OpenSSL
1.0.1c
Main Page
Classes
Files
File List
File Members
All
Classes
Files
Functions
Variables
Typedefs
Enumerations
Enumerator
Macros
ssl
s2_lib.c
Go to the documentation of this file.
1
/* ssl/s2_lib.c */
2
/* Copyright (C) 1995-1998 Eric Young (
[email protected]
)
3
* All rights reserved.
4
*
5
* This package is an SSL implementation written
6
* by Eric Young (
[email protected]
).
7
* The implementation was written so as to conform with Netscapes SSL.
8
*
9
* This library is free for commercial and non-commercial use as long as
10
* the following conditions are aheared to. The following conditions
11
* apply to all code found in this distribution, be it the RC4, RSA,
12
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13
* included with this distribution is covered by the same copyright terms
14
* except that the holder is Tim Hudson (
[email protected]
).
15
*
16
* Copyright remains Eric Young's, and as such any Copyright notices in
17
* the code are not to be removed.
18
* If this package is used in a product, Eric Young should be given attribution
19
* as the author of the parts of the library used.
20
* This can be in the form of a textual message at program startup or
21
* in documentation (online or textual) provided with the package.
22
*
23
* Redistribution and use in source and binary forms, with or without
24
* modification, are permitted provided that the following conditions
25
* are met:
26
* 1. Redistributions of source code must retain the copyright
27
* notice, this list of conditions and the following disclaimer.
28
* 2. Redistributions in binary form must reproduce the above copyright
29
* notice, this list of conditions and the following disclaimer in the
30
* documentation and/or other materials provided with the distribution.
31
* 3. All advertising materials mentioning features or use of this software
32
* must display the following acknowledgement:
33
* "This product includes cryptographic software written by
34
* Eric Young (
[email protected]
)"
35
* The word 'cryptographic' can be left out if the rouines from the library
36
* being used are not cryptographic related :-).
37
* 4. If you include any Windows specific code (or a derivative thereof) from
38
* the apps directory (application code) you must include an acknowledgement:
39
* "This product includes software written by Tim Hudson (
[email protected]
)"
40
*
41
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51
* SUCH DAMAGE.
52
*
53
* The licence and distribution terms for any publically available version or
54
* derivative of this code cannot be changed. i.e. this code cannot simply be
55
* copied and put under another distribution licence
56
* [including the GNU Public Licence.]
57
*/
58
/* ====================================================================
59
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60
*
61
* Redistribution and use in source and binary forms, with or without
62
* modification, are permitted provided that the following conditions
63
* are met:
64
*
65
* 1. Redistributions of source code must retain the above copyright
66
* notice, this list of conditions and the following disclaimer.
67
*
68
* 2. Redistributions in binary form must reproduce the above copyright
69
* notice, this list of conditions and the following disclaimer in
70
* the documentation and/or other materials provided with the
71
* distribution.
72
*
73
* 3. All advertising materials mentioning features or use of this
74
* software must display the following acknowledgment:
75
* "This product includes software developed by the OpenSSL Project
76
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77
*
78
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79
* endorse or promote products derived from this software without
80
* prior written permission. For written permission, please contact
81
*
[email protected]
.
82
*
83
* 5. Products derived from this software may not be called "OpenSSL"
84
* nor may "OpenSSL" appear in their names without prior written
85
* permission of the OpenSSL Project.
86
*
87
* 6. Redistributions of any form whatsoever must retain the following
88
* acknowledgment:
89
* "This product includes software developed by the OpenSSL Project
90
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91
*
92
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103
* OF THE POSSIBILITY OF SUCH DAMAGE.
104
* ====================================================================
105
*
106
* This product includes cryptographic software written by Eric Young
107
* (
[email protected]
). This product includes software written by Tim
108
* Hudson (
[email protected]
).
109
*
110
*/
111
112
#include "
ssl_locl.h
"
113
#ifndef OPENSSL_NO_SSL2
114
#include <stdio.h>
115
#include <
openssl/objects.h
>
116
#include <
openssl/evp.h
>
117
#include <
openssl/md5.h
>
118
119
const
char
ssl2_version_str
[]=
"SSLv2"
OPENSSL_VERSION_PTEXT
;
120
121
#define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
122
123
/* list of available SSLv2 ciphers (sorted by id) */
124
OPENSSL_GLOBAL
const
SSL_CIPHER
ssl2_ciphers
[]={
125
#if 0
126
/* NULL_WITH_MD5 v3 */
127
{
128
1,
129
SSL2_TXT_NULL_WITH_MD5
,
130
SSL2_CK_NULL_WITH_MD5
,
131
SSL_kRSA
,
132
SSL_aRSA
,
133
SSL_eNULL
,
134
SSL_MD5
,
135
SSL_SSLV2
,
136
SSL_EXPORT
|
SSL_EXP40
|
SSL_STRONG_NONE
,
137
0,
138
0,
139
0,
140
},
141
#endif
142
143
/* RC4_128_WITH_MD5 */
144
{
145
1,
146
SSL2_TXT_RC4_128_WITH_MD5
,
147
SSL2_CK_RC4_128_WITH_MD5
,
148
SSL_kRSA
,
149
SSL_aRSA
,
150
SSL_RC4
,
151
SSL_MD5
,
152
SSL_SSLV2
,
153
SSL_NOT_EXP
|
SSL_MEDIUM
,
154
0,
155
128,
156
128,
157
},
158
159
/* RC4_128_EXPORT40_WITH_MD5 */
160
{
161
1,
162
SSL2_TXT_RC4_128_EXPORT40_WITH_MD5
,
163
SSL2_CK_RC4_128_EXPORT40_WITH_MD5
,
164
SSL_kRSA
,
165
SSL_aRSA
,
166
SSL_RC4
,
167
SSL_MD5
,
168
SSL_SSLV2
,
169
SSL_EXPORT
|
SSL_EXP40
,
170
SSL2_CF_5_BYTE_ENC
,
171
40,
172
128,
173
},
174
175
/* RC2_128_CBC_WITH_MD5 */
176
{
177
1,
178
SSL2_TXT_RC2_128_CBC_WITH_MD5
,
179
SSL2_CK_RC2_128_CBC_WITH_MD5
,
180
SSL_kRSA
,
181
SSL_aRSA
,
182
SSL_RC2
,
183
SSL_MD5
,
184
SSL_SSLV2
,
185
SSL_NOT_EXP
|
SSL_MEDIUM
,
186
0,
187
128,
188
128,
189
},
190
191
/* RC2_128_CBC_EXPORT40_WITH_MD5 */
192
{
193
1,
194
SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5
,
195
SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5
,
196
SSL_kRSA
,
197
SSL_aRSA
,
198
SSL_RC2
,
199
SSL_MD5
,
200
SSL_SSLV2
,
201
SSL_EXPORT
|
SSL_EXP40
,
202
SSL2_CF_5_BYTE_ENC
,
203
40,
204
128,
205
},
206
207
#ifndef OPENSSL_NO_IDEA
208
/* IDEA_128_CBC_WITH_MD5 */
209
{
210
1,
211
SSL2_TXT_IDEA_128_CBC_WITH_MD5
,
212
SSL2_CK_IDEA_128_CBC_WITH_MD5
,
213
SSL_kRSA
,
214
SSL_aRSA
,
215
SSL_IDEA
,
216
SSL_MD5
,
217
SSL_SSLV2
,
218
SSL_NOT_EXP
|
SSL_MEDIUM
,
219
0,
220
128,
221
128,
222
},
223
#endif
224
225
/* DES_64_CBC_WITH_MD5 */
226
{
227
1,
228
SSL2_TXT_DES_64_CBC_WITH_MD5
,
229
SSL2_CK_DES_64_CBC_WITH_MD5
,
230
SSL_kRSA
,
231
SSL_aRSA
,
232
SSL_DES
,
233
SSL_MD5
,
234
SSL_SSLV2
,
235
SSL_NOT_EXP
|
SSL_LOW
,
236
0,
237
56,
238
56,
239
},
240
241
/* DES_192_EDE3_CBC_WITH_MD5 */
242
{
243
1,
244
SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5
,
245
SSL2_CK_DES_192_EDE3_CBC_WITH_MD5
,
246
SSL_kRSA
,
247
SSL_aRSA
,
248
SSL_3DES
,
249
SSL_MD5
,
250
SSL_SSLV2
,
251
SSL_NOT_EXP
|
SSL_HIGH
,
252
0,
253
168,
254
168,
255
},
256
257
#if 0
258
/* RC4_64_WITH_MD5 */
259
{
260
1,
261
SSL2_TXT_RC4_64_WITH_MD5
,
262
SSL2_CK_RC4_64_WITH_MD5
,
263
SSL_kRSA
,
264
SSL_aRSA
,
265
SSL_RC4
,
266
SSL_MD5
,
267
SSL_SSLV2
,
268
SSL_NOT_EXP
|
SSL_LOW
,
269
SSL2_CF_8_BYTE_ENC
,
270
64,
271
64,
272
},
273
#endif
274
275
#if 0
276
/* NULL SSLeay (testing) */
277
{
278
0,
279
SSL2_TXT_NULL
,
280
SSL2_CK_NULL
,
281
0,
282
0,
283
0,
284
0,
285
SSL_SSLV2
,
286
SSL_STRONG_NONE
,
287
0,
288
0,
289
0,
290
},
291
#endif
292
293
/* end of list :-) */
294
};
295
296
long
ssl2_default_timeout
(
void
)
297
{
298
return
(300);
299
}
300
301
int
ssl2_num_ciphers
(
void
)
302
{
303
return
(
SSL2_NUM_CIPHERS
);
304
}
305
306
const
SSL_CIPHER
*
ssl2_get_cipher
(
unsigned
int
u
)
307
{
308
if
(u <
SSL2_NUM_CIPHERS
)
309
return
(&(
ssl2_ciphers
[
SSL2_NUM_CIPHERS
-1-u]));
310
else
311
return
(NULL);
312
}
313
314
int
ssl2_pending
(
const
SSL
*s)
315
{
316
return
SSL_in_init
(s) ? 0 : s->
s2
->
ract_data_length
;
317
}
318
319
int
ssl2_new
(
SSL
*s)
320
{
321
SSL2_STATE
*s2;
322
323
if
((s2=
OPENSSL_malloc
(
sizeof
*s2)) == NULL)
goto
err;
324
memset(s2,0,
sizeof
*s2);
325
326
#if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
327
# error "assertion failed"
328
#endif
329
330
if
((s2->
rbuf
=
OPENSSL_malloc
(
331
SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
+2)) == NULL)
goto
err;
332
/* wbuf needs one byte more because when using two-byte headers,
333
* we leave the first byte unused in do_ssl_write (s2_pkt.c) */
334
if
((s2->
wbuf
=
OPENSSL_malloc
(
335
SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
+3)) == NULL)
goto
err;
336
s->
s2
=s2;
337
338
ssl2_clear
(s);
339
return
(1);
340
err:
341
if
(s2 != NULL)
342
{
343
if
(s2->
wbuf
!= NULL)
OPENSSL_free
(s2->
wbuf
);
344
if
(s2->
rbuf
!= NULL)
OPENSSL_free
(s2->
rbuf
);
345
OPENSSL_free
(s2);
346
}
347
return
(0);
348
}
349
350
void
ssl2_free
(
SSL
*s)
351
{
352
SSL2_STATE
*s2;
353
354
if
(s == NULL)
355
return
;
356
357
s2=s->
s2
;
358
if
(s2->
rbuf
!= NULL)
OPENSSL_free
(s2->
rbuf
);
359
if
(s2->
wbuf
!= NULL)
OPENSSL_free
(s2->
wbuf
);
360
OPENSSL_cleanse
(s2,
sizeof
*s2);
361
OPENSSL_free
(s2);
362
s->
s2
=NULL;
363
}
364
365
void
ssl2_clear
(
SSL
*s)
366
{
367
SSL2_STATE
*s2;
368
unsigned
char
*rbuf,*wbuf;
369
370
s2=s->
s2
;
371
372
rbuf=s2->
rbuf
;
373
wbuf=s2->
wbuf
;
374
375
memset(s2,0,
sizeof
*s2);
376
377
s2->
rbuf
=rbuf;
378
s2->
wbuf
=wbuf;
379
s2->
clear_text
=1;
380
s->
packet
=s2->
rbuf
;
381
s->
version
=
SSL2_VERSION
;
382
s->
packet_length
=0;
383
}
384
385
long
ssl2_ctrl
(
SSL
*s,
int
cmd,
long
larg,
void
*parg)
386
{
387
int
ret=0;
388
389
switch
(cmd)
390
{
391
case
SSL_CTRL_GET_SESSION_REUSED
:
392
ret=s->
hit
;
393
break
;
394
default
:
395
break
;
396
}
397
return
(ret);
398
}
399
400
long
ssl2_callback_ctrl
(
SSL
*s,
int
cmd,
void
(*
fp
)(
void
))
401
{
402
return
(0);
403
}
404
405
long
ssl2_ctx_ctrl
(
SSL_CTX
*ctx,
int
cmd,
long
larg,
void
*parg)
406
{
407
return
(0);
408
}
409
410
long
ssl2_ctx_callback_ctrl
(
SSL_CTX
*ctx,
int
cmd,
void
(*
fp
)(
void
))
411
{
412
return
(0);
413
}
414
415
/* This function needs to check if the ciphers required are actually
416
* available */
417
const
SSL_CIPHER
*
ssl2_get_cipher_by_char
(
const
unsigned
char
*
p
)
418
{
419
SSL_CIPHER
c
;
420
const
SSL_CIPHER
*cp;
421
unsigned
long
id;
422
423
id
=0x02000000L|((
unsigned
long)p[0]<<16L)|
424
((
unsigned
long)p[1]<<8L)|(
unsigned
long)p[2];
425
c.
id
=id;
426
cp = OBJ_bsearch_ssl_cipher_id(&c,
ssl2_ciphers
,
SSL2_NUM_CIPHERS
);
427
if
((cp == NULL) || (cp->
valid
== 0))
428
return
NULL;
429
else
430
return
cp;
431
}
432
433
int
ssl2_put_cipher_by_char
(
const
SSL_CIPHER
*c,
unsigned
char
*
p
)
434
{
435
long
l;
436
437
if
(p != NULL)
438
{
439
l=c->
id
;
440
if
((l & 0xff000000) != 0x02000000)
return
(0);
441
p[0]=((
unsigned
char)(l>>16L))&0xFF;
442
p[1]=((
unsigned
char)(l>> 8L))&0xFF;
443
p[2]=((
unsigned
char)(l ))&0xFF;
444
}
445
return
(3);
446
}
447
448
int
ssl2_generate_key_material
(
SSL
*s)
449
{
450
unsigned
int
i;
451
EVP_MD_CTX
ctx;
452
unsigned
char
*km;
453
unsigned
char
c
=
'0'
;
454
const
EVP_MD
*md5;
455
int
md_size;
456
457
md5 =
EVP_md5
();
458
459
#ifdef CHARSET_EBCDIC
460
c =
os_toascii
[
'0'
];
/* Must be an ASCII '0', not EBCDIC '0',
461
see SSLv2 docu */
462
#endif
463
EVP_MD_CTX_init
(&ctx);
464
km=s->
s2
->
key_material
;
465
466
if
(s->
session
->
master_key_length
< 0 ||
467
s->
session
->
master_key_length
> (
int
)
sizeof
(s->
session
->
master_key
))
468
{
469
SSLerr
(
SSL_F_SSL2_GENERATE_KEY_MATERIAL
,
ERR_R_INTERNAL_ERROR
);
470
return
0;
471
}
472
md_size =
EVP_MD_size
(md5);
473
if
(md_size < 0)
474
return
0;
475
for
(i=0; i<s->
s2
->
key_material_length
; i += md_size)
476
{
477
if
(((km - s->
s2
->
key_material
) + md_size) >
478
(
int
)
sizeof
(s->
s2
->
key_material
))
479
{
480
/* EVP_DigestFinal_ex() below would write beyond buffer */
481
SSLerr
(
SSL_F_SSL2_GENERATE_KEY_MATERIAL
,
ERR_R_INTERNAL_ERROR
);
482
return
0;
483
}
484
485
EVP_DigestInit_ex
(&ctx, md5, NULL);
486
487
OPENSSL_assert
(s->
session
->
master_key_length
>= 0
488
&& s->
session
->
master_key_length
489
< (
int
)
sizeof
(s->
session
->
master_key
));
490
EVP_DigestUpdate
(&ctx,s->
session
->
master_key
,s->
session
->
master_key_length
);
491
EVP_DigestUpdate
(&ctx,&c,1);
492
c++;
493
EVP_DigestUpdate
(&ctx,s->
s2
->
challenge
,s->
s2
->
challenge_length
);
494
EVP_DigestUpdate
(&ctx,s->
s2
->
conn_id
,s->
s2
->
conn_id_length
);
495
EVP_DigestFinal_ex
(&ctx,km,NULL);
496
km += md_size;
497
}
498
499
EVP_MD_CTX_cleanup
(&ctx);
500
return
1;
501
}
502
503
void
ssl2_return_error
(
SSL
*s,
int
err)
504
{
505
if
(!s->
error
)
506
{
507
s->
error
=3;
508
s->
error_code
=err;
509
510
ssl2_write_error
(s);
511
}
512
}
513
514
515
void
ssl2_write_error
(
SSL
*s)
516
{
517
unsigned
char
buf[3];
518
int
i,
error
;
519
520
buf[0]=
SSL2_MT_ERROR
;
521
buf[1]=(s->
error_code
>>8)&0xff;
522
buf[2]=(s->
error_code
)&0xff;
523
524
/* state=s->rwstate;*/
525
526
error=s->
error
;
/* number of bytes left to write */
527
s->
error
=0;
528
OPENSSL_assert
(error >= 0 && error <= (
int
)
sizeof
(buf));
529
i=
ssl2_write
(s,&(buf[3-error]),error);
530
531
/* if (i == error) s->rwstate=state; */
532
533
if
(i < 0)
534
s->
error
=
error
;
535
else
536
{
537
s->
error
=error-i;
538
539
if
(s->
error
== 0)
540
if
(s->
msg_callback
)
541
s->
msg_callback
(1, s->
version
, 0, buf, 3, s, s->
msg_callback_arg
);
/* ERROR */
542
}
543
}
544
545
int
ssl2_shutdown
(
SSL
*s)
546
{
547
s->
shutdown
=(
SSL_SENT_SHUTDOWN
|
SSL_RECEIVED_SHUTDOWN
);
548
return
(1);
549
}
550
#else
/* !OPENSSL_NO_SSL2 */
551
552
# if PEDANTIC
553
static
void
*dummy=&dummy;
554
# endif
555
556
#endif
Generated on Thu Jan 10 2013 09:53:43 for OpenSSL by
1.8.2
1.8.2
