]>
Commit | Line | Data |
---|---|---|
d02b48c6 | 1 | /* ssl/s2_lib.c */ |
58964a49 | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
d02b48c6 RE |
3 | * All rights reserved. |
4 | * | |
5 | * This package is an SSL implementation written | |
6 | * by Eric Young (eay@cryptsoft.com). | |
7 | * The implementation was written so as to conform with Netscapes SSL. | |
ae5c8664 | 8 | * |
d02b48c6 RE |
9 | * This library is free for commercial and non-commercial use as long as |
10 | * the following conditions are aheared to. The following conditions | |
11 | * apply to all code found in this distribution, be it the RC4, RSA, | |
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
13 | * included with this distribution is covered by the same copyright terms | |
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
ae5c8664 | 15 | * |
d02b48c6 RE |
16 | * Copyright remains Eric Young's, and as such any Copyright notices in |
17 | * the code are not to be removed. | |
18 | * If this package is used in a product, Eric Young should be given attribution | |
19 | * as the author of the parts of the library used. | |
20 | * This can be in the form of a textual message at program startup or | |
21 | * in documentation (online or textual) provided with the package. | |
ae5c8664 | 22 | * |
d02b48c6 RE |
23 | * Redistribution and use in source and binary forms, with or without |
24 | * modification, are permitted provided that the following conditions | |
25 | * are met: | |
26 | * 1. Redistributions of source code must retain the copyright | |
27 | * notice, this list of conditions and the following disclaimer. | |
28 | * 2. Redistributions in binary form must reproduce the above copyright | |
29 | * notice, this list of conditions and the following disclaimer in the | |
30 | * documentation and/or other materials provided with the distribution. | |
31 | * 3. All advertising materials mentioning features or use of this software | |
32 | * must display the following acknowledgement: | |
33 | * "This product includes cryptographic software written by | |
34 | * Eric Young (eay@cryptsoft.com)" | |
35 | * The word 'cryptographic' can be left out if the rouines from the library | |
36 | * being used are not cryptographic related :-). | |
ae5c8664 | 37 | * 4. If you include any Windows specific code (or a derivative thereof) from |
d02b48c6 RE |
38 | * the apps directory (application code) you must include an acknowledgement: |
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
ae5c8664 | 40 | * |
d02b48c6 RE |
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
51 | * SUCH DAMAGE. | |
ae5c8664 | 52 | * |
d02b48c6 RE |
53 | * The licence and distribution terms for any publically available version or |
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
55 | * copied and put under another distribution licence | |
56 | * [including the GNU Public Licence.] | |
57 | */ | |
52b8dad8 BM |
58 | /* ==================================================================== |
59 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. | |
60 | * | |
61 | * Redistribution and use in source and binary forms, with or without | |
62 | * modification, are permitted provided that the following conditions | |
63 | * are met: | |
64 | * | |
65 | * 1. Redistributions of source code must retain the above copyright | |
ae5c8664 | 66 | * notice, this list of conditions and the following disclaimer. |
52b8dad8 BM |
67 | * |
68 | * 2. Redistributions in binary form must reproduce the above copyright | |
69 | * notice, this list of conditions and the following disclaimer in | |
70 | * the documentation and/or other materials provided with the | |
71 | * distribution. | |
72 | * | |
73 | * 3. All advertising materials mentioning features or use of this | |
74 | * software must display the following acknowledgment: | |
75 | * "This product includes software developed by the OpenSSL Project | |
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
77 | * | |
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
79 | * endorse or promote products derived from this software without | |
80 | * prior written permission. For written permission, please contact | |
81 | * openssl-core@openssl.org. | |
82 | * | |
83 | * 5. Products derived from this software may not be called "OpenSSL" | |
84 | * nor may "OpenSSL" appear in their names without prior written | |
85 | * permission of the OpenSSL Project. | |
86 | * | |
87 | * 6. Redistributions of any form whatsoever must retain the following | |
88 | * acknowledgment: | |
89 | * "This product includes software developed by the OpenSSL Project | |
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
91 | * | |
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
104 | * ==================================================================== | |
105 | * | |
106 | * This product includes cryptographic software written by Eric Young | |
107 | * (eay@cryptsoft.com). This product includes software written by Tim | |
108 | * Hudson (tjh@cryptsoft.com). | |
109 | * | |
110 | */ | |
d02b48c6 | 111 | |
aa82db4f | 112 | #include "ssl_locl.h" |
bc36ee62 | 113 | #ifndef OPENSSL_NO_SSL2 |
ae5c8664 MC |
114 | # include <stdio.h> |
115 | # include <openssl/objects.h> | |
116 | # include <openssl/evp.h> | |
117 | # include <openssl/md5.h> | |
d02b48c6 | 118 | |
ae5c8664 | 119 | const char ssl2_version_str[] = "SSLv2" OPENSSL_VERSION_PTEXT; |
d02b48c6 | 120 | |
ae5c8664 | 121 | # define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER)) |
d02b48c6 | 122 | |
6e119bb0 | 123 | /* list of available SSLv2 ciphers (sorted by id) */ |
ae5c8664 MC |
124 | OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = { |
125 | # if 0 | |
52b8dad8 | 126 | /* NULL_WITH_MD5 v3 */ |
ae5c8664 MC |
127 | { |
128 | 1, | |
129 | SSL2_TXT_NULL_WITH_MD5, | |
130 | SSL2_CK_NULL_WITH_MD5, | |
131 | SSL_kRSA, | |
132 | SSL_aRSA, | |
133 | SSL_eNULL, | |
134 | SSL_MD5, | |
135 | SSL_SSLV2, | |
136 | SSL_EXPORT | SSL_EXP40 | SSL_STRONG_NONE, | |
137 | 0, | |
138 | 0, | |
139 | 0, | |
140 | }, | |
141 | # endif | |
52b8dad8 | 142 | |
d02b48c6 | 143 | /* RC4_128_WITH_MD5 */ |
ae5c8664 MC |
144 | { |
145 | 1, | |
146 | SSL2_TXT_RC4_128_WITH_MD5, | |
147 | SSL2_CK_RC4_128_WITH_MD5, | |
148 | SSL_kRSA, | |
149 | SSL_aRSA, | |
150 | SSL_RC4, | |
151 | SSL_MD5, | |
152 | SSL_SSLV2, | |
29cce508 | 153 | SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, |
ae5c8664 MC |
154 | 0, |
155 | 128, | |
156 | 128, | |
157 | }, | |
52b8dad8 | 158 | |
9dfd2be8 | 159 | # if 0 |
6e119bb0 | 160 | /* RC4_128_EXPORT40_WITH_MD5 */ |
ae5c8664 MC |
161 | { |
162 | 1, | |
163 | SSL2_TXT_RC4_128_EXPORT40_WITH_MD5, | |
164 | SSL2_CK_RC4_128_EXPORT40_WITH_MD5, | |
165 | SSL_kRSA, | |
166 | SSL_aRSA, | |
167 | SSL_RC4, | |
168 | SSL_MD5, | |
169 | SSL_SSLV2, | |
29cce508 | 170 | SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, |
ae5c8664 MC |
171 | SSL2_CF_5_BYTE_ENC, |
172 | 40, | |
173 | 128, | |
174 | }, | |
9dfd2be8 | 175 | # endif |
52b8dad8 | 176 | |
d02b48c6 | 177 | /* RC2_128_CBC_WITH_MD5 */ |
ae5c8664 MC |
178 | { |
179 | 1, | |
180 | SSL2_TXT_RC2_128_CBC_WITH_MD5, | |
181 | SSL2_CK_RC2_128_CBC_WITH_MD5, | |
182 | SSL_kRSA, | |
183 | SSL_aRSA, | |
184 | SSL_RC2, | |
185 | SSL_MD5, | |
186 | SSL_SSLV2, | |
29cce508 | 187 | SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, |
ae5c8664 MC |
188 | 0, |
189 | 128, | |
190 | 128, | |
191 | }, | |
52b8dad8 | 192 | |
9dfd2be8 | 193 | # if 0 |
6e119bb0 | 194 | /* RC2_128_CBC_EXPORT40_WITH_MD5 */ |
ae5c8664 MC |
195 | { |
196 | 1, | |
197 | SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5, | |
198 | SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5, | |
199 | SSL_kRSA, | |
200 | SSL_aRSA, | |
201 | SSL_RC2, | |
202 | SSL_MD5, | |
203 | SSL_SSLV2, | |
29cce508 | 204 | SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, |
ae5c8664 MC |
205 | SSL2_CF_5_BYTE_ENC, |
206 | 40, | |
207 | 128, | |
208 | }, | |
9dfd2be8 | 209 | # endif |
ae5c8664 MC |
210 | |
211 | # ifndef OPENSSL_NO_IDEA | |
52b8dad8 | 212 | /* IDEA_128_CBC_WITH_MD5 */ |
ae5c8664 MC |
213 | { |
214 | 1, | |
215 | SSL2_TXT_IDEA_128_CBC_WITH_MD5, | |
216 | SSL2_CK_IDEA_128_CBC_WITH_MD5, | |
217 | SSL_kRSA, | |
218 | SSL_aRSA, | |
219 | SSL_IDEA, | |
220 | SSL_MD5, | |
221 | SSL_SSLV2, | |
29cce508 | 222 | SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, |
ae5c8664 MC |
223 | 0, |
224 | 128, | |
225 | 128, | |
226 | }, | |
227 | # endif | |
52b8dad8 | 228 | |
9dfd2be8 | 229 | # if 0 |
d02b48c6 | 230 | /* DES_64_CBC_WITH_MD5 */ |
ae5c8664 MC |
231 | { |
232 | 1, | |
233 | SSL2_TXT_DES_64_CBC_WITH_MD5, | |
234 | SSL2_CK_DES_64_CBC_WITH_MD5, | |
235 | SSL_kRSA, | |
236 | SSL_aRSA, | |
237 | SSL_DES, | |
238 | SSL_MD5, | |
239 | SSL_SSLV2, | |
29cce508 | 240 | SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, |
ae5c8664 MC |
241 | 0, |
242 | 56, | |
243 | 56, | |
244 | }, | |
9dfd2be8 | 245 | # endif |
52b8dad8 | 246 | |
d02b48c6 | 247 | /* DES_192_EDE3_CBC_WITH_MD5 */ |
ae5c8664 MC |
248 | { |
249 | 1, | |
250 | SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5, | |
251 | SSL2_CK_DES_192_EDE3_CBC_WITH_MD5, | |
252 | SSL_kRSA, | |
253 | SSL_aRSA, | |
254 | SSL_3DES, | |
255 | SSL_MD5, | |
256 | SSL_SSLV2, | |
6d69dc56 | 257 | SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, |
ae5c8664 MC |
258 | 0, |
259 | 112, | |
260 | 168, | |
261 | }, | |
262 | ||
263 | # if 0 | |
52b8dad8 | 264 | /* RC4_64_WITH_MD5 */ |
ae5c8664 MC |
265 | { |
266 | 1, | |
267 | SSL2_TXT_RC4_64_WITH_MD5, | |
268 | SSL2_CK_RC4_64_WITH_MD5, | |
269 | SSL_kRSA, | |
270 | SSL_aRSA, | |
271 | SSL_RC4, | |
272 | SSL_MD5, | |
273 | SSL_SSLV2, | |
29cce508 | 274 | SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, |
ae5c8664 MC |
275 | SSL2_CF_8_BYTE_ENC, |
276 | 64, | |
277 | 64, | |
278 | }, | |
279 | # endif | |
52b8dad8 | 280 | |
ae5c8664 | 281 | # if 0 |
52b8dad8 | 282 | /* NULL SSLeay (testing) */ |
ae5c8664 MC |
283 | { |
284 | 0, | |
285 | SSL2_TXT_NULL, | |
286 | SSL2_CK_NULL, | |
287 | 0, | |
288 | 0, | |
289 | 0, | |
290 | 0, | |
291 | SSL_SSLV2, | |
292 | SSL_STRONG_NONE, | |
293 | 0, | |
294 | 0, | |
295 | 0, | |
296 | }, | |
297 | # endif | |
d02b48c6 RE |
298 | |
299 | /* end of list :-) */ | |
ae5c8664 | 300 | }; |
d02b48c6 | 301 | |
f3b656b2 | 302 | long ssl2_default_timeout(void) |
ae5c8664 MC |
303 | { |
304 | return (300); | |
305 | } | |
d02b48c6 | 306 | |
6b691a5c | 307 | int ssl2_num_ciphers(void) |
ae5c8664 MC |
308 | { |
309 | return (SSL2_NUM_CIPHERS); | |
310 | } | |
d02b48c6 | 311 | |
babb3798 | 312 | const SSL_CIPHER *ssl2_get_cipher(unsigned int u) |
ae5c8664 MC |
313 | { |
314 | if (u < SSL2_NUM_CIPHERS) | |
315 | return (&(ssl2_ciphers[SSL2_NUM_CIPHERS - 1 - u])); | |
316 | else | |
317 | return (NULL); | |
318 | } | |
d02b48c6 | 319 | |
0821bcd4 | 320 | int ssl2_pending(const SSL *s) |
ae5c8664 MC |
321 | { |
322 | return SSL_in_init(s) ? 0 : s->s2->ract_data_length; | |
323 | } | |
d02b48c6 | 324 | |
6b691a5c | 325 | int ssl2_new(SSL *s) |
ae5c8664 MC |
326 | { |
327 | SSL2_STATE *s2; | |
d02b48c6 | 328 | |
c6738fd2 | 329 | if ((s2 = OPENSSL_malloc(sizeof(*s2))) == NULL) |
ae5c8664 | 330 | goto err; |
c6738fd2 | 331 | memset(s2, 0, sizeof(*s2)); |
d02b48c6 | 332 | |
ae5c8664 | 333 | # if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2 |
3880cd35 | 334 | # error "assertion failed" |
ae5c8664 | 335 | # endif |
3880cd35 | 336 | |
ae5c8664 MC |
337 | if ((s2->rbuf = |
338 | OPENSSL_malloc(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2)) == NULL) | |
339 | goto err; | |
340 | /* | |
341 | * wbuf needs one byte more because when using two-byte headers, we leave | |
342 | * the first byte unused in do_ssl_write (s2_pkt.c) | |
343 | */ | |
344 | if ((s2->wbuf = | |
345 | OPENSSL_malloc(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 3)) == NULL) | |
346 | goto err; | |
347 | s->s2 = s2; | |
348 | ||
349 | ssl2_clear(s); | |
350 | return (1); | |
351 | err: | |
352 | if (s2 != NULL) { | |
353 | if (s2->wbuf != NULL) | |
354 | OPENSSL_free(s2->wbuf); | |
355 | if (s2->rbuf != NULL) | |
356 | OPENSSL_free(s2->rbuf); | |
357 | OPENSSL_free(s2); | |
358 | } | |
359 | return (0); | |
360 | } | |
d02b48c6 | 361 | |
6b691a5c | 362 | void ssl2_free(SSL *s) |
ae5c8664 MC |
363 | { |
364 | SSL2_STATE *s2; | |
365 | ||
366 | if (s == NULL) | |
367 | return; | |
368 | ||
369 | s2 = s->s2; | |
370 | if (s2->rbuf != NULL) | |
371 | OPENSSL_free(s2->rbuf); | |
372 | if (s2->wbuf != NULL) | |
373 | OPENSSL_free(s2->wbuf); | |
c6738fd2 | 374 | OPENSSL_cleanse(s2, sizeof(*s2)); |
ae5c8664 MC |
375 | OPENSSL_free(s2); |
376 | s->s2 = NULL; | |
377 | } | |
d02b48c6 | 378 | |
6b691a5c | 379 | void ssl2_clear(SSL *s) |
ae5c8664 MC |
380 | { |
381 | SSL2_STATE *s2; | |
382 | unsigned char *rbuf, *wbuf; | |
d02b48c6 | 383 | |
ae5c8664 | 384 | s2 = s->s2; |
d02b48c6 | 385 | |
ae5c8664 MC |
386 | rbuf = s2->rbuf; |
387 | wbuf = s2->wbuf; | |
d02b48c6 | 388 | |
c6738fd2 | 389 | memset(s2, 0, sizeof(*s2)); |
d02b48c6 | 390 | |
ae5c8664 MC |
391 | s2->rbuf = rbuf; |
392 | s2->wbuf = wbuf; | |
393 | s2->clear_text = 1; | |
394 | s->packet = s2->rbuf; | |
395 | s->version = SSL2_VERSION; | |
396 | s->packet_length = 0; | |
397 | } | |
d02b48c6 | 398 | |
a661b653 | 399 | long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg) |
ae5c8664 MC |
400 | { |
401 | int ret = 0; | |
402 | ||
403 | switch (cmd) { | |
404 | case SSL_CTRL_GET_SESSION_REUSED: | |
405 | ret = s->hit; | |
406 | break; | |
407 | case SSL_CTRL_CHECK_PROTO_VERSION: | |
408 | return ssl3_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, larg, parg); | |
409 | default: | |
410 | break; | |
411 | } | |
412 | return (ret); | |
413 | } | |
414 | ||
415 | long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) | |
416 | { | |
417 | return (0); | |
418 | } | |
d3442bc7 | 419 | |
a661b653 | 420 | long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) |
ae5c8664 MC |
421 | { |
422 | return (0); | |
423 | } | |
424 | ||
425 | long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) | |
426 | { | |
427 | return (0); | |
428 | } | |
429 | ||
430 | /* | |
431 | * This function needs to check if the ciphers required are actually | |
432 | * available | |
433 | */ | |
babb3798 | 434 | const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) |
ae5c8664 MC |
435 | { |
436 | SSL_CIPHER c; | |
437 | const SSL_CIPHER *cp; | |
438 | unsigned long id; | |
439 | ||
440 | id = 0x02000000L | ((unsigned long)p[0] << 16L) | | |
441 | ((unsigned long)p[1] << 8L) | (unsigned long)p[2]; | |
442 | c.id = id; | |
443 | cp = OBJ_bsearch_ssl_cipher_id(&c, ssl2_ciphers, SSL2_NUM_CIPHERS); | |
444 | return cp; | |
445 | } | |
d02b48c6 | 446 | |
6b691a5c | 447 | int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) |
ae5c8664 MC |
448 | { |
449 | long l; | |
450 | ||
451 | if (p != NULL) { | |
452 | l = c->id; | |
453 | if ((l & 0xff000000) != 0x02000000 && l != SSL3_CK_FALLBACK_SCSV) | |
454 | return (0); | |
455 | p[0] = ((unsigned char)(l >> 16L)) & 0xFF; | |
456 | p[1] = ((unsigned char)(l >> 8L)) & 0xFF; | |
457 | p[2] = ((unsigned char)(l)) & 0xFF; | |
458 | } | |
459 | return (3); | |
460 | } | |
d02b48c6 | 461 | |
5574e0ed | 462 | int ssl2_generate_key_material(SSL *s) |
ae5c8664 MC |
463 | { |
464 | unsigned int i; | |
465 | EVP_MD_CTX ctx; | |
466 | unsigned char *km; | |
467 | unsigned char c = '0'; | |
468 | const EVP_MD *md5; | |
469 | int md_size; | |
470 | ||
471 | md5 = EVP_md5(); | |
472 | ||
473 | # ifdef CHARSET_EBCDIC | |
474 | c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0', see | |
475 | * SSLv2 docu */ | |
476 | # endif | |
477 | EVP_MD_CTX_init(&ctx); | |
478 | km = s->s2->key_material; | |
479 | ||
480 | if (s->session->master_key_length < 0 || | |
481 | s->session->master_key_length > (int)sizeof(s->session->master_key)) { | |
482 | SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); | |
483 | return 0; | |
484 | } | |
485 | md_size = EVP_MD_size(md5); | |
486 | if (md_size < 0) | |
487 | return 0; | |
488 | for (i = 0; i < s->s2->key_material_length; i += md_size) { | |
489 | if (((km - s->s2->key_material) + md_size) > | |
490 | (int)sizeof(s->s2->key_material)) { | |
491 | /* | |
492 | * EVP_DigestFinal_ex() below would write beyond buffer | |
493 | */ | |
494 | SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); | |
495 | return 0; | |
496 | } | |
497 | ||
498 | EVP_DigestInit_ex(&ctx, md5, NULL); | |
499 | ||
500 | OPENSSL_assert(s->session->master_key_length >= 0 | |
501 | && s->session->master_key_length | |
86f8fb0e | 502 | <= (int)sizeof(s->session->master_key)); |
ae5c8664 MC |
503 | EVP_DigestUpdate(&ctx, s->session->master_key, |
504 | s->session->master_key_length); | |
505 | EVP_DigestUpdate(&ctx, &c, 1); | |
506 | c++; | |
507 | EVP_DigestUpdate(&ctx, s->s2->challenge, s->s2->challenge_length); | |
508 | EVP_DigestUpdate(&ctx, s->s2->conn_id, s->s2->conn_id_length); | |
509 | EVP_DigestFinal_ex(&ctx, km, NULL); | |
510 | km += md_size; | |
511 | } | |
512 | ||
513 | EVP_MD_CTX_cleanup(&ctx); | |
514 | return 1; | |
515 | } | |
d02b48c6 | 516 | |
6b691a5c | 517 | void ssl2_return_error(SSL *s, int err) |
ae5c8664 MC |
518 | { |
519 | if (!s->error) { | |
520 | s->error = 3; | |
521 | s->error_code = err; | |
d02b48c6 | 522 | |
ae5c8664 MC |
523 | ssl2_write_error(s); |
524 | } | |
525 | } | |
d02b48c6 | 526 | |
6b691a5c | 527 | void ssl2_write_error(SSL *s) |
ae5c8664 MC |
528 | { |
529 | unsigned char buf[3]; | |
530 | int i, error; | |
531 | ||
532 | buf[0] = SSL2_MT_ERROR; | |
533 | buf[1] = (s->error_code >> 8) & 0xff; | |
534 | buf[2] = (s->error_code) & 0xff; | |
535 | ||
536 | /* state=s->rwstate;*/ | |
537 | ||
538 | error = s->error; /* number of bytes left to write */ | |
539 | s->error = 0; | |
540 | OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf)); | |
541 | i = ssl2_write(s, &(buf[3 - error]), error); | |
542 | ||
543 | /* if (i == error) s->rwstate=state; */ | |
544 | ||
545 | if (i < 0) | |
546 | s->error = error; | |
547 | else { | |
548 | s->error = error - i; | |
549 | ||
550 | if (s->error == 0) | |
551 | if (s->msg_callback) { | |
552 | /* ERROR */ | |
553 | s->msg_callback(1, s->version, 0, buf, 3, s, | |
554 | s->msg_callback_arg); | |
555 | } | |
556 | } | |
557 | } | |
d02b48c6 | 558 | |
6b691a5c | 559 | int ssl2_shutdown(SSL *s) |
ae5c8664 MC |
560 | { |
561 | s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); | |
562 | return (1); | |
563 | } | |
564 | #else /* !OPENSSL_NO_SSL2 */ | |
752d706a BL |
565 | |
566 | # if PEDANTIC | |
ae5c8664 | 567 | static void *dummy = &dummy; |
752d706a BL |
568 | # endif |
569 | ||
79df9d62 | 570 | #endif |