Context Navigation

source: openssl/trunk/ssl/s2_lib.c@ 808

Last change on this file since 808 was 808, checked in by dmik, 11 years ago
openssl: Merge version 1.0.0n from vendor to trunk.
File size: 13.1 KB

Line
1	/* ssl/s2_lib.c */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.
4	*
5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.
8	*
9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.
22	*
23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions
25	* are met:
26	* 1. Redistributions of source code must retain the copyright
27	* notice, this list of conditions and the following disclaimer.
28	* 2. Redistributions in binary form must reproduce the above copyright
29	* notice, this list of conditions and the following disclaimer in the
30	* documentation and/or other materials provided with the distribution.
31	* 3. All advertising materials mentioning features or use of this software
32	* must display the following acknowledgement:
33	* "This product includes cryptographic software written by
34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.
52	*
53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]
57	*/
58	/* ====================================================================
59	* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60	*
61	* Redistribution and use in source and binary forms, with or without
62	* modification, are permitted provided that the following conditions
63	* are met:
64	*
65	* 1. Redistributions of source code must retain the above copyright
66	* notice, this list of conditions and the following disclaimer.
67	*
68	* 2. Redistributions in binary form must reproduce the above copyright
69	* notice, this list of conditions and the following disclaimer in
70	* the documentation and/or other materials provided with the
71	* distribution.
72	*
73	* 3. All advertising materials mentioning features or use of this
74	* software must display the following acknowledgment:
75	* "This product includes software developed by the OpenSSL Project
76	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77	*
78	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79	* endorse or promote products derived from this software without
80	* prior written permission. For written permission, please contact
81	* openssl-core@openssl.org.
82	*
83	* 5. Products derived from this software may not be called "OpenSSL"
84	* nor may "OpenSSL" appear in their names without prior written
85	* permission of the OpenSSL Project.
86	*
87	* 6. Redistributions of any form whatsoever must retain the following
88	* acknowledgment:
89	* "This product includes software developed by the OpenSSL Project
90	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91	*
92	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103	* OF THE POSSIBILITY OF SUCH DAMAGE.
104	* ====================================================================
105	*
106	* This product includes cryptographic software written by Eric Young
107	* (eay@cryptsoft.com). This product includes software written by Tim
108	* Hudson (tjh@cryptsoft.com).
109	*
110	*/
111
112	#include "ssl_locl.h"
113	#ifndef OPENSSL_NO_SSL2
114	#include <stdio.h>
115	#include <openssl/objects.h>
116	#include <openssl/evp.h>
117	#include <openssl/md5.h>
118
119	const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT;
120
121	#define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
122
123	/* list of available SSLv2 ciphers (sorted by id) */
124	OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[]={
125	#if 0
126	/* NULL_WITH_MD5 v3 */
127	{
128	1,
129	SSL2_TXT_NULL_WITH_MD5,
130	SSL2_CK_NULL_WITH_MD5,
131	SSL_kRSA,
132	SSL_aRSA,
133	SSL_eNULL,
134	SSL_MD5,
135	SSL_SSLV2,
136	SSL_EXPORT\|SSL_EXP40\|SSL_STRONG_NONE,
137	0,
138	0,
139	0,
140	},
141	#endif
142
143	/* RC4_128_WITH_MD5 */
144	{
145	1,
146	SSL2_TXT_RC4_128_WITH_MD5,
147	SSL2_CK_RC4_128_WITH_MD5,
148	SSL_kRSA,
149	SSL_aRSA,
150	SSL_RC4,
151	SSL_MD5,
152	SSL_SSLV2,
153	SSL_NOT_EXP\|SSL_MEDIUM,
154	0,
155	128,
156	128,
157	},
158
159	/* RC4_128_EXPORT40_WITH_MD5 */
160	{
161	1,
162	SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
163	SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
164	SSL_kRSA,
165	SSL_aRSA,
166	SSL_RC4,
167	SSL_MD5,
168	SSL_SSLV2,
169	SSL_EXPORT\|SSL_EXP40,
170	SSL2_CF_5_BYTE_ENC,
171	40,
172	128,
173	},
174
175	/* RC2_128_CBC_WITH_MD5 */
176	{
177	1,
178	SSL2_TXT_RC2_128_CBC_WITH_MD5,
179	SSL2_CK_RC2_128_CBC_WITH_MD5,
180	SSL_kRSA,
181	SSL_aRSA,
182	SSL_RC2,
183	SSL_MD5,
184	SSL_SSLV2,
185	SSL_NOT_EXP\|SSL_MEDIUM,
186	0,
187	128,
188	128,
189	},
190
191	/* RC2_128_CBC_EXPORT40_WITH_MD5 */
192	{
193	1,
194	SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
195	SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
196	SSL_kRSA,
197	SSL_aRSA,
198	SSL_RC2,
199	SSL_MD5,
200	SSL_SSLV2,
201	SSL_EXPORT\|SSL_EXP40,
202	SSL2_CF_5_BYTE_ENC,
203	40,
204	128,
205	},
206
207	#ifndef OPENSSL_NO_IDEA
208	/* IDEA_128_CBC_WITH_MD5 */
209	{
210	1,
211	SSL2_TXT_IDEA_128_CBC_WITH_MD5,
212	SSL2_CK_IDEA_128_CBC_WITH_MD5,
213	SSL_kRSA,
214	SSL_aRSA,
215	SSL_IDEA,
216	SSL_MD5,
217	SSL_SSLV2,
218	SSL_NOT_EXP\|SSL_MEDIUM,
219	0,
220	128,
221	128,
222	},
223	#endif
224
225	/* DES_64_CBC_WITH_MD5 */
226	{
227	1,
228	SSL2_TXT_DES_64_CBC_WITH_MD5,
229	SSL2_CK_DES_64_CBC_WITH_MD5,
230	SSL_kRSA,
231	SSL_aRSA,
232	SSL_DES,
233	SSL_MD5,
234	SSL_SSLV2,
235	SSL_NOT_EXP\|SSL_LOW,
236	0,
237	56,
238	56,
239	},
240
241	/* DES_192_EDE3_CBC_WITH_MD5 */
242	{
243	1,
244	SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
245	SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
246	SSL_kRSA,
247	SSL_aRSA,
248	SSL_3DES,
249	SSL_MD5,
250	SSL_SSLV2,
251	SSL_NOT_EXP\|SSL_HIGH,
252	0,
253	112,
254	168,
255	},
256
257	#if 0
258	/* RC4_64_WITH_MD5 */
259	{
260	1,
261	SSL2_TXT_RC4_64_WITH_MD5,
262	SSL2_CK_RC4_64_WITH_MD5,
263	SSL_kRSA,
264	SSL_aRSA,
265	SSL_RC4,
266	SSL_MD5,
267	SSL_SSLV2,
268	SSL_NOT_EXP\|SSL_LOW,
269	SSL2_CF_8_BYTE_ENC,
270	64,
271	64,
272	},
273	#endif
274
275	#if 0
276	/* NULL SSLeay (testing) */
277	{
278	0,
279	SSL2_TXT_NULL,
280	SSL2_CK_NULL,
281	0,
282	0,
283	0,
284	0,
285	SSL_SSLV2,
286	SSL_STRONG_NONE,
287	0,
288	0,
289	0,
290	},
291	#endif
292
293	/* end of list :-) */
294	};
295
296	long ssl2_default_timeout(void)
297	{
298	return(300);
299	}
300
301	int ssl2_num_ciphers(void)
302	{
303	return(SSL2_NUM_CIPHERS);
304	}
305
306	const SSL_CIPHER *ssl2_get_cipher(unsigned int u)
307	{
308	if (u < SSL2_NUM_CIPHERS)
309	return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u]));
310	else
311	return(NULL);
312	}
313
314	int ssl2_pending(const SSL *s)
315	{
316	return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
317	}
318
319	int ssl2_new(SSL *s)
320	{
321	SSL2_STATE *s2;
322
323	if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err;
324	memset(s2,0,sizeof *s2);
325
326	#if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
327	# error "assertion failed"
328	#endif
329
330	if ((s2->rbuf=OPENSSL_malloc(
331	SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
332	/* wbuf needs one byte more because when using two-byte headers,
333	* we leave the first byte unused in do_ssl_write (s2_pkt.c) */
334	if ((s2->wbuf=OPENSSL_malloc(
335	SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err;
336	s->s2=s2;
337
338	ssl2_clear(s);
339	return(1);
340	err:
341	if (s2 != NULL)
342	{
343	if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
344	if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
345	OPENSSL_free(s2);
346	}
347	return(0);
348	}
349
350	void ssl2_free(SSL *s)
351	{
352	SSL2_STATE *s2;
353
354	if(s == NULL)
355	return;
356
357	s2=s->s2;
358	if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
359	if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
360	OPENSSL_cleanse(s2,sizeof *s2);
361	OPENSSL_free(s2);
362	s->s2=NULL;
363	}
364
365	void ssl2_clear(SSL *s)
366	{
367	SSL2_STATE *s2;
368	unsigned char rbuf,wbuf;
369
370	s2=s->s2;
371
372	rbuf=s2->rbuf;
373	wbuf=s2->wbuf;
374
375	memset(s2,0,sizeof *s2);
376
377	s2->rbuf=rbuf;
378	s2->wbuf=wbuf;
379	s2->clear_text=1;
380	s->packet=s2->rbuf;
381	s->version=SSL2_VERSION;
382	s->packet_length=0;
383	}
384
385	long ssl2_ctrl(SSL s, int cmd, long larg, void parg)
386	{
387	int ret=0;
388
389	switch(cmd)
390	{
391	case SSL_CTRL_GET_SESSION_REUSED:
392	ret=s->hit;
393	break;
394	default:
395	break;
396	}
397	return(ret);
398	}
399
400	long ssl2_callback_ctrl(SSL s, int cmd, void (fp)(void))
401	{
402	return(0);
403	}
404
405	long ssl2_ctx_ctrl(SSL_CTX ctx, int cmd, long larg, void parg)
406	{
407	return(0);
408	}
409
410	long ssl2_ctx_callback_ctrl(SSL_CTX ctx, int cmd, void (fp)(void))
411	{
412	return(0);
413	}
414
415	/* This function needs to check if the ciphers required are actually
416	* available */
417	const SSL_CIPHER ssl2_get_cipher_by_char(const unsigned char p)
418	{
419	SSL_CIPHER c;
420	const SSL_CIPHER *cp;
421	unsigned long id;
422
423	id=0x02000000L\|((unsigned long)p[0]<<16L)\|
424	((unsigned long)p[1]<<8L)\|(unsigned long)p[2];
425	c.id=id;
426	cp = OBJ_bsearch_ssl_cipher_id(&c, ssl2_ciphers, SSL2_NUM_CIPHERS);
427	if ((cp == NULL) \|\| (cp->valid == 0))
428	return NULL;
429	else
430	return cp;
431	}
432
433	int ssl2_put_cipher_by_char(const SSL_CIPHER c, unsigned char p)
434	{
435	long l;
436
437	if (p != NULL)
438	{
439	l=c->id;
440	if ((l & 0xff000000) != 0x02000000) return(0);
441	p[0]=((unsigned char)(l>>16L))&0xFF;
442	p[1]=((unsigned char)(l>> 8L))&0xFF;
443	p[2]=((unsigned char)(l ))&0xFF;
444	}
445	return(3);
446	}
447
448	int ssl2_generate_key_material(SSL *s)
449	{
450	unsigned int i;
451	EVP_MD_CTX ctx;
452	unsigned char *km;
453	unsigned char c='0';
454	const EVP_MD *md5;
455	int md_size;
456
457	md5 = EVP_md5();
458
459	#ifdef CHARSET_EBCDIC
460	c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
461	see SSLv2 docu */
462	#endif
463	EVP_MD_CTX_init(&ctx);
464	km=s->s2->key_material;
465
466	if (s->session->master_key_length < 0 \|\|
467	s->session->master_key_length > (int)sizeof(s->session->master_key))
468	{
469	SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
470	return 0;
471	}
472	md_size = EVP_MD_size(md5);
473	if (md_size < 0)
474	return 0;
475	for (i=0; i<s->s2->key_material_length; i += md_size)
476	{
477	if (((km - s->s2->key_material) + md_size) >
478	(int)sizeof(s->s2->key_material))
479	{
480	/* EVP_DigestFinal_ex() below would write beyond buffer */
481	SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
482	return 0;
483	}
484
485	EVP_DigestInit_ex(&ctx, md5, NULL);
486
487	OPENSSL_assert(s->session->master_key_length >= 0
488	&& s->session->master_key_length
489	< (int)sizeof(s->session->master_key));
490	EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
491	EVP_DigestUpdate(&ctx,&c,1);
492	c++;
493	EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
494	EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
495	EVP_DigestFinal_ex(&ctx,km,NULL);
496	km += md_size;
497	}
498
499	EVP_MD_CTX_cleanup(&ctx);
500	return 1;
501	}
502
503	void ssl2_return_error(SSL *s, int err)
504	{
505	if (!s->error)
506	{
507	s->error=3;
508	s->error_code=err;
509
510	ssl2_write_error(s);
511	}
512	}
513
514
515	void ssl2_write_error(SSL *s)
516	{
517	unsigned char buf[3];
518	int i,error;
519
520	buf[0]=SSL2_MT_ERROR;
521	buf[1]=(s->error_code>>8)&0xff;
522	buf[2]=(s->error_code)&0xff;
523
524	/* state=s->rwstate;*/
525
526	error=s->error; /* number of bytes left to write */
527	s->error=0;
528	OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf));
529	i=ssl2_write(s,&(buf[3-error]),error);
530
531	/* if (i == error) s->rwstate=state; */
532
533	if (i < 0)
534	s->error=error;
535	else
536	{
537	s->error=error-i;
538
539	if (s->error == 0)
540	if (s->msg_callback)
541	s->msg_callback(1, s->version, 0, buf, 3, s, s->msg_callback_arg); /* ERROR */
542	}
543	}
544
545	int ssl2_shutdown(SSL *s)
546	{
547	s->shutdown=(SSL_SENT_SHUTDOWN\|SSL_RECEIVED_SHUTDOWN);
548	return(1);
549	}
550	#else /* !OPENSSL_NO_SSL2 */
551
552	# if PEDANTIC
553	static void *dummy=&dummy;
554	# endif
555
556	#endif

Note: See TracBrowser for help on using the repository browser.

Download in other formats: