* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
*/
#include <stdio.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
#include <openssl/objects.h>
#include "ssl_locl.h"
+#include "kssl_lcl.h"
+#include <openssl/md5.h>
const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
SSL3_TXT_RSA_NULL_MD5,
SSL3_CK_RSA_NULL_MD5,
SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
- SSL_NOT_EXP,
+ SSL_NOT_EXP|SSL_STRONG_NONE,
0,
0,
0,
SSL3_TXT_RSA_NULL_SHA,
SSL3_CK_RSA_NULL_SHA,
SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP,
+ SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
0,
0,
0,
SSL3_TXT_ADH_RC4_128_MD5,
SSL3_CK_ADH_RC4_128_MD5,
SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
- SSL_NOT_EXP,
+ SSL_NOT_EXP|SSL_MEDIUM,
0,
128,
128,
SSL3_TXT_ADH_DES_40_CBC_SHA,
SSL3_CK_ADH_DES_40_CBC_SHA,
SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
+ SSL_EXPORT|SSL_EXP40|SSL_FIPS,
0,
40,
128,
SSL3_TXT_ADH_DES_64_CBC_SHA,
SSL3_CK_ADH_DES_64_CBC_SHA,
SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP,
+ SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
0,
56,
56,
SSL3_TXT_ADH_DES_192_CBC_SHA,
SSL3_CK_ADH_DES_192_CBC_SHA,
SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
0,
168,
168,
SSL_ALL_STRENGTHS,
},
/* Cipher 07 */
+#ifndef OPENSSL_NO_IDEA
{
1,
SSL3_TXT_RSA_IDEA_128_SHA,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
+#endif
/* Cipher 08 */
{
1,
SSL3_TXT_RSA_DES_40_CBC_SHA,
SSL3_CK_RSA_DES_40_CBC_SHA,
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
+ SSL_EXPORT|SSL_EXP40|SSL_FIPS,
0,
40,
56,
SSL3_TXT_RSA_DES_64_CBC_SHA,
SSL3_CK_RSA_DES_64_CBC_SHA,
SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
+ SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
0,
56,
56,
SSL3_TXT_RSA_DES_192_CBC3_SHA,
SSL3_CK_RSA_DES_192_CBC3_SHA,
SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
0,
168,
168,
SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
SSL3_CK_DH_DSS_DES_40_CBC_SHA,
SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
+ SSL_EXPORT|SSL_EXP40|SSL_FIPS,
0,
40,
56,
SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
SSL3_CK_DH_DSS_DES_64_CBC_SHA,
SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
+ SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
0,
56,
56,
SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
0,
168,
168,
SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
SSL3_CK_DH_RSA_DES_40_CBC_SHA,
SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
+ SSL_EXPORT|SSL_EXP40|SSL_FIPS,
0,
40,
56,
SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
SSL3_CK_DH_RSA_DES_64_CBC_SHA,
SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
+ SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
0,
56,
56,
SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
0,
168,
168,
SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
+ SSL_EXPORT|SSL_EXP40|SSL_FIPS,
0,
40,
56,
SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
+ SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
0,
56,
56,
SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
0,
168,
168,
SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
+ SSL_EXPORT|SSL_EXP40|SSL_FIPS,
0,
40,
56,
SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
+ SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
0,
56,
56,
SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
0,
168,
168,
SSL3_TXT_FZA_DMS_NULL_SHA,
SSL3_CK_FZA_DMS_NULL_SHA,
SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP,
+ SSL_NOT_EXP|SSL_STRONG_NONE,
0,
0,
0,
SSL3_TXT_FZA_DMS_FZA_SHA,
SSL3_CK_FZA_DMS_FZA_SHA,
SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP,
+ SSL_NOT_EXP|SSL_STRONG_NONE,
0,
0,
0,
SSL_ALL_STRENGTHS,
},
+#if 0
/* Cipher 1E */
{
0,
SSL3_TXT_FZA_DMS_RC4_SHA,
SSL3_CK_FZA_DMS_RC4_SHA,
SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP,
+ SSL_NOT_EXP|SSL_MEDIUM,
0,
128,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
+#endif
-#ifndef NO_KRB5
+#ifndef OPENSSL_NO_KRB5
/* The Kerberos ciphers
** 20000107 VRS: And the first shall be last,
** in hopes of avoiding the lynx ssl renegotiation problem.
*/
-/* Cipher 21 VRS */
+/* Cipher 1E VRS */
{
1,
- SSL3_TXT_KRB5_DES_40_CBC_SHA,
- SSL3_CK_KRB5_DES_40_CBC_SHA,
+ SSL3_TXT_KRB5_DES_64_CBC_SHA,
+ SSL3_CK_KRB5_DES_64_CBC_SHA,
SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
+ SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
0,
- 40,
+ 56,
56,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
-/* Cipher 22 VRS */
+/* Cipher 1F VRS */
{
1,
- SSL3_TXT_KRB5_DES_40_CBC_MD5,
- SSL3_CK_KRB5_DES_40_CBC_MD5,
- SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
+ SSL3_TXT_KRB5_DES_192_CBC3_SHA,
+ SSL3_CK_KRB5_DES_192_CBC3_SHA,
+ SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
0,
- 40,
- 56,
+ 112,
+ 168,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
-/* Cipher 23 VRS */
+/* Cipher 20 VRS */
{
1,
- SSL3_TXT_KRB5_DES_64_CBC_SHA,
- SSL3_CK_KRB5_DES_64_CBC_SHA,
- SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
+ SSL3_TXT_KRB5_RC4_128_SHA,
+ SSL3_CK_KRB5_RC4_128_SHA,
+ SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3,
+ SSL_NOT_EXP|SSL_MEDIUM,
0,
- 56,
- 56,
+ 128,
+ 128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
-/* Cipher 24 VRS */
+/* Cipher 21 VRS */
+ {
+ 1,
+ SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
+ SSL3_CK_KRB5_IDEA_128_CBC_SHA,
+ SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_SHA1 |SSL_SSLV3,
+ SSL_NOT_EXP|SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 22 VRS */
{
1,
SSL3_TXT_KRB5_DES_64_CBC_MD5,
SSL_ALL_STRENGTHS,
},
-/* Cipher 25 VRS */
+/* Cipher 23 VRS */
{
1,
- SSL3_TXT_KRB5_DES_192_CBC3_SHA,
- SSL3_CK_KRB5_DES_192_CBC3_SHA,
- SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3,
+ SSL3_TXT_KRB5_DES_192_CBC3_MD5,
+ SSL3_CK_KRB5_DES_192_CBC3_MD5,
+ SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH,
0,
112,
SSL_ALL_STRENGTHS,
},
+/* Cipher 24 VRS */
+ {
+ 1,
+ SSL3_TXT_KRB5_RC4_128_MD5,
+ SSL3_CK_KRB5_RC4_128_MD5,
+ SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
+ SSL_NOT_EXP|SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 25 VRS */
+ {
+ 1,
+ SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
+ SSL3_CK_KRB5_IDEA_128_CBC_MD5,
+ SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_MD5 |SSL_SSLV3,
+ SSL_NOT_EXP|SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
/* Cipher 26 VRS */
{
1,
- SSL3_TXT_KRB5_DES_192_CBC3_MD5,
- SSL3_CK_KRB5_DES_192_CBC3_MD5,
- SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
+ SSL3_TXT_KRB5_DES_40_CBC_SHA,
+ SSL3_CK_KRB5_DES_40_CBC_SHA,
+ SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
+ SSL_EXPORT|SSL_EXP40|SSL_FIPS,
0,
- 112,
- 168,
+ 40,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 27 VRS */
+ {
+ 1,
+ SSL3_TXT_KRB5_RC2_40_CBC_SHA,
+ SSL3_CK_KRB5_RC2_40_CBC_SHA,
+ SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_SHA1 |SSL_SSLV3,
+ SSL_EXPORT|SSL_EXP40,
+ 0,
+ 40,
+ 128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
-#endif /* NO_KRB5 */
+
+/* Cipher 28 VRS */
+ {
+ 1,
+ SSL3_TXT_KRB5_RC4_40_SHA,
+ SSL3_CK_KRB5_RC4_40_SHA,
+ SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3,
+ SSL_EXPORT|SSL_EXP40,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 29 VRS */
+ {
+ 1,
+ SSL3_TXT_KRB5_DES_40_CBC_MD5,
+ SSL3_CK_KRB5_DES_40_CBC_MD5,
+ SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3,
+ SSL_EXPORT|SSL_EXP40,
+ 0,
+ 40,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 2A VRS */
+ {
+ 1,
+ SSL3_TXT_KRB5_RC2_40_CBC_MD5,
+ SSL3_CK_KRB5_RC2_40_CBC_MD5,
+ SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_MD5 |SSL_SSLV3,
+ SSL_EXPORT|SSL_EXP40,
+ 0,
+ 40,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 2B VRS */
+ {
+ 1,
+ SSL3_TXT_KRB5_RC4_40_MD5,
+ SSL3_CK_KRB5_RC4_40_MD5,
+ SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
+ SSL_EXPORT|SSL_EXP40,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+#endif /* OPENSSL_NO_KRB5 */
#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
+ SSL_EXPORT|SSL_EXP56|SSL_FIPS,
0,
56,
56,
TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
+ SSL_EXPORT|SSL_EXP56|SSL_FIPS,
0,
56,
56,
TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP,
+ SSL_NOT_EXP|SSL_MEDIUM,
0,
128,
128,
TLS1_TXT_RSA_WITH_AES_128_SHA,
TLS1_CK_RSA_WITH_AES_128_SHA,
SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
+ SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS,
0,
128,
128,
TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
TLS1_CK_DH_DSS_WITH_AES_128_SHA,
SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
+ SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS,
0,
128,
128,
TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
TLS1_CK_DH_RSA_WITH_AES_128_SHA,
SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
+ SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS,
0,
128,
128,
TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
+ SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS,
0,
128,
128,
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
+ SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS,
0,
128,
128,
TLS1_TXT_ADH_WITH_AES_128_SHA,
TLS1_CK_ADH_WITH_AES_128_SHA,
SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
+ SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS,
0,
128,
128,
TLS1_TXT_RSA_WITH_AES_256_SHA,
TLS1_CK_RSA_WITH_AES_256_SHA,
SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
0,
256,
256,
TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
TLS1_CK_DH_DSS_WITH_AES_256_SHA,
SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
0,
256,
256,
TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
TLS1_CK_DH_RSA_WITH_AES_256_SHA,
SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
0,
256,
256,
TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
0,
256,
256,
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
0,
256,
256,
TLS1_TXT_ADH_WITH_AES_256_SHA,
TLS1_CK_ADH_WITH_AES_256_SHA,
SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
0,
256,
256,
return(NULL);
}
-int ssl3_pending(SSL *s)
+int ssl3_pending(const SSL *s)
{
+ if (s->rstate == SSL_ST_READ_BODY)
+ return 0;
+
return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
}
if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
memset(s3,0,sizeof *s3);
+ EVP_MD_CTX_init(&s3->finish_dgst1);
+ EVP_MD_CTX_init(&s3->finish_dgst2);
s->s3=s3;
OPENSSL_free(s->s3->wbuf.buf);
if (s->s3->rrec.comp != NULL)
OPENSSL_free(s->s3->rrec.comp);
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
if (s->s3->tmp.dh != NULL)
DH_free(s->s3->tmp.dh);
#endif
if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
- memset(s->s3,0,sizeof *s->s3);
+ EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
+ EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
+ OPENSSL_cleanse(s->s3,sizeof *s->s3);
OPENSSL_free(s->s3);
s->s3=NULL;
}
void ssl3_clear(SSL *s)
{
unsigned char *rp,*wp;
+ size_t rlen, wlen;
ssl3_cleanup_key_block(s);
if (s->s3->tmp.ca_names != NULL)
OPENSSL_free(s->s3->rrec.comp);
s->s3->rrec.comp=NULL;
}
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
if (s->s3->tmp.dh != NULL)
DH_free(s->s3->tmp.dh);
#endif
- rp=s->s3->rbuf.buf;
- wp=s->s3->wbuf.buf;
+ rp = s->s3->rbuf.buf;
+ wp = s->s3->wbuf.buf;
+ rlen = s->s3->rbuf.len;
+ wlen = s->s3->wbuf.len;
+
+ EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
+ EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
memset(s->s3,0,sizeof *s->s3);
- if (rp != NULL) s->s3->rbuf.buf=rp;
- if (wp != NULL) s->s3->wbuf.buf=wp;
+ s->s3->rbuf.buf = rp;
+ s->s3->wbuf.buf = wp;
+ s->s3->rbuf.len = rlen;
+ s->s3->wbuf.len = wlen;
ssl_free_wbio_buffer(s);
s->version=SSL3_VERSION;
}
-long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg)
+long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
{
int ret=0;
-#if !defined(NO_DSA) || !defined(NO_RSA)
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
if (
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
cmd == SSL_CTRL_SET_TMP_RSA ||
cmd == SSL_CTRL_SET_TMP_RSA_CB ||
#endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
cmd == SSL_CTRL_SET_TMP_DH ||
cmd == SSL_CTRL_SET_TMP_DH_CB ||
#endif
case SSL_CTRL_GET_FLAGS:
ret=(int)(s->s3->flags);
break;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
case SSL_CTRL_NEED_TMP_RSA:
if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
}
break;
#endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH:
{
DH *dh = (DH *)parg;
{
int ret=0;
-#if !defined(NO_DSA) || !defined(NO_RSA)
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
if (
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
cmd == SSL_CTRL_SET_TMP_RSA_CB ||
#endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
cmd == SSL_CTRL_SET_TMP_DH_CB ||
#endif
0)
switch (cmd)
{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
case SSL_CTRL_SET_TMP_RSA_CB:
{
s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
}
break;
#endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH_CB:
{
s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
return(ret);
}
-long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
+long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
{
CERT *cert;
switch (cmd)
{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
case SSL_CTRL_NEED_TMP_RSA:
if ( (cert->rsa_tmp == NULL) &&
((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
}
break;
#endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH:
{
DH *new=NULL,*dh;
switch (cmd)
{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
case SSL_CTRL_SET_TMP_RSA_CB:
{
cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
}
break;
#endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH_CB:
{
cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
{
CRYPTO_w_lock(CRYPTO_LOCK_SSL);
- for (i=0; i<SSL3_NUM_CIPHERS; i++)
- sorted[i]= &(ssl3_ciphers[i]);
+ if (init)
+ {
+ for (i=0; i<SSL3_NUM_CIPHERS; i++)
+ sorted[i]= &(ssl3_ciphers[i]);
- qsort( (char *)sorted,
- SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
- FP_ICC ssl_cipher_ptr_id_cmp);
+ qsort(sorted,
+ SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+ FP_ICC ssl_cipher_ptr_id_cmp);
+ init=0;
+ }
+
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-
- init=0;
}
id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
#endif /* KSSL_DEBUG */
alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
+#ifndef OPENSSL_NO_KRB5
+ if (alg & SSL_KRB5)
+ {
+ if ( !kssl_keytab_is_available(s->kssl_ctx) )
+ continue;
+ }
+#endif /* OPENSSL_NO_KRB5 */
if (SSL_C_IS_EXPORT(c))
{
ok=((alg & emask) == alg)?1:0;
alg=s->s3->tmp.new_cipher->algorithms;
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
if (alg & (SSL_kDHr|SSL_kEDH))
{
-# ifndef NO_RSA
+# ifndef OPENSSL_NO_RSA
p[ret++]=SSL3_CT_RSA_FIXED_DH;
# endif
-# ifndef NO_DSA
+# ifndef OPENSSL_NO_DSA
p[ret++]=SSL3_CT_DSS_FIXED_DH;
# endif
}
if ((s->version == SSL3_VERSION) &&
(alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
{
-# ifndef NO_RSA
+# ifndef OPENSSL_NO_RSA
p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
# endif
-# ifndef NO_DSA
+# ifndef OPENSSL_NO_DSA
p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
# endif
}
-#endif /* !NO_DH */
-#ifndef NO_RSA
+#endif /* !OPENSSL_NO_DH */
+#ifndef OPENSSL_NO_RSA
p[ret++]=SSL3_CT_RSA_SIGN;
#endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
p[ret++]=SSL3_CT_DSS_SIGN;
#endif
return(ret);
if (s->s3->renegotiate) ssl3_renegotiate_check(s);
s->s3->in_read_app_data=1;
ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
- if ((ret == -1) && (s->s3->in_read_app_data == 0))
+ if ((ret == -1) && (s->s3->in_read_app_data == 2))
{
/* ssl3_read_bytes decided to call s->handshake_func, which
* called ssl3_read_bytes to read handshake data.
* However, ssl3_read_bytes actually found application data
- * and thinks that application data makes sense here (signalled
- * by resetting 'in_read_app_data', strangely); so disable
+ * and thinks that application data makes sense here; so disable
* handshake processing and try to read application data again. */
s->in_handshake++;
ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
return ssl3_read_internal(s, buf, len, 0);
}
-int ssl3_peek(SSL *s, char *buf, int len)
+int ssl3_peek(SSL *s, void *buf, int len)
{
return ssl3_read_internal(s, buf, len, 1);
}