress_meth;
#endif
SSL_CIPHER *cipher;
unsigned long cipher_id; /* when ASN.1 loaded, this
@@ -262,13 +263,17 @@ typedef struct ssl_session_st
#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L
#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
#define SSL_OP_TLS_D5_BUG 0x00000100L
#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
/* If set, only use tmp_dh parameters once */
#define SSL_OP_SINGLE_DH_USE 0x00100000L
/* Set to also use the tmp_rsa key when doing RSA operations. */
#define SSL_OP_EPHEMERAL_RSA 0x00200000L
/* The next flag deliberatly changes the ciphertest, this is a check
* for the PKCS#1 attack */
#define SSL_OP_PKCS1_CHECK_1 0x08000000L
#define SSL_OP_PKCS1_CHECK_2 0x10000000L
#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L
#define SSL_OP_NON_EXPORT_FIRST 0x40000000L
#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x80000000L
@@ -385,6 +390,8 @@ typedef struct ssl_ctx_st
EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */
STACK *extra_certs;
} SSL_CTX;
#define SSL_SESS_CACHE_OFF 0x0000
@@ -512,11 +519,19 @@ typedef struct ssl_st
EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
EVP_MD *read_hash; /* used for mac generation */
SSL_COMPRESSION *read_compression; /* compression */
#ifdef HEADER_COMP_H
COMP_CTX *expand; /* uncompress */
#else
char *expand;
#endif
EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
EVP_MD *write_hash; /* used for mac generation */
SSL_COMPRESSION *write_compression; /* compression */
#ifdef HEADER_COMP_H
COMP_CTX *compress; /* compression */
#else
char *compress;
#endif
/* session info */
@@ -660,6 +675,7 @@ typedef struct ssl_st
PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL)
#endif
#define SSL_AD_REASON_OFFSET 1000
/* These alert types are for SSLv3 and TLSv1 */
#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
@@ -706,6 +722,9 @@ typedef struct ssl_st
#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 8
#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 9
#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 10
#define SSL_CTRL_GET_FLAGS 11
#define SSL_CTRL_EXTRA_CHAIN_CERT 11
#define SSL_session_reused(ssl) \
SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
@@ -724,14 +743,17 @@ typedef struct ssl_st
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
/* For the next 2, the callbacks are
* RSA *tmp_rsa_cb(int export)
* DH *tmp_dh_cb(int export)
* RSA *tmp_rsa_cb(SSL *ssl,int export)
* DH *tmp_dh_cb(SSL *ssl,int export)
*/
#define SSL_CTX_set_tmp_rsa_callback(ctx,cb) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb)
#define SSL_CTX_set_tmp_dh_callback(ctx,dh) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh)
#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
#ifndef NOPROTO
#ifdef HEADER_BIO_H
@@ -944,6 +966,8 @@ char *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
int (*dup_func)(), void (*free_func)());
int SSL_get_ex_data_X509_STORE_CTX_idx(void );
#else
BIO_METHOD *BIO_f_ssl();
@@ -1120,6 +1144,7 @@ X509 *SSL_get_certificate();
#ifdef this_is_for_mk1mf_pl
EVP *SSL_get_privatekey();
#endif
void SSL_CTX_set_quiet_shutdown();
int SSL_CTX_get_quiet_shutdown();
@@ -1133,7 +1158,7 @@ int SSL_CTX_load_verify_locations();
SSL_SESSION *SSL_get_session();
SSL_CTX *SSL_get_SSL_CTX();
void SSL_set_info_callback();
int (*SSL_get_info_callback())();
void (*SSL_get_info_callback())();
int SSL_state();
void SSL_set_verify_result();
long SSL_get_verify_result();
@@ -1150,7 +1175,9 @@ int SSL_CTX_set_ex_data();
char *SSL_CTX_get_ex_data();
int SSL_CTX_get_ex_new_index();
#endif
int SSL_get_ex_data_X509_STORE_CTX_idx();
/* #endif */
#endif
@@ -1262,11 +1289,12 @@ int SSL_CTX_get_ex_new_index();
#define SSL_F_SSL_USE_RSAPRIVATEKEY 201
#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 202
#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 203
#define SSL_F_SSL_WRITE 204
#define SSL_F_TLS1_CHANGE_CIPHER_STATE 205
#define SSL_F_TLS1_ENC 206
#define SSL_F_TLS1_SETUP_KEY_BLOCK 207
#define SSL_F_WRITE_PENDING 208
#define SSL_F_SSL_VERIFY_CERT_CHAIN 204
#define SSL_F_SSL_WRITE 205
#define SSL_F_TLS1_CHANGE_CIPHER_STATE 206
#define SSL_F_TLS1_ENC 207
#define SSL_F_TLS1_SETUP_KEY_BLOCK 208
#define SSL_F_WRITE_PENDING 209
/* Reason codes. */
#define SSL_R_APP_DATA_IN_HANDSHAKE 100
@@ -1311,83 +1339,85 @@ int SSL_CTX_get_ex_new_index();
#define SSL_R_CIPHER_TABLE_SRC_ERROR 139
#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140
#define SSL_R_COMPRESSION_FAILURE 141
#define SSL_R_CONNECTION_ID_IS_DIFFERENT 142
#define SSL_R_CONNECTION_TYPE_NOT_SET 143
#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 144
#define SSL_R_DATA_LENGTH_TOO_LONG 145
#define SSL_R_DECRYPTION_FAILED 146
#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 147
#define SSL_R_DIGEST_CHECK_FAILED 148
#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 149
#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 150
#define SSL_R_EXCESSIVE_MESSAGE_SIZE 151
#define SSL_R_EXTRA_DATA_IN_MESSAGE 152
#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 153
#define SSL_R_HTTPS_PROXY_REQUEST 154
#define SSL_R_HTTP_REQUEST 155
#define SSL_R_INTERNAL_ERROR 156
#define SSL_R_INVALID_CHALLENGE_LENGTH 157
#define SSL_R_LENGTH_MISMATCH 158
#define SSL_R_LENGTH_TOO_SHORT 159
#define SSL_R_LIBRARY_HAS_NO_CIPHERS 160
#define SSL_R_MISSING_DH_DSA_CERT 161
#define SSL_R_MISSING_DH_KEY 162
#define SSL_R_MISSING_DH_RSA_CERT 163
#define SSL_R_MISSING_DSA_SIGNING_CERT 164
#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 165
#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 166
#define SSL_R_MISSING_RSA_CERTIFICATE 167
#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 168
#define SSL_R_MISSING_RSA_SIGNING_CERT 169
#define SSL_R_MISSING_TMP_DH_KEY 170
#define SSL_R_MISSING_TMP_RSA_KEY 171
#define SSL_R_MISSING_TMP_RSA_PKEY 172
#define SSL_R_MISSING_VERIFY_MESSAGE 173
#define SSL_R_NON_SSLV2_INITIAL_PACKET 174
#define SSL_R_NO_CERTIFICATES_RETURNED 175
#define SSL_R_NO_CERTIFICATE_ASSIGNED 176
#define SSL_R_NO_CERTIFICATE_RETURNED 177
#define SSL_R_NO_CERTIFICATE_SET 178
#define SSL_R_NO_CERTIFICATE_SPECIFIED 179
#define SSL_R_NO_CIPHERS_AVAILABLE 180
#define SSL_R_NO_CIPHERS_PASSED 181
#define SSL_R_NO_CIPHERS_SPECIFIED 182
#define SSL_R_NO_CIPHER_LIST 183
#define SSL_R_NO_CIPHER_MATCH 184
#define SSL_R_NO_CLIENT_CERT_RECEIVED 185
#define SSL_R_NO_COMPRESSION_SPECIFIED 186
#define SSL_R_NO_PRIVATEKEY 187
#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 188
#define SSL_R_NO_PROTOCOLS_AVAILABLE 189
#define SSL_R_NO_PUBLICKEY 190
#define SSL_R_NO_SHARED_CIPHER 191
#define SSL_R_NULL_SSL_CTX 192
#define SSL_R_NULL_SSL_METHOD_PASSED 193
#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 194
#define SSL_R_PACKET_LENGTH_TOO_LONG 195
#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 196
#define SSL_R_PEER_ERROR 197
#define SSL_R_PEER_ERROR_CERTIFICATE 198
#define SSL_R_PEER_ERROR_NO_CERTIFICATE 199
#define SSL_R_PEER_ERROR_NO_CIPHER 200
#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 201
#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 202
#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 203
#define SSL_R_PROTOCOL_IS_SHUTDOWN 204
#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 205
#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 206
#define SSL_R_PUBLIC_KEY_NOT_RSA 207
#define SSL_R_READ_BIO_NOT_SET 208
#define SSL_R_READ_WRONG_PACKET_TYPE 209
#define SSL_R_RECORD_LENGTH_MISMATCH 210
#define SSL_R_RECORD_TOO_LARGE 211
#define SSL_R_REQUIRED_CIPHER_MISSING 212
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 213
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 214
#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 215
#define SSL_R_SHORT_READ 216
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 217
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 218
#define SSL_R_COMPRESSION_LIBRARY_ERROR 142
#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143
#define SSL_R_CONNECTION_TYPE_NOT_SET 144
#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
#define SSL_R_DATA_LENGTH_TOO_LONG 146
#define SSL_R_DECRYPTION_FAILED 147
#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
#define SSL_R_DIGEST_CHECK_FAILED 149
#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
#define SSL_R_HTTPS_PROXY_REQUEST 155
#define SSL_R_HTTP_REQUEST 156
#define SSL_R_INTERNAL_ERROR 157
#define SSL_R_INVALID_CHALLENGE_LENGTH 158
#define SSL_R_LENGTH_MISMATCH 159
#define SSL_R_LENGTH_TOO_SHORT 160
#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
#define SSL_R_MISSING_DH_DSA_CERT 162
#define SSL_R_MISSING_DH_KEY 163
#define SSL_R_MISSING_DH_RSA_CERT 164
#define SSL_R_MISSING_DSA_SIGNING_CERT 165
#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166
#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167
#define SSL_R_MISSING_RSA_CERTIFICATE 168
#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
#define SSL_R_MISSING_RSA_SIGNING_CERT 170
#define SSL_R_MISSING_TMP_DH_KEY 171
#define SSL_R_MISSING_TMP_RSA_KEY 172
#define SSL_R_MISSING_TMP_RSA_PKEY 173
#define SSL_R_MISSING_VERIFY_MESSAGE 174
#define SSL_R_NON_SSLV2_INITIAL_PACKET 175
#define SSL_R_NO_CERTIFICATES_RETURNED 176
#define SSL_R_NO_CERTIFICATE_ASSIGNED 177
#define SSL_R_NO_CERTIFICATE_RETURNED 178
#define SSL_R_NO_CERTIFICATE_SET 179
#define SSL_R_NO_CERTIFICATE_SPECIFIED 180
#define SSL_R_NO_CIPHERS_AVAILABLE 181
#define SSL_R_NO_CIPHERS_PASSED 182
#define SSL_R_NO_CIPHERS_SPECIFIED 183
#define SSL_R_NO_CIPHER_LIST 184
#define SSL_R_NO_CIPHER_MATCH 185
#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
#define SSL_R_NO_COMPRESSION_SPECIFIED 187
#define SSL_R_NO_PRIVATEKEY 188
#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 189
#define SSL_R_NO_PROTOCOLS_AVAILABLE 190
#define SSL_R_NO_PUBLICKEY 191
#define SSL_R_NO_SHARED_CIPHER 192
#define SSL_R_NO_VERIFY_CALLBACK 193
#define SSL_R_NULL_SSL_CTX 194
#define SSL_R_NULL_SSL_METHOD_PASSED 195
#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 196
#define SSL_R_PACKET_LENGTH_TOO_LONG 197
#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 198
#define SSL_R_PEER_ERROR 199
#define SSL_R_PEER_ERROR_CERTIFICATE 200
#define SSL_R_PEER_ERROR_NO_CERTIFICATE 201
#define SSL_R_PEER_ERROR_NO_CIPHER 202
#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 203
#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 204
#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 205
#define SSL_R_PROTOCOL_IS_SHUTDOWN 206
#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 207
#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 208
#define SSL_R_PUBLIC_KEY_NOT_RSA 209
#define SSL_R_READ_BIO_NOT_SET 210
#define SSL_R_READ_WRONG_PACKET_TYPE 211
#define SSL_R_RECORD_LENGTH_MISMATCH 212
#define SSL_R_RECORD_TOO_LARGE 213
#define SSL_R_REQUIRED_CIPHER_MISSING 214
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 215
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 216
#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 217
#define SSL_R_SHORT_READ 218
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 219
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 220
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
@@ -1397,54 +1427,67 @@ int SSL_CTX_get_ex_new_index();
#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 219
#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 220
#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 221
#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 222
#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 221
#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 222
#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 223
#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 224
#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 223
#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 225
#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 224
#define SSL_R_SSL_HANDSHAKE_FAILURE 225
#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 226
#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 227
#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 228
#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 229
#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 230
#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 231
#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 232
#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 233
#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 234
#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 235
#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 236
#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 237
#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 238
#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 239
#define SSL_R_UNEXPECTED_MESSAGE 240
#define SSL_R_UNEXPECTED_RECORD 241
#define SSL_R_UNKNOWN_ALERT_TYPE 242
#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 243
#define SSL_R_UNKNOWN_CIPHER_RETURNED 244
#define SSL_R_UNKNOWN_CIPHER_TYPE 245
#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 246
#define SSL_R_UNKNOWN_PKEY_TYPE 247
#define SSL_R_UNKNOWN_PROTOCOL 248
#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 249
#define SSL_R_UNKNOWN_SSL_VERSION 250
#define SSL_R_UNKNOWN_STATE 251
#define SSL_R_UNSUPPORTED_CIPHER 252
#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 253
#define SSL_R_UNSUPPORTED_PROTOCOL 254
#define SSL_R_UNSUPPORTED_SSL_VERSION 255
#define SSL_R_WRITE_BIO_NOT_SET 256
#define SSL_R_WRONG_CIPHER_RETURNED 257
#define SSL_R_WRONG_MESSAGE_TYPE 258
#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 259
#define SSL_R_WRONG_SIGNATURE_LENGTH 260
#define SSL_R_WRONG_SIGNATURE_SIZE 261
#define SSL_R_WRONG_SSL_VERSION 262
#define SSL_R_WRONG_VERSION_NUMBER 263
#define SSL_R_X509_LIB 264
#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 226
#define SSL_R_SSL_HANDSHAKE_FAILURE 227
#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 228
#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 229
#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICION 1060
#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
#define SSL_R_TLSV1_ALERT_USER_CANCLED 1090
#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 230
#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 231
#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 232
#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 233
#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 234
#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 235
#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 236
#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 237
#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 238
#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 239
#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 240
#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 241
#define SSL_R_UNEXPECTED_MESSAGE 242
#define SSL_R_UNEXPECTED_RECORD 243
#define SSL_R_UNKNOWN_ALERT_TYPE 244
#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 245
#define SSL_R_UNKNOWN_CIPHER_RETURNED 246
#define SSL_R_UNKNOWN_CIPHER_TYPE 247
#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 248
#define SSL_R_UNKNOWN_PKEY_TYPE 249
#define SSL_R_UNKNOWN_PROTOCOL 250
#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 251
#define SSL_R_UNKNOWN_SSL_VERSION 252
#define SSL_R_UNKNOWN_STATE 253
#define SSL_R_UNSUPPORTED_CIPHER 254
#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 255
#define SSL_R_UNSUPPORTED_PROTOCOL 256
#define SSL_R_UNSUPPORTED_SSL_VERSION 257
#define SSL_R_WRITE_BIO_NOT_SET 258
#define SSL_R_WRONG_CIPHER_RETURNED 259
#define SSL_R_WRONG_MESSAGE_TYPE 260
#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 261
#define SSL_R_WRONG_SIGNATURE_LENGTH 262
#define SSL_R_WRONG_SIGNATURE_SIZE 263
#define SSL_R_WRONG_SSL_VERSION 264
#define SSL_R_WRONG_VERSION_NUMBER 265
#define SSL_R_X509_LIB 266
#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 267
#ifdef __cplusplus
}

14
ssl/ssl3.h
View File

@@ -208,7 +208,7 @@ typedef struct ssl3_record_st
/*r */ unsigned int off; /* read/write offset into 'buf' */
/*rw*/ unsigned char *data; /* pointer to the record data */
/*rw*/ unsigned char *input; /* where the decode bytes are */
/*rw*/ unsigned char *comp; /* only used with decompression */
/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */
} SSL3_RECORD;
typedef struct ssl3_buffer_st
@@ -220,10 +220,6 @@ typedef struct ssl3_buffer_st
/*rw*/ unsigned char *buf; /* SSL3_RT_MAX_PACKET_SIZE bytes */
} SSL3_BUFFER;
typedef struct ssl3_compression_st {
int nothing;
} SSL3_COMPRESSION;
#define SSL3_CT_RSA_SIGN 1
#define SSL3_CT_DSS_SIGN 2
#define SSL3_CT_RSA_FIXED_DH 3
@@ -236,7 +232,7 @@ typedef struct ssl3_compression_st {
#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
#define SSL3_FLAGS_POP_BUFFER 0x0004
#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
#if 0
#define AD_CLOSE_NOTIFY 0
@@ -344,7 +340,11 @@ typedef struct ssl3_ctx_st
EVP_CIPHER *new_sym_enc;
EVP_MD *new_hash;
SSL_COMPRESSION *new_compression;
#ifdef HEADER_COMP_H
COMP_METHOD *new_compression;
#else
char *new_compression;
#endif
int cert_request;
} tmp;
} SSL3_CTX;

6
ssl/ssl_algs.c
View File

@@ -82,12 +82,12 @@ void SSLeay_add_ssl_algorithms()
#endif
#ifndef NO_MD5
EVP_add_digest(EVP_md5());
EVP_add_alias(SN_md5,"ssl2-md5");
EVP_add_alias(SN_md5,"ssl3-md5");
EVP_add_digest_alias(SN_md5,"ssl2-md5");
EVP_add_digest_alias(SN_md5,"ssl3-md5");
#endif
#ifndef NO_SHA1
EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
EVP_add_alias(SN_sha1,"ssl3-sha1");
EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
#endif
#if !defined(NO_SHA1) && !defined(NO_DSA)
EVP_add_digest(EVP_dss1()); /* DSA with sha1 */

25
ssl/ssl_cert.c
View File

@@ -62,6 +62,18 @@
#include "pem.h"
#include "ssl_locl.h"
int SSL_get_ex_data_X509_STORE_CTX_idx()
{
static int ssl_x509_store_ctx_idx= -1;
if (ssl_x509_store_ctx_idx < 0)
{
ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
0,"SSL for verifiy callback",NULL,NULL,NULL);
}
return(ssl_x509_store_ctx_idx);
}
CERT *ssl_cert_new()
{
CERT *ret;
@@ -150,15 +162,24 @@ STACK *sk;
x=(X509 *)sk_value(sk,0);
X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
X509_STORE_CTX_set_app_data(&ctx,(char *)s);
X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),
(char *)s);
if (s->ctx->app_verify_callback != NULL)
i=s->ctx->app_verify_callback(&ctx);
else
{
#ifndef NO_X509_VERIFY
i=X509_verify_cert(&ctx);
#else
i=0;
ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;
SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK);
#endif
}
X509_STORE_CTX_cleanup(&ctx);
s->verify_result=ctx.error;
X509_STORE_CTX_cleanup(&ctx);
return(i);
}

2
ssl/ssl_ciph.c
View File

@@ -145,6 +145,7 @@ static SSL_CIPHER cipher_aliases[]={
{0,SSL_TXT_EXPORT,0,SSL_EXPORT,0,SSL_EXP_MASK},
{0,SSL_TXT_SSLV2,0,SSL_SSLV2,0,SSL_SSL_MASK},
{0,SSL_TXT_SSLV3,0,SSL_SSLV3,0,SSL_SSL_MASK},
{0,SSL_TXT_TLSV1,0,SSL_SSLV3,0,SSL_SSL_MASK},
{0,SSL_TXT_LOW, 0,SSL_LOW,0,SSL_STRONG_MASK},
{0,SSL_TXT_MEDIUM,0,SSL_MEDIUM,0,SSL_STRONG_MASK},
{0,SSL_TXT_HIGH, 0,SSL_HIGH,0,SSL_STRONG_MASK},
@@ -208,7 +209,6 @@ EVP_MD **md;
case SSL_eNULL:
i=SSL_ENC_NULL_IDX;
break;
break;
default:
i= -1;
break;

580
ssl/ssl_comp.c Normal file
View File

@@ -0,0 +1,580 @@
/* ssl/ssl_comp.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include "ssl_locl.h"
#ifndef NOPROTO
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
#else
static void SSL_SESSION_list_remove();
static void SSL_SESSION_list_add();
#endif
static int ssl_session_num=0;
static STACK *ssl_session_meth=NULL;
SSL_SESSION *SSL_get_session(ssl)
SSL *ssl;
{
return(ssl->session);
}
int SSL_SESSION_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
long argl;
char *argp;
int (*new_func)();
int (*dup_func)();
void (*free_func)();
{
ssl_session_num++;
return(CRYPTO_get_ex_new_index(ssl_session_num-1,
&ssl_session_meth,
argl,argp,new_func,dup_func,free_func));
}
int SSL_SESSION_set_ex_data(s,idx,arg)
SSL_SESSION *s;
int idx;
char *arg;
{
return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
}
char *SSL_SESSION_get_ex_data(s,idx)
SSL_SESSION *s;
int idx;
{
return(CRYPTO_get_ex_data(&s->ex_data,idx));
}
SSL_SESSION *SSL_SESSION_new()
{
SSL_SESSION *ss;
ss=(SSL_SESSION *)Malloc(sizeof(SSL_SESSION));
if (ss == NULL)
{
SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE);
return(0);
}
memset(ss,0,sizeof(SSL_SESSION));
ss->references=1;
ss->timeout=60*5+4; /* 5 minute timeout by default */
ss->time=time(NULL);
ss->prev=NULL;
ss->next=NULL;
CRYPTO_new_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data);
return(ss);
}
int ssl_get_new_session(s, session)
SSL *s;
int session;
{
SSL_SESSION *ss=NULL;
if ((ss=SSL_SESSION_new()) == NULL) return(0);
/* If the context has a default timeout, use it */
if (s->ctx->session_timeout != 0)
ss->timeout=SSL_get_default_timeout(s);
if (s->session != NULL)
{
SSL_SESSION_free(s->session);
s->session=NULL;
}
if (session)
{
if (s->version == SSL2_CLIENT_VERSION)
{
ss->ssl_version=SSL2_VERSION;
ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
}
else if (s->version == SSL3_VERSION)
{
ss->ssl_version=SSL3_VERSION;
ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
}
else if (s->version == TLS1_VERSION)
{
ss->ssl_version=TLS1_VERSION;
ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
}
else
{
SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
SSL_SESSION_free(ss);
return(0);
}
for (;;)
{
SSL_SESSION *r;
RAND_bytes(ss->session_id,ss->session_id_length);
CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
r=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,
(char *)ss);
CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
if (r == NULL) break;
/* else - woops a session_id match */
}
}
else
{
ss->session_id_length=0;
}
s->session=ss;
ss->ssl_version=s->version;
return(1);
}
int ssl_get_prev_session(s,session_id,len)
SSL *s;
unsigned char *session_id;
int len;
{
SSL_SESSION *ret=NULL,data;
/* conn_init();*/
data.ssl_version=s->version;
data.session_id_length=len;
if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
return(0);
memcpy(data.session_id,session_id,len);;
if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
{
CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,(char *)&data);
CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
}
if (ret == NULL)
{
int copy=1;
s->ctx->sess_miss++;
ret=NULL;
if ((s->ctx->get_session_cb != NULL) &&
((ret=s->ctx->get_session_cb(s,session_id,len,&copy))
!= NULL))
{
s->ctx->sess_cb_hit++;
/* The following should not return 1, otherwise,
* things are very strange */
SSL_CTX_add_session(s->ctx,ret);
/* auto free it */
if (!copy)
SSL_SESSION_free(ret);
}
if (ret == NULL) return(0);
}
if (ret->cipher == NULL)
{
char buf[5],*p;
unsigned long l;
p=buf;
l=ret->cipher_id;
l2n(l,p);
if ((ret->ssl_version>>8) == SSL3_VERSION_MAJOR)
ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
else
ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
if (ret->cipher == NULL)
return(0);
}
/* If a thread got the session, then 'swaped', and another got
* it and then due to a time-out decided to 'Free' it we could
* be in trouble. So I'll increment it now, then double decrement
* later - am I speaking rubbish?. */
CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */
{
s->ctx->sess_timeout++;
/* remove it from the cache */
SSL_CTX_remove_session(s->ctx,ret);
SSL_SESSION_free(ret); /* again to actually Free it */
return(0);
}
s->ctx->sess_hit++;
/* ret->time=time(NULL); */ /* rezero timeout? */
/* again, just leave the session
* if it is the same session, we have just incremented and
* then decremented the reference count :-) */
if (s->session != NULL)
SSL_SESSION_free(s->session);
s->session=ret;
return(1);
}
int SSL_CTX_add_session(ctx,c)
SSL_CTX *ctx;
SSL_SESSION *c;
{
int ret=0;
SSL_SESSION *s;
/* conn_init(); */
CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION);
CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
s=(SSL_SESSION *)lh_insert(ctx->sessions,(char *)c);
/* Put on the end of the queue unless it is already in the cache */
if (s == NULL)
SSL_SESSION_list_add(ctx,c);
/* If the same session if is being 're-added', Free the old
* one when the last person stops using it.
* This will also work if it is alread in the cache.
* The references will go up and then down :-) */
if (s != NULL)
{
SSL_SESSION_free(s);
ret=0;
}
else
{
ret=1;
if (SSL_CTX_sess_get_cache_size(ctx) > 0)
{
while (SSL_CTX_sess_number(ctx) >
SSL_CTX_sess_get_cache_size(ctx))
{
if (!SSL_CTX_remove_session(ctx,
ctx->session_cache_tail))
break;
else
ctx->sess_cache_full++;
}
}
}
CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
return(ret);
}
int SSL_CTX_remove_session(ctx,c)
SSL_CTX *ctx;
SSL_SESSION *c;
{
SSL_SESSION *r;
int ret=0;
if ((c != NULL) && (c->session_id_length != 0))
{
CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
r=(SSL_SESSION *)lh_delete(ctx->sessions,(char *)c);
if (r != NULL)
{
ret=1;
SSL_SESSION_list_remove(ctx,c);
}
CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
if (ret)
{
r->not_resumable=1;
if (ctx->remove_session_cb != NULL)
ctx->remove_session_cb(ctx,r);
SSL_SESSION_free(r);
}
}
else
ret=0;
return(ret);
}
void SSL_SESSION_free(ss)
SSL_SESSION *ss;
{
int i;
i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION);
#ifdef REF_PRINT
REF_PRINT("SSL_SESSION",ss);
#endif
if (i > 0) return;
#ifdef REF_CHECK
if (i < 0)
{
fprintf(stderr,"SSL_SESSION_free, bad reference count\n");
abort(); /* ok */
}
#endif
CRYPTO_free_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data);
memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
if (ss->cert != NULL) ssl_cert_free(ss->cert);
if (ss->peer != NULL) X509_free(ss->peer);
if (ss->ciphers != NULL) sk_free(ss->ciphers);
memset(ss,0,sizeof(*ss));
Free(ss);
}
int SSL_set_session(s, session)
SSL *s;
SSL_SESSION *session;
{
int ret=0;
SSL_METHOD *meth;
if (session != NULL)
{
meth=s->ctx->method->get_ssl_method(session->ssl_version);
if (meth == NULL)
meth=s->method->get_ssl_method(session->ssl_version);
if (meth == NULL)
{
SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD);
return(0);
}
if (meth != s->method)
{
if (!SSL_set_ssl_method(s,meth))
return(0);
session->timeout=SSL_get_default_timeout(s);
}
/* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION);
if (s->session != NULL)
SSL_SESSION_free(s->session);
s->session=session;
/* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
ret=1;
}
else
{
if (s->session != NULL)
{
SSL_SESSION_free(s->session);
s->session=NULL;
}
}
return(ret);
}
long SSL_SESSION_set_timeout(s,t)
SSL_SESSION *s;
long t;
{
if (s == NULL) return(0);
s->timeout=t;
return(1);
}
long SSL_SESSION_get_timeout(s)
SSL_SESSION *s;
{
if (s == NULL) return(0);
return(s->timeout);
}
long SSL_SESSION_get_time(s)
SSL_SESSION *s;
{
if (s == NULL) return(0);
return(s->time);
}
long SSL_SESSION_set_time(s,t)
SSL_SESSION *s;
long t;
{
if (s == NULL) return(0);
s->time=t;
return(t);
}
typedef struct timeout_param_st
{
SSL_CTX *ctx;
long time;
LHASH *cache;
} TIMEOUT_PARAM;
static void timeout(s,p)
SSL_SESSION *s;
TIMEOUT_PARAM *p;
{
if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
{
/* The reason we don't call SSL_CTX_remove_session() is to
* save on locking overhead */
lh_delete(p->cache,(char *)s);
SSL_SESSION_list_remove(p->ctx,s);
s->not_resumable=1;
if (p->ctx->remove_session_cb != NULL)
p->ctx->remove_session_cb(p->ctx,s);
SSL_SESSION_free(s);
}
}
void SSL_CTX_flush_sessions(s,t)
SSL_CTX *s;
long t;
{
unsigned long i;
TIMEOUT_PARAM tp;
tp.ctx=s;
tp.cache=SSL_CTX_sessions(s);
if (tp.cache == NULL) return;
tp.time=t;
CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
i=tp.cache->down_load;
tp.cache->down_load=0;
lh_doall_arg(tp.cache,(void (*)())timeout,(char *)&tp);
tp.cache->down_load=i;
CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
}
int ssl_clear_bad_session(s)
SSL *s;
{
if ( (s->session != NULL) &&
!(s->shutdown & SSL_SENT_SHUTDOWN) &&
!(SSL_in_init(s) || SSL_in_before(s)))
{
SSL_CTX_remove_session(s->ctx,s->session);
return(1);
}
else
return(0);
}
/* locked by SSL_CTX in the calling function */
static void SSL_SESSION_list_remove(ctx,s)
SSL_CTX *ctx;
SSL_SESSION *s;
{
if ((s->next == NULL) || (s->prev == NULL)) return;
if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail))
{ /* last element in list */
if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
{ /* only one element in list */
ctx->session_cache_head=NULL;
ctx->session_cache_tail=NULL;
}
else
{
ctx->session_cache_tail=s->prev;
s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail);
}
}
else
{
if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
{ /* first element in list */
ctx->session_cache_head=s->next;
s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head);
}
else
{ /* middle of list */
s->next->prev=s->prev;
s->prev->next=s->next;
}
}
s->prev=s->next=NULL;
}
static void SSL_SESSION_list_add(ctx,s)
SSL_CTX *ctx;
SSL_SESSION *s;
{
if ((s->next != NULL) && (s->prev != NULL))
SSL_SESSION_list_remove(ctx,s);
if (ctx->session_cache_head == NULL)
{
ctx->session_cache_head=s;
ctx->session_cache_tail=s;
s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
s->next=(SSL_SESSION *)&(ctx->session_cache_tail);
}
else
{
s->next=ctx->session_cache_head;
s->next->prev=s;
s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
ctx->session_cache_head=s;
}
}

20
ssl/ssl_err.c
View File

@@ -167,6 +167,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY,0), "SSL_use_RSAPrivateKey"},
{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,0), "SSL_use_RSAPrivateKey_ASN1"},
{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,0), "SSL_use_RSAPrivateKey_file"},
{ERR_PACK(0,SSL_F_SSL_VERIFY_CERT_CHAIN,0), "SSL_VERIFY_CERT_CHAIN"},
{ERR_PACK(0,SSL_F_SSL_WRITE,0), "SSL_write"},
{ERR_PACK(0,SSL_F_TLS1_CHANGE_CIPHER_STATE,0), "TLS1_CHANGE_CIPHER_STATE"},
{ERR_PACK(0,SSL_F_TLS1_ENC,0), "TLS1_ENC"},
@@ -219,6 +220,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{SSL_R_CIPHER_TABLE_SRC_ERROR ,"cipher table src error"},
{SSL_R_COMPRESSED_LENGTH_TOO_LONG ,"compressed length too long"},
{SSL_R_COMPRESSION_FAILURE ,"compression failure"},
{SSL_R_COMPRESSION_LIBRARY_ERROR ,"compression library error"},
{SSL_R_CONNECTION_ID_IS_DIFFERENT ,"connection id is different"},
{SSL_R_CONNECTION_TYPE_NOT_SET ,"connection type not set"},
{SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ,"data between ccs and finished"},
@@ -269,6 +271,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{SSL_R_NO_PROTOCOLS_AVAILABLE ,"no protocols available"},
{SSL_R_NO_PUBLICKEY ,"no publickey"},
{SSL_R_NO_SHARED_CIPHER ,"no shared cipher"},
{SSL_R_NO_VERIFY_CALLBACK ,"no verify callback"},
{SSL_R_NULL_SSL_CTX ,"null ssl ctx"},
{SSL_R_NULL_SSL_METHOD_PASSED ,"null ssl method passed"},
{SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED ,"old session cipher not returned"},
@@ -316,6 +319,18 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{SSL_R_SSL_HANDSHAKE_FAILURE ,"ssl handshake failure"},
{SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS ,"ssl library has no ciphers"},
{SSL_R_SSL_SESSION_ID_IS_DIFFERENT ,"ssl session id is different"},
{SSL_R_TLSV1_ALERT_ACCESS_DENIED ,"tlsv1 alert access denied"},
{SSL_R_TLSV1_ALERT_DECODE_ERROR ,"tlsv1 alert decode error"},
{SSL_R_TLSV1_ALERT_DECRYPTION_FAILED ,"tlsv1 alert decryption failed"},
{SSL_R_TLSV1_ALERT_DECRYPT_ERROR ,"tlsv1 alert decrypt error"},
{SSL_R_TLSV1_ALERT_EXPORT_RESTRICION ,"tlsv1 alert export restricion"},
{SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY ,"tlsv1 alert insufficient security"},
{SSL_R_TLSV1_ALERT_INTERNAL_ERROR ,"tlsv1 alert internal error"},
{SSL_R_TLSV1_ALERT_NO_RENEGOTIATION ,"tlsv1 alert no renegotiation"},
{SSL_R_TLSV1_ALERT_PROTOCOL_VERSION ,"tlsv1 alert protocol version"},
{SSL_R_TLSV1_ALERT_RECORD_OVERFLOW ,"tlsv1 alert record overflow"},
{SSL_R_TLSV1_ALERT_UNKNOWN_CA ,"tlsv1 alert unknown ca"},
{SSL_R_TLSV1_ALERT_USER_CANCLED ,"tlsv1 alert user cancled"},
{SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER,"tls client cert req with anon cipher"},
{SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST,"tls peer did not respond with certificate list"},
{SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG,"tls rsa encrypted value length is wrong"},
@@ -353,6 +368,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{SSL_R_WRONG_SSL_VERSION ,"wrong ssl version"},
{SSL_R_WRONG_VERSION_NUMBER ,"wrong version number"},
{SSL_R_X509_LIB ,"x509 lib"},
{SSL_R_X509_VERIFICATION_SETUP_PROBLEMS ,"x509 verification setup problems"},
{0,NULL},
};
@@ -362,8 +378,8 @@ void ERR_load_SSL_strings()
{
static int init=1;
if (init);
{;
if (init)
{
init=0;
#ifndef NO_ERR
ERR_load_strings(ERR_LIB_SSL,SSL_str_functs);

40
ssl/ssl_lib.c
View File

@@ -61,7 +61,7 @@
#include "lhash.h"
#include "ssl_locl.h"
char *SSL_version_str="SSLeay 0.9.0b 29-Jun-1998";
char *SSL_version_str="SSLeay 0.9.1a 06-Jul-1998";
static STACK *ssl_meth=NULL;
static STACK *ssl_ctx_meth=NULL;
@@ -248,6 +248,11 @@ SSL *s;
ssl_clear_cipher_ctx(s);
if (s->expand != NULL)
COMP_CTX_free(s->expand);
if (s->compress != NULL)
COMP_CTX_free(s->compress);
if (s->cert != NULL) ssl_cert_free(s->cert);
/* Free up if allocated */
@@ -839,8 +844,11 @@ SSL_SESSION *a;
{
unsigned long l;
l= (a->session_id[0] )|(a->session_id[1]<< 8L)|
(a->session_id[2]<<16L)|(a->session_id[3]<<24L);
l=(unsigned long)
((unsigned int) a->session_id[0] )|
((unsigned int) a->session_id[1]<< 8L)|
((unsigned long)a->session_id[2]<<16L)|
((unsigned long)a->session_id[3]<<24L);
return(l);
}
@@ -858,13 +866,19 @@ SSL_SESSION *b;
SSL_CTX *SSL_CTX_new(meth)
SSL_METHOD *meth;
{
SSL_CTX *ret;
SSL_CTX *ret=NULL;
if (meth == NULL)
{
SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
return(NULL);
}
if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
{
SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
goto err;
}
ret=(SSL_CTX *)Malloc(sizeof(SSL_CTX));
if (ret == NULL)
goto err;
@@ -956,6 +970,8 @@ SSL_METHOD *meth;
CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data);
ret->extra_certs=NULL;
return(ret);
err:
SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
@@ -1000,6 +1016,8 @@ SSL_CTX *a;
ssl_cert_free(a->default_cert);
if (a->client_CA != NULL)
sk_pop_free(a->client_CA,X509_NAME_free);
if (a->extra_certs != NULL)
sk_pop_free(a->extra_certs,X509_free);
Free((char *)a);
}
@@ -1341,7 +1359,9 @@ SSL *s;
SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
return(-1);
}
if (s->s3->renegotiate) ssl3_renegotiate_check(s);
s->method->ssl_renegotiate_check(s);
if (SSL_in_init(s) || SSL_in_before(s))
{
ret=s->handshake_func(s);
@@ -1615,6 +1635,7 @@ SSL *ssl;
return(ssl->ctx);
}
#ifndef NO_STDIO
int SSL_CTX_set_default_verify_paths(ctx)
SSL_CTX *ctx;
{
@@ -1628,6 +1649,7 @@ char *CApath;
{
return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
}
#endif
void SSL_set_info_callback(ssl,cb)
SSL *ssl;
@@ -1639,7 +1661,7 @@ void (*cb)();
void (*SSL_get_info_callback(ssl))()
SSL *ssl;
{
return(ssl->info_callback);
return((void (*)())ssl->info_callback);
}
int SSL_state(ssl)
@@ -1715,6 +1737,12 @@ int idx;
return(CRYPTO_get_ex_data(&s->ex_data,idx));
}
int ssl_ok(s)
SSL *s;
{
return(1);
}
#if defined(_WINDLL) && defined(WIN16)
#include "../crypto/bio/bss_file.c"
#endif

48
ssl/ssl_locl.h
View File

@@ -66,6 +66,7 @@
#include "e_os.h"
#include "buffer.h"
#include "comp.h"
#include "bio.h"
#include "crypto.h"
#include "evp.h"
@@ -74,6 +75,7 @@
#include "err.h"
#include "ssl.h"
#define PKCS1_CHECK
#define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \
l|=(((unsigned long)(*((c)++)))<< 8), \
@@ -126,18 +128,18 @@
} \
}
#define n2s(c,s) (s =((unsigned int)(*((c)++)))<< 8, \
s|=((unsigned int)(*((c)++))))
#define s2n(s,c) (*((c)++)=(unsigned char)(((s)>> 8)&0xff), \
*((c)++)=(unsigned char)(((s) )&0xff))
#define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \
(((unsigned int)(c[1])) )),c+=2)
#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
c[1]=(unsigned char)(((s) )&0xff)),c+=2)
#define n2l3(c,l) (l =((unsigned long)(*((c)++)))<<16, \
l|=((unsigned long)(*((c)++)))<< 8, \
l|=((unsigned long)(*((c)++))))
#define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \
(((unsigned long)(c[1]))<< 8)| \
(((unsigned long)(c[2])) )),c+=3)
#define l2n3(l,c) (*((c)++)=(unsigned char)(((l)>>16)&0xff), \
*((c)++)=(unsigned char)(((l)>> 8)&0xff), \
*((c)++)=(unsigned char)(((l) )&0xff))
#define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \
c[1]=(unsigned char)(((l)>> 8)&0xff), \
c[2]=(unsigned char)(((l) )&0xff)),c+=3)
/* LOCAL STUFF */
@@ -313,6 +315,14 @@ typedef struct ssl3_enc_method
int (*alert_value)();
} SSL3_ENC_METHOD;
/* Used for holding the relevent compression methods loaded into SSL_CTX */
typedef struct ssl3_comp_st
{
int comp_id; /* The identifer byte for this compression type */
char *name; /* Text name used for the compression type */
COMP_METHOD *method; /* The method :-) */
} SSL3_COMP;
extern SSL3_ENC_METHOD ssl3_undef_enc_method;
extern SSL_CIPHER ssl2_ciphers[];
extern SSL_CIPHER ssl3_ciphers[];
@@ -431,7 +441,6 @@ void tls1_clear(SSL *s);
long tls1_ctrl(SSL *s,int cmd, long larg, char *parg);
SSL_METHOD *tlsv1_base_method(void );
int ssl_init_wbio_buffer(SSL *s, int push);
int tls1_change_cipher_state(SSL *s, int which);
@@ -445,6 +454,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out,
unsigned char *p, int len);
int tls1_alert_code(int code);
int ssl3_alert_code(int code);
int ssl_ok(SSL *s);
#else
@@ -556,3 +566,19 @@ int ssl_init_wbio_buffer();
#endif
#endif
int ssl3_cert_verify_mac();
int ssl3_alert_code();
int tls1_new();
void tls1_free();
void tls1_clear();
long tls1_ctrl();
SSL_METHOD *tlsv1_base_method();
int tls1_change_cipher_state();
int tls1_setup_key_block();
int tls1_enc();
int tls1_final_finish_mac();
int tls1_cert_verify_mac();
int tls1_mac();
int tls1_generate_master_secret();
int tls1_alert_code();
int ssl_ok();

18
ssl/ssl_rsa.c
View File

@@ -229,6 +229,10 @@ EVP_PKEY *pkey;
if (c->pkeys[i].x509 != NULL)
{
EVP_PKEY_copy_parameters(
X509_get_pubkey(c->pkeys[i].x509),pkey);
ERR_clear_error();
#ifndef NO_RSA
/* Don't check the public/private key, this is mostly
* for smart cards. */
@@ -503,6 +507,19 @@ X509 *x;
}
if (c->pkeys[i].privatekey != NULL)
{
EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
ERR_clear_error();
#ifndef NO_RSA
/* Don't check the public/private key, this is mostly
* for smart cards. */
if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
(RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
RSA_METHOD_FLAG_NO_CHECK))
ok=1;
else
#endif
{
if (!X509_check_private_key(x,c->pkeys[i].privatekey))
{
@@ -527,6 +544,7 @@ X509 *x;
}
else
ok=1;
} /* NO_RSA */
}
else
ok=1;

2
ssl/ssl_sess.c
View File

@@ -69,7 +69,7 @@ static void SSL_SESSION_list_remove();
static void SSL_SESSION_list_add();
#endif
static ssl_session_num=0;
static int ssl_session_num=0;
static STACK *ssl_session_meth=NULL;
SSL_SESSION *SSL_get_session(ssl)

1
ssl/ssltest.c
View File

@@ -361,6 +361,7 @@ end:
if (bio_stdout != NULL) BIO_free(bio_stdout);
ERR_free_strings();
ERR_remove_state(0);
EVP_cleanup();
CRYPTO_mem_leaks(bio_err);

63
ssl/t1_enc.c
View File

@@ -155,7 +155,7 @@ int num;
memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
p+=SSL3_RANDOM_SIZE;
tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,
tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
s->session->master_key,s->session->master_key_length,
km,tmp,num);
}
@@ -175,7 +175,7 @@ int which;
int client_write;
EVP_CIPHER_CTX *dd;
EVP_CIPHER *c;
SSL_COMPRESSION *comp;
COMP_METHOD *comp;
EVP_MD *m;
int exp,n,i,j,k,exp_label_len;
@@ -193,7 +193,24 @@ int which;
goto err;
dd= s->enc_read_ctx;
s->read_hash=m;
s->read_compression=comp;
if (s->expand != NULL)
{
COMP_CTX_free(s->expand);
s->expand=NULL;
}
if (comp != NULL)
{
s->expand=COMP_CTX_new(comp);
if (s->expand == NULL)
{
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err2;
}
s->s3->rrec.comp=(unsigned char *)
Malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
if (s->s3->rrec.comp == NULL)
goto err;
}
memset(&(s->s3->read_sequence[0]),0,8);
mac_secret= &(s->s3->read_mac_secret[0]);
}
@@ -205,7 +222,20 @@ int which;
goto err;
dd= s->enc_write_ctx;
s->write_hash=m;
s->write_compression=comp;
if (s->compress != NULL)
{
COMP_CTX_free(s->compress);
s->compress=NULL;
}
if (comp != NULL)
{
s->compress=COMP_CTX_new(comp);
if (s->compress == NULL)
{
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err2;
}
}
memset(&(s->s3->write_sequence[0]),0,8);
mac_secret= &(s->s3->write_mac_secret[0]);
}
@@ -262,7 +292,7 @@ printf("which = %04X\nmac key=",which);
p+=SSL3_RANDOM_SIZE;
memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
p+=SSL3_RANDOM_SIZE;
tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,key,j,
tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
tmp1,tmp2,EVP_CIPHER_key_length(c));
key=tmp1;
@@ -277,7 +307,7 @@ printf("which = %04X\nmac key=",which);
memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
p+=SSL3_RANDOM_SIZE;
tls1_PRF(s->ctx->md5,s->ctx->sha1,
buf,p-buf,"",0,iv1,iv2,k*2);
buf,(int)(p-buf),"",0,iv1,iv2,k*2);
if (client_write)
iv=iv1;
else
@@ -374,7 +404,6 @@ int send;
unsigned long l;
int bs,i,ii,j,k,n=0;
EVP_CIPHER *enc;
SSL_COMPRESSION *comp;
if (send)
{
@@ -383,12 +412,9 @@ int send;
ds=s->enc_write_ctx;
rec= &(s->s3->wrec);
if (s->enc_write_ctx == NULL)
{ enc=NULL; comp=NULL; }
enc=NULL;
else
{
enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
comp=s->write_compression;
}
}
else
{
@@ -397,16 +423,13 @@ int send;
ds=s->enc_read_ctx;
rec= &(s->s3->rrec);
if (s->enc_read_ctx == NULL)
{ enc=NULL; comp=NULL; }
enc=NULL;
else
{
enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
comp=s->read_compression;
}
}
if ((s->session == NULL) || (ds == NULL) ||
((enc == NULL) && (comp == NULL)))
(enc == NULL))
{
memcpy(rec->data,rec->input,rec->length);
rec->input=rec->data;
@@ -507,7 +530,7 @@ unsigned char *out;
EVP_DigestFinal(&ctx,q,&i);
q+=i;
tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,q-buf,
tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
s->session->master_key,s->session->master_key_length,
out,buf2,12);
memset(&ctx,0,sizeof(EVP_MD_CTX));
@@ -560,20 +583,20 @@ int send;
#ifdef TLS_DEBUG
printf("sec=");
{int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
printf("seq=");
{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
printf("buf=");
{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
printf("rec=");
{int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
#endif
for (i=7; i>=0; i--)
if (++seq[i]) break;
#ifdef TLS_DEBUG
{int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
#endif
return(md_size);
}

3
ssl/t1_lib.c
View File

@@ -60,7 +60,7 @@
#include "objects.h"
#include "ssl_locl.h"
char *tls1_version_str="TLSv1 part of SSLeay 0.9.0b 29-Jun-1998";
char *tls1_version_str="TLSv1 part of SSLeay 0.9.1a 06-Jul-1998";
#ifndef NO_PROTO
static long tls1_default_timeout(void);
@@ -94,6 +94,7 @@ static SSL_METHOD TLSv1_data= {
ssl3_write,
ssl3_shutdown,
ssl3_renegotiate,
ssl3_renegotiate_check,
ssl3_ctrl,
ssl3_ctx_ctrl,
ssl3_get_cipher_by_char,