openssl-1.0.0d/ssl/s3_clnt.c

307 			if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
308 			    !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
361 			if (s->s3->tmp.cert_req)
394 			if (s->s3->tmp.cert_req == 1)
401 				s->s3->change_cipher_spec=0;
403 			if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY)
406 				s->s3->change_cipher_spec=0;
418 			s->s3->change_cipher_spec=0;
429 			s->session->cipher=s->s3->tmp.new_cipher;
433 			if (s->s3->tmp.new_compression == NULL)
437 					s->s3->tmp.new_compression->id;
464 			s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
467 				s->s3->tmp.next_state=SSL_ST_OK;
468 				if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
471 					s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
472 					s->s3->delay_buf_pop_ret=0;
480 					s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
484 				s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
529 			s->state=s->s3->tmp.next_state;
544 			if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
572 		if (!s->s3->tmp.reuse_message && !skip)
629 		p=s->s3->client_random;
643 		memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
746 		if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
750 				s->s3->tmp.reuse_message = 1;
762 	if ( s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO)
782 	memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);
880 	s->s3->tmp.new_cipher=c;
929 		s->s3->tmp.new_compression=comp;
987 	if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
988 		((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) &&
989 		(s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)))
991 		s->s3->tmp.reuse_message=1;
995 	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
1053 	    && !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
1054 		 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
1080 	need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
1081 	            (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
1087 	printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name,
1088 		s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert);
1186 	if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
1193 		if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
1201 		s->s3->tmp.reuse_message=1;
1236 	alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
1237 	alg_a=s->s3->tmp.new_cipher->algorithm_auth;
1463 		if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1555 				EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1556 				EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1585 			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1586 			EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1603 			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1604 			EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1681 	s->s3->tmp.cert_req=0;
1683 	if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)
1685 		s->s3->tmp.reuse_message=1;
1689 	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST)
1699 		if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
1720 		s->s3->tmp.ctype[i]= p[i];
1791 	s->s3->tmp.cert_req=1;
1792 	s->s3->tmp.ctype_num=ctype_num;
1793 	if (s->s3->tmp.ca_names != NULL)
1794 		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
1795 	s->s3->tmp.ca_names=ca_sk;
1826 	if (s->s3->tmp.message_type == SSL3_MT_FINISHED)
1828 		s->s3->tmp.reuse_message=1;
1831 	if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET)
2018 		alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
2498 			if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
2510 			EVP_DigestUpdate(ukm_hash,s->s3->client_random,SSL3_RANDOM_SIZE);
2511 			EVP_DigestUpdate(ukm_hash,s->s3->server_random,SSL3_RANDOM_SIZE);
2545 				s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
2836 				s->s3->tmp.cert_req=0;
2842 				s->s3->tmp.cert_req=2;
2854 			(s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
2877 	alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
2878 	alg_a=s->s3->tmp.new_cipher->algorithm_auth;
2905 		    s->s3->tmp.new_cipher) == 0)
2963 	if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
2969 			    || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
2981 				|| DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
3023 	s->s3->tmp.reuse_message = 1;
3024 	if ((s->s3->tmp.message_type == SSL3_MT_FINISHED)
3025 		|| (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))