xref: /onnv-gate/usr/src/common/openssl/ssl/s2_lib.c (revision 2139:6243c3338933)
10Sstevel@tonic-gate /* ssl/s2_lib.c */
20Sstevel@tonic-gate /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
30Sstevel@tonic-gate  * All rights reserved.
40Sstevel@tonic-gate  *
50Sstevel@tonic-gate  * This package is an SSL implementation written
60Sstevel@tonic-gate  * by Eric Young (eay@cryptsoft.com).
70Sstevel@tonic-gate  * The implementation was written so as to conform with Netscapes SSL.
80Sstevel@tonic-gate  *
90Sstevel@tonic-gate  * This library is free for commercial and non-commercial use as long as
100Sstevel@tonic-gate  * the following conditions are aheared to.  The following conditions
110Sstevel@tonic-gate  * apply to all code found in this distribution, be it the RC4, RSA,
120Sstevel@tonic-gate  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
130Sstevel@tonic-gate  * included with this distribution is covered by the same copyright terms
140Sstevel@tonic-gate  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
150Sstevel@tonic-gate  *
160Sstevel@tonic-gate  * Copyright remains Eric Young's, and as such any Copyright notices in
170Sstevel@tonic-gate  * the code are not to be removed.
180Sstevel@tonic-gate  * If this package is used in a product, Eric Young should be given attribution
190Sstevel@tonic-gate  * as the author of the parts of the library used.
200Sstevel@tonic-gate  * This can be in the form of a textual message at program startup or
210Sstevel@tonic-gate  * in documentation (online or textual) provided with the package.
220Sstevel@tonic-gate  *
230Sstevel@tonic-gate  * Redistribution and use in source and binary forms, with or without
240Sstevel@tonic-gate  * modification, are permitted provided that the following conditions
250Sstevel@tonic-gate  * are met:
260Sstevel@tonic-gate  * 1. Redistributions of source code must retain the copyright
270Sstevel@tonic-gate  *    notice, this list of conditions and the following disclaimer.
280Sstevel@tonic-gate  * 2. Redistributions in binary form must reproduce the above copyright
290Sstevel@tonic-gate  *    notice, this list of conditions and the following disclaimer in the
300Sstevel@tonic-gate  *    documentation and/or other materials provided with the distribution.
310Sstevel@tonic-gate  * 3. All advertising materials mentioning features or use of this software
320Sstevel@tonic-gate  *    must display the following acknowledgement:
330Sstevel@tonic-gate  *    "This product includes cryptographic software written by
340Sstevel@tonic-gate  *     Eric Young (eay@cryptsoft.com)"
350Sstevel@tonic-gate  *    The word 'cryptographic' can be left out if the rouines from the library
360Sstevel@tonic-gate  *    being used are not cryptographic related :-).
370Sstevel@tonic-gate  * 4. If you include any Windows specific code (or a derivative thereof) from
380Sstevel@tonic-gate  *    the apps directory (application code) you must include an acknowledgement:
390Sstevel@tonic-gate  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
400Sstevel@tonic-gate  *
410Sstevel@tonic-gate  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
420Sstevel@tonic-gate  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
430Sstevel@tonic-gate  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
440Sstevel@tonic-gate  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
450Sstevel@tonic-gate  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
460Sstevel@tonic-gate  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
470Sstevel@tonic-gate  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
480Sstevel@tonic-gate  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
490Sstevel@tonic-gate  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
500Sstevel@tonic-gate  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
510Sstevel@tonic-gate  * SUCH DAMAGE.
520Sstevel@tonic-gate  *
530Sstevel@tonic-gate  * The licence and distribution terms for any publically available version or
540Sstevel@tonic-gate  * derivative of this code cannot be changed.  i.e. this code cannot simply be
550Sstevel@tonic-gate  * copied and put under another distribution licence
560Sstevel@tonic-gate  * [including the GNU Public Licence.]
570Sstevel@tonic-gate  */
580Sstevel@tonic-gate 
590Sstevel@tonic-gate #include "ssl_locl.h"
600Sstevel@tonic-gate #ifndef OPENSSL_NO_SSL2
610Sstevel@tonic-gate #include <stdio.h>
620Sstevel@tonic-gate #include <openssl/objects.h>
630Sstevel@tonic-gate #include <openssl/evp.h>
640Sstevel@tonic-gate #include <openssl/md5.h>
650Sstevel@tonic-gate 
660Sstevel@tonic-gate const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
670Sstevel@tonic-gate 
680Sstevel@tonic-gate #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
690Sstevel@tonic-gate 
70*2139Sjp161948 /* list of available SSLv2 ciphers (sorted by id) */
710Sstevel@tonic-gate OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
720Sstevel@tonic-gate /* NULL_WITH_MD5 v3 */
730Sstevel@tonic-gate #if 0
740Sstevel@tonic-gate 	{
750Sstevel@tonic-gate 	1,
760Sstevel@tonic-gate 	SSL2_TXT_NULL_WITH_MD5,
770Sstevel@tonic-gate 	SSL2_CK_NULL_WITH_MD5,
780Sstevel@tonic-gate 	SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
790Sstevel@tonic-gate 	SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
800Sstevel@tonic-gate 	0,
810Sstevel@tonic-gate 	0,
820Sstevel@tonic-gate 	0,
830Sstevel@tonic-gate 	SSL_ALL_CIPHERS,
840Sstevel@tonic-gate 	SSL_ALL_STRENGTHS,
850Sstevel@tonic-gate 	},
860Sstevel@tonic-gate #endif
87*2139Sjp161948 /* RC4_128_WITH_MD5 */
88*2139Sjp161948 	{
89*2139Sjp161948 	1,
90*2139Sjp161948 	SSL2_TXT_RC4_128_WITH_MD5,
91*2139Sjp161948 	SSL2_CK_RC4_128_WITH_MD5,
92*2139Sjp161948 	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
93*2139Sjp161948 	SSL_NOT_EXP|SSL_MEDIUM,
94*2139Sjp161948 	0,
95*2139Sjp161948 	128,
96*2139Sjp161948 	128,
97*2139Sjp161948 	SSL_ALL_CIPHERS,
98*2139Sjp161948 	SSL_ALL_STRENGTHS,
99*2139Sjp161948 	},
1000Sstevel@tonic-gate /* RC4_128_EXPORT40_WITH_MD5 */
1010Sstevel@tonic-gate 	{
1020Sstevel@tonic-gate 	1,
1030Sstevel@tonic-gate 	SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
1040Sstevel@tonic-gate 	SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
1050Sstevel@tonic-gate 	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
1060Sstevel@tonic-gate 	SSL_EXPORT|SSL_EXP40,
1070Sstevel@tonic-gate 	SSL2_CF_5_BYTE_ENC,
1080Sstevel@tonic-gate 	40,
1090Sstevel@tonic-gate 	128,
1100Sstevel@tonic-gate 	SSL_ALL_CIPHERS,
1110Sstevel@tonic-gate 	SSL_ALL_STRENGTHS,
1120Sstevel@tonic-gate 	},
113*2139Sjp161948 /* RC2_128_CBC_WITH_MD5 */
1140Sstevel@tonic-gate 	{
1150Sstevel@tonic-gate 	1,
116*2139Sjp161948 	SSL2_TXT_RC2_128_CBC_WITH_MD5,
117*2139Sjp161948 	SSL2_CK_RC2_128_CBC_WITH_MD5,
118*2139Sjp161948 	SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
1190Sstevel@tonic-gate 	SSL_NOT_EXP|SSL_MEDIUM,
1200Sstevel@tonic-gate 	0,
1210Sstevel@tonic-gate 	128,
1220Sstevel@tonic-gate 	128,
1230Sstevel@tonic-gate 	SSL_ALL_CIPHERS,
1240Sstevel@tonic-gate 	SSL_ALL_STRENGTHS,
1250Sstevel@tonic-gate 	},
1260Sstevel@tonic-gate /* RC2_128_CBC_EXPORT40_WITH_MD5 */
1270Sstevel@tonic-gate 	{
1280Sstevel@tonic-gate 	1,
1290Sstevel@tonic-gate 	SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
1300Sstevel@tonic-gate 	SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
1310Sstevel@tonic-gate 	SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
1320Sstevel@tonic-gate 	SSL_EXPORT|SSL_EXP40,
1330Sstevel@tonic-gate 	SSL2_CF_5_BYTE_ENC,
1340Sstevel@tonic-gate 	40,
1350Sstevel@tonic-gate 	128,
1360Sstevel@tonic-gate 	SSL_ALL_CIPHERS,
1370Sstevel@tonic-gate 	SSL_ALL_STRENGTHS,
1380Sstevel@tonic-gate 	},
1390Sstevel@tonic-gate /* IDEA_128_CBC_WITH_MD5 */
1400Sstevel@tonic-gate #ifndef OPENSSL_NO_IDEA
1410Sstevel@tonic-gate 	{
1420Sstevel@tonic-gate 	1,
1430Sstevel@tonic-gate 	SSL2_TXT_IDEA_128_CBC_WITH_MD5,
1440Sstevel@tonic-gate 	SSL2_CK_IDEA_128_CBC_WITH_MD5,
1450Sstevel@tonic-gate 	SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_SSLV2,
1460Sstevel@tonic-gate 	SSL_NOT_EXP|SSL_MEDIUM,
1470Sstevel@tonic-gate 	0,
1480Sstevel@tonic-gate 	128,
1490Sstevel@tonic-gate 	128,
1500Sstevel@tonic-gate 	SSL_ALL_CIPHERS,
1510Sstevel@tonic-gate 	SSL_ALL_STRENGTHS,
1520Sstevel@tonic-gate 	},
1530Sstevel@tonic-gate #endif
1540Sstevel@tonic-gate /* DES_64_CBC_WITH_MD5 */
1550Sstevel@tonic-gate 	{
1560Sstevel@tonic-gate 	1,
1570Sstevel@tonic-gate 	SSL2_TXT_DES_64_CBC_WITH_MD5,
1580Sstevel@tonic-gate 	SSL2_CK_DES_64_CBC_WITH_MD5,
1590Sstevel@tonic-gate 	SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_SSLV2,
1600Sstevel@tonic-gate 	SSL_NOT_EXP|SSL_LOW,
1610Sstevel@tonic-gate 	0,
1620Sstevel@tonic-gate 	56,
1630Sstevel@tonic-gate 	56,
1640Sstevel@tonic-gate 	SSL_ALL_CIPHERS,
1650Sstevel@tonic-gate 	SSL_ALL_STRENGTHS,
1660Sstevel@tonic-gate 	},
1670Sstevel@tonic-gate /* DES_192_EDE3_CBC_WITH_MD5 */
1680Sstevel@tonic-gate 	{
1690Sstevel@tonic-gate 	1,
1700Sstevel@tonic-gate 	SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
1710Sstevel@tonic-gate 	SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
1720Sstevel@tonic-gate 	SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_SSLV2,
1730Sstevel@tonic-gate 	SSL_NOT_EXP|SSL_HIGH,
1740Sstevel@tonic-gate 	0,
1750Sstevel@tonic-gate 	168,
1760Sstevel@tonic-gate 	168,
1770Sstevel@tonic-gate 	SSL_ALL_CIPHERS,
1780Sstevel@tonic-gate 	SSL_ALL_STRENGTHS,
1790Sstevel@tonic-gate 	},
1800Sstevel@tonic-gate /* RC4_64_WITH_MD5 */
1810Sstevel@tonic-gate #if 1
1820Sstevel@tonic-gate 	{
1830Sstevel@tonic-gate 	1,
1840Sstevel@tonic-gate 	SSL2_TXT_RC4_64_WITH_MD5,
1850Sstevel@tonic-gate 	SSL2_CK_RC4_64_WITH_MD5,
1860Sstevel@tonic-gate 	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
1870Sstevel@tonic-gate 	SSL_NOT_EXP|SSL_LOW,
1880Sstevel@tonic-gate 	SSL2_CF_8_BYTE_ENC,
1890Sstevel@tonic-gate 	64,
1900Sstevel@tonic-gate 	64,
1910Sstevel@tonic-gate 	SSL_ALL_CIPHERS,
1920Sstevel@tonic-gate 	SSL_ALL_STRENGTHS,
1930Sstevel@tonic-gate 	},
1940Sstevel@tonic-gate #endif
1950Sstevel@tonic-gate /* NULL SSLeay (testing) */
1960Sstevel@tonic-gate #if 0
1970Sstevel@tonic-gate 	{
1980Sstevel@tonic-gate 	0,
1990Sstevel@tonic-gate 	SSL2_TXT_NULL,
2000Sstevel@tonic-gate 	SSL2_CK_NULL,
2010Sstevel@tonic-gate 	0,
2020Sstevel@tonic-gate 	SSL_STRONG_NONE,
2030Sstevel@tonic-gate 	0,
2040Sstevel@tonic-gate 	0,
2050Sstevel@tonic-gate 	0,
2060Sstevel@tonic-gate 	SSL_ALL_CIPHERS,
2070Sstevel@tonic-gate 	SSL_ALL_STRENGTHS,
2080Sstevel@tonic-gate 	},
2090Sstevel@tonic-gate #endif
2100Sstevel@tonic-gate 
2110Sstevel@tonic-gate /* end of list :-) */
2120Sstevel@tonic-gate 	};
2130Sstevel@tonic-gate 
ssl2_default_timeout(void)214*2139Sjp161948 long ssl2_default_timeout(void)
2150Sstevel@tonic-gate 	{
2160Sstevel@tonic-gate 	return(300);
2170Sstevel@tonic-gate 	}
2180Sstevel@tonic-gate 
IMPLEMENT_ssl2_meth_func(sslv2_base_method,ssl_undefined_function,ssl_undefined_function,ssl_bad_method)219*2139Sjp161948 IMPLEMENT_ssl2_meth_func(sslv2_base_method,
220*2139Sjp161948 			ssl_undefined_function,
221*2139Sjp161948 			ssl_undefined_function,
222*2139Sjp161948 			ssl_bad_method)
2230Sstevel@tonic-gate 
2240Sstevel@tonic-gate int ssl2_num_ciphers(void)
2250Sstevel@tonic-gate 	{
2260Sstevel@tonic-gate 	return(SSL2_NUM_CIPHERS);
2270Sstevel@tonic-gate 	}
2280Sstevel@tonic-gate 
ssl2_get_cipher(unsigned int u)2290Sstevel@tonic-gate SSL_CIPHER *ssl2_get_cipher(unsigned int u)
2300Sstevel@tonic-gate 	{
2310Sstevel@tonic-gate 	if (u < SSL2_NUM_CIPHERS)
2320Sstevel@tonic-gate 		return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u]));
2330Sstevel@tonic-gate 	else
2340Sstevel@tonic-gate 		return(NULL);
2350Sstevel@tonic-gate 	}
2360Sstevel@tonic-gate 
ssl2_pending(const SSL * s)237*2139Sjp161948 int ssl2_pending(const SSL *s)
2380Sstevel@tonic-gate 	{
2390Sstevel@tonic-gate 	return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
2400Sstevel@tonic-gate 	}
2410Sstevel@tonic-gate 
ssl2_new(SSL * s)2420Sstevel@tonic-gate int ssl2_new(SSL *s)
2430Sstevel@tonic-gate 	{
2440Sstevel@tonic-gate 	SSL2_STATE *s2;
2450Sstevel@tonic-gate 
2460Sstevel@tonic-gate 	if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err;
2470Sstevel@tonic-gate 	memset(s2,0,sizeof *s2);
2480Sstevel@tonic-gate 
2490Sstevel@tonic-gate #if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
2500Sstevel@tonic-gate #  error "assertion failed"
2510Sstevel@tonic-gate #endif
2520Sstevel@tonic-gate 
2530Sstevel@tonic-gate 	if ((s2->rbuf=OPENSSL_malloc(
2540Sstevel@tonic-gate 		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
2550Sstevel@tonic-gate 	/* wbuf needs one byte more because when using two-byte headers,
2560Sstevel@tonic-gate 	 * we leave the first byte unused in do_ssl_write (s2_pkt.c) */
2570Sstevel@tonic-gate 	if ((s2->wbuf=OPENSSL_malloc(
2580Sstevel@tonic-gate 		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err;
2590Sstevel@tonic-gate 	s->s2=s2;
2600Sstevel@tonic-gate 
2610Sstevel@tonic-gate 	ssl2_clear(s);
2620Sstevel@tonic-gate 	return(1);
2630Sstevel@tonic-gate err:
2640Sstevel@tonic-gate 	if (s2 != NULL)
2650Sstevel@tonic-gate 		{
2660Sstevel@tonic-gate 		if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
2670Sstevel@tonic-gate 		if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
2680Sstevel@tonic-gate 		OPENSSL_free(s2);
2690Sstevel@tonic-gate 		}
2700Sstevel@tonic-gate 	return(0);
2710Sstevel@tonic-gate 	}
2720Sstevel@tonic-gate 
ssl2_free(SSL * s)2730Sstevel@tonic-gate void ssl2_free(SSL *s)
2740Sstevel@tonic-gate 	{
2750Sstevel@tonic-gate 	SSL2_STATE *s2;
2760Sstevel@tonic-gate 
2770Sstevel@tonic-gate 	if(s == NULL)
2780Sstevel@tonic-gate 	    return;
2790Sstevel@tonic-gate 
2800Sstevel@tonic-gate 	s2=s->s2;
2810Sstevel@tonic-gate 	if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
2820Sstevel@tonic-gate 	if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
2830Sstevel@tonic-gate 	OPENSSL_cleanse(s2,sizeof *s2);
2840Sstevel@tonic-gate 	OPENSSL_free(s2);
2850Sstevel@tonic-gate 	s->s2=NULL;
2860Sstevel@tonic-gate 	}
2870Sstevel@tonic-gate 
ssl2_clear(SSL * s)2880Sstevel@tonic-gate void ssl2_clear(SSL *s)
2890Sstevel@tonic-gate 	{
2900Sstevel@tonic-gate 	SSL2_STATE *s2;
2910Sstevel@tonic-gate 	unsigned char *rbuf,*wbuf;
2920Sstevel@tonic-gate 
2930Sstevel@tonic-gate 	s2=s->s2;
2940Sstevel@tonic-gate 
2950Sstevel@tonic-gate 	rbuf=s2->rbuf;
2960Sstevel@tonic-gate 	wbuf=s2->wbuf;
2970Sstevel@tonic-gate 
2980Sstevel@tonic-gate 	memset(s2,0,sizeof *s2);
2990Sstevel@tonic-gate 
3000Sstevel@tonic-gate 	s2->rbuf=rbuf;
3010Sstevel@tonic-gate 	s2->wbuf=wbuf;
3020Sstevel@tonic-gate 	s2->clear_text=1;
3030Sstevel@tonic-gate 	s->packet=s2->rbuf;
3040Sstevel@tonic-gate 	s->version=SSL2_VERSION;
3050Sstevel@tonic-gate 	s->packet_length=0;
3060Sstevel@tonic-gate 	}
3070Sstevel@tonic-gate 
ssl2_ctrl(SSL * s,int cmd,long larg,void * parg)3080Sstevel@tonic-gate long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)
3090Sstevel@tonic-gate 	{
3100Sstevel@tonic-gate 	int ret=0;
3110Sstevel@tonic-gate 
3120Sstevel@tonic-gate 	switch(cmd)
3130Sstevel@tonic-gate 		{
3140Sstevel@tonic-gate 	case SSL_CTRL_GET_SESSION_REUSED:
3150Sstevel@tonic-gate 		ret=s->hit;
3160Sstevel@tonic-gate 		break;
3170Sstevel@tonic-gate 	default:
3180Sstevel@tonic-gate 		break;
3190Sstevel@tonic-gate 		}
3200Sstevel@tonic-gate 	return(ret);
3210Sstevel@tonic-gate 	}
3220Sstevel@tonic-gate 
ssl2_callback_ctrl(SSL * s,int cmd,void (* fp)(void))323*2139Sjp161948 long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
3240Sstevel@tonic-gate 	{
3250Sstevel@tonic-gate 	return(0);
3260Sstevel@tonic-gate 	}
3270Sstevel@tonic-gate 
ssl2_ctx_ctrl(SSL_CTX * ctx,int cmd,long larg,void * parg)3280Sstevel@tonic-gate long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3290Sstevel@tonic-gate 	{
3300Sstevel@tonic-gate 	return(0);
3310Sstevel@tonic-gate 	}
3320Sstevel@tonic-gate 
ssl2_ctx_callback_ctrl(SSL_CTX * ctx,int cmd,void (* fp)(void))333*2139Sjp161948 long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
3340Sstevel@tonic-gate 	{
3350Sstevel@tonic-gate 	return(0);
3360Sstevel@tonic-gate 	}
3370Sstevel@tonic-gate 
3380Sstevel@tonic-gate /* This function needs to check if the ciphers required are actually
3390Sstevel@tonic-gate  * available */
ssl2_get_cipher_by_char(const unsigned char * p)3400Sstevel@tonic-gate SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
3410Sstevel@tonic-gate 	{
342*2139Sjp161948 	SSL_CIPHER c,*cp;
3430Sstevel@tonic-gate 	unsigned long id;
3440Sstevel@tonic-gate 
3450Sstevel@tonic-gate 	id=0x02000000L|((unsigned long)p[0]<<16L)|
3460Sstevel@tonic-gate 		((unsigned long)p[1]<<8L)|(unsigned long)p[2];
3470Sstevel@tonic-gate 	c.id=id;
348*2139Sjp161948 	cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
349*2139Sjp161948 		(char *)ssl2_ciphers,
350*2139Sjp161948 		SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER),
351*2139Sjp161948 		FP_ICC ssl_cipher_id_cmp);
352*2139Sjp161948 	if ((cp == NULL) || (cp->valid == 0))
353*2139Sjp161948 		return NULL;
3540Sstevel@tonic-gate 	else
355*2139Sjp161948 		return cp;
3560Sstevel@tonic-gate 	}
3570Sstevel@tonic-gate 
ssl2_put_cipher_by_char(const SSL_CIPHER * c,unsigned char * p)3580Sstevel@tonic-gate int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3590Sstevel@tonic-gate 	{
3600Sstevel@tonic-gate 	long l;
3610Sstevel@tonic-gate 
3620Sstevel@tonic-gate 	if (p != NULL)
3630Sstevel@tonic-gate 		{
3640Sstevel@tonic-gate 		l=c->id;
3650Sstevel@tonic-gate 		if ((l & 0xff000000) != 0x02000000) return(0);
3660Sstevel@tonic-gate 		p[0]=((unsigned char)(l>>16L))&0xFF;
3670Sstevel@tonic-gate 		p[1]=((unsigned char)(l>> 8L))&0xFF;
3680Sstevel@tonic-gate 		p[2]=((unsigned char)(l     ))&0xFF;
3690Sstevel@tonic-gate 		}
3700Sstevel@tonic-gate 	return(3);
3710Sstevel@tonic-gate 	}
3720Sstevel@tonic-gate 
ssl2_generate_key_material(SSL * s)3730Sstevel@tonic-gate int ssl2_generate_key_material(SSL *s)
3740Sstevel@tonic-gate 	{
3750Sstevel@tonic-gate 	unsigned int i;
3760Sstevel@tonic-gate 	EVP_MD_CTX ctx;
3770Sstevel@tonic-gate 	unsigned char *km;
3780Sstevel@tonic-gate 	unsigned char c='0';
3790Sstevel@tonic-gate 	const EVP_MD *md5;
3800Sstevel@tonic-gate 
3810Sstevel@tonic-gate 	md5 = EVP_md5();
3820Sstevel@tonic-gate 
3830Sstevel@tonic-gate #ifdef CHARSET_EBCDIC
3840Sstevel@tonic-gate 	c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
3850Sstevel@tonic-gate 				see SSLv2 docu */
3860Sstevel@tonic-gate #endif
3870Sstevel@tonic-gate 	EVP_MD_CTX_init(&ctx);
3880Sstevel@tonic-gate 	km=s->s2->key_material;
3890Sstevel@tonic-gate 
390*2139Sjp161948  	if (s->session->master_key_length < 0 ||
391*2139Sjp161948 			s->session->master_key_length > (int)sizeof(s->session->master_key))
3920Sstevel@tonic-gate  		{
3930Sstevel@tonic-gate  		SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
3940Sstevel@tonic-gate  		return 0;
3950Sstevel@tonic-gate  		}
3960Sstevel@tonic-gate 
3970Sstevel@tonic-gate 	for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5))
3980Sstevel@tonic-gate 		{
399*2139Sjp161948 		if (((km - s->s2->key_material) + EVP_MD_size(md5)) >
400*2139Sjp161948 				(int)sizeof(s->s2->key_material))
4010Sstevel@tonic-gate 			{
4020Sstevel@tonic-gate 			/* EVP_DigestFinal_ex() below would write beyond buffer */
4030Sstevel@tonic-gate 			SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
4040Sstevel@tonic-gate 			return 0;
4050Sstevel@tonic-gate 			}
4060Sstevel@tonic-gate 
4070Sstevel@tonic-gate 		EVP_DigestInit_ex(&ctx, md5, NULL);
4080Sstevel@tonic-gate 
4090Sstevel@tonic-gate 		OPENSSL_assert(s->session->master_key_length >= 0
4100Sstevel@tonic-gate 		    && s->session->master_key_length
411*2139Sjp161948 		    < (int)sizeof(s->session->master_key));
4120Sstevel@tonic-gate 		EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
4130Sstevel@tonic-gate 		EVP_DigestUpdate(&ctx,&c,1);
4140Sstevel@tonic-gate 		c++;
4150Sstevel@tonic-gate 		EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
4160Sstevel@tonic-gate 		EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
4170Sstevel@tonic-gate 		EVP_DigestFinal_ex(&ctx,km,NULL);
4180Sstevel@tonic-gate 		km += EVP_MD_size(md5);
4190Sstevel@tonic-gate 		}
4200Sstevel@tonic-gate 
4210Sstevel@tonic-gate 	EVP_MD_CTX_cleanup(&ctx);
4220Sstevel@tonic-gate 	return 1;
4230Sstevel@tonic-gate 	}
4240Sstevel@tonic-gate 
ssl2_return_error(SSL * s,int err)4250Sstevel@tonic-gate void ssl2_return_error(SSL *s, int err)
4260Sstevel@tonic-gate 	{
4270Sstevel@tonic-gate 	if (!s->error)
4280Sstevel@tonic-gate 		{
4290Sstevel@tonic-gate 		s->error=3;
4300Sstevel@tonic-gate 		s->error_code=err;
4310Sstevel@tonic-gate 
4320Sstevel@tonic-gate 		ssl2_write_error(s);
4330Sstevel@tonic-gate 		}
4340Sstevel@tonic-gate 	}
4350Sstevel@tonic-gate 
4360Sstevel@tonic-gate 
ssl2_write_error(SSL * s)4370Sstevel@tonic-gate void ssl2_write_error(SSL *s)
4380Sstevel@tonic-gate 	{
4390Sstevel@tonic-gate 	unsigned char buf[3];
4400Sstevel@tonic-gate 	int i,error;
4410Sstevel@tonic-gate 
4420Sstevel@tonic-gate 	buf[0]=SSL2_MT_ERROR;
4430Sstevel@tonic-gate 	buf[1]=(s->error_code>>8)&0xff;
4440Sstevel@tonic-gate 	buf[2]=(s->error_code)&0xff;
4450Sstevel@tonic-gate 
4460Sstevel@tonic-gate /*	state=s->rwstate;*/
4470Sstevel@tonic-gate 
4480Sstevel@tonic-gate 	error=s->error; /* number of bytes left to write */
4490Sstevel@tonic-gate 	s->error=0;
450*2139Sjp161948 	OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf));
4510Sstevel@tonic-gate 	i=ssl2_write(s,&(buf[3-error]),error);
4520Sstevel@tonic-gate 
4530Sstevel@tonic-gate /*	if (i == error) s->rwstate=state; */
4540Sstevel@tonic-gate 
4550Sstevel@tonic-gate 	if (i < 0)
4560Sstevel@tonic-gate 		s->error=error;
4570Sstevel@tonic-gate 	else
4580Sstevel@tonic-gate 		{
4590Sstevel@tonic-gate 		s->error=error-i;
4600Sstevel@tonic-gate 
4610Sstevel@tonic-gate 		if (s->error == 0)
4620Sstevel@tonic-gate 			if (s->msg_callback)
4630Sstevel@tonic-gate 				s->msg_callback(1, s->version, 0, buf, 3, s, s->msg_callback_arg); /* ERROR */
4640Sstevel@tonic-gate 		}
4650Sstevel@tonic-gate 	}
4660Sstevel@tonic-gate 
ssl2_shutdown(SSL * s)4670Sstevel@tonic-gate int ssl2_shutdown(SSL *s)
4680Sstevel@tonic-gate 	{
4690Sstevel@tonic-gate 	s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
4700Sstevel@tonic-gate 	return(1);
4710Sstevel@tonic-gate 	}
4720Sstevel@tonic-gate #else /* !OPENSSL_NO_SSL2 */
4730Sstevel@tonic-gate 
4740Sstevel@tonic-gate # if PEDANTIC
4750Sstevel@tonic-gate static void *dummy=&dummy;
4760Sstevel@tonic-gate # endif
4770Sstevel@tonic-gate 
4780Sstevel@tonic-gate #endif
479