* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#include "ssl_locl.h"
#ifndef OPENSSL_NO_SSL2
#include <stdio.h>
-#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
-static long ssl2_default_timeout(void );
-const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
+const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT;
#define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
-OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
-/* NULL_WITH_MD5 v3 */
+/* list of available SSLv2 ciphers (sorted by id) */
+OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[]={
#if 0
+/* NULL_WITH_MD5 v3 */
{
1,
SSL2_TXT_NULL_WITH_MD5,
SSL2_CK_NULL_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
- SSL_EXPORT|SSL_EXP40,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_eNULL,
+ SSL_MD5,
+ SSL_SSLV2,
+ SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
+ 0,
0,
0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
},
#endif
-/* RC4_128_EXPORT40_WITH_MD5 */
- {
- 1,
- SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
- SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
- SSL_EXPORT|SSL_EXP40,
- SSL2_CF_5_BYTE_ENC,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
+
/* RC4_128_WITH_MD5 */
{
1,
SSL2_TXT_RC4_128_WITH_MD5,
SSL2_CK_RC4_128_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_RC4,
+ SSL_MD5,
+ SSL_SSLV2,
SSL_NOT_EXP|SSL_MEDIUM,
0,
128,
128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
},
-/* RC2_128_CBC_EXPORT40_WITH_MD5 */
+
+/* RC4_128_EXPORT40_WITH_MD5 */
{
1,
- SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
- SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
+ SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
+ SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_RC4,
+ SSL_MD5,
+ SSL_SSLV2,
SSL_EXPORT|SSL_EXP40,
SSL2_CF_5_BYTE_ENC,
40,
128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
},
+
/* RC2_128_CBC_WITH_MD5 */
{
1,
SSL2_TXT_RC2_128_CBC_WITH_MD5,
SSL2_CK_RC2_128_CBC_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_RC2,
+ SSL_MD5,
+ SSL_SSLV2,
SSL_NOT_EXP|SSL_MEDIUM,
0,
128,
128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
},
+
+/* RC2_128_CBC_EXPORT40_WITH_MD5 */
+ {
+ 1,
+ SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
+ SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_RC2,
+ SSL_MD5,
+ SSL_SSLV2,
+ SSL_EXPORT|SSL_EXP40,
+ SSL2_CF_5_BYTE_ENC,
+ 40,
+ 128,
+ },
+
+#ifndef OPENSSL_NO_IDEA
/* IDEA_128_CBC_WITH_MD5 */
{
1,
SSL2_TXT_IDEA_128_CBC_WITH_MD5,
SSL2_CK_IDEA_128_CBC_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_SSLV2,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_IDEA,
+ SSL_MD5,
+ SSL_SSLV2,
SSL_NOT_EXP|SSL_MEDIUM,
0,
128,
128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
},
+#endif
+
/* DES_64_CBC_WITH_MD5 */
{
1,
SSL2_TXT_DES_64_CBC_WITH_MD5,
SSL2_CK_DES_64_CBC_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_SSLV2,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_DES,
+ SSL_MD5,
+ SSL_SSLV2,
SSL_NOT_EXP|SSL_LOW,
0,
56,
56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
},
+
/* DES_192_EDE3_CBC_WITH_MD5 */
{
1,
SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_SSLV2,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_3DES,
+ SSL_MD5,
+ SSL_SSLV2,
SSL_NOT_EXP|SSL_HIGH,
0,
168,
168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
},
+
+#if 0
/* RC4_64_WITH_MD5 */
-#if 1
{
1,
SSL2_TXT_RC4_64_WITH_MD5,
SSL2_CK_RC4_64_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_RC4,
+ SSL_MD5,
+ SSL_SSLV2,
SSL_NOT_EXP|SSL_LOW,
SSL2_CF_8_BYTE_ENC,
64,
64,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
},
#endif
-/* NULL SSLeay (testing) */
+
#if 0
+/* NULL SSLeay (testing) */
{
0,
SSL2_TXT_NULL,
0,
0,
0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
+ SSL_SSLV2,
+ SSL_STRONG_NONE,
+ 0,
+ 0,
+ 0,
},
#endif
/* end of list :-) */
};
-static SSL_METHOD SSLv2_data= {
- SSL2_VERSION,
- ssl2_new, /* local */
- ssl2_clear, /* local */
- ssl2_free, /* local */
- ssl_undefined_function,
- ssl_undefined_function,
- ssl2_read,
- ssl2_peek,
- ssl2_write,
- ssl2_shutdown,
- ssl_ok, /* NULL - renegotiate */
- ssl_ok, /* NULL - check renegotiate */
- ssl2_ctrl, /* local */
- ssl2_ctx_ctrl, /* local */
- ssl2_get_cipher_by_char,
- ssl2_put_cipher_by_char,
- ssl2_pending,
- ssl2_num_ciphers,
- ssl2_get_cipher,
- ssl_bad_method,
- ssl2_default_timeout,
- &ssl3_undef_enc_method,
- ssl_undefined_function,
- ssl2_callback_ctrl, /* local */
- ssl2_ctx_callback_ctrl, /* local */
- };
-
-static long ssl2_default_timeout(void)
+long ssl2_default_timeout(void)
{
return(300);
}
-SSL_METHOD *sslv2_base_method(void)
- {
- return(&SSLv2_data);
- }
-
int ssl2_num_ciphers(void)
{
return(SSL2_NUM_CIPHERS);
}
-SSL_CIPHER *ssl2_get_cipher(unsigned int u)
+const SSL_CIPHER *ssl2_get_cipher(unsigned int u)
{
if (u < SSL2_NUM_CIPHERS)
return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u]));
return(NULL);
}
-int ssl2_pending(SSL *s)
+int ssl2_pending(const SSL *s)
{
return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
}
s2=s->s2;
if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
- memset(s2,0,sizeof *s2);
+ OPENSSL_cleanse(s2,sizeof *s2);
OPENSSL_free(s2);
s->s2=NULL;
}
s->packet_length=0;
}
-long ssl2_ctrl(SSL *s, int cmd, long larg, char *parg)
+long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)
{
int ret=0;
return(ret);
}
-long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)())
+long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
{
return(0);
}
-long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
+long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
{
return(0);
}
-long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
+long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
{
return(0);
}
/* This function needs to check if the ciphers required are actually
* available */
-SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
+const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
{
- static int init=1;
- static SSL_CIPHER *sorted[SSL2_NUM_CIPHERS];
- SSL_CIPHER c,*cp= &c,**cpp;
+ SSL_CIPHER c;
+ const SSL_CIPHER *cp;
unsigned long id;
- int i;
-
- if (init)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-
- for (i=0; i<SSL2_NUM_CIPHERS; i++)
- sorted[i]= &(ssl2_ciphers[i]);
-
- qsort( (char *)sorted,
- SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
- FP_ICC ssl_cipher_ptr_id_cmp);
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
- init=0;
- }
id=0x02000000L|((unsigned long)p[0]<<16L)|
((unsigned long)p[1]<<8L)|(unsigned long)p[2];
c.id=id;
- cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
- (char *)sorted,
- SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
- FP_ICC ssl_cipher_ptr_id_cmp);
- if ((cpp == NULL) || !(*cpp)->valid)
- return(NULL);
+ cp = OBJ_bsearch_ssl_cipher_id(&c, ssl2_ciphers, SSL2_NUM_CIPHERS);
+ if ((cp == NULL) || (cp->valid == 0))
+ return NULL;
else
- return(*cpp);
+ return cp;
}
int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
return(3);
}
-void ssl2_generate_key_material(SSL *s)
+int ssl2_generate_key_material(SSL *s)
{
unsigned int i;
EVP_MD_CTX ctx;
unsigned char *km;
unsigned char c='0';
+ const EVP_MD *md5;
+ int md_size;
+
+ md5 = EVP_md5();
#ifdef CHARSET_EBCDIC
c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
#endif
EVP_MD_CTX_init(&ctx);
km=s->s2->key_material;
- for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
- {
- EVP_DigestInit_ex(&ctx,EVP_md5(), NULL);
+ if (s->session->master_key_length < 0 ||
+ s->session->master_key_length > (int)sizeof(s->session->master_key))
+ {
+ SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ md_size = EVP_MD_size(md5);
+ if (md_size < 0)
+ return 0;
+ for (i=0; i<s->s2->key_material_length; i += md_size)
+ {
+ if (((km - s->s2->key_material) + md_size) >
+ (int)sizeof(s->s2->key_material))
+ {
+ /* EVP_DigestFinal_ex() below would write beyond buffer */
+ SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ EVP_DigestInit_ex(&ctx, md5, NULL);
+
+ OPENSSL_assert(s->session->master_key_length >= 0
+ && s->session->master_key_length
+ < (int)sizeof(s->session->master_key));
EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
EVP_DigestUpdate(&ctx,&c,1);
c++;
EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
EVP_DigestFinal_ex(&ctx,km,NULL);
- km+=MD5_DIGEST_LENGTH;
+ km += md_size;
}
+
EVP_MD_CTX_cleanup(&ctx);
+ return 1;
}
void ssl2_return_error(SSL *s, int err)
buf[2]=(s->error_code)&0xff;
/* state=s->rwstate;*/
- error=s->error;
+
+ error=s->error; /* number of bytes left to write */
s->error=0;
+ OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf));
i=ssl2_write(s,&(buf[3-error]),error);
+
/* if (i == error) s->rwstate=state; */
if (i < 0)
s->error=error;
- else if (i != s->error)
+ else
+ {
s->error=error-i;
- /* else
- s->error=0; */
+
+ if (s->error == 0)
+ if (s->msg_callback)
+ s->msg_callback(1, s->version, 0, buf, 3, s, s->msg_callback_arg); /* ERROR */
+ }
}
int ssl2_shutdown(SSL *s)