1*0Sstevel@tonic-gate /* ssl/s23_lib.c */ 2*0Sstevel@tonic-gate /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3*0Sstevel@tonic-gate * All rights reserved. 4*0Sstevel@tonic-gate * 5*0Sstevel@tonic-gate * This package is an SSL implementation written 6*0Sstevel@tonic-gate * by Eric Young (eay@cryptsoft.com). 7*0Sstevel@tonic-gate * The implementation was written so as to conform with Netscapes SSL. 8*0Sstevel@tonic-gate * 9*0Sstevel@tonic-gate * This library is free for commercial and non-commercial use as long as 10*0Sstevel@tonic-gate * the following conditions are aheared to. The following conditions 11*0Sstevel@tonic-gate * apply to all code found in this distribution, be it the RC4, RSA, 12*0Sstevel@tonic-gate * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13*0Sstevel@tonic-gate * included with this distribution is covered by the same copyright terms 14*0Sstevel@tonic-gate * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15*0Sstevel@tonic-gate * 16*0Sstevel@tonic-gate * Copyright remains Eric Young's, and as such any Copyright notices in 17*0Sstevel@tonic-gate * the code are not to be removed. 18*0Sstevel@tonic-gate * If this package is used in a product, Eric Young should be given attribution 19*0Sstevel@tonic-gate * as the author of the parts of the library used. 20*0Sstevel@tonic-gate * This can be in the form of a textual message at program startup or 21*0Sstevel@tonic-gate * in documentation (online or textual) provided with the package. 22*0Sstevel@tonic-gate * 23*0Sstevel@tonic-gate * Redistribution and use in source and binary forms, with or without 24*0Sstevel@tonic-gate * modification, are permitted provided that the following conditions 25*0Sstevel@tonic-gate * are met: 26*0Sstevel@tonic-gate * 1. Redistributions of source code must retain the copyright 27*0Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer. 28*0Sstevel@tonic-gate * 2. Redistributions in binary form must reproduce the above copyright 29*0Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer in the 30*0Sstevel@tonic-gate * documentation and/or other materials provided with the distribution. 31*0Sstevel@tonic-gate * 3. All advertising materials mentioning features or use of this software 32*0Sstevel@tonic-gate * must display the following acknowledgement: 33*0Sstevel@tonic-gate * "This product includes cryptographic software written by 34*0Sstevel@tonic-gate * Eric Young (eay@cryptsoft.com)" 35*0Sstevel@tonic-gate * The word 'cryptographic' can be left out if the rouines from the library 36*0Sstevel@tonic-gate * being used are not cryptographic related :-). 37*0Sstevel@tonic-gate * 4. If you include any Windows specific code (or a derivative thereof) from 38*0Sstevel@tonic-gate * the apps directory (application code) you must include an acknowledgement: 39*0Sstevel@tonic-gate * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40*0Sstevel@tonic-gate * 41*0Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42*0Sstevel@tonic-gate * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43*0Sstevel@tonic-gate * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44*0Sstevel@tonic-gate * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45*0Sstevel@tonic-gate * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46*0Sstevel@tonic-gate * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47*0Sstevel@tonic-gate * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48*0Sstevel@tonic-gate * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49*0Sstevel@tonic-gate * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50*0Sstevel@tonic-gate * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51*0Sstevel@tonic-gate * SUCH DAMAGE. 52*0Sstevel@tonic-gate * 53*0Sstevel@tonic-gate * The licence and distribution terms for any publically available version or 54*0Sstevel@tonic-gate * derivative of this code cannot be changed. i.e. this code cannot simply be 55*0Sstevel@tonic-gate * copied and put under another distribution licence 56*0Sstevel@tonic-gate * [including the GNU Public Licence.] 57*0Sstevel@tonic-gate */ 58*0Sstevel@tonic-gate 59*0Sstevel@tonic-gate #include <stdio.h> 60*0Sstevel@tonic-gate #include <openssl/objects.h> 61*0Sstevel@tonic-gate #include "ssl_locl.h" 62*0Sstevel@tonic-gate 63*0Sstevel@tonic-gate static int ssl23_num_ciphers(void ); 64*0Sstevel@tonic-gate static SSL_CIPHER *ssl23_get_cipher(unsigned int u); 65*0Sstevel@tonic-gate static int ssl23_read(SSL *s, void *buf, int len); 66*0Sstevel@tonic-gate static int ssl23_peek(SSL *s, void *buf, int len); 67*0Sstevel@tonic-gate static int ssl23_write(SSL *s, const void *buf, int len); 68*0Sstevel@tonic-gate static long ssl23_default_timeout(void ); 69*0Sstevel@tonic-gate static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); 70*0Sstevel@tonic-gate static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); 71*0Sstevel@tonic-gate const char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT; 72*0Sstevel@tonic-gate 73*0Sstevel@tonic-gate static SSL_METHOD SSLv23_data= { 74*0Sstevel@tonic-gate TLS1_VERSION, 75*0Sstevel@tonic-gate tls1_new, 76*0Sstevel@tonic-gate tls1_clear, 77*0Sstevel@tonic-gate tls1_free, 78*0Sstevel@tonic-gate ssl_undefined_function, 79*0Sstevel@tonic-gate ssl_undefined_function, 80*0Sstevel@tonic-gate ssl23_read, 81*0Sstevel@tonic-gate ssl23_peek, 82*0Sstevel@tonic-gate ssl23_write, 83*0Sstevel@tonic-gate ssl_undefined_function, 84*0Sstevel@tonic-gate ssl_undefined_function, 85*0Sstevel@tonic-gate ssl_ok, 86*0Sstevel@tonic-gate ssl3_ctrl, 87*0Sstevel@tonic-gate ssl3_ctx_ctrl, 88*0Sstevel@tonic-gate ssl23_get_cipher_by_char, 89*0Sstevel@tonic-gate ssl23_put_cipher_by_char, 90*0Sstevel@tonic-gate ssl_undefined_function, 91*0Sstevel@tonic-gate ssl23_num_ciphers, 92*0Sstevel@tonic-gate ssl23_get_cipher, 93*0Sstevel@tonic-gate ssl_bad_method, 94*0Sstevel@tonic-gate ssl23_default_timeout, 95*0Sstevel@tonic-gate &ssl3_undef_enc_method, 96*0Sstevel@tonic-gate ssl_undefined_function, 97*0Sstevel@tonic-gate ssl3_callback_ctrl, 98*0Sstevel@tonic-gate ssl3_ctx_callback_ctrl, 99*0Sstevel@tonic-gate }; 100*0Sstevel@tonic-gate 101*0Sstevel@tonic-gate static long ssl23_default_timeout(void) 102*0Sstevel@tonic-gate { 103*0Sstevel@tonic-gate return(300); 104*0Sstevel@tonic-gate } 105*0Sstevel@tonic-gate 106*0Sstevel@tonic-gate SSL_METHOD *sslv23_base_method(void) 107*0Sstevel@tonic-gate { 108*0Sstevel@tonic-gate return(&SSLv23_data); 109*0Sstevel@tonic-gate } 110*0Sstevel@tonic-gate 111*0Sstevel@tonic-gate static int ssl23_num_ciphers(void) 112*0Sstevel@tonic-gate { 113*0Sstevel@tonic-gate return(ssl3_num_ciphers() 114*0Sstevel@tonic-gate #ifndef OPENSSL_NO_SSL2 115*0Sstevel@tonic-gate + ssl2_num_ciphers() 116*0Sstevel@tonic-gate #endif 117*0Sstevel@tonic-gate ); 118*0Sstevel@tonic-gate } 119*0Sstevel@tonic-gate 120*0Sstevel@tonic-gate static SSL_CIPHER *ssl23_get_cipher(unsigned int u) 121*0Sstevel@tonic-gate { 122*0Sstevel@tonic-gate unsigned int uu=ssl3_num_ciphers(); 123*0Sstevel@tonic-gate 124*0Sstevel@tonic-gate if (u < uu) 125*0Sstevel@tonic-gate return(ssl3_get_cipher(u)); 126*0Sstevel@tonic-gate else 127*0Sstevel@tonic-gate #ifndef OPENSSL_NO_SSL2 128*0Sstevel@tonic-gate return(ssl2_get_cipher(u-uu)); 129*0Sstevel@tonic-gate #else 130*0Sstevel@tonic-gate return(NULL); 131*0Sstevel@tonic-gate #endif 132*0Sstevel@tonic-gate } 133*0Sstevel@tonic-gate 134*0Sstevel@tonic-gate /* This function needs to check if the ciphers required are actually 135*0Sstevel@tonic-gate * available */ 136*0Sstevel@tonic-gate static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) 137*0Sstevel@tonic-gate { 138*0Sstevel@tonic-gate SSL_CIPHER c,*cp; 139*0Sstevel@tonic-gate unsigned long id; 140*0Sstevel@tonic-gate int n; 141*0Sstevel@tonic-gate 142*0Sstevel@tonic-gate n=ssl3_num_ciphers(); 143*0Sstevel@tonic-gate id=0x03000000|((unsigned long)p[0]<<16L)| 144*0Sstevel@tonic-gate ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; 145*0Sstevel@tonic-gate c.id=id; 146*0Sstevel@tonic-gate cp=ssl3_get_cipher_by_char(p); 147*0Sstevel@tonic-gate #ifndef OPENSSL_NO_SSL2 148*0Sstevel@tonic-gate if (cp == NULL) 149*0Sstevel@tonic-gate cp=ssl2_get_cipher_by_char(p); 150*0Sstevel@tonic-gate #endif 151*0Sstevel@tonic-gate return(cp); 152*0Sstevel@tonic-gate } 153*0Sstevel@tonic-gate 154*0Sstevel@tonic-gate static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) 155*0Sstevel@tonic-gate { 156*0Sstevel@tonic-gate long l; 157*0Sstevel@tonic-gate 158*0Sstevel@tonic-gate /* We can write SSLv2 and SSLv3 ciphers */ 159*0Sstevel@tonic-gate if (p != NULL) 160*0Sstevel@tonic-gate { 161*0Sstevel@tonic-gate l=c->id; 162*0Sstevel@tonic-gate p[0]=((unsigned char)(l>>16L))&0xFF; 163*0Sstevel@tonic-gate p[1]=((unsigned char)(l>> 8L))&0xFF; 164*0Sstevel@tonic-gate p[2]=((unsigned char)(l ))&0xFF; 165*0Sstevel@tonic-gate } 166*0Sstevel@tonic-gate return(3); 167*0Sstevel@tonic-gate } 168*0Sstevel@tonic-gate 169*0Sstevel@tonic-gate static int ssl23_read(SSL *s, void *buf, int len) 170*0Sstevel@tonic-gate { 171*0Sstevel@tonic-gate int n; 172*0Sstevel@tonic-gate 173*0Sstevel@tonic-gate clear_sys_error(); 174*0Sstevel@tonic-gate if (SSL_in_init(s) && (!s->in_handshake)) 175*0Sstevel@tonic-gate { 176*0Sstevel@tonic-gate n=s->handshake_func(s); 177*0Sstevel@tonic-gate if (n < 0) return(n); 178*0Sstevel@tonic-gate if (n == 0) 179*0Sstevel@tonic-gate { 180*0Sstevel@tonic-gate SSLerr(SSL_F_SSL23_READ,SSL_R_SSL_HANDSHAKE_FAILURE); 181*0Sstevel@tonic-gate return(-1); 182*0Sstevel@tonic-gate } 183*0Sstevel@tonic-gate return(SSL_read(s,buf,len)); 184*0Sstevel@tonic-gate } 185*0Sstevel@tonic-gate else 186*0Sstevel@tonic-gate { 187*0Sstevel@tonic-gate ssl_undefined_function(s); 188*0Sstevel@tonic-gate return(-1); 189*0Sstevel@tonic-gate } 190*0Sstevel@tonic-gate } 191*0Sstevel@tonic-gate 192*0Sstevel@tonic-gate static int ssl23_peek(SSL *s, void *buf, int len) 193*0Sstevel@tonic-gate { 194*0Sstevel@tonic-gate int n; 195*0Sstevel@tonic-gate 196*0Sstevel@tonic-gate clear_sys_error(); 197*0Sstevel@tonic-gate if (SSL_in_init(s) && (!s->in_handshake)) 198*0Sstevel@tonic-gate { 199*0Sstevel@tonic-gate n=s->handshake_func(s); 200*0Sstevel@tonic-gate if (n < 0) return(n); 201*0Sstevel@tonic-gate if (n == 0) 202*0Sstevel@tonic-gate { 203*0Sstevel@tonic-gate SSLerr(SSL_F_SSL23_PEEK,SSL_R_SSL_HANDSHAKE_FAILURE); 204*0Sstevel@tonic-gate return(-1); 205*0Sstevel@tonic-gate } 206*0Sstevel@tonic-gate return(SSL_peek(s,buf,len)); 207*0Sstevel@tonic-gate } 208*0Sstevel@tonic-gate else 209*0Sstevel@tonic-gate { 210*0Sstevel@tonic-gate ssl_undefined_function(s); 211*0Sstevel@tonic-gate return(-1); 212*0Sstevel@tonic-gate } 213*0Sstevel@tonic-gate } 214*0Sstevel@tonic-gate 215*0Sstevel@tonic-gate static int ssl23_write(SSL *s, const void *buf, int len) 216*0Sstevel@tonic-gate { 217*0Sstevel@tonic-gate int n; 218*0Sstevel@tonic-gate 219*0Sstevel@tonic-gate clear_sys_error(); 220*0Sstevel@tonic-gate if (SSL_in_init(s) && (!s->in_handshake)) 221*0Sstevel@tonic-gate { 222*0Sstevel@tonic-gate n=s->handshake_func(s); 223*0Sstevel@tonic-gate if (n < 0) return(n); 224*0Sstevel@tonic-gate if (n == 0) 225*0Sstevel@tonic-gate { 226*0Sstevel@tonic-gate SSLerr(SSL_F_SSL23_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE); 227*0Sstevel@tonic-gate return(-1); 228*0Sstevel@tonic-gate } 229*0Sstevel@tonic-gate return(SSL_write(s,buf,len)); 230*0Sstevel@tonic-gate } 231*0Sstevel@tonic-gate else 232*0Sstevel@tonic-gate { 233*0Sstevel@tonic-gate ssl_undefined_function(s); 234*0Sstevel@tonic-gate return(-1); 235*0Sstevel@tonic-gate } 236*0Sstevel@tonic-gate } 237