273 			else if (!s->s3->send_connection_binding &&
300 			s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
349 			if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
350 				&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
351 				&& !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
378 			alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
391 				s->s3->tmp.use_rsa_tmp=1;
393 				s->s3->tmp.use_rsa_tmp=0;
407 			if (s->s3->tmp.use_rsa_tmp
417 				    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
418 					&& EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
445 				((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
450 				(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
453 				|| (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
457 				s->s3->tmp.cert_request=0;
462 				s->s3->tmp.cert_request=1;
469 				s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
479 			s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
504 			s->state=s->s3->tmp.next_state;
516 				if (s->s3->tmp.cert_request)
557 				if (s->s3->handshake_buffer)
561 					if (s->s3->handshake_dgst[dgst_num]) 
565 						s->method->ssl3_enc->cert_verify_mac(s,EVP_MD_CTX_type(s->s3->handshake_dgst[dgst_num]),&(s->s3->tmp.cert_verify_md[offset]));
566 						dgst_size=EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]);
629 			s->session->cipher=s->s3->tmp.new_cipher;
658 				s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
660 				s->s3->tmp.next_state=SSL_ST_OK;
703 		if (!s->s3->tmp.reuse_message && !skip)
767 	s->s3->tmp.reuse_message = 1;
768 	if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
775 		if (s->s3->tmp.dh != NULL)
777 			DH_free(s->s3->tmp.dh);
778 			s->s3->tmp.dh = NULL;
855 	memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
1065 		pos=s->s3->server_random;
1114 	s->s3->tmp.new_compression=NULL;
1134 				s->s3->tmp.new_compression=comp;
1138 		if (s->s3->tmp.new_compression == NULL)
1179 			s->s3->tmp.new_compression=comp;
1224 		s->s3->tmp.new_cipher=c;
1246 				s->s3->tmp.new_cipher=nc;
1248 				s->s3->tmp.new_cipher=ec;
1250 				s->s3->tmp.new_cipher=s->session->cipher;
1254 		s->s3->tmp.new_cipher=s->session->cipher;
1296 		p=s->s3->server_random;
1310 		memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
1343 		i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
1350 		if (s->s3->tmp.new_compression == NULL)
1353 			*(p++)=s->s3->tmp.new_compression->id;
1440 		type=s->s3->tmp.new_cipher->algorithm_mkey;
1454 				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1455 				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1473 			s->s3->tmp.use_rsa_tmp=1;
1483 				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1484 				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1492 			if (s->s3->tmp.dh != NULL)
1505 			s->s3->tmp.dh=dh;
1543 				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1544 				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1553 			if (s->s3->tmp.ecdh != NULL)
1555 				EC_KEY_free(s->s3->tmp.ecdh); 
1573 			s->s3->tmp.ecdh=ecdh;
1593 			if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1681 		if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
1682 			&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
1684 			if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
1762 					EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1763 					EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1786 				EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1787 				EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1805 				EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1806 				EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1974 	alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
1980 		if (s->s3->tmp.use_rsa_tmp)
2108 			if (s->s3->tmp.dh == NULL)
2115 				dh_srvr=s->s3->tmp.dh;
2133 		DH_free(s->s3->tmp.dh);
2134 		s->s3->tmp.dh=NULL;
2366 			tkey = s->s3->tmp.ecdh;
2476 		EC_KEY_free(s->s3->tmp.ecdh);
2477 		s->s3->tmp.ecdh = NULL; 
2593 			alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2709 	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
2711 		s->s3->tmp.reuse_message=1;
2736 	if (s->s3->change_cipher_spec)
2775 		i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
2797 			&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
2813 			&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
2837 			j=EVP_PKEY_verify(pctx,signature,64,s->s3->tmp.cert_verify_md,32);
2884 	if	(s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE)
2894 		if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)
2900 		s->s3->tmp.reuse_message=1;
2904 	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
3033 			if ((s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5) ||
3034 			    (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5))

Indexes created Mon Jul 01 21:43:02 MDT 2024