10Sstevel@tonic-gate /* ssl/s2_lib.c */
20Sstevel@tonic-gate /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
30Sstevel@tonic-gate * All rights reserved.
40Sstevel@tonic-gate *
50Sstevel@tonic-gate * This package is an SSL implementation written
60Sstevel@tonic-gate * by Eric Young (eay@cryptsoft.com).
70Sstevel@tonic-gate * The implementation was written so as to conform with Netscapes SSL.
80Sstevel@tonic-gate *
90Sstevel@tonic-gate * This library is free for commercial and non-commercial use as long as
100Sstevel@tonic-gate * the following conditions are aheared to. The following conditions
110Sstevel@tonic-gate * apply to all code found in this distribution, be it the RC4, RSA,
120Sstevel@tonic-gate * lhash, DES, etc., code; not just the SSL code. The SSL documentation
130Sstevel@tonic-gate * included with this distribution is covered by the same copyright terms
140Sstevel@tonic-gate * except that the holder is Tim Hudson (tjh@cryptsoft.com).
150Sstevel@tonic-gate *
160Sstevel@tonic-gate * Copyright remains Eric Young's, and as such any Copyright notices in
170Sstevel@tonic-gate * the code are not to be removed.
180Sstevel@tonic-gate * If this package is used in a product, Eric Young should be given attribution
190Sstevel@tonic-gate * as the author of the parts of the library used.
200Sstevel@tonic-gate * This can be in the form of a textual message at program startup or
210Sstevel@tonic-gate * in documentation (online or textual) provided with the package.
220Sstevel@tonic-gate *
230Sstevel@tonic-gate * Redistribution and use in source and binary forms, with or without
240Sstevel@tonic-gate * modification, are permitted provided that the following conditions
250Sstevel@tonic-gate * are met:
260Sstevel@tonic-gate * 1. Redistributions of source code must retain the copyright
270Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer.
280Sstevel@tonic-gate * 2. Redistributions in binary form must reproduce the above copyright
290Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer in the
300Sstevel@tonic-gate * documentation and/or other materials provided with the distribution.
310Sstevel@tonic-gate * 3. All advertising materials mentioning features or use of this software
320Sstevel@tonic-gate * must display the following acknowledgement:
330Sstevel@tonic-gate * "This product includes cryptographic software written by
340Sstevel@tonic-gate * Eric Young (eay@cryptsoft.com)"
350Sstevel@tonic-gate * The word 'cryptographic' can be left out if the rouines from the library
360Sstevel@tonic-gate * being used are not cryptographic related :-).
370Sstevel@tonic-gate * 4. If you include any Windows specific code (or a derivative thereof) from
380Sstevel@tonic-gate * the apps directory (application code) you must include an acknowledgement:
390Sstevel@tonic-gate * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
400Sstevel@tonic-gate *
410Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
420Sstevel@tonic-gate * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
430Sstevel@tonic-gate * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
440Sstevel@tonic-gate * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
450Sstevel@tonic-gate * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
460Sstevel@tonic-gate * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
470Sstevel@tonic-gate * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
480Sstevel@tonic-gate * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
490Sstevel@tonic-gate * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
500Sstevel@tonic-gate * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
510Sstevel@tonic-gate * SUCH DAMAGE.
520Sstevel@tonic-gate *
530Sstevel@tonic-gate * The licence and distribution terms for any publically available version or
540Sstevel@tonic-gate * derivative of this code cannot be changed. i.e. this code cannot simply be
550Sstevel@tonic-gate * copied and put under another distribution licence
560Sstevel@tonic-gate * [including the GNU Public Licence.]
570Sstevel@tonic-gate */
580Sstevel@tonic-gate
590Sstevel@tonic-gate #include "ssl_locl.h"
600Sstevel@tonic-gate #ifndef OPENSSL_NO_SSL2
610Sstevel@tonic-gate #include <stdio.h>
620Sstevel@tonic-gate #include <openssl/objects.h>
630Sstevel@tonic-gate #include <openssl/evp.h>
640Sstevel@tonic-gate #include <openssl/md5.h>
650Sstevel@tonic-gate
660Sstevel@tonic-gate const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
670Sstevel@tonic-gate
680Sstevel@tonic-gate #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
690Sstevel@tonic-gate
70*2139Sjp161948 /* list of available SSLv2 ciphers (sorted by id) */
710Sstevel@tonic-gate OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
720Sstevel@tonic-gate /* NULL_WITH_MD5 v3 */
730Sstevel@tonic-gate #if 0
740Sstevel@tonic-gate {
750Sstevel@tonic-gate 1,
760Sstevel@tonic-gate SSL2_TXT_NULL_WITH_MD5,
770Sstevel@tonic-gate SSL2_CK_NULL_WITH_MD5,
780Sstevel@tonic-gate SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
790Sstevel@tonic-gate SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
800Sstevel@tonic-gate 0,
810Sstevel@tonic-gate 0,
820Sstevel@tonic-gate 0,
830Sstevel@tonic-gate SSL_ALL_CIPHERS,
840Sstevel@tonic-gate SSL_ALL_STRENGTHS,
850Sstevel@tonic-gate },
860Sstevel@tonic-gate #endif
87*2139Sjp161948 /* RC4_128_WITH_MD5 */
88*2139Sjp161948 {
89*2139Sjp161948 1,
90*2139Sjp161948 SSL2_TXT_RC4_128_WITH_MD5,
91*2139Sjp161948 SSL2_CK_RC4_128_WITH_MD5,
92*2139Sjp161948 SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
93*2139Sjp161948 SSL_NOT_EXP|SSL_MEDIUM,
94*2139Sjp161948 0,
95*2139Sjp161948 128,
96*2139Sjp161948 128,
97*2139Sjp161948 SSL_ALL_CIPHERS,
98*2139Sjp161948 SSL_ALL_STRENGTHS,
99*2139Sjp161948 },
1000Sstevel@tonic-gate /* RC4_128_EXPORT40_WITH_MD5 */
1010Sstevel@tonic-gate {
1020Sstevel@tonic-gate 1,
1030Sstevel@tonic-gate SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
1040Sstevel@tonic-gate SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
1050Sstevel@tonic-gate SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
1060Sstevel@tonic-gate SSL_EXPORT|SSL_EXP40,
1070Sstevel@tonic-gate SSL2_CF_5_BYTE_ENC,
1080Sstevel@tonic-gate 40,
1090Sstevel@tonic-gate 128,
1100Sstevel@tonic-gate SSL_ALL_CIPHERS,
1110Sstevel@tonic-gate SSL_ALL_STRENGTHS,
1120Sstevel@tonic-gate },
113*2139Sjp161948 /* RC2_128_CBC_WITH_MD5 */
1140Sstevel@tonic-gate {
1150Sstevel@tonic-gate 1,
116*2139Sjp161948 SSL2_TXT_RC2_128_CBC_WITH_MD5,
117*2139Sjp161948 SSL2_CK_RC2_128_CBC_WITH_MD5,
118*2139Sjp161948 SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
1190Sstevel@tonic-gate SSL_NOT_EXP|SSL_MEDIUM,
1200Sstevel@tonic-gate 0,
1210Sstevel@tonic-gate 128,
1220Sstevel@tonic-gate 128,
1230Sstevel@tonic-gate SSL_ALL_CIPHERS,
1240Sstevel@tonic-gate SSL_ALL_STRENGTHS,
1250Sstevel@tonic-gate },
1260Sstevel@tonic-gate /* RC2_128_CBC_EXPORT40_WITH_MD5 */
1270Sstevel@tonic-gate {
1280Sstevel@tonic-gate 1,
1290Sstevel@tonic-gate SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
1300Sstevel@tonic-gate SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
1310Sstevel@tonic-gate SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
1320Sstevel@tonic-gate SSL_EXPORT|SSL_EXP40,
1330Sstevel@tonic-gate SSL2_CF_5_BYTE_ENC,
1340Sstevel@tonic-gate 40,
1350Sstevel@tonic-gate 128,
1360Sstevel@tonic-gate SSL_ALL_CIPHERS,
1370Sstevel@tonic-gate SSL_ALL_STRENGTHS,
1380Sstevel@tonic-gate },
1390Sstevel@tonic-gate /* IDEA_128_CBC_WITH_MD5 */
1400Sstevel@tonic-gate #ifndef OPENSSL_NO_IDEA
1410Sstevel@tonic-gate {
1420Sstevel@tonic-gate 1,
1430Sstevel@tonic-gate SSL2_TXT_IDEA_128_CBC_WITH_MD5,
1440Sstevel@tonic-gate SSL2_CK_IDEA_128_CBC_WITH_MD5,
1450Sstevel@tonic-gate SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_SSLV2,
1460Sstevel@tonic-gate SSL_NOT_EXP|SSL_MEDIUM,
1470Sstevel@tonic-gate 0,
1480Sstevel@tonic-gate 128,
1490Sstevel@tonic-gate 128,
1500Sstevel@tonic-gate SSL_ALL_CIPHERS,
1510Sstevel@tonic-gate SSL_ALL_STRENGTHS,
1520Sstevel@tonic-gate },
1530Sstevel@tonic-gate #endif
1540Sstevel@tonic-gate /* DES_64_CBC_WITH_MD5 */
1550Sstevel@tonic-gate {
1560Sstevel@tonic-gate 1,
1570Sstevel@tonic-gate SSL2_TXT_DES_64_CBC_WITH_MD5,
1580Sstevel@tonic-gate SSL2_CK_DES_64_CBC_WITH_MD5,
1590Sstevel@tonic-gate SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_SSLV2,
1600Sstevel@tonic-gate SSL_NOT_EXP|SSL_LOW,
1610Sstevel@tonic-gate 0,
1620Sstevel@tonic-gate 56,
1630Sstevel@tonic-gate 56,
1640Sstevel@tonic-gate SSL_ALL_CIPHERS,
1650Sstevel@tonic-gate SSL_ALL_STRENGTHS,
1660Sstevel@tonic-gate },
1670Sstevel@tonic-gate /* DES_192_EDE3_CBC_WITH_MD5 */
1680Sstevel@tonic-gate {
1690Sstevel@tonic-gate 1,
1700Sstevel@tonic-gate SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
1710Sstevel@tonic-gate SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
1720Sstevel@tonic-gate SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_SSLV2,
1730Sstevel@tonic-gate SSL_NOT_EXP|SSL_HIGH,
1740Sstevel@tonic-gate 0,
1750Sstevel@tonic-gate 168,
1760Sstevel@tonic-gate 168,
1770Sstevel@tonic-gate SSL_ALL_CIPHERS,
1780Sstevel@tonic-gate SSL_ALL_STRENGTHS,
1790Sstevel@tonic-gate },
1800Sstevel@tonic-gate /* RC4_64_WITH_MD5 */
1810Sstevel@tonic-gate #if 1
1820Sstevel@tonic-gate {
1830Sstevel@tonic-gate 1,
1840Sstevel@tonic-gate SSL2_TXT_RC4_64_WITH_MD5,
1850Sstevel@tonic-gate SSL2_CK_RC4_64_WITH_MD5,
1860Sstevel@tonic-gate SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
1870Sstevel@tonic-gate SSL_NOT_EXP|SSL_LOW,
1880Sstevel@tonic-gate SSL2_CF_8_BYTE_ENC,
1890Sstevel@tonic-gate 64,
1900Sstevel@tonic-gate 64,
1910Sstevel@tonic-gate SSL_ALL_CIPHERS,
1920Sstevel@tonic-gate SSL_ALL_STRENGTHS,
1930Sstevel@tonic-gate },
1940Sstevel@tonic-gate #endif
1950Sstevel@tonic-gate /* NULL SSLeay (testing) */
1960Sstevel@tonic-gate #if 0
1970Sstevel@tonic-gate {
1980Sstevel@tonic-gate 0,
1990Sstevel@tonic-gate SSL2_TXT_NULL,
2000Sstevel@tonic-gate SSL2_CK_NULL,
2010Sstevel@tonic-gate 0,
2020Sstevel@tonic-gate SSL_STRONG_NONE,
2030Sstevel@tonic-gate 0,
2040Sstevel@tonic-gate 0,
2050Sstevel@tonic-gate 0,
2060Sstevel@tonic-gate SSL_ALL_CIPHERS,
2070Sstevel@tonic-gate SSL_ALL_STRENGTHS,
2080Sstevel@tonic-gate },
2090Sstevel@tonic-gate #endif
2100Sstevel@tonic-gate
2110Sstevel@tonic-gate /* end of list :-) */
2120Sstevel@tonic-gate };
2130Sstevel@tonic-gate
ssl2_default_timeout(void)214*2139Sjp161948 long ssl2_default_timeout(void)
2150Sstevel@tonic-gate {
2160Sstevel@tonic-gate return(300);
2170Sstevel@tonic-gate }
2180Sstevel@tonic-gate
IMPLEMENT_ssl2_meth_func(sslv2_base_method,ssl_undefined_function,ssl_undefined_function,ssl_bad_method)219*2139Sjp161948 IMPLEMENT_ssl2_meth_func(sslv2_base_method,
220*2139Sjp161948 ssl_undefined_function,
221*2139Sjp161948 ssl_undefined_function,
222*2139Sjp161948 ssl_bad_method)
2230Sstevel@tonic-gate
2240Sstevel@tonic-gate int ssl2_num_ciphers(void)
2250Sstevel@tonic-gate {
2260Sstevel@tonic-gate return(SSL2_NUM_CIPHERS);
2270Sstevel@tonic-gate }
2280Sstevel@tonic-gate
ssl2_get_cipher(unsigned int u)2290Sstevel@tonic-gate SSL_CIPHER *ssl2_get_cipher(unsigned int u)
2300Sstevel@tonic-gate {
2310Sstevel@tonic-gate if (u < SSL2_NUM_CIPHERS)
2320Sstevel@tonic-gate return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u]));
2330Sstevel@tonic-gate else
2340Sstevel@tonic-gate return(NULL);
2350Sstevel@tonic-gate }
2360Sstevel@tonic-gate
ssl2_pending(const SSL * s)237*2139Sjp161948 int ssl2_pending(const SSL *s)
2380Sstevel@tonic-gate {
2390Sstevel@tonic-gate return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
2400Sstevel@tonic-gate }
2410Sstevel@tonic-gate
ssl2_new(SSL * s)2420Sstevel@tonic-gate int ssl2_new(SSL *s)
2430Sstevel@tonic-gate {
2440Sstevel@tonic-gate SSL2_STATE *s2;
2450Sstevel@tonic-gate
2460Sstevel@tonic-gate if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err;
2470Sstevel@tonic-gate memset(s2,0,sizeof *s2);
2480Sstevel@tonic-gate
2490Sstevel@tonic-gate #if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
2500Sstevel@tonic-gate # error "assertion failed"
2510Sstevel@tonic-gate #endif
2520Sstevel@tonic-gate
2530Sstevel@tonic-gate if ((s2->rbuf=OPENSSL_malloc(
2540Sstevel@tonic-gate SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
2550Sstevel@tonic-gate /* wbuf needs one byte more because when using two-byte headers,
2560Sstevel@tonic-gate * we leave the first byte unused in do_ssl_write (s2_pkt.c) */
2570Sstevel@tonic-gate if ((s2->wbuf=OPENSSL_malloc(
2580Sstevel@tonic-gate SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err;
2590Sstevel@tonic-gate s->s2=s2;
2600Sstevel@tonic-gate
2610Sstevel@tonic-gate ssl2_clear(s);
2620Sstevel@tonic-gate return(1);
2630Sstevel@tonic-gate err:
2640Sstevel@tonic-gate if (s2 != NULL)
2650Sstevel@tonic-gate {
2660Sstevel@tonic-gate if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
2670Sstevel@tonic-gate if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
2680Sstevel@tonic-gate OPENSSL_free(s2);
2690Sstevel@tonic-gate }
2700Sstevel@tonic-gate return(0);
2710Sstevel@tonic-gate }
2720Sstevel@tonic-gate
ssl2_free(SSL * s)2730Sstevel@tonic-gate void ssl2_free(SSL *s)
2740Sstevel@tonic-gate {
2750Sstevel@tonic-gate SSL2_STATE *s2;
2760Sstevel@tonic-gate
2770Sstevel@tonic-gate if(s == NULL)
2780Sstevel@tonic-gate return;
2790Sstevel@tonic-gate
2800Sstevel@tonic-gate s2=s->s2;
2810Sstevel@tonic-gate if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
2820Sstevel@tonic-gate if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
2830Sstevel@tonic-gate OPENSSL_cleanse(s2,sizeof *s2);
2840Sstevel@tonic-gate OPENSSL_free(s2);
2850Sstevel@tonic-gate s->s2=NULL;
2860Sstevel@tonic-gate }
2870Sstevel@tonic-gate
ssl2_clear(SSL * s)2880Sstevel@tonic-gate void ssl2_clear(SSL *s)
2890Sstevel@tonic-gate {
2900Sstevel@tonic-gate SSL2_STATE *s2;
2910Sstevel@tonic-gate unsigned char *rbuf,*wbuf;
2920Sstevel@tonic-gate
2930Sstevel@tonic-gate s2=s->s2;
2940Sstevel@tonic-gate
2950Sstevel@tonic-gate rbuf=s2->rbuf;
2960Sstevel@tonic-gate wbuf=s2->wbuf;
2970Sstevel@tonic-gate
2980Sstevel@tonic-gate memset(s2,0,sizeof *s2);
2990Sstevel@tonic-gate
3000Sstevel@tonic-gate s2->rbuf=rbuf;
3010Sstevel@tonic-gate s2->wbuf=wbuf;
3020Sstevel@tonic-gate s2->clear_text=1;
3030Sstevel@tonic-gate s->packet=s2->rbuf;
3040Sstevel@tonic-gate s->version=SSL2_VERSION;
3050Sstevel@tonic-gate s->packet_length=0;
3060Sstevel@tonic-gate }
3070Sstevel@tonic-gate
ssl2_ctrl(SSL * s,int cmd,long larg,void * parg)3080Sstevel@tonic-gate long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)
3090Sstevel@tonic-gate {
3100Sstevel@tonic-gate int ret=0;
3110Sstevel@tonic-gate
3120Sstevel@tonic-gate switch(cmd)
3130Sstevel@tonic-gate {
3140Sstevel@tonic-gate case SSL_CTRL_GET_SESSION_REUSED:
3150Sstevel@tonic-gate ret=s->hit;
3160Sstevel@tonic-gate break;
3170Sstevel@tonic-gate default:
3180Sstevel@tonic-gate break;
3190Sstevel@tonic-gate }
3200Sstevel@tonic-gate return(ret);
3210Sstevel@tonic-gate }
3220Sstevel@tonic-gate
ssl2_callback_ctrl(SSL * s,int cmd,void (* fp)(void))323*2139Sjp161948 long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
3240Sstevel@tonic-gate {
3250Sstevel@tonic-gate return(0);
3260Sstevel@tonic-gate }
3270Sstevel@tonic-gate
ssl2_ctx_ctrl(SSL_CTX * ctx,int cmd,long larg,void * parg)3280Sstevel@tonic-gate long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3290Sstevel@tonic-gate {
3300Sstevel@tonic-gate return(0);
3310Sstevel@tonic-gate }
3320Sstevel@tonic-gate
ssl2_ctx_callback_ctrl(SSL_CTX * ctx,int cmd,void (* fp)(void))333*2139Sjp161948 long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
3340Sstevel@tonic-gate {
3350Sstevel@tonic-gate return(0);
3360Sstevel@tonic-gate }
3370Sstevel@tonic-gate
3380Sstevel@tonic-gate /* This function needs to check if the ciphers required are actually
3390Sstevel@tonic-gate * available */
ssl2_get_cipher_by_char(const unsigned char * p)3400Sstevel@tonic-gate SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
3410Sstevel@tonic-gate {
342*2139Sjp161948 SSL_CIPHER c,*cp;
3430Sstevel@tonic-gate unsigned long id;
3440Sstevel@tonic-gate
3450Sstevel@tonic-gate id=0x02000000L|((unsigned long)p[0]<<16L)|
3460Sstevel@tonic-gate ((unsigned long)p[1]<<8L)|(unsigned long)p[2];
3470Sstevel@tonic-gate c.id=id;
348*2139Sjp161948 cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
349*2139Sjp161948 (char *)ssl2_ciphers,
350*2139Sjp161948 SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER),
351*2139Sjp161948 FP_ICC ssl_cipher_id_cmp);
352*2139Sjp161948 if ((cp == NULL) || (cp->valid == 0))
353*2139Sjp161948 return NULL;
3540Sstevel@tonic-gate else
355*2139Sjp161948 return cp;
3560Sstevel@tonic-gate }
3570Sstevel@tonic-gate
ssl2_put_cipher_by_char(const SSL_CIPHER * c,unsigned char * p)3580Sstevel@tonic-gate int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3590Sstevel@tonic-gate {
3600Sstevel@tonic-gate long l;
3610Sstevel@tonic-gate
3620Sstevel@tonic-gate if (p != NULL)
3630Sstevel@tonic-gate {
3640Sstevel@tonic-gate l=c->id;
3650Sstevel@tonic-gate if ((l & 0xff000000) != 0x02000000) return(0);
3660Sstevel@tonic-gate p[0]=((unsigned char)(l>>16L))&0xFF;
3670Sstevel@tonic-gate p[1]=((unsigned char)(l>> 8L))&0xFF;
3680Sstevel@tonic-gate p[2]=((unsigned char)(l ))&0xFF;
3690Sstevel@tonic-gate }
3700Sstevel@tonic-gate return(3);
3710Sstevel@tonic-gate }
3720Sstevel@tonic-gate
ssl2_generate_key_material(SSL * s)3730Sstevel@tonic-gate int ssl2_generate_key_material(SSL *s)
3740Sstevel@tonic-gate {
3750Sstevel@tonic-gate unsigned int i;
3760Sstevel@tonic-gate EVP_MD_CTX ctx;
3770Sstevel@tonic-gate unsigned char *km;
3780Sstevel@tonic-gate unsigned char c='0';
3790Sstevel@tonic-gate const EVP_MD *md5;
3800Sstevel@tonic-gate
3810Sstevel@tonic-gate md5 = EVP_md5();
3820Sstevel@tonic-gate
3830Sstevel@tonic-gate #ifdef CHARSET_EBCDIC
3840Sstevel@tonic-gate c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
3850Sstevel@tonic-gate see SSLv2 docu */
3860Sstevel@tonic-gate #endif
3870Sstevel@tonic-gate EVP_MD_CTX_init(&ctx);
3880Sstevel@tonic-gate km=s->s2->key_material;
3890Sstevel@tonic-gate
390*2139Sjp161948 if (s->session->master_key_length < 0 ||
391*2139Sjp161948 s->session->master_key_length > (int)sizeof(s->session->master_key))
3920Sstevel@tonic-gate {
3930Sstevel@tonic-gate SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
3940Sstevel@tonic-gate return 0;
3950Sstevel@tonic-gate }
3960Sstevel@tonic-gate
3970Sstevel@tonic-gate for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5))
3980Sstevel@tonic-gate {
399*2139Sjp161948 if (((km - s->s2->key_material) + EVP_MD_size(md5)) >
400*2139Sjp161948 (int)sizeof(s->s2->key_material))
4010Sstevel@tonic-gate {
4020Sstevel@tonic-gate /* EVP_DigestFinal_ex() below would write beyond buffer */
4030Sstevel@tonic-gate SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
4040Sstevel@tonic-gate return 0;
4050Sstevel@tonic-gate }
4060Sstevel@tonic-gate
4070Sstevel@tonic-gate EVP_DigestInit_ex(&ctx, md5, NULL);
4080Sstevel@tonic-gate
4090Sstevel@tonic-gate OPENSSL_assert(s->session->master_key_length >= 0
4100Sstevel@tonic-gate && s->session->master_key_length
411*2139Sjp161948 < (int)sizeof(s->session->master_key));
4120Sstevel@tonic-gate EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
4130Sstevel@tonic-gate EVP_DigestUpdate(&ctx,&c,1);
4140Sstevel@tonic-gate c++;
4150Sstevel@tonic-gate EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
4160Sstevel@tonic-gate EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
4170Sstevel@tonic-gate EVP_DigestFinal_ex(&ctx,km,NULL);
4180Sstevel@tonic-gate km += EVP_MD_size(md5);
4190Sstevel@tonic-gate }
4200Sstevel@tonic-gate
4210Sstevel@tonic-gate EVP_MD_CTX_cleanup(&ctx);
4220Sstevel@tonic-gate return 1;
4230Sstevel@tonic-gate }
4240Sstevel@tonic-gate
ssl2_return_error(SSL * s,int err)4250Sstevel@tonic-gate void ssl2_return_error(SSL *s, int err)
4260Sstevel@tonic-gate {
4270Sstevel@tonic-gate if (!s->error)
4280Sstevel@tonic-gate {
4290Sstevel@tonic-gate s->error=3;
4300Sstevel@tonic-gate s->error_code=err;
4310Sstevel@tonic-gate
4320Sstevel@tonic-gate ssl2_write_error(s);
4330Sstevel@tonic-gate }
4340Sstevel@tonic-gate }
4350Sstevel@tonic-gate
4360Sstevel@tonic-gate
ssl2_write_error(SSL * s)4370Sstevel@tonic-gate void ssl2_write_error(SSL *s)
4380Sstevel@tonic-gate {
4390Sstevel@tonic-gate unsigned char buf[3];
4400Sstevel@tonic-gate int i,error;
4410Sstevel@tonic-gate
4420Sstevel@tonic-gate buf[0]=SSL2_MT_ERROR;
4430Sstevel@tonic-gate buf[1]=(s->error_code>>8)&0xff;
4440Sstevel@tonic-gate buf[2]=(s->error_code)&0xff;
4450Sstevel@tonic-gate
4460Sstevel@tonic-gate /* state=s->rwstate;*/
4470Sstevel@tonic-gate
4480Sstevel@tonic-gate error=s->error; /* number of bytes left to write */
4490Sstevel@tonic-gate s->error=0;
450*2139Sjp161948 OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf));
4510Sstevel@tonic-gate i=ssl2_write(s,&(buf[3-error]),error);
4520Sstevel@tonic-gate
4530Sstevel@tonic-gate /* if (i == error) s->rwstate=state; */
4540Sstevel@tonic-gate
4550Sstevel@tonic-gate if (i < 0)
4560Sstevel@tonic-gate s->error=error;
4570Sstevel@tonic-gate else
4580Sstevel@tonic-gate {
4590Sstevel@tonic-gate s->error=error-i;
4600Sstevel@tonic-gate
4610Sstevel@tonic-gate if (s->error == 0)
4620Sstevel@tonic-gate if (s->msg_callback)
4630Sstevel@tonic-gate s->msg_callback(1, s->version, 0, buf, 3, s, s->msg_callback_arg); /* ERROR */
4640Sstevel@tonic-gate }
4650Sstevel@tonic-gate }
4660Sstevel@tonic-gate
ssl2_shutdown(SSL * s)4670Sstevel@tonic-gate int ssl2_shutdown(SSL *s)
4680Sstevel@tonic-gate {
4690Sstevel@tonic-gate s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
4700Sstevel@tonic-gate return(1);
4710Sstevel@tonic-gate }
4720Sstevel@tonic-gate #else /* !OPENSSL_NO_SSL2 */
4730Sstevel@tonic-gate
4740Sstevel@tonic-gate # if PEDANTIC
4750Sstevel@tonic-gate static void *dummy=&dummy;
4760Sstevel@tonic-gate # endif
4770Sstevel@tonic-gate
4780Sstevel@tonic-gate #endif
479